Setup an apache server securely
- install apache
- change some configs
- create a new user with no password
- Create an ssh key
- Login with ssh
- create an apache_public directory
- Create an apache_conf directory
- edit
/etc/apache2/apache2.conf
to load from the user's apache_conf directory - Setup umask
- https://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
- set umask to
umask 007
in/etc/profile
- This allows user & group to read & write files
- user & group can read + write + execute directories
- world can do nothing!
- Set sticky bits
-
sudo chmog g+s /home/user/apache_web/
- Must be allowed on the file system
-
- Setup a mail server: https://www.rosehosting.com/blog/set-up-a-mail-server-with-postfixadmin-on-debian-9/
- Install PHP
- Install mysql/mariadb
- setup dns
- setup vhost files
- setup ssl with certbot
A full tutorial: https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/