Building a Home Web Server
Grant Root
grant@[Link]
�This Presentation
... is posted on my site, at [Link] Look for a Site News entry with a link to the presentation.
�Why Host at Home?
$$$ - saving the cost of hosting
Security avoiding shared hosting
Ultimate control over the server
A great learning experience
�The Downside
Bandwidth limitations
Significant learning curve
Security issues must be addressed
Your ISP's terms of service
�Is It Right for Your Site?
Consider anticipated traffic levels
How critical is uptime?
Data security & backups
Time commitment
�Requirements
Broadband Internet connection
Domain name
Domain name service ( DNS )
Firewall
Web server
�Broadband Connection Types
xDSL (usually ADSL for home use)
Cable modem
Wireless
T-1 / Fractional T-1
�Speed / Throughput
Measure your current connection:
[Link] 1220 kbps down, 300 kbps up
My SBC DSL:
YMMV
�Your Own Domain
Who wants a site named [Link]?
Choosing and researching a
name
Whois tools [Link], etc.
�Registering a Domain Name
Choosing a registrar
Price
Reputation
Maintenance tools
�Registrars
ICANN accredited registrar list [Link] [Link]
Network Solutions (Verisign) http ://[Link] GANDI - [Link]
�Domain Name Service (DNS)
Translating names to numbers
e.g. [Link] to [Link]
Dynamic vs. static IP addresses
Finding a moving target dynamic DNS services & clients
�Dynamic DNS Services
Selecting a dynamic DNS provider
[Link]
Subdomains - their domain vs. yours
e.g. [Link]
Backup mail server
Client software support
�Firewall First!
Don't put *anything* online without a firewall! Determine scope of protection
Periphery vs. on-server? Both?
DMZ?
�Selecting a Firewall
Base architecture
Packet filter vs. stateful inspection
Features
Hardware vs. software
Software platform
Ease of use is critical
�Hardware vs. Software
Hardware firewalls
Dedicated appliances
Built into routers iptables / ipchains
Single-purpose Linux distros
Software firewalls
�Some Free Software Firewalls
Freesco (runs from floppy)
[Link] Http://[Link] [Link]
SmoothWall (terrific web interface)
IPCop (spun off from SmoothWall)
�Set Up Firewall
Use NAT (network address translation) to translate private to public IP addresses and vice-versa.
Allow access from the Internet to port 80 on web server. Use port forwarding if web server has a private address.
�Set Up Web Server
Use that old 386 / 486 / Pentium
CPU & memory affect compiling, graphic manipulation and encryption
Choose a Linux distro
I prefer Debian for ease of installations and updates.
�To RAID or Not to RAID
Redundant array of independent disks Provides data protection from hardware failures (*not* mistakes) More drives, performance issues
Hardware or software based
Level usually 1 (mirroring) or 5
�Install and Secure Linux
Install minimal system
Get security updates
Shut down unneeded services
Check inetd / xinetd config files
Use netstat to check for open ports
Use external port scanner service
�Install Web Server Software
HTTP daemon Apache, tux, etc.
Database engine MySQL, PostgreSQL CGI Scripting language Perl, PHP, Python, Ruby, Java I like Apache / MySQL / PHP!
�Configure HTTP Daemon
Apache
Set domain name, doc root, user/group
Deny all access to root directory
Specifically allow access to doc root
Tweak ExecCGI, symlinks, overrides
Disable indexes
�Test Web Serving
Test sample page in browser
Troubleshoot any problems
Common problems:
Apache config
File ownership / permissions
Firewall settings
�Develop the Pages
On the server using text-based tools or more likely... On your [Windows | Linux] workstation w/ text or GUI tools
Upload using ftp, webdav, scp, etc.
�Questions
