All great websites have a great server behind them. In this tutorial, I’ll show you how to set up a dedicated web server (with Apache, MySQL, and PHP) using that old computer you have lying around the house and some free software.
1. A Quick Overview
In this tutorial, we are aiming to accomplish several things:
- We’re going to install the Ubuntu Server operating system. I commonly use Ubuntu because of its ease of use and simple administration. It also has a rather large and extremely active community behind it, which makes getting support a breeze.
- We’re going to install an OpenSSH server. This allows you to administer your server from remote computers.
- A LAMP (Linux, Apache, MySQL, and PHP) stack is going to be installed. This provides the backbone that will run your web site. Apache is the industry standard web server on Unix-based operating systems; it’s what most web hosts use (NETTUTS is using it right now!) and it’s what we’re going to use.
- We’re going to install a firewall to protect your server from unauthorized access.
In order to follow this tutorial, you’re going to need a few items:
- A computer to use as your server. It doesn’t need to be powerful; as long as it’s not ancient, it’ll work fine. Please don’t do this on your desktop PC; Ubuntu will completely wipe your computer.
- A CD burner and a blank CD. These are so that you can burn Ubuntu to a disk in order to install it.
- Time. Seriously, this process is time-consuming, especially if you run into problems. Try to set aside an afternoon to follow this tutorial.
You may be asking why you’d want to have your own web server. There are several reasons, a few of them being: you can have your own testing ground for your websites; with a little modification, you could host your own site; and, you will learn a lot about Linux/Unix as you go. With that said, let’s get started!
2. Download Ubuntu Server
First and foremost, we’re going to need a CD with Ubuntu on it. Point your web browser to http://www.ubuntu.com/, and click download from the menu to the left. You will now be presented with a box with two tabs: “Desktop Edition” and “Server Edition”. Click the “Server Edition” tab, and select “Ubuntu 8.04 LTS”. Next, select a download location from the drop-down box. Finally, hit the “Begin Download” button.
IMAGE SOURCE: tutsplus.com
Now you need to burn the ISO (the file that you downloaded) to a blank CD. If you don’t know how to do this, there is an
excellent guide at https://help.ubuntu.com/community/BurningIsoHowto
3. Install Ubuntu Server
Now that you’ve downloaded and burned the ISO, let’s get Ubuntu installed on your server. Put the disk in the drive, and boot from the CD. In most modern computers, this will happen by default if a disk is in the drive when you turn it on. If it doesn’t, then you need to press a key on your keyboard right when you turn it on. For my laptop, it’s F12, and for my server, it’s F2. It just depends on your computer. You can find it by looking at the text on your screen right when you turn the computer on, during the BIOS. You’ll see something like “Press [KEY] to change boot order”. Press that key, and select your CD drive.
Still with me? Good. Now that you’ve booted up Ubuntu, you should see the following screen:
IMAGE SOURCE: tutsplus.com
Select your language, and hit enter. Now you’ll see this screen:
Select “Install Ubuntu Server”, and away we go!
The installer will now ask you if you want it to detect your keyboard layout. Personally, I always choose no, because
it’s faster to select a standard american keyboard from the list than to have the installer detect it. Either option is fine,
just follow the on-screen instructions.
After you’ve done that, you’ll now see a bunch of loading screens saying things like “Detecting CD-ROM drives” and such. These should pass quickly and without problems. However, during these screens, the installer will try to auto-configure your network settings. For most cases, this will work without complaint. However, if it doesn’t work for you, just follow the on-screen instructions to get it working. After it’s done with all of that, it will ask you for a host name. You can usually set this to anything; I always set
mine to “web-server”.
The system will now want you to set the time zone for your clock. For me, it’s Pacific. Choose the one that applies to
you. Now, the system will detect more hardware, and you’ll be prompted to “partion the disk(s)”. Select “Guided – use entire disk”.
You will now need to select the disk you wish to partition. For most setups, only one disk will be available; however,
for more specialized systems, more options will be available here. Choose the one that applies to you.
It will ask you if you want to write the changes to the disk. Select “Yes” and hit enter. The installer will now proceed
to format the drive and set up the partitions. Now the magic happens. The system will begin to install. While this happens, go get a cup of coffee. This can take anywhere from 10 minutes to an hour. It just depends on your system. There might be times that it seems like it’s frozen; don’t worry, it isn’t. Just let it do it’s thing. However, if it’s stuck on one thing for upwards of an hour, then yes, it is frozen.
Now that the system is installed, it needs to set up the account you are going to login with. First, give it your full
name and hit “Continue”.
Now give it your username. It will normally just set it as your first name, but you can change it. One name you may not use is “root”.
You will now be asked to provide a password. It is ESSENTIAL that you choose a strong password, or your server will not be secure at all. I recommend at LEAST a mixture of numbers, lowercase letters, and uppercase letters. However, for my servers I use symbols, as well as a mixture of the above. DO NOT use a password shorter than 7 characters.
Then, re-enter your password to verify that you typed it correctly. The system will now attempt to configure the “Package Manager” (we’ll get to what that is shortly). Provide it with your proxy information, or leave it blank if you don’t use a proxy, and select “Continue”.
The system will now scan several servers looking for updates and configuration settings.
After that has completed, you will be presented with several options to install server software. Now, listen VERY carefully. Select OpenSSH server, and press SPACE, NOT ENTER. If you hit enter, the install will proceed without installing the OpenSSH server. You could install “LAMP server” as well, but I have no experience with this option, so we’re going to install it all with a different
command later on.
The system will now install your selected software, as well as other system components.
Finally, the install will finish. Remove the CD, and hit enter. The computer will reboot. If all goes well, you will be
presented with a screen that looks similar to the following:
Congratulations! You’ve just finished the hardest part. Ubuntu is now installed, and it is time to turn this computer into a web server.
4. Update Your New Server
Before we go any further, we need to make sure your server is up-to-date. To do this, you need to login. First, type your username (the one you chose earlier), press enter, and then type your password. As you’re typing your password, you’ll notice that nothing seems to be happening. Don’t worry, that’s the way it was designed to work. After you’ve finished typing your password, hit enter, and your screen should look similar to the one below if all went well:
Now, type:
sudo aptitude update && sudo aptitude dist-upgrade ||copy code
It will ask you for you password, and again, you won’t see anything as you’re typing it. After you’ve done that, it will ask you if
you want to continue. Type “y” and press enter. Your screen will look similar to the following:
Your system will now download and install all the latest updates. This will take a while depending on your internet connection. After it has finished, your computer will need to be rebooted. To do this, type:
sudo shutdown -r now ||copy code
And let it reboot. Your server is now completely updated. A Quick Note About “Sudo” By now, you may have noticed that all of the commands you have typed have started with “sudo”. This is because they require administrator privileges, and that’s what “sudo” does. It runs the command (i.e. “shutdown”) as an administrator, allowing it to work properly. This is also why it asks you for your password. However, after you have typed “sudo” once and entered your password, you do not have to enter your password again for five minutes. Not all commands require sudo, only ones that modify parts of the system. Got all of that? Good.
5. Install Apache, MySQL, and PHP
It is now time to install some programs. In order to access your sites from the internet, we’re going to need to install a web server (Apache). In additon to the web server, we’ll
also want a database server (MySQL) and a server-side language (PHP) so that we can run popular applications such as WordPress. So,
let’s get to it!
Installing programs on Ubuntu is a lot different than installing programs on Windows or
OS X, in that Ubuntu will download and install the programs for you with a simple command. This is because Ubuntu has something called
a Package Manager, which manages nearly all the programs on your system. All we have to do is tell the package manager
(called “aptitude”) that we want it to install Apache, MySQL, and PHP. To do this, type the following command:
sudo aptitude install apache2 php5-mysql libapache2-mod-php5 mysql-server ||copy code
And press enter. Aptitude will download and install of the programs you specified. It will also download and install any dependencies.
During the install process, MySQL will ask you for a root password. You can set this to anything, just be sure you make it long and secure. Whatever you do, DO NOT leave this blank.
After that has all finished, you now have a fully working web server. To test it out, first find your server’s IP by typing:
ifconfig | grep inet ||copy code
It’s usually the first IP returned. In my case, it’s 192.168.177.129. Now that you know the IP, open your web browser and point it to your server IP. If you see the “It works!” message, then congratulations, it works.
However, we’re not done yet. We don’t want Apache or PHP to disclose any information about themselves, as this information is not needed by your users and could pose a security risk. First, back up the original Apache configuration file:
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak ||copy code
Now open the configuration file:
sudo nano /etc/apache2/apache2.conf ||copy code
Scroll down (down arrow) to where it says “ServerTokens Full” and change it to read “ServerTokens Prod”
Now, scroll down a little further and change “ServerSignature On” to “ServerSignature Off”
Finally, press Control-O followed by Control-X. That will save the file and exit the text editor.
Now, we need to do the same thing for PHP. First, back up the original PHP configuration file:
sudo cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.bak ||copy code
Open the configuration file:
sudo nano /etc/php5/apache2/php.ini ||copy code
Change “expose_php = On” to “expose_php = Off”
Again, press Control-O followed by Control-X. Now that the configuration files are updated, restart Apache:
sudo /etc/init.d/apache2 restart ||copy code
You are done setting up Apache, MySQL, and PHP.
6. Install a Firewall
We now are going to lock down our server a bit more by installing Shorewall, a command-line firewall. To install it:
sudo aptitude install shorewall ||copy code
By default, Shorewall is installed with no rules, allowing complete access. However, this is not the behavior we want.
Instead, we’re going to block all connections to anything other than port 80 (HTTP) and port 22 (SSH). First, copy the configuration
files to the Shorewall directory:
sudo cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall/ ||copy code
Now, open the “rules” file:
sudo nano /etc/shorewall/rules ||copy code
Add these lines above where it says “#LAST LINE”
HTTP/ACCEPT net $FW
SSH/ACCEPT net $FW
Then press Control-O and Control-X. Your firewall is now configured to only accept HTTP and SSH traffic. The last thing we need to do is tell Shorewall to start on boot. So, open up the main Shorewall configuration file:
sudo nano /etc/shorewall/shorewall.conf ||copy code
Scroll down to “STARTUP_ENABLED=No” and set it to “STARTUP_ENABLED=Yes”
Press Control-O and Control-X. Now, open the Shorewall default configuration file:
sudo nano /etc/default/shorewall ||copy code
And change “startup=0” to “startup=1”. Press Control-O and Control-X. Finally, start your firewall:
sudo /etc/init.d/shorewall start ||copy code
Congratulations! Your firewall is now set up and protecting your server.
7. Add Your Website to Your Web Server
Now that you’ve got everything all set up, you’d probably like to add a website to it. By default, all of the files Apache serves up to the internet are located at “/var/www/”. However, you cannot write to this folder. Let’s make it so you can:
sudo usermod -g www-data [YOUR USERNAME]
sudo chown -R www-data:www-data /var/www
sudo chmod -R 775 /var/www
What happened there was you added yourself to the “www-data” group, and made the website folder writable to the members of the “www-data” group. Now, you’re going to log into your server using SFTP (not to be confused with FTPS). Some clients that support SFTP are:
WinSCP (Windows, Free), FileZilla (Windows, Linux, OS X, Free),
Cyberduck (OS X, Free), and, my personal favorite, Transmit
(OS X, $30)
Connect to your server using your username and password, and, if your client supports it, a default path of “/var/www” (if it doesn’t, simply browse to /var/www once you have logged in): (Transmit pictured)
You may now add your files to this folder (/var/www) and they will show up on your server when you browse to it with your web browser.
Now, you may wonder why we’re using SFTP instead of FTP. Mainly, because SFTP is already built into OpenSSH (which you installed earlier). However, it is also a lot more secure than FTP, and makes it difficult (if not impossible) for malicious users to gain access to your login credentials.
8. Make Your Server Accesible to the Internet
Most modern home networks are behind a router these days. Because of this, your web server will not be visible to the internet without a little work. As I don’t have every router available to test with, I can only give you general directions in this area.
There are two ways to open your server up to the internet: a DMZ or Port Forwarding. The main difference you’ll notice is that with a DMZ, your server uses the firewall we installed earlier to protect itself. However, with Port Forwarding, your server will be protected by your router’s firewall.
However, before we go on, you’re going to want to give your server a static LAN address. To do that, login to your router, and look for something along the lines of “Static IPs” or “Static Routing”. After you have given your server a static LAN address, you can do these next parts. Remember, Google is your friend. To port foward, there is an excellent website, PortForward.com, that, while ugly, can help you get the job done for almost any router. The ports that you want to forward are 22 and 80.
To create a DMZ, you need to login to your router and look for something like “DMZ settings”. Once you find it, add your server to the DMZ, and you’ll be set. Again, Google is helpful in situations like this. Now, find your public IP, and voila! You can access your server from anywhere as long
as your IP doesn’t change.
9. Managing Your Server Remotely
Beside allowing you to upload files, OpenSSH allows you to login to your server from anywhere as long as you know it’s IP. For Windows, you’ll need an SSH client. I recommend Putty. For OS X, SSH is already installed. Simply open up Terminal, and type “ssh you@yourip”. For Putty, choose SSH, and put in your IP, username, and password
when it asks for it. You’ll notice that, once you login, it looks exactly the same as the screen on the server:
You can do anything from here that you would do actually sitting at the server. To logout from the server, simply type “exit” and hit enter.