This week I am
going to talk about creating a web server. A web server is used to host a
number of services normally associated with web site building and web
applications. A web server can be used to host Static Websites, such as a
website about a small shop. Web Servers can also be used to host very large
enterprise online applications such as eBay or a large online casino. Most
probably, web sites with large online applications will have a front end on a
web server, and having separate application and database servers.
Simple Web Server Installation using XAMPP for Windows
XAMPP is a small
application which is mainly used for testing environment. It is not suggested
to use XAMPP in production because it uses a package of services, some of which
you might not need, posing more security risks in your web server. When setting
up a production server, it is best to install the required services only when
needed.
The XAMPP
installation includes Apache, Perl, PHP, FileZilla, J2EE, MySQL, SMTP and
Tomcat. All of these services are installed by default when installing XAMPP
from the simple installer. To install XAMPP, is it fairly simple as it requires
no knowledge of these technologies. It is just an installer and by pressing
Next, Next, Next.... you can end up with a working web server. By default, each
one of the services has to be started manually using the control panel of
XAMPP, but there is also the option of starting them as a Windows Service,
especially if the services are constantly used for testing purposes.
XAMPP also has a
control panel which can be used to start and stop services. This can also be
very useful to monitor which services are running
Installation of XAMPP
Like I already
said, XAMPP is very easy to install. The first option is shown in the picture
below. The service section is very important. You might use XAMPP very little
on your computer. If this is the case, you would prefer not to start all these
services when your computer starts but prefer to start them manually when you
need them. Then just press the install button to continue with the
installation. When the installation is finished, the XAMPP Control Panel window
pops up. This can be used to start and stop the services manually, to install
the services to start with Windows and you can also view the status of each
service. After, the installation, is it better to restart the computer running
XAMPP.
Figure
1: The only option in the installation of XAMPP
Figure
2: The XAMPP Control Panel
The scope of
this blog is to create the web server. The rest of the services, except for PHP
will not be taken into consideration.
Testing Apache Installation
Now we need to
test the installation of Apache. The web pages are stored in a folder called
htdocs within the installation of XAMPP. The default location is
C:\xampp\htdocs. To test the web server, we can create a simple html file
called index.html and put it in the htdocs folder.
|
01
|
<html>
|
|
02
|
<head>
|
|
03
|
<title>Test Page</title>
|
|
04
|
</head>
|
|
05
|
<body>
|
|
06
|
<h1>It Works!</h1>
|
|
07
|
</body>
|
|
08
|
</html>
|
There are several ways to test if the
server is working. This is done by typing specific keywords in the address bar
of the browser. The following is a list of different methods to test the web server:
- http://localhost/index.html
- http://127.0.0.1/index.html
- http://<<ip address>>/index.html
- http://<<ip address>>/index.html (from another PC in the same network)
- http://<<public ip address>>/index.html (from another PC on the internet)
Figure
3: Testing the Web Server with localhost
Figure
4: Testing the Web Server with localhost IP Address
Figure
5: Testing the Web Server with its IP Address from another computer
Another thing to
test for is HTTPS. This is very important as it uses SSL to provide encrypted
communication and secure identification of a web server. Most people are using
this as a safer way to browse the web. By default, this service is enabled on
the Apache installation. To test for this, we just need to replace http with
https in the address bar.
Figure
6: Testing the Web Server with HTTPS but it presented an error
When using
https, the browser issued an error message that the certificate is not trusted.
Then it gave us the option to proceed anyway to the website, with the risk of
exposing our computer to a security treat or else we can close the website
before it is too late. But why is there this message?
HTTPS
When using
https, the web server administrator must create a public key certificate for
the web server. This must be signed by a trusted certificate authority so that
the web browser can accept it without presenting such a warning. Such a
certificate certifies that the certificate holder is the owner of the web
server. Certificates can be acquired from any certificate authority and some
organizations can have their own certificate authority.
Figure
7: We clicked on proceed anyway to view the content
PHP
PHP, a server-side HTML embedded scripting
language, is also a part of the XAMPP. To test if PHP is successfully
installed, we can create a small test document with phpinfo() function to
display the configuration of the PHP instance. Then we can open the test file
we created in a browser as shown below:
Figure
8: phpinfo() function showing the current installation of PHP
Private Web Server
Using XAMPP we
created a web server on our computer. This means that the websites which we put
on our computer are only accessible from our computer. To make our web server
accessible on the local network, we need to create an exception in the windows
firewall for port 80 and port 443 connection. This allows other computers to
connect to our web server making our web server able to serve the local
network.
Public Web Server
However this
does not mean that people from outside our network can access our web server.
Creating a public web server needs a little bit more configuration. First of
all people need to know our public IP address. We can know this by using
www.whatismyip.org. The return address will be the public IP address of our
router.
Our internet providers
need to supply our router with an IP Address. Depending on how much we pay for
our internet service, we can either have a dynamic IP address or a static IP
address. A static IP address, as its name implies is static and does not change
by time. This is a requirement if we plan to host services such as mail and web
servers. A dynamic IP address is subject to change over time and this means
that if it changes, the web server will not be accessible anymore.
Then we need to
configure the router to forward the traffic destined for ports 80 and 443 to
our computer. This depends on the make and model of the router or firewall so I
won't go into much detail here. If not done properly, however, this can expose
some of the private resources to the general public.
DMZ
DMZ stands for Demilitarized
Zone. This is a zone within our private network where our servers are placed.
This is a security measure to ensure that our private network is safe from
intrusions. A web server is normally placed inside this DMZ. The best example
is when the network has two firewalls and the DMZ is enclosed between the two
firewalls. An example can be seen below.
Figure
9: The most secure way to implement DMZ
The figure above
shows a DMZ within two firewalls. The first firewall controls all the traffic
from the External Internet the DMZ. External traffic is not allowed if not
explicitly allowed by a certain rule on the firewall, such as to allow traffic
on ports 80 and 443 to the web server. All other traffic that tries to access
the internal network or DMZ is dropped. Also, traffic originating from the DMZ
area is not allowed to enter the private LAN. This means that if the security
of the Web Server is compromised, it does not automatically breach the internal
LAN.
Go on and try to
build your own web server now! I will be with you next week with more on PHP.
