Questions For New Web Server Admins
This page has been set up in response questions such as:
- I have a server, now how do I start serving websites?
- What sort of connection do I need for my server?
- What software should I use to manage my server?
- etc etc
The bad news is that you can't get all these answers in a single web page. Although you are probably keen to get started, before you think about connecting your server to the big bad Internet you need to take a deep breath and understand a few things. This is all very important!
Operating a web server is a serious responsibility, not only to yourself and the websites you host, but to the entire Internet community. 99% of all the problems on the internet are caused by the following people:
- Virus Authors
- Newbie Server Admins
You must understand this: It takes a long time to learn how to run a server properly!
Unless you are doing a full-time course, there is simply no way to learn what you need to know in less than a year or so. Understanding DNS servers and virtual hosting is not enough — there is a huge amount to learn. If you think you're smart enough to do it quicker, you're actually not very smart at all.
Your first task is to make a choice: Do you want to do this quickly or properly?
So Where do I Start?
The steps you need to follow are listed below. Remember that it's up to you to find all the latest relevant information — researching this stuff is an essential skill for any server admin.
Step 1: Learn the basics
Spend lots of time searching the Internet and reading books about these topics:
- IP addresses, DNS resolution and virtual hosting
- Using the command prompt
- Using email systems such as sendmail
Step 2: Choose an OS
This is obviously a personal choice — there are many flavours of Linux, Unix, FreeBSD, Windows, etc. You need to understand enough about each OS to make an informed choice. One of the most common mistakes is to choose Windows because you already know it. Our recommendation is to invest your first couple of months learning Linux because we've found it to be a better option, but in the end it's up to you. Just make sure your choice is based on solid reasoning — it will be a choice that you live with for a long time.
If possible, it's a good idea to set up more than one server with different operating systems. Run them for a year or more to see how they really perform over time.
Step 3: RTFM
Read the manual for your server operating system. For example, if you are using Red Hat Linux, everything you need to know about serving websites is in the book which comes with the disks. Every major distribution has the necessary documentation.
Step 4: Set up a LAN Server
Using at least two computers, set up a simulation of the Internet on your own LAN. Run this for a while, test it thoroughly, try to hack yourself, etc.
Security and Other Considerations
Maintaining security is a much bigger responsibility than many newbies realise. Below are some questions you need to answer before you can call your server safe. These things change constantly so you need to stay abreast of developments.
Your server will be routinely probed by hackers to look for vulnerabilities. All servers must deal with this — you are not immune just because you have a low profile. Hackers send out automated bots looking for weaknesses and you can expect to fend off several hackers every single day. Are you prepared for this?
Spammers are constantly on the hunt for servers which allow open relay or are insecure enough for them to use in other ways. For example, many common form-to-email scripts can be used to relay spam. How will you test your server to make sure spammers can't use it?
New Security Holes, Patches, etc
You might have your server tested for security and given the all clear, but a month later a new vulnerability is found in your operating system. How will you know about it and how will you fix it?
If you are planning on offering hosting as a commercial service, do you really understand all the implications?
- What is your security policy for clients? How will you monitor client access and server use? What is your alarm system for detecting unauthorised use?
- Do you understand all the things required by different types of websites? For example, do you know all the database types you support? How will you react when a client asks for something your server doesn't have, or that you don't understand?
- One thing many newbies overlook is the business side of hosting. What exactly is your experience in dealing with clients? If you don't have much experience, you should take a small business course.
In theory it's quite simple — learn everything outlined above and you'll be fine. Where people come unstuck is through impatience. As soon as they get virtual hosting working they let their server loose without really understanding all the implications.
Be patient — you have a long life ahead of you and there's plenty of time to get it right.