Advertisement

Setting Up A Secure Web Server On Ubuntu

For most people, a shared web hosting solution is more than enough to start a simple website or blog. However, some require a Virtual Private Server in order to manage all aspects of their website, and setting up these servers is no easy task.

In this tutorial, you will learn to master three simple tasks:

Setting Up Apache

The first part of setting up your own web server is actually installing the files for said web server. For this tutorial, we'll be using Apache, running on Ubuntu 16.04. But, before we can do anything, we need to login to your VPS using SSH.

If you're using macOS or Linux, your built-in terminal can do this without any third-party software. If you're using Windows, go download a third-party software such as PuTTY. Then, connect to your VPS using the following command.


ssh [email protected]_ip_address


Of course, your_ip_address should be replaced with the IP address of your VPS. You'll be asked to enter your password, so do so when prompted.

Next, you'll want to update all of your sources and update any existing packages. Depending on the amount of updates that need to be completed, this could take a while.


apt-get update && apt-get upgrade


Make sure to press Y when prompted. Once that's done, you're ready to install Apache. This too can be done with just one command, and just like before, you'll be asked to press Y.


apt-get install apache2


When that's finished, you'll be back at your shell prompt. And just like that, you have a web server running on your very own VPS!

Configuring Let's Encrypt

Now that you have Apache up and running, the next thing you want to do is secure your website with your very own SSL certificate. Thanks to Let's Encrypt, you can obtain your very own certificate completely free of charge.

In order to start this process, we'll need to install git. This can be done the same way we installed Apache.


apt-get install git


When that installation is finished, you're ready to move on to the next step — copying the Let's Encrypt files onto your server for use.


git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt


Now, you're focused inside the letsencrypt directory, where you can run the one command that will make everything suddenly work.

Note: this will not work properly if you do not have a domain which is already pointed to your VPS using A records. If you wish to secure the WWW-prefixed version of your website as well, create a second A record for www.


./letsencrypt-auto --apache --renew-by-default -d domain.com -d www.domain.com


Be sure to replace domain.com and www.domain.com with your actual domain name.

You'll be asked to enter your email address. Make sure it's the right one, because it will be the only way you'll receive alerts when your certificate is nearing expiration.

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):

Answer A here, then continue to the next question, which you should enter N to.

If your domain is pointed properly, you'll see the following message.

Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

You should enter 2. Then you'll see another message.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

If you plan on following the rest of the tutorial, you should enter 1. However, if you're content with redirecting to HTTPS and nothing else, you can enter 2.

Congratulations! You now have a secure website which can be accessed over HTTPS/SSL.

Allowing The Use Of .htaccess Files

Now that you have a secured website, you may feel tempted to redirect your visitors to HTTPS or from WWW to non-WWW (or something like that).

However, you can't do so without the use of .htaccess files, which, by default, are disallowed by Apache. So, you'll need to edit your apache2.conf file in order to allow access.


cd && cd /etc/apache2 && nano apache2.conf


You'll need to scroll down to find a part of the file that matches what's shown below.


<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>
<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>
<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>


You just need to change the first and third AllowOverride None lines to AllowOverride All, like so.


<Directory />
        Options FollowSymLinks
        AllowOverride All
        Require all denied
</Directory>
<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>
<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>


Then, press Ctl+O and Enter, and Ctl+X to save and exit the file.

Since .htaccess files are used to redirect your website and its content, you'll need to enable Apache mod_rewrite, which can be done with one simple command.


a2enmod rewrite && apachectl restart


Finally, all you need to do now is create your .htaccess file, which will be located in your web server's root directory (where all of your website files need to be stored).

To do so, simply run the following command. When you're ready to save and exit, simply press Ctl+O, Enter, and Ctl+X.


cd && cd /var/www/html && nano .htaccess


Conclusion

This tutorial showed you how to install Apache, configure Let's Encrypt, and allow the use of .htaccess files. Despite that, this tutorial is quite basic, and is recommended for beginners. If you're an advanced user with time to kill and risks to take, I recommend trying out your own commands and command combinations and deciding what's best for you and your website.

If you want to do all of this with one command, just copy and paste the following command into your SSH client (and follow the steps which require user input, of course).


apt-get update && apt-get upgrade && apt-get install apache2 && apt-get install git && git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt && ./letsencrypt-auto --apache --renew-by-default -d domain.com -d www.domain.com && cd && cd /etc/apache2 && nano apache2.conf && a2enmod rewrite && apachectl restart && cd && cd /var/www/html && nano .htaccess


Of course, thank you for reading, and be sure to look out for other tutorials coming soon!

Author sulliops