This is a diagram of what i have in mind to secure this webserver.

To start this project off we are going to need a dedicated server. So i built one to fit inside a 1u case, once that was complete i flashed my favorite Linus Distro (Debian) onto a flash drive and plugged it in and booted from it. Installed a graphical version of Debian in case i needed to do anything in the GUI environment but ironically so far i haven't touched the GUI at all and have been able to do everything via a SSH bash environment. We are also going to need to harden this server and lock it down. I hardened my SSH connections to this server by these precautions:

1. Disable logging in as root

2. Configure SSH to use a random port and not connect over port 22

3. Lockdown logins by forcing logins with a public/private keypair instead of passwords, and disable password logins completely.

After hardening SSH i decided to do a few basic linux configurations to harden the server further. These i will not discuss but am happy to discuss in a professional environment (Job interview, job meetings)

After hardening the Debian server as much as i knew, i moved onto the next steps in terms of security. A firewall! See:opnsenseconfiguration to see the basic configuration that i setup.

I went with a OPNSense firewall that again i hand built to fit into a 2u server chassis. Loaded OPNsense onto and got to work. My idea for this was that i would take advantage of OPNsense's Firewall and routing capabilities to combine it into a router/firewall.