Thursday, January 17, 2013

How to build your own Webserver with Ubuntu Server 11.04 ("Natty")

If you have an old Windows-compatible PC lying around, it's a fun and educational exercise to set it up as a web server. It's also not too difficult if you have a guide such as this one to hand, and it doesn't matter if the PC is pretty old.  A laptop will work just as well as a desktop.  You could even use a virtual machine running on your main PC, via something like VMware Player (which is free).  But for the purposes of this exercise I'll actually be using a separate, spare desktop PC.
If you're undertaking such an exercise, a server-oriented version of Linux is a good choice for the operating system. Why server-oriented? Because the added GUI desktop is totally unnecessary. And why not Windows? Because, unless you have a spare copy of Windows Server around, you’ll be limited in the number of simultaneous connections your server can support. And Windows doesn’t run very well on old hardware anyway.

The one thing you really need to check is that your chosen computer has a built-in Ethernet connector on the motherboard. If its networking capability comes via a USB or PCMCIA plug-in adaptor instead, chances are that it won't work without you getting involved in some substantial fiddling, and searching for drivers that may or may not exist.  Trust me, it's probably not worth the bother.  But as long as the PC has a built-in Ethernet port, you should be fine.
I'm going to use Ubuntu Server 11.04 (codenamed "Natty Narwhal")  for this project. It’s ideally suited to the task, and it (and all the other components we’ll be installing) is available totally free of charge. So if you fancy giving it a go, read on. 
Once you have followed this document, you’ll have a working Web server onto which users can safely and securely upload files via ftp. You’ll also have Webmin installed, for remote admin functionality, plus Webalizer for generating web usage stats.  And you’ll be able to host PHP/MySQL sites too.
Once the server is up and running, we'll install the telnet system on it so that you can access it remotely over your LAN.  Therefore, there's no harm in installing your new server in a hard-to-reach location, because you won't need to physically access it very often.
Ubuntu Server doesn't have a GUI and doesn't need a mouse so, if your PC has one that you can unplug, do so before you start.  There's no point confusing the OS by having it look for drivers for devices that it can't use. Incidnetally, if you'll be using a USB keyboard, it helps to change the computer's BIOS setting and enable USB legacy device support before you start.  This helps to ensure that Ubuntu Server can boot correctly once installed.
Note that commands you need to type are in a bold, red courier typeface like this.

Before we start, one important word about security and firewalls.  Assuming your new web server is connected to the internet via your broadband router or somesuch, it won’t be accessible to the world in general unless you change your router's firewall settings in order to allow incoming connections on port 80 to be directed to the server.  Unless you do that (look up NAT, or Network Address Translation, in your router's documentation), your web server will only be accessible within your LAN, ie from other PCs in your home or office.  While it can be tempting to open up your firewall and make your web server available to the world, you should think very carefully before doing so.  The risk of someone hacking the server is high.  Running your own web server is a fun, educational project, and very handy for testing new stuff within a closed environment.   But hosting externally-available web sites yourself is not a sensible idea.  It's best left to professional hosting companies, who can cope better with the security and capacity implications.  So don't cancel your web hosting subscription just yet.

First Install the OS

Assuming you've found some suitable hardware, and you don't mind wiping its hard disk, get hold of Ubuntu Server 11.04.  You can download it from as a .ISO file which you then burn to a blank recordable CD.  Make sure that you get Ubuntu Server, and that it's v11.04.  You'll need an 80-minute, 700 MB blank CD.  If you only have a 74-minute, 650 MB one, it won't work because the .ISO file is too large.  A DVD won't work either - the image file is designed for use on a CD only.
Once you've burned the CD, boot your spare PC from it.  When asked, choose your language, then choose the "Install Ubuntu Server" option.  If your spare PC isn't connected to the internet at this point, then it's a good idea to do so, as Ubuntu will want to download and install things.  Use a cable connection to your router.  Even if the PC has wireless capability, it's unlikely that Ubuntu will work with it, and certainly not until you've located and installed the right drivers.  Which is not something that this document will cover.
Follow the on-screen prompts to configure your language and keyboard.
When asked, name your machine. I called mine webtest, but the precise name that you choose doesn't really matter.
You'll be asked how you want to partition your hard disk.  Choose "Guided - use entire disk".  If you know what you're doing and particularly want to use it, then choose the LVM option or something else.  If you don't know what LVM is, you don't need it, and the above-mentioned choice is your best option.
Once you've accepted and confirmed your choices, the hard disk will be formatted and Ubuntu Server will be installed.  If there was anything on the drive that you wanted to keep, and didn't back up, it's now too late!
You'll next be asked to enter the name and username for a user-level account that will be created.  You'll also need to choose a password for the account.  This username and password is the one that you'll mostly use to log into your server in order to administer it.  At this stage there's no root (administrator) account, but we'll come back to that later and set one up.
Make sure you make a note of the username and password that you've chosen at this stage.
Next you'll be asked whether you want to configure your home directory for encryption.  Unless you particularly plan to use this server to store confidential information that needs to be hidden from the eyes of anyone who might steal the machine, say no.  We want to keep this system as simple as possible.
Next, you can enter details of an http proxy.  If you're not aware that you have one, or that you need to enter its details, then you don't need to enter anything here.
Next, you'll be asked about how best to install security updates.  Unless you particularly don't want to, choosing the option to have Ubuntu install security updates automatically is the best option.
Next, you need to specify which components to install.  This is going to be a web server running Linux, Apache, MySQL and PHP, commonly known as LAMP.  So you simply need to choose the LAMP Server option.
Next, you need to choose a root password for the MySQL database system.  You'll need this to log into MySQL in order to administer your databases on the server.  You'll also need it when you're writing PHP code that requires access to a database.  As with all passwords, make this one as complex as you dare.  The security of all your web-based data depends on it, although of course your server will not be accessible from outside your LAN unless your firewall allows it.
Next you'll be asked whether to install the GRUB boot loader.  Assuming that you're setting up your server on a machine that doesn't have any other installed operating systems, say yes.  Otherwise, eg if you're installing Ubuntu as a virtual machine on a computer that's also running Windows, follow the on-screen suggestions. 
That's the basic Linux installation over. Remove the CD when prompted and the machine will restart. If you don’t see a login: prompt after 5 minutes or so, press Return a couple of times and one should appear. Remember that this is a server installation so there's no pretty graphical interface.
At the login: prompt, log in with the username and password you created earlier.
Once you log in, you'll see a handful of statistics and figures such as system load, memory and disk usage, etc.  You'll also see the server's IP address listed, probably under the heading of "IP Address for eth0".  Assuming that the server is plugged into your router, and that your router has the ability to issue IP addresses to new devices (a facility known as DHCP), this address will have been issued by the router automatically.
If the stats aren't shown, type ifconfig and look at the "inet addr" setting for eth0.
From now on we'll assume that your server is using IP address Whenever you see this address mentioned below, substitute the correct address for your server. Later on, we'll set it to something more permanent.

So far, we’ve only got one account set up. We also need to set a password for the root (ie, administrator) account for when we need to do things that require root access. So type sudo passwd root, specify your current password when asked, then choose a password for the root username.

Linux doesn’t normally allow you to log in as root directly so if/when you need to use your root privileges, log in with your normal user account and then type su, then enter the root password when prompted. In case you're wondering, it stands for super-user. If you ever forget who you’re logged in as, the whoami command will tell you. Or look at the command prompt, which will end with $ for a normal user and # for the root user.

Some Useful Commands

Here are some useful commands to get you started, now that you’ve got a usable Linux system:
shutdown –h now turns off the computer (h means halt)
shutdown –r now reboots the computer (r for restart)
exit logs you out. You’ll need to do this twice if you used su. Remember that the web server is still running when you log out, so web/telnet connections to it will still work just fine. There’s no need to remain logged in all the time.
ls shows a directory listing (that's LS).

ls –la shows a better one (that's LS -LA).

cd / switches to the top-level directory.

cd dirname switches to the specified directory name, eg cd /etc.

clear clears the screen, like cls does in Windows.

cat is the linux version of the Windows "type" command if you want to display the contents of a text file.

rm deletes a file

cp is the linux equivalent of the DOS/Windows copy command.

find / -name xyz.ext will search the entire system for a file named xyz.ext

pwd (print working directory) tells you which directory you’re currently in

Within an ls –la directory listing, lines that start with a "d" are directories (folders), otherwise they’re files. The other characters at the start of the line (such as rwxr--rw-) tell you who has permission to read, write, and execute the file. A google search for chmod will tell you how to understand and change these.

Get Updated

Now we need to scan the internet for any important updates.  Start by using the su command,  because you need to be root in order to do this.
Type apt-get update to update the catalog of possible updates.
Then type apt-get upgrade to download and install any that need installing.  You may find that the server asks you to restart it one or more times during the installation of the updates.

Note that apt-get may not work if your internet connection goes via a proxy server. Even if you entered the name of a proxy server when you first set up the machine and configured it with an IP address, apt-get doesn’t take any notice.
To fix this, type export http_proxy="", specifying the address and port number of your company’s proxy server. Then try the apt-get again.

Test Your Web Server

You now have a basic working web server, although we’re not finished yet. There are plenty more things we need to install and set up.  But you can test that everything is working by typing the server’s IP address into a web browser on another machine on your LAN. You should see a basic web page with the default content, which will be something like "It works!".  Depending on your web browser, you may need to add http:// at the start of the address, eg

Install the Telnet Server

Next we’ll install a telnet server program, so that you can connect to your new server remotely over the LAN in command-prompt mode without the need to actually be seated at the server itself.  You'll need to be logged in as root for this, so su yourself if necessary.
Type apt-get install telnetd

This will download and install the telnet server.
You can now log out by typing exit (you'll need to type it twice because you used the su command, and the first time just takes you back into non-root mode).  You should find yourself back at a login prompt.

Everything you do from now on can be done remotely via telnet, which makes things easier.  You won’t need physical access to the server again unless something goes wrong, or when you need to turn it back on after ashutdown command.

To access your server, type telnet (or whatever the IP address of your server is) from a command prompt on any machine on your LAN and you’ll get a server login prompt. You can do this from Windows or Linux or even a Mac.
Note that recent versions of Windows (Vista onwards) don't have telnet available by default, but you can enable it easily enough from the control panel.  Look for the "turn Windows features on or off" option.
Note, too, that while telnet is the simplest way to connect to a remote text-based Linux server, it's not the most secure.  If you're going to be allowing your server to be accessible through your firewall to the world in general, investigate the use of the ssh (secure shell) system instead.  But for now, telnet will suffice.

The ftp server and Web User accounts

Next, we need to install an ftp server so that people can upload html pages to your new web server. An ideal tool for this particular job is proftpd (that’s Unix-speak for the Pro FTP Daemon).

If you're not already there, telnet to your server and type su to get root access. Or you can work on the server directly if it’s easier, of course.

We need to take a little care to set up the ftp server in a reasonably secure manner, even though this is only for test or educational purposes. We need to ensure that a user who logs into the ftp server in order to upload web pages can’t browse the entire server but is locked into one directory. Also, we need to ensure that a user who has an ftp username and password with which to upload web pages can’t use those credentials to access the system via telnet, as that would grant them far too much power.

Type apt-get install proftpd to download and install the ftp server. You’ll be asked whether to choose an inetd installation or standalone. Choose inetd.

The basic ftp server is now up and running, and you should be able to log into it with your non-root account. Just use any ftp client program, and go to the IP address of your server (eg   But we still need to set up an account that will allow someone to upload their web pages without having access to any other parts of the system.

First, switch to the /etc directory by typing cd /etc. We need to edit the file called shells, which contains a list of the various command shells available (rather like cmd.exe if you're more used to Windows) and add a new line that says /bin/false to the file. Then, when we set up a new user account for our web user, we’ll configure their account so that /bin/false is their command shell. Because there’s no such shell, they won’t be able to log in with telnet.

Type vi shells to edit the file.   You’ll now find yourself facing vi, undoubtedly the worst text editor ever invented. But without a GUI on your server you have little choice. Plus, it’s very handy to know the basics of vi because it's part of every Linux and unix system. Later on, we'll install Webmin, which has a much better editor built in.  But for now we're stuck with vi.

To sum up vi in a paragraph: To move the cursor up, down, left and right, use the k, j, h and l keys (I told you it was bad). To delete the character under the cursor, press x.   To enter text insertion mode press i, and to return to editing mode press Escape.  If you mess up, type :q! and press return to abandon vi. If you manage to make your edits work, type :w to save the file and then :q to quit vi.
Use the cursor keys to move the cursor to the start of a new line, then press i to enter insert mode. Press Return to insert a new line, and add /bin/false as a new line in the file. Press Esc to leave insert mode, save the file with :w then exit vi with :q and you’re done.
Type cat shells to check that the file seems OK.

Each user has a home directory which contains their various files. It’s like My Documents in Windows and normally it resides in the /home directory. For web users, rather than setting their home directory to be somewhere within /home we’ll put it under /var/www, which is the root of the web server. Files under /var/www are served by the web server (apache) and sent to visitors' web browsers.  Files that aren't within /var/www are not accessible in this way, so there's no point in web site authors putting them anywhere else.  Such users have no need for a directory within /home, as they won't be creating work that is only for use within the server and which won't need to be shared with anyone else.

Let’s make an account for a user called webuser1 with a password of flintstone. These are the steps that you need to do for each web user account you want to create:

cd /var/www
mkdir webuser1
useradd webuser1 –p xxxx –d /var/www/webuser1 –s /bin/false
chown webuser1 webuser1
passwd webuser1

Then, when asked, choose flintstone as the password.

Note that xxxx above is your root password, NOT the one that you want to assign for the webuser1 account.

Also note the chown command which changes the ownership of the webuser1 directory from root (which created it) to webuser1. If you don’t do this, webuser1 won’t be able to upload files.

Verify that you can’t telnet to the server using the webuser1/flintsone account. The connection will start, but will immediately exit again.

Now create a simple index.html file and use ftp to upload it, using the webuser1/flintstone account. Then surf to from any machine on your LAN and you should see the uploaded page.
We now have a working web server with an ftp server, and the above-listed set of commands allow you to create new user accounts for your web server.
Before we leave proftpd, there are a couple of changes that we need to make to its configuration file in order to improve security and make things neater.

Type cd /etc/proftpd and then vi proftpd.conf to edit the config file. Move the cursor up and down with j and k until you reach the DefaultRoot line, and remove the # symbol from the start of the line by pressing the x key. This will lock all ftp users into their home directory (eg /var/www/webuser1) and won’t let them view files that are further up the tree. Without this step, our webuser account holders could use their ftp software to browse the entire server's directory structure.
You may also wish to change the ServerName entry from Debian to the name of your server, to make the welcome message more relevant. With vi, remember that typing i puts you into insert mode, for typing text, and Esc then puts you back into command mode from where you can type :w to save the file and :q to quit vi.


Now that ftp is working, let’s install Webmin so that we can remotely administer the server from anywhere on our LAN via a web browser. It’s more fun and friendly than using telnet, and a great way to explore the machine.

First, make sure you’re logged in as root (via your normal user account and su) then type the following 3 commands.  Make sure that each one has finished, and you're back at the command prompt, before typing the next:
sudo dpkg -i webmin-current.deb
sudo apt-get -f install
You'll get some error messages after step 2.  That's normal.  Step 3 fixes the problems.
Webmin should now be installed and running.  From another machine on your LAN, surf to and log in as root, using your server’s root password. Note the https bit – it won’t work with plain http. Also note the :10000, which is essential.  Ignore any warning from your web browser about a missing SSL security certificate – you can trust this server unconditionally because it’s yours. 
Webmin is a hugely powerful, free tool that allows you to manage, administer and examine every aspect of your server via a web interface, so feel free to explore it. 
Possibly the most useful part of Webmin is the file manager, which also lets you edit files. You’ll find it in the “others” category of the left-hand menu, though be aware that you need Java installed on the computer from which you're accessing the server (not on the server itself) in order to make the file manager work.


Now we’ll install Webalizer, which is a great tool that produces graphical stats to show your web site usage. Even if you’re only using your server for test/educational purposes, it’s useful to be able to see the sort of stats that are available with such programs.

To install webalizer type apt-get install webalizer
You need to tweak the Webalizer config file before the program will work.
Type cd /etc/webalizer then vi webalizer.conf and delete the .1 from the end of the LogFile entry. It's around the 25th line of the file, from the top.
Webalizer produces its reports by analyzing the Apache web server log file on a regular basis. To make it do this, you need to set up what’s called a cron job (the Linux version of a Windows scheduled task) in order to run /usr/bin/webalizer regularly. Every 15 minutes should do nicely, and the easiest way to do this is via Webmin.

Go into Webmin via from another PC and, under the System category, click on "Scheduled Cron Jobs". Then click "Create A New Scheduled Cron Job".

Choose to execute the job as root. The command to execute is /usr/bin/webalizer. Click on "Times And Dates Selected Below". Under the minutes, tick "Selected" and choose 0, 15, 30 and 45. For hours, days, months and weekdays, select "All".

Now click the Create button and close your web browser. After 15 minutes or so, surf to and you should see the reports and stats. Wait another 15 minutes and you should see an updated version.


Now we need to make PHP and MySQL work, to ensure that we can host not just static html sites but also dynamic database-driven ones. PHP should already be working just fine, so we need to test that. Create a file called test.php which contains:

echo “this is a test file”;

Upload it using the webuser1 account. Surf to and check that you see a web page containing just the message “this is a test file”. If it works, PHP is working on your web server.

To allow users to create database-driven sites we’ll install phpMyAdmin, which is a graphical web-based tool for managing MySQL databases. It’s best if we don’t allow web users to create their own databases, but we do want them to be able to manage the databases that we set up for them. PhpMyAdmin will work for both of these tasks. IE, for us to create databases and for our web users to maintain the tables within their allocated database.

As root, type apt-get install phpmyadmin

When asked which web server you’re using, choose apache2.
You'll be asked whether you want the system to set up a config database with dbconfig-common.  Say yes.
Next, you'll be asked for the MySQL root password, which phpMyAdmin needs in order to connect to the database server.  You specified this earlier, so go back to your notes and find it.
Next, you'll be asked for a password for phpMyAdmin to register with the database server.  Just leave this blank and select OK.
Once everything stops, and you're back at the command prompt, switch back to a different machine on your LAN (you can safely log out of the server if you wish - everything keeps running, and your server is remotely accessible even if you're not logged into it) and surf to  Log in with a username of root and the MySQL root password (not the server root password). 
For each user who has an ftp account on this server in order to upload web pages (eg, webuser1), we now need to grant them access to a database and to phpMyAdmin.
On the front page of phpMyAdmin, click the Privileges tab.  Then click "Add A New User".  In the User Name field, change the drop-down box to Use Text Field and enter their username (webuser1 in this case).  In the next box, change the Host drop-down to Local, so that localhost appears in the box to the right of it.  For "Password", choose "use text field" and assign them a password. This will be used for webuser1 to log into phpmyadmin, and they’ll also use it in their PHP code in order to connect to their database (using a host name of localhost). It’s up to you whether you make it the same as their ftp password (flintstone). In this example, let’s set the password as barney.

Click "Create database with same name and grant all privileges", then click the Go button and all the hard work will be done for you. A database called webuser1 will be created, with permission for the webuser1 account to do everything except creating new databases.

Log out of phpmyadmin (just close your browser), and then log in again. This time, use a username of webuser1 and a password of barney. You should see only the webuser1 database and no others, and you should find that you can create tables on the database but you can’t create new databases.

You may also find that you can see a database called information_schema as well as your webuser1 database. However, this is harmless and can be ignored – it’s not a security risk.

Changing to a Static IP Address

We're almost done, but there's one more task.  Your server probably has an IP address which was issued to it by your network's DHCP server (probably your router).  This is not ideal, because there's no guarantee that the server will always have this IP address.  If you reboot or replace the router, it might well issue a different IP address.  And for a server, whose address you need to know in order to connect to it, that's not ideal.
By editing a simple config file you can tell your server to use a static IP address, ie one that never changes.  However, you need to make sure that the address you choose is outside the range of addresses that your DHCP server is configured to issue. Otherwise there's a chance that 2 devices on your network might end up with the same address, and that will cause all sorts of problems.  So log into your router, go into the DHCP server settings, and look up the range that it issues.  One common scenario, for example, is that your local network uses 192.168.1.x, the router is on .1, and the DHCP server is configured to  issue addresses from .30 to .50.  In which case, you could use .60 for the server.  So that's what we'll do.
Log into the server, then type su to give yourself root privileges.
 Now type vi /etc/network/interfaces to edit the network config file.
There's probably only one wired ethernet network connection, and it's probably labelled eth0.  So you should see something like this in the file:
auto eth0
iface eth0 inet dhcp
This confirms that the network interface is currently set to use DHCP.
Change dhcp to static, so that the line reads iface eth0 inet static.  Then add the following 3 lines underneath:
If the netmask on your LAN is different, then enter the correct one.  Equally, if your gateway (the address of your router) is different, amend the line accordingly.  Assuming there's a Windows PC on your LAN, you can normally find out both of these settings by typing ipconfig /all from a Windows command prompt.
Save the file (type :w then :q) and then reboot the server by typing shutdown -r now. You should then find that you can now telnet to the machine at its new, permanent IP address.
And that's it. You now have a fully working web server that you can use for test, development and training purposes.  Have fun.
Now that you have a web server at your dispoal which is capable of hosting PHP/MySQL sites, all you need is a way to find out how to create such things.  In which case, check out, which is a 350-page ebook, written by me, that tells you all you need to know.  You can purchase the downloadable PDF version via PayPal, or browse it on-screen for free.


Post a Comment