Cheap server

wrldwzrd89

macrumors G5
Original poster
Jun 6, 2003
12,106
75
Solon, OH
I have an iMac G5 that I wish to convert to an internet-facing web server. I have some questions, though, about the conversion process:
  1. Which version of Apache should I use? 1.3 (the one included with Mac OS X), 2.0, or 2.2? I intend to use PHP and MySQL on this server, and I don't know if PHP works with Apache 2.2 yet.
  2. Which extensions for PHP should I enable? I don't need CGI scripting, but I'm not sure whether or not trying to get GD working is worth it.
  3. What steps should I take to make the server secure? Are there any other Apache modules or other software I should install?
  4. Is there anything special I need to do, once the server is ready, to make it Internet-accessible, besides making sure everything on my end (router port forwarding, static IP addresses, etc.) is set up correctly, and giving it some sort of DNS entry so people can access it? I am aware of issues related to my ISP and such servers, and I know the solution to this - upgrade to business-class service.
 

tutubibi

macrumors 6502a
Sep 18, 2003
538
0
localhost
I have an iMac G5 that I wish to convert to an internet-facing web server. I have some questions, though, about the conversion process:
  1. Which version of Apache should I use? 1.3 (the one included with Mac OS X), 2.0, or 2.2? I intend to use PHP and MySQL on this server, and I don't know if PHP works with Apache 2.2 yet.
  2. Which extensions for PHP should I enable? I don't need CGI scripting, but I'm not sure whether or not trying to get GD working is worth it.
  3. What steps should I take to make the server secure? Are there any other Apache modules or other software I should install?
  4. Is there anything special I need to do, once the server is ready, to make it Internet-accessible, besides making sure everything on my end (router port forwarding, static IP addresses, etc.) is set up correctly, and giving it some sort of DNS entry so people can access it? I am aware of issues related to my ISP and such servers, and I know the solution to this - upgrade to business-class service.
1. Later versions support more features in terms of site management, performance and so on. But if all you need is PHP/MySQL you may as well stick with the one delivered with OS X.
2. CGI is not an extension of the PHP :) If you are not using CGI it's something you disable on the Apache.
Anyway, answer to extensions question is that it depends on the web sites you deploy on your server. I would just keep default delivered with entropy PHP packages (assuming that's the way you plan to add PHP support to your Apache).
3. Answer to this question could take days and still not be good enough. You need to think about protecting your server againt DOS attack, scanning, take-over and so on. I will just mention to make sure you patch Apache/PHP/MySQL regulary and look at the logs. Blacklist any address that produces suspicions activity
4. As you said, you will need to have some domain and use some kind of dynamic DNS service to map it your IP address.
 

wrldwzrd89

macrumors G5
Original poster
Jun 6, 2003
12,106
75
Solon, OH
1. Later versions support more features in terms of site management, performance and so on. But if all you need is PHP/MySQL you may as well stick with the one delivered with OS X.
2. CGI is not an extension of the PHP :) If you are not using CGI it's something you disable on the Apache.
Anyway, answer to extensions question is that it depends on the web sites you deploy on your server. I would just keep default delivered with entropy PHP packages (assuming that's the way you plan to add PHP support to your Apache).
3. Answer to this question could take days and still not be good enough. You need to think about protecting your server againt DOS attack, scanning, take-over and so on. I will just mention to make sure you patch Apache/PHP/MySQL regulary and look at the logs. Blacklist any address that produces suspicions activity
4. As you said, you will need to have some domain and use some kind of dynamic DNS service to map it your IP address.
Actually, I'm going to use the installer provided on the MySQL page to get MySQL installed, and instead of using the Entropy packages, custom compile the PHP and Apache installations. That way, I have more flexibility, and can install the latest updates to Apache, PHP, and MySQL without having to wait for the package provider to update their package.
 

miniConvert

macrumors 68040
Only forward the ports you need, ie port 80, to your server if possible. The 'exposed' machine may well be subjected to frequent port scans that will look for other services available for exploitation. The less unnecessary traffic that passes through the 'hardware' firewall, the router in this case I'd imagine, the better.

Sounds like you're going to have fun, enjoy it! :)
 

wrldwzrd89

macrumors G5
Original poster
Jun 6, 2003
12,106
75
Solon, OH
Only forward the ports you need, ie port 80, to your server if possible. The 'exposed' machine may well be subjected to frequent port scans that will look for other services available for exploitation. The less unnecessary traffic that passes through the 'hardware' firewall, the router in this case I'd imagine, the better.

Sounds like you're going to have fun, enjoy it! :)
Thanks - good advice. Port 80 is the only one that needs to be forwarded anyway, and that's exactly what I intend to do.
 

tutubibi

macrumors 6502a
Sep 18, 2003
538
0
localhost
Actually, I'm going to use the installer provided on the MySQL page to get MySQL installed, and instead of using the Entropy packages, custom compile the PHP and Apache installations. That way, I have more flexibility, and can install the latest updates to Apache, PHP, and MySQL without having to wait for the package provider to update their package.
In that case, Apache 2.2 is the way to go. It is very stable and feature rich. Not that other versions have any issues but still ...
Also, go with PHP 5.x build, as 4.x support will be phased out in the near future.

You may find this link useful for building Apache 2.2 and PHP5: http://www.phpmac.com/articles.php?view=244
 

wrldwzrd89

macrumors G5
Original poster
Jun 6, 2003
12,106
75
Solon, OH
Use MAMP (Google it). Makes everything nice and easy :)
I would but MAMP does not meet my needs very well. There are four main problems with MAMP and my intended usage:
  • The versions of PHP and MySQL in particular are NOT the latest
  • The configuration of MAMP is difficult to secure
  • There is no way that I know of to make MAMP and the Mac OS X firewall get along, so that people outside my subnet can use the server
  • MAMP is meant for development use, not production use - my usage definitely qualifies as production