Dedicated Server School

According to spamhelp.org, an open relay is “a mail server that does not verify that it is authorised to send mail from the email address that a user is trying to send from. Therefore, users would be able to send email originating from any third-party email address they want.”

Using an open relay, someone could use your domain name to send emails from falsified accounts. It is a method of sending spam while ensuring they are neither identified nor blocked from sending future spam messages. Sophisticated spammers may even have software that hunts for open relays and creates false email accounts to match those of the victimized server.

By using the tools at spamhelp.org, you can determine if you actually have an open relay. If you do, you can secure a mail server, such as Postfix by setting proper authentication protocols. In Postfix, edit the configuration file, which is usually found at /etc/mail/main.cf, and edit the following lines to apear as follows:

smtpd_helo_required = yes
smtpd_delay_reject = no
disable_vrfy_command = yes

smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname

These settings will force incoming requests to pause and identify themselves before accessing the SMTP server. Authenticated users will be allowed to pass through and send mail. To complete the configuration changes, restart Postfix:

/etc/init.d/postfix restart

Open relays should be disabled in Postfix by default. If it is not on your server, you should either check with the company or operating system that configured it, or investigate your server for possible intrusions.

As a dedicated server administrator, one of the most important services you can offer to your clients, customers, and users is support. Whether the support is for web hosting, server management, or even one-time services, you need to offer a solution that is convenient and easy to use.

In a previous post, we looked at the wide range of support options you can provide. One of those options, support tickets, requires additional software. Fortunately, there are many free and open source help desk solutions available on the web. What follows is a list of a few of the open source help desk web-based software solutions available for free download.

eTicketSupport

This PHP-based electronic support ticket system offers the ability to receive tickets via email or a web form. It supports ticket assignment and priority levels.

RT: Request Tracker

Request tracker is a system that can be used for many types of tasks, from mundane to complex. Written in Perl, it supports prioritizing, identification, assignment, and notification.

Help Desk Software

Despite the rather vanilla name, Help Desk Software offers many of the features that you would expect from larger software systems. Development appears to have slowed or possibly stopped, so you might want to consider other options, unless you can pickup the source code and develop it yourself.

OTRS

A robust web-based ticket system that supports telephone call management, support, sales, billing, and many others. The software has support levels, priority, assignments, and messaging.

All of these software solutions are available for free, and there are many others you can find, some of which are even available in the form of extensions for popular content management systems.

A gaming server is a dedicated server that has been exclusively configured to run multiplayer gaming software. The software usually allows players of a particular computer game to play with each other online. Depending on the popularity of the game, a dedicated gaming server can be very active and, as a result, costly.

If you have decided to start a gaming server, one of the first things you will need to do is find out exactly what you need. System requirements can vary dramatically. For example, some games have support for Linux servers, even if the games themselves do not run on Linux. You will also need to consider the type of hardware a game server will need. A typical gaming desktop may have a powerful graphics processor and large monitor, but a server needs no monitor at all and will need more RAM, CPU, and disk space than graphics processing.

If you plan on leasing a dedicated server from a hosting company, you should find out what their policies are and if they will even allow you to run a gaming server. Some hosts may have packages for pre-configured gaming servers, helping your games to run more efficiently.

Since your server will be dedicated to gaming, you can safely disable certain services that may take up valuable RAM and CPU cycles. The mail server, for example, does not need to run, and if your game does not require any type of database, you can also disable the database server.

Finally, make sure you have the time and resources to maintain the server. Like any server, it will have security issues and problems that need troubleshooting. Just because the server is for recreation does not mean that maintaining it will be any less work.

More than likely, your dedicated server is not only for personal use. Most dedicated servers are used for some type of business or non-profit websites. Whether it is a dedicated gaming server or a growing web hosting business, your clients or customers will invariably need technical support. Here are eight ways you can offer that support without having to take calls all day.

1. Support Tickets – There are many free and paid software solutions that allow you to easily setup a support ticket system for your clients. This has two benefits: 1) You can reply to customers at your convenience, and 2) the support ticket system will keep track of previous incidents. Some will even build a knowledge base from them.

2. Email – Email works well for quick inquiries. If you are going to use email, however, do not use your personal email address or even your personal inbox (i.e. forwarding). Support emails need to be separate so that nothing skips by you and you have sound records of all correspondence.

3. Knowledge Base / FAQ – If you get enough questions, you will start to receive repeats. By providing frequently asked questions on your website, you can often save customers and yourself valuable time.

4. Wiki – A Wiki is a great way to get customer participation while also maintaining a revision history of all documentation. They are easy to setup and use.

5. Forums – Discussion forums, like wikis, are designed with participation in mind, but you can also use them for important announcements, sticky posts containing crucial information, and bug reports.

6. Live Chat – You cannot replace the benefits of live telephone dialog, but you can come very close with live chat. In some ways, live chat will be better because customers feel less trapped if you have to put them on hold, and you can save conversations.

7. Social Media – This will not guarantee you to reach all of your clients, as some will never use Twitter, Facebook, or other social media, but for those who do, this may be their preference.

8. Telephone – Some questions just require a little more direct discussion or emergency support. The phone is best for these. Furthermore, some customers will insist upon it. You can get an inexpensive 800 number and use it only for emergencies.

One of the benefits of Apache HTTP Server is that you can run multiple instances of it as virtual hosts (as in shared hosting scenarios). In some cases, you may want a public instance of Apache for an IP address/domain and then another private instance running on a separate port. On a dedicated server or virtual private server (VPS) running Apache, you can do very easily accomplish this.

Rather than installing a second version of Apache, all you have to do is set a virtual host instance of the currently running Apache to use a different port. To do this, edit the Apache configuration file found in /etc. On CentOS and many other Linux distributions, you can find it at /etc/httpd/conf/httpd.conf.

Somewhere in that file, you will see the current host setup, which tells Apache which port to listen on:

Listen 80

If, for example, you wanted to create a second instance running on port 8080, you would set it up like this:

NameVirtualhost 192.168.0.1:80
NameVirtualhost 192.168.0.1:8080

Each host will additionally have its own configuration settings:

Many web-based control panels allow you to easily create virtual hosts, and some, like Virtualmin, make it easy to add a virtual host on a different port. Consult your control panel’s documentation for help creating virtual hosts.

It is easy to assume that a dedicated server host will provide you with the latest hardware, but the only real way to make sure of this is to evaluate the hardware specs they provide. Many new server administrators pay close attention to operating systems, control panels, and software, but neglect one of the most important components of a good server: the CPU.

While some server web hosting companies offer the latest server processors on the market, this is not a guarantee. For example, I have seen some companies offer lower-cost servers with Celeron processors. These servers are less expensive for a reason. The Celeron processor is designed to be a desktop CPU and is not even suitable for higher-end desktops, let alone servers. Although the CPU may have the same clock speed as a comparable Core Duo processor, it generally has less on-chip cache and will not perform at the same level.

There are, on the other hand, processors that are catered to servers, such as the Intel Xeon family and the AMD Opteron. Both are 64-bit high-performance chips that run well in servers. If there is some extra cost involved, it is most likely worth it, especially if you want your server to be scalable.

Another aspect your CPU decision to consider is whether to get a single core, dual core, quad core, or higher. Multiple core processors are able to multitask better. That means more things can happen at once. On a web server, which may run several instances of identical processes, this is ideal. Depending on your anticipated load and scalability needs, the more cores, the better. There is evidence that have two dual core processors is better and faster than having a single quad core, and there is also evidence to the contrary. Results may vary, and you should check the research before reaching a decision.

When running a dedicated server, it is important to monitor log files. They will give a wide range of important information about the current state of your server. Aside from the content in the log file, you can also learn something from the size of the file. If your web server log, for example, is usually about 1MB in size and then suddenly balloons to 24MB over the course of 48 hours, you should probably investigate.

If data is coming in that fast, you can probably scope out the problem in real time. Try using “tail” to see if any suspicious activity appears.

tail -f /var/log/httpd/error.log

When you are finished viewing the log activity, press CTRL-C to exit. You can repeat the same command for any log, such as “messages” or “maillog”.

Chances are, if your log file is expanding by the gigabyte, which does happen, you should see the error and be able to troubleshoot it. There is a chance that your server might be under attack, so look for suspicious users, IP addresses, and other pertinent information. On a mail server, for example, multiple repeated requests from the same user could mean your server is being spammed. Also, if you see multiple failed login attempts from random user/password combinations, someone could be trying to hack into the server.

Once you have found and eliminated the problem, you may want to get rid of the enormous log file. You can safely clear the log file with the following command:

> /var/log/httpd/error.log

The file will empty, and logging should continue as normal. Be sure to continue monitoring for a while, just to make sure the problem has actually been resolved.

Manchester, United Kingdom – Customer focused UK dedicated server and website hosting provider 34SP.com has created a new resource for those investigating web hosting and related topics. The new website resource section is entitled the ‘Web Hosting Library’ and will feature articles and tutorials designed to be of help to both academics and consumers alike.

Current selections within the web hosting library include:

Guide To Creating A Website With HTML – HTML is the acronym for ‘hypertext markup language’ and is the core coding present behind most web pages. This detailed guide helps readers learn the ”tags” or ”code” of html, which makes it possible to publish all sorts of information globally via the World Wide Web. HTML is not difficult to master once the fundamentals of the language are understood, and this guide covers all of the basics involved in becoming an HTML expert.

Cascading Style Sheets For Websites – Cascading Style Sheets or CSS is a language which determines the look and formatting of a document written with HTML or DHTML (dynamic HTML). This guide explains the three primary aspects of CSS: placement, styles, and the ability to cascade. Any designer interested in CSS can benefit from this detailed description of CSS along with links to numerous CSS resources.

Women In The World Of Computing – Women have been contributing to the world of computing before there were even electronic computer, and this article covers the key names of those women most influential in computers. With links out to resources to explore in the field of computer science, and also a list of computer clubs for women today this guide is ideal for those wanting to learn more about the role of women in computing.

Co-founder of 34SP.com, Mr. Daniel Foster, explained the purpose behind the new resource, ”Our web hosting clients often look to 34SP.com and our engineering staff as leaders in the field of hosting, servers, html and connectivity. We felt that by writing down tutorials and guides that we can help distribute this expert knowledge to those needing the information. In this way we are doing a service to both our current and future clients. Our goal is to have the highest levels of customer service and support, and our new web hosting library is another example of our proactive response to customer needs.”

For further information on dedicated server products from 34SP.com see: http://www.34sp.com/dedicated-servers.

To learn more about the web hosting library please visit: http://www.34sp.com/hosting-library.

About 34SP.com
34SP.com offers dedicated servers and professional website hosting services for cost conscious web developers, designers and small businesses. The 34SP.com team of technical experts offers industry leading support and service coupled with a money back guarantee to ensure client satisfaction. Website hosting services offered include: dedicated hosting, hosting for resellers and domain name registration. The company is headquartered in central Manchester, England.

By default, most dedicated servers use port 21 as their FTP (File Transfer Protocol) port. Most FTP clients also recognize this port out of the box, without any configuration necessary. For the majority of your server needs, you will want to leave the default port as is.

In a few unique situations, however, you might need to change the FTP port on your dedicated server or virtual private server (VPS). For example, if you only use FTP internally (i.e. do not have shared hosting clients) you can add a little extra security by making your FTP port something less conspicuous.

On a Linux or Unix server, you can easily change the FTP server port in both ProFTPD and Vsftpd.

To change the ProFTPD port, find the configuration file (/etc/proftpd.conf and edit the following line:

Port 21

Change “Port 21″ to whatever port you want. Just make sure that nothing else is using the port you choose.

For Vsftpd, you need to edit the file found at /etc/vsftpd/vsftpd.conf and find the line:

listen_port=21

Change the port number to the port number of your choice, as long as it is not in use.

After editing the configuration file of your FTP server, you will need to restart the service.

For ProFTPD:
/etc/init.d/proftpd restart

For Vsftpd:
/etc/init.d/vsftpd restart

Whenever you start or stop using a port on your server, you must apply those changes to your firewall as well. If you will no longer be using port 21, close it in your firewall, and to use a new port, you should open it in your firewall to allow access. Please also be aware that most FTP clients will expect port 21, so you will need to manually change the port in your FTP client to work with the server.

In the IT world, is often common to think in terms of intellectual property, particularly when dealing with business. It is regular practice for IT companies to create custom software for businesses and then sell full or partial usage rights of the software for the business’ use. What many businesses unfortunately can attest to is that having such software is great until something goes wrong.

If something happens to the IT company, consultant, or even employee that was responsible for creating the code for the software, preventing the business from using their services, they are stuck with the software and may not be able to maintain it.

This is especially a problem if the IT company kept the source code, and many businesses find themselves tangled in legal disputes trying to get source code of software they exclusively use. The problem is compounded with web applications, which need to be changed much more frequently than local software.

With free and open source software, the user is free to view the source code, modify it, and even redistribute it under the terms of its free software license. It essentially extends the legality of copyright. While the default status of copyright is “all rights reserved”, free and open source software allows for “some rights reserved”. For example, the GPL allows modification and redistribution of source code, but only on the condition that the code is shared under the same license.

Many times, the software that a business needs already exists in one form or another, and by using and possibly modifying open source code, they can avoid vendor lock-in, keep whatever changes they make, and still get security and other updates from the upstream project. This allows them more flexibility and freedom, while also contributing to technological progress.

For this reason, and others, free and open source software has become very popular on dedicated servers, even for major corporations like Google, Facebook, and Twitter. Although the benefit of lower costs cannot be overlooked, it is the freedom to customize their own software as they please and also get contributions from the community, that ultimately makes free and open source software so beneficial.

One of the benefits of using Linux on a dedicated server is the ability to manage all software from a central, trusted software repository. Whenever new updates are published in the repository, you can usually update all of the installed software on your server with a single command.

For most situations, your software repository will be enough. In rare cases, you may need to add third-party repositories for hard-to-find software. In the most extreme circumstances, it may be necessary to compile software from source.

Software that is not very popular or is relatively new may not be available in your Linux distribution’s repository. They cannot include everything, so even very useful software that is simply not widely used may not make the cut. When that happens, you may be able to get binary files from the software’s creator, but in all likelihood, you will have to build the software from source code.

The build process itself is usually pretty easy. It may only involve three commands:
./configure
make
make install

The only time you will need to be concerned is when one of the commands produces an error. When that happens, you may be missing necessary dependencies. While your package manager will automatically install dependencies, compiling software from source means you have to find them yourself.

First, check that you have the development versions of the software you need installed (usually with the extension -dev or -devel). Next, make sure you have all of the required building software (i.e. gcc, automake, and so on). Finally, retry until it works. You may have to find additional software in your repository or even compile software depdencies before you can actually install the program you want.

SSH is secure, fast, easy to use, and makes remote server management easy. It comes with most Unix-like operating systems and Linux distributions, but no version of Windows has ever included it.

Fortunately, there are several SSH solutions for Windows, and many of them are free. With SSH installed, you can enjoy much of the same remote command-line management of your dedicated server that you would expect from Linux.

OpenSSH is the most popular Unix and Linux SSH server and client, but there is no native Windows version. Installing it requires Cygwin and is not an easy process. If, however, you cannot live without it, you can follow the instructions in this article to install it.

Another option for SSH server installation for Windows is Free SSHd, which can turn a Windows Server 2008 machine into an SSH server with little configuration and no additional software. The software is free to download and comes with a simple installer, similar to other typical Windows desktop programs. It also supports file transfer with a built-in SFTP server.

You can download Free SSHd from the project’s website.  Once installed, you can connect to your remote Windows server using any computer, regardless of its operating system (Windows, Mac OS X, or Linux). This gives you all of the flexibility you would expect from a server running OpenSSH.

SSH (Secure Shell) is a powerful tool for dedicated server management. With it, you can remotely log into your server and manage nearly every application, service, and website. On Unix and Linux operating systems, SSH usually comes installed by default, with one SSH-enabled user.

Under normal circumstances it is safer to only have that one user, so that you are the only one who can login to the server remotely. The services you may offer, however, may necessitate enabling other users to have SSH access. In such a situation, it is important to periodically monitor SSH activity.

For live monitoring, you can use shell commands like “who” to see who is currently logged in at any given time. If you have enabled access for other users, it should not be alarming to see them logged in, but if something is going wrong with the server while one of those users is logged in, you might be able to trace the problem to that account. In all likelihood, such an account has bee compromised.

Another way to monitor remote logins is to view system logs. Depending on your Linux distribution, SSH log information may be stored in /var/log/syslog or /var/log/messages. In either case, look for repeatedly failed login attempts and any other anomalies.

By actively monitoring remote logins, you can save yourself the unfortunate circumstance of having to take back control of your server from an attacker. This will benefit you and your losers by helping to keep your dedicated server safe.

On Linux-based operating system, the kernel (simply called Linux) is largely separate from the rest of the operating system. While drivers and hardware functionality are controlled by the kernel, applications and services are all separate. That means that you can safely upgrade portions your system and keep the same kernel.

On a dedicated server, you generally want to keep the same kernel whenever possible, even if you upgrade applications. This ensures stability and uninterrupted service to your customers and users. However, when your Linux distribution releases a security update that includes kernel patches, you need to upgrade as soon as possible.

On most Linux distributions, the new kernel version will be installed alongside the old one. This way, if anything should go wrong, you can still go back and boot into the old kernel. When upgrading, you will want to make sure you are installing the correct kernel (i.e. i386, x86_64, PAE, etc.). Match your current kernel’s type with the upgrade. Most package management systems will perform the matching automatically.

Once you have updated a kernel, you will need to reboot the entire system. For that reason, it is best to upgrade during low traffic hours, but even if you upgrade in the middle of the day, you can hold off rebooting until later, without any adverse effects on your currently running software.

Finally, it is important to keep in mind that, if you have any custom-compiled kernel modules, such as those required for virtualization, you will need to recompile those modules after the upgrade. Some applications, especially those that automatically compiled the modules as part of the package install process, will automatically regenerate the modules to work with the new kernel.

FTP (File Transfer Protocol) is a very important tool when it comes to managing websites, and there are plenty of circumstances when you will need to upload files to your server using FTP or SFTP (SSH File Transfer Protocol). In no particular order, here are 5 free FTP clients:

1. FileZilla – A free and open source, cross-platform client, FileZilla is free to download and works on Windows, Mac OS X, Linux, BSD, and others. It has support for FTP, SFTP, and FTPS. It has a drag and drop interface, bookmarking, and much more.

2. Cyberduck – If you are die-hard Apple user, you may prefer an FTP client with a little more Mac OS X specificity. Cyberduck delivers and does so with Mac-style. In addition to supporting FTP and SFTP, it also supports WebDAV, Cloud Files, Google Docs, and Amazon S3. Furthermore, it is free and open source.

3. WinSCP – Designed specifically for Windows, WinSCP supports FTP, SFTP, SCP, support for file manager integration, drag and drop, and much more. Best of all, WinSCP is free and open source.

4. FireFTP – In the age of the “cloud”, when many people are using their browsers for most of their work, a browser-based FTP client just makes sense. FireFTP runs completely inside of Mozilla Firefox. It works on all operating systems that run Firefox and has support for SFTP, FXP, drag and drop, and more. It too is free and open source.

5. Many operating system file managers also have built-in support for FTP. While some are quite simple (like Mac OS X Finder), others can be very robust (like KDE’s Konqueror in Linux). Furthermore, if you are in a particularly hard-core geek mode, you can use the command line to run FTP on all operating systems.

Most websites these days rely on content management systems, blogging software, and other types of web applications and scripts to update, manage, and configure them. Rather than static HTML pages stored in the user’s home directory, most content is now stored in databases.

As a dedicated server administrator, it is imperative that you have backups of all user files, especially if you are offer hosting services. To truly backup all content, you must have a method of backing up databases. MySQL has simple command line options that allow you to dump databases into single sql files or archives, but it does not have an automated backup feature.

It is undoubtedly this MySQL limitation that the creators of AutoMySQLBackup had in mind when they wrote their script that can backup databases on a daily, weekly, or monthly schedule. When I had my own dedicated server, I used the script to backup several databases regularly.

The auto backup script is a single file with the configuration settings in the top half. Just open up the script in a text editor and follow the directions. If you do not have a lot of configuration requirements, you can get by with just editing the first few settings. The easiest way to use it is to copy the script into the /etc/cron.daily folder so that it will execute each night, although it will still run backups according to your configurations.

By default, the script will email you backup results so that you can be sure they were completed correctly. The backups will be saved to a directory on the server of your choosing. Make sure the path is included in your normal incremental backup of system files. When that backup occurs, your MySQL databases will be safely backed up right along with all of your other files.

AutoMySQLBackup is free and open source software, available for download from Sourceforge.net.

For occasional downloads, it is usually sufficient to manually download the files you need to your computer and then upload them to your server via FTP, SFTP, or SCP. However, when you need to move large files or multiple files, these methods become cumbersome.

Using a Linux command line tool, such as wget, you can download files directly to your server, bypassing your local machine completely. This saves bandwidth, time, and ultimately, money.

In its most basic form, the wget command string only involves two components: the command itself and the URL. For example, if you wanted to download a single video file, the command string would look like this:

wget http://www.domain-name.tld/videos/january/scene1.mp4

By default, wget will seek out the URL and download the file to the user’s current directory. The output will look like this:

–2010-08-12 11:52:10– http://www.domain-name.tld/videos/january/scene1.mp4
Resolving www.domain-name.tld… 75.53.55.55
Connecting to www.domain-name.tld 75.53.55.55|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 115025 (112K) [application/mp4]
Saving to: ‘scene1.mp4′

100%[=======================================>] 115,025 134K/s in 0.8s

2010-08-12 11:52:11 (134 KB/s) – `scene1.mp4′ saved [115025/115025]

It will actively show you the download progress in the form of a percentage and with the arrow moving in between the brackets.

Simple single-file downloads are only the beginning. You can use wget to download multiple files and even crawl through directories recursively. For example, the “-r” flag turns on recursive retrieving, and the “-o” flag, followed by a file name, creates a log file. Therefore, to download the file and all files in the directories, while saving download activity to a log file, enter the following command:

wget -r -o logfile http://www.domain-name.tld/videos/january/

Wget can also perform more advanced pre-download functions, such as loading cookies, which may be required by some websites. Wget is free and open source software, available for most Linux distributions. For complete documentation, type “man wget” from the command line.

If you have a dedicated server or even more than one server, you can appreciate the value of each dollar you pour into it. For the fortunate ones, it will be an investment that will pay off after hard work. Because you are already paying so much to run your server, you need to make sure everything you have is worth the expense.

When you are offering hosting accounts to your customers, SSL is definitely a service you want to support, although your customers will most likely purchase their certificates from a third party. Your server’s only responsibility will be making sure SSL is enabled and working.

For your own website, however, you may or may not have SSL enabled. So, when is SSL preferable or even necessary? There are a few situations when you should really have a current SSL certificate. Anytime you collect user data, you should encrypt the transmission. With SSL enabled, you can make sure sensitive data stays hidden. For services or community websites that require logins, your site should also have SSL. Finally, if you are offering hosting services, the hosting control panel and payment manager should be encrypted.

In situations where you do not provide any of the above-mentioned services, you may not need an SSL certificate. The certificate is the major expense, and you can still use SSL privately for your own logins, even if you do not purchase a certificate. It ultimately depends on your needs. If the services you offer will be more secure and more reputable with an SSL certificate, you should definitely make the investment.

Dedicated Servers are designed to be on all of the time, hence the word “dedicated”. A desktop computer that serves as a part-time server is not sufficient. Even a server in a data center that gets shut off for any longer than a few minutes is probably not really a dedicated server. To wear that badge, the server must stay on 24 hours a day and 7 days a week.

Rebooting any computer causes a temporary interruption in whatever activity the computer normally does. Rebooting a dedicated server can interrupt service for a lot of people, especially if the server hosts popular websites. When possible, the system administrator should keep reboots to an absolute minimum.

On a Linux server, this is very realistic. Reboots in Linux are very rarely needed. Here are a few example scenarios, along with an alternative to rebooting.

1. Websites inaccessible.  If you cannot reach websites but can still log in to the server via SSH, you may just need to restart your web server. With Apache, a simple “service httpd restart” may do the trick.

2. Slow, unresponsiveness. There are many possible causes for a slow server, some of which may involve attackers. Find the cause of the problem and neutralize it, but there is no need to reboot.

3. Configuration changes. Almost all configuration changes can be applied without having to restart the entire operating system.

4. Updates. Most updates do not affect the kernel and, therefore, do not need a reboot. Only a kernel upgrade requires a reboot.

As you can see, reboots are very rare and only needed when the server is completely unreachable, even through SSH, or when you perform kernel updates.

We all hope that the website or websites that we host on our dedicated servers will one day reach millions of people per month, per week, or even per day. But how many are really prepared for such a day if and when it occurs? What technology will you use to ensure your server does not weaken and buckle under the enormous weight of so many visitors?

One tool to consider using is a Content Delivery Network (CDN). Most of the bandwidth-heavy data that websites send across the Internet consists of images, videos, large documents, media streams, and other forms of downloads. HTML text loads quickly and does not take up much space, but images can add up rather quickly. Add videos or even larger downloads, such as software, and you have the makings of a content-heavy server that will put your network strength, CPU power, and memory capcity to the test.

Content delivery networks act as extra media distributors that operate in the cloud. Rather than hosting all of your media on a central server, a CDN service will host copies of your media and distribute them from various geographical locations. For example, a user in China will not have to download your images from your server in Canada, but rather a closer server in Singapore. This reduces server load and makes delivery of the content faster and more efficient.

There are both commercial CDNs, available at a price, such as Amazon CloudFront and Akami, as well as free CDNs, many of which rely on peer-to-peer file sharing to increase efficiency and distribution.

For the busy dedicated server administrator, your web hosting control panel is one of the most important tools you will use on a daily basis. There are a few popular proprietary control panels you can choose, but there are also some free and open source ones that are worth trying, especially if you have a commitment to offering your users free software service, or you cannot afford a commercial control panel.

Virtualmin is a free and open source control panel that also has a commercial version with paid support. It is based on the Linux/Unix system administration tool called Webmin. With Webmin, you can control nearly ever major aspect of your server’s operating system and supporting applications. Virtualmin adds support for creating web hosting accounts and other hosting-specific features.

Installing Virtualmin is normally a rather easy process. It is easiest to install it on an operating system that the company lists as “Grade A”. Those operating systems are CentOS, Red Hat Enterprise Linux, Debian, and Ubuntu.

To install Virtualmin on a Grade A OS, download the install script from project’s website. Before you proceed, make sure your host name is configured correctly to be your domain name. To check, run: hostname -f.

If you need to change the host name, edit /etc/hosts and add your ip address, followed by your host name and then reboot:

192.168.254.254 hostname.com

Next, run the install script with the following command:

sh install.sh

If all goes well, Virtualmin will be automatically installed on your server. If you have any problems, consult the Virtualmin installation documentation.

Some debates seem to have no end. Which came first, the chicken or the egg? Team Edward or Team Jacob? Paper or Plastic? In the world of dedicated servers, the ongoing debate is whether to use PHP as an Apache module or as a separate CGI script.

The current trend with most web hosting companies seems to be to use PHP as CGI, mainly because of the security benefits. PHP as an Apache module, on the other hand, offers faster, more easily configurable performance.

When PHP runs as an Apache module, it is compiled into the Apache code itself. This means, when an Apache process starts, PHP starts along with it. They are intrinsically linked, and PHP depends on Apache to operate. The benefit of this is that Apache tends to run very efficiently, and PHP is part of each Apache process. Furthermore, Apache configuration, particularly when using .htaccess files, can also be used to control PHP functions.

The downside of PHP as a module is also that it is part of Apache. If PHP goes down, so too goes Apache. This makes it more of a security risk, particularly on shared hosting accounts.

PHP as a CGI script means that PHP operates as an independent binary with its own processes. It is separate from Apache and can, therefore, run as another user, rather than Apache’s generic user. This increases security and adds a bit of stability, at the expense of speed.

Aside from being slower, the other downside of PHP as CGI is that users cannot use .htaccess files to control any PHP functionality. For that they must create their own php.ini files.

A Linux system administrator can configure a server to run PHP either way or both ways at the same time. When running a server with only a single web site (or a single dedicated server account), PHP as a module makes sense, as the security risk is not really a factor. When offering shared hosting accounts, it makes more sense to run PHP as a CGI script, unless there is a legitimate reason not to do so.

Apache HTTP Server is the most commonly used web server software for dedicated servers. One of its features that makes it particularly versatile is the ability to add directives to the configuration file. System administrators can add directives to the server’s primary configuration file, and the sys admin can also use a directive to grant individual directive privileges to users by way of .htaccess files on shared hosting accounts.

To edit or add directives, you will need root access to the server. Login as root by typing “su” from the command line. When prompted, enter the root password.

Next, find the Apache configuration file. On Red Hat-based Linux servers, such as CentOS, it can be found in: /etc/httpd/conf/httpd.conf

On Debian GNU/Linux-based servers, the configuration file is located at: /etc/apache2/apache2.conf

Directives have the following format: DirectiveName Variable

The directive name usually has the first letter of each word capitalized, and the name never has spaces. The variable may be a boolean indicator, integer, or string. For example, the Bind Address directive would look like:

BindAddress 192.168.254.254

On the other hand, the Error Document directive has three components: the directive, the error code, and the URL to the document. For example:

ErrorDocument 404 http://www.domain.tld/errordocs/404.html

Directives added to the Apache configuration file will affect the entire server. After you add these global directives, you will need to restart Apache for the directives to take effect.

/etc/init.d/httpd restart OR /etc/init.d/apache2 restart

For local directives, you need to place the .htaccess file in the directory that the user wants to be affected by the directive. Directives in .htaccess files take effect immediately. Therefore, be sure they are configured correctly before saving the file.

There are hundreds of Apache directives at your disposal. For a complete list, see the Apache Directive Quick Reference.

In an earlier post, I went over some of the common error codes for Apache web servers. Most of them, like “404 Not Found”, are pretty easy to troubleshoot; however, one of the more obscure errors is “500 Internal Server Error”. It is clear from the error that something running on the server side has failed. What is not clear is exactly what failed.

If possible, the first thing to do when troubleshooting an internal server error is to remember what you were doing when it started. If someone else caused the error on your dedicated server, try to gather as much information from that person as possible.

Errors like this one are typically the result of incorrectly installed scripts (PHP, Perl, etc.) or restrictive permissions on the scripts. Here are a few specific possibilities you can check:

1. Make sure the scripts are installed in the right location. CGI scripts, in particular, often need to be located in executable directories.

2. Check the upload method used. If the person who uploaded the scripts used a binary FTP upload when it should have been ASCII, the files could be corrupted.

3. Make sure the file permissions for the script are set correctly.

4. Ensure that the script was not modified in a way that would cause it to malfunction. This is particularly likely if you are writing your own untested web application. It may take a certain unique form of HTTP request to trigger the error.

5. Check the server logs, particularly Apache’s error logs.

6. Turn on any debugging features in the script or software. It may tell you the exact error.

7. Try running the script from the command line to see if it produces a more detailed error message.

There is no particular right answer to the dreaded Internal Server Error, but with a little investigating and a lot of patience, you should be able to find the cause and then come up with a reasonable solution.

Security is of paramount priority with a dedicated server. One of the easiest ways to tighten your server’s security is to use complex, difficult-to-guess passwords. While you could take pains trying to come up with random passwords that are actually secure, there is software that can assist you in the process.

APG or Automated Password Generator is a small Linux program that allows you to create random, secure passwords, right from your server’s secure shell (SSH). Many Linux distributions have APG in their software repositories. Simply install it, and it is ready for use.

To use the default settings, just type “apg” from the command line. It will open a prompt that looks like this:

Please enter some random data (only first 8 are significant)
(eg. your old password):>

You can literally type eight random characters or the password you have been using. It will not display the text as you type. Press Enter, and apg will quickly generate six passwords, along with their pronunciations. They are pronounceable passwords, but they are not real words, making them easy to remember, yet more secure. The output will look like:

Ryatyiarp0 (Ryat-yiarp-ZERO)
AikAktevAj6 (Aik-Ak-tev-Aj-SIX)
Ephfeoc7 (Eph-fe-oc-SEVEN)
urfapDulm3 (urf-ap-Dulm-THREE)
rackVafasos9 (rack-Vaf-as-os-NINE)
RownotCict5 (Rown-ot-Cict-FIVE)

If you do not want pronounceable passwords, use the “-a” flag and add a “1″ to the end of it:

apg -a 1

In this case, the output will look like:
\+Nx9Hek`
G:89&2OO
uKHOwO-}%u
@q7GCi3Jh+
L5'S|eku

With the command-line flags, you can specify other settings, such as the minimum password length (-min_pass_len) and the mode (-M), which determines the types of characters allowed. For complete documentation, type “man apg” from the command line. APG is free and open source software, available for download from the project’s website for Linux and many Unix variants.

If you are mostly familiar with Windows computers, you may find the way your Linux dedicated server uses memory to be odd or even alarming. When I first started using Linux on a server, it was a bit disconcerting to see Linux use up all of the available RAM. This is much different than the way Windows handles RAM usage.

Operating systems typically use two types of memory: physical memory and virtual memory. Physical memory is the actual physical space found on computer hardware. It primarily refers to system RAM (Random-Access Memory), but may also refer to memory on other devices, such as processors, onboard chips, and even graphics cards. On a server, however, it exclusively means system RAM modules.

Virtual memory is actually disk space set aside to provide additional cache for system and user applications. Windows uses a file called “pagefile.sys” that stores virtual memory. It uses the virtual memory even if there is some system RAM still available, and is constantly reading and writing the file. The extent to which the pagefile is used, often varies depending on the application. The total amount of virtual memory is technically the combined space available in physical memory and the pagefile.

Linux uses a completely separate partition called “swap” to store virtual memory. Unlike Windows, swap is basically a last resort. If you have 4GB of system RAM, Linux may never touch the swap partition. It will load applications completely into the RAM and even cache data from those applications in the physical RAM. As a result, the applications should run very quickly and should restart faster, even after you have exited them.

By default, many Linux distributions will create a swap partition that is equal in size to the amount of physical memory. With physical memory over 2GB, however, most of that swap space will probably remain empty. Although it was a common practice at one time to create a swap partition twice the size of the physical memory, this is no longer practical or necessary, especially when dealing with higher-end servers with 8, 16, or even 32 GB of RAM.

ImageMagick is a powerful software suite that gives users the ability to create, manipulate, and process images in a variety of formats, including JPEG, TIFF, and PNG. It comes with a collection of command line tools for batch image conversion and many other tasks. It also serves as a frontend for a plethora of image manipulation programs.

Moreover, ImageMagick allows you to edit images on the fly from within your web applications. Because of this, it is a good idea for a dedicated server with multiple users or clients to have ImageMagick installed. Many PHP and Perl Web scripts require ImageMagick in order for their galleries, avatar resizing, and other features to work.

On Redhat Enterprise Linux, CentOS, and other Red Hat-based Linux distributions, you can install ImageMagick from the distribution’s online repository:

# yum install ImageMagick

On Debian-based systems, use:

# apt-get install ImageMagick

The version that comes with the distribution is usually older than the latest release, so if you need the very latest, you may need to build it from source.

Once you have ImageMagick installed, most web scripts will ask where it is installed. In such a case, you should provide the path to the script executables, rather than the ImageMagick libraries themselves. The most common path is: /usr/bin

If you are not sure, you can search for one of the scripts, such as “convert”. Just type the following from the command line:

$ which convert

After you have the correct path set, most web scripts will function properly. If you are writing your own web application in a particular language (i.e. .Net, C++, PHP, Python, or Ruby), consult the ImageMagick website for links to language-specific interfaces.

If you stare at the list of running processes on your server for long enough, you are bound to come across the user called “nobody”. Before you call a security expert and prepare to fight off a hacker, relax. While the username “nobody” may seem suspicious, it is actually supposed to be there.

On a Linux or Unix dedicated server, every process runs under a username. Generally, processes that your username starts will have that name and group listed in the process list. Processes used in the boot sequence may be run by root and will generally have the root user ID.

Memory resident services or daemons, however, often run under different usernames. They may have a user created specifically for them, and, if they do not, they will run under a user called “nobody”.

A program that runs under a local username will not have enough permissions to actually perform tasks like updating log files or processing the mail queue. On the other hand, a program that runs as root can do anything, even completely wipe the server.

In order to avoid the latter, the nobody user has more permissions than the local user but less than root. It is designed to function only within the parameters of system services. Furthermore, the nobody user does not have a password, making it impossible for attackers to guess it (unlike the root user).

Therefore, do not fear “nobody” and do not take any steps to hinder the user’s ability to run some of your critical applications, like the web server. What nobody does is nobody’s business.

FTP (File Transfer Protocol) servers normally require authentication. A user must login, providing a username and password, and the session will last only as long as the user stays logged in.

Anonymous FTP provides users with the ability to access an FTP server without providing password authentication. At first glance, this may sound insane, but it does have some practical uses.

Despite the name, it is not completely anonymous, and you can still track users who access your server through their IP addresses and the information that you require when they login (Some anonymous FTP services require the user to provide an email address).

The advantage of anonymous FTP is that you can provide fast access to public archives without having to tie up web server processes with multiple extended connections, especially when distributing large files. Because of this advantage, many public institutions like universities and libraries will distribute downloadable material through anonymous FTP. Some of them, like ibiblio.org, also distribute Linux distributions and other free and open source software.

The disadvantage of anonymous FTP is that you have little control over who accesses your FTP server or how often they do it. If you have particularly popular file downloads, it can place quite a load on the server. For this reason, many organization with limited resources have chosen alternatives like BitTorrent to distribute large files.

Because anonymous FTP allows users to access the server without authentication, you will need to take extra security steps to prevent exploits. Be sure to disable the SITE EXEC command, chroot the public directory, and disable any write privileges. If you have no pressing need to offer anonymous FTP services, it is better to disable it completely.

The seemingly endless number of possible mail server configurations is no surprise for most IT support personnel. Whether an organization is operating on a shoestring budget or is well-funded, mail servers are often crammed with unnecessary applications that take up too many precious resources. This dubious practice can cause the mail server to perform poorly even if it’s running on a new, high-performance box.

Take for example a machine that has Microsoft Exchange, SQL, and Active Directory installed along with a different mail server program. The additional mail server program is a trial version that was installed when the administrator noticed that the mail was not flowing as fast as it should have been. When the flow of mail eventually came to a full stop, the administrator contacted IT support.

The administrator had forgotten a crucial fact: Port 25 can only be used by one mail server at a time. Had the administrator bothered to check up on the status of the CPU resources prior to installing the trial mail server program, the call to support may have been avoided. Uninstalling the trial software unblocked the mail flow, but SQL still consumed most of the mail server resources, hence slowing down the flow of mail. The solution: moving SQL to a dedicated server.

In the example above it can be argued that basic common sense may have been forgotten by the administrator while setting up the mail server. Still, the problem is far too prevalent to simply dismiss. The best advice that can be given to administrators in this case is to avoid cramming all major applications in one mail server. In the case of enterprise servers, non-standard configurations must be avoided at all costs.

After numerous calls to support regarding mail server problems, a few rules regarding the administration of a mail server have been compiled:

- A single NIC card should not be configured with 1000 or more IPs. This would quickly lead to degradation of mail flow.

- Microsoft Web Edition Servers should be installed on their own and should not coexist with other mail servers on the same machine. They are simply not meant to be used as classic mail servers.

- Mail server machines should never be over-clocked. This is especially true of enterprise servers. The risk of the machine overheating and all the mail being lost is too high.

- Scheduled audits of mail servers should be performed from time to time. Whenever resources are running low, administrators should immediately look for unnecessary tools and applications that may have collected over time. If an anti spam appliance is installed in the network, it should checked during these audits.

- Redundancy is the best policy. In case of a catastrophic failure, redundancy will redirect the mail flow to a mail server that is not affected.