If you have an old Windows-compatible PC lying around, it's a fun
exercise to set it up as a web server. It's also not too difficult if
you have a guide such as this one to hand, and it doesn't matter if the
PC is pretty old. Even something with 64 MB of RAM and an 8 GB hard disk
is plenty.
If you're undertaking such an exercise, a
server-oriented version of Linux is a good choice. Why server-oriented?
Because the added GUI desktop is totally unnecessary. Why not
Windows? Because, unless you have a spare copy of Windows Server
around, you’ll be limited in the number of simultaneous connections your
server can support (Windows XP Home and Professional are deliberately
crippled in this respect). And Windows doesn’t run very well on old
hardware anyway.
The only thing you need to check is
that your computer has a built-in Ethernet connector. If its networking
capability comes via a USB or PCMCIA plug-in adaptor, chances are that
it won't work without you getting involved in some substantial fiddling.
I'm
going to use Ubuntu Server 7.10 for this project. It’s ideally suited
to the task, and it (and all the other components we’ll be installing)
is available totally free of charge. So if you fancy giving it a go,
here’s what you need to do.
Our Goal
Once
you have followed this document, you’ll have a working Web server onto
which users can safely and securely upload files via ftp. You’ll also
have Webmin installed, for remote admin functionality, plus Webalizer
for generating web usage stats. Plus, you’ll be able to host PHP/MySQL
sites too.
Note that commands you need to type are in a bold courier typeface like this.
By
the way, if this is the first time you’ve done anything like this
(which it probably is, hence needing this document) you are strongly
advised to keep your new web server within the confines of your own LAN
and use it purely for your own education and experimentation. Assuming
your new server is connected to the internet via a broadband router, it
won’t be accessible by the world in general unless you change your
firewall settings in order to allow incoming connections on port 80. And
frankly, that’s the way it should stay! If you want to host real live
web sites, leave it to the professionals.
First Install the OS
Get
hold of a Ubuntu Server 7.10 CD, which you can download from
http://releases.ubuntu.com/7.10/ubuntu-7.10-server-i386.iso. Yes, I know
that this isn't the very latest version, but it's perfectly acceptable
for this project and it works well. If you really want to get the latest
version of Ubuntu Server instead then feel free, but the instructions
below might not work exactly as you expect.
To get started, boot the PC from the CD-ROM.
When asked, name your machine. I called mine webtest, but the precise name that you choose doesn't really matter.
Your
PC is probably connected to the internet via a broadband or cable
router that handles DHCP, in which case the Ubuntu installer should be
able to make contact with the internet automatically and obtain from the
router an IP address for your server. If it can't, you’ll be asked to
enter an IP address, netmask and gateway address. If this works, then
that's just fine.
A word of advice: If Ubuntu can't
detect a working network connection at all, that's probably because it
doesn't have the necessary drivers available for your computer's
ethernet socket. In which case, to be brutally frank, you should
probably give up at this point. You won't have messed up your PC with a
half-installed copy of Linux yet, and trying to troubleshoot Ubuntu
networking is not something for amateurs. Trust me.
Anyway,
assuming that Ubuntu detected a network connection, you'll now be asked
how to format the hard disk. Choose "guided – use entire disk".
When asked, choose a name and password for your day-to-day user account.
From the software selection menu, select only LAMP server. That's Linux, Apache, MySQL and PHP.
Next
you’ll be asked for a mysql root password. Be aware that you’ll only be
asked once (no confirmation required) and that the password you enter
isn’t shown on screen. So make sure you know what you’re typing!
That's
the basic Linux installation over. Remove the CD when prompted and the
machine will restart. If you don’t see a login: prompt after a minute
or so, press Return and one should appear. Remember that this is a
server installation so there's no pretty graphical interface here (and
thus no need to connect a mouse to this PC).
At the login: prompt, log in with the username and password you created earlier.
If
the server acquired its own IP address using DHCP, you’ll need to know
what address it was allocated. Type ifconfig and have a look at what’s
listed for inet addr. You’ll need to know this address in order to
connect to the machine, unless you register a domain name that points to
it or you add an entry to your company’s internal DNS servers. If
there's more than one entry under ifconfig, make an intelligent guess as
to which is the right one. You may find, for example, that a
non-existent wifi connection with an IP address of 127.0.0.1 is also
shown.
From now on we'll assume that your server is on
192.168.1.10. Whenever you see this address mentioned below, substitute
the correct address for your server.
So far, we’ve
only got one account set up. We also need to set a password for the root
(ie, administrator) account for when we need to do things that require
root access. So type sudo passwd root, specify your current password
when asked, then choose a password for the root username.
Linux
doesn’t normally allow you to log in as root directly so if/when you
need to use your root privileges, log in with your normal user account
and then type su, then enter the root password when prompted. In case
you're wondering, it stands for super-user. If you ever forget who
you’re logged in as, the whoami command will tell you. Or look at the
command prompt, which will end with $ for a normal user and # for a root
user.
Some Useful Commands
Here are some useful commands to get you started, now that you’ve got a usable Linux system:
shutdown –h now turns off the computer.
exit
logs you out. You’ll need to do this twice if you used su. Remember
that the web server is still running when you log out, so web/telnet
connections to it will still work just fine. There’s no need to remain
logged in all the time.
ls shows a directory listing (that's LS).
ls –la shows a better one (that's LS -LA).
cd / switches to the root directory.
cd dirname switches to the specified directory name, eg cd /etc.
clear clears the screen, like cls does in Windows.
cat is the linux version of the Windows "type" command if you want to display the contents of a text file.
rm deletes a file
cp is the linux equivalent of the DOS/Windows copy command.
find / -name xyz.ext will search the entire system for a file named xyz.ext
pwd (print working directory) tells you which directory you’re currently in
Within
an ls –la directory listing, lines that start with a "d" are
directories, otherwise they’re files. The other characters at the start
of the line (such as rwxr--rw-) tell you who has permission to read,
write, and execute the file. A google search for chmod will tell you
how to understand and change these.
Get Updated
Now
we need to scan the internet for any important updates. The list of
locations in which Ubuntu Server searches for updates is stored in a
text file at /etc/apt/sources.list but the first entry in this file
points to the Ubuntu Server CD-ROM. We need to remove this entry,
otherwise we’ll keep getting prompted to insert the CD whenever we
perform an update.
This file is read-only, so you’ll
need to be logged in as root (via su) to proceed beyond this point. In
fact, everything that follows is best done as root (this is an exception
rather than a rule - if you're not doing server maintenance, never log
in as root).
Type cd /etc/apt
Type vi sources.list
You’ll
now find yourself facing vi, undoubtedly the worst editor ever
invented. But without a GUI on your server you have little choice. Plus,
it’s very handy to know the basics of vi because it's part of every
Linux and unix system.
To move the cursor up, down,
left and right, use the k, j, h and l keys (I told you it was bad). To
delete the character under the cursor, press x. That should be enough to
allow you to delete any line that makes reference to "deb cdrom" and
which isn’t already commented out (ie, which doesn’t have a # at the
start).
If you mess up, type :q! and press return to
abandon vi. If you manage to make it work, type :w to save the file and
then :q to quit vi.
You won’t have to use vi very
often. Later on we’ll install Webmin, which lets you maintain your
server from another machine via a web browser. There’s a proper file
manager and editor built into Webmin, thankfully.
It’s now time to update the system so that you’re running the latest versions of everything.
Type apt-get update to update the catalog of possible updates.
Then type apt-get upgrade to download and install any that need installing.
Note
that apt-get may not work if your internet connection goes via a proxy
server. Even if you entered the name of a proxy server when you first
set up the machine and configured it with an IP address, apt-get doesn’t
take any notice. To fix this, type:
export http_proxy="http://yourproxy.com:80"
specifying the address (and port) of your company’s proxy server. Then try the apt-get again.
Test Your Web Server
You
should now have a basic working web server, although we’re not finished
yet. But you can test that everything is working by typing the server’s
IP address into a web browser on another machine on your LAN. You
should see a web page with a link to apache2-default, and clicking on
the link will bring up a brief message. Depending on your web browser,
you may need to add http:// at the start of the address, eg
http://192.168.1.10.
Next we’ll install a telnet server
so that we can connect to the machine remotely over the LAN in
command-prompt mode without the need to actually be seated at the server
itself.
Install the Telnet Server
Type apt-get install telnetd
This will download and install the telnet server. Now we need to kick-start it, by typing:
/etc/init.d/openbsd-inetd restart
You
can now log out by typing exit (you need to type it twice because you
used the su command, and the first time just takes you back into
non-root mode).
Everything we do from now on can be
done remotely via telnet, so if you want to install the server in a
hard-to-reach cupboard that’s no problem. You won’t need physical access
to the server again unless something goes wrong or if you need to turn
it back on after a shutdown command.
To access your
server type telnet 192.168.1.10 (or whatever the IP address of your
server is) from any machine on your LAN and you’ll get a login prompt.
You can do this from Windows or Linux or even a Mac.
Install the ftp server and set up a Web User account
Next,
we need to install an ftp server so that people can upload html pages
to your new web server. An ideal tool for this particular job is proftpd
(that’s Unix-speak for the Pro FTP Daemon).
If you
haven’t done so already, telnet to your server and type su to get root
access. Or you can work on the server directly if it’s easier, of
course.
We need to take a little care to set up the ftp
server in a reasonably secure manner, even though this is only for test
or educational purposes. We need to ensure that a user who logs into
the ftp server in order to upload web pages can’t browse the entire
server but is locked into one directory. Also, we need to ensure that a
user who has an ftp username and password with which to upload web pages
can’t use those credentials to access the system via telnet, as that
would grant them far too much power.
Type apt-get
install proftpd to install the ftp server. You’ll be asked whether to
choose an inetd installation or standalone. Choose inetd.
The
basic ftp server is now up and running, and you should be able to log
into it with your non-root account. But we still need to set up an
account that will allow someone to upload their web pages without having
access to any other parts of the system.
First, switch
to the /etc directory by typing cd /etc. We need to edit the file
called shells and add a new line that says /bin/false to the file. Then,
when we set up a new user account for our web user, we’ll configure
their account so that /bin/false is their command shell. Because there’s
no such shell, they won’t be able to log in with telnet.
Type
vi shells to edit the file. Use the cursor keys (h,j,k,l) to move the
cursor to the start of a new line, then press i to enter insert mode.
Press Return to insert a new line, and add /bin/false as a new line in
the file. Press Esc to leave insert mode, save the file with :w then
exit vi with :q and you’re done.
Each user has a home
directory which contains their various files. It’s like My Documents in
Windows and normally it resides in the /home directory. For web users,
rather than setting their home directory to be somewhere within /home
we’ll put it under /var/www, which is the root of the web server.
Let’s
make an account for a user called webuser1 with a password of
flintstone. These are the steps that you need to do for each web user
account you want to create:
cd /var/www
mkdir webuser1
useradd webuser1 –p xxxx –d /var/www/webuser1 –s /bin/false
chown webuser1 webuser1
passwd webuser1 and, when asked, choose flintstone as the password.
Note that xxxx above is your root password, not the one that you want to assign for the webuser1 account.
Also
note the chown command which changes the ownership of the webuser1
directory from root (which created it) to webuser1. If you don’t do
this, webuser1 won’t be able to upload files.
Just to make sure that everything is working, verify that you can’t telnet to the server using the webuser1 account.
Now
create a simple index.html file and use ftp to upload it, using the
webuser1/flintstone account. Then surf to http://192.168.1.10/webuser1
from any machine on your LAN and you should see the uploaded page.
Before
we leave proftpd, there are a couple of changes that we need to make to
its configuration file in order to improve security and make things
neater.
Type cd /etc/proftpd and then vi proftpd.conf
to edit the config file. Move the cursor up and down with j and k until
you reach the DefaultRoot line, and remove the # symbol from the start
of the line by pressing the x key. This will lock all ftp users into
their home directory (eg /var/www/webuser1) and won’t let them view
files that are further up the tree. Without this step, our webuser
account holders could use their ftp software to browse the entire
server's directory structure.
While you're in proftpd.conf, add a new line near the top of the file which says:
IdentLookups off
This
will fix the problem which you’ll no doubt have noticed, of a few
seconds’ delay when logging into the ftp server or uploading files.
You
may also wish to change the ServerName entry from Debian to the name of
your server, to make the welcome message more relevant. With vi,
remember that typing i puts you into insert mode, for typing text, and
Esc then puts you back into command mode from where you can type :w to
save the file and :q to quit vi.
Webmin
Now
that ftp is working, let’s install Webmin so that we can remotely
administer the server from anywhere on our LAN via a web browser. It’s
more fun and friendly than using telnet, and a great way to explore the
machine.
First, make sure you’re logged in as root (via your normal user account and su) then type the following, all on one line:
apt-get install openssl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl libmd5-perl
Then type:
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.380_all.deb
Note
that wget probably won't work if your internet connection goes through a
proxy server. In which case, type export
http_proxy="http://yourproxy.com:80" first, and then issue the wget
command.
Finally type dpkg -i webmin_1.380_all.deb and Webmin should be installed and ready to use.
From
another machine on your LAN, surf to https://192.168.1.10:10000 and log
in as root, using your server’s root password. Note the https bit – it
won’t work with plain http. Also note the :10000, which is essential.
Ignore
the warning about a missing SSL security certificate – you can trust
this server unconditionally because it’s yours. You will, though, need
Java installed on the PC from which you intend to use Webmin, otherwise
it won’t work.
Possibly the most useful part of Webmin
is the file manager, which also lets you edit files. You’ll find it in
the “others” category at the bottom of the left-hand menu.
Webalizer
Now
we’ll install Webalizer, which is a great tool that produces graphical
stats to show your web site usage. Even if you’re only using your server
for test/educational purposes, it’s useful to be able to see the sort
of stats that are available with such programs.
To install webalizer type apt-get install webalizer
You
need to tweak the Webalizer config file before the program will work.
Type cd /etc/webalizer then vi webalizer.conf and delete the .1 from the
end of the LogFile entry.
Webalizer produces its
reports by analyzing the Apache web server log file on a regular basis.
To make it do this, you need to set up what’s called a cron job in order
to run /usr/bin/webalizer regularly. Every 15 minutes should do nicely,
and the easiest way to do this is via Webmin.
Go into
Webmin via https://192.168.1.10:10000 from another PC and, under the
System category, click on "Scheduled Cron Jobs". Then click "Create A
New Scheduled Cron Job".
Choose to execute the job as
root. The command to execute is /usr/bin/webalizer. Click on "Times And
Dates Selected Below". Under the minutes, tick "Selected" and choose 0,
15, 30 and 45. For hours, days, months and weekdays, select "All".
Now
click the Create button and close your web browser. After 15 minutes or
so, surf to http://192.168.1.10/webalizer and you should see the
reports and stats. Wait another 15 minutes and you should see an
updated version.
PHP and MySQL
Now we
need to make PHP and MySQL work, to ensure that we can host not just
static html sites but also dynamic database-driven ones. PHP should
already be working just fine, so we need to test that. Create a file
called test.php which contains:
<?
echo “this is a test file”;
?>
Upload
it using the webuser1 account. Surf to
http://192.168.1.10/webuser1/test.php and check that you see a web page
containing just the message “this is a test file”. If it works, PHP is
working on your web server.
To allow users to create
database-driven sites we’ll install phpMyAdmin, which is a graphical
web-based tool for managing MySQL databases. It’s best if we don’t allow
web users to create their own databases, but we do want them to be able
to manage the databases that we set up for them. PhpMyAdmin will work
for both of these tasks. IE, for us to create databases and for our web
users to maintain the tables within their allocated database.
As root, type apt-get install phpmyadmin
When asked which web server you’re using, choose apache2.
To
use phpMyAdmin, surf to http://192.168.1.10/phpmyadmin and log in with a
username of root and the MySQL root password that you set up right at
the start of this document.
On the front page of
phpMyAdmin, scroll down to the Privileges link and click it. Then click
"Add A New User". Enter their username (webuser1 in this case), and
assign them a password. This will be used for them to log into
phpmyadmin, and they’ll also use it in their PHP code in order to
connect to their database (using a host name of localhost). It’s up to
you whether you make it the same as their ftp password (flintstone). In
this example, let’s set the password as barney.
Click
"Create database with same name and grant all privileges" and all the
hard work will be done for you. A database called webuser1 will be
created, with permission for the webuser1 account to do everything
except creating new databases.
Log out of phpmyadmin
(just close your browser), and then log in again. This time, use a
username of webuser1 and a password of barney. You should see only the
webuser1 database and no others, and you should find that you can create
tables on the database but you can’t create new databases.
No comments:
Post a Comment