Production webservers
Mark Chisholm guides you through the process of installing and configuring your own web server.
Mark Chisholm guides you through the process of installing and configuring your own web server, with a polished and secured Apache build ready for the big time.
Firstly, what do we mean by “production ready”? We’re taking the assumption that you’re setting up a server with some critical data, where wasted time means wasted money if it were to collapse or otherwise break down. Uptime is paramount to a fully functioning web server.
Of course, there are a lot of different types of Linuxbased operating systems to choose from, so what would make a good base for a web server? Well, we need it to be rock-solid stable, with few breakages (and preferably none at all) during a package upgrade or kernel installation.
Debian or Ubuntu are both good choices for this, and while there isn’t anything actually stopping you using Arch or Gentoo, they’re probably best avoided – we’re looking to make it rock-solid, rather than anything like a Jenga tower. Statistics show us that over 80 per cent of websites and web applications are powered by opensource web servers. With stability being one of Debian’s main points, it’s easy to see why we’ve chosen to use it for this tutorial.
Server choice
You may have heard the term ‘LAMP stack’ when referring to web servers; this simply means a collection of software including Linux, Apache (the HTTP server itself), MYSQL (for database management) and a ‘P’rogramming language such as PHP. An alternative is a LEMP stack, where Apache is replaced by the Nginx server. (Developers love to make things more complicated than necessary, so “Nginx” is pronounced as “Engine x”, hence the E.) Good old Apache might be a bit long in the tooth, but it’s still more than capable of powering high-traffic websites easily. The Apache HTTP server project aims to be a modern, open source web server for all operating systems – even Windows. It’s designed to be powerful and flexible, working in environments that require different feature sets.
Apache 2.0 introduced multi-processing modules – MPMS – that are responsible for binding to the network ports and accepting requests. To a user they appear much like the other Apache httpd modules you may be familiar with. The only difference is that one, and only one, MPM can be loaded onto the server at any time. This results in a secure, efficient and extensible framework that complies with all HTTP standards.
Apache is still arguably the de facto web server if you intend to host multiple sites on one server. This is where Apache maintains its edge, but it can still lose out in performance terms to web servers such as Nginx. While Nginx is also an open source web server, it offers an Nginx+ option with software-based load balancing, a content cache and even an API gateway. The catch is that you pay per instance for this option.
There are other alternatives such as (see Roundup
LXF245) lighthttpd, which is fully open source under a revised BSD licence. Its developers are quite modest in their own description of the web server, saying it powers just “several” of the websites in existence today. However, it’s still actively updated and maintained, and
its feature set is all about serving pages quickly. As of January 2019 the Apache webserver still dominates in most metrics, but Nginx (see LXF222, LXF188-190) is leading the way in terms of growth. For the sake of trying to simplify an already fairly complex undertaking, we’ll be using Apache.
Now let’s look at the networking side of things. Imagine walking up to a restaurant for your reservation where a doorman decides if you’re getting in or not. This is roughly equivalent to a HTTP request to the firewall determining if it will pass the traffic. Most web servers are configured to handle HTTP requests on port 80 of a firewall, and HTTPS on 443. If the port isn’t open you won’t be able to complete the HTTP request which you’re trying to send to the server, because it’s blocked at the firewall.
Our example restaurant is one of those fancy ones where you have to report to the front desk to be allocated a seat after giving them your name. So you tell them the name of the site you want to access and they sit you down there.
Imagine each of those seats in that restaurant is a website; the person at the front desk wouldn’t quite know where to put you to if you didn’t have the name of the site in the HTTP request. This is important because of the way in which Apache – and indeed a lot of web servers worth their salt – can host multiple websites on one server. It’s called virtual hosting, and creating virtual hosts is an easy and a really cheap way of hosting more than one site on the same server.
Table for two, please
You may be wondering about how and where you’re going to host the server –and there are a few options for this. While you can do this on your local area network (LAN) at home as a way of accessing files, not all ISPS will allow you to open up port 80 to start serving content through the internet. They might allow it in the firewall of their routers, but if you check the fine print of your agreement, it might well say otherwise.
Another issue with hosting your fancy server at home is the availability or otherwise of a static IP address. You’ll need one of these in order to point the domain name to resolve to.
DNS servers work by taking a domain name and seeing which IP address it goes to. If you open a terminal and try pinging a website, it will expose that IP address as well as the domain name. So if you tell a DNS server to always point to 192.168.0.1 and your ISP allocates you a new dynamic IP address – as most do – the DNS server is still going to be pointing towards the old address. Another issue with hosting a web server at home is that it needs to be powered on 24/7 – if you want people to be able to access content 24/7.
A virtual private server (VPS) is a good way of getting a server up and running and there are a lot of cheap options for renting one of these. Depending on your use case, though, be sure to assess if you need a hexa-core VPS or if the little single-core, 512MB RAM option is sufficient. A lot of business owners like the idea that a VPS can grow with their business really easily – something to bear in mind if they become your clients one day.
There are managed and unmanaged options for a VPS. A managed option means there is some support, while the unmanaged option means you’re running as root, trying to keep it all together yourself. There are actually shared hosting options as well, but these usually don’t come with a lot of fine-tuning control – and at Linux Format we like working on servers under the bonnet, with a crowbar if the need arises.
Soup of the day
For the ‘M’ of our LAMP stack, there are two notable contenders. MYSQL is known to be used by the likes of Facebook, Github and Youtube, to name just a few. Alternatively there’s (see LXF253, LXF196) Mariadb, a fork of MYSQL, which is used by some giants in the tech industry such as Redhat, SUSE and Ubuntu/canonical. MYSQL uses caching sha2 passwords as its authentication plug-in which greatly improves security.
The P in the lamp stack can either stand for PHP, Perl or Python. Of course you can have more than one installed, and indeed you might need to for everything to work as intended, since Perl and Python can install themselves as dependencies of other packages.
Some individuals vehemently dislike PHP; it gets a lot of hate, and can be the butt of a lot of jokes in the sysadmin world, with some even questioning its relevancy and value in 2019. To this we would respond that you can still find COBOL being used in certain use cases – that’s a language developed in 1959. PHP is still actively developed and maintained in 2019, and as of
version 7 it’s a lot faster while still being simple and syntax-rich. It still powers large and complex websites such as Facebook.
Enough talking – it’s time to start building this server. In order to begin installing the required software it’s a good idea to double-check that our Debian installation is up to date, which we can do with:
sudo apt-get update && apt-get upgrade
Next we’ll install the MYSQL server:
sudo apt-get install mysql-server mysql-client
The installation process will ask you to enter a root password for the MYSQL database. Use something strong and different from all the other passwords you use; remember this is a server that you’re exposing to the entirety of the internet, and it’s all front-facing and publicly accessible.
Next we’ll be installing Apache, but again remember that we’re approaching this from a ‘how-to’ perspective. You might have your own needs that would really benefit from Nginx software load-balancing – it’s your server and you can choose what gets installed. We’re choosing Apache not because of any bias towards it, but it makes things far easier to set up – either in a real VPS or a virtual machine instance in Virtualbox. Apache is also really well-documented for Debian- and Ubuntubased installs, so should also be approachable for beginners to Linux in general.
With that said let’s install Apache:
sudo apt-get install apache2 apache2-doc
Now you can configure user directories for Apache to use; again, it’s up to you if you choose to do this. First we need to enable the ‘userdir’ module; with a Debianbased distribution this as easy as this:
sudo a2enmod userdir
From there we then need to make sure that the /etc /apache2/mods-enabled/userdir.conf looks like:
Userdir public_html
Userdir disabled root
Options Multiviews Indexes Symlinksifownermatch
Require all granted
Require all denied
For the next step it’s important to create the directory as your user account – don’t create it as root or you will run into permission errors later on.
$ mkdir /home / user/ public_html
Next we need to change the group of the newly created directory so that Apache can access it. For this we need to be root or use sudo with the command:
chgrp www-data /home / user/ public_html service apache2 restart
You might get a ‘Forbidden’ error when trying to access the home folder through Apache. In that case you need to verify if home/user/ has the following permissions:
drwxr-xr-x
If they don’t, enter the following command as root:
# chmod 755 /home/user
Once that’s done we can then begin installing PHP with the command:
sudo apt-get install php php-mysql
Once PHP is installed we can double-check it actually works by entering the following commands:
sudo nano /var/www/html/test.php
Press Ctrl+x followed by Y to save it. If you then try accessing http://
Who had the starter?
Now that you have a working web server it’s time to actually start serving content. We’ll use Wordpress for that since it’s easy to install and configure. Wordpress advertises itself as a blogging platform, but even though it’s perfect for blogging it’s also perfect for serving static content, while being user-friendly and making it easy to update a site – which is why it’s so widely used in the industry.
To begin the installation we need to enter the following commands:
sudo apt-get install wordpress curl
Once Wordpress is installed it’s a good idea to make sure that we have a secure MYSQL installation to use for it. We do that with:
mysql_secure_installation
Once that’s done we can begin creating a site.
nano etc / apache2/ sites-available / wp.conf
And enter this
Servername myblog.example.com Serveradmin webmaster@example.com Documentroot /usr/share/wordpress
Alias /wp-content /var/lib/wordpress/wp-content
Options Followsymlinks Allowoverride Limit Options Fileinfo Directoryindex index.php
Require all granted
Require all granted
Errorlog ${APACHE_LOG_DIR}/ERROR.LOG Customlog ${APACHE_LOG_DIR}/ACCESS.LOG combined
Just remember to replace example.com with your own domain name or server IP address. Once that’s done you can disable the default Apache site and enable the Wordpress site with the following command:
a2dissite 000-default a2ensite wp
Finally we’re ready to reload the web server via:
sudo systemctl reload apache2
Now we need to create and configure the conf file for Wordpress by entering the command:
nano /etc/wordpress/config-myblog.example.com. php
Then we need to add the following to the file:
?>
Needless to say, replace password with a suitably secure password. Next we create a file that holds the database creation instructions: nano ~/wp.sql
CREATE DATABASE wordpress;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DR OP,ALTER
ON wordpress.*
TO wordpress@localhost
IDENTIFIED BY ‘password’;
FLUSH PRIVILEGES;
Once that’s done we’ll be able to log in to Wordpress with the credentials you created earlier and access the blog. Remember that even though it defaults to being a
blogging platform, it’s better described as a content management system, or CMS. It has even been described as a factory that creates webpages. Wordpress is based on PHP and MYSQL and features many free templates which you can use to design your site as you see fit. There a lot of extra add-ons you can install as well, such as woo-commerce for shopping and setting up an e-commerce site.