https://neurobin.org/docs/web/cpanel/installing-tls-ssl-certificate-using-cpanel/thumb0.png You can read the previous part of the series, by [clicking here](https://steemit.com/tutorial/@dimitrisp/servers-101-setting-up-a-web-server-part-2-basic-configuration) Other stuff in the series: * [Intro and getting into your server](https://steemit.com/tutorial/@dimitrisp/servers-101-intro-and-getting-into-your-server) * [Basic Server Security](https://steemit.com/tutorial/@dimitrisp/servers-101-basic-server-security-part-1) --- In the webserver series, we will configure a web server. We will install Apache, PHP 7.1 and MySQL, we will setup a Let's Encrypt bot, and a bandwidth monitor. We will also setup Wordpress, phpMyAdmin and we will open the needed ports on UFW. What we WON'T do, is to install an FTP server. When time comes, I will help you configure Filezilla to use your private key (the one we made on the 3rd part of the "Basic Server Security" series), and you will upload anything you want via this. This series will be split into 3 or 4 parts, as it is large as well. Writing everything in one post is counter productive for me. --- On the previous part we configured our server software (Apache, MySQL, PHP etc..) On this part we will only install a certificate and make it auto-renew with Let's Encrypt! --- ## Install Let's Encrypt's certbot: ``` sudo apt-get install python-certbot-apache ``` --- ## Prepare Apache Before we begin, we must configure a hostname on Apache default config. Go ahead and do that: ``` sudo nano /etc/apache2/sites-available/000-default.conf ``` Just above `ServerAdmin webmaster@localhost` put these lines, but change them to read your domain name: ``` ServerName exampledomain.com ServerAlias www.exampledomain.com ``` *If you are just hosting a subdomain, for example this.exampledomain.com, and you don't want to add the "www." infront, just skip ServerAlias and you are good to go* Save, exit and test your config changes ``` sudo apache2ctl configtest ``` If you get `Syntax OK`, then you are good to go. Otherwise you've got an error. Recheck what you typed in! --- ## Generate and install a certificate! Run this command to start Certbot ``` sudo certbot --apache ``` You will get something like this:  Press 1 (or the number corresponding to the domain name you want to install a certificate for) and then Enter. First, we need to give an email for expiry and renewal notifications. We also need to read the terms and confirm we agree. Then we will get asked if we only want HTTPS access, or if it is optional. I strongly suggest that you say "Secure" (Everything goes HTTPS), by typing 2 and then enter --- ## Autorenewing Let's Encrypt Let's Encrypt certificates are valid for 90 days. This is something done to make sure that all certificates, especially ones maliciously generated, are expiring fast. In order to have peace of mind, and not renewing your certificate manually every 90 days, we will setup certbot to check your certificates twice every week (on my servers, this runs every Monday and Thursday) The renew command is this: ``` sudo certbot renew ``` If you run it, the check will run immediately and if any certificate is near its expiration date (that is, less than 30 days before expiration date), it will be renewed. To make it automated, we will use `crontab`! `crontab` means "cron table". A table is a table (duh!), and cron is a job scheduler in Linux and other Unix-like operating systems. To start the editor, type ``` crontab -e ``` If it is the first time you run `crontab`, you will get this prompt: >no crontab for root - using an empty one > >Select an editor. To change later, run 'select-editor'. > 1. /bin/ed > 2. /bin/nano <---- easiest > 3. /usr/bin/vim.basic > 4. /usr/bin/vim.tiny > >Choose 1-4 [2]: Choose nano (input 2 and press enter), unless you prefer any of the other editors that exist in the list. A cronjob syntax is this: >Minute Hour DayOfMonth Month DayOfWeek Command To Execute Filling something with an asterisk means that you want to run this on every instance of the field. For example, this: >* 1 * * * ls /var/www will list the contents of /var/www every minute, when it is 1 hour after midnight, every day. So, I want to run the renew command every Monday (day 1) and every Thursday (day 4) at 3:35: ``` 35 3 * * 1,4 /usr/bin/certbot renew >> /var/log/le-renew.log ``` Put this inside the crontab nano, (change the minutes/hours/days if you want to) and save it. When time comes, the check will happen. You can review the log file every now and then to make sure everything went fine by typing ``` sudo nano /var/log/le-renew.log ``` --- That's it for now! What we have left to do, is make Apache to use multiple virtual hosts and create a password protected directory where we will make `vnstati` generate some graphs to monitor our bandwidth usage easily. Thank you for reading. If you liked my small tutorial, or have any questions, feel free to leave a comment. * Main image courtesy of Neurobin --- [The next part, and finale of the Web server series, is now available. Click here](https://steemit.com/tutorial/@dimitrisp/servers-101-setting-up-a-web-server-part-4-virtual-hosts-and-vnstati-graphs) ## If you need a place to host your servers consider [Vultr](http://www.vultr.com/?ref=6810357), [Digital Ocean](https://m.do.co/c/5fa6a0d4ee92) and [BuyVM](https://my.frantech.ca/aff.php?aff=2040). These are affiliate links. If you sign up through them, you support me and I will have more free time to write more content like this. Also If you signup for Digital Ocean through my affiliate link, you will get $10 to try them out. *Note: to battle abusers of this offer, you'll have to make a $5 deposit via Paypal or add your credit/debit card, so they can confirm that you are a new user. I did a deposit via Paypal to test them out, and then I added my credit card so I won't have to deposit money manually every now and then.* <a href="http://www.vultr.com/?ref=6810357" target="_blank"><img src="https://www.vultr.com/media/banner_1.png?www"></a> --- ## Also, I am running a witness server. Please consider <a href="https://steemit.com/~witnesses" target="_blank">voting me for a witness</a>. [You can read my witness declaration here](https://steemit.com/witness-category/@dimitrisp/witness-declaration-of-dimitrisp)
author | dimitrisp |
---|---|
permlink | servers-101-setting-up-a-web-server-part-3-ssl |
category | tutorial |
json_metadata | {"tags":["tutorial","linux","howto","servers","webserver"],"image":["https://neurobin.org/docs/web/cpanel/installing-tls-ssl-certificate-using-cpanel/thumb0.png","https://steemitimages.com/DQma9cZofesrWhaKDrTfcpv526VFQxC14Bhxn9EHstRvSQp/image.png","https://www.vultr.com/media/banner_1.png?www"],"links":["https://steemit.com/tutorial/@dimitrisp/servers-101-setting-up-a-web-server-part-2-basic-configuration","https://steemit.com/tutorial/@dimitrisp/servers-101-intro-and-getting-into-your-server","https://steemit.com/tutorial/@dimitrisp/servers-101-basic-server-security-part-1","https://steemit.com/tutorial/@dimitrisp/servers-101-setting-up-a-web-server-part-4-virtual-hosts-and-vnstati-graphs","http://www.vultr.com/?ref=6810357","https://m.do.co/c/5fa6a0d4ee92","https://my.frantech.ca/aff.php?aff=2040","https://steemit.com/~witnesses","https://steemit.com/witness-category/@dimitrisp/witness-declaration-of-dimitrisp"],"app":"steemit/0.1","format":"markdown"} |
created | 2017-07-16 07:34:21 |
last_update | 2017-07-17 07:35:06 |
depth | 0 |
children | 21 |
last_payout | 2017-07-23 07:34:21 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 15.010 HBD |
curator_payout_value | 4.706 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 6,540 |
author_reputation | 75,800,974,934,104 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 8,646,542 |
net_rshares | 4,072,890,180,865 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
theprophet0 | 0 | 4,037,841,180,651 | 47% | ||
bitcoinparadise | 0 | 133,102,859 | 0.05% | ||
banjo | 0 | 267,998,263 | 1% | ||
ribalinux | 0 | 5,730,133,251 | 25% | ||
bryanoemar | 0 | 10,968,708,430 | 100% | ||
gk01 | 0 | 0 | 100% | ||
coinkingz | 0 | 8,868,250,236 | 100% | ||
mohammedfelahi | 0 | 125,651,547 | 100% | ||
slash-es | 0 | 8,292,399,049 | 100% | ||
zesire | 0 | 342,463,111 | 100% | ||
sharavovasweet | 0 | 320,293,468 | 100% | ||
orodrummer | 0 | 0 | 100% |
some might find this website useful for installing certbot: https://certbot.eff.org/#ubuntuxenial-apache
author | gk01 |
---|---|
permlink | re-dimitrisp-servers-101-setting-up-a-web-server-part-3-ssl-20170814t222058566z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"links":["https://certbot.eff.org/#ubuntuxenial-apache"],"app":"steemit/0.1"} |
created | 2017-08-14 22:20:57 |
last_update | 2017-08-14 22:20:57 |
depth | 1 |
children | 0 |
last_payout | 2017-08-21 22:20:57 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 104 |
author_reputation | 0 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 11,820,517 |
net_rshares | 0 |
apparently you need to setup the DNS A records for your domains, so that the sites obviously don't timeout upon request, before you can get certificates for them
author | gk01 |
---|---|
permlink | re-dimitrisp-servers-101-setting-up-a-web-server-part-3-ssl-20170814t222452471z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"app":"steemit/0.1"} |
created | 2017-08-14 22:24:51 |
last_update | 2017-08-14 22:24:51 |
depth | 1 |
children | 13 |
last_payout | 2017-08-21 22:24:51 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 161 |
author_reputation | 0 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 11,820,746 |
net_rshares | 0 |
This is done from your domain registrar. There are thousands domain registrars and managers, so I can't help you there. If you tell me where did you register your domain, I could look it up
author | dimitrisp |
---|---|
permlink | re-gk01-re-dimitrisp-servers-101-setting-up-a-web-server-part-3-ssl-20170815t055508207z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"app":"steemit/0.1"} |
created | 2017-08-15 05:55:12 |
last_update | 2017-08-15 05:55:12 |
depth | 2 |
children | 12 |
last_payout | 2017-08-22 05:55:12 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 189 |
author_reputation | 75,800,974,934,104 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 11,847,478 |
net_rshares | 0 |
Goddady is the registrar of the domain I'm using to test this. I've already set the A record on there to my public IP address. However, it doesn't seem to be directing queries to the test website I have on my server. Notably, I set up a DHCP reservation for my PC's internal IP, and also set up dynamic DNS for my router via noip.com since my router is assigning internal IPs dynamically and my ISP is, I believe, assigning dynamic IPs externally. So one of my questions is: I should be using the dynamic DNS address (i.e. myhostname.ddns.net), right? Don't I need to change the name server addresses on Godaddy too? I don't know why it's not redirecting to my website :/
author | gk01 |
---|---|
permlink | re-dimitrisp-re-gk01-re-dimitrisp-servers-101-setting-up-a-web-server-part-3-ssl-20170815t073227278z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"app":"steemit/0.1"} |
created | 2017-08-15 07:32:27 |
last_update | 2017-08-15 07:33:12 |
depth | 3 |
children | 11 |
last_payout | 2017-08-22 07:32:27 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 675 |
author_reputation | 0 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 11,853,128 |
net_rshares | 0 |
I honestly know little about servers. What would be some of the benefits of setting up your own encrypted server? How easy is it to monetize an encrypted server?
author | ironmanmatt | ||||||
---|---|---|---|---|---|---|---|
permlink | re-dimitrisp-2017716t161839512z | ||||||
category | tutorial | ||||||
json_metadata | {"tags":"tutorial","app":"esteem/1.4.7","format":"markdown+html","community":"esteem"} | ||||||
created | 2017-07-16 08:18:45 | ||||||
last_update | 2017-07-16 08:18:45 | ||||||
depth | 1 | ||||||
children | 2 | ||||||
last_payout | 2017-07-23 08:18:45 | ||||||
cashout_time | 1969-12-31 23:59:59 | ||||||
total_payout_value | 0.000 HBD | ||||||
curator_payout_value | 0.000 HBD | ||||||
pending_payout_value | 0.000 HBD | ||||||
promoted | 0.000 HBD | ||||||
body_length | 161 | ||||||
author_reputation | 489,360,389,311 | ||||||
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" | ||||||
beneficiaries |
| ||||||
max_accepted_payout | 1,000,000.000 HBD | ||||||
percent_hbd | 10,000 | ||||||
post_id | 8,648,862 | ||||||
net_rshares | 0 |
Setting up your own server (encrypted or not) helps your site or your application to be as far away as possible from "noisy neighbors" (sites that have a huge amount of traffic or using a huge amount of the server's CPU). Your site will have a great boost in speed (especially if you use a provider with great uplinks and a powerfull server). Also, if you are on a shared hosting account, the provider hasn't secured the server enough, and one of the other sites becomes a target, your site would go down as well in case of a nullroute (fancy term for "Suspending you server's internet connection forever or until the attack has passed") Also, if you know what you are doing, and you manage yourself, you can actually bring costs down, by hosting all your apps and sites in one server (if the server can hold all of them of course!) As for monetisation, that's an irrelevant question, unless you plan to start a web hosting service. If this is not something you would think to do, monetisation has to do with the content or apps you will host. Thank you for your comment, and sorry for the long reply! Things got out of hand while writing this! :)
author | dimitrisp |
---|---|
permlink | re-ironmanmatt-re-dimitrisp-2017716t161839512z-20170716t084023252z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"app":"steemit/0.1"} |
created | 2017-07-16 08:40:24 |
last_update | 2017-07-16 08:40:24 |
depth | 2 |
children | 1 |
last_payout | 2017-07-23 08:40:24 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 1,151 |
author_reputation | 75,800,974,934,104 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 8,650,042 |
net_rshares | 0 |
do you have any tutorial on setting up DNS because running executing certbot --apache obviously will not work otherwise
author | gk01 |
---|---|
permlink | re-dimitrisp-re-ironmanmatt-re-dimitrisp-2017716t161839512z-20170814t223211401z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"app":"steemit/0.1"} |
created | 2017-08-14 22:32:12 |
last_update | 2017-08-14 22:32:12 |
depth | 3 |
children | 0 |
last_payout | 2017-08-21 22:32:12 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 119 |
author_reputation | 0 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 11,821,142 |
net_rshares | 0 |
Thanks for the great tutorial! I specifically needed the auto renew command for my Google hosted server setup. Do you recommend configuring HSTS for my SSL websites?
author | orodrummer |
---|---|
permlink | re-dimitrisp-servers-101-setting-up-a-web-server-part-3-ssl-20180120t174351666z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"app":"steemit/0.1"} |
created | 2018-01-20 17:43:51 |
last_update | 2018-01-20 17:43:51 |
depth | 1 |
children | 2 |
last_payout | 2018-01-27 17:43:51 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 166 |
author_reputation | 142,944,109,766 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 30,915,995 |
net_rshares | 0 |
If you have data that you can't afford to leak, then yes. Make sure you sign up your website on HSTS Preload Lists in this case, for an extra layer of data security!
author | dimitrisp |
---|---|
permlink | re-orodrummer-re-dimitrisp-servers-101-setting-up-a-web-server-part-3-ssl-20180123t115607497z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"app":"steemit/0.1"} |
created | 2018-01-23 11:56:06 |
last_update | 2018-01-23 11:56:06 |
depth | 2 |
children | 1 |
last_payout | 2018-01-30 11:56:06 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 165 |
author_reputation | 75,800,974,934,104 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 31,630,393 |
net_rshares | 0 |
Thanks for the input. Now I just need to figure out how to get alerts on Steemit so I can respond to people in a timely manner.
author | orodrummer |
---|---|
permlink | re-dimitrisp-re-orodrummer-re-dimitrisp-servers-101-setting-up-a-web-server-part-3-ssl-20180201t033704394z |
category | tutorial |
json_metadata | {"tags":["tutorial"],"app":"steemit/0.1"} |
created | 2018-02-01 03:37:00 |
last_update | 2018-02-01 03:37:00 |
depth | 3 |
children | 0 |
last_payout | 2018-02-08 03:37:00 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 HBD |
curator_payout_value | 0.000 HBD |
pending_payout_value | 0.000 HBD |
promoted | 0.000 HBD |
body_length | 127 |
author_reputation | 142,944,109,766 |
root_title | "Servers 101: Setting up a Web Server part 3 - SSL" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 HBD |
percent_hbd | 10,000 |
post_id | 34,022,004 |
net_rshares | 0 |