Web servers

Web servers

By 09/12/2012August 22nd, 2017Guides

Web servers

  • Physical: is a server that is installed on a physical computer machine.
  • Virtual: In computing, a virtual machine (VM) is an emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination.

 

How to create a web server

What you need:

  • Any working computer
  • A Linux server OS or windows server OS
  • Download the OS you have many options for download your choice of web server OS:
  • Cento OS
  • Ubuntu OS
  • Debian OS
  • Install the Webserver OS

You can fallow the OS Installation guide for your choice of OS

  • Update Your New Server

sudo aptitude update && sudo aptitude dist-upgrade

  • Install Apache, MySQL, and PHP

sudo aptitude install apache2 php5-mysql libapache2-mod-php5 mysql-server

And press enter. Aptitude will download and install of the programs you specified. It will also download and install any Dependencies.

 

 

During the install process, MySQL will ask you for a root password. You can set this to anything, just be sure you make it long and secure.

Whatever you do, DO NOT leave this blank.

 

 

After that has all finished, you now have a fully working web server. To test it out, first find your server’s IP by typing:

 

ifconfig | grep inet

 

It’s usually the first IP returned. In my case, it’s 192.168.177.129. Now that you know the IP, open your web browser and point it

to your server IP. If you see the “It works!” message, then congratulations, it works.

 

However, we’re not done yet. We don’t want Apache or PHP to disclose any information about themselves, as this information is not needed

by your users and could pose a security risk. First, back up the original Apache configuration file:

 

sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak

Now open the configuration file:

 

sudo nano /etc/apache2/apache2.conf

Scroll down (down arrow) to where it says “ServerTokens Full” and change it to read “ServerTokens Prod”

 

Now, scroll down a little further and change “ServerSignature On” to “ServerSignature Off”

Finally, press Control-O followed by Control-X. That will save the file and exit the text editor.

Now, we need to do the same thing for PHP. First, back up the original PHP configuration file:

 

sudo cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.bak

Open the configuration file:

 

sudo nano /etc/php5/apache2/php.ini

Change “expose_php = On” to “expose_php = Off”

 

Again, press Control-O followed by Control-X. Now that the configuration files are updated, restart Apache:

 

sudo /etc/init.d/apache2 restart

You are done setting up Apache, MySQL, and PHP.

 

  1. Install a Firewall

 

We now are going to lock down our server a bit more by installing Shorewall, a command-line firewall. To install it:

 

sudo aptitude install shorewall

By default, Shorewall is installed with no rules, allowing complete access. However, this is not the behavior we want.

Instead, we’re going to block all connections to anything other than port 80 (HTTP) and port 22 (SSH). First, copy the configuration

files to the Shorewall directory:

 

sudo cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall/

Now, open the “rules” file:

 

sudo nano /etc/shorewall/rules

Add these lines above where it says “#LAST LINE”

HTTP/ACCEPT    net                         $FW

SSH/ACCEPT       net                         $FW

 

Then press Control-O and Control-X. Your firewall is now configured to only accept HTTP and SSH traffic. The last thing we need to

do is tell Shorewall to start on boot. So, open up the main Shorewall configuration file:

 

sudo nano /etc/shorewall/shorewall.conf

Scroll down to “STARTUP_ENABLED=No” and set it to “STARTUP_ENABLED=Yes”

 

Press Control-O and Control-X. Now, open the Shorewall default configuration file:

 

sudo nano /etc/default/shorewall

And change “startup=0” to “startup=1”. Press Control-O and Control-X. Finally, start your firewall:

 

sudo /etc/init.d/shorewall start

Congratulations! Your firewall is now set up and protecting your server.

 

  1. Add Your Website to Your Web Server

Now that you’ve got everything all set up, you’d probably like to add a website to it. By default, all of the files Apache serves up to the internet are located at “/var/www/”. However, you cannot write to this folder. Let’s make it so you can:

sudo usermod -g www-data [YOUR USERNAME]

sudo chown -R www-data:www-data /var/www

sudo chmod -R 775 /var/www

What happened there was you added yourself to the “www-data” group, and made the website folder writable to the members of the “www-data” group.

Now, you’re going to log into your server using SFTP (not to be confused with FTPS). Some clients that support SFTP are:

WinSCP (Windows, Free), FileZilla (Windows, Linux, OS X, Free), Cyberduck (OS X, Free), and, my personal favorite, Transmit (OS X, $30) Connect to your server using your username and password and, if your client supports it, a default path of “/var/www” (if it doesn’t, simply browse to /var/www once you have logged in): (Transmit pictured) You may now add your files to this folder (/var/www) and they will show up on your server when you browse to it with your web browser. Now, you may wonder why we’re using SFTP instead of FTP. Mainly, because SFTP is already built into OpenSSH (which you installed earlier). However, it is also a lot more secure than FTP, and makes it difficult (if not impossible) for malicious users to gain access to your login credentials.

 

  1. Make Your Server Accessible to the Internet

Most modern home networks are behind a router these days. Because of this, your web server will not be visible to the internet without a little work. As I don’t have every router available to test with, I can only give you general directions in this area.

There are two ways to open your server up to the internet: a DMZ or Port Forwarding. The main difference you’ll notice is that with a DMZ, your server uses the firewall we installed earlier to protect itself. However, with Port Forwarding, your server will be protected by your router’s firewall. However, before we go on, you’re going to want to give your server a static LAN address. To do that, login to your router, and look for something along the lines of “Static IPs” or “Static Routing”. After you have given your server a static LAN address, you can do these next parts. Remember, Google is your friend.

 

To port forward, there is an excellent website, PortForward.com, that, while ugly, can help you get the job done for almost any router. The ports that you want to forward are 22 and 80.

To create a DMZ, you need to login to your router and look for something like “DMZ settings”. Once you find it, add your server to the DMZ, and you’ll be set. Again, Google is helpful in situations like this.

Now, find your public IP, and voila! You can access your server from anywhere as long as your IP doesn’t change.

  1. Managing Your Server Remotely

Beside allowing you to upload files, OpenSSH allows you to login to your server from anywhere as long as you know it’s IP. For Windows, you’ll need an SSH client. I recommend Putty. For OS X, SSH is already installed. Simply open up Terminal, and type “ssh you@yourip”. For Putty, choose SSH, and put in your IP, username, and password when it asks for it. You’ll notice that, once you login, it looks exactly the same as the screen on the server:

You can do anything from here that you would do actually sitting at the server. To logout from the server, simply type “exit” and hit enter.

Next – Web control panels >>

Leave a Reply