Summary
Install, configure and secure a web server on a home server.
Background
As mentioned in previous posts, the home server needs to be able to serve some web pages, both for internal use, and available from the Internet.
The web server needs to be able to serve static pages, dynamic pages (PHP), be able to act as a reverse proxy (retrieve content from one or more server, and make it look like it all came from the web server itself), and be secure. Security means traffic is encrypted with SSL, and key services require some sort of authentication. Authentication means we can validate a user has the right to access some service, and log the activities for reporting, if we need to.
It will also replace the lighttpd web server installed when we installed Pi-hole, and the Pi-hole web interface will be served by Apache after, instead of lighttpd. We could keep both web servers running, on different ports, but it is easier to migrate Pi-hole to Apache. It is also good practice in my books to keep only the required services running, and is less things to maintain.
Solution
There are a few options to select a web server for the above requirements, but to keep it simple, the main options are Apache, and NGINX in the open source space on Linux. They’re both very capable web servers. I went for Apache, simply because I had more experience with it.
The end result will be a web server that can:
- host internal web sites, both secure with HTTPS, and not secure on HTTP
- host secure external web sites over HTTPS, with valid free SSL certificates, from Letsencrypt.org.
- serve as reverse proxy to have one server able to serve pages from various hosts or services. From the one server, I can manage any service with a web interface as if it was running on the home server. For example, I can make the OctoPrint interface, used for 3D printing and setup on a different server than the home server, available on the home server, and on the Internet. It is very handy to centralize administration.