Tag: web server

How to install SSL with Apache on Ubuntu

On June 4, 2022

In today’s world of online business and communication, security is more important than ever. One essential aspect of website security is SSL (Secure Sockets Layer), a protocol that encrypts data sent between a web server and a user’s web browser. By using SSL, website owners can protect their users’ personal information from being intercepted or stolen by hackers.

In this tutorial, we’ll walk you through the steps to install and secure your website with SSL on Ubuntu 22.04 using Apache2. By the end of this guide, you’ll have a secure, encrypted connection between your web server and your users’ browsers, helping to ensure their safety and privacy.

Section 1: Installing Apache2 on Ubuntu 22.04

Apache2 is a popular open-source web server software that plays a crucial role in hosting websites on the internet. In this section, we will walk through the process of installing Apache2 on Ubuntu 22.04.

Step 1: Update the Package List
Before installing any new software, it’s always a good idea to update the package list to ensure you are installing the latest version of the software. To update the package list, open the terminal on Ubuntu 22.04 and run the following command:

sudo apt update

Step 2: Install Apache2
Once the package list is updated, you can proceed with installing Apache2 by running the following command:

sudo apt install apache2

This command will download and install Apache2 along with all its dependencies. During the installation process, you will be prompted to confirm the installation by typing y and pressing Enter.

Enable and Start the Apache2 service

sudo systemctl enable apache2
sudo systemctl start  apache2

Step 3: Verify Apache2 Installation
To test if Apache2 is working correctly, open a web browser and enter your server’s IP address or domain name in the address bar. You should see the default Apache2 web page.

I hope that helps! Let me know if you have any questions or suggestions for the blog post.
If Apache2 is installed correctly, you should see a page that says “Apache2 Ubuntu Default Page”.

Congratulations, you have successfully installed Apache2 on Ubuntu 22.04! In the next section, we will proceed with securing the web server by enabling SSL.

If you encounter any issues like Connection timeout or Unable to reach the website during the verification process, one possible cause could be that the Ubuntu firewall is blocking Apache2 traffic.

To check if Apache2 is currently enabled in the firewall, you can use the following command:

sudo ufw status

If the output shows that the firewall is active and Apache2 is not listed as an allowed service, you can add it by running the following command:

sudo ufw allow 'Apache Full'

This will allow both HTTP (port 80) and HTTPS (port 443) traffic to pass through the firewall, ensuring that your website is accessible to visitors.

Section 2: Installing SSL Certificate on Ubuntu 22.04 with Apache2

There are different types of SSL certificates, including domain validated, organization validated, and extended validation certificates. Each type has different features and provides varying levels of trust and security.

To install an SSL certificate on Ubuntu 22.04 with Apache2, you’ll need to follow these steps:

Obtain an SSL certificate: You can purchase an SSL certificate from a certificate authority (CA) or obtain a free SSL certificate from Let’s Encrypt. If you already have an SSL certificate, make sure it is valid and up-to-date.

Configure Apache2 to use the SSL certificate: Apache2 needs to be configured to use the SSL certificate for secure communication. This involves creating a virtual host for the SSL-enabled website, specifying the SSL certificate and key files, and enabling SSL encryption.

You can read more about different SSL certificate types, the process to create a Certificate signing request(CSR), etc in the below blog post:

SSL Certificates: What They Are and Why Your Website Needs Them

Here are the steps for creating and configuring virtual hosts for Apache on Ubuntu 22.04:

1. Create a new virtual host configuration file:

sudo nano /etc/apache2/sites-available/linuxwebhostingsupport.in.conf

Add the following configuration to the file, replacing linuxwebhostingsupport.in with your own domain name:

<VirtualHost *:80>
    ServerAdmin admin@linuxwebhostingsupport.in
    ServerName linuxwebhostingsupport.in
	ServerAlias www.linuxwebhostingsupport.in
    DocumentRoot /var/www/html/linuxwebhostingsupport.in/html

    <Directory /var/www/html/linuxwebhostingsupport.in/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/linuxwebhostingsupport.in_error.log
    CustomLog ${APACHE_LOG_DIR}/linuxwebhostingsupport.in_access.log combined
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin admin@linuxwebhostingsupport.in
    ServerName linuxwebhostingsupport.in
	ServerAlias www.linuxwebhostingsupport.in
    DocumentRoot /var/www/html/linuxwebhostingsupport.in/html

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/linuxwebhostingsupport.in.crt
    SSLCertificateKeyFile /etc/ssl/private/linuxwebhostingsupport.in.key
    SSLCertificateChainFile /etc/ssl/certs/linuxwebhostingsupport.in_cabundle.crt

    <Directory /var/www/html/linuxwebhostingsupport.in/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/linuxwebhostingsupport.in_error.log
    CustomLog ${APACHE_LOG_DIR}/linuxwebhostingsupport.in_access.log combined
</VirtualHost>

Note: replace the paths to SSL certificate files with your own paths.

2. Enable the virtual host configuration file:

sudo a2ensite linuxwebhostingsupport.in.conf

3. Create the documentroot
Run the following command to create the directory:

sudo mkdir -p /var/www/html/linuxwebhostingsupport.in/html

4. Create an HTML file named index.html in the new directory by running the following command:

sudo nano /var/www/html/linuxwebhostingsupport.in/html/index.html

This will open a text editor. Add the following code to the file:

<html>
    <head>
        <title>Hello, world!</title>
    </head>
    <body>
        <h1>Hello, world!</h1>
        <p>Welcome to my website!</p>
    </body>
</html>

5. Reload Apache for the changes to take effect:

sudo systemctl reload apache2

Section 3: Testing SSL on Ubuntu 22.04 with Apache2

Test your SSL configuration by visiting your domain in a web browser and verifying that the SSL certificate is valid and the website loads correctly over HTTPS. The browser should display a padlock icon and the connection should be secure

You can also use the online tools like https://www.sslshopper.com/ssl-checker.html to check the configuration further. It can show if there any issues with certificate chain or trust.

Section 4. Troubleshooting SSL on Ubuntu 22.04 with Apache2

1. Certificate errors: If you encounter a certificate error, such as a warning that the certificate is not trusted or has expired, check the certificate’s validity and ensure it’s installed correctly. You can check the certificate’s details using your web browser, and make sure it matches the domain name and other relevant details.

2. Mixed content warnings: If you see mixed content warnings, which indicate that some parts of the site are not secure, check for any resources that are still being loaded over HTTP instead of HTTPS. This can include images, scripts, and other files.

3. SSL handshake errors: If you see an SSL handshake error, this usually means there’s an issue with the SSL configuration. Check your Apache configuration files and make sure the SSL directives are properly set up. You can also check for any issues with the SSL certificate, such as an invalid or mismatched domain name.

4. Server configuration errors: If the SSL certificate is working properly, but the site is still not loading over HTTPS, check your server configuration files to make sure the VirtualHost configuration is correct. Make sure the correct SSL certificate and key files are specified and that the SSL directives are set up correctly.

5. Browser-specific issues: If you’re only experiencing SSL issues in a specific web browser, make sure the browser is up to date and try clearing the cache and cookies. You can also try disabling any browser extensions that may be interfering with the SSL connection.

Remember, troubleshooting SSL issues can be complex and may require some technical expertise. If you’re not comfortable with these steps or need additional help, it’s always a good idea to consult with a professional. You can contact me at admin @ linuxwebhostingsupport.in

Section 5: Best Practices for SSL Configuration on Ubuntu 22.04 with Apache2

Here are some tips and best practices for configuring SSL on Ubuntu 22.04 with Apache2:

1. Keep SSL certificates up to date: Make sure to renew your SSL certificates before they expire. This can be done through the certificate authority where you purchased the certificate. Keeping your SSL certificates up to date will ensure that your website visitors are not presented with security warnings or errors.

2. Configure Apache2 for HTTPS-only access: Configure your web server to only serve HTTPS traffic. This can be done by redirecting all HTTP traffic to HTTPS. To do this, add the following lines to your Apache virtual host configuration or. htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

3. Use secure ciphers and protocols: Use secure ciphers and protocols to protect the confidentiality and integrity of your website traffic. Disable weak ciphers and protocols such as SSLv2 and SSLv3. Use TLSv1.2 or higher, and prefer the use of forward secrecy. You can configure this in your Apache virtual host configuration file by adding the following lines:

SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on

You can find more detailed instruction on making your SSL configuration strong and best practices in the below post:

Strong TLS/SSL Security on your server

By following these best practices, you can ensure that your SSL configuration is secure and up to date.

Section 6. Summary

In this tutorial, we discussed how to install and configure SSL certificates on Ubuntu 22.04 with Apache2. We covered the different types of SSL certificates, the steps for obtaining and installing an SSL certificate, and how to configure Apache2 to use the SSL certificate. We also discussed how to create virtual hosts for both SSL and non-SSL sites and how to troubleshoot SSL issues.

It’s important to emphasize the importance of SSL for website security and user trust. SSL encryption helps protect sensitive information, such as passwords and credit card numbers, from being intercepted by attackers. Additionally, having a valid SSL certificate gives users confidence that they are interacting with a legitimate website and not an imposter.

To follow best practices for SSL configuration, it’s recommended to keep SSL certificates up to date, configure Apache2 for HTTPS-only access, and use secure ciphers and protocols. By following these best practices, website owners can help ensure the security and trustworthiness of their website.

Step-by-Step Tutorial: Setting up Apache, MySQL, PHP (LAMP Stack) on Ubuntu 22.04 for Beginners

By wahab

On April 23, 2022

In Linux server

What is a LAMP Stack?

LAMP stack is a popular combination of open-source software that is used to run dynamic websites and web applications. The acronym LAMP stands for Linux (operating system), Apache (web server), MySQL (database management system), and PHP (scripting language).

Linux provides the foundation for the LAMP stack, serving as the operating system on which the other software components are installed. Apache is the web server that handles HTTP requests and serves web pages to users. MySQL is a powerful database management system that is used to store and manage website data. PHP is a popular scripting language used to create dynamic web content, such as interactive forms and web applications.

Together, these software components create a powerful platform for building and deploying web applications. The LAMP stack is highly customizable and widely used, making it an excellent choice for developers and system administrators alike.

Prerequisites

1. Ubuntu server: You will need an Ubuntu server to install the LAMP stack. You can use a Virtual/CLoud server or a physical server as per your requirement.

2. SSH access: You will need SSH access to your Ubuntu server to be able to install the LAMP stack. SSH (Secure Shell) is a secure network protocol that allows you to access and manage your server remotely.

3. Non-root user with sudo privileges: It is recommended that you use a non-root user with sudo privileges to install and configure the LAMP stack. This is because running as root can pose a security risk and may lead to unintended consequences if something goes wrong. You can also run the commands as root user.

4. Basic familiarity with Linux command line: A basic understanding of how to use the Linux command line interface (CLI) to run commands and navigate your Ubuntu server is recommended, not mandatory.

Installing a LAMP Stack on Ubuntu
In this section, the process of installing a LAMP Stack on Ubuntu 22.04 LTS is outlined. These instructions can be applied to Ubuntu 20.04 LTS as well.

A LAMP stack is a popular combination of open-source software used to run dynamic websites or web applications. LAMP stands for Linux (operating system), Apache (web server), MySQL (database management system), and PHP (scripting language). In this guide, we will walk you through the steps involved in installing and configuring a LAMP stack on an Ubuntu server.

Step 1: Update Your Ubuntu Server
Before we begin installing LAMP stack components, let’s update the server’s software packages by running the following command:

sudo apt update && sudo apt upgrade

Step 2: Install Apache
Apache is the most widely used web server software. To install it, run the following command:

sudo apt install apache2

Once the installation is complete, you can check the status of Apache by running the following command:

sudo systemctl status apache2
This will display Apache’s status as either active or inactive.

Step 3: Install MySQL
MySQL is a popular open-source database management system. To install it, run the following command:

sudo apt install mysql-server
Once the installation is complete, you can check the status of MySQL by running the following command:

sudo systemctl status mysql
This will display MySQL’s status as either active or inactive.

Step 4: Install PHP
PHP is a popular server-side scripting language used to create dynamic web content. To install it, run the following command:

sudo apt install php libapache2-mod-php php-mysql

There are several additional PHP modules recommended for a CMS like WordPress. You can install them by running the command below:
sudo apt-get install php-curl php-gd php-xml php-mbstring php-imagick php-zip php-xmlrpc
After installing these modules, you will need to restart your Apache server for the changes to take effect. You can do this by running the following command:

sudo systemctl restart apache2

Setting up firewall rules to allow access to Apache web server

UFW is the default firewall with Ubuntu systems, providing a simple command-line interface to configure iptables, the software-based firewall used in most Linux distributions. UFW provides various application profiles that can be utilized to manage traffic to and from different services. To view a list of all the available UFW application profiles, you can run the command:

sudo ufw app list

Output
Available applications: Apache Apache Full Apache Secure OpenSSH

These application profiles have different configurations for opening specific ports on the firewall. For instance:

Apache: Allows traffic on port 80, which is used for normal, unencrypted web traffic.
Apache Full: Allows traffic on both port 80 and port 443, which is used for TLS/SSL encrypted traffic.
Apache Secure: Allows traffic only on port 443 for TLS/SSL encrypted traffic.

To allow traffic on both port 80 and port 443(SSL), you can use the Apache Full profile by running the following command:

sudo ufw allow in "Apache Full"

You can verify that the change has been made by running the command:
sudo ufw status

Output

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                                
Apache Full                ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)                    
Apache Full(v6)            ALLOW       Anywhere (v6)

To test if the ports are open and Apache web server is accessible, you can try visiting your server’s public IP address in a web browser using the URL http://your_server_ip. If successful, you should see the default Apache web page.

If you can view this page, your web server is correctly installed and accessible through your firewall.

Configuring the MySQL Database server
Upon installation of MySQL, it is immediately available for use. However, in order to utilize it for web applications such as WordPress and improve the security of said applications, it is imperative to generate a database user and database. To complete the configuration process for MySQL, please adhere to the following steps.

To configure MySQL and improve application security, follow these steps:

1. Log in to the MySQL shell as the root user:

sudo mysql -u root

2. Using the MySQL shell, you can create the wpdatabase database and generate a new user account for accessing the web application. Instead of using the placeholders “dbuser” and “password” in the CREATE USER query, you should provide a real username and password. Furthermore, you should grant complete permissions to the user. After each line, MySQL should respond with “Query OK.”

CREATE DATABASE wpdatabase ; CREATE USER 'dbuser' IDENTIFIED BY 'password'; GRANT ALL ON wpdatabase .* TO 'dbuser';

Exit the SQL shell:
quit

3. Set a password for root’@’localhost:

sudo mysql ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'password';

Exit the SQL shell:
quit

Note: Replace “password” with a strong password.
4. Use the mysql_secure_installation tool to increase database security:

sudo mysql_secure_installation

When prompted to change the root password, leave it unchanged. Answer Y for the following questions:

Remove anonymous users?
Disallow root login remotely?
Remove test database and access to it?
Reload privilege tables now?

To log in to the MySQL shell as root after this change, use “sudo mysql -u root” and type “quit” exit the SQL Shell.

It’s worth noting that when connecting as the root user, there’s no need to enter a password, despite having defined one during the mysql_secure_installation script. This is due to the default authentication method for the administrative MySQL user being unix_socket rather than password. Although it may appear to be a security issue, it actually strengthens the security of the database server by only allowing system users with sudo privileges to log in as the root MySQL user from the console or through an application with the same privileges. As a result, you won’t be able to use the administrative database root user to connect from your PHP application. However, setting a password for the root MySQL account acts as a precautionary measure in case the default authentication method is changed from unix_socket to password.

Creating a Virtual Host for your Website

In order to host multiple domains from a single server, Apache web server provides the capability to create virtual hosts. These virtual hosts are beneficial as they allow you to encapsulate configuration details for each domain. In this tutorial, we will walk you through setting up a domain named “example.com”. However, it is important to keep in mind that you should replace “example.com” with your own domain name.

By default, Ubuntu 22.04’s Apache web server has a single virtual host that is enabled and configured to serve documents from the /var/www/html directory. While this is a workable solution for a single site, it becomes cumbersome when hosting multiple sites. Therefore, instead of modifying /var/www/html, we will create a directory structure within the /var/www directory specifically for the example.com site. In doing so, we will leave /var/www/html in place as the default directory to be served if a client request does not match any other sites.

1. First, create a new directory for the “example.com” website files:

sudo mkdir /var/www/example.com

2. Assign the ownership of the directory to the web server user (www-data):

sudo chown -R www-data:www-data /var/www/example.com

3. Create a new virtual host configuration file for “example.com” using the nano text editor:

sudo nano /etc/apache2/sites-available/example.com.conf

4. Add the following configuration to the file, replacing “example.com” with your own domain name:

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com

    <Directory /var/www/example.com>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
</VirtualHost>

This configuration specifies that the “example.com” domain should use the files located in the /var/www/example.com directory as its document root.

5. Disable the default Apache site configuration to avoid conflicts:

sudo a2dissite 000-default.conf

6. Enable the “example.com” site configuration:
sudo a2ensite example.com.conf

7. Restart Apache to apply the changes:
sudo systemctl restart apache2

8. Create a test “hello world” HTML file:
sudo nano /var/www/example.com/index.html

Add the following HTML code to the file:

<!DOCTYPE html>
<html>
<head>
    <title>Hello World</title>
</head>
<body>
    <h1>Hello World!</h1>
</body>
</html>

9. Save and close the file.

10. Finally, configure your DNS records to point the “example.com” domain to your server’s IP address. Once the DNS records are updated, you can access the website by visiting “http://example.com” in your web browser.

Testing the LAMP Stack Installation on Your Ubuntu Server
To ensure that the LAMP stack configuration is fully functional, it’s necessary to conduct tests on Apache, PHP, and MySQL components. Verifying the Apache operational status and virtual host configuration was done earlier. Now, it’s important to test the interaction between the web server and PHP and MySQL components.

The easiest way to verify the configuration of the Ubuntu LAMP stack is by using a short test script. The PHP code does not need to be lengthy or complex; however, it must establish a connection to MySQL. The test script should be placed within the DirectoryRoot directory.

To validate the database, use PHP to invoke the mysqli_connect function. Use the username and password created in the “Configuring the MySQL Database server” section. If the attempt is successful, the mysqli_connect function returns a Connection object. The script should indicate whether the connection succeeded or failed and provide more information about any errors.

To verify the installation, follow these steps:

1. Create a new file called “phptest.php” in the /var/www/example.com directory.

<html>
<head>
    <title>PHP MySQL Test</title>
</head>
    <body>
    <?php echo '<p>Welcome to the Site!</p>';

    // When running this script on a local database, the servername must be 'localhost'. Use the name and password of the web user account created earlier. Do not use the root password.
    $servername = "localhost";
    $username = "dbuser";
    $password = "password";

    // Create MySQL connection
    $conn = mysqli_connect($servername, $username, $password);

    // If the conn variable is empty, the connection has failed. The output for the failure case includes the error message
    if (!$conn) {
        die('<p>Connection failed: </p>' . mysqli_connect_error());
    }
    echo '<p>Connected successfully</p>';
    ?>
</body>
</html>

2. To test the script, open a web browser and type the domain name followed by “/phptest.php” in the address bar. For example, if your domain name is “example.com”, you would enter “example.com/phptest.php” in the address bar. Make sure to substitute the actual name of the domain for “example.com” in the example provided.

http://example.com/phptest.php

3. Upon successful execution of the script, the web page should display without any errors. The page should contain the text “Welcome to the Site!” and “Connected successfully.” However, if you encounter the “Connection Failed” error message, review the SQL error information to troubleshoot the issue.

Bonus: Install phpMyAdmin
phpMyAdmin is a web-based application used to manage MySQL databases. To install it, run the following command:

sudo apt install phpmyadmin
During the installation process, you will be prompted to choose the web server that should be automatically configured to run phpMyAdmin. Select Apache and press Enter.

You will also be prompted to enter a password for phpMyAdmin’s administrative account. Enter a secure password and press Enter.

Once the installation is complete, you can access phpMyAdmin by navigating to http://your_server_IP_address/phpmyadmin in your web browser.

Congratulations! You have successfully installed and configured a LAMP stack on your Ubuntu server.

Summary
This guide walks through the process of setting up a LAMP Stack, a combination of the Linux operating system, Apache web server, MySQL RDBMS, and PHP programming language, to serve PHP websites and applications. The individual components are free and open source, designed to work together, and easy to install and use. Following the steps provided, you can install the LAMP Stack on Ubuntu 22.04 LTS using apt, configure the Apache web server, create a virtual host for the domain, and integrate the MySQL web server by creating a new account to represent the web user. Additional PHP packages are required for Apache, PHP, and the database to communicate. A short PHP test script can be used to test the new installation by connecting to the database.

URL Monitoring With Nagios

By wahab

On November 18, 2015

In Linux server, Nagios

Capabilities

Nagios provides complete URL monitoring of HTTP and HTTPS servers and protocols as well as full URL transaction monitoring.

Benefits

Implementing effective URL monitoring with Nagios offers the following benefits:
* Increased server, services, and application availability
* Fast detection of network outages and protocol failures
* Monitor user experience when accessing URLs
* Web server performance monitoring
* Web transaction monitoring
* URL monitoring

URL monitoring

By using the ‘check_http’ nagios command, we can monitor a specific url rather than checking the Apache service is up or not. This method is helpful to identify if the website is hacked and url is injected with malicious codes or there is some Apache or php errors and page is throwing an error instead. The normal Apache service check will return successful results in the above case.
We can check for a specific keyword string on the webpage. If that string not present, an error will be returned.

Here is an real example

define service{
    use                            urlmonitoring-service
    host_name                      server.linuxwebhostingsupport.in
    service_description            url_check
    check_command                  check_http!-H linuxwebhostingsupport.in -t 30 -R "Cpanel and WHM" -f follow
}

The above will check for the keyword “Cpanel and WHM” on the page “linuxwebhostingsupport.in”. If the keyword is missing or the page is not responding nagios will retun and error.

URL monitoring +SSL

You can refer to below example if the web page has SSL/TLS enabled.

define service{
    use                            urlmonitoring-service
    host_name                      server.linuxwebhostingsupport.in
    service_description            url_check
    check_command                  check_http!-H linuxwebhostingsupport.in -t 30 -R "Cpanel and WHM" -f follow --ssl
}

Here we added the option “–ssl” to the check command

URL monitoring on ht password protected page

Normal method will not work as we need to validate ht password protection first to see the page. You can use the following example for such pages.

define service{
    use                            urlmonitoring-service
    host_name                      server.linuxwebhostingsupport.in
    service_description            url_check_protected
    check_command                  check_http!-H linuxwebhostingsupport.in -a user:password -t 30 -R "Cpanel and WHM" -f follow --ssl 
}

Replace the username and password appropriately.