After about a year of delaying for one reason or other, I'm finally at a place that setting up a webserver for my business can be a reality. A client of mine designs websites so arrangements for that part of things have already been made and a good faith deposit for their work already paid. The hardware is ready, it's a bit dated, but here's what I'll be using:
Antec 250W PSU
Intel AL440LX Board
Pentium II 333 MHz Processor
256 MB SDRAM
Promise Ultra 100 TX2 Controller Card
Western Digital 40 GB ATA 100 Hard Drive
NEC CD Reader
NEC Floppy Drive
Nvidia Riva Video Card
NEC 15" Monitor
3COM 905 NIC
This box was substantially less capable when I got it - a 4.3 GB ATA 66 Hard Drive and a Pentium II 233 MHz - so I upgraded it as far as the systemboard would allow so as to squeeze as much performance out of it that I could. The Antec 250W PSU is brand new, having been removed from an Antec Premium Mid Tower Case I purchased last year and replaced with a 400W PC Power & Cooling unit for a system that is currently serving as Arch2 on my local network.
The above machine will be networked with three others via a router which doubles as a DHCP server but will be given an address out of the range used by the router to determine addresses for the other three machines. I will be going outside for the DNS server, naturally. So I think from a hardware standpoint things ought to function the way I hope they will, ought to, I say, assuming that leaving the router on all the time will prevent my being assigned new addresses repeatedly by my ADSL provider. With that background, here's my question:
If this box is going to act as a webserver exclusively, precisely what will I need to install on it at a minimum to get it to function properly. Do I do a normal Arch base system install and add in Apache and leave it at that? Do I need XFree86 and a WM plus terminal or am I better off to function at the equivalent of run level 3. I've never set up a webserver before so can use all the help I can get at this point. Your suggestions and recommendations are warmly solicited.
You don't need X or anyhting like that. OTOH, you may want xterm (or some other term), but this is by no means necessary.
Here are the installed packages from a temporary webserver I set up under Arch :
apache-2.0.48-1 findutils-4.1.20-1 man-pages-1.63-1 procps-3.1.14-2 autoconf-2.58-1 flex-2.5.27-1 mawk-1.3.3-6 psmisc-21.3-1 automake-1.7.9-1 gcc-3.3.2-1 mktemp-1.5-1 qstat-25c-2 bash-2.05b-8 gdbm-1.8.3-1 modutils-2.4.26-1 raidtools-1.00.3-2 bin86-0.16.12-1 gettext-0.12.1-1 ncurses-5.3-1 readline-4.3-4 binutils-2.14-1 glibc-2.3.2-2 net-tools-1.60-5 reiserfsprogs-3.6.11-1 bison-1.875-1 grep-2.5-2 netkit-base-0.17-4 sed-4.0.8-1 bzip2-1.0.2-3 groff-1.19-1 netkit-bsd-finger-0.17-2 shadow-4.0.3-11 chkrootkit-0.42b-1 grub-0.93-3 nfs-utils-1.0.6-2 slocate-2.7-1 coreutils-5.0-1 gzip-1.2.4a-2 ntp-4.1.74-2 sysklogd-1.4.1-6 cpio-2.5-4 host-20031101-1 openssh-3.7.1p2-1 sysvinit-2.85-2 cvsup-16.1h-1 initscripts-0.5-8 openssl-0.9.6l-1 tar-1.13.25-1 db-4.1.25-2 kbd-1.08-1 pacman-2.7-2 tcp_wrappers-7.6-3 dcron-2.9-1 kernel-2.4.22-1 pam-0.77-4 traceroute-1.4a12-2 devfsd-1.3.25-3 less-381-1 patch-2.5.4-2 util-linux-2.12-1 dhcpcd-1.3.22pl4-2 libtool-1.5-1 pciutils-2.1.11-2 vim-6.2-1 diffutils-2.8.1-2 lilo-22.5.8-1 pcre-4.4-1 wget-1.9.1-1 e2fsprogs-1.34-1 logrotate-3.6.5-3 perl-5.8.2-4 which-2.16-1 ed-0.2-2 m4-1.4-2 popt-1.7-2 ypbind-mt-1.14-1 expat-1.95.7-1 mailx-8.1.1-2 portmap-5beta-9 zlib-1.1.4-2 file-4.06-1 make-3.80-1 postfix-2.0.16-1 filesystem-0.5-2 man-1.5m2-2 procinfo-18-2
The packages are slightly out of date, and I'm obviously not using pacman to give you this listing, since I am accessing the harddrive from another OS ;-).
Bottom line : this is base plus apache plus a few network packages (some of which only my setup required).
The hardware sounds fine. I am running webservers off machines like that. They are not very busy, though .... but not idle either.
About the 4GB->40GB upgrade : 4GB should suffice, too, unless you plan to serve movies, CD-images etc. AL itself in the above configuration is easily less than 1Gig - and then you have 3 gigs left for contents - just calculate how long that would take to upload over ADSL ;-) ...
However, having a brand new (hopefully) reliable HD in a server is better than having an old worn out drive.
Your hardware is fine for a small/medium site. For more safety of data & thus better availability of the server I'd add another identical hdd on a raid 1 array with the other disc you have. If your promise supports hardware raid 1, it'd be ideal else you can stick with software raid (check the howto in ltdp.org for more info).
Also make sure to check the grsecurity kernel patch-set for added security (for a web server I'd suggest to use MID in kernel config) & setting up apache to run chrooted.
andy & zen_gorilla,
Many thanks to the two of you for the helpful messages.
Since both of you commented about the level of activity the site might experience and the 4.3 GB hard drive I'd previously had on this machine, I suppose that I should have mentioned both that the site will exist simply to show the company's flag and to display an e-mail address to facilitate contact - at least for now it will - and that the old drive is well past my using it anymore - it makes noises sufficiently horrifying to cause stones a certain lack of comfort.
I hope that configuring Apache isn't too much of a problem. The Apache site makes the configuration seem simple, but 63 years of life has made me somewhat less inclined to embark upon new ventures without at least a tinge of humility. I've had quite enough of the imbecillically enthusiastic at this juncture, I'm afraid. So what's your take on Apache. Is it hard to configure?
If that's the only thing you need, simply install arch, update it to current version (for security reasons, make sure to install kernel-2.4.23), install apache & change the following line :
in /etc/httpd/conf/httpd.conf, replacing YOUR_INET_IP with your internet ip address &
in the same file, replacing YOUR_FQDN with your dns registered hostname.domain.std.
Then '/etc/rc.d/httpd start' & your web server is up & running .
Then make sure to read the whole file & enable/disable other things.
You're making this look easy. Thanks.
Yes, the site is to be very simple for now. I suspect that, over time, it will become more involved and that I'll be doing more with it. One question, however: When you speak of "replacing YOUR_INET_IP with your internet ip address", by "your internet ip address", I assume you're referring to the address assigned to me by my ADSL provider, not the static IP address I'll be assigning the webserver on it and on the local network's router. Am I right in this assumption?
jlowell, I once had a web server very much like your setup : in a private network, behind a firewall box with IP translations.
Disclaimer : that was apache 1.3.X, but it seems the configuration did not change that dramatically - at least what I found so far.
Anyways, I did not even set the
directive. Apache figured it out itself. Just make sure that your firewall/router forwards all incoming traffic on port 80 to your webserver box.
is indeed important. There you have to put the name of your domain like www.jlowellscompany.com and not the name you gave it internally.
I *think* that was all I needed to do. I did have some virtualhosts, but unfortunately, the config file in the current state does not seem to tell me how the virtualhosts setup was back then ;-) ...
In general, most of httpd.conf is very well documented and has sane defaults. Just go through that file and adjust what you need. If you don't understand certain directives at all : then they are porbably at good defaults ;-)
When you speak of "replacing YOUR_INET_IP with your internet ip address", by "your internet ip address", I assume you're referring to the address assigned to me by my ADSL provider, not the static IP address I'll be assigning the webserver on it and on the local network's router. Am I right in this assumption?
If the webserver has an "internet" ip address, then put that. In your case I suppose you have a static ("internet") ip provided by your isp & assigned to your router. You also have a lan with a "local" subnet, like 192.168.0.XX & your webserver has an ip in that subnet. The "Listen" option in httpd.conf defines in which interface (aka ip address) apache should listen. The default (80, with no subnet) makes it listen to all interfaces, which is not really good .
So to pack it up. Register your domain (along with www., mail. etc) on the static ip your isp gave you & you assigned on your router, open port 80 on your router & make it forward all requests for port 80 to your webserver's local ip, if you use iptables, simply add :
iptables -A FORWARD -i $EXTIF -p tcp -s 0.0.0.0/0 --dport 80 -j ACCEPT iptables -A FORWARD -i $INTIF -p tcp -d 0.0.0.0/0 --sport 80 -j ACCEPT iptables -t nat -A PREROUTING -i $EXTIF -s 0.0.0.0/0 -p tcp -d $INTERNET_IP --dport 80 -j DNAT --to $WEBSERVER_IP
that's it. tech support for free .
In your case I suppose you have a static ("internet") ip provided by your isp & assigned to your router.
Actually, the ADSL provider assigns a dynamic IP address to my router which would seem always to be the same unless they interrupt service for some reason (very rare) or I turn off and later restart the router. Once the webserver is up and running, it had been my plan to run the router around the clock, thereby constantly maintaining the same address, a kind of pseudo-static ip address if you will. Admittedly, this is one of the weak links in the plan but I'm led to believe that it should work as long as there are no service glitches by the ADSL provider that would foul-up communications with the DNS server.
You also have a lan with a "local" subnet, like 192.168.0.XX & your webserver has an ip in that subnet.
Correct. I've configured the router (which doubles as a DHCP server) to assign addresses to the workstations dynamically within a specified range. The router will assign a static address to the webserver which will be outside of the address range of the workstations.
open port 80 on your router & make it forward all requests for port 80 to your webserver's local ip
Yes, that, too, had been contemplated, so I think we're on the same page, basically.
Anything that will make Apache easy to handle is welcome at this end. I think my plan is reasonably solid at the level of the hardware. It's with the software part of things that I require the most help.
Regards to both of you.
The default (80, with no subnet) makes it listen to all interfaces, which is not really good .
Just curious why it's not good? Having only one NIC and the lo interfaces means that the web server will be listening in two places... I usually only specify a Listen variable if you /don't/ want a certain interface to see the web server. In all other cases I just leave it.
I have discovered that all of mans unhappiness derives from only one source, not being able to sit quietly in a room
- Blaise Pascal
Not pretending to answer for zen_gorilla, I thought I might mention that my router manufacturer's tech support department recommends that the router be configured for port forwarding on 80 on set-ups like mine. It was at their suggestion that I chose the addressing parameters that I did also, whatever that may be worth.
Just curious why it's not good?
It depends on your paranoia level . I must admit though that having only 1 nic, setting this option is not really necessary...
I must admit though that having only 1 nic, setting this option is not really necessary...
:-) that's why I didn't even touch the Listen directive in my setup, and would also recommend not touching it ... because otherwise, in a NAT'd environment like we have here, one might be confused wether to use the visible internet IP or the internal private IP ... hmmm, but I'm already discussing it, so hopefully the confusion hasn't already grown ;-) ...
jlowell, about your ISP giving you dynamic IP adresses : search for DynDNS services. They deal with situations like yours. With such a service, you run a dyndns tool on your router, and every time your router gets a new address, this tool will have to report that address (you usually need to call it in some post-config scripts) to the DynDNS service, and shortly after, the DNS records are correct again.
This solution is usually not very nice, since there are always short periods of time when the DNS entries are out of sync. However, for you that should only happen, if your ISP is dropping the line for technical problems.
EDIT: depending on where your registered your domain name, this registrar may also offer some dyndns service, which will not necesarily show up in a google search !
Keep in mind 1 nic can bind to multiple IP's. Like my LAN's server has 192.168.1.20-25 mainly because I wanted to see if I could have services on the same box with different IP's. And that's where your Listen variable ::might:: come into play with one nic.
Just a quick note to thank everyone that brought something to the question I raised here about webserver software. The first time for anything with computers can be intimidating. I can remember when 32 MB of SDRAM was a lot and that having Windows 95 crash all the time because it needed even more forced me against my will to learn how to open the case and install additional modules. Later it was the the project of building my first box. Then it was networking, learning something about Linux and now a webserver. I appreciate all the assistence I've gotten here and elsewhere over the years to learn these things. It's an arrogant man indeed that fails to see that all of what he has is the consequence of someone else's gifts to him.