Automating Nginx Installation on AWS EC2 Using Ansible

In this hands-on tutorial, I'll guide you through setting up Ansible to automate server configuration across two AWS EC2 instances.

Project Overview

We're creating an Ansible automation environment with:

• Control Host : Where Ansible runs from

• Managed Host : The server we'll configure automatically

• Goal: Install Nginx web server on the managed host using Ansible playbooks

Phase 1: AWS EC2 Instance Setup

Step 1: Launch EC2 Instances

We launched two Ubuntu 24.04 LTS instances from the AWS Management Console:

Key Configuration:

• Instance Type: t2.micro (Free Tier eligible)

• Key Pair: ansiblekeypair for SSH access

• Security Group: Initially only SSH (port 22) enabled

Step 2: Verify Instance Creation

Both instances are running successfully in the same Availability Zone (us-east-1c):

Instance Details:

• Control Host: i-0bd2f050bef9c5cf2 (Public IP: 34.228.17.72)

• Managed Host: i-0a9ab98e6ea56c083 (Public IP: 35.175.183.37)

Phase 2: Initial Server Configuration

Step 3: Access Both Servers via SSH

Initial SSH access shows the Ubuntu welcome screen:

Both servers are fresh Ubuntu 24.04.3 LTS installations.

Step 4: Create Ansible User on Both Servers

On each server, we created a dedicated ansible user with sudo privileges:

bash

sudo useradd -m -s /bin/bash ansible
sudo usermod -aG sudo ansible
sudo passwd ansible

Step 5: Switch to Ansible User

After creating the user, we switched to the ansible user on both servers:

bash

su - ansible

Phase 3: Ansible Installation on Control Host

Step 6: Update System and Install Dependencies

On the Control Host only:

bash

sudo apt update && sudo apt upgrade -y

Step 7: Install Software Properties and Ansible Repository

bash

sudo apt install -y software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible

Step 8: Install Ansible

bash

sudo apt install -y ansible

Step 9: Verify Ansible Installation

bash

ansible --version

Version: Ansible Core 2.19.4 successfully installed!

Phase 4: Passwordless SSH Setup

Step 10: Generate SSH Key Pair on Control Host

bash

ssh-keygen -t rsa -b 4096

Important: Accept all defaults (no passphrase for automation).

Step 11: Prepare SSH Directory on Managed Host

On the Managed Host as ansible user:

bash

mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chown -R ansible:ansible ~/.ssh

Step 12: Copy Public Key and Test Connection

1. Copy public key from Control Host: cat ~/.ssh/id_rsa.pub

   

2. Go back to your “ managed_host “ terminal (still as ansible), and open: “ vi ~/.ssh/authorized_keys ”

   Paste the public key you copied. Then:

   Press Ctrl + O to save

   Press Enter

   Press Ctrl + X to exit these Saving pattern is for Nano file for "vi" text files use :wq to exit.

   Double check it: cat ~/.ssh/authorized_keys

   

   

3. Set correct permissions on Managed Host:

bash

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R ansible:ansible ~/.ssh

4. Test passwordless SSH from Control Host:

Go back to Control Host (still as ansible) and run: ssh ansible@<managed-host private ip>

If it connects without asking for a password, passwordless SSH is working!

ssh ansible@172.31.19.4

Success! No password required for SSH access.

Phase 5: Ansible Configuration

Step 13: Create Ansible Inventory File

This file tells Ansible which machines to manage and how to reach them.

Note: If After you install Ansible on Control-Host and this Directory " /etc/ansible " Is not existing after you downloaded Ansible , you will create it Manually with commands: " sudo mkdir -p /etc/ansible "

Then Run this command : " sudo vi /etc/ansible/hosts "

What does this command do? it opens the Ansible inventory file located at /etc/ansible/hosts in the nano text editor with administrative privileges, allowing you to view or edit the list of managed servers (hosts) for Ansible automation tasks.

Paste this (replace with your managed_host public IP):

[web]

35.175.183.37 ansible_user=ansible

[web] is the group name (you can call it whatever you want)

The IP is your Work-Station

ansible_user=ansible tells Ansible to SSH into that machine using the ansible user

Then save and exit.

Step 14: Fix SSH Host Key Verification Issue

I encountered an issue when trying to connect, my first connection attempt failed due to SSH security prompt:

Problem: Ansible is non-interactive and can't answer SSH's "trust this host?" prompt.

Solution: We used ssh-keysca to pre-approve the server by fetching it’s SSH key and adding it to the known_hosts file before Ansible tried to connect.

bash

ssh-keyscan 35.175.183.37 >> ~/.ssh/known_hosts

Step 15: Test Ansible Connection

bash

ansible all -m ping

Green light! Ansible can now communicate with the managed host.

Phase 6: First Playbook - Install Git

Step 16: Create an Ansible Playbook to Install Git on “ managed_host “

Prerequisite: Ensure you have enabled pass-wordless sudo on the managed/workstation host

Run the command below on the managed host as the ansible user;

su - ansible

sudo visudo

Add the command below at the end of the file.

ansible ALL=(ALL) NOPASSWD:ALL

Save and exit

Step 17: Create Git Installation Playbook

On Control Host, create install_git.yml:

yaml

---
- name: Install Git on managed-host
  hosts: web
  become: yes
  tasks:
    - name: Ensure Git is installed
      apt:
        name: git
        state: present
        update_cache: yes

Step 18: Run Git Playbook

bash

ansible-playbook install_git.yml

Step 19: Verify Git Installation

SSH into Managed Host and check:

bash

git --version

Success! Git 2.43.0 is installed.

Phase 7: Nginx Installation Playbook

Step 20: Create Nginx Playbook

Create install_nginx.yml on Control Host:

yaml

---
- name: Install Nginx on managed-host
  hosts: web
  become: yes
  tasks:
    - name: Update APT cache
      apt:
        update_cache: yes

    - name: Install Nginx
      apt:
        name: nginx
        state: present

    - name: Ensure Nginx is running and enabled
      service:
        name: nginx
        state: started
        enabled: yes

Step 21: Run Nginx Playbook

bash

ansible-playbook install_nginx.yml

Step 22: Verify Nginx Installation on Managed Host

Check if Nginx is running:

bash

sudo systemctl status nginx

Active and running! But we still can't access it from the browser. If Nginx is installed successfully but you're seeing 'Site can’t be reached,' there are a few likely culprits.

Phase 8: Security Group Configuration

Step 23: Check Current Security Group Rules on AWS

The security group only allows SSH (port 22):

Step 24: Add HTTP (Port 80) Access

Edit inbound rules to add HTTP access:

Add rule:

• Type: HTTP

• Protocol: TCP

• Port Range: 80

• Source: 0.0.0.0/0 (allows public access)

Step 25: Verify Updated Rules

Security group now has both SSH and HTTP rules:

Phase 9: Testing and Verification

Step 26: Test Nginx Locally on Managed Host

bash

curl http://localhost

Success! Nginx welcome page HTML is served.

Step 27: Test Nginx in Browser

Open browser and navigate to: http://35.175.183.37

Perfect! The Nginx welcome page is accessible publicly.

Conclusion

You've successfully automated server setup from scratch using Ansible.

What you've achieved:

• Set up two AWS servers that talk to each other automatically

• Created playbooks that install software with just one command

• Fixed common issues like SSH keys and security groups

• Deployed a working Nginx web server without manual configuration

The big takeaway:
What used to be hours of manual work is now 5 minutes of automation. Run your playbook anytime to recreate this exact setup — no mistakes, no forgotten steps.

Final thought:
Every task you automate today saves you time tomorrow. Keep building, keep automating.

Happy coding! 👨💻👩💻