Professional Documents
Culture Documents
04 ("Natty")
by Robert Schifreen If you have an old Windows-compatible PC lying around, it's a fun and educational exercise to set it up as a web server. It's also not too difficult if you have a guide such as this one to hand, and it doesn't matter if the PC is pretty old. A laptop will work just as well as a desktop. You could even use a virtual machine running on your main PC, via something like VMware Player (which is free). But for the purposes of this exercise I'll actually be using a separate, spare desktop PC. If you're undertaking such an exercise, a server-oriented version of Linux is a good choice for the operating system. Why server-oriented? Because the added GUI desktop is totally unnecessary. And why not Windows? Because, unless you have a spare copy of Windows Server around, youll be limited in the number of simultaneous connections your server can support. And Windows doesnt run very well on old hardware anyway.
The one thing you really need to check is that your chosen computer has a built-in Ethernet connector on the motherboard. If its networking capability comes via a USB or PCMCIA plug-in adaptor instead, chances are that it won't work without you getting involved in some substantial fiddling, and searching for drivers that may or may not exist. Trust me, it's probably not worth the bother. But as long as the PC has a built-in Ethernet port, you should be fine.
pdfcrowd.com
I'm going to use Ubuntu Server 11.04 (codenamed "Natty Narwhal") for this project. Its ideally suited to the task, and it (and all the other components well be installing) is available totally free of charge. So if you fancy giving it a go, read on. Once you have followed this document, youll have a working Web server onto which users can safely and securely upload files via ftp. Youll also have Webmin installed, for remote admin functionality, plus Webalizer for generating web usage stats. And youll be able to host PHP/MySQL sites too. Once the server is up and running, we'll install the telnet system on it so that you can access it remotely over your LAN. Therefore, there's no harm in installing your new server in a hard-to-reach location, because you won't need to physically access it very often. Ubuntu Server doesn't have a GUI and doesn't need a mouse so, if your PC has one that you can unplug, do so before you start. There's no point confusing the OS by having it look for drivers for devices that it can't use. Incidnetally, if you'll be using a USB keyboard, it helps to change the computer's BIOS setting and enable USB legacy device support before you start. This helps to ensure that Ubuntu Server can boot correctly once installed. Note that commands you need to type are in a
Before we start, one important word about security and firewalls. Assuming your new web server is connected to the internet via your broadband router or somesuch, it wont be accessible to the world in general unless you change your router's firewall settings in order to allow incoming connections on port 80 to be directed to the server. Unless you do that (look up NAT, or Network Address Translation, in your router's open in browser PRO version Are you a developer? Try out the HTML to PDF API
pdfcrowd.com
documentation), your web server will only be accessible within your LAN, ie from other PCs in your home or office. While it can be tempting to open up your firewall and make your web server available to the world, you should think very carefully before doing so. The risk of someone hacking the server is high. Running your own web server is a fun, educational project, and very handy for testing new stuff within a closed environment. But hosting externally-available web sites yourself is not a sensible idea. It's best left to professional hosting companies, who can cope better with the security and capacity implications. So don't cancel your web hosting subscription just yet.
pdfcrowd.com
When asked, name your machine. I called mine webtest, but the precise name that you choose doesn't really matter. You'll be asked how you want to partition your hard disk. Choose "Guided - use entire disk". If you know what you're doing and particularly want to use it, then choose the LVM option or something else. If you don't know what LVM is, you don't need it, and the above-mentioned choice is your best option. Once you've accepted and confirmed your choices, the hard disk will be formatted and Ubuntu Server will be installed. If there was anything on the drive that you wanted to keep, and didn't back up, it's now too late! You'll next be asked to enter the name and username for a user-level account that will be created. You'll also need to choose a password for the account. This username and password is the one that you'll mostly use to log into your server in order to administer it. At this stage there's no root (administrator) account, but we'll come back to that later and set one up. Make sure you make a note of the username and password that you've chosen at this stage. Next you'll be asked whether you want to configure your home directory for encryption. Unless you particularly plan to use this server to store confidential information that needs to be hidden from the eyes of anyone who might steal the machine, say no. We want to keep this system as simple as possible. Next, you can enter details of an http proxy. If you're not aware that you have one, or that you need to enter its details, then you don't need to enter anything here. Next, you'll be asked about how best to install security updates. Unless you particularly don't want to,
pdfcrowd.com
choosing the option to have Ubuntu install security updates automatically is the best option. Next, you need to specify which components to install. This is going to be a web server running Linux, Apache, MySQL and PHP, commonly known as LAMP. So you simply need to choose the LAMP Server option. Next, you need to choose a root password for the MySQL database system. You'll need this to log into MySQL in order to administer your databases on the server. You'll also need it when you're writing PHP code that requires access to a database. As with all passwords, make this one as complex as you dare. The security of all your web-based data depends on it, although of course your server will not be accessible from outside your LAN unless your firewall allows it. Next you'll be asked whether to install the GRUB boot loader. Assuming that you're setting up your server on a machine that doesn't have any other installed operating systems, say yes. Otherwise, eg if you're installing Ubuntu as a virtual machine on a computer that's also running Windows, follow the on-screen suggestions. That's the basic Linux installation over. Remove the CD when prompted and the machine will restart. If you dont see a login: prompt after 5 minutes or so, press Return a couple of times and one should appear. Remember that this is a server installation so there's no pretty graphical interface. At the login: prompt, log in with the username and password you created earlier. Once you log in, you'll see a handful of statistics and figures such as system load, memory and disk usage, etc. You'll also see the server's IP address listed, probably under the heading of "IP Address for eth0". Assuming that the server is plugged into your router, and that your router has the ability to issue IP addresses to new devices (a facility known as DHCP), this address will have been issued by the router
pdfcrowd.com
From now on we'll assume that your server is using IP address 192.168.1.10. Whenever you see this address mentioned below, substitute the correct address for your server. Later on, we'll set it to something more permanent.
So far, weve only got one account set up. We also need to set a password for the root (ie, administrator) account for when we need to do things that require root access. So type
your current password when asked, then choose a password for the root username.
Linux doesnt normally allow you to log in as root directly so if/when you need to use your root privileges, log in with your normal user account and then type
you're wondering, it stands for super-user. If you ever forget who youre logged in as, the
whoami command
will tell you. Or look at the command prompt, which will end with $ for a normal user and # for the root user.
pdfcrowd.com
if you used
when you log out, so web/telnet connections to it will still work just fine. Theres no need to remain logged in
ls shows a directory listing (that's LS). ls la shows a better one cd / switches to the
(that's LS -LA).
top-level directory.
cd /etc.
linux version of the Windows "type" command if you want to display the contents of a text file.
pdfcrowd.com
pwd
Within an
ls la directory listing, lines that start with a "d" are chmod will tell you how
The other characters at the start of the line (such as rwxr--rw-) tell you who has permission to read, write, and execute the file. A google search for to understand and change these.
Get Updated
Now we need to scan the internet for any important updates. Start by using the need to be root in order to do this. Type
su command,
because you
Then type
server asks you to restart it one or more times during the installation of the updates.
Note that apt-get may not work if your internet connection goes via a proxy server. Even if you entered the name of a proxy server when you first set up the machine and configured it with an IP address, apt-get doesnt take any notice. To fix this, type
address
and port number of your companys proxy server. Then try the apt-get again.
pdfcrowd.com
You now have a basic working web server, although were not finished yet. There are plenty more things we need to install and set up. But you can test that everything is working by typing the servers IP address into a web browser on another machine on your LAN. You should see a basic web page with the default content, which will be something like "It works!". Depending on your web browser, you may need to add http:// at the start of the address, eg http://192.168.1.10.
su yourself if necessary.
This will download and install the telnet server. You can now log out by typing
exit
su command, and
the first time just takes you back into non-root mode). You should find yourself back at a login prompt.
Everything you do from now on can be done remotely via telnet, which makes things easier. You wont need physical access to the server again unless something goes wrong, or when you need to turn it back on after a
shutdown command.
open in browser PRO version pdfcrowd.com
a command prompt on any machine on your LAN and youll get a server login prompt. You can do this from Windows or Linux or even a Mac. Note that recent versions of Windows (Vista onwards) don't have telnet available by default, but you can enable it easily enough from the control panel. Look for the "turn Windows features on or off" option. Note, too, that while telnet is the simplest way to connect to a remote text-based Linux server, it's not the most secure. If you're going to be allowing your server to be accessible through your firewall to the world in general, investigate the use of the ssh (secure shell) system instead. But for now, telnet will suffice.
If you're not already there, telnet to your server and type server directly if its easier, of course.
We need to take a little care to set up the ftp server in a reasonably secure manner, even though this is only for test or educational purposes. We need to ensure that a user who logs into the ftp server in order to upload web pages cant browse the entire server but is locked into one directory. Also, we need to ensure that a user who has an ftp username and password with which to upload web pages cant use those
pdfcrowd.com
credentials to access the system via telnet, as that would grant them far too much power.
Type
The basic ftp server is now up and running, and you should be able to log into it with your non-root account. Just use any ftp client program, and go to the IP address of your server (eg 192.168.1.10). But we still need to set up an account that will allow someone to upload their web pages without having access to any other parts of the system.
cd /etc. We
list of the various command shells available (rather like cmd.exe if you're more used to Windows) and add a new line that says /bin/false to the file. Then, when we set up a new user account for our web user, well configure their account so that /bin/false is their command shell. Because theres no such shell, they wont be able to log in with telnet.
Type
file. Youll now find yourself facing vi, undoubtedly the worst text editor
ever invented. But without a GUI on your server you have little choice. Plus, its very handy to know the basics of vi because it's part of every Linux and unix system. Later on, we'll install Webmin, which has a much better editor built in. But for now we're stuck with vi. To sum up vi in a paragraph: To move the cursor up, down, left and right, use the k, j, h and l keys (I
open in browser PRO version
Are you a developer? Try out the HTML to PDF API
pdfcrowd.com
told you it was bad). To delete the character under the cursor, press x. press i, and to return to editing mode press Escape. If you mess up, type abandon vi. If you manage to make your edits work, type
Use the cursor keys to move the cursor to the start of a new line, then press i to enter insert mode. Press Return to insert a new line, and add /bin/false as a new line in the file. Press Esc to leave insert mode, save the file with Type
done.
Each user has a home directory which contains their various files. Its like My Documents in Windows and normally it resides in the /home directory. For web users, rather than setting their home directory to be somewhere within /home well put it under /var/www, which is the root of the web server. Files under /var/www are served by the web server (apache) and sent to visitors' web browsers. Files that aren't within /var/www are not accessible in this way, so there's no point in web site authors putting them anywhere else. Such users have no need for a directory within /home, as they won't be creating work that is only for use within the server and which won't need to be shared with anyone else.
Lets make an account for a user called webuser1 with a password of flintstone. These are the steps that you need to do for each web user account you want to create:
pdfcrowd.com
useradd webuser1 p xxxx d /var/www/webuser1 s /bin/false chown webuser1 webuser1 passwd webuser1
Then, when asked, choose flintstone as the password.
Note that xxxx above is your root password, NOT the one that you want to assign for the webuser1 account.
created it) to webuser1. If you dont do this, webuser1 wont be able to upload files.
Verify that you cant telnet to the server using the webuser1/flintsone account. The connection will start, but will immediately exit again.
Now create a simple index.html file and use ftp to upload it, using the webuser1/flintstone account. Then surf to http://192.168.1.10/webuser1 from any machine on your LAN and you should see the uploaded page. We now have a working web server with an ftp server, and the above-listed set of commands allow you to create new user accounts for your web server. Before we leave proftpd, there are a couple of changes that we need to make to its configuration file in order to improve security and make things neater.
Type
pdfcrowd.com
down with j and k until you reach the DefaultRoot line, and remove the # symbol from the start of the line by pressing the x key. This will lock all ftp users into their home directory (eg /var/www/webuser1) and wont let them view files that are further up the tree. Without this step, our webuser account holders could use their ftp software to browse the entire server's directory structure. You may also wish to change the ServerName entry from Debian to the name of your server, to make the welcome message more relevant. With vi, remember that typing i puts you into insert mode, for typing text, and Esc then puts you back into command mode from where you can type vi.
:w to save
:q to quit
Webmin
Now that ftp is working, lets install Webmin so that we can remotely administer the server from anywhere on our LAN via a web browser. Its more fun and friendly than using telnet, and a great way to explore the machine.
First, make sure youre logged in as root (via your normal user account and su) then type the following 3 commands. Make sure that each one has finished, and you're back at the command prompt, before typing the next:
pdfcrowd.com
Webalizer
Now well install Webalizer, which is a great tool that produces graphical stats to show your web site usage. Even if youre only using your server for test/educational purposes, its useful to be able to see the sort of stats that are available with such programs.
You need to tweak the Webalizer config file before the program will work.
open in browser PRO version
Are you a developer? Try out the HTML to PDF API
pdfcrowd.com
Type
cd /etc/webalizer then vi webalizer.conf and delete the .1 from the end of the
LogFile entry. It's around the 25th line of the file, from the top.
Webalizer produces its reports by analyzing the Apache web server log file on a regular basis. To make it do this, you need to set up whats called a cron job (the Linux version of a Windows scheduled task) in order to run /usr/bin/webalizer regularly. Every 15 minutes should do nicely, and the easiest way to do this is via Webmin.
Go into Webmin via https://192.168.1.10:10000 from another PC and, under the System category, click on "Scheduled Cron Jobs". Then click "Create A New Scheduled Cron Job".
Choose to execute the job as root. The command to execute is /usr/bin/webalizer. Click on "Times And Dates Selected Below". Under the minutes, tick "Selected" and choose 0, 15, 30 and 45. For hours, days, months and weekdays, select "All".
Now click the Create button and close your web browser. After 15 minutes or so, surf to http://192.168.1.10/webalizer and you should see the reports and stats. Wait another 15 minutes and you should see an updated version.
pdfcrowd.com
dynamic database-driven ones. PHP should already be working just fine, so we need to test that. Create a file called test.php which contains:
To allow users to create database-driven sites well install phpMyAdmin, which is a graphical web-based tool for managing MySQL databases. Its best if we dont allow web users to create their own databases, but we do want them to be able to manage the databases that we set up for them. PhpMyAdmin will work for both of these tasks. IE, for us to create databases and for our web users to maintain the tables within their allocated database.
As root, type
When asked which web server youre using, choose apache2. You'll be asked whether you want the system to set up a config database with dbconfig-common. Say yes. Next, you'll be asked for the MySQL root password, which phpMyAdmin needs in order to connect to the
pdfcrowd.com
database server. You specified this earlier, so go back to your notes and find it. Next, you'll be asked for a password for phpMyAdmin to register with the database server. Just leave this blank and select OK. Once everything stops, and you're back at the command prompt, switch back to a different machine on your LAN (you can safely log out of the server if you wish - everything keeps running, and your server is remotely accessible even if you're not logged into it) and surf to
192.168.1.10/phpmyadmin.
Log in with a
username of root and the MySQL root password (not the server root password). For each user who has an ftp account on this server in order to upload web pages (eg, webuser1), we now need to grant them access to a database and to phpMyAdmin. On the front page of phpMyAdmin, click the Privileges tab. Then click "Add A New User". In the User Name field, change the drop-down box to Use Text Field and enter their username (webuser1 in this case). In the next box, change the Host drop-down to Local, so that localhost appears in the box to the right of it. For "Password", choose "use text field" and assign them a password. This will be used for webuser1 to log into phpmyadmin, and theyll also use it in their PHP code in order to connect to their database (using a host name of localhost). Its up to you whether you make it the same as their ftp password (flintstone). In this example, lets set the password as barney.
Click "Create database with same name and grant all privileges", then click the Go button and all the hard work will be done for you. A database called webuser1 will be created, with permission for the webuser1 account to do everything except creating new databases.
pdfcrowd.com
Log out of phpmyadmin (just close your browser), and then log in again. This time, use a username of webuser1 and a password of barney. You should see only the webuser1 database and no others, and you should find that you can create tables on the database but you cant create new databases.
You may also find that you can see a database called information_schema as well as your webuser1 database. However, this is harmless and can be ignored its not a security risk.
pdfcrowd.com
su to give
There's probably only one wired ethernet network connection, and it's probably labelled eth0. So you should see something like this in the file: auto eth0 iface eth0 inet dhcp This confirms that the network interface is currently set to use DHCP. Change dhcp to static, so that the line reads iface underneath:
then find that you can now telnet to the machine at its new, permanent IP address.
pdfcrowd.com
And that's it. You now have a fully working web server that you can use for test, development and training purposes. Have fun. Now that you have a web server at your dispoal which is capable of hosting PHP/MySQL sites, all you need is a way to find out how to create such things. In which case, check out www.the-web-book.com, which is a 350page ebook, written by me, that tells you all you need to know. You can purchase the downloadable PDF version via PayPal, or browse it on-screen for free. Copyright Robert Schifreen. Last updated March 2011
The official hom e of this docum ent is www.the- web- book.com . If you want to tell people about this docum ent, or link to it, please use that URL rather than any other.
pdfcrowd.com