How to make a PC into a web server

B

biru32

Limp Gawd
Joined
Jun 15, 2003
Messages
164
I have a PC that I would like to make into a simple web server to host my web sites so that I don't have to buy server space.

Can anyone give me the basics on what I need to do in order to make this happen? I have Apache software, Windows XP available to run.

What about registration of my IP address, domain name, etc?

Thanks!
 
You can buy a domain name anywhere, I prefer godaddy.net

You can also get some free ones at no-ip.com

If you have a static IP you should be okay, but if it's dynamic you may run into problems with an ever changing IP address every time you reboot etc.

Apache is easy as hell to set up, tons of sites out there.

Everything you need goes in the htdocs folder, while your settings are in the httpd.conf
 
How can I tell if my IP is static or ever changing?

Can you recommend a good Apache tutorial site?

How about security?
 
What kind of internet connection do you have, if its DSL its probably dynamic. If you have cable it will probably stay pretty static.

I would suggest just using IIS, it would probably be easier for you to setup and use since its built into Windows.

As far as security if you get a simple router with a built in firewall you should be fine. Just make sure to keep up to date with patches and antivirus.
 
I have a cable connection. I'm using a router. IIS comes with the Windows XP professional OS doesn't it?

How long does it take to have a domain name setup?
 
Good then you are pretty set here is what I would do in your situation...

1. Go to http://www.godaddy.com and register the domain you want.
2. Go to http://www.everydns.net and sign up to use their free DNS service
3. Setup the DNS at everydns to point to your public IP address and the domain name
4. Go back to GoDaddy and point to the everydns's nameservers
5. on your computer go into DNS and add an A record to match the ones you created at everydns
6. Forward port 80 on the router to your internal IP address
7. Move all your web site files to the inetpub DIR

From there it should take 24-48 hours for all the DNS to start propagating. So don't worry if your site doesn't work right away.
 
Thanks SnowPunk98 for the line by line instructions! Now for a real dumb question: How do I check my IP address on my computer?
 
Sorry, I have another question. What do you mean by: "on your computer go into DNS and add an A record to match the ones you created at everydns"

How do I go into DNS on my computer? Where is it located?

Thanks again.
 
to get your internal IP open up a command prompt (start -> run -> cmd -> ok) and type ipconfig. That will show your internal IP address. To get your public IP address you will need to get to your router configuration page (usually 192.168.1.1) and log in then find where it shows you your IP.
 
Not sure if you have DNS isntalled but you may not even need it on your computer. Try just diong everything but that for now.
 
Thanks! I'll try all this this weekend and let you know how it goes!

[H] Rocks.
 
Alright, I do have an interesting question. Why aren't you able to get your own domain name out of your creativity? www.roflmaodoodomfglolk.com <-- That's creative. Why do you have to *pay* for that? Since you will be maintaining your own website, you should be maintaing your own domain name and everything. Just make one up. Is there any sort of history to this?

-J.
 
SnowPunk98 said:
Good then you are pretty set here is what I would do in your situation...

1. Go to http://www.godaddy.com and register the domain you want.
2. Go to http://www.everydns.net and sign up to use their free DNS service
3. Setup the DNS at everydns to point to your public IP address and the domain name
4. Go back to GoDaddy and point to the everydns's nameservers
5. on your computer go into DNS and add an A record to match the ones you created at everydns
6. Forward port 80 on the router to your internal IP address
7. Move all your web site files to the inetpub DIR

From there it should take 24-48 hours for all the DNS to start propagating. So don't worry if your site doesn't work right away.
Click to expand...


Alright, I finally got around to doing this. YES! My 2nd computer is acting like a server right now. However, I setup IIS and that's it. It seems way too easy. I have the server running through a router. Is this secure enough? I don't and won't have any private or sensitive information on that computer. Just the OS, and whatever web sites are there.

One more thing: I'm behind a firewall at work and I tried to access my server here at work by typing in my IP address, and I'm getting an error. Is this common when attempting to access a server via an IP address?

I'm sure I'll more questions later, but thanks for ALL of your help up to this point!

[H] rules!
 
You have to open a port through your firewall to the webserver. Port 80 is the one to pass through (assuming you've done the default config, otherwise you probably know what port you picked).

Check the particulars of your router manual for that.

Now, for IIS: You've gotta be paranoid like the Soviets on that puppy. The firewall/router does not protect you from http attacks, because you're making that server public. Go get the IIS Lockdown tool and run it, then find the MS Baseline Security Analyzer and run it / grab downloadable patches; finally, never sleep well at night.

Or just run Apache. I don't like to rag on MS for the heck of it, but I would never run IIS in a home environment. It's just too much hassle/risk.
//edit: To be fair: you must monitor Apache, too, and patch it as necessary. However, Apache/Win32 exploits are like Linux viruses. They exist, but it's such a small segment of the population that nobody cares enough to write them.

Besides, the Apache httpd.conf is very well documented. It's not hard to read through it and figure out the settings (really, just pick your document root and fill in the IP address. That's about all that's needed off the bat).
 
GeForceX said:
Domain registration question
Click to expand...
It's really paying to have exclusive rights to the domain. Under your approach, 3 billion people could all make "microsoft.com" their domain. I trust you see how/why that breaks down.
 
Alright, what's going on now? I have two other computers at home that I tested my server on and they both accessed the web site I have on there just fine. Now, today, I asked a friend to try to access it from his home and he's getting a page not displayed error. He's not behind any type firewall or anything like that, just a home computer.

Anyone know why this is happening. This whole server thing is getting annoying! :confused:
 
two posts up (well, three from this one)
You have to open a port through your firewall(router) to the webserver. Port 80 is the one to pass through (assuming you've done the default config, otherwise you probably know what port you picked).
Click to expand...

You really ought to read what I posted there re: IIS as well.
 
I never ran IIS, always used apache but from what I hear all the crap ive seen in my error logs are IIS hacks.

ill post a few pretties,
[Wed May 26 11:42:19 2004] [error] [client 66.139.216.42] request failed: URI too long
There are about 100 of those.

[Mon Apr 19 15:39:10 2004] [error] [client 67.167.171.187] File does not exist: c:/webpage/htdocs/msadc/root.exe

[Wed Oct 22 20:56:20 2003] [error] [client 67.160.196.12] File does not exist: c:/webpage/htdocs/scripts/..Á/winnt/system32/cmd.exe

[Thu May 06 18:43:22 2004] [error] [client 66.120.119.62] File does not exist: c:/webpage/htdocs/_vti_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
Click to expand...
 
If you are running IIS then you better have every damn patch installed. I'm really going to have to recommend apache here.
 
You have to open a port through your firewall to the webserver. Port 80 is the one to pass through (assuming you've done the default config, otherwise you probably know what port you picked).

Check the particulars of your router manual for that.

Alright, how do I open a port through my firewall to the webserver? You assume I know what I'm doing here. I'm lucky I've gotten this far.

Thanks!
 
jpmkm said:
If you are running IIS then you better have every damn patch installed. I'm really going to have to recommend apache here.
Click to expand...

Why does MS even bother if IIS is such a swish cheese server? Who uses it then if it's complete junk? It doesn't make sense that a free software like Apache is better than something developed by the biggest software company in the world! Or does it?

I'm just surprised.
 
They bother because they don't want to cede the market.

I imagine most of the holes are really problems tied to tight OS integration, same as IE. It's not so much the program itself as how the program can be used to exploit other flaws.
IIS FTP, for instance, is quite good.

anyway, for the router:
Check the particulars of your router manual for that.
Click to expand...
The manual should tell you how to do it. As an example, for Linksys equip, log in to the router, then Apps and Gaming, go to UPNP forwarding, then turn on HTTP (default settings of port 80 and TCP) to the internal IP Address of your server -- the one you get from ipconfig.
//edit: when your friends test, make sure they're using the external IP address, the one you get from www.whatismyip.com

Other routers will vary in procedure but not in principle.
 
biru32 said:
Why does MS even bother if IIS is such a swish cheese server? Who uses it then if it's complete junk? It doesn't make sense that a free software like Apache is better than something developed by the biggest software company in the world! Or does it?

I'm just surprised.
Click to expand...
No offense, but you really need to learn about what you are doing before you put a public server up on the internet. A default installation of IIS has more holes than a default installation of Apache. A lot of people like to make the argument that Microsoft software is more widely used and therefore more targetted, but as far as webservers go, apache is more widely used than IIS. I'm not going to sit here and try to tell you which is better; that is up to you to decide. Instead of just assuming that since Microsoft is a good company then their software must be better than everything else, maybe you should research it a bit. In many cases you will find that open source software has the upper hand as far a security is concerned.

I'm not trying to start a war here. I am simply saying that microsoft doesn't always make the best software and it is not always a good decision to use microsoft software. I see no reason to use IIS over Apache unless you absolutely require some specific IIS feature. It doesn't make sense that something developed by the biggest software company in the world is better than free software like Apache.
 
jpmkm said:
No offense, but you really need to learn about what you are doing before you put a public server up on the internet. A default installation of IIS has more holes than a default installation of Apache. A lot of people like to make the argument that Microsoft software is more widely used and therefore more targetted, but as far as webservers go, apache is more widely used than IIS. I'm not going to sit here and try to tell you which is better; that is up to you to decide. Instead of just assuming that since Microsoft is a good company then their software must be better than everything else, maybe you should research it a bit. In many cases you will find that open source software has the upper hand as far a security is concerned.

I'm not trying to start a war here. I am simply saying that microsoft doesn't always make the best software and it is not always a good decision to use microsoft software. I see no reason to use IIS over Apache unless you absolutely require some specific IIS feature. It doesn't make sense that something developed by the biggest software company in the world is better than free software like Apache.
Click to expand...

Yea, I was waiting for this. That's why I'm here, to get the basics and some good advice, isn't that the point of this forum? I know I have alot to learn and you guys and gals who know everything about servers and security are annoyed by folks like me, but I still would like to learn. How about pointing out a 101 book I can read or a web site that provides the basics on servers and security issues.

I'm not trying to run a server with any kind of important information on it. I just want to get a server up and running so that I know how it works, then I can get deeper into security issues. Like I said earlier, the server has nothing on it, so if someone hacks into it, they are going to be very dissappointed. It's an old 75 dollar IBM PC I picked up, I don't care, it's just a tool for me to learn on.

Thanks for everyones advice so far.
 
Regarding the system and security risks:

Good move that it's personally expendable. However, nobody wants to see yet another machine become a spam zombie, and you don't want to see what your webserver is capable of spewing onto your other machines. Security is worth doing anyway.

As for the rest: I really think you should go Apache. I don't think it much matters Apache 1 vs 2. I prefer 2 but that's just me.
I do think you should take a stab at reading through the Apache config yourself, that plus the install.txt is virtually a manual in and of itself. While yes, the forum is for helping and teaching, there's not much tolerance for questions where "RTFM" applies. We like to see people try things themselves (or at least say "I was reading this here, and I don't understand). That's where a lot of the animosity is coming from.

As for a 101 book, I think O'Reilly's "Webmastering in a Nutshell" is an excellent collected reference on all things webserver. It's not, however, big on security.
However, Apache security can be roughly summarized as:
Patch your machine. This is more important (IMO) than patching Apache itself.
Check apache.org for security notices occasionally.
Don't use more than you need. If you're not sure if you need it, turn it off until you do. This is pretty much Apache's default config anyway.
I also have seen mention of moving the Apache manual from its default location, but I don't know of specific exploits against it (The notice is probably there for legacy purposes). I recommend it (I recommend changing defaults whenever possible), but only once you feel familiar enough with Apache. I don't think it's urgent.
 
Thanks for all the help from you folks. I can see that the learning curve is a bit unforgiving in this situation, so I'll bulk up on some security reading and get Apache installed.

Didn't realize my machine could become someone elses bitch for spam and other festering turds of the like.

thanks again, you guy and gals rule!
 
The apache website has excellent documentation for installation and maintenance of the apache webserver. A quick search found this very informative page. I understand your desire to learn and I am the same way. In cases like this, though, most of what we could tell you can easily be found by some simple searching. Read through apache's documentation and that website. They probably have more information than any of us could give you. Though we'd still be glad to answer any questions you have.

I brought up the issue of IIS security because it can affect many other people. Some exploits aren't just to get into your machine; they can turn your machine into a zombie or a spam relay or something. This is something that affects everyone and if your machine gets turned into a zombie then you are responsible whether you are aware of it or not.
 
You must log in or register to reply here.
Back
Top