Taeluf.com

Setup an apache server securely

  1. install apache
  2. change some configs
  3. create a new user with no password
  4. Create an ssh key
  5. Login with ssh
  6. create an apache_public directory
  7. Create an apache_conf directory
  8. edit /etc/apache2/apache2.conf to load from the user's apache_conf directory
  9. Setup umask
    • https://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
    • set umask to umask 007 in /etc/profile
      • This allows user & group to read & write files
      • user & group can read + write + execute directories
      • world can do nothing!
  10. Set sticky bits
    • sudo chmog g+s /home/user/apache_web/
    • Must be allowed on the file system
  11. Setup a mail server: https://www.rosehosting.com/blog/set-up-a-mail-server-with-postfixadmin-on-debian-9/
  12. Install PHP
  13. Install mysql/mariadb
  14. setup dns
  15. setup vhost files
  16. setup ssl with certbot

A full tutorial: https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/