Creating a web server on a cloud

From Alliance Doc
Revision as of 21:33, 8 November 2022 by Shuber (talk | contribs) (updating links)
Jump to navigation Jump to search
Other languages:

Parent page: CC-Cloud

This page describes the simplest case of creating a web server on the Compute Canada cloud using Ubuntu Linux and Apache web server.

Security considerations[edit]

Any time you make a computer accessible to the public, security must be considered. "Accessible to the public" could mean allowing SSH connections, displaying HTML via HTTP, or using 3rd party software to provide a service (e.g. WordPress). Services such as SSH or HTTP are provided by programs called "daemons" which stay running all the time on the computer and respond to outside requests on specific ports. With OpenStack you can manage and restrict access to these ports, including granting access only to a specific IP address or to ranges of IP addresses; see Security Groups. Restricting access to your VM will improve its security. However, restricting access does not necessarily remove all security vulnerabilities. If we do not use some sort of encryption when sending data (e.g. passwords) an eavesdropper can read that information. Transport Layer Security is the common way to encrypt this data, and any web site which uses logins (e.g. WordPress, MediaWiki) should use it; see Configuring Apache to use SSL. It is also possible that data transmitted from your webserver to a client could be modified on route by a third party if you are not encrypting it. While this might not directly cause issues for your webserver it can for your clients. In most cases it is recommended to use encryption on your webserver. You are responsible for the security of your virtual machines and should take it seriously.

Installing Apache[edit]

  1. Create a persistent virtual machine (see Booting from a volume) running Ubuntu Linux by following the Cloud Quick Start instructions.
  2. Open port 80 to allow HTTP requests into your VM by following these instructions but selecting HTTP form the drop down box instead of SSH.
  3. While logged into your VM
    1. Update your apt-get repositories with the command
      Question.png
      [name@server ~]$ sudo apt-get update
      
    2. Upgrade Ubuntu to the latest version with the command
      Question.png
      [name@server ~]$ sudo apt-get upgrade
      
      Upgrading to the latest version of Ubuntu ensures your VM has the latest security patches.
    3. Install Apache web server with the command
      Question.png
      [name@server ~]$ sudo apt-get install apache2
      
  4. Apache2 test page (Click for larger image)
    Go to the newly created temporary Apache webpage by entering the floating IP address of your VM into your browser's address bar. This is the same IP address you use to connect to your VM with SSH. You should see something similar to the Apache2 test page shown to the right.
  5. Start modifying the content of the files in /var/www/html to create your website, specifically the index.html file, which is the entry point for your newly created website.

Change web server's root directory[edit]

It is often much easier to manage a website if the files are owned by the user who is connecting to the VM. In the case of the Ubuntu image we're using in this example, this is user ubuntu. Follow these steps to direct Apache to serve files from /home/ubuntu/public_html, for example, instead of from /var/www/html.

  1. Use the command
    Question.png
    [name@server ~]$ sudo vim /etc/apache2/apache2.conf
    
    (or some other editor) to change the line <Directory /var/www/> to <Directory /home/ubuntu/public_html>
  2. Use the command
    Question.png
    [name@server ~]$ sudo vim /etc/apache2/sites-available/000-default.conf
    
    to edit the line DocumentRoot /var/www/html to become DocumentRoot /home/ubuntu/public_html
  3. Create the directory in the ubuntu user's home directory with
    Question.png
    [name@server ~]$ mkdir public_html
    
  4. Copy the default page into the directory with
    Question.png
    [name@server ~]$ cp /var/www/html/index.html /home/ubuntu/public_html
    
  5. Then restart the Apache server for these changes to take effect with
    Question.png
    [name@server ~]$ sudo service apache2 restart
    

You should now be able to edit the file /home/ubuntu/public_html/index.html without using sudo. Any changes you make should be visible if you refresh the page you loaded into your browser in the previous section.

Limiting Bandwidth[edit]

If your webserver is in high demand it is possible that it may use considerable bandwidth resources. A good way to limit overall bandwidth usage of your Apache webserver is to use the | Apache bandwidth module.

Installing[edit]

Question.png
[name@server ~]$ sudo apt install libapache2-mod-bw
Question.png
[name@server ~]$ sudo a2enmod bw

Configuring[edit]

An example configuration to limit total bandwidth from all clients to 100Mbps is

   BandWidthModule On
   ForceBandWidthModule On
   
   #Exceptions to badwith of 100Mbps should go here above limit
   #below in order to override it
   
   #limit all connections to 100Mbps
   #100Mbps *1/8(B/b)*1e6=12,500,000 bytes/s
   BandWidth all 12500000

This should be placed between the <VirtualHost></VirtualHost> tags for your site. The default apache site configuration is in the file /etc/apache2/sites-enabled/000-default.conf.

Where to go from here[edit]