Domain Name and Apache advice
Moderator: Thanas
-
darthdavid
- Pathetic Attention Whore
- Posts: 5470
- Joined: 2003-02-17 12:04pm
- Location: Bat Country!
Domain Name and Apache advice
Ok, I've kludged together two disparate systems, taking the best of each and combining them. It's a very weak attempt at a server but it'll do by Darwin! I'm moderately experienced with Linux, so the os won't be a problem. However, I've never run apache in my life and I've no idea where to get a free domain name. So if someone could direct me to a good apacahe tutorial (prefereably for Debian Linux, but I'm sure it's pretty standard on all platforms, right?) and even more important, a good site for free domain names I'd be greatly obliged. Time is not of the essence because I still need to get a longer bit of good old RJ45 if I'm to position it in such a way as not to fry the electrical grid and avoid giving my mom an anurism at the same time (she wants it hidden, and as well as possible at that), but a speedy response would be very much appreciated , especially so that I might get myself mentally prepared before I start work on getting the server ready for real.
Documentation:
http://httpd.apache.org/docs/2.0/
http://localhost/manual should also show the apache documentation (assumming you have the apache2-doc package installed (are you using 1.3 or 2? )). It's not accessible from outside the server for security reasons, so if you're not running it on your desktop, install a web browser on the server or modify the allow directive in /etc/apache2/conf.d/apache2-doc to add your subnet (since you probably need the documentation to do this, just visit http://httpd.apache.org/docs/2.0/).
/etc/apache2/sites-available/ is the directory containing site configuration, which is symlinked to /etc/apache2/sites-enabled. Put your configuration directives in here and symlink appropriately.
Apache modules are in /etc/apache2/mods-available and have to be symlinked to /etc/apache2/mods-enabled to enable them.
Also, you know how to set up port forwarding right? If you have to use a port other than 80, you have to modify ports.conf in the apache configuration directory.
You probably won't have to modify apache2.conf
I can post details of my configuration if you want.
http://httpd.apache.org/docs/2.0/
http://localhost/manual should also show the apache documentation (assumming you have the apache2-doc package installed (are you using 1.3 or 2? )). It's not accessible from outside the server for security reasons, so if you're not running it on your desktop, install a web browser on the server or modify the allow directive in /etc/apache2/conf.d/apache2-doc to add your subnet (since you probably need the documentation to do this, just visit http://httpd.apache.org/docs/2.0/).
/etc/apache2/sites-available/ is the directory containing site configuration, which is symlinked to /etc/apache2/sites-enabled. Put your configuration directives in here and symlink appropriately.
Apache modules are in /etc/apache2/mods-available and have to be symlinked to /etc/apache2/mods-enabled to enable them.
Also, you know how to set up port forwarding right? If you have to use a port other than 80, you have to modify ports.conf in the apache configuration directory.
You probably won't have to modify apache2.conf
I can post details of my configuration if you want.
ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer
George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor
-
Alferd Packer
- Sith Marauder
- Posts: 3706
- Joined: 2002-07-19 09:22pm
- Location: Slumgullion Pass
- Contact:
I concur. Apache is very easy to use, and the official documentation should be enough to get you serving webpages.
Your chief concern should be security, especially since you're going to be public. You may only be using it for light stuff and not sharing the domain name with people, but that doesn't mean people won't find it. A large risk is, of course, having to start httpd as root (because you have to bind it to port 80). A possible workaround I've heard of is to use iptables to route port 80 requests to something out of the priveledged range, so you can start httpd with a minimal account (the nobody account might work). Of course, you'll want to set the permissions on /var/www (or whatever your DocumentRoot will be) to be as low as possible, and you'll want to remove telnet, ftp, rsh, rcp, etc. before you put it up on the internet(anything that can transmit passwords in cleartext). Also, remove any unneeded daemons from /etc/rcX.d. And pick strong, strong passwords.
Or, if you're lazy, use Bastille and harden your OS that way, then use tripwire or something like it for IDS. If you're running debian, just apt-get it and run it. You'll deter 99% of potential troublemakers that way, and the other 1% wouldn't bother with your server to begin with.
Your chief concern should be security, especially since you're going to be public. You may only be using it for light stuff and not sharing the domain name with people, but that doesn't mean people won't find it. A large risk is, of course, having to start httpd as root (because you have to bind it to port 80). A possible workaround I've heard of is to use iptables to route port 80 requests to something out of the priveledged range, so you can start httpd with a minimal account (the nobody account might work). Of course, you'll want to set the permissions on /var/www (or whatever your DocumentRoot will be) to be as low as possible, and you'll want to remove telnet, ftp, rsh, rcp, etc. before you put it up on the internet(anything that can transmit passwords in cleartext). Also, remove any unneeded daemons from /etc/rcX.d. And pick strong, strong passwords.
Or, if you're lazy, use Bastille and harden your OS that way, then use tripwire or something like it for IDS. If you're running debian, just apt-get it and run it. You'll deter 99% of potential troublemakers that way, and the other 1% wouldn't bother with your server to begin with.
"There is a principle which is a bar against all information, which is proof against all arguments and which cannot fail to keep a man in everlasting ignorance--that principle is contempt prior to investigation." -Herbert Spencer
"Against stupidity the gods themselves contend in vain." - Schiller, Die Jungfrau von Orleans, III vi.
"Against stupidity the gods themselves contend in vain." - Schiller, Die Jungfrau von Orleans, III vi.
Apache2 doesn't run as root under Debian (gets temporary priviledges that are dropped - it runs as www-data). Since he's probably using a router, he doesn't have to worry about iptables. The only ports forwarded to my server are SSH, 80 (should probably remove this, since it's useless due to ISP blocking, 8000, and various P2P apps that run on it occasionally - VNC is supposed to be tunneled through SSH.
ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer
George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor