Introduction

In this guide, we will walk through setting up a static website on an AWS EC2 instance, protecting it behind a reverse proxy using HAProxy, and securing it with a trusted SSL certificate.

By the end, you will understand:

• The key concepts behind SSL, TLS, certificates, and proxies.
• How to deploy a website on EC2 using Nginx.
• How to configure HAProxy as a reverse proxy.
• How to secure your site with HTTPS using Let’s Encrypt certificates.
• How reverse proxies can enable load balancing for scalability.

Important Definitions

Before we dive into the commands, I would like to give brief definitions for key terms just so we are all familiarized with them. As you read through these, ask yourself if you have I encountered this in real life? Chances are you already have.

SSL & TLS

When you open a website and see a little lock 🔒 in the browser, what do you feel? Probably safe. That’s SSL/TLS at work.

• SSL (Secure Sockets Layer): The original encryption protocol for securing communication between client and server.
• TLS (Transport Layer Security): The modern, more secure version of SSL (when we say “SSL” today, we usually mean TLS).

Certificate Authority (CA)

A CA is a trusted organization that issues digital certificates, verifying the ownership of domains (e.g., Let’s Encrypt, DigiCert).

Self-Signed Certificates

• Created by you, not a CA.
• Useful for internal testing, but browsers won’t trust them by default.

Trusted Certificates