Easily host your own web sites | part 3: networking

Contents


network cablesSo far in this series, we’ve set up our server hardware and installed and configured the operating system and web hosting application. In today’s article, we’ll look at how you enable people to browse content on your server (wherever they and it may be).

Port forwarding

Most SOHO routers are configured to prevent unsolicited inbound traffic. If you want people to be able to view web sites on your server therefore, you need to create a conduit through which web traffic can pass. This is usually called “port forwarding”. Broadly speaking, ports segregate different types of network traffic. Web traffic comes in on port 80 (TCP), SSH traffic on port 22 (TCP), encrypted web traffic (HTTPS) on port 443 (TCP) and so on. So you need to configure your router to forward port 80 traffic to the static IP address you configured for your server (see part 2). You may also wish to forward port 10000 (Webmin) and port 22 (SSH) so you can administer your server remotely, but be warned that as soon as you do, so-called “script kiddies” will start trying to break into your server. So proceed with caution, and read up on the risks. You’re pretty safe forwarding port 80, provided your web sites are well designed.

To find out how to set up port forwarding on your router, read the manual, or check out the references at portforward.com. Once you’ve done that, check that the port is forwarded by browsing to your network’s external IP address. How do you find that out? From within the network, browse to icanhazip.com.

If you’ve forwarded the port correctly, and if you’re not caught by the hairpin NAT gotcha (see below), you should see the default web page from your new web server. On my new server, the page looks like this:

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

Dynamic vs. Static IP addresses

If you are going to be hosting any kind of internet service (like a web server), it is easiest to have a static IP address. DNS (the Domain Name System) converts “human-friendly” web addresses such as “pomeroy.me” into “computer-friendly” IP addresses such as “178.248.39.218”. This is great if your network’s external IP address never changes, but for many customers on cable, broadband or dial-up connections, their IP address is “dynamic”, meaning that it might be different each time the modem or router reboots. There is a workaround for dynamic IP addresses (see the section on Dynamic DNS, below), but in the long run, it might be easiest simply to ask your ISP for a static IP address. In many cases that costs little or no more than a dynamic address.

Dynamic DNS

With Dynamic DNS (DDNS), your router or server contacts a DDNS service provider on the internet and reports its current external IP address. The DDNS server then transmits this information through the internet via the DNS system. Changes can take a while to take effect, but it’s better than nothing. My current DDNS provider of choice is changeip.com. ChangeIP.com has a free service, where you use a sub-domain from one of several domains they have available (e.g. fredbloggs.changeip.org).

Many routers can speak DDNS, meaning that as soon as the router reboots, it can check in with the DDNS provider and let it know if the IP address has changed. See your router’s manual for more information. If your router doesn’t directly support this, you can install software on your server that will periodically update the DDNS service. Read ChangeIP.com’s page on DDNS clients. You’ll need to install one of the scripts on your server, and set up a cron job to run the script as often as you like (providing you don’t breach the DDNS provider’s terms of service). You can of course use Webmin to set up your cron job.

Regular DNS

If you have your own domain registered, like me, and you’re using a static IP address, all you need to do is point your domain to your external IP address. Log into your domain host and add “A records” as needed.

Note: Did you know that the customary “www.” prefix on many websites is an unnecessary hangover from earlier in the internet’s history? You can use www.mydomain.com if you like, or simply mydomain.com. Note however that when you set up a “mydomain.com” web site using Virtualmin, Virtualmin automatically makes a “www.mydomain.com” alias, so that either will resolve to the same web site code. If you want DNS to work with both, you’ll need to add two A records: one for “@” and one for “www”.

Hairpin NAT

For most people, that’s it. You should now be able to create web sites on your server, use DNS or DDNS to broadcast those web sites to the outside world, and receive visitors from all around the world. But there’s a very significant “gotcha” with some routers, when you’re attempting to browse your web site from your LAN. If you’re on the same physical network as your web server, when you enter the web address in your browser, it should attempt to browse to your network’s external IP address. In other words, your web query goes out and attempts to come back in again. This out-and-back-again behaviour is known as “hairpin NAT” and not all routers can handle it.

If you’re one of the unlucky ones and you don’t want to swap your router for a better one, you have two main options. Technically, the best option is to run your own private DNS server (which you can do on the same server), but that is complicated and a bit of a hassle. If you’re only browsing from a single PC, the quick-and-dirty solution is to edit your hosts file. This file is located somewhere like “C:\Windows\System32\drivers\etc\hosts”. There are a lot of resources on the internet that will explain to you more about this file, but let me help you over one little hurdle: if you’re using Windows Vista or later, you need to edit this file as an Administrator. To do that, right-click Notepad and choose “Run as Administrator”. Then open the hosts file from within Notepad. You’ll need to change the files filter to “*.* (All files)”.

The default hosts file contains details about the format of entries. Suffice it to say that you’ll put here the DNS name of your web site and the internal LAN IP address of your web server. Your web browser, when looking up an IP address, should check the hosts file first, so in this scenario, you won’t be going out and back again. If you then take that computer somewhere else (e.g. it’s a laptop and you’ve taken it to work), you’ll need to remove the relevant hosts file entries, in order to browse to the external IP address of your network.


Networking is a complicated area and I have only scratched the surface here, in an effort to get most people up and running quickly. By all means if you’re stuck at a particular point, post a comment and, time permitting, I’ll try to point you in the right direction. In the meantime, stay tuned for part 4 of this series in which I will provide some initial pointers on building your own web site.

Cables image copyright © Pascal Charest, licensed under Creative Commons. Used with permission.

Easily host your own web sites | part 2: server

Contents


If you followed part 1 of this series, you’ll now have a physical machine ready for installation of your new server operating system and applications. In this post, part 2 of the series, I’ll be focusing on the operating system and one application – the application which will provision your websites.

Operating system

ubuntu logoAlthough you’ll most likely be very familiar with Microsoft Windows or Apple’s OS X, we will be using Linux to power this server. Linux is an operating system well suited to web servers, but most compellingly, you can freely download it and don’t need to worry about costs or client/device access licences.

Note: some people prefer you to refer to the operating system as “GNU/Linux”. I am not promoting any particular viewpoint here; I simply feel this article would become even more cumbersome to read if I wrote “GNU/Linux” all the time. I shall stick to “Linux”, which is also the term with which most people are familiar, for better or worse.

There are many, many flavours (“distributions”) of Linux available. I’ve been through this loop quite a few times, so let me save you some time and point you in the direction of a distribution that I have found most suitable for this “home web server” scenario: Ubuntu. There are several editions of Ubuntu, but the most appropriate is Ubuntu Server, which you can download here. Make sure you download the 32-bit version, if you’re not running a 64-bit machine.

Why Ubuntu?

There are many reasons for choosing Ubuntu for this project, but here are my top five:

  1. The apache2-suexec-custom package: This is delving into detail very early, so for now just take my word for it that this Ubuntu package is going to make your life a lot easier when we set up Virtualmin (see below). Other Linux distributions lack this package and you end up having to recompile the Apache server to enable virtual hosting. For most readers, that’s an unnecessary complication.
  2. Community support: at the time of writing, the official Ubuntu forums had heading towards two million members. That translates into a huge pool of knowledgeable people willing to help with problems.
  3. Heritage: Ubuntu is based on Debian, one of the granddaddy Linux distributions. Ubuntu’s mission was to bring Linux into the mainstream, making it more user-friendly, without sacrificing the features that make Debian such a robust and stable system.
  4. Long-term support: each iteration of Ubuntu has an “LTS” version, confirming it will remain in support for five years from the date of first release. Most significantly, this means that one can expect security patches to be available for a predictable period of time.
  5. Simplicity: installing Ubuntu is usually very easy. It detects an extremely wide range of hardware and makes many sensible choices for the end user, which results in a straightforward installation process. Once installed, many packages are readily available to enhance and extend the features of the server.

Installation

So, you’ve downloaded Ubuntu Server and burnt your installation DVDs. There are many places on the internet that take you through the installation of your Ubuntu server. Here, I will simply concentrate on the critical settings and options that will ensure your server is ready to host websites from day 1.

Network configuration

The first “gotcha” relates to networking. If you connect your server to a network on which a DHCP server is running, Ubuntu will automatically use DHCP. You could later change this, but it’s much easier to get it right during the installation. With 12.04, very early on in the installation wizard, and just after DHCP configuration has taken place, you’ll see a dialogue box headed “Configure the network”. This has a “Hostname” field and a “Go Back” button. After you’ve entered your desired host name, I recommend choosing the “Go Back” button. This in fact takes you to a screen you’ve not seen previously in the installation, which contains an option to configure the network manually. Choose that option and then give your server a static IP address on your LAN.

Software selection

At The basic software selection wizard screen, make sure you choose at least the following:

  • OpenSSH server
  • LAMP server
  • Mail server

You may also wish to install the PostgreSQL database, if you’re supporting that in addition to, or instead of MySQL.

Postfix (email server)

At the Postfix Configuration screen, you probably want to choose “Internet with smarthost”. We’ll deal with the detailed configuration of Postfix later. When asked for the SMTP relay host, enter the address of the mail server that will accept outward-bound email from this system (your ISP’s mail server, or an Exchange server already on your LAN, for example).

Post-installation

You now have a functioning server. At this point you should be able to disconnect the mouse, keyboard and monitor you borrowed previously and connect via SSH. When I need a command line/shell, I use PuTTY and PuTTY Connection Manager to connect to most of the Linux and Unix servers I administer, but any SSH-capable terminal emulator will do.

root

At the moment, you can’t log on as the all-powerful root user. You’re supposed to use sudo as a non-privileged user, to avoid inadvertent damage to your server. But the way we’ll be using this server, you’ll quickly find that a pain. So log in as the user you created during installation and then issue the following command:
sudo passwd root
You can set a password for root and log on as root from that point onwards.

Note: I don’t recommend doing this on a production server or in any environment where security is a particular concern.

Package manager

Ubuntu comes with a lot (I mean a phenomenal quantity) of “packages” (programs) that you can freely install to enhance the functionality of your server. We use a package manager to add, remove and upgrade these packages.

This server does not have a graphical user interface installed, but that doesn’t mean we have to use a command line to install every package we want, or to process updates. Start by issuing this command:
apt-get upgrade -y; apt-get install aptitude -y
You may need to reboot your server after this, particularly if the Linux kernel (the core of your operating system) has been upgraded during this process.

You now have a console based semi-graphical package manager at your disposal called aptitude. At the command line, issue the following command:
aptitude
Once aptitude has loaded, take some time to explore the help facility to learn how to use it (press ?).

Packages to install

I recommend installing at least the following packages (several of which will be needed by Webmin – see below):

  • apache2-suexec-custom
  • any php5 modules you think you’ll need (search for “php5”)
  • a console-based text editor; I prefer vim, which should already be installed, but “joe” has a much gentler learning curve
  • libnet-ssleay-perl
  • libauthen-pam-perl
  • libio-pty-perl
  • apt-show-versions
  • libapt-pkg-perl
  • bind9
  • webalizer

How to find stuff

Most Linux distributions are configured with “locate”. This command helps you to track down files by name. Typically, the locate database updates overnight. You can force an update by running the command “updatedb”. You could then use that (for example) to find the file we’re about to edit in the next step.

Configure the apache2-suexec-custom package

On my test system, the suexec configuration file is at /etc/apache2/suexec/www-data. The first line probably contains the text “/var/www”. We need to be able to serve up web pages under the /home directory, so change that line to “/home” and save the file.

Enable additional Apache modules

Virtualmin depends on some otherwise optional modules for Apache (the web server program). Enable these modules and force Apache to load them with the following commands:
a2enmod suexec
a2enmod actions
service apache2 restart

Virtual hosting application: Virtualmin

Virtualmin logoThere are a few virtual hosting applications around – software that helps you to host multiple websites on a single server, without having to edit Apache’s config files by hand. My favourite application is Virtualmin, which has community and professional variants. The free community variant is more than sufficient for our purpose.

Virtualmin is actually a module for the server management software, Webmin, so we’ll be installing both. Again, Webmin is one of many tools available, which allow you to administer your server remotely. Once Webmin is installed, you’ll very rarely need to use the command line.

Install Webmin

The instructions for downloading and installing Webmin are here. If the reference to Debian confuses you, remember that Ubuntu is based on Debian. You can download the software anywhere you like on your server, but I’ve taken to creating a folder at /root/installed-packages, so I can easily track what I’ve installed outside the package management system. On my test system, I’m issuing the following commands:
mkdir /root/installed-packages
cd /root/installed-packages
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.610_all.deb
dpkg --install webmin_1.610_all.deb

Note: you can use the Webmin APT repository to install Webmin and instructions are on the same page, but it’s a bit more fiddly.

Install Virtualmin

The Webmin site includes some instructions for installing Virtualmin here, but I think there’s a better way. Copy the link from that page for the “Virtualmin module in Webmin format” – ignore the Debian module. Then, browse to the Webmin interface (https://your.server’s.ip.address:10000) and go to Webmin–>Webmin Configuration–>Webmin Modules. Select the radio button next to “From ftp or http URL” and paste the link you copied into the field. Then click “Install Module”. Do the same for the link for the “Virtualmin theme in Webmin format”.

After the install, go to Webmin–>Webmin Configuration–>Webmin Themes. From the drop-down box, choose “Virtualmin framed theme” and click “Change”. Ignore the “Post-Installation Wizard” for now, and hit F5 to refresh your browser and use the Virtualmin theme for Webmin.

Post-installation Wizard

You may need to go through this wizard several times, fixing issues as you go along. Here are the things I needed to fix. After fixing each item, go back to the wizard. Eventually you’ll be using the “Check Configuration” wizard; a kind of post-post-install routine…

MySQL

You need to enter your MySQL username and password.

DNS zones

We won’t be running a DNS server initially, so in the wizard, click “Skip check for resolvability”. Within Virtualmin’s “Features and Plugins” page, uncheck “BIND DNS domain”.

Postfix

You’ll probably see an error message when you run the “Check configuration” wizard that says “A problem was found with your Postfix virtual maps : No map sources were found in the Postfix configuration”. To fix this, follow the “Postfix configuration” link, then click the “Virtual Domains” icon. Set “Domain mapping lookup tables” to “hash:/etc/postfix/virtual”.

Apache

I’ve found that Virtualmin can complain that certain modules (which we enabled earlier) are not available. Fix this by going to: Webmin–>Servers–>Apache Webserver–>Configure Apache Modules. You shouldn’t need to change anything – just click the “Enable Selected Modules” button.

Deal with this error message: “Apache configuration file /etc/apache2/mods-enabled/php5.conf contains SetHandler lines that prevent PHP from running with domain owner permissions. These lines must be removed.” as follows by editing the file in question (using your command-line text editor installed earlier). You’ll probably see some text along the following lines:

<FilesMatch "\.ph(p3?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>

Delete that in its entirety and save the file. Then issue the following command:
service apache2 reload

Final check/refresh configuration

Your final “Check configuration” will run successfully, but may issue two warnings: one about the IP address of the web server and another about FTP access. You can safely ignore both of these.

Next steps

Great! Now your server is ready to host multiple websites. Explore the “Create Virtual Server” link within Virtualmin to see the options now available to you.

Of course you want these websites to be accessible from the internet, so in part 3, I’ll deal with the hurdles you’ll need to jump before you can inflict your new web sites on the unsuspecting public. Until then, happy tinkering!

Ubuntu logo copyright © Canonical Ltd. Virtualmin logo copyright © Virtualmin, Inc. All rights acknowledged.

The daily STAB Prayer

Submit to the
Trinity
At
Breakfast

(or at the Beginning of a task, project, year, etc.)

The STAB prayer is a simple formula, intended to anchor your focus on God at the beginning of the day. No prayer should become religious or formulaic, rather the STAB Prayer provides a framework or a reminder of how we can pray. Although it can never compete with the Lord’s Prayer, it can certainly complement it.

The structure, which you can use as an outline, is as follows:

Father, You are my God; I worship you.
Jesus, thank You for being my Saviour; be also my Lord.
Holy Spirit, fill me today; I need You.

First, we concentrate on the supremacy of God the Father, and give Him the worship He deserves.
Secondly, we remember with gratitude the salvation bought for us by Christ. But we don’t stop at accepting His salvation; we also submit to His lordship over our lives.
Thirdly, we look to the Holy Spirit, to fill us afresh and to guide us through the day.

Simple, but powerful.

This image is a simple encapsulation of the STAB Prayer. Why not print it out and put it somewhere where you’ll see it at the start of the day?

The STAB prayer