OK, thank you. Nginx does seem like it’s the way to go since that will be outside my node installation and can be run as root, unlike my damn nvm node installation 
This also reminds me I need to set my server’s hostname to my domain to avoid SSL errors. Previously I was just using the default ec2 IP-based hostname, and just recently pointed a new domain to the server IP for SSL reasons.