1 / 39

The University of Akron Summit College Business Technology Dept.

The University of Akron Summit College Business Technology Dept. 2440: 141 Web Site Administration Web Server Configuration Instructor: Enoch E. Damson. Choosing Web Server Software.

presley
Download Presentation

The University of Akron Summit College Business Technology Dept.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The University of AkronSummit CollegeBusiness Technology Dept. 2440: 141Web Site Administration Web Server Configuration Instructor: Enoch E. Damson

  2. Choosing Web Server Software • The Web server software determines the scalability, manageability, and accessibility of the sites hosted on a server • Evaluating a Web server involves looking at several aspects including: • Price • Scalability • Configuration options • Performance Web Server Configuration

  3. Choosing Web Server Software… • Price – spending a lot of money does not guarantee a good server package • Some of the best Web servers are free • Scalability – a Web server’s ability to run on different hardware configurations and operating systems • Configuration – it is important that the Web server is flexible and easy to configure • Performance – a Web server must be able to withstand heavy loads and avoid crashing Web Server Configuration

  4. Evaluating Web Server Software • Some of the questions to ask when evaluating different Web servers are: • How much is the server? • Has the server been thoroughly tested in real-world situations? • What is more important: ease of use or speed and flexibility? • How easy is it to install and configure? • Can non-webmasters publish documents to it easily? • Will the server scale to meet the needs of the growing business? • Does it behave well under heavy load? • Does it meet any special needs of your business? • Does it supported well defined and accepted industry standards? • Is it customizable and extendable? • Is technical support available? • How well does it run on existing hardware? • How good is the documentation? Web Server Configuration

  5. How Web Servers Work • HTTP (Hypertext Transfer Protocol) defines how information is passed between a browser and a Web server • Two of the most popular Web servers include: • Apache – from Apache Software Foundation • Has the largest Web server software market share • Internet Information Services (IIS) – from Microsoft Web Server Configuration

  6. Web Server Software Market Share Source: Netcraft(http://news.netcraft.com/archives/2012/07/03/july-2012-web-server-survey.html), July 2012 Web Server Configuration

  7. Apache • The most widely supported Web server the biggest market share • Developed by a group of volunteers (The Apache Group) around the world since 1995 • Software is free for anyone to use, modify and redistribute • An open source project written in the C programming language • Originated on UNIX systems but available on Windows platforms • Somewhat difficult to configure than other servers • Has no management console application • The Apache Web site is: http://www.apache.org Web Server Configuration

  8. IIS • Microsoft’s Web server specifically written for Windows platforms • Free if the Windows operating system is purchased but source code not available • The second most widely used Web server with over 25% market share • Easy to setup, configure and use • Not supported on UNIX systems • Extendable through Microsoft’s Internet Server Application Program Interface (ISAPI) • ISAPI – provides a convenient way to add functionality to a Web server – relies on DLLs (Dynamic Link Libraries) • Offers ASP and supports FrontPage extensions Web Server Configuration

  9. Understanding HTTP • Virtually no browsers are so old not to support HTTP 1.1 • HTTP is a stateless protocol, meaning that each Web page sent is independent of every other Web page sent • This makes it more challenging to create a shopping cart application Web Server Configuration

  10. Understanding HTTP… • HTTP 1.1 supports persistent connections • Allows the browser to receive multiple files in one TCP connection • Can speed up communication • Although you see a single page in your browser, it can be composed of many text and image files Web Server Configuration

  11. Understanding HTTP… • When the browser sends a request to a Web server, it looks like: GET /hello.html HTTP/1.1 Host: www.jdoe.com • The above requests the hello.html file from the root of the Web server • Each Web server has a root, which is where you store the HTML documents • It specifies the host of www.jdoe.com • There could be multiple hosts at the IP address Web Server Configuration

  12. How Web Servers Work… • As is true with other servers such as DNS, Web servers listen for communication at a port number • The default port for Web servers is 80 • Other conventional port numbers for web services are 8080 or 8000 • You can also create Web servers at port numbers greater than 1023 • Ports up to and including 1023 are reserved for other uses Web Server Configuration

  13. Installing Apache Modules • You may download and install other Apache modules from the Apache Web site (http://modules.apache.org) • Some of the modules include: • mod_cgi – allows the execution of CGI scripts • mod_perl – incorporates a Perl interpreter • mod_aspdotnet – provides an ASP.NET host interface to MS ASP.NET engine • mod_ssl – provides strong cryptography via SSL and TLS protocols CGI scripts • mod_ftpd – allows FTP connections • mod_userdir – allows user content to be served from user-specific directories via HTTP • mod_authz_ldap – provides support for authenticating users against an LDAP database • E.g. to install a module on Fedora, type: yum install mod_ssl Web Server Configuration

  14. Starting Apache • By default, Apache does not start after you install it • The following table has a list of commands Web Server Configuration

  15. Minimal Apache Configuration • To configure the name of the server: • Add a ServerName in /etc/httpd/conf/httpd.conf • E.g. ServerName www.jdoe.com:80 • Where 80 is the port number • To start Apache automatically when the computer is started: • Add apachectl start at the bottom of the /etc/rc.d/rc.local file. Web Server Configuration

  16. Default Web Site Properties in IIS Web Server Configuration

  17. Apache Properties-Global Environment • ServerRoot • Directory location of server files • KeepAlive • Indicates whether Apache should maintain a persistent connection • Listen • Determines the port number for the server • Default is 80 Web Server Configuration

  18. Apache Properties-Main Server Configuration • User • Shows the user name that Apache employs when someone requests a Web page • The default is apache • ServerAdmin • E-mail address of administrator • ServerName • DNS host name or IP address of server • DocumentRoot • Directory where the Web pages are stored Web Server Configuration

  19. Hosting Multiple Web Sitesby Port Number • Associate each new Web site with a port above 1023 • To retrieve a Web page from a site at port 8080: • http://localhost:8080/file Web Server Configuration

  20. Hosting Multiple Web Sitesby IP Address • You can create multiple IP addresses on a single NIC • Referred to as virtual IP addresses • Useful for flexibility because if each domain has its own unique IP address, you can easily move the domain to a different Web server • It is getting more expensive to get multiple IP addresses from an ISP Web Server Configuration

  21. Hosting Multiple Web Sitesby Host Name • Multiple host names can be associated with a single IP address • Getting a single IP address from your ISP is relatively inexpensive • You can host an almost unlimited number of domains with a single IP address • It is the most common method of hosting Web Server Configuration

  22. Virtual Hosts • Domains associated with a server • A server can host many domains • Domain names point to IP addresses • A server is capable of having many IP addresses – typically, a server has only one IP address • There are two types of virtual hosts: • Name-based virtual hosts – does not have a unique IP address • IP-based virtual hosts – have unique IP addresses like a normal host • The HTTPD listens for requests on a particular IP address instead of relying on the HTTP headers to determine the destination Web Server Configuration

  23. User Access • It is possible to restrict access to certain pages on a Web server • HTTP offers a simple authentication protocol used to require a username and password in order to access resources on the server • The webmaster can make certain directories and files private and require a client to authenticate before allowing access • HTTP 1.1 offers two types of authentication: • Basic authentication – offers little security because it does not encrypt any information sent over the network • Digest authentication – not very secure either and not available on some older versions of some server software • The best way to secure authentication is to use HTTPS Web Server Configuration

  24. User Access… • Although implementations are different for virtually every Web server, the basic procedures for enabling user authentication are as follows: • Determine which resources need to be restricted • Evaluate content and determine which directories/files require authentication • Determine users and groups • Determine list of users/groups to be allowed to view resources • Create users and groups • IIS – create user accounts in the operating system • Apache – requires password and group files containing information about usernames, passwords, and groups • Apply restrictions to resources (files and directories) Web Server Configuration

  25. Host Access • There are situations when denying access to your server from a particular host or domain may be desirable • Requests from domains may be rejected to prevent a site from being indexed by spiders and search engines • Hackers may be banned by IP address or domain • These methods are not foolproof but can control access to a site in many situations • The default for most servers is to allow access from any hosts • Sometimes access may only be allowed from particular hosts • Allowing access by IP address eliminates having to issue usernames and passwords • Easy way to allow access to a particular host address, range of addresses, or an entire subnet or domain Web Server Configuration

  26. Host Access… • Most Web servers have provisions for restricting access to specific hosts, networks, or domains • Apache uses the allow and deny directives to control access by host • In the Apache access.conf configuration file, an entry can be used to restrict any hosts from a sample.com domain • Specify IP addresses whenever possible – specifying domain names can decrease performance of a Web server by requiring a DNS lookup for each request Web Server Configuration

  27. Document Directories • A Web server (httpd) provides access to HTML documents from the server • Access should not be granted to all files on a server • Most Web servers will enable a single directory for publishing Web documents by default • The directory is called the document root directory • Microsoft’s IIS – c:\Inetpub\wwwroot • Apache creates – c:\Program Files\Apache Software Foundation\apache\htdocs Users & Documents

  28. Document Directories… • Accessing files outside a document root directory requires creating an alias or virtual directory • Mapped to another directory anywhere on the server Users & Documents

  29. User Directories • Profile scripts (login scripts) – usually used to customize the user account environment • There is usually a special subdirectory in the user’s home directory used for html files • Traditionally named public_htmlorwww – provides a private Web space for the user account • E.g. http://yourdomain.com/~username/ Users & Documents

  30. Directory Indexing • Allows the Web server to generate a page containing a list of files in a directory automatically if no default document is specified • Should be disabled on most directories to ensure that an index file • Web servers determine what file to retrieve based on directory indexes • If directory indexes are enabled, the server returns a default document if it receives a request for a directory • The server administrator chooses any filenames for directory indexes Users & Documents

  31. Directory Indexing… • Several options are available when choosing how a Web server views directories: • No directory browsing permitted – there must be an index document otherwise no files are listed • Directory browsing permitted, but no default documents enabled – if no index document, all files in a directory are listed • Indexes enabled – if a filename with the correct name exists in a directory, it will be returned instead of a directory listing Users & Documents

  32. Default Documents • Commonly used index filenames (default documents) include: • index.html • default.html • welcome.html • Default documents (index files): • Allow nicer looking URLs • Provide some security • People cannot see all the files in a directory if there is an index file in place • Only linked files can be accessed (unless users happen to know the names of other files in the directory) Users & Documents

  33. Transferring Files • Some of the methods of publishing files on a Web server include: • File sharing • File transfer protocol (FTP) • HTTP PUT • FrontPage extensions Users & Documents

  34. Secure Socket Layer Configuration • HTTP is not a secure protocol by default • Contents of a normal HTTP transaction are not encrypted • Unauthorized people might be able to intercept and view unencrypted transactions • When credit card numbers, passwords and other private data are being sent over the Internet, there needs to be an assurance of data security Web Server Configuration

  35. Secure Socket Layer (SSL) • The most popular encryption protocol on the Internet • Developed by Netscape but used by many other companies • Meant to go between an application-levelprotocol (HTTP) and communications protocol (TCP/IP) • Forms a layer between the application and the network communications • Not limited to Web transactions • Used by other applications that need to transfer secured data over a network • FTP and telnet clients use SSL • Several open-source projects offer free implementations of SSL for other applications (e.g. SSLeay and OpenSSL) • Transport Layer Security (TLS) protocol is based on SSL Web Server Configuration

  36. HTTPS • A normal HTTP wrapped in SSL • Netscape, Internet Explorer and other browsers support the HTTPS protocol • IIS and Netscape servers provide HTTPS support • Apache does not have HTTPS support by default • Users must download a separate SSL-enabled server to provide secure content • Patches are available to add HTTP functionality to Apache using SSLeay or OpenSSL Web Server Configuration

  37. HTTPS… • A URL to a resource on an HTTPS server uses a slightly different naming convention than normal URLs • The https prefix is used instead of the http prefix • Instructs the browser to attempt a secure connection • E.g. https://www.securedconnection.com • HTTPS connects to a server at port 443 instead of connecting to a server at port 80 as usual • Port 443 is the designated port for HTTPS (assigned by the Internet Assigned Numbers Authority-IANA) • A signal may shown to indicated a secured connection if successfully connected to a server • Most browsers use a padlock to signal secured connection Web Server Configuration

  38. Certificates • Documents that contain information about a site • A certificate authority digitally signs a certificate • Certificate authority (CA) – typically, a well-known mutually trusted organization that issues and verifies certificates • Verisign and Thawte are two of the most popular CAs • The certificate should contain information about the server and the certificate authority Web Server Configuration

  39. Obtaining Certificate • Obtaining and installing a certificate is typically the most difficult aspect of setting up a secure server • Certificates are obtained by providing a well-known CA information about your company and hosts • Letter of authorization • Proof of organization’s name • Proof to use domain name • A certificate-signing request (CSR) – contains the pubic key for the Web server • The CA processes the request and verifies the information to generate a digitally-signed certificate based on the CSR • Certificates may be costly and may have to be renewed each year • A large well-known company can create and sign its own certificate to offer clients an assurance of data security Web Server Configuration

More Related