Let’s Encrypt Setup for Apache
Assuming all commands are run as root:
apt update && apt upgrade -y
apt install -y apache2 nano curl
apt install -y php
apt install -y --allow-unauthenticated php-pear php-curl php-dev php-xml php-gd php-mbstring php-zip php-mysql php-xmlrpc libapache2-mod-php
Install and secure MySQL
apt-get install -y mysql-server
MySQL Root Password
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '';
MySQL Secure Installation
mysql_secure_installation
Create regular user
CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON portal.* TO 'user'@'localhost';
Install phpMyAdmin
Disable password validation component in SQL:
UNINSTALL COMPONENT "file://component_validate_password";
Install phpmyadmin
apt-get install -y phpmyadmin
Create the first virtual host file:
nano /etc/apache2/sites-available/example.com.conf
Add or modify the following directives:
<VirtualHost *:80>
ServerName your_domain
ServerAdmin webmaster@localhost
DocumentRoot /var/www/your_domain
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable site:
a2ensite example.com.conf
Disable default site:
a2dissite 000-default.conf
Restart Apache:
systemctl restart apache2
Disable access to .env files
Locate the following code in /etc/apache2/apache2.conf:
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
Add the following code below it:
<Files .env>
Order allow,deny
Deny from all
</Files>
Apache Security
nano /etc/apache2/apache2.conf
Go to:
<Directory /var/www/>
Change:
Options Indexes FollowSymLinks
To:
Options -Indexes +FollowSymLinks
Add the following at the end:
TraceEnable off
ServerTokens Prod
ServerSignature Off
Install Certbot
apt install certbot python3-certbot-apache
certbot --apache
Run certbot interactive wizard:
certbot --apache
Obtain certificates in non-interactive way:
certbot --apache --agree-tos -m <email address> --no-eff-email --redirect -d <domain>