Or at least somewhat more secure servers.
So many parts to this, and I care so little about any of them.
Baseline: Making sure you are not instantly p3wned
Securing Ubuntu: My first 10 minutes on a server.
A baseline important detail to use modern web services is SSL, a notoriously tedious process. This recently got easier and cheaper with Let’s Encrypt and their client software letsencruptnosudo or simp_le, or the full-stack webserver caddy, which automates the process, or the EFF certbot.
private development servers
- For Mac users with a copy of Mac OS Server*
- it is easy to setup up a local SSL site. This costs $25, but saves you a few hours, so probably worth it.
- For other Mac users
- it’s slightly complicated.
- For Windows users with IIS
- it’s medium complicated
- For Linux users
- the Mac users’ instructions will mostly work if you happen to be using Apache httpd, but if you are using one of the many other web servers, you will have to look it up. You can cheat, though
Proper Online Servers
I’m not the guy to tell you how to run real secure webservers that actually transfer significant information.
Here is how to do that using Cloudflare.
Summary: Don’t use it for actual server-side applications, because it will behave as if it’s secure while leaking information, but it’s ok for developing browser apps that don’t meaningfully communicate with the server.
Oh wait, you actually want to do the SSL thing?
Here’s a basic emergency guide to doing it with commodity webhosting: Letsencrypt thing with webfaction by Nick Doty.
You don’t want to be kind of nerd who deals with nitty gritty server securing. Use tor hidden services to not even expose your server’s existence?
Lan serving stuff
Run your own search server?