PowerPoint Presentation

The University of AkronSummit CollegeBusiness Technology Dept.2440: 141Web Site Administration

Web Server ConfigurationInstructor: Enoch E. Damson

Choosing Web Server SoftwareThe Web server software determines the scalability, manageability, and accessibility of the sites hosted on a serverEvaluating a Web server involves looking at several aspects including:PriceScalabilityConfiguration optionsPerformanceWeb Server Configuration2Choosing Web Server SoftwarePrice spending a lot of money does not guarantee a good server packageSome of the best Web servers are freeScalability a Web servers ability to run on different hardware configurations and operating systemsConfiguration it is important that the Web server is flexible and easy to configurePerformance a Web server must be able to withstand heavy loads and avoid crashingWeb Server Configuration3Evaluating Web Server SoftwareSome of the questions to ask when evaluating different Web servers are:How much is the server?Has the server been thoroughly tested in real-world situations?What is more important: ease of use or speed and flexibility?How easy is it to install and configure?Can non-webmasters publish documents to it easily?Will the server scale to meet the needs of the growing business?Does it behave well under heavy load?Does it meet any special needs of your business?Does it supported well defined and accepted industry standards?Is it customizable and extendable?Is technical support available?How well does it run on existing hardware?How good is the documentation?Web Server Configuration4How Web Servers WorkHTTP (Hypertext Transfer Protocol) defines how information is passed between a browser and a Web serverTwo of the most popular Web servers include:Apache from Apache Software FoundationHas the largest Web server software market shareInternet Information Services (IIS) from MicrosoftWeb Server Configuration5Web Server Software Market ShareVendorProductPercentageApacheApache60%+MicrosoftIIS14%+Igor Sysoevnginx11%+GoogleGWS3%+lighttpdlighttpdWeb Server Configuration6Source: Netcraft (http://news.netcraft.com/archives/2012/07/03/july-2012-web-server-survey.html), July 2012ApacheThe most widely supported Web server the biggest market shareDeveloped by a group of volunteers (The Apache Group) around the world since 1995Software is free for anyone to use, modify and redistributeAn open source project written in the C programming languageOriginated on UNIX systems but available on Windows platformsSomewhat difficult to configure than other serversHas no management console applicationThe Apache Web site is: http://www.apache.orgWeb Server Configuration7IISMicrosofts Web server specifically written for Windows platformsFree if the Windows operating system is purchased but source code not availableThe second most widely used Web server with over 25% market shareEasy to setup, configure and useNot supported on UNIX systemsExtendable through Microsofts Internet Server Application Program Interface (ISAPI)ISAPI provides a convenient way to add functionality to a Web server relies on DLLs (Dynamic Link Libraries)Offers ASP and supports FrontPage extensionsWeb Server Configuration8Understanding HTTPVirtually no browsers are so old not to support HTTP 1.1HTTP is a stateless protocol, meaning that each Web page sent is independent of every other Web page sentThis makes it more challenging to create a shopping cart applicationWeb Server Configuration9Understanding HTTPHTTP 1.1 supports persistent connectionsAllows the browser to receive multiple files in one TCP connectionCan speed up communicationAlthough you see a single page in your browser, it can be composed of many text and image filesWeb Server Configuration10Understanding HTTPWhen the browser sends a request to a Web server, it looks like:GET /hello.html HTTP/1.1Host: www.jdoe.comThe above requests the hello.html file from the root of the Web serverEach Web server has a root, which is where you store the HTML documentsIt specifies the host of www.jdoe.comThere could be multiple hosts at the IP addressWeb Server Configuration11How Web Servers WorkAs is true with other servers such as DNS, Web servers listen for communication at a port numberThe default port for Web servers is 80Other conventional port numbers for web services are 8080 or 8000You can also create Web servers at port numbers greater than 1023Ports up to and including 1023 are reserved for other usesWeb Server Configuration12Installing Apache ModulesYou may download and install other Apache modules from the Apache Web site (http://modules.apache.org)Some of the modules include:mod_cgi allows the execution of CGI scriptsmod_perl incorporates a Perl interpretermod_aspdotnet provides an ASP.NET host interface to MS ASP.NET enginemod_ssl provides strong cryptography via SSL and TLS protocols CGI scriptsmod_ftpd allows FTP connectionsmod_userdir allows user content to be served from user-specific directories via HTTPmod_authz_ldap provides support for authenticating users against an LDAP databaseE.g. to install a module on Fedora, type: yum install mod_sslWeb Server Configuration13Starting ApacheBy default, Apache does not start after you install itThe following table has a list of commandsProcedureCommand Start Apacheapachectl startStop Apacheapachectl stopRestart Apacheapachectl restartWeb Server Configuration14Minimal Apache ConfigurationTo configure the name of the server:Add a ServerName in /etc/httpd/conf/httpd.conf E.g. ServerName www.jdoe.com:80Where 80 is the port numberTo start Apache automatically when the computer is started:Add apachectl start at the bottom of the /etc/rc.d/rc.local file.Web Server Configuration15Default Web Site Properties in IISWeb Server Configuration16

Apache Properties-Global EnvironmentServerRootDirectory location of server filesKeepAliveIndicates whether Apache should maintain a persistent connectionListenDetermines the port number for the serverDefault is 80

Web Server Configuration17Apache Properties-Main Server ConfigurationUserShows the user name that Apache employs when someone requests a Web pageThe default is apacheServerAdminE-mail address of administratorServerNameDNS host name or IP address of serverDocumentRootDirectory where the Web pages are storedWeb Server Configuration18Hosting Multiple Web Sitesby Port NumberAssociate each new Web site with a port above 1023To retrieve a Web page from a site at port 8080:http://localhost:8080/fileWeb Server Configuration19Hosting Multiple Web Sitesby IP AddressYou can create multiple IP addresses on a single NICReferred to as virtual IP addressesUseful for flexibility because if each domain has its own unique IP address, you can easily move the domain to a different Web serverIt is getting more expensive to get multiple IP addresses from an ISPWeb Server Configuration20Hosting Multiple Web Sitesby Host NameMultiple host names can be associated with a single IP addressGetting a single IP address from your ISP is relatively inexpensiveYou can host an almost unlimited number of domains with a single IP addressIt is the most common method of hosting Web Server Configuration21Virtual HostsDomains associated with a serverA server can host many domainsDomain names point to IP addressesA server is capable of having many IP addresses typically, a server has only one IP addressThere are two types of virtual hosts:Name-based virtual hosts does not have a unique IP addressIP-based virtual hosts have unique IP addresses like a normal hostThe HTTPD listens for requests on a particular IP address instead of relying on the HTTP headers to determine the destination

Web Server Configuration22User AccessIt is possible to restrict access to certain pages on a Web serverHTTP offers a simple authentication protocol used to require a username and password in order to access resources on the serverThe webmaster can make certain directories and files private and require a client to authenticate before allowing accessHTTP 1.1 offers two types of authentication:Basic authentication offers little security because it does not encrypt any information sent over the networkDigest authentication not very secure either and not available on some older versions of some server softwareThe best way to secure authentication is to use HTTPSWeb Server Configuration23User AccessAlthough implementations are different for virtually every Web server, the basic procedures for enabling user authentication are as follows:Determine which resources need to be restrictedEvaluate content and determine which directories/files require authenticationDetermine users and groupsDetermine list of users/groups to be allowed to view resourcesCreate users and groupsIIS create user accounts in the operating systemApache requires password and group files containing information about usernames, passwords, and groupsApply restrictions to resources (files and directories)Web Server Configuration24Host AccessThere are situations when denying access to your server from a particular host or domain may be desirableRequests from domains may be rejected to prevent a site from being indexed by spiders and search enginesHackers may be banned by IP address or domainThese methods are not foolproof but can control access to a site in many situationsThe default for most servers is to allow access from any hostsSometimes access may only be allowed from particular hostsAllowing access by IP address eliminates having to issue usernames and passwordsEasy way to allow access to a particular host address, range of addresses, or an entire subnet or domainWeb Server Configuration25Host AccessMost Web servers have provisions for restricting access to specific hosts, networks, or domainsApache uses the allow and deny directives to control access by hostIn the Apache access.conf configuration file, an entry can be used to restrict any hosts from a sample.com domainSpecify IP addresses whenever possible specifying domain names can decrease performance of a Web server by requiring a DNS lookup for each request

order allow, deny allow from all deny from *.samplesite.com

Web Server Configuration26Document DirectoriesA Web server (httpd) provides access to HTML documents from the serverAccess should not be granted to all files on a serverMost Web servers will enable a single directory for publishing Web documents by defaultThe directory is called the document root directoryMicrosofts IIS c:\Inetpub\wwwrootApache creates c:\Program Files\Apache Software Foundation\apache\htdocsUsers & Documents27Document DirectoriesAccessing files outside a document root directory requires creating an alias or virtual directory Mapped to another directory anywhere on the serverUsers & Documents28User DirectoriesProfile scripts (login scripts) usually used to customize the user account environmentThere is usually a special subdirectory in the users home directory used for html filesTraditionally named public_html or www provides a private Web space for the user accountE.g. http://yourdomain.com/~username/Users & Documents29Directory IndexingAllows the Web server to generate a page containing a list of files in a directory automatically if no default document is specifiedShould be disabled on most directories to ensure that an index fileWeb servers determine what file to retrieve based on directory indexesIf directory indexes are enabled, the server returns a default document if it receives a request for a directoryThe server administrator chooses any filenames for directory indexesUsers & Documents30Directory IndexingSeveral options are available when choosing how a Web server views directories:No directory browsing permitted there must be an index document otherwise no files are listedDirectory browsing permitted, but no default documents enabled if no index document, all files in a directory are listedIndexes enabled if a filename with the correct name exists in a directory, it will be returned instead of a directory listing

Users & Documents31Default DocumentsCommonly used index filenames (default documents) include:index.htmldefault.htmlwelcome.htmlDefault documents (index files):Allow nicer looking URLsProvide some securityPeople cannot see all the files in a directory if there is an index file in placeOnly linked files can be accessed (unless users happen to know the names of other files in the directory)Users & Documents32Transferring FilesSome of the methods of publishing files on a Web server include:File sharingFile transfer protocol (FTP)HTTP PUTFrontPage extensionsUsers & Documents33Secure Socket Layer ConfigurationHTTP is not a secure protocol by defaultContents of a normal HTTP transaction are not encryptedUnauthorized people might be able to intercept and view unencrypted transactionsWhen credit card numbers, passwords and other private data are being sent over the Internet, there needs to be an assurance of data securityWeb Server Configuration34Secure Socket Layer (SSL)The most popular encryption protocol on the InternetDeveloped by Netscape but used by many other companiesMeant to go between an application-level protocol (HTTP) and communications protocol (TCP/IP)Forms a layer between the application and the network communicationsNot limited to Web transactionsUsed by other applications that need to transfer secured data over a networkFTP and telnet clients use SSLSeveral open-source projects offer free implementations of SSL for other applications (e.g. SSLeay and OpenSSL) Transport Layer Security (TLS) protocol is based on SSLWeb Server Configuration35HTTPSA normal HTTP wrapped in SSLNetscape, Internet Explorer and other browsers support the HTTPS protocolIIS and Netscape servers provide HTTPS supportApache does not have HTTPS support by defaultUsers must download a separate SSL-enabled server to provide secure contentPatches are available to add HTTP functionality to Apache using SSLeay or OpenSSLWeb Server Configuration36HTTPSA URL to a resource on an HTTPS server uses a slightly different naming convention than normal URLsThe https prefix is used instead of the http prefixInstructs the browser to attempt a secure connectionE.g. https://www.securedconnection.comHTTPS connects to a server at port 443 instead of connecting to a server at port 80 as usualPort 443 is the designated port for HTTPS (assigned by the Internet Assigned Numbers Authority-IANA)A signal may shown to indicated a secured connection if successfully connected to a serverMost browsers use a padlock to signal secured connectionWeb Server Configuration37CertificatesDocuments that contain information about a siteA certificate authority digitally signs a certificateCertificate authority (CA) typically, a well-known mutually trusted organization that issues and verifies certificatesVerisign and Thawte are two of the most popular CAsThe certificate should contain information about the server and the certificate authorityWeb Server Configuration38Obtaining CertificateObtaining and installing a certificate is typically the most difficult aspect of setting up a secure serverCertificates are obtained by providing a well-known CA information about your company and hostsLetter of authorizationProof of organizations nameProof to use domain nameA certificate-signing request (CSR) contains the pubic key for the Web serverThe CA processes the request and verifies the information to generate a digitally-signed certificate based on the CSRCertificates may be costly and may have to be renewed each yearA large well-known company can create and sign its own certificate to offer clients an assurance of data securityWeb Server Configuration39