How to Build a Secure Web Server to Host Multiple Websites

✅ Requirements

– A VPS or Dedicated Server (e.g. from Hetzner, OVH, DigitalOcean)

– Ubuntu Server 22.04 LTS (recommended)

– Root access or SSH access with sudo privileges

– Domain names pointing to your server IP

🧱 Step 1: Install Ubuntu Server

1. Download Ubuntu Server LTS: https://ubuntu.com/download/server

2. Install with minimal options (no GUI)

3. Set up SSH with a key pair (disable password login)

🔐 Step 2: Secure the Server

Run the following after your first login:

sudo apt update && sudo apt upgrade -y

sudo adduser youruser

sudo usermod -aG sudo youruser

Enable the firewall:

sudo ufw allow OpenSSH

sudo ufw enable

Secure SSH:

Edit /etc/ssh/sshd_config:

PermitRootLogin no

PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

Install Fail2Ban:

sudo apt install fail2ban

🌐 Step 3: Install NGINX and Certbot

sudo apt install nginx

sudo apt install certbot python3-certbot-nginx

Enable firewall rules for HTTP/HTTPS:

sudo ufw allow ‘Nginx Full’

📁 Step 4: Create Your First Website

Example domain: example.com

1. Create a directory for the site:

sudo mkdir -p /var/www/example.com/html

sudo chown -R www-data:www-data /var/www/example.com

2. Create an NGINX configuration:

sudo nano /etc/nginx/sites-available/example.com

Paste the configuration and save.

3. Enable the site:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

4. Reload NGINX:

sudo nginx -t && sudo systemctl reload nginx

🔐 Step 5: Enable HTTPS with Let’s Encrypt

Issue a free SSL certificate:

sudo certbot –nginx -d example.com -d www.example.com

Enable auto-renew:

sudo systemctl status certbot.timer

🧠 Step 6: Optimize NGINX for Performance

Edit /etc/nginx/nginx.conf:

worker_processes auto;

events {

worker_connections 1024;

}

http {

keepalive_timeout 65;

client_max_body_size 100M;

}

Reload NGINX:

sudo systemctl reload nginx

🔁 Step 7: Repeat for More Websites

Repeat steps for each new domain:

1. Create directory: /var/www/yourdomain.com/html

2. Create and enable a site config in NGINX

3. Issue an SSL certificate with Certbot

🛡️ Step 8: Harden the Server

Enable Automatic Security Updates:

sudo apt install unattended-upgrades

sudo dpkg-reconfigure –priority=low unattended-upgrades

Monitor with Fail2Ban:

Configure jail rules in /etc/fail2ban/jail.local

Optional: Use a Web Application Firewall (Cloudflare, ModSecurity, or NAXSI)

📝 Final Checklist

| Task                             | Completed? |

|———————————-|————|

| Ubuntu Server Installed          | ✅          |

| SSH Secured & Firewall Active    | ✅          |

| NGINX Installed and Configured   | ✅          |

| Websites Deployed via Virtual Hosts | ✅      |

| HTTPS with Certbot Enabled       | ✅          |

| Auto Updates and Monitoring Set  | ✅          |

🧰 Bonus Tips

– Use Ansible or shell scripts to automate site creation

– Add PHP-FPM if using WordPress or Laravel

– Install Webmin or Cockpit for GUI management

– Use Docker + NGINX Proxy Manager for a web-based control panel

🚀 Conclusion

You’re now running a secure, scalable web server for hosting multiple websites. With NGINX, SSL, firewalls, and monitoring, this setup is production-ready.

Need help adding PHP, MySQL, Docker, or deployment automation? Reach out or comment!