ychousa
asked on
Setting up Linux Web Server in Windows Domain?
Hi. I'm considering installing a linux web server in our office for a new online shopping mall project. Currently we have 4 static IPs with "ONLY 1 DSL LINE" which is connected to our Windows 2000 server machine for networking.
I'm completely new to linux, and wondering how I can deploy the linux web server in this environment. Is it possible at all? If so, what would be the deployment plan, hardware wise and software wise? Do I need to upgrade my dsl to T1 connection?
I'm really a novice in this subject, so overall explanation would be really appreciated. Thank you in advance.
I'm completely new to linux, and wondering how I can deploy the linux web server in this environment. Is it possible at all? If so, what would be the deployment plan, hardware wise and software wise? Do I need to upgrade my dsl to T1 connection?
I'm really a novice in this subject, so overall explanation would be really appreciated. Thank you in advance.
Your question about DSL or T1 is also a good one. Normal small business DSL lines are "Asynchronous" lines which means the Download speed is significantly higher than your office's upload speed. Some carriers do offer synchronous DSL or sDSL which would mean the upload is as fast as the download. T1s and partial T1s are pretty much always synchronous.
This is a consideration because office users typically download a lot more than they upload. They browse web pages, download emails from many different locations, listen to music...etc. The amount of outbound traffic is usually small, and it usualy is not time-sensitive. When you start hosting a website, you will want your users of that website to have a good web browsing experience, which means the traffic from your webserver "up" the internet connection and back to the user needs to be snappy.
At some point in the network, you will need to setup a firewall. This could be a hardware device (Like a small router, think linksys, netgear, etc) or software (like using Windows Routing and Remote Access components). This firewall is the device that would be responsible for taking the traffic destined for a specific internet IP and passing it on to either the web server, or the general network, as appropriate.
Most home routers have an option for a DMZ IP address. I would not recommend using that, since it really just leaves that computer totally open to the Internet. It would be much safer to use the Port Forwarding feature, or a true DMZ network that is still protected by a firewall.
Here's a website with good quick start information outlining the steps. Some of the steps are already done in your case, but the rest are valid:
http://www.dslwebserver.com/main/quick-start.html
Here's the main page with links to their main guide as well:
http://www.dslwebserver.com/
This is a consideration because office users typically download a lot more than they upload. They browse web pages, download emails from many different locations, listen to music...etc. The amount of outbound traffic is usually small, and it usualy is not time-sensitive. When you start hosting a website, you will want your users of that website to have a good web browsing experience, which means the traffic from your webserver "up" the internet connection and back to the user needs to be snappy.
At some point in the network, you will need to setup a firewall. This could be a hardware device (Like a small router, think linksys, netgear, etc) or software (like using Windows Routing and Remote Access components). This firewall is the device that would be responsible for taking the traffic destined for a specific internet IP and passing it on to either the web server, or the general network, as appropriate.
Most home routers have an option for a DMZ IP address. I would not recommend using that, since it really just leaves that computer totally open to the Internet. It would be much safer to use the Port Forwarding feature, or a true DMZ network that is still protected by a firewall.
Here's a website with good quick start information outlining the steps. Some of the steps are already done in your case, but the rest are valid:
http://www.dslwebserver.com/main/quick-start.html
Here's the main page with links to their main guide as well:
http://www.dslwebserver.com/
ASKER
Thanks for your comments. The current set up is like the following:
The DSL line connects to a modem, then to a router which assigns IPs in the network. Then the line is connected to Win 2000 server with active directory setup. This is just a typical small business network setup, I guess.
I'm a 100% windows person, and I have almost 0 knowledge about linux. This might sound ridicul, but I even don't know if a linux machine can connect to a windows server domain.
I'd like to increase my points because the question is getting a little more complex. Please explain to me what hardware I need to buy, then how to deploy this web server setup from start. If there's a recommended linux server software, please let me know. Thanks alot!
The DSL line connects to a modem, then to a router which assigns IPs in the network. Then the line is connected to Win 2000 server with active directory setup. This is just a typical small business network setup, I guess.
I'm a 100% windows person, and I have almost 0 knowledge about linux. This might sound ridicul, but I even don't know if a linux machine can connect to a windows server domain.
I'd like to increase my points because the question is getting a little more complex. Please explain to me what hardware I need to buy, then how to deploy this web server setup from start. If there's a recommended linux server software, please let me know. Thanks alot!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi, franked it.
Sorry for my late response. I've been to a business trip last week, so I didn't have time to check the answers.
I'll be hosting 5 websites; a couple of them will have online shopping cart features. About physical IP address, what should be done if I want to run more than 1 website?
For example, I was given 5 IPs from my DSL company, but with your suggested method, it seems that I could have only 1 IP address because the IP is assinged to the router, right? What if I want to run more than 1 website? Could you give me a big picture? Thank you so much!
Sorry for my late response. I've been to a business trip last week, so I didn't have time to check the answers.
I'll be hosting 5 websites; a couple of them will have online shopping cart features. About physical IP address, what should be done if I want to run more than 1 website?
For example, I was given 5 IPs from my DSL company, but with your suggested method, it seems that I could have only 1 IP address because the IP is assinged to the router, right? What if I want to run more than 1 website? Could you give me a big picture? Thank you so much!
Hmm...I'm assuming you want all the websites hosted on the same Linux server. Not a problem, just a little more management.
I don't know what web server software you'll be using, but I would assume Apache will be your front end. If so, then you'll have to figure out what you want as far as the user experience. I would guess that you'll want 5 different domains, like:
www.shopthis.com
www.shopnow.com
www.nomoreshopping.org
www.notagain.com
www.lastone.com
If this is the case, here's your best bet:
1 - Setup each domain to its own IP address in DNS:
www.shopthis.com = 65.76.51.3
www.shopnow.com = 65.76.51.4
www.nomoreshopping.org = 65.76.51.5
www.notagain.com = 65.76.51.6
www.lastone.com = 65.76.51.7
2 - Setup a port forward in your router/firewall to forward each external IP address to the internal IP address of the web server:
www.shopthis.com = 65.76.51.3 -> 10.0.0.51
www.shopnow.com = 65.76.51.4 -> 10.0.0.51
www.nomoreshopping.org = 65.76.51.5 -> 10.0.0.51
www.notagain.com = 65.76.51.6 -> 10.0.0.51
www.lastone.com = 65.76.51.7 -> 10.0.0.51
3 - In Apache setup 5 virtual hosts. These are different "web sites" hosted by the same Apache server. These are identified by their domain name. Apache takes a look at the web browser's request and looks to see what domain name was requested. It then serves up the appropriate website.
4 - When you configure the virual hosts, setup a different document root for each of them, and either open up an FTP Server to each of those directories, or share them through Windows networking, known as Samba, on your Linux computer. This way your web developers can post the web pages to be published to their correct virtual web server.
Here's a link to Apache's Virtual Host documentation:
http://httpd.apache.org/docs/2.2/vhosts/
If you'd like to, you can setup Step 3 above with a different internal IP address for each web site. This would look like:
www.shopthis.com = 65.76.51.3 -> 10.0.0.51
www.shopnow.com = 65.76.51.4 -> 10.0.0.61
www.nomoreshopping.org = 65.76.51.5 -> 10.0.0.71
www.notagain.com = 65.76.51.6 -> 10.0.0.81
www.lastone.com = 65.76.51.7 -> 10.0.0.91
This is a little more complex, as you'll have to setup the multiple IP addresses on the same physical network card. Totally possible, just a little more manual configuration. You'll also have to setup Apache to listen on each of the IP addresses. You'll likely still want to setup Virtual Hosts for each web site. Another way to configure Apache would be to have multiple instances each listening on their own IP address, but this too is a more complex manual configuration. If, at some point, you want to split out www.notagain.com onto its own web server, for example, you would simply have to setup the new web server, then point the port forwarding rule to the new IP. I don't think you'd lose any flexibility or scalability by having all the external IP addresses point to the same internal IP address.
I don't know what web server software you'll be using, but I would assume Apache will be your front end. If so, then you'll have to figure out what you want as far as the user experience. I would guess that you'll want 5 different domains, like:
www.shopthis.com
www.shopnow.com
www.nomoreshopping.org
www.notagain.com
www.lastone.com
If this is the case, here's your best bet:
1 - Setup each domain to its own IP address in DNS:
www.shopthis.com = 65.76.51.3
www.shopnow.com = 65.76.51.4
www.nomoreshopping.org = 65.76.51.5
www.notagain.com = 65.76.51.6
www.lastone.com = 65.76.51.7
2 - Setup a port forward in your router/firewall to forward each external IP address to the internal IP address of the web server:
www.shopthis.com = 65.76.51.3 -> 10.0.0.51
www.shopnow.com = 65.76.51.4 -> 10.0.0.51
www.nomoreshopping.org = 65.76.51.5 -> 10.0.0.51
www.notagain.com = 65.76.51.6 -> 10.0.0.51
www.lastone.com = 65.76.51.7 -> 10.0.0.51
3 - In Apache setup 5 virtual hosts. These are different "web sites" hosted by the same Apache server. These are identified by their domain name. Apache takes a look at the web browser's request and looks to see what domain name was requested. It then serves up the appropriate website.
4 - When you configure the virual hosts, setup a different document root for each of them, and either open up an FTP Server to each of those directories, or share them through Windows networking, known as Samba, on your Linux computer. This way your web developers can post the web pages to be published to their correct virtual web server.
Here's a link to Apache's Virtual Host documentation:
http://httpd.apache.org/docs/2.2/vhosts/
If you'd like to, you can setup Step 3 above with a different internal IP address for each web site. This would look like:
www.shopthis.com = 65.76.51.3 -> 10.0.0.51
www.shopnow.com = 65.76.51.4 -> 10.0.0.61
www.nomoreshopping.org = 65.76.51.5 -> 10.0.0.71
www.notagain.com = 65.76.51.6 -> 10.0.0.81
www.lastone.com = 65.76.51.7 -> 10.0.0.91
This is a little more complex, as you'll have to setup the multiple IP addresses on the same physical network card. Totally possible, just a little more manual configuration. You'll also have to setup Apache to listen on each of the IP addresses. You'll likely still want to setup Virtual Hosts for each web site. Another way to configure Apache would be to have multiple instances each listening on their own IP address, but this too is a more complex manual configuration. If, at some point, you want to split out www.notagain.com onto its own web server, for example, you would simply have to setup the new web server, then point the port forwarding rule to the new IP. I don't think you'd lose any flexibility or scalability by having all the external IP addresses point to the same internal IP address.
Duh, if I read the link I posted...I'd be more accurate with my addendum to Step 3. You can setup IP based virtual hosts, so if you wanted the following setup:
www.shopthis.com = 65.76.51.3 -> 10.0.0.51
www.shopnow.com = 65.76.51.4 -> 10.0.0.61
www.nomoreshopping.org = 65.76.51.5 -> 10.0.0.71
www.notagain.com = 65.76.51.6 -> 10.0.0.81
www.lastone.com = 65.76.51.7 -> 10.0.0.91
Here you have a separate internal IP address for each site. Apache can accomodate that as part of its Virtual Host configuration. I've never done it based on IP, but I'm 100% confident that Apache can do it, and do it well. It's a very well-seasoned web server and has been able to do this for many years.
www.shopthis.com = 65.76.51.3 -> 10.0.0.51
www.shopnow.com = 65.76.51.4 -> 10.0.0.61
www.nomoreshopping.org = 65.76.51.5 -> 10.0.0.71
www.notagain.com = 65.76.51.6 -> 10.0.0.81
www.lastone.com = 65.76.51.7 -> 10.0.0.91
Here you have a separate internal IP address for each site. Apache can accomodate that as part of its Virtual Host configuration. I've never done it based on IP, but I'm 100% confident that Apache can do it, and do it well. It's a very well-seasoned web server and has been able to do this for many years.
ASKER
Hmm, let me clarify a couple things. So, 65.76.51.x are the given IPs by DSL company, and 10.0.0.xx is the IP address in our network, right? Actually, our internal IP starts from 192.168.1.2 to 192.168.1.200, and they are assigned to each workstation. So, either I want to assign 5 different external IPs to "one" IP address, or to different internal IPs depending on my choice, right?
I've got a good picture of setup thanks to your help. I will thankfully accept your answer. I ordered a server from Dell, and it's on its way now. I probably will install ubuntu server on it.
Just one more question: I found there are firewalls priced from $150 to $900. Why is there this much price difference? Can I just buy a $150 firewall for this project, or should I spend more? Thanks alot, franked it!
I've got a good picture of setup thanks to your help. I will thankfully accept your answer. I ordered a server from Dell, and it's on its way now. I probably will install ubuntu server on it.
Just one more question: I found there are firewalls priced from $150 to $900. Why is there this much price difference? Can I just buy a $150 firewall for this project, or should I spend more? Thanks alot, franked it!
ASKER
Thank you so much franked it! See you with next question in the future ^^
You have the correct idea about the external to internal mapping.
As for the question on $$ for firewalls... The security provided, and configuration flexibility is what you're paying for. Sometimes the firewall product can also add things like web content filtering, spam filtering, virus filtering, etc. at the network level. This adds a layer of protection. Some devices can also be setup as either a VPN server or client to establish a secured network connection to your internal network from anywhere on the Internet.
The higher priced the firewall, the more features and customization it will provide, but also the more difficult to configure.
At home, I'm running a Buffalo WHR-G54S but I loaded custom firmware called DD-WRT. This alternative firmware provides a huge amount of feature robustness not available from Buffalo. I've enjoyed rather good stability along with the ability to configure some pretty unique networking scenarios for work stuff from home. Current uptime is: 20 days, 16:41 and it's that short because at that point I changed desks, and had to unplug and replug every cable.
As for the question on $$ for firewalls... The security provided, and configuration flexibility is what you're paying for. Sometimes the firewall product can also add things like web content filtering, spam filtering, virus filtering, etc. at the network level. This adds a layer of protection. Some devices can also be setup as either a VPN server or client to establish a secured network connection to your internal network from anywhere on the Internet.
The higher priced the firewall, the more features and customization it will provide, but also the more difficult to configure.
At home, I'm running a Buffalo WHR-G54S but I loaded custom firmware called DD-WRT. This alternative firmware provides a huge amount of feature robustness not available from Buffalo. I've enjoyed rather good stability along with the ability to configure some pretty unique networking scenarios for work stuff from home. Current uptime is: 20 days, 16:41 and it's that short because at that point I changed desks, and had to unplug and replug every cable.
Can you give a little more detail on the way your network is setup? When the DSL line comes in, it comes in into a DSL modem and from there, the network cable is plugged into what? Is it plugged directly into your windows 2000 server or does it plug into a switch. Also if it plugs into a switch are you assigning a public ip address to your windows 2000 server?
If you are going to setup a webserver, it would be good to set it up in a DMZ situation in order to keep your data on your windows 2000 server safe and secure. In most configurations, anything that will have direct access to and from the internet should be put in a DMZ seperated from the rest of your network. This can be accomplished by using a different local subnet (ie windows 2000 server on a 192.168.1.x subnet and your webserver on 192.168.2.x subnet.) or by giving the webserver a public IP address.