by Alan Brown

Over the past year or more I have been able to set up my machines at home so that I can offer a range of webserver and mailserver services. I can register a domain name for less than $10 a year and within a few minutes have the domain name service (DNS) supporting the name to IP address mapping, the domain name serving web pages, and accept mail to someone@ThisDomain.com for forwarding to a remote address or for local access. I now run more than 15 web sites for friends, family, and non-profit organizations, and deliver mail to more than 50 different people at those domain names. Many people have asked me how my systems are set up, how much resources they would need to do the same, and what on-going maintenance is involved. In this article I have tried to capture some of the answers to those questions.

Many people have asked me how my systems are set up, how much resources they would need to do the same, and what on-going maintenance is involved. In this article I have tried to capture some of the answers to those questions. Of course, there are many things I just do not had time to go into here. For that you can look at some books on setting up Linux, or see the in depth guides at www.webreview.com/2000/11_10/developers/11_10_00_1.shtml and www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/mHTML/TrinityOS-101500m.html. 

First, a few assumptions. This should really say it is about becoming a small-scale ISP. The system I have can happily handle a few hundred hits per day (see www.cbdedge.com/stats.html for my server statistics). I am sure that it would have problems if this increased to many thousands of hits per day.

Second, I assume you have a DSL or Cable connection to the Internet. Mine is through DirectLink, a reseller of GTE. For $30 a month I get a connection with speeds of 384k down and 128k up. There is an additional $30 a month to GTE for the line itself.

Third, this is a short description of how, in retrospect, I set up my own webserver and mailserver. I say in retrospect because this is how I would like to believe I did it. In fact, it was much more of an incremental discovery process than I describe here.

Fourth, there are a number of definite steps, and I suggest that they are carried out in the order presented here. For each one I have said a little about what you need to do, and how long it will probably take for someone with a reasonable idea of what they are trying to achieve, if not an understanding of the specifics of each technology. If you want more details, or have questions, send a note to the SIGPC Mailbag at sigpc-mailbag@srtilley.com and I'll try to respond as best I can. 

[back to the top]

Get Some Hardware

One of the big advantages of a Linux-based approach is that you don't need any sort of fancy hardware. Most people I know who have this kind of set up have used an old desktop PC as the server. A low-end Pentium-class processor (166MHz or above) is usually enough. Then you need about 64MB Ram, and at least a 2GB disk. A CD-ROM for installs is also needed.

If you don't have such a machine available, you can get one fairly easily for $200-300 from many places on the Internet. Try somewhere like www.onsale.com. They are underpowered to run as a client Windows desktop system, but ideal for a webserver and mailserver running Linux and Apache. Don't you find that rather ironic?

Everything else described below can be obtained for free - the power of the Open Source Movement, I suppose!

[back to the top]

Setup the Linux Operating System

The latest Linux distributions are available at very low cost from your local computer store, or free for download if you want to wait a long time to get them online. I would recommend the RedHat distribution (the latest is RedHat 7). This is by far the market leader, and consequently you'll find most information, help, and expertise available should you need it.

When you install the latest RedHat release you get a wizard that leads you through the install. By default you get the operating system installed with most of the goodies you will need -- Apache webserver, Postfix mailserver, Samba file sharing, Domain Name Server (DNS), etc. There are also a number of graphical tools for set up and configuration of many of these. The main one is called linuxconf. Just get the basic system installed and off you go!

If you do need help with any of the installation try some of the Linux news groups, or take a look at these sites for news, information, and software updates: www.redhat.com, www.linuxdocs.org, www.linuxworld.org, www.rpmfind.com, www.devshed.com, and  www.webmonkey.com. 

This should take you an hour or two.

[back to the top]

Configure the Internet Connection

If you have a DSL or Cable connection to the Internet you can enter all the data (IP addresses, name servers, etc.) during the RedHat installation. This can also be adjusted later with tools such as linuxconf, or by hand editing some of the files.

One of the tricky aspects you will face is if you have a home network of machines, or you are using some sort of combined DSL/Cable modem and Ethernet router. For instance, I have the Linksys 4 port DSL/Cable modem and router. It allows me to connect 4 machines to the Internet through one DSL connection, so I simply attach my Linux machine to one of these ports, and use the other for Windows desktop machines. Not only can all the machines get out to the Internet, they can also talk to each other and share resources over the same internal network.

The set up is quite straightforward, but make sure you look at the configuration information that comes with the modem. Also, you can look online and get someone who has done it to share their configuration. Typically you have to make the Linux machine the DMZ machine (in the Demilitarized zone) or specifically map the ports you want exposed to the Internet. This will likely be port 80 for the HTTP connections to your webserver. Others if you want to run an ftp server, mailserver, telnet, ssh, etc. This is not hard, just a bit messy, and requires a little research to get the right ports, IP addresses, etc.

It may take an hour or two playing with the configuration and learning how it works.

[back to the top]

Secure the Server

A key aspect of setting up an "always-on" Internet connection is making sure it is secure. If you have a combined DSL/Cable router and modem then you get a firewall in that box. But there are still some things that I would recommend that you do for security on the Linux machine. This includes, but is not limited to:

• Enable shadow passwords. This is easy to do and makes the password file more secure.
• Ensure you have all the latest security patches or your RedHat releases. You can get these from the RedHat site. You will need to know how to use the RedHat Package Manager (rpm) to do this.
• Disable any services you don't need. If you are not interested in offering a service, don't run it. You can turn most of these off in linuxconf.
• Set up TCP wrappers. This is a simple wrapper that allows you to say which services you allow access to from which IP addresses. It is best to set a default of "deny: all" and then specifically turn on services, or allow access from specific IP addresses.
• Set up a local firewall. This is essential if you are directly connected to the Internet, and a "nice to have" otherwise. The firewall approach with RedHat 7 is called ipchains. It is a chain of rules you create saying what you do and don't allow. It's a bit painful. But fortunately there are some wizard-based tools on-line that generate ipchains scripts. Use one of those (e.g., www.linux-firewall-tools.com ).

[back to the top]

Configure the Webserver

The Apache server will come pre-installed with RedHat 7 (and most other Linux distributions). You need to take a look at the configuration file (httpd.conf). The default will likely be fine, but you might want to make some changes. Make sure that the correct admin e-mail address is inserted, machine name, etc. There are lots of other options you should look at too, but probably won't need to change at this point.

The usual way to use an Apache server is to serve multiple websites from a single Apache webserver. You do this with an approach called virtual hosting. Essentially, you have a different set of configuration statements for each domain name serving up pages, all on the same httpd.conf configuration file. Apache can tell which one to serve by looking at the address that was requested and going to the appropriate commands in the configuration file. This is fairly straightforward. Check any Apache book, or look on-line for the set up details.

In addition, you will want to think about what kind of server-side scripting you want to support. You can configure Apache for many kinds including cgi-bin scripts, Microsoft FrontPage (through a set of Apache extensions) and PHP. Think about what you are likely to need, and the security implications of the choice you made (e.g., the Apache people specifically do not recommend installing the FrontPage extensions!).

The latest Apache release (1.3.14) that comes with RedHat 7 has a modular kernel for easy upgrade, and comes configured for PHP3 support. You may want to upgrade to PHP4 by installing from www.php.net and following their installation instructions. PHP offers an excellent scripting mechanism that is gaining a great deal of support in the Internet community. If you have not tried it take a look at sites such as www.phpbuilder.com and www.phpwizard.com for more details. They have some excellent tutorials on PHP.

It may take an hour or two to set up the Apache configuration file.

[back to the top]

Configure the Domain Name Service

You need to set up DNS if you want to be able register domain names and enable people to map those names to your IP address. The configuration of DNS is a major pain. It is quite archaic. You will need to read up on this. Otherwise you can get lots of example of configuration files for DNS off the Internet. I suggest you start with one of those, learn how it works, then update it for your set up. Check the news group, or ask a friend who has already set this up!

When you get it set up, this allows a name daemon to be started on your machine that serves domain name to IP mappings to the Internet for others to use. You need a primary and at least one secondary name server for each domain name. There are some free domain name servers on the Internet. I suggest you provide the primary name service for your registered domain names, and use these free services (or a friends DNS) as the secondary servers. That will give you the greatest flexibility.

It may take several hours to read up and understand DNS, and an hour or two to set up your service.

[back to the top]

Configure the Mailserver

As a mail server I suggest you use the postfix server - see www.postfix.org. This is a secure mailserver replacement for sendmail. Sendmail is the source of no end of security problems, is difficult to configure, and is slow under large loads. Postfix fixes these problems (hence the name!). It is a great system.

Postfix now comes with the RedHat 7 distribution. There is a how-to and an install script. Read them, and run the script. There is a very active newsgroup for postfix if you have problems at www.egroups.com/postfix. 

You now need to add your own mail aliases to the postfix configuration files (see the documentation). Then make sure you run one of the mail transport services (IMAP or POP) to allow a remote machine to access mail on your server.

It may take you an hour or two to set up the mailserver.

[back to the top]

Provide Outside Access to the Server

There are a number of ways you will want people to get access to your machine from outside. This includes:

• webpages. Make sure you allow access to port 80 for httpd. That should allow people to get to your webserver.
• mail. If you run a mailserver such as postfix, you can run IMAP or POP and allow access to let people download mail to another machine (e.g., a PC running Windows and Outlook). Make sure you allow external access to IMAP or POP through the appropriate port.
• ftp. Similar.
• telnet. Similar.
• ssh. Similar.
• samba. Remote file access from another machine is possible using samba. For example, I use a windows desktop to do most of my work, and can access the files on the Linux machine on my network through a samba connection. I simply see the machine on my network, and can open it in the windows explorer, drag-and-drop files, etc. A great convenience.
• VNC. A VNC server is a way to allow you to allow a remote machine (windows or other) to have a window that is a Linux desktop running one of the Linux desktop managers. It is a great way to access the remote machine without having two monitors on your desk!

For all of the above services you need to do 3 things in each case. First, set up the configuration files and start the daemon on the server. This can be put in the startup script so it begins each time the machine boots. Second, ensure that the security/permissions allows access to the right people. Look in the firewall scripts to allow access to the service through the appropriate port, and change the TCP wrappers to allow access to the service from the machines you want. Third, make sure the client is running an appropriate program to access the service, and it is configured to point to the server correctly. For example, the appropriate mail client, or ssh client.

Just to reiterate, in all of the cases above you need to make sure that you have the right permissions to get access. If you have trouble, check the TCP wrappers files, firewall rules, and the local script for the services. Make sure the server is running as you expected. But again, remember that you should not run a service, or provide access, unless you think there is a real need. The simpler the system the easier it is to maintain, and the less security issues you will raise.

It may take you an hour or two to configure the appropriate services.

[back to the top]

Finally….

So that gets you a basic webserver and mailserver, all for around $300. My guess is that most of this could be set up in a weekend. Perhaps 2 weekends if you have more configuration activities you want to do.

That leaves the topic of on-going maintenance. I have found Linux to be very stable. It has been much more stable than the various Windows machines I also run! However, there are some configuration complexities. There have been times when the system is down or working erratically and it has taken me a day or more to figure out what is wrong. Usually it is something silly I have done, or an incompatibility of some of the things I have installed. These are easily fixed……just hard to find.

The on-going maintenance usually consists of the following:

• Updating web pages and mail aliases takes an hour a week.
• Checking and installing new patches for system files takes half an hour a week.
• Adding new interesting add-on software and playing with takes as much time as you are willing to commit (and then a little more!).

So just do it. Discover. Learn. Have fun. Just don't call me at 3am when you are trying to figure out what is going on in your configuration scripts ;-)