Setting Up and Securing Apache Web Server
Deploying a web server involves several steps, from installing the server software to securing it and enabling SSL for secure connections. This guide will walk you through the process of setting up an Apache web server on a Linux system, configuring it, and securing it with SSL certificates from Let’s Encrypt using Certbot.
1. Update and Upgrade the System
Before installing any new software, it’s crucial to ensure your system is up to date. Open your terminal and run the following commands:
sudo apt-get update && sudo apt-get upgradeThese commands will fetch the latest package lists and install any available upgrades, ensuring your system has the latest security patches and features.
2. Install Apache
Install the Apache web server.
sudo apt-get install apache23. Start Apache Service
Once Apache is installed, you need to start the service to begin serving web pages:
sudo systemctl start apache24. Enable Apache Service
To ensure Apache starts automatically on system boot, enable the service:
sudo systemctl enable apache25. Check Apache Status
Verify that Apache is running correctly with:
sudo systemctl status apache2
you should see an output indicating that Apache is active and running. If there are any issues, this status check can provide valuable information for troubleshooting.
6. Allow Apache through UFW
Allow Apache through the firewall.
sudo ufw allow 'Apache'
sudo ufw enable
sudo ufw status
7. Testing Apache Web Server
The best way to test the Apache service is requesting a page from Apache. For this we need IP address. Get the IP address by executing this command
ip addr
If you see the Apache Ubuntu default welcome web page, it indicates a successful web server installation.
8. Configure Apache
Next, configure Apache to serve your web pages. Open the Apache configuration file.
sudo nano /etc/apache2/apache2.confAdd the following block to disable the directory listing:
<Directory /var/www/>
Options -Indexes
</Directory>Save and close the file by pressing Ctrl + X, then Y, and Enter.
Next, we need to hide the Apache Version and OS information for security purposes.
sudo nano /etc/apache2/conf-available/security.confchange ServerTokens to Prod and ServerSignature to Off
9. Install Apache Security Module
To enhance your server’s security, install the mod_security module. This module helps protect your server from various web attacks. Install it using:
sudo apt-get install libapache2-mod-security210. Enable Security Module
After installation, enable the mod_security module with:
sudo a2enmod security211. Restart Apache Service
Restart Apache to apply changes.
sudo systemctl restart apache212. Install Certbot for SSL
To enable SSL and secure your website, install Certbot and the Certbot Apache plugin
sudo apt-get install certbot python3-certbot-apache13. Obtain SSL Certificate
Use Certbot to obtain and install an SSL certificate for your domain. Run the following command and follow the prompts:
sudo certbot --apacheFollow the prompts to:
- Select your domain.
- Provide an email address for urgent renewal and security notices.
- Agree to the terms of service.
Certbot will automatically configure Apache to use the obtained SSL certificate.
14. Monitor Apache Logs
Finally, it’s important to monitor your Apache server logs to ensure everything is running smoothly and to diagnose any issues that arise. Use the following commands to view the access and error logs:
sudo tail -f /var/log/apache2/access.log
sudo tail -f /var/log/apache2/error.logConclusion
By following these steps, you can successfully deploy an Apache web server, configure it to serve web pages, secure it with mod_security, and enable SSL using Certbot. This setup ensures that your server is secure and capable of serving content over encrypted connections
