Page 1 of 1
Domain Name and Apache advice
Posted: 2005-08-25 03:27pm
by darthdavid
Ok, I've kludged together two disparate systems, taking the best of each and combining them. It's a very weak attempt at a server but it'll do by Darwin! I'm moderately experienced with Linux, so the os won't be a problem. However, I've never run apache in my life and I've no idea where to get a free domain name. So if someone could direct me to a good apacahe tutorial (prefereably for Debian Linux, but I'm sure it's pretty standard on all platforms, right?) and even more important, a good site for free domain names I'd be greatly obliged. Time is not of the essence because I still need to get a longer bit of good old RJ45 if I'm to position it in such a way as not to fry the electrical grid and avoid giving my mom an anurism at the same time (she wants it hidden, and as well as possible at that), but a speedy response would be very much appreciated , especially so that I might get myself mentally prepared before I start work on getting the server ready for real.
Posted: 2005-08-25 04:46pm
by Pu-239
Documentation:
http://httpd.apache.org/docs/2.0/
http://localhost/manual should also show the apache documentation (assumming you have the apache2-doc package installed (are you using 1.3 or 2? )). It's not accessible from outside the server for security reasons, so if you're not running it on your desktop, install a web browser on the server or modify the allow directive in /etc/apache2/conf.d/apache2-doc to add your subnet (since you probably need the documentation to do this, just visit
http://httpd.apache.org/docs/2.0/).
/etc/apache2/sites-available/ is the directory containing site configuration, which is symlinked to /etc/apache2/sites-enabled. Put your configuration directives in here and symlink appropriately.
Apache modules are in /etc/apache2/mods-available and have to be symlinked to /etc/apache2/mods-enabled to enable them.
Also, you know how to set up port forwarding right? If you have to use a port other than 80, you have to modify ports.conf in the apache configuration directory.
You probably won't have to modify apache2.conf
I can post details of my configuration if you want.
Posted: 2005-08-25 04:55pm
by Alferd Packer
I concur. Apache is very easy to use, and the official documentation should be enough to get you serving webpages.
Your chief concern should be security, especially since you're going to be public. You may only be using it for light stuff and not sharing the domain name with people, but that doesn't mean people won't find it. A large risk is, of course, having to start httpd as root (because you have to bind it to port 80). A possible workaround I've heard of is to use iptables to route port 80 requests to something out of the priveledged range, so you can start httpd with a minimal account (the nobody account might work). Of course, you'll want to set the permissions on /var/www (or whatever your DocumentRoot will be) to be as low as possible, and you'll want to remove telnet, ftp, rsh, rcp, etc. before you put it up on the internet(anything that can transmit passwords in cleartext). Also, remove any unneeded daemons from /etc/rcX.d. And pick strong, strong passwords.
Or, if you're lazy, use Bastille and harden your OS that way, then use tripwire or something like it for IDS. If you're running debian, just apt-get it and run it. You'll deter 99% of potential troublemakers that way, and the other 1% wouldn't bother with your server to begin with.
Posted: 2005-08-25 05:26pm
by Pu-239
Apache2 doesn't run as root under Debian (gets temporary priviledges that are dropped - it runs as www-data). Since he's probably using a router, he doesn't have to worry about iptables. The only ports forwarded to my server are SSH, 80 (should probably remove this, since it's useless due to ISP blocking, 8000, and various P2P apps that run on it occasionally - VNC is supposed to be tunneled through SSH.