1. A Quick Overview
In this tutorial, we are aiming to accomplish several things:
- We’re going to install the Ubuntu Server operating system. I commonly use Ubuntu because of its ease of use and simple administration. It also has a rather large and extremely active community behind it, which makes getting support a breeze.
- We’re going to install an OpenSSH server. This allows you to administer your server from remote computers.
- A LAMP (Linux, Apache, MySQL, and PHP) stack is going to be installed. This provides the backbone that will run your web site. Apache is the industry standard web server on Unix-based operating systems; it’s what most web hosts use (NETTUTS is using it right now!) and it’s what we’re going to use.
- We’re going to install a firewall to protect your server from unauthorized access.
In order to follow this tutorial, you’re going to need a few items:
- A computer to use as your server. It doesn’t need to be powerful; as long as it’s not ancient, it’ll work fine. Please don’t do this on your desktop PC; Ubuntu will completely wipe your computer.
- A CD burner and a blank CD. These are so that you can burn Ubuntu to a disk in order to install it.
- Time. Seriously, this process is time-consuming, especially if you run into problems. Try to set aside an afternoon to follow this tutorial.
You may be asking why you’d want to have your own web server. There are several reasons, a few of them being: you can have your own testing ground for your websites; with a little modification, you could host your own site; and, you will learn a lot about Linux/Unix as you go.
With that said, let’s get started!
2. Download Ubuntu Server
First and foremost, we’re going to need a CD with Ubuntu on it. Point your web browser to http://www.ubuntu.com/, and click download from the menu to the left. You will now be presented with a box with two tabs: “Desktop Edition” and “Server Edition”. Click the “Server Edition” tab, and select “Ubuntu 11.04 LTS”. Next hit the “Start Download” button.
Now you need to burn the ISO (the file that you downloaded) to a blank CD. If you don’t know how to do this, there is an excellent guide at https://help.ubuntu.com/community/BurningIsoHowto
3. Install Ubuntu Server
Now that you’ve downloaded and burned the ISO, let’s get Ubuntu installed on your server. Put the disk in the drive, and boot from the CD. In most modern computers, this will happen by default if a disk is in the drive when you turn it on. If it doesn’t, then you need to press a key on your keyboard right when you turn it on. For my laptop, it’s F12, and for my server, it’s F2. It just depends on your computer. You can find it by looking at the text on your screen right when you turn the computer on, during the BIOS. You’ll see something like “Press [KEY] to change boot order”. Press that key, and select your CD drive.
Still with me? Good. Now that you’ve booted up Ubuntu, you should see the following screen:
Select your language, and hit enter. Now you’ll see this screen:
Select “Install Ubuntu Server”, and away we go!
The installer will now ask you if you want it to detect your keyboard layout. Personally, I always choose no, because
it’s faster to select a standard UK keyboard from the list than to have the installer detect it. Either option is fine,
just follow the on-screen instructions.
After you’ve done that, you’ll now see a bunch of loading screens saying things like “Detecting CD-ROM drives” and such.
These should pass quickly and without problems. However, during these screens, the installer will try to auto-configure your network settings. For most cases, this will work without complaint. However, if it doesn’t work for you, just follow the on-screen instructions to get it working.
After it’s done with all of that, it will ask you for a host name. You can usually set this to anything; I always set mine to “web-server”.
The system will now want you to set the time zone for your clock. For me, it’s London. Choose the one that applies to
Now, the system will detect more hardware, and you’ll be prompted to “partition the disk(s)”. Select “Guided – use entire
You will now need to select the disk you wish to partition. For most setups, only one disk will be available; however,
for more specialized systems, more options will be available here. Choose the one that applies to you.
It will ask you if you want to write the changes to the disk. Select “Yes” and hit enter. The installer will now proceed
to format the drive and set up the partitions.
Now the magic happens. The system will begin to install. While this happens, go get a cup of coffee. This can take anywhere from 10 minutes to an hour. It just depends on your system. There might be times that it seems like it’s frozen; don’t worry, it isn’t. Just let it do its thing. However, if it’s stuck on one thing for upwards of an hour, then yes, it is frozen.
Now that the system is installed, it needs to set up the account you are going to login with. First, give it your full
name and hit “Continue”.
Now give it your username. It will normally just set it as your first name, but you can change it. One name you may not use is “root”.
You will now be asked to provide a password. It is ESSENTIAL that you choose a strong password, or your server will not
be secure at all. I recommend at LEAST a mixture of numbers, lowercase letters, and uppercase letters. However, for my servers I use symbols, as well as a mixture of the above. DO NOT use a password shorter than 7 characters.
Then, re-enter your password to verify that you typed it correctly.
The system will now attempt to configure the “Package Manager” (we’ll get to what that is shortly). Provide it with your
proxy information, or leave it blank if you don’t use a proxy, and select “Continue”.
The system will now scan several servers looking for updates and configuration settings.
After that has completed, you will be presented with several options to install server software. Now, listen VERY carefully.
Select OpenSSH server, and press SPACE, NOT ENTER. If you hit enter, the install will proceed without installing the OpenSSH server.
You could install “LAMP server” as well, but I have no experience with this option, so we’re going to install it all with a different command later on.
The system will now install your selected software, as well as other system components.
Finally, the install will finish. Remove the CD, and hit enter. The computer will reboot. If all goes well, you will be
presented with a screen that looks similar to the following:
Congratulations! You’ve just finished the hardest part. Ubuntu is now installed, and it is time to turn this computer into
a web server.
4. Update Your New Server
Before we go any further, we need to make sure your server is up-to-date. To do this, you need to login. First, type your username (the one you chose earlier), press enter, and then type your password. As you’re typing your password, you’ll notice that nothing seems to be happening. Don’t worry, that’s the way it was designed to work. After you’ve finished typing your password, hit enter, and your screen should look similar to the one below if all went well:
sudo aptitude update && sudo aptitude upgrade
It will ask you for your password, and again, you won’t see anything as you’re typing it. After you’ve done that, it will ask you if
you want to continue. Type “y” and press enter. Your screen will look similar to the following:
Your system will now download and install all the latest updates. This will take a while depending on your internet connection. After it has finished, your computer will need to be rebooted. To do this, type:
sudo shutdown -r now
And let it reboot. Your server is now completely updated.
A Quick Note About “Sudo”
By now, you may have noticed that all of the commands you have typed have started with “sudo”. This is because they require administrator privileges, and that’s what “sudo” does. It runs the command (i.e. “shutdown”) as an administrator, allowing it to work properly. This is also why it asks you for your password. However, after you have typed “sudo” once and entered your password, you do not have to enter your password again for five minutes. Not all commands require sudo, only ones that modify parts of the system.
Got all of that? Good.
5. Install Apache, MySQL, and PHP
It is now time to install some programs. In order to access your sites from the internet, we’re going to need to install a web server (Apache). In addition to the web server, we’ll also want a database server (MySQL) and a server-side language (PHP) so that we can run popular applications such as WordPress. So, let’s get to it!
Installing programs on Ubuntu is a lot different than installing programs on Windows or OS X, in that Ubuntu will download and install the programs for you with a simple command. This is because Ubuntu has something called a Package Manager, which manages nearly all the programs on your system. All we have to do is tell the package manager
(called “aptitude”) that we want it to install Apache, MySQL, and PHP. To do this, type the following command:
sudo aptitude install apache2 php5-mysql libapache2-mod-php5 mysql-server
And press enter. Aptitude will download and install of the programs you specified. It will also download and install any
During the install process, MySQL will ask you for a root password. You can set this to anything, just be sure you make it long and secure.
Whatever you do, DO NOT leave this blank.
After that has all finished, you now have a fully working web server. To test it out, first find your server’s IP by typing:
ifconfig | grep inet
It’s usually the first IP returned. In my case, it’s 192.168.254.128. Now that you know the IP, open your web browser and point it to your server IP. If you see the “It works!” message, then congratulations, it works.
However, we’re not done yet. We don’t want Apache or PHP to disclose any information about themselves, as this information is not needed by your users and could pose a security risk. First, back up the original Apache configuration file:
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak
Now open the configuration file:
sudo nano /etc/apache2/apache2.conf
Scroll down (down arrow) to where it says “ServerTokens Full” and change it to read “ServerTokens Prod”, if it’s not there by default then go to bottom of page and type it yourself:
Now, scroll down a little further and change “ServerSignature On” to “ServerSignature Off”, if it’s not there by default then go to bottom of page and type it yourself:
Finally, press Control-O followed by Control-X. That will save the file and exit the text editor.
Now, we need to do the same thing for PHP. First, back up the original PHP configuration file:
sudo cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.bak
Open the configuration file:
sudo nano /etc/php5/apache2/php.ini
Change “expose_php = On” to “expose_php = Off”
Again, press Control-O followed by Control-X. Now that the configuration files are updated, restart Apache:
sudo /etc/init.d/apache2 restart
You are done setting up Apache, MySQL, and PHP.
6. Install a Firewall
We now are going to lock down our server a bit more by installing Shorewall, a command-line firewall. To install it:
sudo aptitude install shorewall
By default, Shorewall is installed with no rules, allowing complete access. However, this is not the behavior we want.
Instead, we’re going to block all connections to anything other than port 80 (HTTP) and port 22 (SSH). First, copy the configuration files to the Shorewall directory:
sudo cp /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall/
Now, open the “rules” file:
sudo nano /etc/shorewall/rules
Add these lines above at the bottom on the page. As you can see I also add port numbers “10000 & 443” which you need to open if you are going to use webmin. otherwise you don’t need to open them!
ACCEPT net $FW tcp 443
ACCEPT net $FW tcp 10000
ACCEPT net $FW tcp 22
ACCEPT net $FW tcp 80
Then press Control-O and Control-X. Your firewall is now configured to only accept HTTP and SSH traffic. The last thing we need to do is tell Shorewall to start on boot. So, open up the main Shorewall configuration file:
sudo nano /etc/shorewall/shorewall.conf
Scroll down to “STARTUP_ENABLED=No” and set it to “STARTUP_ENABLED=Yes”
Press Control-O and Control-X. Now, open the Shorewall default configuration file:
sudo nano /etc/default/shorewall
And change “startup=0″ to “startup=1″. Press Control-O and Control-X. Finally, start your firewall:
sudo /etc/init.d/shorewall start
Congratulations! Your firewall is now set up and protecting your server.
7. Add Your Website to Your Web Server
Now that you’ve got everything all set up, you’d probably like to add a website to it. By default, all of the files Apache serves up to the internet are located at “/var/www/”. However, you cannot write to this folder. Let’s make it so you can:
sudo usermod -g www-data [YOUR USERNAME]
sudo chown -R www-data:www-data /var/www
sudo chmod -R 775 /var/www
What happened there was you added yourself to the “www-data” group, and made the website folder writable to the members of the “www-data” group.
Now, you’re going to log into your server using SFTP (not to be confused with FTPS). Some clients that support SFTP are:
WinSCP (Windows, Free), my personal favourite, FileZilla (Windows, Linux, OS X, Free) and Cyberduck (OS X, Free).
Connect to your server using your username and password, and, if your client supports it, a default path of “/var/www” (if it doesn’t, simply browse to /var/www once you have logged in):
You may now add your files to this folder (/var/www) and they will show up on your server when you browse to it with your web browser.
Now, you may wonder why we’re using SFTP instead of FTP. Mainly, because SFTP is already built into OpenSSH (which you installed earlier). However, it is also a lot more secure than FTP, and makes it difficult (if not impossible) for malicious users to gain access to your login credentials.
8. Make Your Server Accessible to the Internet
Most modern home networks are behind a router these days. Because of this, your web server will not be visible to the internet without a little work. As I don’t have every router available to test with, I can only give you general directions in this area.
There are two ways to open your server up to the internet: a DMZ or Port Forwarding. The main difference you’ll notice is that with a DMZ, your server uses the firewall we installed earlier to protect itself. However, with Port Forwarding, your server will be protected by your router’s firewall.
However, before we go on, you’re going to want to give your server a static LAN address. To do that, login to your router, and look for something along the lines of “Static IPs” or “Static Routing”. After you have given your server a static LAN address, you can do these next parts. Remember, Google is your friend.
To port foward, there is an excellent website, PortForward.com that, while ugly, can help you get the job done for almost any router. The ports that you want to forward be 22 and 80.
To create a DMZ, you need to login to your router and look for something like “DMZ settings”. Once you find it, add your server to the DMZ, and you’ll be set. Again, Google is helpful in situations like this.
Now, find your public IP, and voila! You can access your server from anywhere as long as your IP doesn’t change.
9. Managing Your Server Remotely
Besides allowing you to upload files, OpenSSH allows you to login to your server from anywhere as long as you know its IP. For Windows, you’ll need an SSH client. I recommend Putty. For OS X, SSH is already installed. Simply open up Terminal, and type “ssh you@yourip“. For Putty, choose SSH, and put in your IP, username, and password when it asks for it. You’ll notice that, once you login, it looks exactly the same as the screen on the server:
You can do anything from here that you would do actually sitting at the server. To logout from the server, simply type “exit” and hit enter.
10. That’s it!
You now have a completely functioning web server. It makes for a great testing ground, and would even be suitable to host websites with fairly low traffic. There is obviously a lot left to be learned, but hopefully you have gained a little insight into how web servers work.
If you’d like to read more on the topics I covered, here are some great guides:
- Installing Software
- Setting Up Apache, MySQL, and PHP
- Shorewall Configuration Guide
- How to Port Forward