🛠️ From Basic Apache Server to Scalable Cloud Architecture — With Real Commands and Code

This is the follow-up to the post “How Architects Think.” Here we go hands-on: turning theory into practice using a real web app — like a restaurant booking app — hosted with Apache or Nginx on a Linux VM, then gradually adding enterprise-like features.

---

🔧 1. Initial Setup: Basic Apache on Ubuntu Server

sudo apt update && sudo apt install apache2 -y
sudo ufw allow 'Apache Full'  # Opens ports 80 and 443
sudo systemctl enable apache2

• Website files go in: /var/www/html/
• Config file: /etc/apache2/sites-available/000-default.conf
• Access log: /var/log/apache2/access.log
• Error log: /var/log/apache2/error.log

---

🧪 2. Enable SSL with Let’s Encrypt (Certbot)

sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache

• SSL certs go to /etc/letsencrypt/live/yourdomain/
• Auto-renewal:

echo "0 3 * * * root certbot renew --quiet" | sudo tee /etc/cron.d/certbot-renew

---

📦 3. Add Log Rotation and Monitoring

• Check Apache logrotate config:

cat /etc/logrotate.d/apache2

• Add a script to /etc/cron.daily/apache-log-backup:

#!/bin/bash
cp /var/log/apache2/access.log /backup/access_$(date +%F).log
cp /var/log/apache2/error.log /backup/error_$(date +%F).log

• Make it executable:

sudo chmod +x /etc/cron.daily/apache-log-backup

---

🛡️ 4. Secure the Server

• Harden SSH:

sudo nano /etc/ssh/sshd_config
# Change Port 22 to 2222 or another value
# Disable root login: PermitRootLogin no

• Set firewall rules:

sudo ufw allow 2222/tcp
sudo ufw allow 'Apache Full'
sudo ufw enable

• Install Fail2ban:

sudo apt install fail2ban -y

---

🐳 5. Migrate App to Docker (Enterprise Prep)

Sample Dockerfile for FastAPI Restaurant App

FROM tiangolo/uvicorn-gunicorn-fastapi:python3.9
COPY ./app /app

Docker Compose

version: '3.8'
services:
  web:
    build: .
    ports:
      - "80:80"
    volumes:
      - ./app:/app
    environment:
      - DB_URL=sqlite:///app.db

Then run:

docker compose up -d

---

📊 6. Add Monitoring (Prometheus + Grafana example)

• Run Prometheus and Grafana via Docker:

docker run -d --name=grafana -p 3000:3000 grafana/grafana

• Create a simple exporter script for FastAPI and expose metrics.

---

☁️ 7. Cloud Readiness — Backup to AWS S3

• Install AWS CLI:

sudo apt install awscli
aws configure

• Backup script:

aws s3 cp /backup s3://my-bucket-name/ --recursive

---

✅ Final Structure

Layer	Tools/Commands
Web Server	Apache/Nginx, Certbot
Security	UFW, SSH hardening, Fail2ban
Backup	Logrotate, Cron, S3
Container	Docker + Compose
Monitoring	Prometheus, Grafana, CloudWatch (alt)
Compliance	Centralized logs, encrypted backups