Setting Up an Ubuntu Linux Apache web server

Part VI) Setting up Your Apache Web Server on Ubuntu Linux
Ok, let's start hosting a web site.

First we will cover all the steps necessary to get your computer, and then the web server on your computer, visible to the Internet.

[Note: This guide is oriented toward users who have a LAN, and are setting up computers for the LAN. If you have only a single computer with a DSL or cable modem, you will have to modify the instructions accordingly. Even better, go buy a $35 wireless/wired router and plug it into your modem, and now you will have an instant LAN! Later you can expand your new LAN by adding more computers and network devices.]

The first step is to figure out whether your LAN is provided with a "dynamic" (changing) WAN IP address or a "static" (unchanging) WAN IP address by your Internet Service Provider (ISP).

When your router (or computer) is connected to the ISP through your DSL or cable (or satellite) modem, it is assigned only one IP address for use on the Internet, no matter how many computers or devices are on the LAN. Some ISPs, including many cable companies, just assign you the same, unique, "static" IP address every time. Some ISPs, such as telephone companies that provide DSL, assign you a different, "dynamic" IP address every time you connect. They also sometimes change the IP address after a certain amount of time, and sometimes just randomly. (We will learn why this happens when we discuss DHCP lease times later on).

If you don't know which system (static or dynamic) is used by your ISP to assign your Internet (WAN) IP address, then ask your ISP, look online to find the answer, or, better yet, become familiar with your router.

In the latter case, you must logon to your router to find the status page, and the WAN IP address will be listed there (assuming you are connected and the DSL or cable modem is plugged in and functioning).

You should read your router manual to find out how to do this. In brief, most routers have their own private IP address, such as 192.168.1.1, or 192.168.0.1, or 192.168.2.1, depending on the brand of router. (It should be listed in the manual.) You can access the router's settings/advanced settings by simply logging into http://192.168.1.1 (or whichever similar address is appropriate for your router) using your Firefox web browser. (Occasionally there will be a default password required -- consult your router's manual).

You ought to be able to then find the router status page, and find the Internet WAN IP address listed there. If you see a Disconnect and Connect option or button, try disconnecting then reconnecting and see if the WAN IP address changes. [Note: Your browser must have Javascript and Java enabled to make changes to the router through the status web page. If you don't remember how to do enable Java and Javascript in Firefox, go back to "Spiffing Up Your Desktop" and look in the Firefox section.] Do this several times. If your WAN IP address always stays the same, you have a static address. If it changes every time, you have a dynamic WAN IP address.

1) Obtain a DYNDNS account.
This section is only for those users who have a dynamic WAN IP address. This will be the majority of users. Static WAN IP users can skip to the next section. When the WAN IP address, the one that your network uses to connect to the Internet, changes frequently, it is difficult for someone's browser to know where to find your web server each time your server's URL (http://yourserver.something.net) is entered.

Now, DNS servers are computers on the Internet that keep track of every URL and the WAN IP address with which that particular URL is associated. But they only associate one URL with one unique IP address. If you had a static IP address, this service would be all you need, and you would register your URL with a DNS service for a small yearly fee. Everyone would always know how to find you. But if your IP address is always changing, you will need a different type of service. Fortunately, there are a number of DNS services that will associate a URL with a changing IP address. These services are called dynamic DNS services. DynDNS is the oldest and most stable service that does this, and it provides its basic services for free. (You can purchase upgrade services for a small yearly fee as well).

The dynamic DNS service (for example, DynDNS) keeps a database that correlates your IP address with your unique URL. (In the free service provided by DynDNS, your URL must end with .dyndns.org or one of their 67 other domain names). Your computer then runs a small program that constantly checks your WAN IP address and reports back any changes to the DynDNS database. (We will use the DynDNS service in the rest of the examples.)

In Ubuntu (and other Linux versions), this small updater program is called ddclient. It runs in the background, checking your WAN IP address every 5 minutes (or whatever frequency you set). If your WAN IP changes, it will send a brief message to the DynDNS database informing it of the change. Fortunately, Ubuntu has made automatic installation and configuration of the ddclient available through the Synaptic Package Manager.

Now, my web site has a URL of perspectiveoffice.dyndns.org, for example. Every time my WAN IP address changes, my computer's ddclient program sends a message to DynDNS. Anyone on the internet that then logs in to perspectiveoffice.dyndns.org will be redirected by the DynDNS service to whatever my current WAN IP address is.

DynDNS allows you to have up to 5 free URLs, all ending with their suffix *.dyndns.org. (or one of their 67 other suffices), redirected in this fashion. So, conceivably, you could have 5 different URLs, such as foobar1.dyndns.org, foobar2.dyndns.org, foobat3.dyndns.org, fooball4.dyndns.biz, toaster5.homelinux.org, all being directed to your single computer.

So, now, if you have a dynamic WAN IP address, go to http://www.dyndns.com/ and set up a free Dynamic DNS account.

There you will be asked for an accountname and a password. Please use a unique password that you do not use anywhere else. Please remember, this is an external database service that records your information, and the last thing you want is for them to record a password that you might use anywhere else on your system. Besides, in the ddclient version that Ubuntu currently uses, this password is stored in an unencrypted configuration file (this is changed in the new version of ddclient, but Ubuntu hasn't yet upgraded to the new version). Unencrypted passwords are potentially discoverable by a hacker.

Once you've got a DynDNS account, install the updater client, ddclient. (I used the version that Ubuntu provides because it worked correctly the very first time. When I tried the newest version of ddclient from the internet, I couldn't get it to work properly. Besides, Ubuntu eventually will update the package through the Synaptic Package Manager in an automatic update, anyway.)

Start System --> Administration --> Synaptic Package Manager.
Search for ddclient
Mark it for installation and Apply to install the package.

To enter your specific variables, open a command line terminal. Login as root user with sudo -s.

Edit the configuration file for ddclient:

gedit /etc/ddclient.conf

Edit the the file so it looks like this:

-------------------------------------------------
protocol=dyndns2
use=web, web=checkip.dyndns.org/, web-skip='IP Address' # found after IP Address
#
server=members.dyndns.org
login=vistafido # (Use the Account Login username you set up at DynDNS)
password='secretrufus' # (Use the Account Login user password you set up at DynDNS)
# (include the quotation marks)
foobar1.dyndns.org # (Use the URL you selected at DynDNS)
# foobar2.dyndns.org # (Use the second URL you selected, if any)
# foobat3.dyndns.org # (Use the third URL you selected, if any)
# fooball4.dyndns.biz # (Use the fourth URL you selected, if any)
# toaster5.homelinux.org # (Use the fifth URL you selected, if any)
-----------------------------------------------------

If you used any of the additional URLs, remember to remove the hashmark at the beginning of the line to uncomment it and make that line active.

Save the file and quit gedit.

Now restart ddclient by typing:

/etc/init.d/ddclient restart

(or allow it to restart on your next bootup). The default Ubuntu installation of ddclient configures it to run as a background daemon service every 5 minutes, and it is automatically started when the system boots. Stick with the default settings.

Now your URL foobar1.dyndns.org will always be forwarded to your computer by the DynDNS service. Well, at least to your router, anyways.

Now we have to tell the router how to get it to your computer.

2a) Learn about LAN conventions and the router
Skip down a little bit if you know all about LANs and routers, port forwarding, and so on. This is a very confusing topic for most people, so I will go into the basics in some detail for their benefit.

A LAN (local area network) is comprised of a group of computers that communicate through a router. Each brand of router uses a set of 254 "local" or LAN IP addresses to facilitate this communication. For example, Linksys routers may use LAN IP addresses between 192.168.1.1 and 192.168.1.254, SMC routers may use 192.168.2.1 to 192.168.2.254, and D-Link and Netgear use 192.168.0.1 to 192.168.0.254.

These IP addresses are not used on the internet at large and are reserved by convention to home router manufacturers for internal LAN use only. A server on the internet should never have a 192.168.0.x WAN IP address. Now, DHCP is an IP address-assigning service that is included with almost all routers these days. This service will, when queried by a connecting computer, assign (or "lease") one of these LAN IP addresses (from the set used by your particular brand of router) to that computer. For example, the DHCP service of a D-link router may assign 192.168.0.36 to one computer when it connects, and 192.168.0.77 to another. The newly-connected computer will then use that assigned IP address for a specific amount of time (the "lease time"). The "lease time" can be set to be from 30 minutes to forever in the "LAN settings" section of the router. (I usually set it to "forever.")

[Because I have only a few computers and plenty of free IP addresses available, each computer can keep its DHCP assigned IP number forever. If you were to have lots of computers or devices on your LAN (more than 253), you would absolutely need DHCP with a short lease time, so that inactive computers or devices would give up ("release") their LAN IP addresses at the end of the lease time and let another computer or device (that is waiting to use it) have it. This allows multiple computers and networked devices to use a limited number of IP addresses. The fewer devices and computers you have, the less jockeying for a free IP address there will be, so lease time becomes less important. Your ISP also uses its own DHCP service (hopefully one that allows more than 254 IP addresses) to allocate dynamic WAN IP addresses. Although they may seem to "change at random," they actually are changing whenever the dynamic IP lease time is up (or whenever your ISP has a power failure or other technical glitch). Home and business users rarely know what their ISP's lease times are, however, so it appears like it happens at random.]

Now, the problem is that if you reset the router, or power goes down, or the network restarts for any other reason, the DHCP service re-starts and assigns IP addresses all over again to every computer on your LAN network that uses DHCP. This happens no matter what the lease time is set at. So, for example, a computer that had been using 192.168.1.55 last week may now be assigned 192.168.1.63, even if it had a "forever" lease.

Anyone hunting for the computer that previously lived at 192.168.1.55 won't find it.

Fortunately, you can choose to have any computer on your network not use the DHCP service and merely keep the same "static" LAN IP address all the time. In Ubuntu this option is set in the
System --> Administration --> Networking --> Connections --> Ethernet connection --> Properties tab (see below).

A static LAN IP address would be important for a web server on your network, for example. Every data stream from the internet looking for your server must be delivered by the router to the same computer. Only if the computer has a consistent LAN IP address will this be possible. [No two computers on your LAN can have the same static IP address, of course.]

This is a problem for requests originating from the internet to your LAN, mainly. When a request is initiated to an internet server from a computer on your network, your router will keep track (with NAT) of any replies that are returned in reply and route them back to the same computer that originated the request. But if a user on the Internet initiates a request for data intended for your server, it will land up at your router, which has a single WAN IP address (the one assigned by your ISP to identify your LAN to the internet). How will the router, receiving the request, know to which networked computer on the LAN the request should then go?

Well, you can tell the router in its settings to send certain types of incoming requests to specific LAN IP addresses. Incoming request types are designated by their "port", or data channel. For example, (insecure) browser requests are usually sent over port 80 by convention. You can tell the router to send all browser requests over port 80 to a specific LAN IP address in the router's settings. FTP requests are usually sent over port 21, so port 21 requests can then be set to be directed to the same, or even a different, LAN IP address.

Note that only if your computer lives at the same LAN IP address all the time can data be reliably forwarded to it by the router. Now you see why it is important for a computer expecting forwarded data to have a static LAN IP address.

On your router's settings web page there is a section called "NAT: Virtual Server" or "NAT: Port Forwarding" or something very similar. These are the settings in which you specify the "private" LAN IP address to which each specific type of incoming data request should be directed.

For example, in my router, I go to the Nat:Virtual Server settings. I enter 192.168.1.55 in the "private IP address" box, which is my web server's static LAN IP address. I want all browser requests over public port 80 to be sent to the web server, where Apache is "listening" on private port 80. So I enter those values in the "Public Port" and "Private Port" values.

Now, I could set Apache to listen on any private port I want. This is useful for many types of private data channels. We will do that much later. For now let' stick to the conventional ports. Apache is set at initial installation to listen on port 80 by default.

Now, for our simple network with only one server, it is easiest if the router only needs to forward one certain type of incoming data to one computer. For our infant LAN, all browser requests are most easily directed to only one web server, and all FTP requests are most easily directed to only one FTP server. To enable more than one server, we will later have to set up our own internal LAN DNS service, using Apache. [That is an advanced topic.]

For our simple network with only one web server, though, we want to specify the one address to which all incoming browser requests (http) are to be directed. That will be the static LAN IP address of the computer on which your web server resides.

2b) Divide your LAN into static and dynamic IP addresses and assign one to your web server
There are 253 IP addresses available on your LAN. (There are actually 254 addresses, but the 1st address is the router's LAN IP address.) We should designate some of these LAN IP addresses to be "static", and allow the rest to be used as the pool of addresses that will be dynamically assigned by DHCP.

For example, on my network, the router uses 192.168.1.2 through 192.168.1.254 for all networked computers and devices. I have arbitrarily decided to use the IP addresses from 192.168.1.2 to 192.168.1.99 as the static IP addresses on my network. My printers, scanners, some surveillance cameras, and some computers that are always connected, for example, are given static IP addresses. I then allow the remaining pool of IP addresses (from 192.168.1.100 to 192.168.1.254) to be used as the DHCP-assigned dynamic IP addresses. My laptops, for example, are all given dynamic IP addresses whenever they connect to the LAN.

I inform the router of my chosen scheme by changing the "LAN settings" tab on my router's configuration web page. On this page the settings refer primarily to the DHCP service. I can set the "lease time" for DHCP assigned addresses to "forever" here, if I like. I can then designate 192.168.1.100 to 192.168.1.254 as the "IP Address Pool" that I want DHCP to use.

Any laptop computer, for example, that connects and then requests a dynamic LAN IP address from DHCP will be given one of the IP addresses in this pool. The remainder of the router's full 253 LAN IP address set not designated as being in this pool will be assumed by the router to be used for static LAN IP addresses.

2c) Specify which ports to forward
On your router's configuration web page, under the NAT settings tab, should be a section called "Virtual Server" or "Port Forwarding."

Clicking on it, I see a list of columns that includes "Private IP", "Private Port", "Type (UDP or TCP)", and "Public Port".

In the Private IP box on one line, I will enter the (static) LAN IP address of the computer on which the Apache server resides (i.e. 192.168.1.55 in the above example). In the private port, I enter 80. This will be the port on which Apache is listening (you can set it to anything, but it must agree with the Apache settings). In the public port, I enter 80. This is the port most external browsers send their http requests over.

So now the router knows to forward any Internet requests over port 80, addressed to your URL and forwarded by DynDNS to the WAN IP address of the LAN's router, to the computer which has the Apache web server on it. The server, which has been listening on port 80 all the time, can then process the request and send a reply in return. (The router sends the reply back to the internet location from which the request originated.)

Later you should do this for all the common ports over which you want to serve data (port 21 for an FTP server, port 443 for an https server).

3) Designate your computer to have a static IP address
Make sure the static IP address of the computer on which your web server resides matches the "Private IP address" you set in the router's Virtual Server / Port Forwarding settings. To instruct Ubuntu to use a static IP address for your server's computer:

System --> Administration --> Networking.
Under the Connections tab, highlight "Ethernet connection" and click on the "Properties" button.

----------------------------------------------
Make sure the connection is enabled.
Configuration: "Static IP"
IP Address: 192.168.1.55 (or the unique, static "private" LAN IP address you have chosen for your server's computer.)
Subnet mask: 255.255.255.0 (Check your router's manual. Some routers use 255.255.0.0)
Gateway address: 192.168.1.1 (the IP address your router itself uses on the LAN, usually ending in .1)
-----------------------------------------------

Enter the settings, close the box, and restart your computer.

4) Test that your server is reachable
From your Firefox browser, enter the public URL you established with DynDNS (foobar1.dyndns.org in the examples) in the address bar.

You should now see your apache default web page. It will have a picture of the Apche arrow and a message like "Not the web page you were expecting?" If you don't, or you receive an error message about it not being available, you will need to do some troubleshooting.

First, try to reinstall Ubuntu's ddclient by going back to Synaptic Package Manager. Search again for ddclient, and "Mark for re-installation."

Then retrace your steps above.

[Once I had to actually create the pid (process id file) file:

sudo -s
mkfile /var/run/ddclient.pid ].

If you see the Apache test web page, your server is on the web!

5) Create an example web page
OpenOfficeWriter has a little wizard that will create a simple web page for you, complete with sylesheets and formatting. You can instantly set up a small web page using it.

By default, Apache looks for your web pages in /var/www

It will look for index.html by default. The file by that name that is there now is the Apache test page.

You should save your test web pages here, until you learn how to make Apache look in other folders for them.

In the next section we will learn how to set up multiple web sites on the same server, using Apache virtual hosts.

| Home page | Introduction | Chapter I: Installing Windows on a dual-boot computer | Chapter II: Installing Ubuntu Linux Server on a dual-boot computer | Chapter III: Adding the Ubuntu Desktop on a dual-boot computer | Chapter IV: Spiffing up Ubuntu Linux | Chapter V: Ubuntu/Windows shared networks | Chapter VI: Setting up a Web Site on Ubuntu | Chapter VII: Ubuntu/Apache Virtual Hosts (Multiple web sites, single server) | Chapter VIII: Installing Drupal Content Managment System | Chapter IX: Installing Vista Office EHR | Chapter X: Installing an Office Surveillance Security System with Ubuntu | Chapter XI: Installing an open source Groupware Server | Chapter XII: Installing a non-linear video editor for presentations |

Hosted by www.Geocities.ws