The University of Akron Summit College Business Technology Dept. 2440: 141 Web Site Administration Web Server Configuration Instructor: Enoch E. Damson
39
Embed
2440: 141 Web Site Administration Web Server Configuration Instructor: Enoch E. Damson.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Slide 1
2440: 141 Web Site Administration Web Server Configuration
Instructor: Enoch E. Damson
Slide 2
Choosing Web Server Software The Web server software determines
the scalability, manageability, and accessibility of the sites
hosted on a server Evaluating a Web server involves looking at
several aspects including: Price Scalability Configuration options
Performance Web Server Configuration2
Slide 3
Choosing Web Server Software Price spending a lot of money does
not guarantee a good server package Some of the best Web servers
are free Scalability a Web servers ability to run on different
hardware configurations and operating systems Configuration it is
important that the Web server is flexible and easy to configure
Performance a Web server must be able to withstand heavy loads and
avoid crashing Web Server Configuration3
Slide 4
Evaluating Web Server Software Some of the questions to ask
when evaluating different Web servers are: How much is the server?
Has the server been thoroughly tested in real-world situations?
What is more important: ease of use or speed and flexibility? How
easy is it to install and configure? Can non-webmasters publish
documents to it easily? Will the server scale to meet the needs of
the growing business? Does it behave well under heavy load? Does it
meet any special needs of your business? Does it supported well
defined and accepted industry standards? Is it customizable and
extendable? Is technical support available? How well does it run on
existing hardware? How good is the documentation? Web Server
Configuration4
Slide 5
How Web Servers Work HTTP (Hypertext Transfer Protocol) defines
how information is passed between a browser and a Web server Two of
the most popular Web servers include: Apache from Apache Software
Foundation Has the largest Web server software market share
Internet Information Services (IIS) from Microsoft Web Server
Configuration5
Slide 6
Web Server Software Market Share VendorProductPercentage Apache
60%+ MicrosoftIIS 14%+ Igor Sysoevnginx11%+ GoogleGWS 3%+ lighttpd
Web Server Configuration6 Source: Netcraft
(http://news.netcraft.com/archives/2012/07/03/july-2012-web-
server-survey.html), July
2012http://news.netcraft.com/archives/2012/07/03/july-2012-web-
server-survey.html
Slide 7
Apache The most widely supported Web server the biggest market
share Developed by a group of volunteers (The Apache Group) around
the world since 1995 Software is free for anyone to use, modify and
redistribute An open source project written in the C programming
language Originated on UNIX systems but available on Windows
platforms Somewhat difficult to configure than other servers Has no
management console application The Apache Web site is:
http://www.apache.orghttp://www.apache.org Web Server
Configuration7
Slide 8
IIS Microsofts Web server specifically written for Windows
platforms Free if the Windows operating system is purchased but
source code not available The second most widely used Web server
with over 25% market share Easy to setup, configure and use Not
supported on UNIX systems Extendable through Microsofts Internet
Server Application Program Interface (ISAPI) ISAPI provides a
convenient way to add functionality to a Web server relies on DLLs
(Dynamic Link Libraries) Offers ASP and supports FrontPage
extensions Web Server Configuration8
Slide 9
Understanding HTTP Virtually no browsers are so old not to
support HTTP 1.1 HTTP is a stateless protocol, meaning that each
Web page sent is independent of every other Web page sent This
makes it more challenging to create a shopping cart application Web
Server Configuration9
Slide 10
Understanding HTTP HTTP 1.1 supports persistent connections
Allows the browser to receive multiple files in one TCP connection
Can speed up communication Although you see a single page in your
browser, it can be composed of many text and image files Web Server
Configuration10
Slide 11
Understanding HTTP When the browser sends a request to a Web
server, it looks like: GET /hello.html HTTP/1.1 Host: www.jdoe.com
The above requests the hello.html file from the root of the Web
server Each Web server has a root, which is where you store the
HTML documents It specifies the host of www.jdoe.com There could be
multiple hosts at the IP address Web Server Configuration11
Slide 12
How Web Servers Work As is true with other servers such as DNS,
Web servers listen for communication at a port number The default
port for Web servers is 80 Other conventional port numbers for web
services are 8080 or 8000 You can also create Web servers at port
numbers greater than 1023 Ports up to and including 1023 are
reserved for other uses Web Server Configuration12
Slide 13
Installing Apache Modules You may download and install other
Apache modules from the Apache Web site
(http://modules.apache.org)http://modules.apache.org Some of the
modules include: mod_cgi allows the execution of CGI scripts
mod_perl incorporates a Perl interpreter mod_aspdotnet provides an
ASP.NET host interface to MS ASP.NET engine mod_ssl provides strong
cryptography via SSL and TLS protocols CGI scripts mod_ftpd allows
FTP connections mod_userdir allows user content to be served from
user-specific directories via HTTP mod_authz_ldap provides support
for authenticating users against an LDAP database E.g. to install a
module on Fedora, type: yum install mod_ssl Web Server
Configuration13
Slide 14
Starting Apache By default, Apache does not start after you
install it The following table has a list of commands
ProcedureCommand Start Apacheapachectl start Stop Apacheapachectl
stop Restart Apacheapachectl restart Web Server
Configuration14
Slide 15
Minimal Apache Configuration To configure the name of the
server: Add a ServerName in /etc/httpd/conf/httpd.conf E.g.
ServerName www.jdoe.com:80 Where 80 is the port number To start
Apache automatically when the computer is started: Add apachectl
start at the bottom of the /etc/rc.d/rc.local file. Web Server
Configuration15
Slide 16
Default Web Site Properties in IIS Web Server
Configuration16
Slide 17
Apache Properties- Global Environment ServerRoot Directory
location of server files KeepAlive Indicates whether Apache should
maintain a persistent connection Listen Determines the port number
for the server Default is 80 Web Server Configuration17
Slide 18
Apache Properties- Main Server Configuration User Shows the
user name that Apache employs when someone requests a Web page The
default is apache ServerAdmin E-mail address of administrator
ServerName DNS host name or IP address of server DocumentRoot
Directory where the Web pages are stored Web Server
Configuration18
Slide 19
Hosting Multiple Web Sites by Port Number Associate each new
Web site with a port above 1023 To retrieve a Web page from a site
at port 8080: http://localhost:8080/file Web Server
Configuration19
Slide 20
Hosting Multiple Web Sites by IP Address You can create
multiple IP addresses on a single NIC Referred to as virtual IP
addresses Useful for flexibility because if each domain has its own
unique IP address, you can easily move the domain to a different
Web server It is getting more expensive to get multiple IP
addresses from an ISP Web Server Configuration20
Slide 21
Hosting Multiple Web Sites by Host Name Multiple host names can
be associated with a single IP address Getting a single IP address
from your ISP is relatively inexpensive You can host an almost
unlimited number of domains with a single IP address It is the most
common method of hosting Web Server Configuration21
Slide 22
Virtual Hosts Domains associated with a server A server can
host many domains Domain names point to IP addresses A server is
capable of having many IP addresses typically, a server has only
one IP address There are two types of virtual hosts: Name-based
virtual hosts does not have a unique IP address IP-based virtual
hosts have unique IP addresses like a normal host The HTTPD listens
for requests on a particular IP address instead of relying on the
HTTP headers to determine the destination Web Server
Configuration22
Slide 23
User Access It is possible to restrict access to certain pages
on a Web server HTTP offers a simple authentication protocol used
to require a username and password in order to access resources on
the server The webmaster can make certain directories and files
private and require a client to authenticate before allowing access
HTTP 1.1 offers two types of authentication: Basic authentication
offers little security because it does not encrypt any information
sent over the network Digest authentication not very secure either
and not available on some older versions of some server software
The best way to secure authentication is to use HTTPS Web Server
Configuration23
Slide 24
User Access Although implementations are different for
virtually every Web server, the basic procedures for enabling user
authentication are as follows: Determine which resources need to be
restricted Evaluate content and determine which directories/files
require authentication Determine users and groups Determine list of
users/groups to be allowed to view resources Create users and
groups IIS create user accounts in the operating system Apache
requires password and group files containing information about
usernames, passwords, and groups Apply restrictions to resources
(files and directories) Web Server Configuration24
Slide 25
Host Access There are situations when denying access to your
server from a particular host or domain may be desirable Requests
from domains may be rejected to prevent a site from being indexed
by spiders and search engines Hackers may be banned by IP address
or domain These methods are not foolproof but can control access to
a site in many situations The default for most servers is to allow
access from any hosts Sometimes access may only be allowed from
particular hosts Allowing access by IP address eliminates having to
issue usernames and passwords Easy way to allow access to a
particular host address, range of addresses, or an entire subnet or
domain Web Server Configuration25
Slide 26
Host Access Most Web servers have provisions for restricting
access to specific hosts, networks, or domains Apache uses the
allow and deny directives to control access by host In the Apache
access.conf configuration file, an entry can be used to restrict
any hosts from a sample.com domain Specify IP addresses whenever
possible specifying domain names can decrease performance of a Web
server by requiring a DNS lookup for each request order allow, deny
allow from all deny from *.samplesite.com Web Server
Configuration26
Slide 27
Document Directories A Web server (httpd) provides access to
HTML documents from the server Access should not be granted to all
files on a server Most Web servers will enable a single directory
for publishing Web documents by default The directory is called the
document root directory Microsofts IIS c:\Inetpub\wwwroot Apache
creates c:\Program Files\Apache Software Foundation\apache\htdocs
Users & Documents27
Slide 28
Document Directories Accessing files outside a document root
directory requires creating an alias or virtual directory Mapped to
another directory anywhere on the server Users &
Documents28
Slide 29
User Directories Profile scripts (login scripts) usually used
to customize the user account environment There is usually a
special subdirectory in the users home directory used for html
files Traditionally named public_html or www provides a private Web
space for the user account E.g. http://yourdomain.com/~username/
Users & Documents29
Slide 30
Directory Indexing Allows the Web server to generate a page
containing a list of files in a directory automatically if no
default document is specified Should be disabled on most
directories to ensure that an index file Web servers determine what
file to retrieve based on directory indexes If directory indexes
are enabled, the server returns a default document if it receives a
request for a directory The server administrator chooses any
filenames for directory indexes Users & Documents30
Slide 31
Directory Indexing Several options are available when choosing
how a Web server views directories: No directory browsing permitted
there must be an index document otherwise no files are listed
Directory browsing permitted, but no default documents enabled if
no index document, all files in a directory are listed Indexes
enabled if a filename with the correct name exists in a directory,
it will be returned instead of a directory listing Users &
Documents31
Slide 32
Default Documents Commonly used index filenames (default
documents) include: index.html default.html welcome.html Default
documents (index files): Allow nicer looking URLs Provide some
security People cannot see all the files in a directory if there is
an index file in place Only linked files can be accessed (unless
users happen to know the names of other files in the directory)
Users & Documents32
Slide 33
Transferring Files Some of the methods of publishing files on a
Web server include: File sharing File transfer protocol (FTP) HTTP
PUT FrontPage extensions Users & Documents33
Slide 34
Secure Socket Layer Configuration HTTP is not a secure protocol
by default Contents of a normal HTTP transaction are not encrypted
Unauthorized people might be able to intercept and view unencrypted
transactions When credit card numbers, passwords and other private
data are being sent over the Internet, there needs to be an
assurance of data security Web Server Configuration34
Slide 35
Secure Socket Layer (SSL) The most popular encryption protocol
on the Internet Developed by Netscape but used by many other
companies Meant to go between an application-level protocol (HTTP)
and communications protocol (TCP/IP) Forms a layer between the
application and the network communications Not limited to Web
transactions Used by other applications that need to transfer
secured data over a network FTP and telnet clients use SSL Several
open-source projects offer free implementations of SSL for other
applications (e.g. SSLeay and OpenSSL) Transport Layer Security
(TLS) protocol is based on SSL Web Server Configuration35
Slide 36
HTTPS A normal HTTP wrapped in SSL Netscape, Internet Explorer
and other browsers support the HTTPS protocol IIS and Netscape
servers provide HTTPS support Apache does not have HTTPS support by
default Users must download a separate SSL-enabled server to
provide secure content Patches are available to add HTTP
functionality to Apache using SSLeay or OpenSSL Web Server
Configuration36
Slide 37
HTTPS A URL to a resource on an HTTPS server uses a slightly
different naming convention than normal URLs The https prefix is
used instead of the http prefix Instructs the browser to attempt a
secure connection E.g. https://www.securedconnection.com HTTPS
connects to a server at port 443 instead of connecting to a server
at port 80 as usual Port 443 is the designated port for HTTPS
(assigned by the Internet Assigned Numbers Authority-IANA) A signal
may shown to indicated a secured connection if successfully
connected to a server Most browsers use a padlock to signal secured
connection Web Server Configuration37
Slide 38
Certificates Documents that contain information about a site A
certificate authority digitally signs a certificate Certificate
authority (CA) typically, a well-known mutually trusted
organization that issues and verifies certificates Verisign and
Thawte are two of the most popular CAs The certificate should
contain information about the server and the certificate authority
Web Server Configuration38
Slide 39
Obtaining Certificate Obtaining and installing a certificate is
typically the most difficult aspect of setting up a secure server
Certificates are obtained by providing a well-known CA information
about your company and hosts Letter of authorization Proof of
organizations name Proof to use domain name A certificate-signing
request (CSR) contains the pubic key for the Web server The CA
processes the request and verifies the information to generate a
digitally-signed certificate based on the CSR Certificates may be
costly and may have to be renewed each year A large well-known
company can create and sign its own certificate to offer clients an
assurance of data security Web Server Configuration39