I was contacted by several readers of my previous post, Creating Your Own Web Server, with comments that it's lacking an actual tutorial on how to create the web server.
Again, I am very weary of creating a tutorial that will favor only one web server or platform, so I am including a generic checklist that covers the creation of any web server, regardless of platform.
STEP 0 - Find a computer that will become the web server. For excersise purposes, an older PC lying around or a Virtual Machine is more then sufficient.
STEP 1 - Install an operating system on the designated Web Server computer.
- Operating System Elements - Minimize the number of other services. If possible, avoid GUI installation, and leave only the Web server service, and the secure remote management service of your choice (NOT TELNET).
- Storage Volumes - I recommend to create a designated volume for web site hosting, which is separate from the system volume. This helps if you need to set quotas, permissions, and when performing backup
- IP address - set a fixed IP address on a LAN network interface. This is the primary IP address that you will use to contact the Web server once it is installed. If you don't have any LAN adapters in the PC, don't despair! There is always the loopback interface, which always has the address of 127.0.0.1. Make sure that the interface on which you set the ip address is active(up). The simplest way to do this is to connect it to a hub port. The loopback adapter is always up, so you don't need to bother with it.
- For windows server, you can choose to activate the built-in Internet Information Server (IIS), or install another Web server for which a Windows version exists.
- For the Linux/Unix flavours, you can't go with IIS, but the Apache and lighttpd web servers are always available, among others.
NOTE: There is always the option to compile the web server from source code, with appropriate tuning of the executable. For your first few web servers, avoid this option and go with a precompiled and packaged binary (RPM package for CentOS/RedHat/WhiteBox and DEB for Ubuntu/Debian)
- Add support for appropriate server-side scripting languages for the web server. Without this, the web server will be capable of serving only pure HTTP code, and will not be able to process PHP, Ruby, ASP etc. For Windows, ASP support is built-in into the IIS. For all other web servers on any platform, appropriate binaries (packages) need to be installed for scripting support.
NOTE: In case the installer of these binaries isn't capable of integrating the support into the web server configuration, you have to add it manually into the Web server config files
STEP 3 - From the web server, open a browser and type in the IP address you set on your PC or just use 127.0.0.1. You should see a default page informing you that the server is up
STEP 4 - Set up your own content. This means placing the content of the appropriate directory which is the 'root' of the web server site. Each web server is installed with one default web site (usually called....drumroll please....'default').
The usual filesystem path for Internet Information Server is C:\inetpub\wwwroot, and for a linux based apache is /var/www/htdocs. If you are installing the AppServ package on Windows, the default path is C:\appserv\www\
And that's it, you have a bare-bones working Web server. Regretfully, describing further details of advanced set-up will take wey too much time and space to cover all relevant topics, but you are welcome to contact me for individual questions and advice at shortinfosec _at_ gmail dot com.
Creating Your Own Web Server
Web Site that is not Easy to hack - Part 2 HOWTO
Web Site that is not that easy to hack - Part 1 HOWTO
Talk back and comments are most welcome