This project demonstrates how to deploy, monitor, and secure a production-style Linux web server environment using AlmaLinux.
The setup includes:
- LAMP Stack Deployment
- Infrastructure Monitoring using Prometheus and Grafana
- Apache Virtual Hosting
- Linux Server Security Hardening
This project showcases practical Linux System Administration and Monitoring skills.
| Component | Tool |
|---|---|
| Operating System | AlmaLinux |
| Web Server | Apache |
| Database | MariaDB |
| Backend Language | PHP |
| Monitoring | Prometheus |
| Visualization | Grafana |
| Metrics Exporter | Node Exporter |
| Security | Firewalld, Fail2Ban, SSH Hardening, SELinux |
Installed Apache, MariaDB, and PHP to host web applications.
# Install Apache
dnf install httpd -y
# Install MariaDB
dnf install mariadb-server -y
# Install PHP
dnf install php -y
# Install PHP MySQL Native driver(for PHP-MariaDB connection)
dnf install php-mysqlnd -ysystemctl enable --now httpd
systemctl enable --now mariadbBecause Apache runs on port 80, the firewall must allow it.
firewall-cmd --permanent --add-service=http
firewall-cmd --reloadphp -v
mysql --version
systemctl status httpdCreate a simple HTML page to verify that Apache is serving web content.
echo "Welcome to my Linux Web Server Project" > /var/www/html/index.htmlYou can also create the file using vim:
vim /var/www/html/index.htmlOpen in browser:
http://SERVER-IP
Installed Prometheus, Node Exporter, and Grafana to monitor the Linux server and visualize system metrics.
- Prometheus
- Node Exporter
- Grafana
Step 1: Install wget
dnf install wget -yStep 2: Navigate to the opt directory
cd /optStep 3: Download Node Exporter from GitHub
wget https://github.com/prometheus/node_exporter/releases/download/v1.7.0/node_exporter-1.7.0.linux-amd64.tar.gzStep 4: Extract the archive
tar -xzf node_exporter-1.7.0.linux-amd64.tar.gzStep 5: Start Node Exporter
cd node_exporter-1.7.0.linux-amd64
./node_exporter &Step 1: Navigate to the opt directory
cd /optStep 2:Download Prometheus from GitHub
wget https://github.com/prometheus/prometheus/releases/download/v2.52.0/prometheus-2.52.0.linux-amd64.tar.gzStep 3:Extract the archive:
tar -xzf prometheus-2.52.0.linux-amd64.tar.gzStep 4:Start Prometheus:
cd prometheus-2.52.0.linux-amd64
./prometheus &Step 1: Install the Grafana RPM package from Grafana Labs
dnf install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-10.4.2-1.x86_64.rpmStep 2: Start and enable Grafana service
systemctl enable --now grafana-server- CPU Usage
- Memory Usage
- Disk Usage
- Network Traffic
- System Load
- System Uptime
Node Exporter exposes Linux system metrics for Prometheus.
Access Node Exporter metrics:
http://SERVER-IP:9100/metrics
Prometheus scrapes metrics from configured targets.
Access Prometheus interface:
http://SERVER-IP:9090
Verify that node_exporter is listed and showing UP.
Grafana was configured to use Prometheus as the data source.
Dashboard used:
Node Exporter Full Dashboard (ID: 1860)
Access Grafana:
http://SERVER-IP:3000
default login:
username: admin
password: admin
Configured Apache to host multiple websites on a single server using different domain names.
site1.local
site2.local
mkdir -p /var/www/site1
mkdir -p /var/www/site2/var/www/site1
/var/www/site2
<VirtualHost *:80>
ServerName site1.local
DocumentRoot /var/www/site1
</VirtualHost>
<VirtualHost *:80>
ServerName site2.local
DocumentRoot /var/www/site2
</VirtualHost>systemctl restart httpdEdit the hosts file:
vim /etc/hostsAdd
192.168.233.135 site1.local
192.168.233.135 site2.localcurl http://site1.local
curl http://site2.local
Implemented multiple security measures to improve the security of the Linux web server.
Edited the SSH configuration file to disable insecure login methods.
Edit configuration file:
vim /etc/ssh/sshd_configSecurity settings applied:
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords noRestart SSH service:
systemctl restart sshdVerify SSH service:
systemctl status sshd
Configured Firewalld to allow required services.
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reloadVerify firewall rules:
firewall-cmd --list-allScreenshot
Installed Fail2Ban to protect the server from brute-force login attacks.
Enable the EPEL repository (required for Fail2Ban):
dnf install epel-release -yInstall Fail2Ban:
dnf install fail2ban -yStart and enable service:
systemctl enable --now fail2banCheck Fail2Ban status:
fail2ban-client statusScreenshot
Checked SELinux status to ensure security policies are enforced.
getenforce
sestatusExpected output:
EnforcingScreenshot
- Linux System Administration
- Web Server Deployment
- Infrastructure Monitoring
- Linux Security Hardening
- Networking & Firewall Configuration
- Troubleshooting & Diagnostics
- Linux (AlmaLinux)
- Apache HTTP Server
- MariaDB
- PHP
- Prometheus
- Grafana
- Node Exporter
- Firewalld
- Fail2Ban
- SELinux
This project demonstrates how to deploy, monitor, and secure a Linux-based web server environment using industry-standard tools. It highlights core skills required for Linux System Administration and DevOps roles, including web server deployment, monitoring, security hardening, and infrastructure management.