CSE 135: Server-Side Web Languages

Summer 2017 | University of California, San Diego CSE Department

Homework #1 - Configuring a Web Server in Support of Web Programming

This homework presents an opportunity to explore the configuration and management of Web servers in support of Web application development.

Configure an Apache Web server installed on a public facing machine on the Internet to:

  • Employ password protection - Protect your "team" site using basic authentication. Provide this username/password combo to your group (or yourself if a team of 1), TAs, and professor upon turn-in. You also will need to provide login information to your server. TAs must be provided this information as well.
  • Have a status page that indicates your name and/or team members, emails, etc. - This page must employ HTML5 and some CSS and validate (http://validator.w3.org). Make the look of the page relate or be some theme for your team - funny if you like but not offensive.
  • Use custom error pages - Design custom error pages for 404 errors and 403 errors make sure it looks like your group look and is meaningful
  • Have a favicon. - First find out what a Favicon is and configure that for your site. Make sure it works in all major browsers.
  • Have a robots.txt file - Likely a minimal format at this stage but you may want to exclude robots.
  • Deploy from Github - Your status page, custom error page and other objects must be deployable to your production server from Github with a simple command. Best answers have a simple build process to do this
  • Log Properly - First make sure log files are being created, then run some load manually on your site (no stress test) and find a log analysis program (there are many) to create a report
  • Compress Textual Content - Install or configure mod_gzip or mod_deflate to compress pages, verify that is compressing HTML, CSS and JS pages, write a brief summary of your findings. Note this may less an install and more of a configure task.
  • Obscure server identity - Remove the Server: header from the responses - multiple approaches. There are other telltale signs you may also remove if you desire. This can be hard or easy depending on how you approach this
  • Run PHP - Verify PHP runs on the server with a simple test page (ex. phpinfo() example)
  • Deliver Clean URLS - Define a scheme to have clean URLs (likely using mod_rewrite) to remove things like a PHP file extension

Because you need to provide public access to your server we suggest that you get an account at Digital Ocean. If you have your Github education pack a $50 credit will easily cover this class. You may use other hosting vendors if you like but since you need shell access to do much of this homework proceed with caution. Also note you can use public images to get PHP and Apache preinstalled but this may make things both easier and harder. Some students may prefer to install from sources or package install mechanism while others may prefer to use a Docker image or something. How you get your baseline set up is up to you but the specific points above likely will have to be addressed regardless of how core OS and Web server is configured. The installation mechanism from a Github repo to your site server can be easy or hard. There are services online such as Codeship or other CI services that may do this easily as well as scripts you can find. You also may find it possible to use Github hooks or other mechanisms to trigger things. Your goal with this portion of the assignment is to begin to automate deployment so that eventually you will be able to push new code ideas live quickly. Finally it should be noted that future homework may involve the use of NodeJS as well MySQL and/or MongoDB. You may find it useful to start the process of getting those technologies started even though there are no points currently awarded on this assignment for their use.


Back to CSE135

Grading

  • 1pt for password protect
  • 1pt for each error pages and 1 pt for design/validation of each error page (4pts)
  • 1pt for the favicon
  • 1pt for robots.txt
  • 5pts for Github deploy mechanism
  • 2pts for logging configuration and report run
  • 2pts for gzip install and summary stats
  • 2pts for server header removal
  • 2pts for URL rewriting and any extra masking or lockdown of PHP you do
  • 5pts for HTML and CSS correctness and design of your updated team page

Total: 25pts, up to 2pts extra for best practices implemented beyond these points at TA/Prof discretion

Please indicate that you are done to the TA via logistics they will define to you by 9PM 8/13.