Setup an Apache2 Server

Prerequisites

Ubuntu Server installed
Router Access for the Network
sudo Permission for Device
Domain or Sub-Domain with 2 A records that point the Domain to the Ubuntu Server:
- A: www.your_domain directing to your_server_ip
- A: your_domain directing to your_server_ip

Installation

Connect to the Server via Putty or a preferred CLI

Check for sudo access and update packages:

sudo apt update

Install Apache2:

sudo apt install apache2

Firewall Configuration

Check the Current Firewall Application Profiles:

sudo ufw app list

The output for the command should look something like this:

Output
Available applications:
  Apache
  Apache Full
  Apache Secure
  OpenSSH

Understanding the different profiles: Apache: This profile opens only port 80 (normal, unencrypted web traffic) Apache Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic) Apache Secure: This profile opens only port 443 (TLS/SSL encrypted traffic)
Which Profile to Use?: As a generic profile to enable, Apache is acceptable for testing and development while Apache Full or Apache Secure should be used in the production environment.

For mission-critical resources, avoid using Apache Secure unless there is a backup DNS that can provide alternative HTTP/HTTPS access to the host. This is to provide immediate redundancy in the event of an SSL Expiration or DNS Issue.

Once the Profile has been chosen, use the following to enable it:

sudo ufw allow 'Apache'

Check the Status of the Firewall to confirm configuration change:

sudo ufw status

If the Firewall is inactive:

sudo ufw enable

Configure Web Server

Get the Apache2 Service Status:

sudo systemctl status apache2

View the device hosts:

hostname -I

Find the local address for the device, and try connecting via HTTP:

http://apache2_server_ip

Setup Virtual Host Directory

Create a Directory for the Domain:

sudo mkdir /var/www/your_domain

Set Ownership of the Domain Directory to the running User:

sudo chown -R $USER:$USER /var/www/your_domain

Set Permissions for the Domain Directory:

sudo chmod -R 755 /var/www/your_domain

Use your preferred text editor to create the index.html file:

sudo nano /var/www/your_domain/index.html

Here is a simple index.html greeting template:

<html>
    <head>
        <title>Welcome to the Virtual Host!</title>
    </head>
    <body>
        <h1>Success!  The virtual host configuration is working!</h1>
    </body>
</html>

Use your preferred text editor to create the Virtual Host Configuration:

sudo nano /etc/apache2/sites-available/your_domain.conf

A standard Virtual Host Configuration for HTTPS:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName your_domain
    ServerAlias www.your_domain
    DocumentRoot /var/www/your_domain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Use the Apache2 Enable Site command to activate the Virtual Host Configuration:

sudo a2ensite your_domain.conf

Use the Apache2 Disable Site command to deactivate the Default Virtual Host Configuration:

sudo a2dissite 000-default.conf

Test the configurations with apache2ctl:

sudo apache2ctl configtest

Check the output for Syntax OK to confirm the configuration:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

Some errors may require resolution before deployment, these types of errors will require troubleshooting if they prevent the standard configuration from running as expected

Once the configuration has been confirmed, restart Apache2:

sudo systemctl restart apache2

FileZilla Static Site Import

If there is a pre-existing set of files for the website, these can be configured at this stage if confident in ones ability to continue the remaining tasks.

sudo apt-get install filezilla

Install the appropriate Client for your configuration from the following resource: https://filezilla-project.org/download.php?type=client

Once Installed, run FileZilla and connect with to the Host Server via Port 22 with the login credentials for the Apache2 setup.

Once FileZilla has connected successfully, use FileZilla to Create a New Directory under:

/home/youruser/moveme

Using FileZilla to generate the moveme directory is a non-destructive way to test the permissions for the operation before copying the contents of the website to the moveme directory to avoid file errors mid-transfer which requires clearing the directory and restarting the import to avoid file overwrite issues.

Once the files have been transferred to moveme, use the Putty Session to move them to the Apache2 Directory:

sudo mv /home/youruser/moveme /var/www/your_domain

Reload Apache2:

sudo systemctl reload apache2

Visit the site URL with HTTP to test the site contents:

http://apache2_server_ip

Add LetsEncrypt SSL

A free SSL may be acquired from the LetsEncrypt Service,

Install the Certbot:

sudo apt install certbot python3-certbot-apache

Run the Certbot:

sudo certbot --apache

Check the configuration:

sudo apache2ctl configtest

Check the Current Firewall Application Profiles:

sudo ufw app list

Use the following to allow http & https access:

sudo ufw allow 'Apache Full'

Check the Status of the Firewall to confirm configuration change:

sudo ufw status

If the Firewall is inactive:

sudo ufw enable

When troubleshooting or looking for guidance on installing LetsEncrypt, the following resource provides instructions for different services and operating systems: https://certbot.eff.org/instructions

Prerequisites​

Installation​

Firewall Configuration​

Configure Web Server​

Setup Virtual Host Directory​

FileZilla Static Site Import​

Add LetsEncrypt SSL​