MIT

Web Guide is no longer being maintained and the information on this page may be out of date. For assistance with managing course materials, please visit MIT's Stellar course management system.

Academic Web Page Creation Guide


Publishing Your Pages > Running Your Own Web Server

Running Your Own Web Server

Some requirements are best met by running your own Web server. However, this should be viewed as a serious responsibility. You must decide how long you can afford to have the server be unavailable, and plan to ensure that you can recover from disaster within that time. E.g. that may require someone to carry a pager, and you may need to have a replacement system on standby.

Be aware that running a Web server makes your machine very interesting to malicious people with time on their hands. You must be extra careful to keep your machine secure. CGI scripts you run may introduce security flaws. Two main concerns are errors which may allow an intruder to access your machine to run their own programs, and flaws which allow someone to overload your server or overfill your hard drive producing a `denial of service'.

To avoid and recover from disaster:

Use an uninterruptable power supply
There are occasional power outages, some short and unplanned. A UPS can keep your server running through short outages, and give you time to shut the machine down gracefully and avoid hard drive damage. GovConnection sells UPSs from APC and Tripp Lite. For more information on using a UPS, see Using a UPS to Prevent Hardware Problems.
Keep backups
This should be obvious. You can use TSM (ADSM) or keep your own media. Be sure you know how to restore quickly, and consider how you'd restore the data to another computer if time-consuming repairs to the server machine are needed. For further protection, keep backup media in a separate location, as far away as practical, in case of major disaster which destroys an entire room or building.
Pay attention to physical security
Make sure your server can't be stolen.
Pay attention to network security
Pay attention to the network security of your computer. Be sure to correct any known OS security flaws. Only use encrypted telnet, ftp, and http to protect passwords. A Web server is a tempting target for someone who wants to produce electronic graffiti or worse. See the Information Security Office for more information.

For more information: