Setting up HTTPS Protocol

  • You can complete the following step even while you are waiting for the domain name servers to learn about your new domain name.
    • Use your web browser to access the administration page of your Lightsail server instance.
    • Go to Networking tab.
    • Click on the link Add rule.
    • Choose HTTPS and follow the link Create that is nearby.
  • Open the terminal program on your computer. If the terminal is still running the ssh session and having a connection to the website using the static IP address, then you should terminate this session by typing exit. Then type the command
    ssh mprogrammer@yourdomain.com
    Replace the name yourdomain.com with the domain name that you purchased.
  • Type
    sudo apt update
    sudo apt install g++
    sudo apt install apache2
  • Configure and enable the firewall
    sudo ufw allow OpenSSH
    sudo ufw enable
    
    You can try to access the website by browser. Type yourdomain.com in the URL field of the browser. Hopefully it will not work - and this is the sign that the firewall is working. We will need to open the firewall a little bit to allow web traffic. Type the following command in the terminal
    sudo ufw allow 'Apache Full'
  • Direct your browser to yourdomain.com. You should see the first page with title Apache2 Ubuntu Default Page.

  • Make sure you are in the terminal and connected to your server using ssh. Execute
    sudo apt install certbot python3-certbot-apache
  • Execute
    sudo certbot --apache
  • Enter your username, then agree to the Terms of Service, decide whether you want to subscribe to the Electronic Frontier Foundation email list, and then you will be asked to list your domains. You will enter the two domains yourdomain.com and www.yourdomain.com and separate them with a space character. Press enter and wait for verification.
  • If you are told that the program was unable to find a vhost and that you have to choose one, then your choice should be the virtual host whose listing has the word HTTPS. Very likely this will be the choice 2.
  • You will be asked whether you want all insecure traffic to be redirected to the secure HTTPS protocol. Select 2 and press enter.
  • Open your browser and in the URL field type the name of your domain. This time the browser will give some indication that the connection is secure. In the case of Firefox this would be an icon with a picture of a lock.

Hide server information on 404 message

When a user tries to access a non-existing page, the server will send 404 message. The default message contains too much information for non-friendly users and hackers. For example, they tell the user what version of apache is installed. We will now change the default message to omit that kind of data.

  • Go to the home folder of your website.
    cd /var/www/html
  • Create a custom file, for example myCustomError404.html.
    nano myCustomError404.html
  • Type the following (or similar) text in the editor:
    
    <HTML>
    <HEAD>
    <meta HTTP-EQUIV="REFRESH" content="0; url=https://yourdomain.com">
    </HEAD><BODY>
    
    <FONT SIZE=+2> Page Not Found </FONT> 
     <BR> The requested page not found. 
    You will be redirected to the homepage  
    <a href="https://yourdomain.com">https://yourdomain.com</a>
    </BODY>
    </HTML>
    
  • Exit nano and save the changes (ctrl+x followed by yes).
  • Edit the appropriate configuration file in the folder /etc/apache2/sites-available/. You may first list all files in the folder and identify the correct one. Most likely it is sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf.
    sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf
    
  • Locate the line that starts with ServerName. The text around that line looks something like:
    ServerName yourdomain.com 
    Include /etc/letsencrypt/options-ssl-apache.conf
    
  • Insert the line ErrorDocument 404 /myCustomError404.html immediately after the line that starts with ServerName. The new text should look like this:
    ServerName yourdomain.com
    ErrorDocument 404 /myCustomError404.html
    Include /etc/letsencrypt/options-ssl-apache.conf
    
  • Restart the apache server
    sudo service apache2 restart