Apache Web Server

slide 1 slide 2 slide 3 slide 4 slide 5 slide 6 slide 7

Overview

In this project I deployed a secure Apache web server inside a Docker container on an Ubuntu server. This project was conducted to enhance my knowledge in configuring and securing a server but I also had the opportunity to develop my skills in web development.(HTML,CSS,JS) The container was configured using a bridged network, allowing the web server to have its own unique IP address on the network.

The setup began with the installation of the Apache HTTP server within the Docker container. Once running, I accessed the config files necessary to set up the server to my liking. This included directing the server to Listen on port 443 HTTPS traffic, defining ServerRoot, DocumentRoot, and setting both ServerAdmin and ServerName to resolve hostname warnings. I also enabled several required modules for ssl, http headers, and socache shmcb. To enable secure communications I generated a self-signed SSL certificate for testing purposes.

On the networking side, I configured my pfSense firewall to permit both inbound and outbound traffic for the container. Initially, misconfigured rules blocked all outgoing traffic, including essential update services like apt. This was corrected by allowing full outbound access and defining inbound rules to permit HTTP and HTTPS access from the local network and external clients.

To finalize the server hardening, I disabled insecure SSL protocols (SSLv2, SSLv3, TLSv1, TLSv1.1) and enforced stronger ciphers. I also added important HTTP security headers such as X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, and Referrer-Policy to mitigate various web-based attacks.

The website itself was developed using HTML, CSS, and JavaScript in Visual Studio Code. Once complete, I used docker cp to transfer the files from the local development environment into the running Docker container. Throughout the development process, I referenced various online sources including technical documentation, YouTube tutorials, and AI tools to troubleshoot and enhance functionality.

This project not only helped me deepen my understanding of Docker, Apache, and networking but also allowed me to apply real-world best practices for web server security and deployment.

Copied to clipboard!