How to Set Up a Secure and Reliable Web Server on Ubuntu

min read · May 09, 2025

Introduction

A secure and reliable web server is fundamental to running websites or applications that are accessible on the internet. Whether you're hosting a personal blog or a large enterprise application, configuring your web server properly is critical to ensure that it remains fast, available, and secure. In this article, we'll walk you through the steps of setting up a web server on Ubuntu, configuring essential security measures, and ensuring high reliability for production environments.

Installing the Web Server Software

Ubuntu supports a variety of web server software, but the most commonly used are Apache and Nginx. Both have their strengths, and you can choose based on your needs. Apache is highly customizable and compatible with a wide range of features, while Nginx is known for its high performance and lower resource usage.

Installing Apache:

sudo apt update
sudo apt install apache2

Installing Nginx:

sudo apt update
sudo apt install nginx

After installation, you can check if the web server is running by accessing your server's IP address in a browser. You should see the default Apache or Nginx landing page.

Configuring Firewall for Web Server Access

By default, the Ubuntu firewall (UFW) blocks incoming traffic. You'll need to configure UFW to allow web traffic.

Allow Apache through UFW:

sudo ufw allow in "Apache Full"

Allow Nginx through UFW:

sudo ufw allow 'Nginx Full'

You can also check the status of UFW to ensure your rules are set correctly:

sudo ufw status

Installing SSL Certificates for HTTPS

To ensure that your web server communicates securely with users, it is essential to set up SSL/TLS. You can use Let's Encrypt to obtain a free SSL certificate.

Install Certbot for Let's Encrypt:

sudo apt install certbot python3-certbot-apache  # For Apache
sudo apt install certbot python3-certbot-nginx   # For Nginx

Obtain an SSL certificate:

sudo certbot --apache  # For Apache
sudo certbot --nginx   # For Nginx

Follow the prompts to complete the SSL certificate installation. Certbot will automatically configure your web server to use HTTPS.

To ensure that your certificate is renewed automatically, Certbot sets up a cron job. You can verify this by running:

sudo systemctl list-timers

Setting Up Secure SSH for Server Management

Accessing your server via SSH is a common method for managing your web server. To enhance security, it’s important to disable password-based authentication and use SSH keys instead.

Generate an SSH key pair on your local machine:

ssh-keygen -t rsa -b 4096

Copy your public key to the server:

ssh-copy-id user@your_server_ip

Disable password authentication: Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Change the following settings:

PasswordAuthentication no
PermitRootLogin no

Restart SSH to apply changes:

sudo systemctl restart ssh

Setting Up Automatic Updates for Security Patches

Security vulnerabilities can arise from outdated software. To ensure that your server is always protected, you should enable automatic updates for critical patches.

Install the unattended-upgrades package:

sudo apt install unattended-upgrades

Enable automatic updates:

sudo dpkg-reconfigure --priority=low unattended-upgrades

This will ensure that security updates are applied automatically without manual intervention.

Configuring Server Performance and Caching

A reliable web server should be optimized for performance to handle increasing traffic without causing delays. Here are some essential steps to improve your server’s performance:

Enable Gzip Compression: Gzip compression reduces the size of web pages and speeds up loading times.

For Apache:

sudo a2enmod deflate
sudo systemctl restart apache2

For Nginx, add this to your server block:

gzip on;
gzip_types text/plain application/xml text/css application/javascript;

Install and Configure Caching: Caching reduces the load on your server by storing static files like images, CSS, and JavaScript.

For Apache, enable mod_cache and mod_file_cache:

sudo a2enmod cache
sudo a2enmod file_cache
sudo systemctl restart apache2

For Nginx, use fastcgi_cache to cache dynamic content.

Monitoring Your Web Server’s Health and Performance

To ensure that your web server is running smoothly, it's essential to monitor server health and traffic. Use monitoring tools like UptimeRobot, Nagios, or Prometheus to track uptime and performance.

For basic performance tracking on Ubuntu, you can use built-in tools like htop, netstat, and systemctl to monitor resource usage and check server status.

To monitor Apache or Nginx logs:

sudo tail -f /var/log/apache2/access.log    # For Apache
sudo tail -f /var/log/nginx/access.log      # For Ngin

Backup and Recovery Strategy

A reliable backup system is essential in case of server failure. You can use tools like rsync, tar, or Duplicity to back up your web server data.

Example of a simple backup command:

rsync -av --exclude '/var/www/html/cache' /var/www/ user@backup_server:/backup_location/

Schedule your backups using cron jobs to run regularly.

Conclusion

Setting up a secure and reliable web server on Ubuntu requires several steps, from installing the web server software to ensuring that it’s secure and performing well. By following these steps—installing SSL certificates, hardening SSH, enabling automatic security updates, optimizing performance, and implementing a backup strategy—you can create a web server environment that not only delivers high performance but also protects against security threats. With the right configuration and monitoring, your Ubuntu server can provide a reliable, secure platform for hosting your websites and applications.

10 Reasons Why VPS Hosting Might Be Right for You

Explore the top 10 benefits of VPS hosting, including improved performance, security, and scalability, to see if it's the right choice for your website.