Issue #22 August 2006

How to set up a home web server

by Jeff "Crash" Goldin

It seems like everybody's blogging and sharing digital photos online. This booming hobby (and business) sends many people to paid hosting companies to share their thoughts and images. Though many companies are reliable and inexpensive, with a little work and some relatively cheap hardware you can host your own files, save some money, and have complete control over what services are available and how your content is displayed.

Services

You will need a high-speed connection capable of bringing information to your home (downloading) and sending information out to the Internet (uploading). Most DSL and cable connections allow this, but some limit the amount of information that users are allowed to upload. Check with your local provider to see if they have such limits.

The next thing you should think about is a domain name. Your domain name is the name people will use to look up your web pages or to send you email. You will want to register this domain name. There are several services that can help do that. If you're using a dsl connection or a cable modem, you may not have a static network address, so you should look at services from sites like dyndns.org, no-ip.com, or zoneedit.com. Some of these services can also help with domain registration.

Hardware

Once you have an internet connection and have set up your domain name, the next step is to purchase and set up a home router. This piece of equipment will allow you to share your network connection with several computers. And, importantly, it will also serve as a first line of defense for your home web server. Any good electronics store will have a selection of routers.

Make sure that the model you select fits the following profile:

  • Choose a router with a couple of hardwired Ethernet ports, sometimes known as RJ-45 LAN jacks. It is not recommended to use a wireless connection for your web server.
  • Make sure that your router is capable of port forwarding, as this will be necessary to route the outside web traffic to your web server. We will talk about configuration of this later in this article.

The last piece of hardware you will need is the actual computer. There a few requirements for the machine:

  • Minimum processor speed of 1Ghz
  • At least 1 Gigabyte (GB) of RAM in system memory
  • A DVD burner
  • Adequate storage for your website's needs
Note on storage
It's advised to consider your web server's needs for long-term storage. What you plan on sharing will be the determining factor in the amount of storage you will need, and a little bit every few days really adds up. Most still digital pictures range in size from 2 Megabytes (MB) and up, varying widely due to size and resolution. Videos are even larger, with a full-length movie averaging around 1,000MB (or 1GB) in size. Music files and software packages are also pretty huge. An MP3 file averages around 4MB, while the same file, in .wav format, weighs in at a whopping 40MB. Realistically, the initial hard drive should be no less than 160GB.

Now for the details:

  • Make sure your new server has a 10/100 Ethernet connection.
  • Have the right peripherals. You will need a keyboard, mouse, and monitor to complete your installation. Once your computer is up and running, you will not need the monitor plugged into your computer full time, so you can borrow a monitor from a computer you already have.
  • If you plan on uploading photos to your server, you may want a compatible memory card reader. It will make uploading your pictures much easier and faster.
  • An uninterruptable power supply (UPS) will help protect your computer from power spikes and outages.

Once all the pieces have been assembled, it's time to begin installation.

Installation

  1. Power on your computer and insert the Fedora™ Core or Red Hat® Enterprise Linux® installation disk into your DVD drive.
  2. Select your language and keyboard setup.
  3. You can select automatic partitioning for your hard drive space, but it may not be ideal for this kind of deployment. Here is a suggested breakdown of your partitions, based on a computer with 1GB of RAM and a 160GB hard drive: 
    /boot 100MB
/        10240MB
swap 2048MB  (this should  be twice the system memory)
/tmp  5120MB
/var 133120MB  (this is where the majority of your web content will be stored)
/var/log 10240MB
  4. Select the default settings for the boot loader and allow it to be installed in the master boot record (MBR).
  5. When you get to network configuration:
    • Select manual settings.
    • Select configure eth0.
    • Turn off configure using DHCP.
    • Turn on activate on boot.
    • Set the IP address to a value in your network range. Make sure it is an address that is not being used by another computer or device on your network.
    • Set the network mask to your network settings.
  6. When you get to firewall configuration:
    • Enable firewall
    • Click on the web server Set SELinux to warn until the installation is complete and all applications have been installed.
  7. Continue through the next several install screens, making sure to note your root password.

Package selection

An "everything" install is not required or recommended for this type of application. You should perform a custom installation, making sure to select the editors, web server, and MySQL (this is the database often used by blogging and photo-sharing applications) packages.

Continue clicking through until the install finishes. The installer should then eject your install disk and automatically reboot your computer.

Tip
A handy trick at this point in the install is to enter your computer's BIOS--usually accessed by hitting the F1 or delete key during boot (check your computer's documentation for the correct command). In the BIOS, you can set your computer to reboot on power loss. Then, if your server suffers an extended power loss, when the power is returned it will automatically restart.

Configuration

Once the computer reboots, login with your root password. Now would be a good time to check for updates to your operating system. You can set up a service like RHN to get automatic updates for Red Hat Enterprise Linux, or download Fedora Core package updates from any number of mirrors.

Once updated and rebooted, it's time to configure your services:

  1. Start system-config-services
  2. Make sure that httpd and mysqld are started and selected to start on boot, then save the service configuration.
  3. Verify that your web server is working correctly by opening a browser and pointing it at http://localhost/ (which always points to the web server on your computer). You should see the test page for apache, the web server application.

Your web server comes with a basic configuration, but some customization is suggested for optimal performance. Open a terminal window and: 

cd /etc/httpd/conf
cp httpd.conf httpd.conf.bak

You've made a backup of the stock httpd.conf file. Now edit it with the text editor of your choosing. Make the following changes:

ServerAdmin <add an email address not on this machine>
ServerName www.<your domain name>

Save and close the editor. Issue the command:

service httpd restart

This will restart the web server with your changes.

Dynamic IP

If your Internet provider uses dynamic addresses, then you will need to install an application to track and update your information with your domain provider. This is usually a matter of installing and configuring the application. Doing this will add your router login information as well as your provider login information to the configuration file.

Ddclient is a popular choice for this and works with Dynamic Network Services. You can get the RPM for ddclient via yum. To configure ddclient:

  • edit the /etc/ddclient/ddclient.conf file and uncomment the section for your router
  • add in the password you set for the admin user (ie use=linksys, fw=linksys, fw-login=admin, fw-password=admin)
  • in the myserver section, add your login and password for dyndns.org, along with your hostname.

As an example:

server=members.dyndns.org
login=mylogin
password=mypassword
myhost.dyndns.org

Finally make sure that the ddclient service is configure to run at start time by issuing the command:

chkconfig --add ddclient 345

Security

To increase the level of security on your webserver, you may want to add some of the following lines of code to /etc/sysconfig/iptables:

-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT (this line allows only machines on your local network to access the server)
-A INPUT -m state --state ESTABLISHED -j ACCEPT (these lines allows existing connections to remain open while changing your firewall rules)
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j DROP (this line blocks unauthorized mail connections)
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT (this line allows local network in)
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT (these rules allow ipsec connections)
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT (this line allows website traffic to pass)
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited (this line blocks all other port connection to your computer)
COMMIT

The above example assumes your network is on the 192.168 range. If yours is not, adjust the numbers according to your network information. Remember to restart your iptable service afterwards for the change to take effect.

Content

You are finished with your server's installation and configuration. Now it is time to add your content. Perhaps this a photo gallery program, a blog application, or even some simple static web pages. Anything that is going to be available online should be stored in /var/www/html.

Open for business (port forwarding)

Once you have your content in place, the final step in the setup process is to reconfigure your router to allow network traffic access to your web sever. Open up a browser and go to your router's configuration page. Typically this is done by pointing your browser at the IP address of the router (example: 192.168.0.1). Look for the port forwarding section and make sure all http services or port 80 traffic is sent to the IP address of your web server.

If all went well you should now be able to point your browser at www.<yourdomain>, where you should see your home page. You can confirm that things are working by contacting someone not on your local network to see if they can visit your new website.

Vigilance

Now that your web server is up and running, you will want to make sure it stays that way. Continue regularly checking for updates to keep it stable and secure. Because you are allowing outside access, you will want to pay close attention to the activity on your web server.

No login required. Want to see your comments in print? Send a letter to the editor.

A transaction record of your web activity is automatically saved in /var/log/httpd. Here you will find four basic files; access_log, error_log, ssl_access_log, and ssl_error_log.

Access_log will show a log of all pages viewed, what type of browser viewed them and from what network address the requests came.

Error_log will show all errors encountered by your website, included pages not found and problems with starting the service.

Ssl_access_log and ssl_error_log record all secure pages, which were not covered in this setup guide.

The numbers at the end of the files indicate older files that are stored as a temporary back-up. These back-up files are automatically overwritten over time.

More resources

About the author

Jeff "Crash" Goldin is a system administrator with many years experience. In his spare time he enjoys cooking gourmet meals, riding his mountain bike, and spending quality time with his wife Melissa, their two house-rabbits, and the world of Evil-doers.