Results 1 to 6 of 6
  1. #1
    kchoman's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    20
    Reputation
    10
    Thanks
    5

    Windows: Creating your first webserver



    Preface:
    Here's what we're going to accomplish with this tutorial:
    • Learning where to pick up the necessary programs to build a webserver on Windows.
    • Learning how to configure our web server to meet our needs.
    • Learning where to pick up the necessary IDEs for programming our webserver on Windows.
    • Learning how to make our web server accessible from a public network (and the dangers of this).


    The Software:
    We can break this down to 3 necessary categories:
    • The web server
    • The database
    • The back-end


    Now the importance of the back-end category is the fact that we'll be wanting to communicate with the database without giving visitors the ability to see the username and password to access our database. Plus we'll likely be installing applications that will rely on a back-end web language such as PHP or HHVM and so we'll need that category.

    So in this tutorial we'll be looking into the benefits, disadvantages, configurating, and updating of the following programs:

    Web server
    Database
    Back-end
    Apache MySQL PHP
    Nginx SQLite Hacklang

    Apache:
    We have many choices for this category but this tutorial will focus on Apache and Nginx.

    We'll start off by grabbing the newest stable release of Apache for Windows: Apache 2.4 from ApacheHaus

    Since I'm running with a 64-bit version of Windows, I'll choose to download the 64-bit (x64) version of Apache 2.4.

    Once I have the download complete, I'll extract the contents of the Apache 2.4 server into a new folder named httpd.

    This is how it should appear:
    Code:
    Server => httpd => INSTALL.txt
    Now it's time to create the folder that will store our website files, so move outside the httpd folder and create a new folder named htdocs.

    This is how it should appear:
    Code:
    Server => htdocs
    We will now go out of the htdocs folder and go back into the httpd folder and then into the conf folder to begin configuring our web server to recognize files from the htdocs folder and to get things prepared for heavy traffic.

    So let's open the httpd.conf file using our text editor of choice; you can use notepad for this but it would be easier to pick up a copy of Notepad++ and edit the conf file using Notepad++.

    Delete everything and put this into the httpd.conf file:
    Code:
    #
    # What is the folder that stores the web server files
    #
    Define SRVROOT "../"
    ServerRoot "${SRVROOT}"
    
    #
    # Where are the web server files
    #
    Define WEBROOT "../htdocs"
    DocumentRoot "${WEBROOT}"
    Listen 80
    
    #
    # What modules are enabled
    #
    LoadModule actions_module 			${SRVROOT}httpd/modules/mod_actions.so
    LoadModule alias_module 			${SRVROOT}httpd/modules/mod_alias.so
    LoadModule allowmethods_module 			${SRVROOT}httpd/modules/mod_allowmethods.so
    LoadModule asis_module 				${SRVROOT}httpd/modules/mod_asis.so
    LoadModule auth_basic_module 			${SRVROOT}httpd/modules/mod_auth_basic.so
    LoadModule authn_core_module 			${SRVROOT}httpd/modules/mod_authn_core.so
    LoadModule authn_file_module 			${SRVROOT}httpd/modules/mod_authn_file.so
    LoadModule authz_core_module 			${SRVROOT}httpd/modules/mod_authz_core.so
    LoadModule authz_groupfile_module 		${SRVROOT}httpd/modules/mod_authz_groupfile.so
    LoadModule authz_host_module 			${SRVROOT}httpd/modules/mod_authz_host.so
    LoadModule authz_user_module 			${SRVROOT}httpd/modules/mod_authz_user.so
    LoadModule autoindex_module 			${SRVROOT}httpd/modules/mod_autoindex.so
    LoadModule cgi_module 				${SRVROOT}httpd/modules/mod_cgi.so
    LoadModule dir_module 				${SRVROOT}httpd/modules/mod_dir.so
    LoadModule env_module 				${SRVROOT}httpd/modules/mod_env.so
    LoadModule include_module			${SRVROOT}httpd/modules/mod_include.so
    LoadModule info_module 				${SRVROOT}httpd/modules/mod_info.so
    LoadModule isapi_module 			${SRVROOT}httpd/modules/mod_isapi.so
    LoadModule log_config_module 			${SRVROOT}httpd/modules/mod_log_config.so
    LoadModule lua_module 				${SRVROOT}httpd/modules/mod_lua.so
    LoadModule mime_module 				${SRVROOT}httpd/modules/mod_mime.so
    LoadModule negotiation_module 			${SRVROOT}httpd/modules/mod_negotiation.so
    LoadModule ratelimit_module 			${SRVROOT}httpd/modules/mod_ratelimit.so
    LoadModule reflector_module 			${SRVROOT}httpd/modules/mod_reflector.so
    LoadModule remoteip_module 			${SRVROOT}httpd/modules/mod_remoteip.so
    LoadModule request_module 			${SRVROOT}httpd/modules/mod_request.so
    LoadModule rewrite_module 			${SRVROOT}httpd/modules/mod_rewrite.so
    LoadModule session_module 			${SRVROOT}httpd/modules/mod_session.so
    LoadModule session_cookie_module 		${SRVROOT}httpd/modules/mod_session_cookie.so
    LoadModule session_crypto_module 		${SRVROOT}httpd/modules/mod_session_crypto.so
    LoadModule setenvif_module 			${SRVROOT}httpd/modules/mod_setenvif.so
    LoadModule socache_memcache_module 		${SRVROOT}httpd/modules/mod_socache_memcache.so
    LoadModule socache_shmcb_module 		${SRVROOT}httpd/modules/mod_socache_shmcb.so
    LoadModule ssl_module 				${SRVROOT}httpd/modules/mod_ssl.so
    LoadModule status_module 			${SRVROOT}httpd/modules/mod_status.so
    LoadModule watchdog_module 			${SRVROOT}httpd/modules/mod_watchdog.so
    
    #
    # Who owns this web server
    #
    ServerAdmin admin@blank.com
    ServerName localhost:80
    
    #
    # Prevent users from roaming the filesystem
    #
    <Directory "${SRVROOT}">
    	AllowOverride none
    	Require all denied
    </Directory>
    
    #
    # Allow access to the web server files
    #
    <Directory "${WEBROOT}">
    	Options -Indexes
    	AllowOverride none
    	Require all granted
    </Directory>
    
    #
    # Set our index file types
    #
    <IfModule dir_module>
    	DirectoryIndex index.php home.php index.html home.html index.htm home.htm
    </IfModule>
    
    #
    # Prevent direct access to .htaccess and .htpasswd files
    #
    <Files ".ht*">
    	Require all denied
    </Files>
    
    #
    # Prevent direct access to sqlite database files
    #
    <Files "*.db">
    	Require all denied
    </Files>
    
    #
    # Create our error log
    #
    ErrorLog "logs/error.log"
    LogLevel crit
    
    #
    # Create our access log
    #
    <IfModule log_config_module>
    	LogFormat "%h %l %u %t \"%r\" %>s %b" common
    	CustomLog "logs/access.log" common
    </IfModule>
    
    #
    # Handle file mimetypes
    #
    <IfModule mime_module>
    	TypesConfig conf/mime.types
    </IfModule>
    
    #
    # Set custom error pages
    #
    ErrorDocument 500 "Server-side error."
    ErrorDocument 404 "File not found."
    ErrorDocument 403 "Access denied."
    
    #
    # Import extra configs
    #
    Include ${SRVROOT}httpd/conf/extra/httpd-autoindex.conf
    Include ${SRVROOT}httpd/conf/extra/httpd-info.conf
    Now that we've got our configuration set up, it's time to go out of the conf folder and out of the httpd folder.
    To run our apache server we will start by creating a new file named server.bat and insert the following contents:
    Code:
    start /d "%~dp0httpd\bin" httpd.exe
    Double-click on the server.bat file and it should leave a blank command prompt open with the Apache icon to the far-left corner of the title bar.

    Now to access your website you can open a new tab in your web browser and set the url to "localhost" or "127.0.0.1" and it should show a page with the text "Access denied." which should go away as soon as you add an index.html or home.html file to the htdocs folder.

    MySQL:
    We'll start off by grabbing the latest stable release of MySQL: MySQL 5.7.20

    Because I have a 64-bit version of Apache running on my computer, I'll grab the 64-bit version of MySQL from the website.

    Create a new folder named mysql and extract the contents of the downloaded archive into that folder.

    It should look like this:
    Code:
    Server => mysql => README
    Now it's time to create a new folder and name it data, it should look like this:
    Code:
    Server => mysql => data
    Now we will enter the bin folder and open a powershell window there by holding shift and right-clicking on an empty spot (without highlighting any items in the folder) and then select "Open PowerShell window here" (Windows XP/Vista/7/8/8.1 users will have an option to open command prompt instead, so go with that and use the command for CMD):
    Code:
    PowerShell: ./mysqld.exe --initialize-insecure --datadir=../data
    CMD: mysqld.exe --initialize-insecure --datadir=../data
    Now you can close out of your PowerShell/Command Prompt window and go out of the bin folder and go out of the mysql folder to modify the server.bat file and add the following to a new line:
    Code:
    start /d "%~dp0mysql\bin" mysqld.exe
    Time to test our database by going back into the mysql folder and then going back into the bin folder and opening a new powershell/command prompt window at that location (like we did earlier) and type the following:
    Code:
    PowerShell: ./mysql.exe -u root
    CMD: mysql.exe -u root
    From here we'll be creating two accounts:
    • root account with full permissions
    • site account with read/write permissions


    The concept behind this is to limit the range of commands that an intruder can use if you happen to have an SQL injection on your website. The site account will have no ability to create or modify existing accounts and will not be able to escape the database we create for it (meaning that there's no chance of an intruder using information_schema to gather table and column names).

    Let's start by adding a password for the root account:
    Code:
    alter user 'root'@'localhost' identified by 'MyNewPassword';
    Make sure to use your own custom password for this, nobody should be able to access the root account from the website so there's no risk of someone gaining access to the root account by an SQL injection. You will use the root account to create and delete tables and change the password for the site account so you shouldn't lose track of the root password.

    Now let's create our site account:
    Code:
    create database `site`;
    create user 'site'@'localhost' identified by 'MySecurePassword';
    grant select,insert,update,delete on site.* to 'site'@'localhost';
    flush privileges;
    exit
    Now we can test our permissions by logging into the site account:
    Code:
    PowerShell: ./mysql.exe -u site -p
    CMD: mysql.exe -u site -p
    And then entering our secure password and then type in the following to show permissions:
    Code:
    show grants;
    This should pop up:
    Code:
    +------------------------------------------------------------------------+
    | Grants for site@localhost                                              |
    +------------------------------------------------------------------------+
    | GRANT USAGE ON *.* TO 'site'@'localhost'                               |
    | GRANT SELECT, INSERT, UPDATE, DELETE ON `site`.* TO 'site'@'localhost' |
    +------------------------------------------------------------------------+
    2 rows in set (0.00 sec)
    Then type exit to quit out of the mysql connection and then you can close out of PowerShell/Command prompt.

    PHP:
    Now we want to go and grab a copy of PHP: PHP on Windows

    Since I am using a 64-bit version of Apache, I'll be wanting to grab the latest thread-safe 64-bit version of PHP which is 7.2 in this case. You may need to install Visual C++ 2015 in order to run PHP 7.2 otherwise you may encounter an error when running PHP.

    Now we need to create a new folder in the server named apps and then create a new folder named php within the apps folder. It should look like this:
    Code:
    Server => apps => php
    Now we will extract the contents of our PHP zip file into the apps/php folder.

    This apps folder will also contain any other web apps that we install to the server such as phpMyAdmin or any of our private server binaries.

    Now we're going to copy the php.ini-production file and paste it into the same folder and rename it to php.ini.
    We will now go out of the php folder and out of the apps folder and back into the httpd/conf folder to create a new file name php.conf and add the following:
    Code:
    Define PHPROOT "./apps/php"
    LoadModule php7_module ${SRVROOT}apps/php/php7apache2_4.dll
    AddType application/x-httpd-php .php
    PHPIniDir ${PHPROOT}
    Now we will reopen httpd.conf and add the following line at the very bottom of the file:
    Code:
    Include ${SRVROOT}httpd/conf/php.conf
    Now we should be able to run the server and we should be able to run PHP code on our web server.
    So from here we will need to enable the following extensions in php.ini to allow access to our database, so go to line 892 in php.ini and begin removing the semicolons from the following extensions:
    • mysqli
    • pdo_mysql


    So this should give us the ability to connect to our database using MySQLi and PDO, but I'd recommend opting out for PDO over MySQLi if you can.

    Web Server IDEs:
    A web server IDE (Integrated Development Environment) will be able to cover almost all bases from HTML, SQL, XML, JSON, Javascript, PHP, and other languages associated with websites (too many for me to recall at the moment).

    As far as we're concerned we have a free choice and a premium choice:


    I've used both IDEs and I know that both of them are available on Windows, Mac OS X, and Linux. I can't recommend one over the other but I'd recommend starting with Netbeans because you don't have to worry about paying for a license in case you find another PHP IDE that you feel more comfortable with (I recommend experimenting with as many IDEs as you can until you find one that you feel most comfortable with, there's no right or wrong choice of IDEs).

    What happened to the part about Nginx, SQLite, and Hacklang?
    They're on their way but I'm going to take a quick break from this thread so that I can make a spiritual successor teaching others how to protect from multiple types of website vulnerabilities with their webpages.
    Last edited by kchoman; 12-02-2017 at 05:25 AM.

  2. #2
    Zaczero's Avatar
    Join Date
    Oct 2013
    Gender
    male
    Location
    localhost
    Posts
    3,273
    Reputation
    1460
    Thanks
    12,744
    My Mood
    Sleepy
    Alternatively you can use xampp and setup everything with just one exe
    . . . malsignature.com . . .



    [ global rules ] [ scam report ] [ image title ] [ name change ] [ anime force ]
    [ league of legends marketplace rules ] [ battlefield marketplace rules ]

    "because everytime you post a picture of anime in here
    your virginity's time increases by 1 month"
    ~Smoke 2/18/2018


    Former Staff 09-29-2018
    Battlefield Minion 07-21-2018
    Premium Seller 03-04-2018
    Publicist 12-10-2017
    League of Legends Minion 05-31-2017
    Premium 02-05-2017
    Member 10-13-2013

  3. #3
    CreatePrivateServer's Avatar
    Join Date
    Nov 2017
    Gender
    male
    Location
    Singapore
    Posts
    64
    Reputation
    10
    Thanks
    14
    My Mood
    Doh
    As Zaczero says, you can use Xampp.

    But if you like NGINX, you can go with WTServer.

  4. #4
    NucleaR's Avatar
    Join Date
    Mar 2013
    Gender
    male
    Location
    4,924
    Posts
    404
    Reputation
    73
    Thanks
    392
    My Mood
    Buzzed
    Yea your site wont stay open 24/7 obviously


    Krisgame - KTool



  5. #5
    jawo60's Avatar
    Join Date
    Jan 2015
    Gender
    male
    Location
    North,Korea
    Posts
    5
    Reputation
    10
    Thanks
    1
    My Mood
    Crappy
    SAlamat nanag marami

  6. #6
    Maberon's Avatar
    Join Date
    Feb 2019
    Gender
    male
    Posts
    2
    Reputation
    10
    Thanks
    0
    Thank you, will try configuring my own server tonight, got some database software from Enteros, I'm able to use it at my work. As far as I understand, it'll be working with MySQL just great.

Similar Threads

  1. [Tutorial] Create your first Mod
    By Jorndel in forum Call of Duty Modern Warfare 2 Server / GSC Modding
    Replies: 35
    Last Post: 11-28-2018, 12:54 AM
  2. [WTS] Ebook The essential step-by-step guide to create your first website
    By snd3sound in forum Selling Accounts/Keys/Items
    Replies: 1
    Last Post: 04-30-2013, 07:34 AM
  3. [Tutorial] Create your first D3D menu for WarRock
    By AeroSkinn in forum WarRock Hack Source Code
    Replies: 18
    Last Post: 08-08-2011, 05:23 AM
  4. Replies: 36
    Last Post: 04-23-2011, 08:00 AM
  5. [Tutorial]Disabaling emu windows in your runnable
    By HolyFate in forum Gunz General
    Replies: 14
    Last Post: 02-09-2006, 11:16 PM

Tags for this Thread