The next step in building out this network is to add a web server. The web server will sit within the DMZ (Demilitarized Zone) or screened subnet of the network, but more on that later. For now, I just want to get it up and running.
For the web server I’m going to use a lightweight headless version of Debian Linux. Headless just means that there is no GUI (Graphical User Interface) or Desktop Environment. Everything will be done through the command line. This makes the web server much less resource intensive and will improve its performance.
The Debian image I’ve chosen requires an internet connection when installing. It’s a small image and will only download and install what I need for this server. Head over to the Debian website and download the ‘netinst’ image:
Download the version that is compatible with your setup. In my case, I’ll be using the amd64 version.
Once downloaded, open VirtualBox and add a new machine (Machine > New). Select the image you just downloaded, choose a name (I chose HTTP because this is a web server), and click skip unattended mode:
I’m going to assign this Virtual Machine (VM) 1GB of RAM and a single CPU:
This machine is going to be serving a simple website for this network, so it won’t need a huge amount of storage. I’ll give it a maximum of 10GB:
Start the VM to begin the installation process:
I chose the ‘Install’ option here, but you can choose either the Graphical Install or Install option. I just prefer the non-graphical installation. Next, select your language:
Then select your country:
Next, give the machine its hostname:
I chose http because this is a web server. Next, input your domain name:
As with the pfSense firewall, I’ll use officenet.lan. This means that this web server will be available at http.officenet.lan and the firewall at pfsense.officenet.lan. Now, setup the root password for this machine. Make sure to choose a very strong password as this machine will be internet facing:
Enter the password again:
Next, create a user for this machine. This will be a standard user account without root access that can be used for day-to-day activities. I chose a generic user1:
Choose a password for this user:
Confirm the password:
Next, choose your timezone:
Then set up the hard disk:
Select ‘Guided – use entire disk’ and select the virtual disk:
Remember that this is a virtual hard disk, so your actual hard disk will not be erased. Next, set up the partitioning:
Select ‘All files in one partition’ and press enter.
Select ‘Finish partitioning and write changes to disk’.
Select yes and wait while the base system is installed:
It will prompt you for any extra installation media, which is not needed here, so select no:
Choose the closest Debian mirror to your location for your package manager. This is the server your package manager will use to download software to install so it makes sense to select the closest one to get the fastest response and download times. I chose Vietnam since I live there currently.
I chose deb.debian.org:
Next, it will ask you if you’re using a proxy and to give the proxy address. I’ll leave this blank and continue:
Finally, it will ask you for your preferred desktop environment. Since this is a headless installation, I will select the web server option along with standard system utilities:
Wait for the installation to complete. This can take some time. When it’s almost done it will ask you to install GRUB boot loader to your primary drive. Select yes and continue:
Choose your Virtual Hard Disk as the device to install GRUB on:
With the installation complete, select continue to reboot and start the machine for the first time:
Once it has started, log into the machine as root:
Update and upgrade the machine to make sure it’s running the latest versions of everything. Use the command:
apt update && apt upgrade -y
You do not need sudo as you are logged in as root.
For this server I am going to use Apache web server as it is one of the most popular web servers in the world. Debian usually comes installed with Apache. To check the status of the apache server run this command:
systemctl status apache2
You should get an output like this:
If you don’t get this output, you can install apache using:
apt install apache2 -y
For the last part of this setup, we need to connect this machine to our existing network. Shutdown the machine and open its settings in VirtualBox. Select Network. Currently this machine is using NAT (Network Address Translation) and is connected directly to the internet. I need to make sure it connects to the internet through the pfSense firewall. To do this, select Adapter 1 and change the ‘Attached to’ option to ‘Internal Network’:
Click OK and start the machine. Once logged in, check that it is receiving an IP address from the firewall:
ip address
As can be seen above, the server has been assigned the IP of 192.162.1.101. It is currently on the same subnet as the firewall and the administrator machine. The next step will be to move the server into a DMZ or screened subnet where it can be separated from the rest of the network and secured.
