Home Linux Server Part 2: Web Server setup

This is the second installment of my series of posts on setting up a Linux-based server on your home network. In Part 1, we set up Debian 3.1 on an old system to run as the server, set up the telnet daemon, and installed a basic GUI but prevented it from running on boot.

Now in Part 2, we will configure our box as a Web server open to the public (if you want) using Apache. I am assuming your system is configured as per Part 1. Thus, you have a static internal IP address assigned to your server, and a unique hostname. Also, these instructions will allow you to create a publicly accessible web server even if you have a dynamic public IP address assigned to you by your ISP. For example, on my network, my server has hostname present-server and internal IP address 192.168.2.99. However, my public IP address is dynamically assigned by my ISP, Verizon DSL, and changes unpredictably. Using these instructions, however, my web server is always available from outside my network via http://present-server.dyndns.org:8080.

1. Log into your server as root, or use telnet to log in as a regular user and run su to enable root access.
   
2. Install Apache with the command apt-get install apache. When prompted, do not enable suExec.
   
3. Apache defaults to the main server directory being /var/www. In this directory should always be a file called index.html. When installed, Apache creates a default dummy index.html. To see this file, point your web browser to the internal IP address of your server. This causes the browser to connect to your server on the default HTTP port, port 80. Apache intercepts this, and directs the visitor to the index.html file found in /var/www. However, this is the highest directory the visitor can access.
   
4. You probably want to keep the default index.html file around, but obviously do not want it to be the page your visitor sees when he navigates to your site. Thus, rename the file with mv /var/www/index.html /var/www/index.html.old. Now, you can use the /var/www directory to hold all of the files needed for your website. Be sure to create a new index.html file as the entrance page for your site.

Now your web server is fully functional if you want it to remain accessible only to those within your home network (i.e., to the intranet). Continue if you want to open it up to the internet.

1. You need to tell your router to pass any HTTP requests from outside your network on to your server for Apache to handle. Thus, you need to forward port 80 in your router's Port Forwarding Settings to the IP and MAC address of your server. You can find the MAC address of your server with the command ifconfig. You may need to be logged in as root to run this command. The MAC address (also known as a hardware address, and is a unique number identifying your Network Interface Card to other computers) is shown next to HWaddr in the eth0 entry. Port forwarding differs from router to router. Consult your router documentation for this process.
   
2. Now we need to find a Domain Name Server (DNS) to put our site in its zone. DynDNS.com provides a free service that places dynamic public IP addresses in its zone, provided you use a sub-domain of theirs (that is why my site's address is http://present-server.dyndns.org:8080). To set this up,
   
   1. Create a free account on DynDNS.com.
      
   2. Click "Dynamic DNS" under "Services," and then click "Create Host."
      
   3. Set the hostname to the same thing as the hostname on your server, and select an upper-level domain of your choice. Go to WhatIsMyIP.com, and put your public IP address in as the IP address in DynDNS. Click "Add Host" to complete the registration.
      
   4. You will not be able to test this domain if your router, like many, does not support loopback connections. Therefore, ensure there is a valid domain registration by asking a friend to point their browser to the domain you configured. They should see the index.html page you have put up if your ports are forwarded properly and the domain is set up correctly.
   
   
3. Dynamic IP addresses, by definition, change sometimes. Thus, we need a way for our entry at DynDNS.com to update with the new IP. We will use the ddclient service for Linux to manage the updating automatically.
   
   1. Install ddclient with apt-get install ddclient.
      
   2. Select dyndns from the list of services.
      
   3. Enter in the domain your registered at DynDNS as the "fully qualified domain name."
      
   4. Enter the username and password you use to log in at DynDns.com.
      
   5. Enter the interface your webserver is using as an NIC. This is most likely eth0.
      
   6. Select No when asked if you want ddclient to run whenever a ppp connection is created.
      
   7. Enter 30d for a 30-day update cycle when prompted.
      
   8. Choose to run ddclient as a daemon so you do not have to start the service every time you reboot the server.
      
   9. Edit the configuration file /etc/ddclient.conf to enable access from behind a Cable/DSL router.
      
      • Run nano /etc/ddclient.conf as root to edit the file.
        
      • Replace the line use=if, if=ppp0 with the line use=web, web=checkip.dyndns.org, web-skip='Current IP Address: '
        
      • Press Ctrl-X, Y, Enter to save the configuration file and quit nano. Run ddclient to update the IP and make sure the daemon is working. This will run automatically every 30 days, but if you know your IP address has changed, run it manually to make the changes immediately effective.

Note: Some ISPs, including Verizon DSL, block listening on HTTP port 80 to try to discourage servers running with the less-expensive dynamic IP addresses, and get you to buy a static IP. If this is the case, you need to change the operating port to something besides 80. Edit the /etc/apache/httpd.conf file, replacing the port on the port 80 line with a different number. I recommend using port 8080. Then, change which port is forwarded by your router as well. When pointing web browsers to your site, you are no longer using the default port, so you need to tell which port to connect on. That is why my site is referred to with http://present-server.dyndns.org:8080.

Great. Apache web server should be up and running, and your DNS should be automatically updated and accessible from the internet. Have a friend check your site from the outside using the domain you registered with DynDNS, specifying the port you chose. If you need to view your site internally, you need to direct your browser to the internal static IP address on the specified port unless your router supports loopback addresing.