{"id":25528892,"url":"https://github.com/aaronamran/aws-secure-apache-web-server","last_synced_at":"2026-01-13T16:30:16.983Z","repository":{"id":276337260,"uuid":"928955812","full_name":"aaronamran/AWS-Secure-Apache-Web-Server","owner":"aaronamran","description":"Practical project of setting up a Linux Web Server in AWS cloud by deploying Apache on an Ubuntu EC2 Instance, configuring DNS and installing a free SSL certificate","archived":false,"fork":false,"pushed_at":"2025-02-11T15:11:03.000Z","size":34,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-11T16:24:51.128Z","etag":null,"topics":["aws-ec2","ubuntu"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aaronamran.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-07T14:48:04.000Z","updated_at":"2025-02-11T15:11:07.000Z","dependencies_parsed_at":"2025-02-11T20:47:00.325Z","dependency_job_id":null,"html_url":"https://github.com/aaronamran/AWS-Secure-Apache-Web-Server","commit_stats":null,"previous_names":["aaronamran/secure-apache-web-server-on-aws","aaronamran/aws-secure-apache-web-server"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaronamran%2FAWS-Secure-Apache-Web-Server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaronamran%2FAWS-Secure-Apache-Web-Server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaronamran%2FAWS-Secure-Apache-Web-Server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaronamran%2FAWS-Secure-Apache-Web-Server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aaronamran","download_url":"https://codeload.github.com/aaronamran/AWS-Secure-Apache-Web-Server/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239752432,"owners_count":19691024,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-ec2","ubuntu"],"created_at":"2025-02-19T23:29:26.671Z","updated_at":"2026-01-13T16:30:16.931Z","avatar_url":"https://github.com/aaronamran.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secure Apache Web Server on AWS Free Tier\nThis is a writeup of a practical project that involves the following main concepts in order:\n1. [AWS Account Setup and Launching an Ubuntu EC2 Instance](https://github.com/aaronamran/Secure-Apache-Web-Server-on-AWS/blob/main/README.md#aws-account-setup-and-launching-an-ubuntu-ec2-instance)\n2. [Installing and Configuring Apache](https://github.com/aaronamran/Secure-Apache-Web-Server-on-AWS/blob/main/README.md#installing-and-configuring-apache)\n3. [DNS Configuration with Cloudflare (or a Free DNS Provider)](https://github.com/aaronamran/Secure-Apache-Web-Server-on-AWS/blob/main/README.md#dns-configuration-with-cloudflare-or-a-free-dns-provider)\n4. [SSL Setup with Certbot and Let’s Encrypt](https://github.com/aaronamran/Secure-Apache-Web-Server-on-AWS/blob/main/README.md#ssl-setup-with-certbot-and-lets-encrypt)\n5. [Additional Security Best Practices](https://github.com/aaronamran/Secure-Apache-Web-Server-on-AWS/blob/main/README.md#additional-security-best-practices)\n\nReferences: [Tutorial: Install a LAMP server on AL2](https://docs.aws.amazon.com/linux/al2/ug/ec2-lamp-amazon-linux-2.html)\n\n\n\n## AWS Account Setup and Launching an Ubuntu EC2 Instance\n- In AWS, create a free tier account and complete the identity verification and billing information\n- To launch an Ubuntu EC2 Instance, login to the AWS Management Console \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/c7047eb5-d785-4784-a2b6-4b8a788d1219)\n\n- Go to the EC2 Dashboard and click Launch Instance \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/d77593d3-3dba-467e-b7dc-c3518e3dd774)\n\n- Choose an Amazon Machine Image (AMI) and select Ubuntu LTS image (Ubuntu Server 20.04 LTS) \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/2d286e83-4656-411e-aeef-e48a5bf43f7c)\n\n- Choose an Instance Type. Pick the t2.micro as it is eligible under Free Tier \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/3a568b77-4db3-45c9-8f70-a5d8bdffd890)\n\n  \n- Create a Key Pair for login usage by clicking `Create new key pair`. Choose a name such as `my-ec2-key`. Keep it secure as it will be used for SSH \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/082e34dc-c725-484b-b70d-e64ebf896961) \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/9b1eb762-b88f-4412-b7cd-888994ac0f93)\n\n- Configure the Security Group in Network settings. Create or select a security group that allows\n  - SSH (port 22) – for remote management\n  - HTTP (port 80) – for web traffic\n  - HTTPS (port 443) – for secure traffic \u003cbr\u003e\n![image](https://github.com/user-attachments/assets/90e90a2f-6cef-4cdc-a5e6-889eb0a1bbb0)\n\n- For storage configuration, usually the default settings are sufficient \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/1f129163-de0e-40f4-92db-90f24b9c2b84)\n    \n- To connect to the newly created instance, open a terminal on the local machine. In this case, we will be using WSL (Ubuntu 20.04.6 LTS) on Windows 11\n- In WSL, the C drive in Windows can be found in `/mnt`. To check, enter the following\n  ```\n  ls -l /mnt\n  ``` \n  ![image](https://github.com/user-attachments/assets/f13d23fa-ec7b-4608-a272-6f9512643f9b)\n\n- Since the key (`my-ec2-key.pem`) is in the Downloads folder in Windows, we need to navigate to the Windows Downloads folder to find the key.\n  ```\n  cd /mnt/c/Users/\u003cWindows_username\u003e/Downloads\n  ```\n  ![image](https://github.com/user-attachments/assets/1972c1ad-5d67-4723-9bed-5a5a7334f31f)\n\n- Now that the key has been located, copy it to the WSL home directory:\n  ```\n  cp my-ec2-key.pem ~/my-ec2-key.pem\n  ```\n  Then return to WSL home directory and confirm the key is there \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/8bf1635a-4fae-4936-9325-c460050957f2)\n\n- Set permissions for your key (if needed):\n  ```\n  chmod 400 ~/my-ec2-key.pem\n  ```\n- Connect via SSH:\n  ```\n  ssh -i \"my-ec2-key.pem\" ec2-user@ec2-13-229-127-129.ap-southeast-1.compute.amazonaws.com\n  ```\n- The local machine should now be connected to the Ubuntu instance \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/9b232694-28df-4de8-8f56-4122b47774ea)\n\n\n## Installing and Configuring Apache\n- Before updating the system, identify which Linux Distribution is in use. Run the command\n  ```\n  cat /etc/os-release\n  ```\n  ![image](https://github.com/user-attachments/assets/8134b92d-0bfb-43af-b0c8-0f7dacfecc77) \u003cbr\u003e\n  Since Amazon Linux is in use, use `yum` instead of `apt` which is commonly used on Ubuntu or Debian distributions\n  \n- Update the system:\n  ```\n  sudo yum update \u0026\u0026 sudo yum upgrade -y\n  ```\n  ![image](https://github.com/user-attachments/assets/79e99c39-5f41-4e6d-9997-cead919cb207)\n\n- Install Apache:\n  ```\n  sudo yum install httpd -y\n  ```\n  ![image](https://github.com/user-attachments/assets/8c429d74-f728-4d27-8a2a-5cbe13e9ac78)\n\n- Verify Apache is running using each of the commands below, or simply visit `http://\u003cEC2_PUBLIC_IP_ADDRESS\u003e/` in your browser to see the default Apache page):\n  ```\n  sudo systemctl status httpd\n  sudo systemctl enable httpd\n  sudo systemctl start httpd\n  sudo systemctl status httpd\n  ```\n  ![image](https://github.com/user-attachments/assets/76e07dae-5855-4e80-9fb3-ea6b3c6e8754)\n  \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/a6423e80-19d6-46be-8bc4-1f8061376743)\n  \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/8e518aa6-91e3-4f37-ab06-3e77e5d5e810)\n\n\n\n- Note that in Amazon Linux, UFW firewall does not exist. It does not matter since Firewall rules were already configured earlier in Network settings' Security Group\n  ```\n  sudo ufw allow 'Apache Full'\n  ```\n  ![image](https://github.com/user-attachments/assets/d8073dea-047e-4f74-a18d-f2bcc4dda284)\n  \n\n- Now let's prepare the website in the EC2 instance. First, navigate to the `/var/www/html` folder\n  ```\n  cd /var/www/html\n  ```\n- Check if git is installed in the EC2 instance. If it is not installed, run the following command:\n  ```\n  sudo yum install git -y\n  ```\n  Then confirm it is installed by running\n  ```\n  git --version\n  ```\n- Now let's clone a [sample PHP web app repository](https://github.com/aaronamran/sample-php-crud) into the current directory\n  ```\n  sudo git clone https://github.com/aaronamran/sample-php-crud.git .\n  ```\n  ![image](https://github.com/user-attachments/assets/d180bd17-f78c-4324-966b-9fdd9ced3d71)\n\n- Install MariaDB server for the website. Run the following command and look for `mariadb105-server`\n  ```\n  sudo yum search mariadb\n  sudo yum install mariadb105-server\n  ```\n  ![image](https://github.com/user-attachments/assets/d97ba470-9ae5-42d0-a9cd-9cc9288770a2)\n  \n- Run each of the following commands after the installation is complete:\n  ```\n  sudo systemctl start mariadb\n  sudo systemctl enable mariadb\n  sudo systemctl status mariadb\n  ```\n  ![image](https://github.com/user-attachments/assets/b4df02f1-3c80-4895-a1e2-b70666af9d5b)\n\n\n## DNS Configuration with Cloudflare (or a Free DNS Provider)\n- For the sake of simplicity and free resource, No-IP will be used for a free hostname instead of Cloudflare. After signing up for a free account in No-IP, create a suitable hostname such as `todolist.zapto.org`. The public IP address of the hostname is the public IP address of the EC2 instance \u003cbr\u003e\n  ![image](https://github.com/user-attachments/assets/143dce9a-8cf6-4754-9554-0369b7a3d523)\n\n- To verify if Apache (httpd) is listening on port 80 on the EC2 instance, run\n  ```\n  sudo netstat -tulnp | grep :80\n  ```\n  ![image](https://github.com/user-attachments/assets/9b47344c-f6e0-40cc-bb8e-502b1f76afaf)\n\n- Check the VirtualHost configuration\n  ```\n  sudo httpd -S\n  ```\n  ![image](https://github.com/user-attachments/assets/a40a4fca-951b-493b-9b68-8ad52c62e22b) \u003cbr\u003e\n  In the screenshot above, Apache is not configured to serve a VirtualHost on port 80, which is required for Let's Encrypt to verify the domain ownership. To fix this, create a VirtualHost configuration for HTTP (Port 80)\n  ```\n  sudo nano /etc/httpd/conf.d/todolist.conf\n  ```\n  Add the following configuration:\n  ```\n  \u003cVirtualHost *:80\u003e\n    ServerName todolist.zapto.org\n    DocumentRoot /var/www/html\n    \n    \u003cDirectory \"/var/www/html\"\u003e\n        AllowOverride All\n        Require all granted\n    \u003c/Directory\u003e\n\n    ErrorLog /var/log/httpd/todolist-error.log\n    CustomLog /var/log/httpd/todolist-access.log combined\n  \u003c/VirtualHost\u003e\n  ```\n  Then restart Apache to apply changes\n  ```\n  sudo systemctl restart httpd\n  ```\n- Verify again that the VirtualHost is added\n  ```\n  sudo httpd -S\n  ```\n  ![image](https://github.com/user-attachments/assets/f933e279-3497-4a4d-bdbd-10d40efbfafb)\n\n\n\n## SSL Setup with Certbot and Let’s Encrypt\n- Install Certbot and the Apache Plugin:\n  ```\n  sudo yum install certbot python3-certbot-apache -y\n  ```\n  ![image](https://github.com/user-attachments/assets/49ba9947-fc35-405d-b6fa-a4abe73c4fb3)\n\n\n- Run Certbot for Apache:\n  ```\n  sudo certbot --apache -d todolist.zapto.org\n  ```\n  Follow the interactive prompts:\n  - Provide your email address\n  - Agree to the Terms of Service\n  - Certbot will ask if you want to redirect HTTP to HTTPS—choose Yes to enforce HTTPS\n- The command could be ran as the following\n  ```\n  sudo certbot --apache\n  ```\n  ![image](https://github.com/user-attachments/assets/2ab0daae-727e-465b-b96b-b8d27eb8c765)\n\n- Certbot sets up automatic renewal. You can test the renewal process with:\n  ```\n  sudo certbot renew --dry-run\n  ```\n- Visit `https://todolist.zapto.org/` in the browser to confirm the SSL certificate is active and that the site redirects from HTTP to HTTPS\n  ![image](https://github.com/user-attachments/assets/a0979092-f534-4eae-9b82-67e24d28f0b3)\n\n\n\n## Additional Security Best Practices\n- Keep the system updated:\n  ```\n  sudo yum update \u0026\u0026 sudo yum upgrade -y\n  ```\n- Regularly check `/var/log/apache2/` for any unusual activity\n- To harden Apache, disable directory listings by ensuring Options -Indexes is set in your Apache configuration. Consider installing security modules like mod_security for added protection\n- Change the default SSH port, and use key-based authentication and disable password login\n- Ensure the SSL certificates are renewed by checking Certbot logs or setting up email notifications\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faaronamran%2Faws-secure-apache-web-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faaronamran%2Faws-secure-apache-web-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faaronamran%2Faws-secure-apache-web-server/lists"}