Ubuntu 12.04 as web server - home ... (noob here)

[FBM357]

Greetings!

I've been running Ubuntu (old machine) as a file server since v.9 and until recently (teaching myself PHP) and the thought of having my wife web page run from it, I recently began to explore using it as a web server.

I've installed LAMP and apparently it's working as I was able to type the address and .php file with satisfactory results. Now comes the issue... I'm lost as to what is needed to secure the server once I go live with it. I don't anticipate an extremely high volume of traffic, so I don't think hardware is an issue.

1&1 is currently hosting her website. The machine, as with all the machines in my home, access the internet via router. Her site doesn't collect any personal info (though I will be coding to do so in the future) but MySQL and a Mail Server needs to be configured as well (will cross that bridge when I get to it).

I've read many "home server" posts but many appear confusing... especially those using a different distro (by the way, should I consider using a different distro for a web server?)

I would think the basic configuration isn't secure enough and needs to be tweaked to prevent security breach.

Any help would be greatly appreciated! I haven't a problem "rebuilding the server" should that be the case. Nor do I have any issues reading/obtaining info to further help. Needless to say, I'm not looking for you to "build" it for me, but instead point me in the right direction so that I can learn from what you're providing and return with any questions.

Any questions, feel free to ask because I won't hesitate to do the same!

Thanks in advance,

V

[mizzle]

Hi. The problem you're going to face is lack of having a static IP at your home. There are multiple ways of achieving this, but that's up to you.

First, I recommend using Ubuntu 12.04 server edition with minimal install, not desktop edition.
Second, you're going to be letting wild-wild-web traffic into your trusted local network. You need to have a DMZ, which will require a firewall between your web server and your desktops. This also means that your server should have 2 eth connections, one on each separate network.

How to harden your server:
First, make sure you have a firewall up either on your server or in front of your server. Set ports 80 (and 443 for ssl) open both ways to the net. That should be all you need open to the net. Make sure you limit the number of connections to any one IP.
Second, make sure root cannot log in via ssh, and google ways to secure ssh...such as only allowing connections from the private interface.
Third, make sure only users in the wheel group can su, google can help here.
Fourth, consider setting up an IDS.
Fifth, take backups.
Sixth, install ClamAV.
Seventh, make your life easier by installing a log parser, such as log watch.

MySQL is NBD.

Is Ubuntu the right distro for you? Maybe. Depends on if it meets your needs as far as package versions go. It should get security/bug patches for the next 3 years, and commercial support (never personally used it) is available.

My personal advice as far as production websites go: Use regular web hosting until your site outgrows it.

[FBM357]

mizzle,

Thanks for you response.

Hi. The problem you're going to face is lack of having a static IP at your home. There are multiple ways of achieving this, but that's up to you.

I presume I will have to obtain thru my ISP, correct?

First, I recommend using Ubuntu 12.04 server edition with minimal install, not desktop edition.

I did not load the desktop edition (server only) .. sorry, should've stated

Second, you're going to be letting wild-wild-web traffic into your trusted local network. You need to have a DMZ, which will require a firewall between your web server and your desktops. This also means that your server should have 2 eth connections, one on each separate network.

I'm at work and can't verify what currently exists. I do know eth0 is there. DMZ?

How to harden your server:
First, make sure you have a firewall up either on your server or in front of your server. Set ports 80 (and 443 for ssl) open both ways to the net. That should be all you need open to the net. Make sure you limit the number of connections to any one IP.

I believe I've Fail2ban loaded but haven't configured yet. If that's not good enough, what do you suggest (if I may ask)?

Second, make sure root cannot log in via ssh, and google ways to secure ssh...such as only allowing connections from the private interface.
Third, make sure only users in the wheel group can su, google can help here.

Will GOOGLE, as you suggest, later this eve...

Fourth, consider setting up an IDS.

IDS? ... another Google on the horizon...

Fifth, take backups.
Sixth, install ClamAV.
Seventh, make your life easier by installing a log parser, such as log watch.

I've ClamAV and Bacula installed. log parser? .. I don't have/know

MySQL is NBD.

NBD = ?

Is Ubuntu the right distro for you? Maybe. Depends on if it meets your needs as far as package versions go. It should get security/bug patches for the next 3 years, and commercial support (never personally used it) is available.

Well, from reading several posts in the NEWBIE section, CentOS appears to be highly favored! I've mainly used Ubuntu for file server until now. Perhaps I will have a look. Seems as though it provides a more "robust" web server environment, I guess.

Thanks...

My personal advice as far as production websites go: Use regular web hosting until your site outgrows it.[/QUOTE]

[Silman]

If you do get a CentOS (6.2) web server set up please inform me. I have been tackling this issue for over a month now.... I just feel stupid.

[mizzle]

DMZ = De-Militarized Zone. It separates the potentially hostile traffic (the internet) from the safe, trusted traffic (your private network). Web servers typically sit inside the DMZ. Google will explain this much more thoroughly.

Silman: What is your issue with CentOS 6.2?