HTTP/FTP/SSH Hosting Guide for Beginners.txt - Notepad

HTTP/FTP/SSH Hosting Guide for Beginners

This guide details how to host your own HTTP/FTP/SSH server. All you need is an ordinary PC and an internet connection.

What's HTTP, FTP and SSH?


What are the advantages of running your own server?

From a HTTP perspective:

From an FTP perspective:


The command line - Gnome Terminal

Please note that this guide expects you to do almost all of your configuration via the command line, not the GUI. To access the command line from the GUI you need to open a gnome terminal. To do this type alt F2 and then enter gnome-terminal.

Step 1 - downloading and installing the Operating System

The Operating System (OS) is the core component of a computer that manages hardware resources (CPUs, hard drives, DVD players etc) and provides services to applications (Outlook, Firefox, Windows Media player etc). You're going to need to install an OS on your computer to turn it into a server. There are numerous free Operating Systems that offer HTTP, FTP and SSH services such as FreeBSD, Ubuntu, and Debian. In this case I have used Fedora Core 15.

Where do I download the OS?

You can download a copy of Fedora Core 15 for free here. Make sure you download the 64 bit version (x64) if you have a 64 bit processor, or the 32 bit version (x86) if you have a 32 bit processor. If you're not sure if your processor is 32 or 64 bit and you currently have Windows installed on your machine, open the command prompt by holding down the Window key and typing r. Now type systeminfo and scan the output for x86 or x64.

Once you finish downloading the ISO file burn it onto a CD or DVD and boot your computer from it. You may need to set your CD or DVD as the first boot device in your BIOS settings if you find that your PC boots straight into the current OS eg Windows XP. You can normally do this by tapping F1, F12 or the DEL key on startup. If you need more information on booting from a DVD refer to this article at Simplyguides.net.

How do I install the OS?

After you have booted the computer via the Fedora disc a GUI will start up. Now you need to install the OS onto the hard drive. If you hover your mouse over the left hand side of the screen a menu will appear. Click on the icon that looks like a hard drive with a green arrow on it. Now, follow the prompts to install the OS, these involve selecting the disk you want to install the OS on, creating a username and password, selecting your timezone and keyboard layout etc.

Step 2 - updating your server using YUM

Once you've logged into your server via the GUI interface it's time to update your system using the package-management utility YUM. You can do this by typing yum update. This will perform a full system update that upgrades all your programs and dependencies to the most recent version. You can also use YUM to install software eg yum install firefox or yum install vlc. YUM can also be used to remove applications yum remove httpd. Pretty handy, huh?

Step 3 - configuring an IP address for your server

I'm going to assume that you have a broadband internet connection at home hooked up via a wired or wireless router/ADSL modem. I'd recommend assigning a static IP to your server rather than a dynamically assigned address from your router (default gateway). You can assign an IP address to your computer easily using the GUI, but you can also use the command line. For example, the following command applies an ip address and netmask to the ethernet 0 interface and turns it on (up): ifconfig etho0 192.168.1.5 netmask 255.255.255.0 up.

Step 4 - port forwarding

In order to access your server via the internet you will need to set up port forwarding. Without port forwarding enabled, SSH, FTP and HTTP requests from the Internet will not get passed your home router. I can only provide limited help on this because I don't know what type of router you are using, but you should be able to configure your device through a web browser by entering its IP address into the address bar. Once you're on the device look out for port forwarding, this could be under a section such as games and applications. You will need to forward ports 22 (SSH), 80 (HTTP) and 21 (FTP) to the IP address that you assigned to your server.

Step 5 - configuring iptables

Iptables is basically your server's firewall. I'm pretty sure incoming HTTP, FTP and SSH connections are blocked by default. This means that you're going to have to configure iptables to allow incoming SSH, HTTP and FTP requests, otherwise your services wont work. Iptables is fairly cryptic to configure via the command line so I'd recommend using a GUI tool such as Firestarter. The tool I use is installed by typing yum install system-config-securitylevel and run by entering system-config-firewall at the command line. I find it to be a really useful tool to configure iptables and it also works in runlevel3. Once you open the application it's just a matter of ticking 3 checkboxes that correspond to allowing incoming HTTP (80), FTP (21) and SSH (22) traffic.

Step 6 - configuring HTTP, FTP and SSH

HTTP - Apache

Fedora Core 15 comes preinstalled with the Apache HTTP Server (HTTPD). However, if you need to download it you can do so here. The HTTPD configuration file is located at /etc/httpd/conf/httpd.conf. You don't need to modify this file to get HTTPD working, you can simply leave it as it is. However, if you want to make changes this is the file for you. The root directory for HTTPD is defined by default as /var/www/html in httpd.conf. This is where users over the Internet will access your files. Go ahead and copy your index.html and other web pages to this location. The next step is to turn your httpd service on, enter service httpd start. Enter chkconfig httpd on to turn it on by default. Now open a browser and enter http://youripaddress (eg http://192.168.1.1, you can check your ip address by typing ifconfig at the command line), boom you should see your index.html file. You can monitor the access of your HTTP server via the access log located at /var/log/httpd/access_log just type cat /var/log/httpd/access_log | more.

FTP - Very Secure FTP Daemon

Fedora Core 15 comes preinstalled with the Very Secure FTP Daemon (VSFTPD). However, if you need to download it you can do so here. The vsftpd configuration file is located at /etc/vsftpd/vsftpd.conf. It's fairly complicated, but you can download a premade one here. This particular config file allows user accounts on the server to use ftp, but it does not permit anonymous ftp users. You can change this by changing anonymous_enable=NO to anonymous_enable=YES in the config file, but I'll leave this up to you. Next, turn your ftp service on, enter service vsftpd start. Enter chkconfig vsftpd on to turn it on by default. Now open a browser and enter ftp://username:password@youripaddress, boom you should see your ftp directory. You can also access your ftp service via an ftp client such as Filezilla or WinSCP, or even via the command line. In fact, this is a better way to access ftp than via a browser because it allows you to upload files. You can monitor the upload/download of files on your ftp server via the access log located at /var/log/vsftpd.log just type cat /var/log/vsftpd.log | more.

SSH - OpenSSH Server

Fedora Core 15 comes preinstalled with the OpenSSH Server (SSHD). However, if you need to download it you can do so here. The SSHD configuration file is located at etc/ssh/sshd_config. You don't need to modify this file to get SSHD working, you can simply leave it unchanged. However, if you want to make changes this is the file for you. The next step is to turn your sshd service on, enter service sshd start. Enter chkconfig sshd on to turn it on by default. Now you can remotely control your server from an SSH client:) You can monitor successful and unsuccessful attempts to log onto your server by viewing the ssh log - cat /var/log/secure | more. This is an interesting log because it's likely that you'll find some random users who have tried to access your server! NOTE the following important security change to SSHD should be implemented. Root SSH access is enabled by default, this should really be turned off because it is a potential security risk. To turn root login off edit the /etc/ssh/sshd_config file. Find the part where it says #PermitRootLogin yes and change it to PermitRootLogin no. Restart the sshd service and root login will now be disabled.

Clearing the log files

The 3 key log files I have mentioned above are very useful. However, you may find that they become too large and annoying to scroll through to find recent information. To clean up your logs (in this example the ssh log (/var/log/secure)) type cat /dev/null > /var/log/secure, this will remove all existing information so you can start from scratch. You may want to back up a copy of your logs prior to doing this.

Step 7 - accessing your server from the Internet

In order to access your server via the Internet you'll need to use your external IP address (the one given to you by your ISP). You can determine your IP address by jumping on a computer on your LAN and visiting https://www.vpnmentor.com/tools/ipinfo/. Over your LAN you'll be able to access your server via it's local IP eg http://192.168.1.250, but from the outside you'll need to use something more like http://201.125.25.10. If you can't handle such an inhuman name for your website visit http://tinyurl.com. Tinyurl offer a free URL forwarding service that turns something like http://122.149.238.95/ into http://tinyurl.com/beare84.

Step 8 - feeling brave? Time to lose the GUI!

Running a GUI (runlevel 5) on a server is generally considered unnecessary. If you're confident enough on the command line you can boot straight into runlevel 3 (CLI only!). Runlevel 3 uses significantly less resources than runlevel 5 because it does not load a GUI. This server had an average CPU utilisation of around 20% when running the GUI under runlevel 5, but sits at around 0.2% CPU utilisation in runlevel 3.

To view your current runlevel type who -r. To view your current default run level type ls -l /etc/systemd/system/default.target. To change to runlevel 3 now type init 3. To resume the GUI interface type startx, typing init 5 should also work. To configure your server to boot into runlevel 3 by default type ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target. Note, some of your services will not have been turned on by default in runlevel 3. Type chkconfig and browse for your relevant service and look under 3 to see if it is turned on by default. You can also be more specific by typing chkconfig --list httpd (replace httpd with the required service). If you see off next to 3 type chkconfig --level 3 httpd on. To change your default runlevel back to 5 type ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target. For further info on runlevels on Fedora Core 15 type cat /etc/inittab.


That's all folks

Congratulations on your new server! You are no longer a Noob. If you have any feedback on this guide please contact me via email. Thanks for viewing.