How do I properly set up and secure a production LAMP Server?

Question

I have performed a normal Ubuntu Server 11.04 with LAMP, SAMBA and SSH installed through the system installation. But I'm having some trouble setting up virtual hosts and to make the system secure enough to expose the server to the web.

I've somewhat followed this tutorial so far.

I have 3 sites in /etc/apache2/sites-available which all look like this except for different site names:

<VirtualHost example.com>
   ServerAdmin webmaster@localhost
   ServerAlias www.edunder.se
   DocumentRoot /var/www/sites/example
   CustomLog /var/log/apache2/www.example.com-access.log combined
</VirtualHost>

And I have enabled them with the command a2ensite so I have symbolic links in /etc/apache2/sites-enabled.

My /etc/hosts file has these lines:

127.0.0.1 localhost
127.0.1.1 Ubuntu.lan Ubuntu
127.0.0.1 localhost.localdomain localhost example.com www.example.com
127.0.0.1 localhost.localdomain localhost example2.com www.example2.com
127.0.0.1 localhost.localdomain localhost example3.com www.example3.com

And I can only access one of them from the browser (I have lynx installed on the server for testing purposes) so I guess I haven't set them up properly :)

How should I proceed to get a secure and proper setup? I also use MySQL and I think that How do I set up an Ubuntu server to be (securely) available from the internet? be enough to set up SSH securely. Please help me understanding Apache configuration better since I'm new to setting up my own server (I've only run XAMPP earlier) and please advise regarding how I should set up a firewall as well :D

A correct answer to this can fill books. I would suggest to split your question into some regarding configuration of virtual hosts and security. A good answer to security-related questions relates to a good knowledge of your attackers, of your users and some other. — qbi, Sep 06 '11 at 20:45

score 1 · Answer 1 · answered Dec 10 '11 at 00:30

You need to tell Apache that it should use name-based virtual hosting instead of IP based. So append the following to your /etc/apache2/apache2.conf to define:

NameVirtualHost ip.address:port

And each virtual host should define a port:

<VirtualHost example.com:80>

score 0 · Answer 2 · answered Sep 07 '11 at 16:17

0

I think you'll need to add your public IPs as well if you want other computers to be able to connect. Right now, only your loopbacks are mentioned in /etc/hosts. They should also include other IPs.

answered Sep 07 '11 at 16:17

Jo-Erlend Schinstad

29,531

Are you sure? Wouldn't it be enough if I just get my Domain Name Server to point to my IP and then let the router point the traffic to the server? I have DHCP so I'm using DynDNS's service to forward the traffic to my IP. – Niklas Sep 08 '11 at 06:54

How do I properly set up and secure a production LAMP Server?

2 Answers2