How to setup a webserver

Step 1. Spin up a new server in DigitalOcean

A droplet needs to be created. To create a droplet running CentOS, you must first generate an ssh public/private rsa key pair using the program ssh-keygen. After generating the pair, add the public key to the droplet. Proceed with creating the droplet. Allowing DigitalOcean to create backups is recommended because if any mistakes are made while updating CentOS in the future or if you somehow lock yourself out of your server, you will be able to recover a backup and start anew. Once the server is up and running, you can run the following command to access the server:

Step 2. Create a new user

Run

to create a new user called “username” or whatever you like. Set a password for the user by running Add the user to the wheel group which will allow them to use the sudo command. After setting up a firewall, which should be done as soon as possible after starting up the server, you can test logging into the server via ssh using the user credentials.

Step 3. Setup a firewall

Setup a basic firewall by running

Activate the firewall using The ssh connection will not be dropped since the firewall does not block the ssh service as you can see when you run To allow traffic to access the eminent website, make sure to not block http traffic by running Don’t forget to reload the firewall rules by running

Step 4. Logging into the server with a non-root user

Since the root user already has the public rsa key that was generated before the server was up and running, the non-root user can use the same public key. To do that, copy the public key from the root filesystem to the non-root user’s filesystem by running

Then verify you can sign in to the server as the non-root user. To further harden the server, remove the ability to ssh into the server as the root user.

Step 5. Install HTTP server

Install the Apache HTTP server.

All HTTPS traffic through the firewall. The default apache http server index page should now be publicly available (via HTTP and not HTTPS). Just type in the ip address of your server, which can be retrieved by running hostname -I in your browser and you should see the index page.

Step 6. Some HTTP Server Hardening

For a security reasons, I like to manually restart the http server when the server is restarted because if it ever goes down, it will become obvious to me by simply visiting the website. Also, if the HTTP server is down, there isn't much else to attack. Run the following to enable this feature

Modify the following file to prevent the default Apache HTTP server splash page from being available to the public.

Step 7. Upload a website

Get a simple website from http://www.oswd.org or wherever else and paste the website’s content in the /var/www/html/ directory. And that’s all that’s really needed to get a website live. There are still some things we can do to perfect it and make the website more accessible.

Step 8. Assigning Domain Name

If you are using Namecheap, follow the instructions below. If you are using another DNS provider, please refer to resource 4 below.

1. Create domain name using a DNS provider.
2. Give the DigitalOcean nameservers to the DNS provider.

Reference Material

1. Initial Server Setup with CentOS 8
   https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-8
2. How to Install the Apache Web Server on CentOS 8
   https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-centos-8
3. W3C HTML validator
   https://validator.w3.org/nu/
4. How To Point to DigitalOcean Nameservers From Common Domain Registrars
   https://www.digitalocean.com/community/tutorials/how-to-point-to-digitalocean-nameservers-from-common-domain-registrars