About This Site
So, what does it take to run a web site? That depends on whether you host it
yourself, or pay someone to do it. In the interest of full control, as well as
for the educational experience, I have chosen to run this entire site and the
related network myself.
The physical network consists of the following elements, in order of
connection from the outside:
- Cable modem
- Public switch/hub
- Dual-homed (two network cards; Public/Private) internet server
- Private switch/hub
- Internal network; a file server, AS/400, various workstations
All of this hardware is protected by a pair of uninterruptible power supplies
(UPS), and is connected by Category 5 cabling. The servers I built myself from
components, and upgrade as needed from time to time.
The computers need operating systems. The main servers both run Linux, which
I installed; Engarde Secure Linux on the machine visible to the outside world,
and Red Hat Linux on the file server. With the IBM AS/400 rounding out the set
of servers, I have managed to build an entirely Microsoft-free server room.
I need a dedicated static IP address in order to offer my services to the
internet at large. For this I cannot use an ordinary ISP account, so I have
negotiated (and pay for) a business account that permits me to run servers.
Fortunately, I have access to a broadband cable modem connection.
You probably don't want to type my IP address to find my site, so I have
thought up and registered a domain name (eclectica.ca). To make this piece of
magic work, I need to configure and operate a DNS (Domain Name System) server.
When a request is made for eclectica.ca, the .ca server gives the IP address of
my server. Mine is then able to respond to queries for, for example, www
(www.eclectica.ca) and mail (mail.eclectica.ca).
The service that I probably find most valuable of all is e-mail. This entails
configuring the mail server so that it correctly sends mail on my behalf, and
accepts mail for me as well. By convention, it must also accept mail for
administrative accounts such as “postmaster” (in charge of mail),
“hostmaster” (in charge of DNS), and “webmaster” (in
charge of the web site). This mail is routed to me.
The server must be a good network citizen by refusing to relay
mail for unrelated parties (usually spammers). It is also the first line of
defence against inbound spam. Preventing the delivery of spam is probably the
most time-consuming aspect of being a network adminstrator.
Of course I want a web server, and I need to configure it. It turns out that
the Apache web server is very reliable, and needs very little attention after it
is initially configured.
There are of course lots of other minor details to attend to.
For example, if the power fails, I want all the equipment to gracefully shut
down if the failure lasts longer than a certain amount of time. This means that
I need to hook up the signalling cables from the UPSes, and configure the
software to act appropriately. This should of course be tested thoroughly, which
involves watching all the servers go up and down like yo-yos as I pull the power
and reconnect it in various permutations.
And so it goes for numerous other services.
All of the main services, DNS, web, and mail, are now up and running. But
is everything secure?
Maybe it is today, but new vulnerabilities and exploits are discovered all
the time. Some of these vulnerabilities may be sufficiently severe that an
attacker can gain complete control over a system, and destroy everything without
a trace. Even worse, a system could be used to attack others. This means that I
must be ever vigilant, and watch for any announcement of a vulnerability that
may affect my systems.
And of course, the vulnerability must be closed as soon as possible by fixing
it, or by disabling the vulnerable service.
Incidentally, everyone who has a computer connected to the internet
bears the responsibility of ensuring that it is secure. Last year's Code Red
and Nimda worms did their damage by using the computers of unsuspecting ordinary
citizens to launch their attacks.
The Web Site
Now I am ready to put up a web site. There are two parts to this; the
technical part, and the content.
The technical part involves things like deciding on a structure for the site,
choosing the appropriate technologies and development tools, and making it easy
to transfer files from the staging area to the actual site. For all but the
simplest sites, programming is involved; for example, I wrote this site in PHP
rather than just HTML, but you can't tell by right-clicking and selecting View
Source. By using PHP, I saved myself a tremendous amount of work, made the site
more consistent in its appearance from page to page, and made it infinitely
easier to modify and add pages.
As for the content, that is what you are reading right now. The best reason
for putting up a web site is having something to say, or to show; I hope you
find something here worthy of your attention.
Yes, this is “my” web site; I built and administer the
whole thing. Perhaps all of the preceding offers you a bit of insight
into what it takes.