Building Your Own Internet Site
When I needed to build a development and demonstration system to start my own Internet-based business, I decided to explore how to build an Internet site for education and low-end business support. The technologies I chose allow an individual to build a site he or she can control and use for experimentation.
If you own your own site, you have complete freedom to explore technologies like Internet security, CGI (Common Gateway Interface) and Java servlet development. Much of the work in this area is handled behind the doors of an ISP (Internet Service Provider); there are significant costs involved in CGI and other server-side programming.
These technologies are difficult to deal with, since they may introduce security flaws to an Internet site. Trying to stress the security would certainly stress the system administrator. Features like CGI and Java Servlets are programs that attach to the back side of a web server. The owner of the web server would be negligent if he simply allowed a customer to add programs without serious testing.
When you are using an ISP, you are limited by the ISP to specific technologies. Many ISPs will not permit CGI and Java servlet programs to be used with even their basic ISP plans. More advanced business plans often allow CGI or Java servlets, but will restrict upgrades to your site by requiring that you pay them to test your code before it goes live. This introduces delay, and control limitations that may prohibit some features from being deployed on your site.
To the small business, a personal Internet site offers flexibility that is usually the domain of larger competitors. When you own the site, you can make changes quickly and at relatively low cost. You must also bear the responsibility for maintaining a secure site and liability for the content of the site.
To keep the cost of our proposed “Personal Internet Site” low, the majority of the software used will be freely available operating system, programming tools and network software. The Free Software Foundation and thousands of developers around the world have contributed to a large base of freely available software. The availability of free or nearly free software makes constructing the system outlined in this article an achievable goal.
The initial system will consist of several Intel-based personal computers running Linux. For this project, I have selected SuSE Linux 5.3. This is a recent distribution, with support for most of the features needed for an Internet site. The system will support a web server with a Java servlet runtime module. This configuration supports dynamically created web pages using a JDBC (Java Database Connectivity) compliant database.
Three PC class systems (AMD 5x86 133) and two K6-2 systems at 300+ MHz will constitute the processing core of this site. One system will handle firewall, proxy and routing duties. (For details on setting up these services, see “My Linux Home Network” by Preston Crow in this issue.) These are the services that allow our site to be visible to the Net and able to see the Net safely. The other systems will support production services and development support, respectively. Possibly an old 486 DX2 66 will be dusted off for a very light Internet appliance task.
An appropriate modem supporting the physical and link-level connectivity will be installed on the slowest system that can keep up with the data stream while handling the task of firewall chores, DNS and routing. By trimming the OS down to minimal-required functionality, it can be small enough to allow an older machine to be used for this dedicated connectivity task. The Linux Router Project (LRP) has a minimal configuration defined to support systems as small as a 386SX 16 with 8MB of RAM. (For details, see “The Linux Router Project” by David Cinege, LJ, March 1999.) This is an input- and output-intensive process, and it doesn't take much computer to keep up with a 128KBps data stream.
The Linux OS with networking support for IP configuration will be standard on all systems. In order to best optimize the OS, I have reconfigured and compiled the Linux kernel using the parameters required to provide networking features for an Internet site. This includes all support for the hardware network interfaces as well as IP networking and firewall options. All nonessential capabilities, such as multimedia features, are removed.
Web support consisting of the Apache web server with Java servlet extensions is already installed and running. Early prototyping of production systems will include Java JDBC server-side support. (See “Using Java Servlets with Database Connectivity” by Bruce McDonald, LJ, June 1999.) Database chores will initially be handled by PostgreSQL. (See “PostgreSQL—The Linux of Databases” by Rolf Herzog, LJ, February 1998.)
Fast Ethernet is used between the existing systems at the site. Systems not visible to the Internet will use IP (Internet Protocol) masquerading to enhance their security. (See “Setting Up a Linux Gateway” by Lawrence Teo in this issue.)
Connecting to the Net requires that we deal with issues related to physical and logical connectivity. The physical connectivity issues are based on the selection and provisioning of telco (telephone company) or cable lines. The options for physical connectivity with modest bandwidth appear to be ISDN (Integrated Services Digital Network), DSL (Digital Subscriber Line) and cable IP services.
The services I need to connect to the Internet fall into two categories: telco services and IP access provider. I really don't need ISP (Internet Service Provider) services, because I will be my own ISP. All the services an ISP usually provides are available on the system as I have it configured.
Of the technologies available, ISDN is the oldest, dating back to 1978. DSL and cable modems are relatively new technologies and availability is limited for all these technologies. (See “The (not so) Wonderful World of High-Speed Internet Access” by Jason Schumaker in this issue.) Since DSL and cable IP are not available in my area, connectivity will be provided by an ISDN line. Internet access is provided by US West and can be connected 24x7 (24 hours a day, 7 days a week) with “on demand” service. In the interest of keeping the initial cost of the site down, I have arranged to obtain a used 3Com Impact IQ ISDN network adapter (they really aren't modems) to attach my system to my selected IP access provider.
On the logical side of connectivity, we need routing support and an Internet address. In this case, the US West Network will provide routing and DNS (Domain Name Services) support to my site. To be addressable, I need an IP number for my site. Eight static IP numbers are being rented from US West for $15.00 US per month. This yields five usable IP addresses, with the remainder used for configuration purposes. (See “Simplified IP Addressing” by Gene E. Hector, LJ, January 2000.)
This configuration has been successfully tested from the Net. I connected the system, noted its dynamic address, then logged in to the system with HTTP, TELNET and FTP sessions from a remote location. This assures me the system configuration is ready to support the services I plan to use for this Internet site.
To be visible to users of the Internet, the site will need to have a domain name that is registered with an organization called Internic. The web page at http://www.internic.net/ has the information and forms to register a domain name. In order to register for a domain, you must have a primary and a secondary DNS with which you define your system. The people who are responsible for those systems should be aware of your intentions, or you may find your site falling off the Net.
A domain name is required to be visible as something other than its assigned IP number. It would be difficult to remember network addresses in the IP number format of ###.###.###.### (e.g., 192.168.1.1), so a domain name puts our site in the form of “mySite.com”. The Internet Access Provider will have to provide DNS visibility to the rest of the Net for my five static IP addresses and the domain name or names they represent.
Once I have a domain name, I can add aliases and extensions to define additional systems and services. For web access, a simple http://www.mySite.com/ produces a URL to access web pages. E-mail provided by an ISP is usually rather limited, often to five or fewer mailboxes. When you own the site and the mail router, you can have as many mailboxes as you wish. An outside user can send mail to me@mySite.com, and my own mail server will get it to my mailbox.
It is possible to start up an Internet site with typical ISP services in your home office. The availability of industrial-grade software for free is one of the key elements that makes this possible. Low-cost computers would not be enough if you had to add tens of thousands of dollars in license fees to the system. This quickly becomes prohibitive without free software.
From an educational perspective, this is an excellent platform for expanding skills. The OS and tools provide a high-quality system, with source code to delve into as necessary. Open standards are strongly supported and all major Internet development languages are available.
A variety of skills are related to developing and managing an Internet presence. This configuration can be used to study Internet site security, including common tools like Satan or Tripwire. These two tools help an administrator verify security and help detect breaks in activity, respectively. Other uses of the site once it's up include e-commerce and application server development. Using technologies like JDBC (Java Database Connectivity) and CORBA allow the development of significant commercial projects.
Of course, if you should outgrow these systems, it is possible to move up to RISC-based hardware with Linux, as it runs on DEC Alpha, PowerPC, SPARC and MIPS processors as well as Intel. The upgrade path to other hardware and other UNIX implementations is much easier from Linux than from an Apple, a Windows NT Server or proprietary network elements.
Tony Dean can be reached via e-mail at firstname.lastname@example.org.