ProductsDesktop Server For Scientific Computing For IBM POWER For IBM System z For SAP Business Applications Red Hat Network Satellite ManagementExtended Update Support High Availability High Performance Network Load Balancer Resilient Storage Scalable File System Smart Management Extended Lifecycle SupportWeb Server Developer Studio Portfolio Edition JBoss Operations Network FuseSource Integration Products Web Framework Kit Application Platform Data Grid Portal Platform SOA Platform Business Rules Management System (BRMS) Data Services Platform Messaging JBoss Community or JBoss enterprise
SolutionsApplication development Business process management Enterprise application integration Interoperability Operational efficiency Security VirtualizationMigrate to Red Hat Enterprise Linux Systems management Upgrading to Red Hat Enterprise Linux JBoss Enterprise Middleware IBM AIX to Red Hat Enterprise Linux HP-UX to Red Hat Enterprise Linux Solaris to Red Hat Enterprise Linux UNIX to Red Hat Enterprise Linux Start a conversation with Red Hat Migration services
TrainingPopular and new courses JBoss Middleware Administration curriculum Core System Administration curriculum JBoss Middleware Development curriculum Advanced System Administration curriculum Linux Development curriculum Cloud Computing and Virtualization curriculum
ConsultingStandard Operating Environment (SOE) Strategic Migration Planning Service-oriented architecture (SOA) Enterprise Data Solutions Business Process Management
Issue #22 August 2006
- The kids are alright
- Belly up to the BarCamp
- How to set up a home web server
- The little laptop that could
- Fedora Core 6 advances printing
- Using Dogtail to automate Frysk GUI tests
- Integrated virtualization lives
- The Fedora message
- The Fedora Project and Red Hat Enterprise Linux, part 4
From the Inside
In each Issue
- Editor's blog
- Red Hat speaks
- Ask Shadowman
- Tips & tricks
- Fedora status report
- Podcast (XML)
- Magazine archive
How to set up a home web server
by Jeff "Crash" Goldin
It seems like everybody's blogging and sharing digital photos online. This booming hobby (and business) sends many people to paid hosting companies to share their thoughts and images. Though many companies are reliable and inexpensive, with a little work and some relatively cheap hardware you can host your own files, save some money, and have complete control over what services are available and how your content is displayed.
You will need a high-speed connection capable of bringing information to your home (downloading) and sending information out to the Internet (uploading). Most DSL and cable connections allow this, but some limit the amount of information that users are allowed to upload. Check with your local provider to see if they have such limits.
The next thing you should think about is a domain name. Your domain name is the name people will use to look up your web pages or to send you email. You will want to register this domain name. There are several services that can help do that. If you're using a dsl connection or a cable modem, you may not have a static network address, so you should look at services from sites like dyndns.org, no-ip.com, or zoneedit.com. Some of these services can also help with domain registration.
Once you have an internet connection and have set up your domain name, the next step is to purchase and set up a home router. This piece of equipment will allow you to share your network connection with several computers. And, importantly, it will also serve as a first line of defense for your home web server. Any good electronics store will have a selection of routers.
Make sure that the model you select fits the following profile:
- Choose a router with a couple of hardwired Ethernet ports, sometimes known as RJ-45 LAN jacks. It is not recommended to use a wireless connection for your web server.
- Make sure that your router is capable of port forwarding, as this will be necessary to route the outside web traffic to your web server. We will talk about configuration of this later in this article.
The last piece of hardware you will need is the actual computer. There a few requirements for the machine:
- Minimum processor speed of 1Ghz
- At least 1 Gigabyte (GB) of RAM in system memory
- A DVD burner
- Adequate storage for your website's needs
- Note on storage
- It's advised to consider your web server's needs for long-term storage. What you plan on sharing will be the determining factor in the amount of storage you will need, and a little bit every few days really adds up. Most still digital pictures range in size from 2 Megabytes (MB) and up, varying widely due to size and resolution. Videos are even larger, with a full-length movie averaging around 1,000MB (or 1GB) in size. Music files and software packages are also pretty huge. An MP3 file averages around 4MB, while the same file, in .wav format, weighs in at a whopping 40MB. Realistically, the initial hard drive should be no less than 160GB.
Now for the details:
- Make sure your new server has a 10/100 Ethernet connection.
- Have the right peripherals. You will need a keyboard, mouse, and monitor to complete your installation. Once your computer is up and running, you will not need the monitor plugged into your computer full time, so you can borrow a monitor from a computer you already have.
- If you plan on uploading photos to your server, you may want a compatible memory card reader. It will make uploading your pictures much easier and faster.
- An uninterruptable power supply (UPS) will help protect your computer from power spikes and outages.
Once all the pieces have been assembled, it's time to begin installation.
- Power on your computer and insert the Fedora™ Core or Red Hat® Enterprise Linux® installation disk into your DVD drive.
- Select your language and keyboard setup.
- You can select automatic partitioning for your hard drive space, but it may not be ideal for this kind of deployment. Here is a suggested breakdown of your partitions, based on a computer with 1GB of RAM and a 160GB hard drive:
/boot 100MB / 10240MB swap 2048MB (this should be twice the system memory) /tmp 5120MB /var 133120MB (this is where the majority of your web content will be stored) /var/log 10240MB
- Select the default settings for the boot loader and allow it to be installed in the master boot record (MBR).
- When you get to network configuration:
- Turn off
configure using DHCP.
- Turn on
activate on boot.
- Set the IP address to a value in your network range. Make sure it is an address that is not being used by another computer or device on your network.
- Set the network mask to your network settings.
- When you get to firewall configuration:
- Enable firewall
- Click on the web server
Set SELinuxto warn until the installation is complete and all applications have been installed.
- Continue through the next several install screens, making sure to note your root password.
An "everything" install is not required or recommended for this type of application. You should perform a custom installation, making sure to select the editors, web server, and MySQL (this is the database often used by blogging and photo-sharing applications) packages.
Continue clicking through until the install finishes. The installer should then eject your install disk and automatically reboot your computer.
- A handy trick at this point in the install is to enter your computer's BIOS--usually accessed by hitting the F1 or delete key during boot (check your computer's documentation for the correct command). In the BIOS, you can set your computer to reboot on power loss. Then, if your server suffers an extended power loss, when the power is returned it will automatically restart.
Once the computer reboots, login with your root password. Now would be a good time to check for updates to your operating system. You can set up a service like RHN to get automatic updates for Red Hat Enterprise Linux, or download Fedora Core package updates from any number of mirrors.
Once updated and rebooted, it's time to configure your services:
- Make sure that
mysqldare started and selected to start on boot, then save the service configuration.
- Verify that your web server is working correctly by opening a browser and pointing it at
http://localhost/(which always points to the web server on your computer). You should see the test page for apache, the web server application.
Your web server comes with a basic configuration, but some customization is suggested for optimal performance. Open a terminal window and:
cd /etc/httpd/conf cp httpd.conf httpd.conf.bak
You've made a backup of the stock httpd.conf file. Now edit it with the text editor of your choosing. Make the following changes:
ServerAdmin <add an email address not on this machine> ServerName www.<your domain name>
Save and close the editor. Issue the command:
service httpd restart
This will restart the web server with your changes.
If your Internet provider uses dynamic addresses, then you will need to install an application to track and update your information with your domain provider. This is usually a matter of installing and configuring the application. Doing this will add your router login information as well as your provider login information to the configuration file.
- edit the
/etc/ddclient/ddclient.conffile and uncomment the section for your router
- add in the password you set for the admin user (ie use=linksys, fw=linksys, fw-login=admin, fw-password=admin)
- in the myserver section, add your login and password for dyndns.org, along with your hostname.
As an example:
server=members.dyndns.org login=mylogin password=mypassword myhost.dyndns.org
Finally make sure that the ddclient service is configure to run at start time by issuing the command:
chkconfig --add ddclient 345
SecurityTo increase the level of security on your webserver, you may want to add some of the following lines of code to
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT (this line allows only machines on your local network to access the server) -A INPUT -m state --state ESTABLISHED -j ACCEPT (these lines allows existing connections to remain open while changing your firewall rules) -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -j DROP (this line blocks unauthorized mail connections) -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT (this line allows local network in) -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT (these rules allow ipsec connections) -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT (this line allows website traffic to pass) -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited (this line blocks all other port connection to your computer) COMMIT
The above example assumes your network is on the 192.168 range. If yours is not, adjust the numbers according to your network information. Remember to restart your iptable service afterwards for the change to take effect.
You are finished with your server's installation and configuration. Now it is time to add your content. Perhaps this a photo gallery program, a blog application, or even some simple static web pages. Anything that is going to be available online should be stored in
Open for business (port forwarding)
Once you have your content in place, the final step in the setup process is to reconfigure your router to allow network traffic access to your web sever. Open up a browser and go to your router's configuration page. Typically this is done by pointing your browser at the IP address of the router (example: 192.168.0.1). Look for the port forwarding section and make sure all http services or port 80 traffic is sent to the IP address of your web server.
If all went well you should now be able to point your browser at
www.<yourdomain>, where you should see your home page. You can confirm that things are working by contacting someone not on your local network to see if they can visit your new website.
Now that your web server is up and running, you will want to make sure it stays that way. Continue regularly checking for updates to keep it stable and secure. Because you are allowing outside access, you will want to pay close attention to the activity on your web server.
A transaction record of your web activity is automatically saved in
/var/log/httpd. Here you will find four basic files;
Access_log will show a log of all pages viewed, what type of browser viewed them and from what network address the requests came.
Error_log will show all errors encountered by your website, included pages not found and problems with starting the service.
ssl_error_log record all secure pages, which were not covered in this setup guide.
The numbers at the end of the files indicate older files that are stored as a temporary back-up. These back-up files are automatically overwritten over time.