The most reliable and cost effective way to run a website!
By Red Squirrel
No problem, well, almost none. All you have to do is setup a home server, and you need an always-on connection that has decent speed such as cable or adsl. A DS0 won't cut it, even if you have a dedicated phone line for dial-up, don't bother running it! You need a high speed connection.
The only problem with running your own server is that it is against the ToS of most ISPs and you can't really get a domain name since you don't have a static IP (most likely not) but you can get a static hostname using a special ip updating service. This article will walk you through setting up your server with php and mySQL and also how to set it up with your network. Also, making it harder for your ISP to find your server will also be discussed.
Server side stuff
If you can get yourself a dedicated computer as server, then you are rocking, you can install a Linux distro and setup everything, but this article won't get into setting up Linux though. If you don't have a dedicated computer, you are not out of luck, you can use a Windows program called EasyPHP which will install and configure Apache, PHP and MySQL. This has its downs such as being outdated versions of PHP and SQL but it will get the job done, for a high productivity server it's best to have a separate computer with Linux. It is possible to manually install php and MySQL in Windows so you can have the latest versions, but it is a pain in the butt and complicated. Apache is easy to install alone, but PHP and MySQL will cause you head aches. So get yourself a (free) copy of Easy PHP at http://www.easyphp.org/.
Once you finished installing it, you will want to configure Apache to fit your needs. In the EasyPHP directory you will see a folder called apache, open that and then open the conf folder. With EasyPHP turned off, open and edit http.conf. Do a backup first.
The most important to edit, really is these lines shown here, you can use your text editor's search/find feature to find them faster.
This is where the actual apache files such as log files are, this is NOT your html iceteks_root! It is best to simply leave it, but you can change it to a different folder if you want, but you may get errors about modules and you will need to move the modules folder in the same one you set Servericeteks_root to.
80 is the default port for HTTP. When you type in an internet address, it automatically knows to connect to port 80. However, when your ISP does a port scan on your IP, they will find it quick as they most likly only scan well known ports to speed up the process, instead of scanning all 65000+ ports. Some ISPs are stricter than others about running a server. Mine does not do port scans but instead, if they receive a complaint they contact you and you have to get rid of the server. One of the main threat (well known hate mail sender and forum troll) to IceTeks had previously done this, which is why we are not running a server anymore.
Choosing a different port won't stop someone from reporting you, but it's still best to choose a different port to at least minimize the chance of being found. You may want to choose a well known trojan port such as 53001. To access your site, you will need to type http://yourIP:53001 but a better way will be explained, so just choose a good port that will not be taken as a server. Please note that this does not hide your server completely, as your server will still return a HTTP "intro" when port scanned, but most isps most likely only scan well known server ports only. Some port scanners will just show the port number and no return data.
When someone encounters an error such as 404 and gets the default apache page, this email will be there.
This is the actual name of the server that will be displayed on errors, and clicking on it will let users send an email to the ServerAdmin address.
This is where your html iceteks_root is. You have to place an index.html file in that folder, and typing that address will open that file, and if you put a folder, you simply add it on the address with a forward slash and so on. You can change index.html to something else such as home.html or anything; we will get to that later.
You will see a directory tag similar to this, it is best to keep AllowOverride to all, that way you can change settings with .htaccess files. More on those will come later.
DirectoryIndex index.htm index.shtml index.wml index.pwml index.php index.php3 index.php4
This specifies what files can be used as indexes, that means that if you put a index.htm file in a folder and type the url to that folder, it will automatically open index.htm. You can specify multiple names and they are in priority order, so if there's an index.htm file and a index.php4 file, the index.htm file will be opened by default.
This is the configuration files you can put in each folder to have different settings for folders, such as password protection. If you are using windows, name it something like htaccess.txt as .htaccess is considered invalid and is hard to create under Windows.
<Files ~ "^\ht">
Deny from all
This will deny access to specific files. In this case, any files that start with ht. That way people can't look at your htaccess.txt files, and if you decide to create file databases, you can start the database files with ht that way it cannot be read directly (only by the actual php script designed to extract the right info).
CustomLog logs/access.log combined
This will make your logs have all the information such as IP, referrer, user agent etc... It will most likely be commented (a # will be before it) so uncomment it and comment the default log entry. the logs/ directory is in the folder that is specified for Servericeteks_root.
ErrorDocument 404 /security/errordocs/err404.php
This is to handle different errors and show a document other than the Apache default. Simply put ErrorDocument, the number of the error, and then the file to point to. If you use quotes, you can simply have a text message instead of showing an actual document. Other well known errors are 500 for internal server error and 501 for forbidden. There are also others.
There are many other settings you can change, simply go through the Apache configuration file and read the comments. Most of the Apache configuration comes with practice and experience, and lots of patiance.
Apache configuration is based on commands and tags specified in the main configuration file, or in separate files to apply certain settings to certain directories. The best place to learn about the various options you can use is at the Apache website. Here is the direct url to the documentation: http://httpd.apache.org/docs-project/ Note: even though you can change the name to something such as htaccess.txt in the settings, these configuration files are always referred to as .htaccess to avoid confusion.
Here are a few settings you will use often in .htaccess files:
These two tags let you specify whether or not people can access that folder. If you put deny from all, nobody can access it. If you put another folder in that folder and put allow from all, then people will be able to access that folder, but not the folder it's in.
You can also use this to block certain IPs, for example.
deny from 22.214.171.124
Everyone but that IP can access that folder. This can be useful for troublesome users. You can also let only a certain amount of IPs access like this:
deny from all
allow from 127.0.0.1
allow from 192.168.1.10
Only both shown IPs would be able to access that directory.
There are many options you can use such as whether or not to show contents of directories when there is no index file. You simply put this:
This would show listings of files IF there is no index.
To disable listings, you would put:
This would show a forbidden page if there is no index.
There are many more options that can be found at the Apache documentation site.
PHP is a well known scripting language used for message boards and many other scripts. In fact, the article you are reading now is generated by PHP. The actual writing is simply a text file, and it is passed through a php script that formats it to fit the site's look. That way if I change the site's look, I don't have to change every article.
To test php, simply create a file and name it test.php and put the following in it:
If you see "Hello World" when you open it, php works. If you simply get the source, it does not work. With EasyPHP properly installed, there is no reason why it should not work.
MySQL is a database format used for many message boards such as Invision Board, which is what is used by IceTeks. You need to have it ready in order to install any script that needs it.
In your browser, type http://yourIP:port/mysql/ and you will get something similar to this:
To create a new database, simply use the option and enter a database name. You will need to specify this name during the installation of scripts.
But first, setup a username and password, so click on users and you will get something like this:
This window is pretty self-explanatory. Simply make a user called iceteks_root. Warning! DO set a password, and a strong one, and don't forget it. This screen shot shows no password, but it is because it is an internal server so security is less important, but when you have an online web server, you want as much security as possible.
You also want to set grants. Simply put everything, and allow iceteks_root to access any database. It is not needed to create any more users unless you are sharing your server with someone and you don't want them to have access to your databases.
Ready to go online
Did you realize you had a hard to remember address to access your server? You don't want to start giving that to your friends right away! Head over to http://www.dynu.com and sign up for an account and download the client. This program will run on the server and send your IP to their server and update as needed, and when you register, you will be given a url similar to this: username.dynu.net. This will be your web address.
If you set Apache on a different port than 80 you will need to specify it in the url, BUT, you can avoid this. Dynu has an option to do port forwarding, so simply forward port 80 requests to the port specified in Apache. That way, it will be easy to access your server by that url, but harder for your ISP to find it by your IP.
But on the bright side, a decent ISP will warn you first and you will have to take it off, which is still a bad thing, especially if you are running a big business site that is needed to be up all the time. What makes running your own server great is that you have total control over it. Since IceTeks has been on a host, we have been down every day, simply because our host is not good and we have no control over it, but when we ran our own server, it was rarely down.
If you do not work directly on the server, you may want to setup an ftp server. Again, mask the port, but since you will be the only one using it, doing a port forward is not a must, you can simply use your favorite ftp client and plug in the right port. There are many ftp servers for Windows, choose one that will best fit your needs and configure it with a strong password and make it have access to your document iceteks_root so you can upload/download/delete files remotely.
Especially in Windows, you will notice that it will lag with time and require defragmenting or simply a reboot. Make sure to always keep the system clean from junk and don't let anyone you would not trust go on it. To defrag, the best thing to do is to run the dynu program on a different computer and setup a quick web server to simply show a page that says you are offline, simply set the 404 page to point to the index, that way any page access attempts will show the offline message. That way you don't leave your visitors with a "can't connect to server" for a day or so (depending on how long it takes to defrag).
To keep maximum reliability, you will want good cooling, put as many fans as you wish and don't worry about noise, just make sure the PC gets proper cooling and that everything is always in good working order.
If you have a router, you will need to configure your router to forward port request to the server, or you can buy a hub, uplink it to the internet, plug in your router and your server, that way you will have two IPs, your router, and your server. Make sure your ISP allows you to use two IPs as there is no way of masking this without putting it behind a router. Most routers should have a port forward option though and you can just use that.
Having a good firewall is a MUST. Make sure it has the ability to alert you of certain attempts and to block IPs. You can also block all traffic but TCP/IP traffic on your server ports, and make sure port 139 is not open! Also check your Apache logs regularly for any suspicious activity. A lot of this activity is also done by worms such as code red, most attacks are geared towards IIS but do not affect Apache, so don't panic every time you see something weird. The most common are attempts to gain access to cmd.exe and default.ida. This is because of a bug in IIS, which is unsurprisingly made by Microsoft.
I hope this article has helped you get your server up and running! Enjoy your server while you can, as your ISP may find out sooner or later, but IceTeks had it for almost a year and we did not use any port masking techniques either, just never thought of it!
The key is to make sure not to make any enemies online as they will report it just to make your life miserable. We made enemies not by choice, but simply because of jealousy of our site and server. So these things happen and be ready to think of a quick plan to avoid an extended period of downtime if you need to take down your server because of your ISP. In our case, we simply signed up to a host, which is out beaten by our past server because we are always down every day (well at the time this was written anyway). It is very hard to find decent hosts these days, and the problem is that connections that allow you a server, range in the 1000's such as T1, which is not as fast as ADSL or cable, but hosts can also get expensive.
IceTeks Owner and Administrator
This site best viewed in a W3C standard browser at 800*600 or higher
Site design by Red Squirrel | Contact
© Copyright 2019 Ryan Auclair/IceTeks, All rights reserved