Hosting Your Own Webserver with Debian GNU/Linux
This hub is designed to walk you through using Debian GNU/Linux to set up your own personal webserver. The target audience is anybody wanting to use Linux to host a personal website, and don't need a MySQL database or advanced scripting support like PHP. You can of course use this hub to get Apache going and then go on from there, but if you're not really familiar with Linux and want a quick and easy walk-through to set up your own fairly secure web-server, you came to the right place. While writing the hub I will be performing the installation in a virtual machine and will take screenshots along the way. I will try to be as descriptive as possible so that even those of you who aren't familiar with Linux will be able to use this hub to set up your own free Debian Linux webserver.
One side note to be aware of. Yes, I install the Gnome desktop on servers that I set up. Many people who set up Linux servers choose not to install any kind of graphical interface to reduce overhead. In my experience, the ease of use that comes with having a GUI desktop available is worth the minuscule amount of overhead it imposes. I am perfectly comfortable doing all of this in a command-line-only environment, but having a mouse and features like "Copy and Paste" make life so much easier. My personal webserver right now is running Debian Linux with an Apache webserver, a CUPS print server, a ProFTPD FTP server, and the Gnome graphical desktop, and my RAM usage is sitting at just under 200 MB, with a CPU load of 1%. So yeah, it's not a big deal to have Gnome installed on your server. If you want to, you can certainly remove Gnome after you get Apache up and running, and I'll describe how to do that with tasksel later on in the hub.
There are some notes to be aware of below. If you run into any problems along the way, please refer to those notes before giving up. If you continue to run into problems please stop by the Debian website at http://www.debian.org where you can find links to documentation, forums, IRC chat channels and more.
- As of the writing of this hub, the latest version of Debian GNU/Linux is version 6.0 (Squeeze). Debian GNU/Linux does not have a definite release cycle like Ubuntu or some other operating systems. Instead they have their system in several phases of development like "Unstable", "Testing" and "Stable", and they release a new version when they feel like it's suitable for mass consumption. If you already have a Debian CD from another source, please make sure it is the "Stable" version to ensure maximum stability and reliability. If you are reading this hub and trying to use it as a guide to set up a later version, I cannot guarantee its accuracy. The changes made in later versions of the OS could render this article pretty out-dated.
- The CD downloaded in this hub is a "Network Installer", so it requires a fast and reliable internet connection. The faster your connection speed, the faster the install will go. If you do not have a high speed internet connection, there are several retailers that sell manufactured CDs. To learn more check out the "Vendors of Debian CDs" page on www.debian.org.
- At some point during the installation you may be prompted to provide firmware for devices. Linux, in my experience, has extremely good hardware support, but from time to time you run into a device that isn't supported out-of-the-box. All you need is a thumb-drive formatted in FAT32 (FAT32 is cross-platform) with the firmware files on it. Locating the firmware files will differ depending on the device, but Debian will tell you exactly what file it is looking for, and in my experience typing that filename into Google with terms like "Linux" and "Firmware" have always yielded the reults I needed.
Acquiring the Linux Installation CDs
For the first part of this walk-through we need to actually download the appropriate CD to install the operating system. To download the discs for Debian Linux we need to go to Debian's official website, http://www.debian.org. At the top right of the page you'll see a button that reads "Download Debian 6.0 (32/64-bit PC Network Installer)". Click this button. You will be prompted to download an ISO image of the installation disc. You can burn this ISO to a disc with any number of CD burning applications such as Brasero or CDBurnerXP Pro. You can also use it to make a bootable USB stick with UNetbootin.
Booting from the CD
Insert the installation media into the destination computer. Make sure that any hard drives not involved in the installation are disconnected to avoid confusion later. Make sure the network cable is connected and then turn on the computer and boot from the installation media. At the initial startup screen you'll be presented with a menu. I prefer the "Graphical Install" as it is more user friendly, and lets you navigate using your mouse. Select the desired installation type. If you aren't sure if you are using a 32 bit or 64 bit machine, try selecting "64 bit graphical install". If your computer isn't capable of running 64 bit software, it will tell you, and you can just go back to the menu and select "Graphical install", which installs the 32 bit version. Regardless of which graphical install you select, it will all "look" the same during installation, so the directions in this walk-through still apply
Selecting Language Settings
When the disc boots, you'll be prompted to select your language and keymap settings. These steps are pretty self explanatory. Select the appropriate options, and click "Next". When you get to the "hostname" option, you need to set a unique hostname for your server. This is not the hostname that people outside your network will browse to when they want to see your website, but it still needs to be different than the other computers on your network. For this walk-through I will name mine "debian-server".
The "Domain name:" box can be left blank, unless you want to join your computer to an existing domain infrastructure like Active Directory.
Setting Up User Accounts
The next screen will ask you to provide a "root" password. The "root" account is the ultimate administrative account in a Linux based OS. It is used to make changes to the system's configuration, install software, etc. This password is separate from the password for the account that you will actually log into your computer with.
For those of you that are familiar with Ubuntu, or just want different behavior. This box can be left blank. If you leave the box blank, the root account will be disabled, and the first user account created will be granted "sudo" rights, which behaves much like the Windows UAC and allows you to perform administrative tasks by entering your own password instead of the different one you set for root.
I personally prefer to have a separate account for administrative tasks, so I will enter a password for the root account.
After entering, or not, your root password, you'll be prompted to enter the full name of the new user. This is not what you will be logging in with, it just helps build some information about you on the server. After entering the full name, and then clicking "continue" you'll be prompted to enter your desired username. It should have auto-filled one in based on your full name. If you don't like it, you can change it here, then click "Continue".
Next you'll be prompted to enter your password. This is the password you will actually log into the system with, and if you chose to leave the root password blank, it is also the password that you will perform administrative tasks with when prompted.
Partitioning Your Hard Drive
After setting up your usernames and passwords, you will select your timezone, and then be prompted on how you want to partition your hard drive. This is why I said at the beginning to unplug any external or additional hard drives you plan on using with your server, to avoid accidentally wiping a drive with important information on it.
The first screen will ask you to broadly select how you wish to cut up the drive. This choice is really up to you, and at the end of the day, won't affect the functionality of your webserver, just where and how files are stored on the drive. For a basic setup, and for the purpose of this walk-through, we're going to select "Guided - use entire disk". In the very next screen it will ask you to select which hard drive you wish to install Debian to. Select the destination drive and click "Continue". Next it will ask you to vaguely identify how you want the drive partitioned. If you want to know the advantages and disadvantages of having separate partitions for different parts of your system there are tons of articles out there. For my purposes, I always just select "All files in one partition". This makes sure that all of my free space is together, and not spread out across multiple partitions.
At the next step it is going to ask you to review your partitioning scheme. If you selected the same automatic options as I did, you'll see one partition labeled "/" and one swap partition of a size relevant to the amount of RAM on your system. If everything looks fine you can highlight, "Finish partitioning and write changes to disk".
In the very last screen it will ask you one final time to verify that you want to continue, because partitioning the disk effectively wipes all data from it. The installer assumes "No", so if you don't manually click "Yes", when you click "Continue" it will loop you back to the beginning of the partition setup. So make sure if you're ready to continue that you manually click "Yes" before clicking "Continue".
After a brief wait you'll be presented with an option to choose your country again. This stage of the installation determines where Debian will download its software from. At the first screen choose your country then click "Continue". In the next screen you can choose what server in your country to download software from. The top option is usually the best, however you can choose other servers that should be equally reliable. This choice is really up to you based on your geography and what you know about the status of each server. If you're not sure what to choose, leave it at the default and click "Continue".
In the HTTP proxy screen that comes up next, if you have to connect through a proxy, enter the proxy information here. Otherwise you can leave this block blank and hit "Continue".
Select and Install Software
You'll next be presented with a progress bar labeled "Select and Install Software". This is the next step and will appear on your screen in about 10 minutes.
Once it's done you'll be presented with option to participate in the "Package Survey". The screen explains itself fairly well, and it is totally optional. Basically it uploads information about the software you install to the Debian developers so they can have information about how many people use certain pieces of software. Make your choice and click "Continue".
Next you'll be presented with a list of software options with checkboxes next to them. Here are my recommendations.
- Graphical desktop environment
- Web server
- SSH server
- Standard system utilities
This will install everything you need to have an operational web server that you can log into remotely. Make those selections and click "Continue".
This is the long part, depending on your network speed it could take anywhere from 30 minutes to several hours. Just sit back and be patient, :-)
Once the software is downloaded and installed you'll be asked if you want to install the Grub bootloader into the Master Boot Record. This is required to make system bootable, so if you don't have plans for using an alternate bootloader, select "Yes" and then click "Continue".
Once it finishes installing the Grub bootloader, it will present you with a message telling you that it's done. Click "Continue"; your computer will reboot, once it reboots and you see the manufacturer logo such as "Dell", remove the installation media.
Startup and Testing
Upon rebooting you will be presented with the Grub boot screen. You shouldn't have to do anything here. Just let it sit for 5 seconds and it will automatically boot the default option.
Once at the login screen, go ahead and log in with the username and password you set for yourself during installation.
After you get logged in, the first thing we want to do is make sure that our webserver software is in fact installed and functional. At the top bar you'll see some shortcuts. One of them when you mouse over it says "Epiphany". Epiphany is the default web browser for Debian, and while it isn't the most up to date browser available for Debian, it will suffice for our purposes. Open Epiphany, and in the address bar type "127.0.0.1" and press Enter. You should be presented with the default Apache page that says "It works!". This shows that out software is installed and functioning correctly.
If you remember, we also chose to install "SSH Server". If you didn't check that block you can skip this step. SSH effectively lets you log into your server with a command line interface from another Linux/Unix computer, or from a Windows machine with PuTTy. To make sure your SSH server is running, in the top left of your screen click "Applications -> Accessories -> Terminal". Once the terminal opens run the following command:
You may get prompted about an RSA fingerprint. As long as you don't see anything that says "Failed" or "Timed Out", we're good to go.
Apache, by default, looks in /var/www for files to display. When you visit your web server using a web browser, Apache displays the contents of that folder. What if you wanted it to point somewhere else though? The default /var/www is root protected. What if you wanted to host your website off a folder in your home directory so you could modify it without becoming root? The way we do that is to edit the Apache configuration, and then restart Apache.
The first step is to open the Apache host configuration file in a text editor. In the top left of your screen click "Applications -> Accessories -> Root Terminal". Enter your root password, or if you left the root password blank during installation, enter your password.
When the root terminal appears run the following command:
You will now be presented with a graphical text editor which you can use to modify the settings for Apache's default site configuration. All you have to do to point Apache to the new location is go through this file and replace every occurrence of /var/www with the full path to the folder you want Apache to look at(Remember to surround the path in quotation marks if it contains spaces). After doing that, save the fle, then close the text editor. In the still open root terminal run the following command:
That will restart the webserver which will now display the contents of the folder you specified in the configuration file.
While following this walk-through we installed a functional SSH server so we can log into the server remotely. There is one change that I think is a must-have that we're going to make to the SSH configuration.
To do this we're going to edit the SSH configuration file, just like we edited the Apache configuration file. In a root terminal run the following command:
Scroll down until you see an option that reads "PermitRootLogin" and change the word "yes" to "no" without quotation marks. If you want, you can also change the port that SSH listens on. It defaults to 22, and I changed it on my personal server because of the insane amount of traffic I received from bot-nets just scouring the internet for networks that had something listening on port 22. This is known as security through obscurity, and won't stop a hacker, but it will stop bot-nets that scan you looking for specific ports. To change the port number, at the top of the configuration file find the option "Port" and change it from 22 to whatever you want it to be, as long as it doesn't conflict with other software like Apache. Save the file, then close the text editor. In the root terminal run the following command:
That will restart the SSH server and disallow root logins, which in my opinion is a must-have security feature. You can still log in as root, but in order to do so you have to log into SSH initially as yourself and then become root with "su" or "sudo".
Congratulations. You have now set up a functional Debian GNU/Linux server with Apache and SSH services. There is nothing further you need to do except learn more about your operating system, the way you are implementing your server, and to further secure it if necessary. If your server is connected directly to the internet I recommend implementing a software firewall; my favorite being "Firestarter". If you choose to remove Gnome you can install the command line frontend to IPtables called "ufw" to help you set up your IPtables firewall. I recommend leaving the GUI installed, just to make life easier for you, however if you now want to remove the graphical desktop environment from your server you can follow these steps.
1) Press CTRL+ALT+F1 . This will send you to a command-line-only environment. From here log in as root by entering "root" as the username and entering the root password you set during installation. If you left the root password blank, log in as yourself.
2) Once you are logged in run the following command. If you are logged in as yourself remember to add "sudo" to the beginning of the command so it is executed with root privileges.
You will be presented with a text-only version of the checklist you saw during installation. Use the arrow keys to go up to "Graphical desktop environment", use your spacebar to de-select it, and then press "Tab" to place your cursor on the "OK" at the bottom, then press "Enter". It will remove the packages associated with the GUI, but won't affect your Apache or SSH services.
If you have any questions about this article and the steps in it, feel free to contact me through HubPages.
To learn more about Debian GNU/Linux you can visit the official website at http://www.debian.org
To learn more about Apache you can learn more at http://www.apache.org
To learn more about the UFW Firewall visit https://launchpad.net/ufw
To learn more about the Firestarter Firewall visit http://www.fs-security.com/