Public servers like a web server should run on a isolated machine on an isolated network. This network is called a DMZ (DeMilitarized Zone). On this network you can connect real servers or virtual servers, I will show virtual servers. The firewall is set so that only traffic that is absolutely necessary is allowed from the DMZ to the internal servers. The details are written in the articles shown in the right menu:
17-Aug-2011: initial release. 29-Aug-2011: added apache web server. 07-Jan-2011: added nginx web server. 22-Aug-2012: removed apache web server. 28-Jul-2013: changed menus.