I know this has been asked before but the last thread I saw is a few years old, so especially regarding security, I don’t think a new thread is inappropriate. If this has been answered recently I’m sorry.
I’ve been tasked with building a website, it will be hosted from a CentOS 7 Server, however I don’t know where to begin and I can’t find any good guides on how to do it securely and what software to use for this.
Good thing is it won’t take any user text input (no accounts, no search no text fields at all), bad thing is I really know nothing. I have no Problem learning a new programming language (I have some programming experience) for this or any other skills, would like to keep the cost low though.
I will certainly find a way of doing it in the, but if you guys could maybe point me to some guides or give me any general tips that would really speed up the process.
Point the domain DNS at the public IP of the server.
Open ports 80 and 443 from the server to the internet. This may need to be via firewall on the server, and possibly port forwarding if the server is behind a router.
Actually create the website itself
Setup a http server (nginx, apache, etc) to serve the website
Setup letencrypt or other SSL certificate to provide HTTPs. (Optional but really highly recommended)
You can probably get away with a static site generator then. They are much easier to set up in most cases, and often don’t require any actual programming knowledge, only configuration. Basically, with these, you just create a configuration file or two, then write each web page as markdown or something similar, run the build command, and your site has been updated.
I personally use mkdocs, because it uses markdown, so it means that the content is very portable if I want to use something else in the future. See this: https://naoh.host
I second the others. If you’re not taking any user input, a static site may work. Will the content of the page need to update frequently based on the contents of database? If so, a dynamic site might make more sense.
When it comes to security, most of it relates to websites with authentication and user input. That said, these are really useful:
SSL Server Test (Powered by Qualys SSL Labs)
Tests your SSL certificates and webserver configuration to ensure outdated cipher suites aren’t enabled, the full certificate chain is served, and much more.