NGINX Documentation

Creating and Configuring Amazon EC2 Instances for NGINX Open Source and NGINX Plus

These instructions explain how to create instances in the Amazon Elastic Compute Cloud (EC2) environment, install NGINX Open Source (OSS) and NGINX Plus, and configure AWS features for solutions based on NGINX OSS and NGINX Plus.

For NGINX Plus, a faster alternative is to purchase a prebuilt Amazon Machine Image (AMI) in the AWS Marketplace. Several operating systems are available, including Amazon Linux, Red Hat Enterprise Linux, and Ubuntu. For instructions, see Installing NGINX Plus AMIs on Amazon EC2.

Prerequisites

These instructions assume you have the following:

  • An AWS account.
  • An NGINX Plus subscription, either paid or a 30‑day free trial, if you plan to install NGINX Plus.
  • root privilege on the hosts where NGINX OSS and NGINX Plus are to be installed. If appropriate for your environment, prefix commands with the sudo command.
  • Basic Linux system administration skills, including installation of Linux software from vendor‑supplied packages, and file creation and editing. Full instructions are not provided for these tasks.

Creating Amazon EC2 Instances

  1. Log into the EC2 dashboard in the AWS Management Console (https://console.aws.amazon.com/ec2/).

  2. In the left navigation bar, select Instances, then click the  Launch Instance  button.

  3. In the Step 1: Choose an Amazon Machine Image (AMI) window, click the  Select  button for the Linux distribution of your choice.

  4. In the Step 2: Choose an Instance Type window, click the radio button for the appropriate instance type. In the screenshot, we are selecting a t2.micro instance, which is normally selected by default and is sufficient for demo purposes.

    Note: At the time of publication of this guide, AWS gives you 750 hours of free usage per month with this instance type during the first year of your AWS account. Keep in mind, however, that if they run 24 hours a day, the sets of instances specified in the NGINX deployment guides use up the 750 hours in just a few days (just over 5 days for 6 instances, and just under 4 days for 8 instances).

    Click the  Next: Configure Instance Details  button to continue to the next step.

  5. In the Step 3: Configure Instance Details window, select the default subnet for your VPC in the Subnet field, then click the  Next: Add Storage  button.

  6. In the Step 4: Add Storage window, leave the defaults unchanged. Click the  Next: Add Tags  button.

  7. In the Step 5: Add Tags window, click the  Add Tag  button. Type Name in the Key field, and in the Value field type the instance name (the screenshot shows the result). This name is what will appear in the Name column of the summary table on the Instances tab of the EC2 dashboard (see the screenshot in Step 12, which shows one instance).

    If you are following these instructions as directed by an NGINX deployment guide, the Creating EC2 Instances and Installing the NGINX Software section of the deployment guide specifies the instance names to use.

    Click the  Next: Configure Security Group  button to continue to the next step.

  8. In the Step 6: Configure Security Group window, select or enter the following values in the indicated fields:

    • Assign a security group
      • If you are setting up a deployment with multiple instances (one in an NGINX deployment guide, for instance), and this is the first instance you are creating, select Create a new security group.
      • For subsequent instances, select Select an existing security group instead (it makes sense for all instances in a deployment to use the same security group).
    • Security group name – Name of the group. If you are following these instructions as directed by an NGINX deployment guide, the Prerequisites and Required AWS Configuration section of the deployment guide specifies the group name to use.
    • Description – Description of the group; the group name is often used.

  9. In the table, modify the default rule for SSH connections, if necessary, by selecting or setting the following values. They allow inbound SSH connections from all sources (any IP address):

    • TypeSSH
    • ProtocolTCP
    • Port Range22
    • SourceCustom 0.0.0.0/0
    • DescriptionAccept SSH connections from all sources
  10. Create a rule that allows inbound HTTP connections from all sources, by clicking the  Add Rule  button and selecting or setting the following values in the new row:

    • TypeHTTP
    • ProtocolTCP
    • Port Range80
    • SourceCustom 0.0.0.0/0
    • DescriptionAccept unencrypted HTTP connections from all sources

    If appropriate, repeat this step to create a rule for HTTPS traffic.

    When you’ve created all desired rules, click the  Review and Launch  button.

  11. In the Step 7: Review Instance Launch window, verify the settings are correct. If so, click the  Launch  button in the lower‑right corner of the window. To change settings, click the  Previous  button to go back to earlier windows.

  12. When you click the  Launch  button, a window pops up asking you to select an existing key pair or create a new key pair. Take the appropriate action for your use case, then click the  Launch Instances  button.

    Note: It’s a best practice – and essential in a production environment – to create a separate key for each EC2 instance, so that if a key is compromised only the single associated instance becomes vulnerable.

    Screen of 'Select an existing key pair or create a new key pair' window during creation of Amazon EC2 instance

    A Launch Status window pops up to confirm that your launch is underway. To confirm the details of your instance when the launch completes, click the  View Instances  button on that page.

    The instances you have created so far are listed on the Instances dashboard. The following screenshot shows a single instance.

  13. Finalize your security group rules. You need to do this only for the first instance in a given set, because all instances in a set can use the same security group.

    • In the left navigation bar, select Security Groups.

    • Select the security group by clicking its radio button in the leftmost column of the table. A panel opens in the lower part of the window displaying details about the group.

    • Open the Inbound tab and verify that the rules you created in Steps 9 and 10 are listed.

    • Open the Outbound tab and click the  Edit  button to create a rule for outbound traffic. The set of rules depends on which ports you have used for traffic handled by the NGINX Plus instances:

      • If, for example, you have used port 80 both for client traffic and for health checks from a load balancer (for example AWS Network Load Balancer), you need only one rule.
      • If you have configured separate ports for different purposes, or ports other than 80 (such as 443 for HTTPS), make the appropriate adjustments.

      In the Destination field, type the security group’s ID, which appears in the Group ID column in the upper table (here it’s sg-3bdbf55d).

Connecting to an EC2 Instance

To complete the instructions for installing and NGINX and NGINX Plus in other sections of this guide, you need to open a terminal window for each EC2 instance and connect to it over SSH.

  1. Navigate to the Instances tab on the EC2 Dashboard if you are not there already.

  2. Click the row for an instance to select it. In the screenshot instance2 is selected.

  3. Click the  Connect  button above the list of instances. The Connect To Your Instance window pops up.

  4. Follow the instructions in the pop‑up window, which are customized for the selected instance (here instance2) to provide the name of the key file in the steps and in the sample ssh command.

    Screenshot of 'Connect To Your Instance' pop-up window for Amazon EC2 instance

Installing NGINX Open Source on an EC2 Instance

The instructions in this section show how to install NGINX OSS from the official binary distribution at nginx.org. If you prefer to install the binary from another repository, or one you have built yourself, make the appropriate substitutions.

You can also automate the installation as described in Automating Installation with a Configuration Manager.

Note: Some commands require root privilege. If appropriate for your environment, prefix commands with the sudo command.

  1. Connect to the instance.

  2. Follow the installation instructions in the NGINX Plus Admin Guide for your operating system.

    As an example, these instructions are for an instance running on Ubuntu 16.04 LTS (codename “xenial”):

    • Download the NGINX signing key:

      $ wget http://nginx.org/key/nginx_signing.key
      
    • Change directory to /etc/apt:

      $ cd /etc/apt
      
    • Open the sources.list file in your preferred text editor and add the following at the end.

      deb http://nginx.org/packages/ubuntu xenial nginx
      deb-src http://nginx.org/packages/ubuntu xenial nginx
      
    • Update the package repositories information and install NGINX Open Source:

      $ apt update && apt install -y nginx
      
  3. To verify that NGINX Plus is installed, run this command:

    $ nginx -v
    

Installing NGINX Plus on an EC2 Instance

The instructions in this section show how to install NGINX Plus. If you don’t already have NGINX Plus, sign up for a 30‑day free trial.

You can also automate the installation as described in Automating Installation with a Configuration Manager.

Note: Some commands require root privilege. If appropriate for your environment, prefix commands with the sudo command.

  1. Connect to the instance.

  2. NGINX, Inc. provides a key and certificate (the nginx-repo.key and nginx-repo.crt files) for your NGINX Plus subscription or trial.

  3. Follow the instructions included with the subscription email or see the NGINX Plus Admin Guide.

    As an example, these instructions are for an instance running on Amazon Linux:

    • Create the /etc/ssl/nginx directory:

      $ sudo mkdir /etc/ssl/nginx
      $ cd /etc/ssl/nginx
      
    • Copy the nginx-repo.key and nginx-repo.crt files provided by NGINX, Inc. to the /etc/ssl/nginx/ directory:

      $ sudo cp nginx-repo.crt /etc/ssl/nginx/
      $ sudo cp nginx-repo.key /etc/ssl/nginx/
      
    • Install the required ca-certificates dependency:

      $ sudo yum install ca-certificates
      
    • Download the nginx-plus-repo file and copy it to the /etc/yum.repos.d/ directory.

      $ sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon.repo
      
  4. To verify that NGINX Plus is installed, run this command:

    $ nginx -v
    

Automating Installation with a Configuration Manager

You can automate the installation of NGINX OSS and NGINX Plus. Instructions for Ansible are provided below. For Chef and Puppet, see these articles on the NGINX, Inc. blog:

Automating Installation with Ansible

NGINX, Inc. publishes a unified Ansible role for NGINX OSS and NGINX Plus on Ansible Galaxy and GitHub. Perform these steps to install and run it.

  1. Connect to the EC2 instance.

  2. Install Ansible. These commands are appropriate for Debian and Ubuntu systems:

    $ apt update
    $ apt install python-pip -y
    $ pip install ansible
    
  3. Install the official Ansible role from NGINX, Inc.:

    $ ansible-galaxy install nginxinc.nginx
    
  4. (NGINX Plus only) Copy the nginx-repo.key and nginx-repo.crt files provided by NGINX, Inc. to ~/.ssh/ngx-certs/.

  5. Create a file called playbook.yml with the following contents:

    ---
    - hosts: localhost
      become: true
      roles:
        - role: nginxinc.nginx
    
  6. Run the playbook:

    $ ansible-playbook playbook.yml
    

Optional: Creating an NGINX Open Source AMI

To streamline the process of installing NGINX OSS on multiple instances, you can create an AMI from an existing NGINX OSS instance, and spin up additional instances of the AMI when needed.

  1. Follow the instructions in Creating Amazon EC2 Instances and Installing NGINX Open Source to create an NGINX OSS instance, if you have not already.

  2. Navigate to the Instances tab on the Amazon EC2 Dashboard.

  3. Select the base instance by clicking its row in the table. In the screenshot, instance2 is selected.

  4. Click the  Actions  button and select Image > Create Image.

  5. In the window that pops up, fill in the Image name and (optionally) Image description fields, then click the  Create image   button.

    screenshot of 'Create Image' pop-up window for creating base AMI in Amazon EC2

    A Create Image window pops up to confirm that the image‑creation request was received. To verify that the image was created, navigate to the AMIs tab.

Revision History

  • Version 1 (April 2018) – Initial version (NGINX Plus Release 14)