Getting Custom Domain for EC2 Web App - Part 2
In this post, I’ll cover how to better customize some settings so to get your own custom domain for your EC2 instance. Say,
app.example.com. Anyone interested in customizing an EC2 instance can use this - not just those who build R Shiny apps. I assume you already read part 1, where it was described how to launch an R Shiny app on EC2. I assume you already have some EC2 instance running with some useful app. First I’ll cover how to set up your custom domain. Then I’ll dive into some security thoughts that I skipped in the first post.
Adding Custom Domain
I assume you already have a domain name. If you don’t, read this footnote1.
- I assume your EC2 instance is running,
- Log into AWS and go to https://console.aws.amazon.com/route53/.
- Go to “hosted zones”.
- Click “create hosted zone”.
- In Domain name, enter just your domain
- Click “Create”.
- The hosted zone (which now has your name
example.com) will have auto-populated record sets. Keep those, but ignore them. Click “Create Record Set”.
- Follow instructions in official AWS steps. Basically, 1) just supply the subdomain in
app.example.com. I assume this is what you want (you could also do
www). But if
wwwis already being used, then
app.might be cool. 2) copy your EC2’s Public IPv4 address (just the numbers, not the whole
- Once you create, you’re done on AWS. Go to where your domain registrar (godaddy, dot.tk).
- Find where to edit your DNS (sometimes called DNS records.)
- For Host, add
Type A. Target: the ec2’s IPv4 address.
- You’re done!
See my shiny app live:
- Shiny Server Landing Page: http://www.shinyapps.ml/
- My Geyser App: http://www.shinyapps.ml/
- Sample Hello Shiny: http://www.shinyapps.ml/sample-apps/hello/
- Sample Shiny Doc: http://www.shinyapps.ml/sample-apps/rmd/
If it’s not longer live by the time you read this (e.g., my EC2 instance died), here’s proof I had it live at one point.
And your reaction might be
wait, that's at www.shinyapps.ml, not app.shinyapps.ml. Nice catch. And well, the first time I did this post, I did it with
app. Then I forgot to screen shot it. Then I got distracted and I wanted to see if I could get a free URL using dot.tk. And so the second time I just did
www.. And now I’m too lazy to go back and try
app.shinyapps.ml and re-do my screenshots. Is anyone even still listening at this point?…If not, I wrote this for myself anway. But really, it’s the same instructions for
www. as for
app. Now for a conversation about security.
Launching EC2 with Better Security
When I did part 1 I got some mean warnings about security groups when I followed step 1 in setting up my EC2 instance. I don’t like doomsday warnings that hackers will attack me, especially since cybersecurity isn’t my strong suit. So I did some digging, and here’s another approach you could take.
You might see some warnings about people being able to access your ec2 instance.
Warning. If you use 0.0.0.0/0, you enable all IPv4 addresses to access your instance using SSH. If you use ::/0, you enable all IPv6 address to access your instance. This is acceptable for a short time in a test environment, but it’s unsafe for production environments. In production, you authorize only a specific IP address or range of addresses to access your instance. AWS documentaiton
So how do you allow access to the outside world? This AWS tutorial answers the questions I host a website on an EC2 instance. How do I allow my users to connect on HTTP (80) or HTTPS (443)?.
I’m no security expert, but based on the above, here’s what I’ve done for my security group:
- Enabled SSH via My IP.
- Enabled HTTP with port 80, HTTPS with port 443.
- Change your Docker command from
-p 80:3838, where the first number is the host port, and the second is the Docker container port. (
rocker/shinyexposes port 3838. And the
shiny-server.conffile used by shiny server defaults to 3838. Upload your own shiny-server.conf file if you want to change the default from 3838 to 80.)
docker run --rm -p 80:3838 -v $PWD/app:/srv/shiny-server/app -v $PWD/log/shinylog/:/var/log/shiny-server/ rocker/shiny
Then, when your users go to your URL, the browser will hide 80 by default.
- If you’re feeling risky, perhaps find a free one at http://www.dot.tk. I do not endorse this site, as I’ve seen some terrible reviews, but it does let you register domains for free. And it worked for this post. Just be sure to sign in with your junk email and not use any personal information. [return]