Freeside Linux 201 - Web Server By Starbeamrainbowlabs and Setup @closebracket Linux 201: Web Server Setup Introduction Hello, and welcome to Linux 201! This Lab sheet will guide you through setting up a Linux-based web server, and look at a number of other useful aspects of server management and administration along the way. If you follow this lab sheet to the end, you should: • Understand the process of setting up a web server • Understand why security is important when setting a web server. • Have setup a basic web server to serve static files If you have any questions, please ask! There should be a number of Freeside Admins experienced with server administration to help you out should you get stuck. It is worth mentioning before we begin though that this lab sheet will not be showing you how to do the following: • Set up HTTPS - This requires that you have a domain name. Despite this, links to some useful tutorials showing you how to do these things will be provided at the end of this lab sheet. In addition, you can always ask on the Freeside Discord or Forums, and we'll be happy to help you out: • Discord 1 • Forums 2 - Login with your Freeside account (or get one here 3!) Finally, before we get started, a word on the rationale behind the software we're going to be using in this tutorial. Firstly, Ubuntu Server is the server version of the highly popular Ubuntu Linux distribution - which has heaps of support out there should you run into difficulties in the future after this lab. It's well tested, and great for beginners. Secondly, we're going to be using Nginx as our web server here. Although most people may be heard of or perhaps even used Apache before, Nginx is the web server of choice here for several reasons: • It's much higher performance than Apache • It's event-based, not thread-based like Apache - which means it can handle more requests faster with a lower overhead • It's more powerful than Apache - especially when you start getting into the more advanced use-cases. • It's rapidly becoming (if not already) an industry standard Page 1 of 18 Freeside Linux 201 - Web Server By Starbeamrainbowlabs and Setup @closebracket In short, skills in Nginx will likely be much more useful in the future - especially when dealing with reverse-proxying to application servers, which will be a topic covered in Linux 301. Getting Started This workshop will make use of a virtual machine running on the Department on Computer Science's cluster. 1 virtual machine has been allocated per student attending the workshop. To access it, click on the following link: http://www2.dcs.hull.ac.uk/people/cssaph/FreesideLinux201/ Note that if you have turned up to the lab without having first filled out the registration form, you won't have access to a virtual machine. This is easily fixed however - simply talk to a Freeside Admin and they will get one allocated for you. Once you've got access to your virtual machine, you can begin setting it up by following the instructions below. As it's a server, it won't have a graphical user interface. Instead, you'll be configuring it through the command line, or terminal as it's known in the Linux world. The Linux terminal (in this case) is Bash, and is very similar to the Windows command prompt, if you have any experience with that. There are a few command differences, but if you have experience with 1 then the other should feel at least somewhat familiar. If you don't have command-line experience yet, don't worry! It's all part of the learning process. In short, on a command-line (or terminal), you enter text-based commands to tell the computer what you want it to do. Much like any other programming language, there are patterns and syntax rules - so try to look out for those. For example, things are always space-separated, and the first word is always the name of the command to execute: nano myfile.txt The above command launches the nano text editor and tells it to open myfile.txt. If you forget the space, like this: nanomyfile.txt ...then the server is probably going to get rather upset and throw an error: nanomyfile.txt: command not found Thankfully, the error message in this instance is fairly straight-forward and tells us what went wrong. In other cases the problem might not be so obvious, so don't forget that you can ask any of the Freeside Admins for assistance. A good reference for Linux commands can be found here: https:// files.fosswire.com/2007/08/fwunixref.pdf. Page 2 of 18 Freeside Linux 201 - Web Server By Starbeamrainbowlabs and Setup @closebracket Setting the hostname The first thing we should do to our server is to give it a unique hostname. On Ubuntu Server 18.04, this is fairly easy to do: sudo hostnamectl set-hostname INSERT_HOSTNAME_HERE For this workshop, we'll use a standard naming convention. Please set your hostname to be the following: linux201-server-XX ....where XX is the number of your server from the list linked to above. Notice the sudo in the command above. It's short for super-user do, and tells Linux that you want to run a command as an administrator. You'll have to type your password for this, which is a key security mechanism that's built-in to Linux. If you've been to Linux 101, it was explained in more detail there. For the curious, the Linux 101 slide deck can be found here: https://starbeamrainbowlabs.com/labs/Linux101/ You might need to quickly restart your shell for this to take effect: exec bash You should now see that the prompt has changed to reflect the new hostname. If not, try rebooting: sudo reboot Basic Security root is the administrative account of Linux systems. Owing to the extremely broad permissions granted to root accounts, one of the core tenants of Linux security is ensuring each user has their own account. This is because root can be used, even accidentally to damage or destroy the system because of its extensive permissions. Having separate accounts, such as "yourusername" also increases accountability and decreases the likelihood of system damage. Normally, this is handled by your operating system installer, so you shouldn't need to create a new account manually here. If you'd like to rename the default user account here, this is how you'd do it. This section is optional. If you'd prefer, you can skip this section and move on to the next section, setting your password. To create a new non-root account, do the following: sudo adduser "yourusername" Page 3 of 18 Freeside Linux 201 - Web Server By Starbeamrainbowlabs and Setup @closebracket We should create the new user as root, so don't forget to prefix it with sudo (though if you're already logged in as root, there's no need for sudo. You can tell if you're logged in as root by the last character in the prompt: if it's a dollar $ then you're a regular user and need to use sudo, if it's a hash # then you're the root user). Execute the command as above, replacing "yourusername" with a desired username. During the setup, you may be asked for a password along with other information. You may customise this information as you wish. Now that the user has been created, we should ensure that that user can execute commands with escalated permissions - i.e. as the root account. These are called sudo permissions. These can be assigned to your new account like this: sudo usermod -aG sudo yourusername Execute the command as above, replacing "yourusername" with the user you created in the previous step. This adds your new user account to the sudo group of users on the system, which is a group of users permitted to use the sudo command to run commands as other users - including root. At this point, you should be able to logout and log back in as the new user account you've just created - you should do this now. If you're creating a new account to replace the default non-root user account, it's a good idea at this point to delete the old default user account now. This helps keep your VM secure, as fewer user accounts (note: system accounts are a different topic) mean fewer potential entry points for attackers. Don't forget also that you should always know why you're typing your password. This is a key security mechanism in Linux: anything that needs administrative privileges should be done through sudo, and sudo requires your password. If it didn't require your password, then anything running under a user account that has sudo privileges would be able to run a command as root at any time, which is obviously a bad thing. Setting your password If you didn't change the default user account that's come with your VM (or even if you did), you should probably change your account password. Leaving your account password as the default is the best way to invite an attacker in to hack your server. Thankfully, this is really easy to do. Simply enter the following command: passwd Page 4 of 18 Freeside Linux 201 - Web Server By Starbeamrainbowlabs and Setup @closebracket It will ask you for your current password, and ten for a new password twice.