Setting up an Apache web server
Background
If you want to host a website for your lab, or a web application of some sort, you are going to need to work with a webserver. Apache Web Server is a software package that turns a computer into an HTTP server. That is, it sends web pages – stored as HTML files – to people on the internet who request them. It is open-source software, which means it can be used and modified freely.
The job of a web server is to serve websites on the internet. To achieve that goal, it acts as a middleman between the server and client machines. It pulls content from the server on each user request and delivers it to the web…..One of the most popular web servers, Apache allows you to run a secure website without too much of a headache. It is free and open-source, making it a frequent choice of solopreneurs and small businesses who want a presence on the web…..The way Apache HTTP server works is that it will accept requests from the web browser, such as Google Chrome and Microsoft Edge, and turn programming scripts into web pages which contents are visible by the visitors.
What this documentation will help achieve
This guide will help you install the Apache web server on Ubuntu Linux and configure a HTTPS secure connection for all incoming web traffic.
The steps outlined below will ensure that all incoming web traffic to your server from port 80 (HTTP) will be redirected to port 443 (HTTPS). Port 80 is still accessible but redirects automatically. Redirection is configured after the SSL certificate is in place.
Prerequisites
- A system running Ubuntu Server
- An internet connection
- Access to a user account with sudo privileges
Tools / Software
- A command-line utility (Use keyboard shortcut CTRL-ALT-T, or right-click the desktop and left-click Open Terminal)
- A firewall – the default UFW (Uncomplicated Firewall) in Ubuntu is fine
- The APT package manager, installed by default on Ubuntu
Steps
- Request a Virtual Private Server (VPS) from TU Delft ICT
- Install Apache web server on the VPS
- Request an SSL certificate from TU Delft ICT
- Configure the SSL certificate file on your VPS
- Redirect all incoming web traffic to HTTPS
Step 1. Request a Virtual Private Server from TU Delft ICT
You can make a request for a server via the TopDesk self service portal. If you would like more information, documentation can be found here ___
Note: to run a web server, ports 80 (HTTP) and 443 (HTTPS) must be opened.
Step 2. Install Apache web server on the VPS
Apache is an open source web server that’s available for Linux servers. It is one of the most commonly used softwares for creating a web server. And, it’s free!
Installing Apache can be done using commands in the terminal. These instructions are documented with further information at the link in the beginning of this paragraph. First, make sure your local software packages are up to date by running:
sudo apt-get update
When that has finished, install the Apache package using:
sudo apt-get install apache2
The system prompts for confirmation – do so, and allow the system to complete the installation.
Find the IP address of your VPS by running:
hostname -I | awk '{print $1}'
Use this IP address to enter the following command in your terminal, replacing local.server.ip with the actual IP address of your server:
http://local.server.ip
If the installation was completed successfully, you should see the Apache2 Ubuntu Default page in your web browser.
Although the Apache installation process is complete, there is one more additional step. Configure the default UFW firewall to allow traffic on port 80.
Start by displaying available app profiles on UFW:
sudo ufw show app list
Use the following command to allow normal web traffic on port 80:
sudo ufw allow 'Apache Full'
Verify the changes by checking UFW status:
sudo ufw status
At this point, your Apache web server is serving over HTTP, which is a good first step! But remember, we need to secure the connection over HTTPS. So, we still have a few more steps.
Step 3. Request an SSL certificate from TU Delft ICT
Detailed directions on how to do this can be found here ___
You can create the .csr file directly on the VPS by first create a directory on /etc/apache2 called ssl:
mkdir /etc/apache2/ssl
Then, generate a CSR and private key using:
openssl req -x509 -newkey rsa:4096 -keyout <server_domain>.key -out <server_domain>.csr -nodes
After successfully running the command it will ask for the information of certificate request. Complete it using the appropriate information and then
The .csr file must be sent to TU Delft ICT using this TopDesk form: TOPdesk SSL certificate server request.
Step 4. Configure the SSL certificate on your VPS
When you receive SSL certificate files from the signing authority via TU Delft ICT, you need to put the information from this certificate in a specific place on your VPS in order to securely expose the web server. These instructions come from here: - Configure ssl for https
Navigate to the default Apache site config directory using the following command:
sudo nano /etc/apache2/sites-available/default-ssl.conf
This config file tells the server where to find SSL certificate. It should look like this:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>Edit this: ServerAdmin webmaster@localhost to this: ServerAdmin email@example.net
Add this right below the ServerAdmin line:
ServerName ADD_YOUR_IP_OR_DOMAIN_NAME_HERENow, edit these lines with our certificate location:
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.keyOur file should look like this:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin email@example.net
ServerName 203.0.113.122
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>Save the file, and close it.
Note: If you are using something other than Apache Web Server (like, nginx for example) you can also create the SSL config file from scratch. Each application will have different syntax that should be used in this file. You can see how the syntax is set up by using this tool
Enable the SSL module using following command:
sudo a2enmod ssl
Now enable the site we have just edited:
sudo a2ensite default-ssl.conf
Restart Apache:
sudo service apache2 restart
The website is now secure, access it using following address in the browser
https://YOUR_SERVER_IP
Step 5. Redirect all incoming web traffic to HTTPS
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod rewrite
Add in apache conf:
ProxyPass /thredds http://localhost:8080/thredds
ProxyPassReverse /thredds http://localhost:8080/thredds
RedirectMatch ^/$ /thredds/Notes and Next Steps
Test that your web server is secured by HTTPS by typing the Fully Qualified Domain Name (FQDN) of your server in a web browser. If HTTPS is enabled, the URL should begin with it - if it still says HTTP, something will need to be reconfigured.