Hosting a Static Website on an Amazon Lightsail Instance

Last updated: October 26, 2019

Amazon Lightsail offers more than 10 images (blueprints) with ready to run popular software. If you want to host a static website on Amazon Lightsail, you may choose the image with the pre-installed Nginx web server, PHP, and MySQL. This certified by Bitnami Ubuntu-based installation also supports the auto-configuration of free Let’s Encrypt SSL certificates.

If the images with ready to run software is overkill for your use case, or if you want to use a different Linux distribution, you can create a Lightsail instance with an OS of your choice and install the required software yourself.

This blog post describes the Nginx configuration tasks that you may want to do on a Lightsail instance that runs the Amazon Machine Image (AMI) Amazon Linux 2018.03.0. This post also covers the Nginx web server performance topic.

How to Install the Nginx Web Server on Amazon Linux

Nginx is a high-performance web server that powers hundreds of millions of websites in the world. It can handle thousands of simultaneous connections without consuming a lot of system memory. Even when Nginx runs on the cheapest Lightsail instance with 1 vCPU and 512 MB system memory, it can efficiently serve static content.

Installation and configuration of the Nginx web server on a Lightsail instance that runs the Amazon Linux AMI may include, but is not limited to, the following steps:

1. (Optional) Configure your Lightsail instance that runs Amazon Linux.
2. Install the Nginx RPM package.

   yum install -y nginx
   

3. (Optional) If in Step 1 you enabled SELinux on your Lightsail instance, you may also want to set SELinux contexts for the Nginx folders and files.

   semanage fcontext -a -t httpd_config_t '/etc/nginx(/.*)?'
   semanage fcontext -a -t httpd_var_run_t '/var/run/nginx.*'
   semanage fcontext -a -t httpd_var_lib_t '/var/lib/nginx(/.*)?'
   semanage fcontext -a -t httpd_log_t '/var/log/nginx(/.*)?'
   semanage fcontext -a -t httpd_sys_content_t '/usr/share/nginx/html(/.*)?'
   semanage fcontext -a -t httpd_exec_t '/usr/sbin/nginx'
   semanage fcontext -a -t httpd_initrc_exec_t '/etc/rc\.d/init\.d/nginx'  
   restorecon -R -v /etc/nginx /var/run/nginx.* /var/lib/nginx /var/log/nginx \
   /usr/share/nginx/html /usr/sbin/nginx /etc/rc.d/init.d/nginx
   

   • Configuration of SELinux contexts for Nginx exists by default on the latest RedHat, CentOS, or Fedora Linux distributions. On Amazon Linux 2018.03.0 it does not exist by default, so you need to add it yourself.
4. Store your SSL certificate and CA bundle at /etc/pki/nginx/server.crt. Then, store the private key at /etc/pki/nginx/private/server.key.
   • You can deploy on your Lightsail instance an auto-configuration script for a free Let’s Encrypt SSL certificate, or buy a basic SSL certificate that covers the www and non-www versions of your site and costs nowadays less than 10 USD per year.
5. Configure the Nginx web server.
   For a simple static website, you may only need to make changes in the main configuration file /etc/nginx/nginx.conf.
   1. (Optional) Add the catch-all server block.
      You need to add the catch-all server block to the Nginx configuration if you want to avoid that your web server processes requests with nonmatching server names.

      server {
          listen       80 default_server;
          listen       443 ssl http2 default_server;
          server_name  _;
          ssl_certificate "/etc/pki/nginx/server.crt";
          ssl_certificate_key "/etc/pki/nginx/private/server.key";
          return       403;
      }
      

   2. Redirect all HTTP requests to HTTPS.

      server {
          listen       80;
          server_name  example.com;
          return       301 https://example.com$request_uri;
      }
      

   3. Configure the HTTPS server.

      server {
          listen       443 ssl http2;
          server_name  example.com;
          ssl_certificate "/etc/pki/nginx/server.crt";
          ssl_certificate_key "/etc/pki/nginx/private/server.key";
          ...
      }
      

   4. Enable gzip compression of responses to reduce the size of transmitted data.
      For example, to compress text/html, text/css, and text/js file types, add the following block to your Nginx configuration:

      gzip on;
      gzip_disable "msie6";
      gzip_vary on;
      gzip_min_length 512;
      gzip_comp_level 5;
      gzip_proxied no-cache no-store private expired auth;
      gzip_types
      text/css
      text/js;
      # Nginx compresses responses with MIME type text/html by default
      

      • You can configure Nginx to compress the same file types that Amazon CloudFront compresses.
6. Enable Nginx at boot time.

   chkconfig nginx on
   

Appendix A, Performance of Nginx That Runs on a Lightsail Instance and Serves Static Content

Nginx, Version 1.16.1 built with OpenSSL 1.0.2k-fips was used to serve a static file of size 100KB.
The Nginx web server was running on the cheapest Lightsail instance that has 1 vCPU, and 512 MB system memory.

ApacheBench, Version 2.3 was used to send SSL/TLS requests to the Nginx web server. ApacheBench was running on a t3.medium EC2 instance in the same AWS region as the Lightsail instance.

For benchmarking the Nginx web server, 5000 requests with concurrency 1, 10, 50, and 100 were sent as follows:

ab -c   1 -n 5000 -H 'Accept-Encoding: gzip' https://example.com/100KB.html
ab -c  10 -n 5000 -H 'Accept-Encoding: gzip' https://example.com/100KB.html
ab -c  50 -n 5000 -H 'Accept-Encoding: gzip' https://example.com/100KB.html
ab -c 100 -n 5000 -H 'Accept-Encoding: gzip' https://example.com/100KB.html

The following encryption parameters were in use:

• SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES256-GCM-SHA384,2048,256
• Server Temp Key: ECDH P-256 256 bits

The table below shows the peak performance (up to 100% CPU utilization) of the Nginx web server for varying concurrency values.

Lightsail instances are burstable performance instances. They can not provide 100% of vCPU performance for a long time.

The cheapest Lightsail instance has baseline vCPU performance equal to approximately 5%. It can burst above this baseline level only when CPU credits are available.

CPU credits are accrued in the CPU credit balance when the instance uses less CPU resources than required for baseline performance. The maximum number of CPU credits that can be accrued by the cheapest Lightsail instance is approximately 72, which is equal to vCPU running at 100% utilization for 72 minutes or, for example, at 50% utilization for 144 minutes.

The table below shows the performance of the Nginx web server when the Lightsail instance has no CPU credits, and, thus, vCPU performance is throttled to 5%.

The results of the tests show that the performance of the Nginx web server that runs even on the cheapest Lightsail instance and serves static content is more than enough for a small website or a personal blog. Also, such setup can easily manage occasional spikes of high-intensity CPU activity and traffic load.