Friday, April 6, 2012

Getting started with a Web Server


This week I am going to talk about creating a web server. A web server is used to host a number of services normally associated with web site building and web applications. A web server can be used to host Static Websites, such as a website about a small shop. Web Servers can also be used to host very large enterprise online applications such as eBay or a large online casino. Most probably, web sites with large online applications will have a front end on a web server, and having separate application and database servers.

Simple Web Server Installation using XAMPP for Windows

XAMPP is a small application which is mainly used for testing environment. It is not suggested to use XAMPP in production because it uses a package of services, some of which you might not need, posing more security risks in your web server. When setting up a production server, it is best to install the required services only when needed.

The XAMPP installation includes Apache, Perl, PHP, FileZilla, J2EE, MySQL, SMTP and Tomcat. All of these services are installed by default when installing XAMPP from the simple installer. To install XAMPP, is it fairly simple as it requires no knowledge of these technologies. It is just an installer and by pressing Next, Next, Next.... you can end up with a working web server. By default, each one of the services has to be started manually using the control panel of XAMPP, but there is also the option of starting them as a Windows Service, especially if the services are constantly used for testing purposes.

XAMPP also has a control panel which can be used to start and stop services. This can also be very useful to monitor which services are running

Installation of XAMPP

Like I already said, XAMPP is very easy to install. The first option is shown in the picture below. The service section is very important. You might use XAMPP very little on your computer. If this is the case, you would prefer not to start all these services when your computer starts but prefer to start them manually when you need them. Then just press the install button to continue with the installation. When the installation is finished, the XAMPP Control Panel window pops up. This can be used to start and stop the services manually, to install the services to start with Windows and you can also view the status of each service. After, the installation, is it better to restart the computer running XAMPP.


Figure 1: The only option in the installation of XAMPP


Figure 2: The XAMPP Control Panel

The scope of this blog is to create the web server. The rest of the services, except for PHP will not be taken into consideration.

Testing Apache Installation

Now we need to test the installation of Apache. The web pages are stored in a folder called htdocs within the installation of XAMPP. The default location is C:\xampp\htdocs. To test the web server, we can create a simple html file called index.html and put it in the htdocs folder.

01
<html>
02
<head>
03
<title>Test Page</title>
04
</head>
05
<body>
06
<h1>It Works!</h1>
07
</body>
08
</html>


There are several ways to test if the server is working. This is done by typing specific keywords in the address bar of the browser. The following is a list of different methods to test the web server:
  • http://localhost/index.html
  • http://127.0.0.1/index.html
  • http://<<ip address>>/index.html
  • http://<<ip address>>/index.html (from another PC in the same network)
  • http://<<public ip address>>/index.html (from another PC on the internet)




Figure 3: Testing the Web Server with localhost


Figure 4: Testing the Web Server with localhost IP Address


Figure 5: Testing the Web Server with its IP Address from another computer

Another thing to test for is HTTPS. This is very important as it uses SSL to provide encrypted communication and secure identification of a web server. Most people are using this as a safer way to browse the web. By default, this service is enabled on the Apache installation. To test for this, we just need to replace http with https in the address bar.


Figure 6: Testing the Web Server with HTTPS but it presented an error

When using https, the browser issued an error message that the certificate is not trusted. Then it gave us the option to proceed anyway to the website, with the risk of exposing our computer to a security treat or else we can close the website before it is too late. But why is there this message?

HTTPS

When using https, the web server administrator must create a public key certificate for the web server. This must be signed by a trusted certificate authority so that the web browser can accept it without presenting such a warning. Such a certificate certifies that the certificate holder is the owner of the web server. Certificates can be acquired from any certificate authority and some organizations can have their own certificate authority.


Figure 7: We clicked on proceed anyway to view the content

PHP

PHP, a server-side HTML embedded scripting language, is also a part of the XAMPP. To test if PHP is successfully installed, we can create a small test document with phpinfo() function to display the configuration of the PHP instance. Then we can open the test file we created in a browser as shown below:


Figure 8: phpinfo() function showing the current installation of PHP

Private Web Server

Using XAMPP we created a web server on our computer. This means that the websites which we put on our computer are only accessible from our computer. To make our web server accessible on the local network, we need to create an exception in the windows firewall for port 80 and port 443 connection. This allows other computers to connect to our web server making our web server able to serve the local network.

Public Web Server

However this does not mean that people from outside our network can access our web server. Creating a public web server needs a little bit more configuration. First of all people need to know our public IP address. We can know this by using www.whatismyip.org. The return address will be the public IP address of our router.

Our internet providers need to supply our router with an IP Address. Depending on how much we pay for our internet service, we can either have a dynamic IP address or a static IP address. A static IP address, as its name implies is static and does not change by time. This is a requirement if we plan to host services such as mail and web servers. A dynamic IP address is subject to change over time and this means that if it changes, the web server will not be accessible anymore.

Then we need to configure the router to forward the traffic destined for ports 80 and 443 to our computer. This depends on the make and model of the router or firewall so I won't go into much detail here. If not done properly, however, this can expose some of the private resources to the general public.

DMZ

DMZ stands for Demilitarized Zone. This is a zone within our private network where our servers are placed. This is a security measure to ensure that our private network is safe from intrusions. A web server is normally placed inside this DMZ. The best example is when the network has two firewalls and the DMZ is enclosed between the two firewalls. An example can be seen below.


Figure 9: The most secure way to implement DMZ

The figure above shows a DMZ within two firewalls. The first firewall controls all the traffic from the External Internet the DMZ. External traffic is not allowed if not explicitly allowed by a certain rule on the firewall, such as to allow traffic on ports 80 and 443 to the web server. All other traffic that tries to access the internal network or DMZ is dropped. Also, traffic originating from the DMZ area is not allowed to enter the private LAN. This means that if the security of the Web Server is compromised, it does not automatically breach the internal LAN.

Go on and try to build your own web server now! I will be with you next week with more on PHP.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)