Webserver Setup

Getting Started With Your First Server

COS216
AVINASH SINGH
DEPARTMENT OF COMPUTER SCIENCE
UNIVERSITY OF PRETORIA
Overview

 Until now you learned web-based languages to develop a website

 You used a preconfigured webserver (Wheatley)
 This lectures focus on
 Purchasing hosting, domains, and certificates
 Setting up your own webserver
 Using common web tools
 While teaching you the technologies behind the works
Webservers

Webserver

Hosting Hosting Domain Security

(Hardware) (Software) Name Certificate
Hosting

 In order to host a website you need a server

 You can use your home computer as a server

 Might be more expensive
 Home internet speed and bandwidth might not be enough for large websites
 Might be unreliable due to internet and electricity outages

 You can use a commercial server

 Must be purchased, but many are relatively cheap
 Are more reliable, often guaranteeing 99.9% uptime
Hosting

Server Options

Shared Virtual Dedicated

Hosting Private Server Server
Hosting

Server Options

Shared Virtual Dedicated

Hosting Private Server Server
Shared Hosting

 A single virtual server with many websites hosted on it

 Often a few hundred or even thousand websites are hosted on the same server
 The resources are shared between the websites
 Each website has dedicated hard drive space
 CPU and RAM is shared among the websites
 Each website has its own OS user
 Each user can only access its own home directory
 Wheatley is an example of shared hosting
Shared Hosting

 Not the best option for websites with thousands or millions of concurrent users
 Access can become slow if many users access all the different websites on the shared
server
 Use for small websites where reliability/speed is not that important
 Typically does not allow to install any packages/programs on the OS
 Since different users share the same server, you do not want to give users root access
 With root access things can be installed/removed and can cause the server to go down for
all users/websites
Shared Hosting

 Comes preinstalled with existing software and packages

 Most are Linux (open-source and free), Windows is sometimes supported, but is more
expensive due to extra licensing fees
 Most are Apache webservers (open-source and free)
 Almost always has PHP, sometimes supporting other languages such as Perl and Ruby
 Almost always has MySQL, sometimes supporting other databases such as SQLite and
PostgreSQL
 A bit more difficult/expensive to get other webservers such as Django (Python) or NodeJS
(JavaScript)
 Allows limited package installation, such as WordPress or Joomla
Shared Hosting

 Typically very cheap

 From $1 p/m
 Dual core CPU with 512MB RAM
 10GB disk space with 1 MySQL database
 10GB – 100GB monthly bandwidth with 20 entry processes
 To $5 - $10 p/m
 Dual core CPU with 1GB – 2GB RAM
 10GB – unlimited disk space with unlimited MySQL databases
 100GB – unlimited monthly bandwidth with 20 – 40 entry processes
 “Unlimited” is often subject to a Fair Usage Policy (FUP) and can be throttled
Hosting

Server Options

Shared Virtual Dedicated

Hosting Private Server Server
Virtual Private Server

 Virtual Private Server (VPS)

 Each VPS has its own OS
 Shared hosting shares a single OS amongst its users
 You have full control of the VPS’s OS
 Underlying hardware might still be shared with other VPSs
 Example: Server unit has 32 cores and 32GB RAM. Server might hold 16 VPSs, each with 2
cores and 2GB RAM
 Hardware allocated to VPS stays under the full control of the OS
Virtual Private Server

 The VPS is under your full control

 Typically a variety of OSs or distros to chose from
 You can install and program/package
 You can fully configure the VPS, just like a normal machine
 Sometimes the VPS can come preinstalled with existing webserver software
 Most of the time you have to install everything from scratch
 That includes Apache, PHP, MySQL, email programs, etc
Virtual Private Server

 Typically relatively cheap, but more expressive than shared hosting

 Additional fees apply if you use Windows instead of Linux
 From $20 p/m
 Dual core CPU with 2GB RAM
 10GB disk space with unlimited MySQL database
 10GB – 100GB monthly bandwidth with 20 entry processes
 To $50 - $80 p/m
 Multiple cores CPU with 4GB RAM
 200GB with unlimited MySQL databases
 100GB – unlimited monthly bandwidth with 20 – 200 entry processes
Hosting

Server Options

Shared Virtual Dedicated

Hosting Private Server Server
Dedicated Servers

 Get a complete server for yourself

 Not only full control over OS, but also the hardware
 Sometimes an entire server unit can be under your control
 Often your dedicated server will share the underlying server unit with other dedicated
servers
 A dedicated server’s hardware can only be used by the customer, with a VPS the hardware
can be used by other VPSs if your VPS currently does not fully utilize the CPU or RAM
Dedicated Servers

 You have full control of the server and OS

 From a software perspective equivalent to a VPS
 From a hardware perspective, the dedicated server always maintains control of the
underlying hardware, with a VPS it might be shared
Dedicated Servers

 Typically relatively cheap, but more expressive than shared hosting

 Additional fees apply if you use Windows instead of Linux
 From $50 p/m
 Quad core CPU with 4GB RAM
 200GB disk space with unlimited MySQL database
 1TB – unlimited monthly bandwidth with hundreds of entry processes
 To $100 - $500 p/m
 8 – 32 core CPU with 8GB – 64GB RAM
 1TB – 8TB with unlimited MySQL databases
 1TB – unlimited monthly bandwidth with hundreds of entry processes
Hosting

 Many cheap hosting providers

 hostgator.com
 godaddy.com
 thcservers.com
 hostinger.com
 hostsailor.com
 Thousands more …
Hosting

Shared Hosting Virtual Servers Dedicated Servers

No control over hardware Shared control over Full control over
hardware hardware
Shared OS with other users Own OS without sharing Own OS without sharing
Limited software installation Full software installation Full software installation
Can only host a single Can host unlimited Can host unlimited
website websites websites
Cheap pricing Medium pricing Expensive pricing
For small/personal websites For small companies For large companies
Few thousand requests per Few ten to hundred Few hundred thousand
day thousand requests per day to millions of requests per
day
Domains

 Server has an IP address

 VPS and dedicated server typically have a static/own IP address
 Shared hosting has the same IP from all websites on the server
 Domain name is needed
 Access a website with a name instead of IP address
 DNS server resolves the domain name to an IP address
Domains

 Often hosting packages come with free domain

 Mostly only for VPS, dedicated servers, or expensive shared hosting
 Most hosting providers also sell domain names
 Servers can have multiple websites
 Therefore multiple domains can point to the same server and IP address
 The webserver (eg Apache) will redirect incoming requests to the correct website on the
server, based on the HTTP headers
Domains

 The price of the domain can vary

 Cheap domains (.com, .net, .org, .eu, etc) can be purchased from as little as $10 p/y
 More expensive domains (.io, .fm, .credit, etc) can cost up to $100 p/y

 Domain parking
 Purchase a domain for very cheap
 Once someone wants the specific website, sell it for a profit
 Parked domains are sold for a few hundred to a few million dollars
 Common practice in the dot-com bubble, but still done today
Domains

 Domains must be registered with

 Your full name
 Telephone number
 Email address
 Company (if applicable)
 Physical and/or postal address

 Anyone can view this information with a whois lookup

 You can often provide fake information
 Many websites offer whois lookups (eg whois.com or co.za/whois.shtml)
Domains

 Njilla (njil.la)
 Domain registration service
 Created by the ThePirateBay founders
 Provides anonymous domain registration
 Njilla purchases the domain on your behalf
 Their name instead of yours is listed under whois
 They try to combat constant domain suspensions
 You can create an anonymous account with them
 You can make anonymous payments to them (cryptocurrencies)
 Even when they receive requests to hand out customer info, they don’t have any info, and if
they have it they do everything legally to avoid handing out info
Security Certificates

 An SSL certificate allows

 To encrypt the communication between your clients and your server
 Purchased SSL certificates often provide insurance, if you loose money on the website due
to a SSL security issue, you can get your money back
 Increases customer’s trust in your website, at least with a nice green lock in the browser’s
address bar
Security Certificates

 SSL certificates can be purchased from companies

 Many large hosting or domain services also offer SSL certificates
 Many AnitVirus companies (eg Comodo) also offer SSL certificates
 In recent years many organisations offer free SSL certificates
 Most well-known is Let’s Encrypt (letsencrypt.org)
 Full encryption of communication
 However, does not provide insurance
Security Certificates

 SSL certificates come in different flavours

 Can cost from a few dollars to a few hundred dollars per year
 Price is depended on
 Level of encryption
 Level/amount of insurance
 Number of sudomains to be incorporated into the certificate

 Different number of subdomains can be added, with an increasing price

 Single domain (eg: www.mysite.com)
 Multiple domains (eg: mysite.com, www.mysite.com, mail.mysite.com)
 Wildcard domains (eg: all subdomains, *.mysite.com)
SSL Certificates

 Purchase SSL certificate from a certificate authority

 Sometimes requires ID and proof of residence for advanced certificates
 After payment, download a .crt file from the certificate authority’s website
 You will need the .crt file to generate .csr, .cer, and .key file locally
 These files have to be uploaded to your webserver
 Various programs can use the certificate for encryption and verification
 Configure Apache to let your site run over HTTPS
 Configure Postfix to use the SSL certificates
 Adds a layer of encryption to outgoing emails
 Reduces the chances of emails being flagged as spam
Webservers

Webserver Software

Webserver Language Database Email Tools

(eg Apache) (eg PHP) (eg MySQL) (eg Dovecot)(eg cPanel)
Shared Hosting

 Shared hosting servers come preinstalled

 Apache
 PHP and sometimes other languages (eg Ruby or Perl)
 MySQL and sometimes other databases (eg PostgreSQL)
 Dovecot and Postfix for emails
 cPanel
 Some other packages
 The moment your purchase a shared server, you can immediately upload your files
and launch your website
Virtual and Dedicated Servers

 Virtual and dedicated servers are bare bone

 Once the server has been purchased
 You can select from a variety of OSs on the hosting companies website
 Most of the OSs are Linux distros
 Once selected, the OS will be automatically installed for you, might take some time
 After the OS installation, you have a new clean system
 All software (eg Apache, PHP, and MySQL) has to be installed manually
 If you are using Linux, this is quite easy (on Debian systems everything can be installed via
apt-get)
 After installing the software, the actual burden is to configure everything and to let all the
programs communicate with each other
Apache

 Easily installable, but needs some configuration

 Directly configure Apache, or put some of the config inside a .htaccess file and
upload it to the root directory of your website
 Might require some additional Apache extensions to be enabled
 Various Apache config files (similar to XAMPP), such as apache2.conf or httpd.conf
Apache

<VirtualHost *:80> Configure HTTP over port 80

…
</VirtualHost>

<VirtualHost *:443> Configure HTTPS over port 443

…
</VirtualHost>
Apache

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

If you have a SSL certificate, you can

redirect any HTTP requests to HTTPS
Apache

<VirtualHost *:443>
ServerAdmin [email protected] Provide the
ServerName satoshicave.com
ServerAlias www.satoshicave.com administrator’s
DocumentRoot /var/www/satoshicave.com/public/ email address
</VirtualHost>
Apache

<VirtualHost *:443>
ServerAdmin [email protected]
ServerName satoshicave.com Provide the
ServerAlias www.satoshicave.com
DocumentRoot /var/www/satoshicave.com/public/
website‘s default
</VirtualHost> domain
Apache

<VirtualHost *:443>
ServerAdmin [email protected]
ServerName satoshicave.com
ServerAlias www.satoshicave.com Provide the
DocumentRoot /var/www/satoshicave.com/public/ website‘s aliases,
</VirtualHost>
such as subdomains
Apache

<VirtualHost *:443>
ServerAdmin [email protected]
ServerName satoshicave.com
ServerAlias www.satoshicave.com
DocumentRoot /var/www/satoshicave.com/public/
</VirtualHost> Provide the
directory that
contains the website’s
files
Apache

<VirtualHost *:443>
ErrorLog /var/www/satoshicave.com/log/error.log
CustomLog /var/www/satoshicave.com/log/access.log combined
</VirtualHost>

Provide a custom location for

the error and access logs
Apache

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /var/www/satoshicave.com/ssl/satoshicave.crt
SSLCertificateKeyFile /var/www/satoshicave.com/ssl/satoshicave.key
SSLCACertificateFile /var/www/satoshicave.com/ssl/satoshicave.cer
</VirtualHost>

Provide the location of

the SSL certificate’s files
Apache

<VirtualHost *:443>
ErrorDocument 400 /error/400.php
ErrorDocument 404 /error/404.php
ErrorDocument 500 /error/500.php
</VirtualHost>

Provide custom scripts for certain

HTTP errors. Display an informative or
funny message for an error
Apache
<VirtualHost *:443>
<Directory /var/www/satoshicave.com/public/>
Options FollowSymLinks
AllowOverride None
Require all granted
DirectoryIndex home.php
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^\.]+)$ $1.php [NC,L]
</Directory>
</VirtualHost>

Provide additional config and

redirection rules. This can also be
put in a .htaccess file
PHP

 Easily installable through apt-get

 Each PHP extension (eg mcrypt, mysql, gd) has to installed separately through apt-
get
 Apache will automatically detect your PHP installation
 Further configuration can be done in Apache’s php.ini file (just like XAMPP)
MYSQL

 Easily installable through apt-get

 Normal user and database creation through mysql’s client
 Can easily be accessed from PHP, as long as you have the MySQL PHP extension
installed during the previous step
FTP

 To access your webserver through FTP, you need a FTP server

 Install vsftp through apt-get
 Can configure to use the SSL certificate to have secure FTPS
 Good idea to use OS users as FTP users
 You can add multiple websites to your server
 Use one OS user per website
 Assign the OS user to an FTP account
 Each user/website can only access their own home directory through FTP
 Just like on Wheatley
EMAIL

 To be able to send and receive emails on your server

 Postfix (SMTP) for sending emails
 Dovecot (POP and IMAP) for receiving emails
 If you create a new email address/account, both Postfix and Dovecot have to be
linked to it
 You can use ViMbAdmin webinterface for admin control of email accounts, such as
creating and deleting accounts
 Configuring Postfix and Dovecot is a huge mess
EMAIL

 In order to use a webinterface on top of email system

 SquirrelMail
 RoundCube
 RainLoop
 Many more …
 phpMyAdmin, ViMbAdmin, and email clients (eg RoundCube) have to be added to
Apache’s configuration to be accessible
 Since they are websites on their own
EMAIL - Squirrel Mail
EMAIL - Round Cube
EMAIL - Rain Loop
EMAIL

 If you purchase a new server, it is very likely that outgoing emails are flagged as spam
 By spam filters, such as SpamHaus
 Or email providers, such as Gmail, Outlook, or Yahoo Mail
 You have to build up a reputation over years in order not to be flagged as spam
anymore
 Various things can be done to improve your reputation
 Use SSL certificates
 Adding a SPF entry to your DNS and using reverse DNS (RDNS)
 Registering your server with providers such as SpamHaus or Microsoft
Tools

 Two main categories of tools exists

 Tools for managing the OS, such as checking CPU utilization, installing packages, managing
users, adding cron jobs, updating the OS, etc
 Analytical tools for managing your website, tracking user locations, checking requests made
to the website, tracking ecommerce profits, etc
 You can use these tools in the following way
 SSH via the terminal into your server and execute Linux commands (eg: “top” to check CPU
utilization)
 Use and existing tool with a webinterface to easily manage everything via a GUI
Tools - Webmin

 System configuration tool for Unix and Windows systems

 Free and open-source
 Has a webinterface to easily manage your OS
 Fully packed with all kinds of OS functionality, packages, and configs
 Besides OS functionality, it also has management extensions for Apache, PHP, and MySQL
Tools - Webmin
Tools - LIBRENMS

 Similar to Webmin
 Free and open-source
 Provides less config functionality than Webmin, but has more advanced monitoring
features
 Plus a very nice interface and additional plugins
Tools - LIBRENMS
Tools - Piwik

 Analytical web tool

 Recently renamed to Matomo
 Free and open-source
 Provides details and stats on your website
 Analyses your access log in detail to extract user information
 Allows to add a function call to your PHP code for advanced tracking
 For instance, add a Piwik PHP function call to your code that is executed every time a user
purchases something from your website
 Track products and profits through Piwik
Tools - Piwik
Tools - CPanel

 Management tool for both the OS and web analytics

 Almost all shared hosting packages come with cPanel
 Has a lot of extensions that can be installed to add more features to cPanel
 Not all cPanels look the same
 Depends on the version
 Hosters often disable functionality which are only enabled if you pay more
Tools - CPanel
Tools - CPanel

 Server Statistics
 Track OS statistics, such as CPU and RAM utilization, disk usage, MySQL usage, network
usage, entry processes, etc
 Web Analytics
 View advanced details of website users and requests, such as users’ countries, devices, and
OSs, bandwidth usage, visited sites, etc
 Vie PHP errors and raw access logs
 File Management
 Manage FTP accounts and restrictions
 Upload files directly through cPanel if you don’t want to use FTP
Tools - CPanel

 Email Management
 Manage email accounts, setup forwarding address, automatics reposes, etc
 Access webmail through a webinterface (eg RoundCube, SquirrelMail)
 Database Management
 Manage databases and user access to those database
 Use phpMyAdmin for full control and SQL queries on the databases
 Domain Management
 Manage domains and add/remove subdomains
 Edit DNS entries and add redirections
Tools - CPanel

 Security Management
 Various security mechanisms such as blocking certain IPs from accessing your site
 Allows to add SSL certificates to your site
 Many hosters have Let’s Encrypt directly integrated into cPanel, so you can install a free SSL
certificate for your site with a single button click
 Preference Management
 Manage various parts of your webserver
 Edit Apache configurations
 Select a PHP version and configure PHP, such as setting the maximum RAM per script
execution, setting the maximum upload file size, setting the maximum execution time per
script, and much more
Tools - CPanel

 Software Management
 Install additional plugins to add more features to cPanel
 Add complete packages such as WordPress, Joomla, and content management systems
 Add extensions and libraries, such as Perl and PHP extensions
 Typically limited by shared hosters, the more you pay, the more packages/extensions can
be installed
 If you have a VPS or dedicated server and install cPanel yourself, you will obviously have
access to all packages supported by your system
DNS

 You have to setup the DNS for your website

 If you purchase a hosting package and domain from the same company, this is done
for you
 If you purchase from two different companies, there are two options:
 Use the domain company’s DNS server. You will have to add your server’s IP address as a
DNS entry to the domain company
 On your domain, change the DNS server to point to the DNS server of the hosting company.
Hence, the hosting server will handle the DNS resolution, not the domains server. This is
advised, since it will handle IP changes automatically (eg if you are on shared hosting, and
your hoster moves your website to a different server with a different IP address)
RDNS

 DNS resolves a domain name to an IP address

 Reverse DNS (RDNS) resolves an IP address to a domain name
 Therefore the exact opposite of DNS
 Does typically not work on shared hosting, since multiple websites share the same IP
address
 RDNS has many benefits
 Verifying ownership of a server
 Reducing the chance of your outgoing emails being flagged as spam
Webhosting made easy

This Photo by Unknown Author is licensed under CC BY-SA