[GUIDE] Setting Up A Safe Webserver

[Warmonger]

Okay, since most of you been using the famous "Xampp" to host your web content for your servers. I figured I would lend out a helping hand once again. And help you setup a fast, free, and secure web server. Lets face it 90% of intrusions are done through the web server. Lets get started.

Requirements

NGINX =

You must be registered to see links

Stable Versions (Current : 1.0.5)
PHP =

You must be registered to see links

VC6 x86 Non Thread Safe (ZIP)

Install

• Open your "My Computer" and navigate to your "C:" drive. When there create two folders named nginx and php.
  
• Open up your downloaded version of nginx and extract it to your "C:\nginx" directory.
  
  
  
  
• And then do the same for php.
  
  

Setting Up PHP

Now our server files are installed we need to set them up. First navigate to "C:\php" and rename php.ini-recommended to php.ini.

Open php.ini in notepad and press CTRL + F and enter extension=php_bz2 into the search box, then hit Find Next and Cancel.

And enable the following extensions:

• php_bz2 (this is useful for large math [which is useful when dealing with item serials!])
• php_gd2 (for image generation, i.e. CAPTCHA images or signature generation scripts)
• php_openssl (for TLS support - so you can connect to secure sites like PayPal)

You must be registered to see links

is a full list of php extensions, only enable what you need! If you need

You must be registered to see links

for some reason (forums) then enable php_mysql. Forum software will most likely tell you what needs to be enabled in order for them to run properly (wont go into detail). I suggest using

You must be registered to see links

as its the safest free forum software on the web.

Now were back to searching, press CTRL + F and enter allow_url_fopen into the search box. Make sure it reads allow_url_fopen = Off. This will prevent code from using fopen() to download remote files (i.e. PHP scripts) and locally executing them to compromise your system.

Now search yet again for extension_dir = "./" and make it read extension_dir = C:\php\ext

You can now save php.ini and close.

Setting Up Nginx

Open up "C:\nginx\conf\nginx.conf" in Notepad.

Hit CTRL + F and search for location / { it will look like this.

        location / {
            root   html;
            index  index.html index.htm;
        }

Change the root so it says C:/nginx/html, and add index.php under index like so.

        location / {
            root   C:/nginx/html;
            index  index.php index.html index.htm;
        }

Then, Hit CTRL + F and search for error_page 500 502 503 504 /50x.html; it will look like this.

error_page   500 502 503 504  /50x.html;

Add in error codes 404 and 403 to the list like so. DO NOT DELETE C:\nginx\html\50x.html EVER!

error_page   500 502 503 504 404 403  /50x.html;

Next, Hit CTRL + F and search for location ~ \.php$ { it will look like this.

        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

Un-comment it all and change the fastcgi_param so it looks like this.

        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

Save and close nginx.conf.


Running The Server

Download the Control.zip attached below, And extract it "C:\". Double click Start.bat to start the web server , or double click Stop.bat to stop the web server.

Note: The server isn't running as a service so every time your machine reboots, you will have to launch the web server. I will make a tool to install it all as a service shortly and update this post.

Your documents root will be at "C:\nginx\html\", this is where all your website scripts & files will go. To test your nginx & php installation open notepad and paste in this.

<?php
phpinfo()
?>

Save as index.php and place it into your document root "C:\nginx\html" (make sure you delete index.html or rename it).

If you navigate to your website (localhost) and all goes well you should see your PHP info.

If you have a missing MSVCR71.DLL error you can download the library here.

http://www.dll-files.com/dllindex/dll-files.shtml?msvcr71

Just extract to your "C:\WINDOWS\system32" directory.

Have fun.

 

[Mennis343]

Re: [Guide] Setting Up A Safe Webserver

Hi for some reason I keep getting an error "Windows cannot find 'nginx'. Make sure you typed the name correctly, and then try again. to search for a file, click the start button, and then click search." I was wondering if you could tell me if I was doing something wrong. Thanks

 

[megachomba]

Re: [Guide] Setting Up A Safe Webserver

well, in general, nobody set ups a webserver at home >.>.

using ftp quite secure, but if you put it on a windows server, just use the IIS that its usualy provided with it.

 

[Warmonger]

Re: [Guide] Setting Up A Safe Webserver

well, in general, nobody set ups a webserver at home >.>.

using ftp quite secure, but if you put it on a windows server, just use the IIS that its usualy provided with it.

IIS is good if you like a slow, memory hog.

 

[4pLay]

Re: [Guide] Setting Up A Safe Webserver

Where's The Control.zip?...