RPI Webserver

Intro

It is a while since I built a new RPI so it was a pleasant change to set one up.  This one is intended as an internet facing webserver.  Although I don't have anything of great value on my home network it isn't very well organised so concentrating all webserving functions in one place seems a good idea.  In addition any external pages should be accessed via https these days, and I dont want multiple server key admin.

Install

Downloading Raspbian lite (Buster) image and creating an SD card (Balena etcher) is easy and headless RPI installation is straightforward.  There is a short list of changes I make initially to setup the system:
tailor colours, command prompts
setting up the server name (PI32) as a host on systems which require access.
setup alias on wsl for ssh signon
put public keys on PI32 to allow password free signon.

Webserver

I continue to use lighttpd for my webserver as it is simple, has plenty of features, is widely used on RPI and apparently has reasonable security.  Letsencrypt is the obvious choice for SSH/HTTPS and I followed Danny Tuppeny instructions to set it up with lighttpd.

I want a restricted set of pages (e.g. those which provide SQL update access) only to be available locally and lighttpd allows you to have different document-home folders dependent on the incoming URL so I have a /home folder for LAN addresses and /html folder for internet URLs.

File access to my backend server is provided by a Samba read-only share.
Database access is provided using PHP, with read-only credentials supplied for external access.

I feel this is a reasonable setup for my internet facing webserver providin https and improving security without being overkill for my applications.