360 likes | 579 Views
Chapter 4- Server Configuration. Free Powerpoint Templates. Objectives. Choosing Web Server software Customizing your web server Controlling access Secure socket layer configuration Virtual hosts. Lab 4.1 Choosing Web Server Software. Web Server Machine, that machine is our web server
E N D
Chapter 4- Server Configuration Free Powerpoint Templates
Objectives • Choosing Web Server software • Customizing your web server • Controlling access • Secure socket layer configuration • Virtual hosts
Lab 4.1 Choosing Web Server Software • Web Server • Machine, that machine is our web server • Refer to software running on a machine • 3 famous Web Servers • Apache • Microsoft IIS • Netscape Enterprise Server • Others
Apache • Open Source • Multiple Platforms (UNIX and Microsoft) • Very powerful and configurable • Uses configuration files • Httpd.conf
Apache Configuration • All configuration through configuration files • Directives define options • Directives are organised into sections: • Directory • DirectoryMatch • Files • FilesMatch • Location • LocationMatch
Microsoft IIS • Easy to use, GUI oriented • Closed-proprietary • Microsoft Management Console • Extendable through ISAPI • DLL • ASP • Support for FrontPage extension
IIS Configuration • IP address • TCP port • Home directory • Execute • Virtual directory • Default document • Directory browsing • Authentication control • Application mappings • Redirect to URL
Netscape • Offers two Web servers • The Netscape Fast track Server • For small business or a workgroup Web Server • A scaled down version of Netscape Enterprise Server • Provides for small number of users publishing information • Netscape Enterprise Server • Designed to support hundreds or even thousand of users • Available for Windows NT and UNIX
Other servers • Java Web Server • Server written entirely in Java • Stronghold Server • Developed by C2Net is a secure server based on Apache • Mostly widely used SSL Web server for UNIX • Website • Developed by O’Reilly Software • Provides excellent server-side programming support • Good administration tools, security and other features not found on IIS
Evaluating Server Software • Evaluate your OS • Evaluate the performance benchmark • Important to find out as much about each server as possible • How much can you sped? • Has the server been thoroughly tested in real-world situations • What’s more important: ease of use or speed and flexibility
Installing a Web Server • In most cases you can download Web Server software from the publisher • Once you’ve downloaded, you might need to uncompress • Once you’ve got an executable to run, run the installer program • Aside from choosing which directory to install the server in , you shouldn’t have to answer too many configuration questions during the installation
Why Web Server software installation unsuccessful • No enough free disk space or RAM • Installation program has to run as a certain user • Make sure that you have permission to the directory in which you are installing the server • Responded to one of the installer’s questions incorrectly • One of the default answer was inappropriate
Solutions for Web Server • Install a patch or service pack before installing • Make sure to have the latest and correct version for the OS • Check the Technical Support • Free technical support • Available for demo versions
Lab 4.2 Customizing your Web Server • Configuration tools for the Web Servers • Apache no management console application • IIS provides a special configuration tool through a MMC snap-in module • Netscape provides a Web-based administration tool accessible through any browser • Control the behavior of the Web Server • Apache directives • Microsoft properties • Netscape resources
General server options • These options are global to the entire server, or at least to a specific HTTPD on the server • User and Group- the owner of the Web server process • BindAddress(IIS:IP Address). The HTTPD listens for connections on this IP Address • Port(ISS:TCP Port. The port option specifies which port the HTTPD should listen to. Port 80 is used
Directory Options • These options are used to specify the attributes of specific directories • DocumentRoot • UserDir • ScriptAlias • Alias • DirectoryIndex • Indexoptions, Indexes, and FancyIndexing
Access Control • The following options are used to restrict access to your site, or particular directories • AuthUserFile • AuthGroupFile • Require • Allow and deny • Other options • AddHandler • Redirect
Lab 4.3 Controlling Access • In order for your Web server to make documents available to clients • UNIX and NT offer the ability to control access to files and directories • This ability is governed largely by the file system
User Access • Most documents on your Web server will probably be available for anyone to read • It is possible, to restrict access to certain pages • HTTP offers a simple authentication protocol used to require a username and password in order to access resources in the server
User Access-2 • Basic authentication- little security • Digest authentication- relies on MD5 checksums to ensure integrity but it isn’t very secure either • The best way to ensure secure authentication is to use HTTPS
User Access-3 • The basic procedure for enabling user authentication is the same on most Web servers. • Determine which resources need to be restricted • Determine users and groups • Create users and groups • Apply restrictions to resources(files and directories)
User Access-4 • Steps describes as: • Evaluate the content • Determine which directories or files requires authentication • Determine a list of users and/or groups that should allow to view this resources • Depending on the Web server • IIS—create user account on OS • Netscape and others- create user accounts for your Web server using the server administration tools
User Access-5(continue) • Apache-requires password and group files containing information about usernames, passwords and groups • Assign access permissions to your Web resources
Host Access • There are situations when denying access to your server from a particular host or domain may be desirable. • The default for most servers is to allow access from any hosts. • To block access from a single host you just need to change a single options, and only that host or series of hosts will be denied access
Lab4.4 Secure Socket Layer Configuration • By default, HTTP is not a secure protocol • The contents of a normal HTTP transaction are not encrypted • Easy for interception and can view unencrypted transactions
Secure Socket Layer (SSL) • The most popular encryption protocol on the Internet • Was developed by Netscape • Not limited to Web transactions, however it has been used by other applications that need to transfer data securely over a network
HTTPS • Is normal HTTP wrapped in SSL • Supported by Netscape and Internet Explorer • To provide secure transactions for your site, you will usually need to configure an HTTPS server that runs alongside your normal HTTP server
HTTPS • A URL to a resource on an HTTPS server uses a slightly different naming convention than do normal URLS • Instead of the Http prefix, Https is used • Instruct the browser to attempt to a secure connection to the server • Connect to the server at port 443
Certificates • Document that contains information about your site • A certificate authority digitally signs a certificate • CA is a mutually trusted organization that issues and verifies certificates • When a secure transaction initiates between a client and your server, the client receives a certificate
CA is typically a well-known, trusted organization • Two most popular CAS • Verisign • Thawte
How to obtain certificate • To give well-known CA information about your company and hosts • You need to provide a letter of authorization, proof of your organization’s name, and proof to use your domain name • Need to provide a certificate-signing request that contains the public key for your Web server • Once the CA processes your request and verifies your information, they generate a certificate.
CA Problems • They charge money for certificates • Some CA-issued certificates expire • Must be renewed each year for an additional cost • Verisign and Thawte offer trial certificates that can be used to test the functionality of your server, but they are only good for a short amount of time
Lab 4.5 Virtual Hosts • To the average user it may seem that a separate machine is needed to host each domain • Virtual hosts • Since domain name simply points to an IP address, a server can host many domains
Two types of virtual hosts • Name-based • Doesn’t have a unique IP address • IP –based • Can have many names pointing at it • Have unique IP addresses • Instead of relying on the HTTP headers to determine the destination, the HTTPD just listens for requests on a particular IP address