So you want to run a web server?

1. To run a server for an MIT organization (office, department, class) you should have the skills of a system administrator. Nothing less will do, on behalf of your organization. Don't expect support from anyone else at MIT.
2. What happens if your server stops working on a weekend? Is the information on that server mission critical to your organization or to your audience? Plan the hours the server should be up and plan the needed human resources accordingly. If there is a crash:
   • Are backups available? What is your backup procedure? Consider putting class syllabi and assignments on Athena and using your server for specialized CGI scripts. Putting the information which represent the most critical part of your site into AFS increases its availability (it is a shared file system) and ensures that it is backed up on a nightly basis. AFS space is assigned by type of organization: academic, departmental/administrative and student activity/living group/UROP.
   • Is someone available to restore the service? More than one person should be able to access the server as superuser/administrator. You can never plan for every absence of one webmaster.
3. Pay attention to the server's log files filling the partitions. Check the machine logs for hardware problems.
4. Take note (in advance!) of when the server certificate expires and request a new one in time.
5. For security reasons, do not run the server as root (configurable through httpd.conf).
6. Be aware that running a web server makes your machine very interesting to malicious people with time on their hands. You must be extra careful to keep your machine secure.
7. To make sure that nobody broke into the machine, routinely check the log files.
8. If a break-in does occur, will someone with enough knowledge be available to completely reinstall and reconfigure the machine? It's not enough to just have the "expert" around the set up the server the first time. If there is no one available to help, can you afford the down-time?
9. To enable us to tell you about new revs of the software, Security Alerts, known bugs let us know that are using the software: register with us as a user.