Servers&Hosting

How to Set Up a Secure Linux Web Server (Step-by-Step Guide)

in

,

Setting up a Linux web server is a must for developers, businesses, and hobbyists who want performance, control, and security. In this guide, you’ll learn how to configure a secure, production-ready web server from scratch using a modern Linux distribution.

Step 1: Choose the Right Linux Distribution

Before anything else, pick a solid Linux distro. Here are some battle-tested options:

  • Ubuntu Server (LTS) – Easy to use, great documentation.
  • Debian – Stable, minimal, and widely supported.
  • AlmaLinux / Rocky Linux (CentOS alternatives) – Enterprise-grade stability.

Pro Tip: Choose LTS (Long-Term Support) versions to ensure consistent security updates.

Step 2: Secure Initial Access

  1. Log into your server via SSH:
    ssh root@your-server-ip
  2. Create a new non-root user:
    adduser yourusername
    usermod -aG sudo yourusername
  3. Disable root login via SSH:
    Edit /etc/ssh/sshd_config:
    PermitRootLogin no
    Then restart SSH: systemctl restart sshd

Step 3: Harden SSH Access

  • Use SSH key authentication instead of passwords:
    ssh-keygen ssh-copy-id yourusername@your-server-ip
  • (Optional) Change the default SSH port (for obscurity):
    nano /etc/ssh/sshd_config
  • Change the line:
    Port 2222
  • Then restart SSH:
    systemctl restart sshd

Step 4: Set Up a Firewall

For Ubuntu/Debian:

ufw allow OpenSSH
ufw allow 'Nginx Full'    # or 'Apache Full'
ufw enable

For CentOS/RHEL:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Step 5: Install a Web Server

Option 1: Nginx

sudo apt install nginx           # Ubuntu/Debian
sudo yum install nginx           # CentOS/RHEL
systemctl enable nginx
systemctl start nginx

Option 2: Apache

sudo apt install apache2         # Ubuntu/Debian
sudo yum install httpd           # CentOS/RHEL
systemctl enable apache2         # or httpd
systemctl start apache2

Step 6: Secure with HTTPS (Let’s Encrypt)

Install Certbot:

sudo apt install certbot python3-certbot-nginx    #Nginx

sudo apt install certbot python3-certbot-apache   #Apache

Obtain SSL Certificate:

sudo certbot --nginx -d yourdomain.com

#or
sudo certbot --apache -d yourdomain.com

Enable auto-renewal:

sudo systemctl enable certbot.timer

Step 7: Harden the Server

Install Fail2Ban:

sudo apt install fail2ban

Enable Unattended Security Updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

Disable unused services:

systemctl disable service-name

Step 8: Deploy Your Website or App

  • Upload files to /var/www/html/ or your virtual host directory.
  • Set proper permissions:
    chown -R www-data:www-data /var/www/html/ chmod -R 755 /var/www/html/

Step 9: Monitor & Maintain

Keep your server running smoothly and securely:

  • Monitor system usage:
    top, htop, uptime, netstat, df -h
  • Review logs:
    /var/log/auth.log /var/log/nginx/access.log
  • Schedule regular updates:
    sudo apt update && sudo apt upgrade -y

Final Security Checklist

  • Root login disabled
  • SSH key authentication in place
  • Firewall configured
  • Web server installed and tested
  • HTTPS enabled with auto-renewal
  • Fail2Ban configured
  • Regular updates scheduled

Conclusion

Setting up a secure Linux web server doesn’t have to be overwhelming. By following these steps, you’ll have a hardened, reliable environment ready to serve your site or app to the world — safely.

Sponsored

Check out vertahost.com from hosting accounts, to large server setups, we offer it all. Just contact our team with your needs, 24/7!

More posts