Deploying a Linux website on Amazon EC2 requires proper SSH configuration and security group setup to ensure your server stays protected while remaining accessible. This guide is designed for developers, system administrators, and anyone looking to host their website on AWS with confidence.
Getting your website live on EC2 involves more than just launching an instance. You need to configure security groups that balance accessibility with protection, and set up SSH connections that keep unauthorized users out while giving you seamless access to manage your server.
We’ll walk through setting up your EC2 instance with the right security group rules that protect your web hosting environment without blocking legitimate traffic. You’ll also learn how to establish and optimize secure SSH connections, ensuring your server administration stays both convenient and bulletproof against common attack vectors.
By the end of this tutorial, you’ll have a properly secured Linux server ready to host your website, complete with industry-standard SSH security practices and firewall rules that protect your investment.
Set Up Your Amazon EC2 Instance for Web Hosting
Choose the Right Linux AMI for Your Website
Amazon Web Services offers several Linux AMI options for EC2 web hosting. Ubuntu Server 22.04 LTS provides excellent stability and long-term support for most websites. Amazon Linux 2023 delivers optimized performance specifically for AWS infrastructure. CentOS Stream works well for enterprise applications requiring Red Hat compatibility. Consider your application’s specific requirements, security needs, and your team’s Linux expertise when making this choice.
Select Optimal Instance Type for Performance
Choose your EC2 instance type based on expected traffic and resource requirements. t3.micro offers cost-effective hosting for small websites and development environments. t3.small handles moderate traffic loads with burstable performance capabilities. For high-traffic production sites, consider c5.large instances with dedicated CPU resources. Memory-intensive applications benefit from r5 instance families. Monitor your website’s performance metrics and scale vertically when needed for optimal user experience.
Configure Storage Options for Your Web Files
EC2 instances require properly configured storage for reliable website deployment. General Purpose SSD (gp3) volumes provide balanced performance and cost-effectiveness for most web applications. Configure at least 20GB root volume space for the operating system and basic web server components. Separate your web files, databases, and logs across different EBS volumes for better organization and backup strategies. Enable encryption for sensitive data protection.
Launch Your EC2 Instance Successfully
Navigate to the EC2 dashboard and click “Launch Instance” to begin your AWS server setup. Name your instance descriptively for easy identification. Select your chosen Linux AMI and instance type from previous steps. Create or select an existing key pair for secure SSH connection access. Configure network settings to use your default VPC. Review all settings carefully before launching. Your Linux website deployment foundation is now ready for security group configuration and SSH setup.
Configure Security Groups for Maximum Protection
Create Custom Security Group Rules for Web Traffic
Security groups act as virtual firewalls for your EC2 instance, controlling inbound and outbound traffic. Create a dedicated security group for your Linux website deployment by navigating to the EC2 dashboard and selecting “Security Groups” from the left panel. Click “Create security group” and provide a descriptive name like “WebServer-SG” with a clear description. This security group will serve as the foundation for your AWS server security configuration.
Set Up HTTP and HTTPS Access Permissions
Configure inbound rules to allow web traffic by adding HTTP (port 80) and HTTPS (port 443) access. Click “Add rule” and select “HTTP” from the dropdown, which automatically sets the port to 80. Set the source to “0.0.0.0/0” to allow global access. Repeat this process for HTTPS traffic on port 443. These rules enable visitors to access your website through standard web protocols while maintaining EC2 security group setup best practices.
Restrict SSH Access to Specific IP Addresses
Limit SSH access to your current IP address for enhanced security. Add an inbound rule for SSH (port 22) and set the source to “My IP” instead of allowing access from anywhere. This configuration protects your secure SSH connection EC2 setup from unauthorized access attempts. You can also specify multiple trusted IP addresses by adding separate rules or using CIDR notation for IP ranges. Always avoid setting SSH source to “0.0.0.0/0” in production environments.
Configure Outbound Traffic Rules for Updates
Most security groups allow all outbound traffic by default, which is necessary for system updates and package installations. Verify that your outbound rules include “All traffic” with destination “0.0.0.0/0” on port range “0-65535”. This enables your Linux server to download security patches, software updates, and dependencies required for your website deployment. If you need stricter control, create specific rules for HTTP (80), HTTPS (443), and DNS (53) traffic.
Test Security Group Configuration
Validate your security group settings by attempting to connect via SSH and accessing your website through a browser. Use the ssh -i your-key.pem ec2-user@your-instance-ip command to test SSH connectivity. If connection fails, check that your current IP address matches the allowed SSH source. Test web access by entering your instance’s public IP in a browser – you should see either a default web server page or connection attempt. Monitor the VPC Flow Logs to verify traffic patterns and identify any blocked connections that might indicate misconfigurations.
Establish Secure SSH Connection to Your Server
Generate and Download Your EC2 Key Pair
Creating a secure SSH connection to your EC2 instance starts with generating an RSA key pair during the instance launch process. When setting up your EC2 instance for Linux website deployment, AWS automatically prompts you to create or select an existing key pair. Choose “Create a new key pair” and give it a descriptive name like “my-website-key”. Download the .pem file immediately – AWS won’t provide another opportunity to download this private key. Store this file in a secure location on your local machine, as it’s your only way to access your EC2 instance via SSH.
Set Correct File Permissions for SSH Keys
Your downloaded SSH key requires specific file permissions to work with SSH clients. Open your terminal and navigate to the directory containing your .pem file. Run chmod 400 your-key-name.pem to set read-only permissions for the owner only. This security measure prevents unauthorized access to your private key and satisfies SSH client requirements. Without these correct permissions, most SSH clients will refuse to use the key file, displaying error messages about overly permissive file access. Linux and macOS systems are particularly strict about SSH key permissions for security reasons.
Connect to Your Instance Using SSH Client
Connect to your EC2 instance using the SSH command with your private key and instance details. The basic syntax is ssh -i /path/to/your-key.pem ec2-user@your-instance-public-ip. Replace “ec2-user” with the appropriate default username for your Linux distribution – Amazon Linux uses “ec2-user”, Ubuntu uses “ubuntu”, and CentOS uses “centos”. Find your instance’s public IP address in the EC2 console under the “Instances” section. Your first connection will prompt you to verify the server’s authenticity – type “yes” to continue. A successful connection establishes your secure SSH configuration AWS session, allowing you to manage your Linux server and deploy your website files.
Optimize SSH Security Configuration
Disable Root Login for Enhanced Security
Root access creates massive security vulnerabilities on your EC2 instance. Edit /etc/ssh/sshd_config and set PermitRootLogin no to block direct root connections. Create a sudo user instead: sudo adduser username then sudo usermod -aG sudo username. This approach forces attackers to compromise two accounts rather than gaining instant system control through root access.
Change Default SSH Port Number
Moving SSH away from port 22 dramatically reduces automated attacks targeting your AWS server security. Edit /etc/ssh/sshd_config and change Port 22 to something like Port 2222. Update your EC2 security group to allow the new port while removing port 22. Remember to test the connection before closing your current session to avoid lockouts.
Configure SSH Key-Based Authentication Only
Password authentication opens doors to brute force attacks on your Linux server SSH setup. Generate an SSH key pair using ssh-keygen -t rsa -b 4096 and copy the public key to your server with ssh-copy-id. Set PasswordAuthentication no and PubkeyAuthentication yes in /etc/ssh/sshd_config. This creates an unbreakable authentication method that stops password-based intrusions completely.
Set Up SSH Connection Timeout Settings
Idle SSH sessions create security holes that attackers can exploit. Configure automatic disconnection by setting ClientAliveInterval 300 and ClientAliveCountMax 2 in your SSH configuration. This setup sends keepalive messages every 5 minutes and disconnects after two failed responses. Add LoginGraceTime 60 to limit connection attempt time, preventing slow brute force attacks against your secure SSH connection EC2 setup.
Deploy and Configure Your Linux Website
Install Essential Web Server Software
Setting up your Amazon EC2 web hosting starts with installing Apache or Nginx web server. On Ubuntu, run sudo apt update && sudo apt install apache2 to get Apache running. For PHP support, add sudo apt install php libapache2-mod-php. Install MySQL with sudo apt install mysql-server for database functionality. Enable Apache to start automatically using sudo systemctl enable apache2. Test your installation by visiting your EC2 instance’s public IP address in a browser.
Upload Website Files to Your EC2 Instance
Transfer your Linux website deployment files using SCP or SFTP through your secure SSH connection EC2. Create a local backup first, then use scp -i your-key.pem -r /local/website/* ubuntu@your-ec2-ip:/var/www/html/ to upload files. Alternatively, use FileZilla with SFTP protocol for a graphical interface. For larger sites, consider using rsync for efficient transfers: rsync -avz -e "ssh -i your-key.pem" /local/website/ ubuntu@your-ec2-ip:/var/www/html/. Always verify file integrity after upload.
Set Proper File Permissions and Ownership
Configure correct permissions to secure your AWS server security setup. Change ownership to the web server user: sudo chown -R www-data:www-data /var/www/html/. Set directory permissions to 755: sudo find /var/www/html/ -type d -exec chmod 755 {} \;. Apply 644 permissions to files: sudo find /var/www/html/ -type f -exec chmod 644 {} \;. For writable directories like uploads, use 775 permissions. Never set 777 permissions as this creates serious security vulnerabilities on your EC2 instance setup.
Configure Virtual Hosts for Multiple Domains
Create virtual host configurations to host multiple domains on your AWS web hosting tutorial setup. Copy the default site configuration: sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/yourdomain.com.conf. Edit the new file to include your domain’s DocumentRoot and ServerName directives. Enable the site with sudo a2ensite yourdomain.com.conf and reload Apache using sudo systemctl reload apache2. This allows you to deploy website on EC2 with multiple domains efficiently while maintaining organized file structures.
Getting your Linux website up and running on Amazon EC2 doesn’t have to be overwhelming. We’ve walked through the essential steps – from setting up your EC2 instance and configuring security groups to establishing secure SSH connections and optimizing your server’s security settings. Each piece works together to create a solid foundation for hosting your website safely in the cloud.
The key is taking your time with the security configuration. Don’t rush through the SSH setup or skip the security group rules – these are what keep your website protected from unwanted visitors. Once you have everything configured properly, you’ll have a reliable, secure platform that can grow with your needs. Start with the basics we’ve covered here, and you’ll be serving your website to the world in no time.