----- Original Message -----
From: "Joseph"
Hi all
First, thanks for not being offended by my comments Pete. It's so
refreshing to be able to discuss such things (and to refer to other
peoples comments) without people people being offended (something
which doesn't always happen, as I found out when I commented on a few
things on the mozilla firefox forums).
Secondly I too would like to allow access from the Internet to my web
server, at some time in the future, but I really don't have a clue as
to how to go about it.
I allowed Internet access to the server, via my firewall, and asked a
few select friends to try and view my web pages a few times,
giving them my ip address, but so far no one has been able to access
my web server.
Is there something I am missing here?
Do I need to sign up to one of those dynamic ip web sites. I don't
have a domain name and to be honest, I don't think I really need one
until I am more proficient at secure PHP coding.
I have been able to configure another computer on my network to be
able to access my web server (on my main computer) both using
microcrap O/S's, but I have been told to use a linux box if I want to
allow Internet connections because it is much more secure than MS
Bindoze. Is this true?
I have another machine which I could set up with linux, but it only
has about 256 megs of ram and an 80 gig HD. Is this sufficient for
older version of linux and are older versions of linux as secure as
modern ones?
I also read somewhere that it is good practice to have the db on a
different computer, both because of security and also because if the
db becomes too big, it's much faster. Again, is this correct?
-----------------------------------
Hi Joseph,
You have an internal IP address, and an external IP address
that points to your modem/router.
You can find you internal IP address in your network settings on the server
and the external IP address can be found on internet sites that reflect your
IP address like whatsmyip.com (from memory).
Here are the diagnostic steps.
1) Type 127.0.0.1 or localhost into a browser and see if you get the servers
web page. If not then there are problems - most likely with your server
setup or possibly with and firewall on the same PC.
Once the above works -
2) Type you internal IP address into a browser and see if you get the
servers web page. If not then you have a problem with a file wall on the
server.
Once the above works -
3) Type you external IP address into a browser and see if you get the
servers web page. If not then you have network address translation (NAT)
problem with an upstream router/modem on your local area network (LAN). You
have to connect incoming connections on port 80 of your LAN perimeter
network device (modem/router) to port 80 of your internal IP address. If you
have several devices in a string (ie DHCP) then things can become more
complex however if you only have one network firewall (not on the server)
then generally you can directly connect 'external IP port 80' directly to
'internal IP port 80'. You can try DMZ to your servers internal IP for
testing but don't leave it this way as you are completely bypassing the
network firewall on all ports.
You internal IP address is not accessible from the internet side (or at
least should not be). You have to give your friends your external IP
address.
Services like noip.com are to make your external IP address constant to the
other end while it is dynamic at your end. There is no advantage to you for
testing as you are aware of your new external IP when it changes (from
whatsmyip.com).
A dedicated IP address for only you is about $2 a month or so. Ask your ISP.
Domains only convert a domain name to an IP address. (Domain Name Servers).
You still have to fix the problems you have first. If you cannot get your
web server by typing the external IP into a browser then a domain wont work
either.
If you still have problems then you need to refer to the documentation for
you network devices, as it is beyond the scope of this group.
Note: it is useful to compare results from two PC's on the LAN side.
Any versions of Linux (old or new) have varying levels of security depending
on the distribution package. Even a newer version of Linux will fit on
80Gig, with a fair amount of pruning. Once again this is beyond the scope of
this group. You will have to do the research or ask for suggestions of what
others may recommend. There is too much to consider for me to offer you
suitable package.
With mysql, the longest time is taken up with the connection to the mysql
server the rest is fast. This is the same if it is on the same PC or a
different one. When php encounters a mysql function, the php pauses and
waits for the mysql results. This frees up CPU time for mysql running on the
same server however php still keeps the RAM it was using. So it is fine to
run php and mysql on the same PC if you have enough memory.
When you have a lot of simultaneous connections to the mysql (lots of page
requests for php pages that connect to mysql) then things can slow down.
When this happens then a separate mysql server is better but mostly because
you then have twice as many CPU's and twice as much RAM. Most shared servers
have php/mysql running on the same server so this should not be a problem
for you any time soon.
You are right about the security issue. It is much more secure to run mysql
on a separate server but you need to know how to make this secure before you
can benefit from it.
I recommend you look for pre-configured packages and find a web site to
compare them. Security all comes down to the configuration and this is the
realm of the experienced.
The greatest reward to hackers is system resources and they are cheep now so
it is the spammers looking to a SMTP proxy that will catch you out.
Hope this helps, Rob.
