I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc. Not all of these version of Windows have the Microsoft web server known as Internet Information Services (IIS) – formerly called Internet Information Server. I don't believe ANY version of Windows installs IIS by default, so you will need to go to Add/Remove Programs in the Control Panel, and "Turn Windows Features on or off", and turn it on. The Starter and Home versions of Windows may not have IIS available at all. For this reason, I recommend using Apache 2.2+ for Windows, it's ALWAYS free.
You can install Apache on any type of operating system, and there is a wealth knowledge available for various issues, configurations, and add-ons available online. Apache is also "open source", which means it is TOTALLY free to use. If you are seeking to get more involved with developing content for the internet in a corporate business environment, you will probably want to get involved with using IIS for Windows, but getting started with IIS is somewhat more difficult (in the authors opinion) because you need to have a more detailed understand of things like DNS, Security, opening ports, and other internet specific details. The Apache Web Server packages can be found at http://httpd.apache.org/download.cgi
and I recommend downloading the "Latest Stable Version". Since I assume you are using Windows, and that you have never compiled your own software before, get the Win32 MSI package. Even if you have a 64-bit version of Windows, you can still run Win32 (32-bit) applications. There are other versions of Apache that come "bundled" with modules like Perl, PHP, MySQL, and FTP servers, so you may want to consider doing some research on WAMP, LAMP, and XAMPP, but for this tutorial, I plan to keep it super simple with the vanilla version of Apache web server. Click here if you would like to know why.
So what you are trying to do with your web site? Do you want a web server that hosts a website? Do you just want a file server so you can share or access your files on the web? Most people want to buy a domain name and build a website according to their ideas. Having a web server in-house gives you FAR more flexibility in creating content that you publish online, and control over the users (web site visitors) interactivity, but the downside is that it takes a lot of responsibility too. You have to pay for the internet connect to your home or business, you need to keep the power supplied at all times, virus scans, installation configurations, tracking statistics (web visitors per day/month/year), and a long list of other things too. Once you get a feel for serving content on the web, I suggest you find a cheap web host that will take care of all that stuff for you. If you need help finding the right web server package for you, drop me an email by clicking on my profile. I currently pay about $100 a year for hosting an unlimited number of domains via unlimited storage and bandwidth, and TONS of extras and features, most of which I can actually use. But for this tutorial, I am going to show you how to do it in-house so you can decide what is best for you.
If you just want to play around with a web or file server (HTTP), you don't even need a domain name at all. You can simply just install a Web Server software package on your computer and access it by typing the IP Address into any web browser like so:
When you begin hosting web files on your machine through Apache, the url with look like this:
Pretty cool, right?
But what if you don't have a Static IP Address? What if it changes every time a storm comes through and knocks the power out for a few seconds? What if you are away from the office, and the IP changes without you knowing about it? How do you access the file server then? This is one of the two major reasons there is a need for a Domain Name Server (DNS).
A Domain Name Server (often called a DNS Server.. Redundant? Yes, but it's not a perfect world.) basically recreates a way to connect a domain name like experts-exchange.com to an IP Address. Experts-exchange.com is hosted on a web server with the IP Address of 188.8.131.52 - try putting http://184.108.40.206
into a new web browser window or tab and see what happens. Impressed yet? Keep reading.
You can buy your own domain name(s), but... You don't NEED to buy a domain name, you can get a free sub-domain name from dozens of places on the internet, but my personal favorite is from DynDNS.org because of the shortness of its domain name, and the awesome DNS tools. You will want to use a Dynamic IP Update software ( a good one for Windows: http://www.directupdate.net
) on your PC along with a free sub-domain from DynDNS.org or similar service so that if your IP changes, you can just type in http://my_free_sub_domain.dyndns_or_similar.org
into your web browser and it will point right to your IP Address.
What if you want to buy your own domain name? That's cool. Spend your money noob. But you have to pay for the domain name on an annual basis, and don't go crazy with buying a bunch of domain names. Each and every domain name is quite a project. You need to think about what you are going to have to do in order to maintain them all. When you purchase your first domain name, I recommend using dyndns.com or sitelutions.com because of the DNS tools they provide. You have to have at least 2 Name Servers for each domain name. This is the second key reason why DNS is important. You can host multiple domain names (web sites) on the same server if you use DNS. If you have a Static IP Address, you can put it as one of your Name Servers, and use the Name Servers your chosen DNS Service provides. They will look something like: ns1.mydyndns.com || ns2.mydyndns.com or maybe dns1.sitelutions.com || dns2.sitelutions.com
Nowadays it usually takes about an hour for DNS to "propagate" to the major backbone servers of the internet around the world, but it could take up to 24 hours in some cases. Until this happens, you won't be able to use your domain name (in most cases) until its completed.
You need to "Port Forward" if you are using a router in your home or office. All web browsers assume that Port 80 is the correct port the hosting web server is using, but it is possible to use a non-standard port. To use a non-standard port like port 81, type in www.your-domain-name.com:81
into your web browser. This can be a handy way to add a little security to your site if you have areas you don't want accessed by the general public. Some routers do not support a function known as "loopback", which allows you to view your own servers web pages through an internet browser from behind your own network. If this is the case, you will need to use the internal IP address of the computer you are using as your server in place of the domain name (i.e. instead of http://www.your-domain-name.com/web-page.html
you will use http://192.168.1.3/web-page.html
There is EXTENSIVE documentation available for getting your Apache web server up and running on your network, so I won't go into that here. This is just a basic tutorial on how to get started. Apache web server uses configuration files that you need to edit to match your needs, but it's not really all that tough to run a single web site. It gets a bit more tricky when you want to run multiple web sites, but I recommend starting out simple and working your way up.
In most cases, hosting your own web server comes with some security concerns. Part of the reason I like to use Apache for Windows fro an in-house server solution over IIS (windows built in server application) is that I've never had a random hacker upload a virus to any open directories. I can't say the same for IIS, but I choose to spend more time developing content than security concerns.
"You might think NT sites get defaced most often because NT has become the predominant Web server platform. However, that's not true. A Web site survey by Netcraft (http://www.netcraft.com/survey/
) shows that Apache Web servers outnumber all Microsoft-based solutions by almost three to one. In other words, even though NT Web servers are not the most popular, they are defaced much more frequently." - http://technet.microsoft.com/en-us/library/cc722940.aspx
Using various CHMOD permission settings can provide adequate security for your web server, but you should ALWAYS use a good anti-virus scanning software. You will want to protect your databases with strong passwords, Windows Server 2008 will not even let you create a password for an administrator without have uppercase, lowercase, AND numbers in your password. If you have a need for advanced technologies like Perl, PHP, and database swith your website, be careful where you place your directories. For example Apache allows for the placement of your CGI file (Perl scripts) to be places in a directory not accessible to web visitors, but to the pages that need to use them. Example:
\ - CGI files may be accessible via port 80 (or your custom port settings)
C:\Apache\htdocs\cgi-bin\ - CGI files may be accessible to pages
It takes some configuring for your custom solution, and there are many methods and standards used to prevent access to your scripts. For a more detailed example, see http://httpd.apache.org/docs/1.3/mod/core.html#cgicommandargs
- but chances are, if you are just getting started with Apache web server, you will not have a lot of data that is useful in exploitation by hackers/crackers. This tutorial is geared towards just getting you started with creating a web site for a web presence of yourself or your business. Just be careful to not grant access to your HTML files to all visitors! If you provide WRITE access to your files, someone could potentially edit your files on your server and either deface your web site, or redirect your traffic to another web page.
"If you do include scripts in your Web server, you must check them carefully for subtle flaws. The most common error in writing scripts (or programs) for execution on Web servers is to trust client input. A classic Unix exploit includes a command terminator at the end of some expected input; for example, a name or e-mail address. If the script trusts the input, it may pass the input unmodified as an argument to a Unix command, which means the portion after the command terminator (a semicolon, newline, or other character) would be executed by the shell." - http://technet.microsoft.com/en-us/library/cc722940.aspx
If you do want to protect certain directories on your server for access only by those with passwords, you can create users and passwords with the .htaccess file(s) on your Apache web server. for EXTENSIVE documentation on how this works, see: http://httpd.apache.org/docs/2.2/howto/htaccess.html
I hope this helps, if you have any questions about the process, please let me know! I'll be glad to help you get started!