# How to Configure HTTPS for Anything LLM AWS private deployment
Instructions for manual https configuration after generating and running the aws cloudformation template (aws_build_from_source_no_credentials.json). Tested on following browsers: Firefox version 119, Chrome version 118, Edge 118.
**Requirements**
- Successful deployment of Amazon Linux 2023 EC2 instance with Docker container running Anything LLM
- Admin priv to configure Elastic IP for EC2 instance via AWS Management Console UI
- Admin priv to configure DNS services (i.e. AWS Route 53) via AWS Management Console UI
- Admin priv to configure EC2 Security Group rules via AWS Management Console UI
## Step 1: Allocate and assign Elastic IP Address to your deployed EC2 instance
1. Follow AWS instructions on allocating EIP here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#using-instance-addressing-eips-allocating
2. Follow AWS instructions on assigning EIP to EC2 instance here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#using-instance-addressing-eips-associating
## Step 2: Configure DNS A record to resolve to the previously assigned EC2 instance via EIP
These instructions assume that you already have a top-level domain configured and are using a subdomain
to access AnythingLLM.
1. Follow AWS instructions on routing traffic to EC2 instance here: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-ec2-instance.html
## Step 3: Install and enable nginx
These instructions are for CLI configuration and assume you are logged in to EC2 instance as the ec2-user.
## Step 5: Configure temporary Inbound Traffic Rule for Security Group to certbot DNS verification
1. Follow AWS instructions on creating inbound rule (http port 80 0.0.0.0/0) for EC2 security group here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#adding-security-group-rule
## Step 6: Comment out default http NGINX proxy configuration
These instructions are for CLI configuration and assume you are logged in to EC2 instance as the ec2-user.
1. $sudo vi /etc/nginx/nginx.conf
2. In the nginx.conf file, comment out the default server block configuration for http/port 80. It should look something like the following:
# server {
# listen 80;
# listen [::]:80;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /404.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
3. Enter ':wq' to save the changes to the nginx default config
## Step 7: Create simple http proxy configuration for AnythingLLM
These instructions are for CLI configuration and assume you are logged in to EC2 instance as the ec2-user.
1. $sudo vi /etc/nginx/conf.d/anything.conf
2. Add the following configuration ensuring that you add your FQDN:.
Your should see a completely updated configuration that includes https/443 and a redirect configuration for http/80.
2. Navigate to https://FQDN in a browser and you should be proxied to the AnythingLLM web UI.
## Step 11: (Optional) Remove temporary Inbound Traffic Rule for Security Group to certbot DNS verification
1. Follow AWS instructions on deleting inbound rule (http port 80 0.0.0.0/0) for EC2 security group here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#deleting-security-group-rule