----- Original Message ----- From: "Joseph" Hi all
First, thanks for not being offended by my comments Pete. It's so refreshing to be able to discuss such things (and to refer to other peoples comments) without people people being offended (something which doesn't always happen, as I found out when I commented on a few things on the mozilla firefox forums). Secondly I too would like to allow access from the Internet to my web server, at some time in the future, but I really don't have a clue as to how to go about it. I allowed Internet access to the server, via my firewall, and asked a few select friends to try and view my web pages a few times, giving them my ip address, but so far no one has been able to access my web server. Is there something I am missing here? Do I need to sign up to one of those dynamic ip web sites. I don't have a domain name and to be honest, I don't think I really need one until I am more proficient at secure PHP coding. I have been able to configure another computer on my network to be able to access my web server (on my main computer) both using microcrap O/S's, but I have been told to use a linux box if I want to allow Internet connections because it is much more secure than MS Bindoze. Is this true? I have another machine which I could set up with linux, but it only has about 256 megs of ram and an 80 gig HD. Is this sufficient for older version of linux and are older versions of linux as secure as modern ones? I also read somewhere that it is good practice to have the db on a different computer, both because of security and also because if the db becomes too big, it's much faster. Again, is this correct? ----------------------------------- Hi Joseph, You have an internal IP address, and an external IP address that points to your modem/router. You can find you internal IP address in your network settings on the server and the external IP address can be found on internet sites that reflect your IP address like whatsmyip.com (from memory). Here are the diagnostic steps. 1) Type 127.0.0.1 or localhost into a browser and see if you get the servers web page. If not then there are problems - most likely with your server setup or possibly with and firewall on the same PC. Once the above works - 2) Type you internal IP address into a browser and see if you get the servers web page. If not then you have a problem with a file wall on the server. Once the above works - 3) Type you external IP address into a browser and see if you get the servers web page. If not then you have network address translation (NAT) problem with an upstream router/modem on your local area network (LAN). You have to connect incoming connections on port 80 of your LAN perimeter network device (modem/router) to port 80 of your internal IP address. If you have several devices in a string (ie DHCP) then things can become more complex however if you only have one network firewall (not on the server) then generally you can directly connect 'external IP port 80' directly to 'internal IP port 80'. You can try DMZ to your servers internal IP for testing but don't leave it this way as you are completely bypassing the network firewall on all ports. You internal IP address is not accessible from the internet side (or at least should not be). You have to give your friends your external IP address. Services like noip.com are to make your external IP address constant to the other end while it is dynamic at your end. There is no advantage to you for testing as you are aware of your new external IP when it changes (from whatsmyip.com). A dedicated IP address for only you is about $2 a month or so. Ask your ISP. Domains only convert a domain name to an IP address. (Domain Name Servers). You still have to fix the problems you have first. If you cannot get your web server by typing the external IP into a browser then a domain wont work either. If you still have problems then you need to refer to the documentation for you network devices, as it is beyond the scope of this group. Note: it is useful to compare results from two PC's on the LAN side. Any versions of Linux (old or new) have varying levels of security depending on the distribution package. Even a newer version of Linux will fit on 80Gig, with a fair amount of pruning. Once again this is beyond the scope of this group. You will have to do the research or ask for suggestions of what others may recommend. There is too much to consider for me to offer you suitable package. With mysql, the longest time is taken up with the connection to the mysql server the rest is fast. This is the same if it is on the same PC or a different one. When php encounters a mysql function, the php pauses and waits for the mysql results. This frees up CPU time for mysql running on the same server however php still keeps the RAM it was using. So it is fine to run php and mysql on the same PC if you have enough memory. When you have a lot of simultaneous connections to the mysql (lots of page requests for php pages that connect to mysql) then things can slow down. When this happens then a separate mysql server is better but mostly because you then have twice as many CPU's and twice as much RAM. Most shared servers have php/mysql running on the same server so this should not be a problem for you any time soon. You are right about the security issue. It is much more secure to run mysql on a separate server but you need to know how to make this secure before you can benefit from it. I recommend you look for pre-configured packages and find a web site to compare them. Security all comes down to the configuration and this is the realm of the experienced. The greatest reward to hackers is system resources and they are cheep now so it is the spammers looking to a SMTP proxy that will catch you out. Hope this helps, Rob.