10th Sep, 2025 | Gaurav N.
Setting up a server involves more than simply launching an instance. A reliable and scalable server environment requires a well-structured approach to infrastructure, security, and configuration.
The following outlines best practices and key components involved in setting up an AWS EC2 server from the ground up:
IAM users can be created directly from the AWS console and assigned specific policies.
Organizing access through groups with attached policies simplifies permissions management and improves security.
Adhering to the principle of least privilege ensures that users have only the permissions necessary for their tasks, reducing security risks.
EC2 instances such as t2.small can be used for testing purposes, and connections are established using SSH.
Understanding different EC2 instance types helps in selecting the appropriate resources based on workload requirements.
Elastic IPs can be allocated and attached to instances to provide a static IP address, ensuring consistent connectivity even after instance restarts.
Creating a dedicated user instead of using default accounts helps in maintaining structured access control:
# Create a new user
sudo adduser deployuser
# Add user to sudo group
sudo usermod -aG sudo deployuser
# Switch to new user
su - deployuser
Secure SSH access can be set up by generating SSH keys and copying the public key to the server:
# Generate SSH key (local machine)
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# Copy public key to server
ssh-copy-id deployuser@your_server_ip
This setup helps in maintaining secure, auditable access.
Managing multiple repositories such as frontend and backend projects is more efficient with separate SSH keys for each.
# Generate new SSH key for backend
ssh-keygen -t rsa -b 4096 -C "backend-repo"
# Generate new SSH key for frontend
ssh-keygen -t rsa -b 4096 -C "frontend-repo"
The ~/.ssh/config file can be updated to define aliases for different repositories, making it easier to work with them:
Host github-backend
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_backend
Host github-frontend
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_frontend
This allows for cloning each repository with its respective alias:
git clone git@github-backend:username/backend.git
git clone git@github-frontend:username/frontend.git
Nginx can be installed and configured to manage multiple subdomains:
sudo apt update
sudo apt install nginx
Separate server blocks can be created for each subdomain to route traffic appropriately:
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Server blocks can be enabled by creating symbolic links:
sudo ln -s /etc/nginx/sites-available/api.example.com /etc/nginx/sites-enabled/
This configuration helps in maintaining clean separation between different services such as frontend and backend.
Encrypted communication can be enabled by installing Certbot and integrating it with Nginx:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d api.example.com -d app.example.com
SSL certificates ensure secure connections, which are essential for protecting sensitive data and improving user trust.
Applications like Flask, Django, or Node.js can be managed using Supervisor, which provides process monitoring and automatic restarts:
sudo apt install supervisor
sudo nano /etc/supervisor/conf.d/app.conf
Example configuration:
[program:myapp]
command=gunicorn app:app --bind 127.0.0.1:5000
directory=/home/deployuser/myapp
autostart=true
autorestart=true
stderr_logfile=/var/log/myapp.err.log
stdout_logfile=/var/log/myapp.out.log
Supervisor can be refreshed and restarted with the following commands:
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl restart myapp
This setup ensures that applications are continuously monitored, automatically restarted upon failure, and logged for debugging.
Setting up an EC2 server involves multiple layers that contribute to the overall reliability and scalability of applications. Important aspects include:
Structuring secure access through IAM users and groups
Managing multiple repositories with separate SSH keys
Mapping subdomains using Nginx for clean routing
Enabling secure communication with SSL certificates
Automating application management using Supervisor
Following these practices helps in laying a robust foundation for scalable, stable, and secure server environments.
These configurations are applicable across development and production setups, reinforcing the importance of understanding the infrastructure behind reliable applications.
Get insights on the latest trends in technology and industry, delivered straight to your inbox.
