UNIX System Administration Handbook - Evi Nemeth [408]
For the most part, CGI scripts are the concern of web developers and programmers. Unfortunately, in one important area CGI scripting collides with the job of the system administrator: security. Because CGI scripts have access to files, network connections, and other methods of moving data from one place to another, their execution can potentially affect the security of the machine on which the HTTP server is running. Ultimately, a CGI script gives anyone in the world the ability to run a program (the CGI script) on your server. Therefore, CGI scripts need to be just as secure as any other network-accessible program.
For a good source of information on the secure handling of CGI scripts, see the file www.w3.org/Security/Faq/www-security-faq.html.
Load balancing
It’s difficult to predict how many hits (requests for a single object, such as a text file or image) or page views (requests for all the objects on a single viewable page) a single server will be able to handle. The exact capacity of a server depends on the operating system it is running, the extent of system tuning, the system’s hardware architecture (including subsystems) and the construction of the site (for instance, is it purely static HTML pages, or are there database calls and numeric calculations to be made?). Only direct benchmarking and measurement of your actual site running on your actual hardware can answer the “how many hits?” question. Sometimes, people who have built similar sites on similar hardware may be able to give you a wild-ass guess that will be useful for planning purposes. In no case should you believe the numbers quoted by UNIX system suppliers.
That said, instead of single-server hit counts, a better parameter to focus on is scalability. Make sure that you and your web design team have a plan that allows you to spread the load of a heavily trafficked site across multiple servers. The easiest way to spread the traffic is to use commercial third-party load balancing hardware, such as Cisco’s Local Director product or the Alteon ACEswitch. These products distribute the work as specified by a variety of administrator-configurable parameters such as individual server response time and availability. Load balancing adds both performance and redundancy to your network—don’t leave home without it.
22.3 HTTP SERVER INSTALLATION
Installing a web server is easy! Web services rank far below email and DNS in complexity and difficulty of administration. You’ll be raking in the IPO bucks in no time.
Choosing a server
Most UNIX vendors do not include an HTTP server as part of their operating system distribution (although both FreeBSD and Red Hat include the Apache HTTP server). Thus, you will probably need to spend some time deciding which server is best for your application and your platform. Fortunately, several very good servers are available. The most popular ones are produced by Netscape and the Apache Group.2
You can find a useful comparison of all the currently available HTTP servers at the site webcompare.internet.com. Here are some of the factors you may want to consider in making your selection:
• Robustness
• Performance
• Timeliness of updates and bug fixes
• Availability of source code
• Cost
• Access control and security
• Ability to act as a proxy
• Ability to handle encryption
Over the last few years, Apache has been commonly regarded as the overall front-runner in terms of performance and number of operating systems supported. For these reasons, we’ve chosen it as our example server in this chapter. Other servers are essentially similar.
Compiling and installing Apache
The Apache HTTP server is “free to a good home,” and full source code is available from the Apache Group site at www.apache.org. The first thing to do is contact this site and download the latest version of the server.
Once you have downloaded the server, execute the