WEB HOSTING

Prepared by: GROUP 13

 HTTP
HTTP (Hypertext Transfer Protocol) - is the foundation of
communication on the web, allowing clients (like web
browsers) to request resources from servers using a system of
requests and responses.

-used whenever you visit websites, submit forms, interact with

web apps, or fetch data from APIs. It powers everything from
loading a simple web page to communicating with cloud
services.
 WEB SOFTWARE BASICS
A variety of open-source web software helps build flexible and
resilient web applications.

Below are key components in the web application stack that use HTTP:

Application Server
Runs web application code and connects with web servers
Examples: Unicorn, Tomcat

Cache
Speeds up access to frequently requested content
Examples: Varnish, Squid
Load Balancer
Distributes requests across multiple systems for efficiency
Examples: Pound, HAProxy
Web Application Firewall (WAF)
Inspects HTTP traffic to block common cyberattacks
Example: ModSecurity
Web Server
Serves static files (HTML, images, etc.) and connects to other servers
Examples: Apache, NGINX
Web Proxy
Acts as an intermediary, forwarding HTTP requests to their destination
Often transparent to clients; used in load balancing and firewalls
WEB HOSTING IN
THE CLOUD
The hosting of web applications has been completely
transformed by cloud computing. For traditional methods to
guarantee high availability and performance, costly, over-
provisioned infrastructure was needed.

Cloud hosting, on the other hand, provides scalable, affordable,

and on-demand options. This talk explains how cloud-based
web hosting, particularly with Amazon Web Services (AWS),
offers dependable, scalable, and effective options.
 CHALLENGES WITH TRADITIONAL
WEB HOSTING

requires precise traffic forecasting

leads to high operational cost

often underutilizes hardware during low-traffic periods

cannot dynamically scale to handle traffic spikes

 BENEFITS OF CLOUD-BASED
HOSTING

scalable infrastucture

cost-effective models

reliable

built-in security and loading balancing

 AWS ARCHITECTURE FOR WEB
HOSTING

EC2 Instances for compute power

Elastic Load Balancer (ELB) for traffic distribution
Auto Scaling Groups to match demand
Amazon S3 and CloudFront for static content delivery
Amazon RDS/SimpleDB for scalable database hosting
Security Groups for fine-grained access control
 AWS FEATURES THAT ENHANCE
WEB HOSTING

Auto Scaling – Automatically adjusts resources to match

real-time traffic
Elastic Load Balancing – Manages traffic distribution for
availability
Elastic IPs & DNS Management – Simplifies routing and
public access
Amazon CloudFront – Fast global content delivery
Amazon EBS & S3 – Persistent and redundant storage
options
 SECURITY IN CLOUD

Each instance can have customized Security Groups

Traffic between web, application, and database layers can
be strictly controlled
Instances are isolated and dynamic, requiring flexible,
firewall-based access planning This shift from traditional
perimeter-based security ensures stronger, more granular
protection.
 ARCHITECTURAL SHIFT IN CLOUD
HOSTING

No more physical appliances (e.g., routers, firewalls)

Hosts are ephemeral—designed to scale and fail gracefully
Configuration and deployment must be automated (e.g.,
bootstrapping new servers)
Applications must support distributed and dynamic
environments
APACHE HTTPD
 APACHE HTTP SERVER

Apache HTTP Server, commonly known as Apache or Apache

Httpd.
It is an open‐source web server that has been a cornerstone
of the internet since its inception in 1995. Developed by the
Apache Software Foundation.
It quickly became one of the most popular web servers
worldwide thanks to its reliability, flexibility, and robust
community support.
 ORIGINS

Apache began as an enhancement of the NCSA HTTPd server,

with its first public release in 1995.
 GROWTH

It played a major role during the early expansion of the World

Wide Web and quickly overtook its predecessors.
 COMMUNITY AND GOVERNANCE

The Apache Software Foundation now oversees development,

ensuring high-quality updates and security patches.
 MARKET PRESENCE

Even today, Apache remains one of the leading web servers

across various platforms.
 ARCHITECTURE AND MODULAR
DESIGN

Flexibility: Administrators can enable or disable features as

needed, from URL rewriting (mod_rewrite) and SSL
encryption (mod_ssl) to advanced logging
(mod_log_config).
 ARCHITECTURE AND MODULAR
DESIGN

Multi-Processing Modules (MPMs): Options like the prefork,

worker, and event MPMs allow Apache to optimize resource
usage and scalability based on workload.
Per-directory Configuration: Through .htaccess files,
Apache allows fine-grained local control over the server’s
behavior.
 FEATURES

Cross-Platform Compatibility: Runs on Unix-like systems,

Windows, OpenVMS, and more.

Virtual Hosting: Host multiple websites on a single server.

Security Modules: Numerous built-in modules and third-

party integrations help protect against threats.
 FEATURES

Dynamic Content Support: Integrates seamlessly with

scripting languages (PHP, Perl, Python) forming the
backbone of the LAMP stack.

Customizable Error Handling and Logging: Enhance

troubleshooting and monitoring capabilities.
 SECURITY BEST PRACTICES

Regular Updates: Keep Apache and its modules up to date

to patch vulnerabilities.
Access Controls: Use authentication, authorization, and
proper permission settings.
Module Management: Disable any non-essential modules
to reduce potential attack surfaces.
 SECURITY BEST PRACTICES

Security Modules: Integrate modules like mod_security or

mod_reqtimeout to mitigate common attacks (e.g.,
Slowloris).

Configuration Hardening: Limit or restrict access via

.htaccess and secure by default (e.g., turning off
unnecessary directory listings).
 PERFORMANCE TUNING AND
OPTIMIZATION

Choosing the Right MPM: The worker and event MPMs allow
for a balance between performance and resource usage
compared to the prefork model.
Connection Handling: Enable features like KeepAlive to
allow persistent connections and reduce overhead.
File Delivery Optimizations: Utilize features such as sendfile
and memory-mapping (mmap) where supported.
 PERFORMANCE TUNING AND
OPTIMIZATION

Resource Limits: Configure directives such as

MaxRequestWorkers to ensure the server does not become
overloaded.

Fine-Tuning Configurations: Optimize settings like

AllowOverride, caching modules, and compression (gzip)
to improve response times.
 USE CASES AND ADVANTAGES

Small to Large Websites: Whether hosting a personal blog

or a high-traffic enterprise site, Apache provides the
scalability needed.

Development Flexibility: Its extensive module system and

support for multiple programming languages make it ideal
for diverse applications.
 USE CASES AND ADVANTAGES

Customizable Deployments: From static content delivery to

dynamic web applications on the LAMP stack, Apache fits
various use cases.

Proven Track Record: Its long history of stable performance

and widespread adoption makes Apache a reliable choice
for many organizations.
 USE CASES AND ADVANTAGES

Customizable Deployments: From static content delivery to

dynamic web applications on the LAMP stack, Apache fits
various use cases.

Proven Track Record: Its long history of stable performance

and widespread adoption makes Apache a reliable choice
for many organizations.
 NGINX
Installation, Configuration, TLS,
and Load Balancing
 INTRODUCTION TO NGINX
• NGINX is an event-based web server optimized for
high concurrency.

• Uses master-worker architecture to efficiently

handle thousands of requests.

• Preferred for high-volume and performance-

sensitive websites.
 INSTALLING AND RUNNING NGINX
• Package availability varies by OS (Debian, RHEL, FreeBSD).
• Use official nginx.org packages for updated versions.

Commands:
- 'nginx -c' to specify config file
- 'nginx -t' to test config syntax

• Supports signals like TERM, QUIT, USR1, HUP, USR2 for

management.
 CONFIGURING NGINX
- Configuration is C-style with curly braces and
semicolons.

Key contexts: main, events, http, server, location.

- Use server_name and root directives to define virtual

hosts.
- Supports regular expressions and named captures in
server_name.
 CONFIGURING TLS FOR NGINX
Enable TLS using ssl on; specify cert and key files.

Use only TLS protocols (disable SSL).

Configure strong cipher suites and prefer server ciphers.

Use ssl_certificate and ssl_certificate_key directives.

 LOAD BALANCING WITH NGINX
- Use an upstream module to define server groups.

- proxy_pass to distribute traffic among backend servers.

- Health checks with conditions (status code, headers, body

match).

- Configurable fail over and recovery settings (max_fails,

passes).
 IMPORTANT NGINX COMMANDS &
EXAMPLES
• Start NGINX:
-sudo systemctl start nginx

• Stop NGINX:
-sudo systemctl stop nginx

• Restart NGINX:
-sudo systemctl restart nginx
IMPORTANT NGINX COMMANDS &
EXAMPLES

•Reload configuration:
-sudo nginx -s reload

• Check config syntax:

-sudo nginx -t

• Run with custom config:

-nginx -c /path/to/nginx.conf
 IMPORTANT NGINX COMMANDS &
EXAMPLES
• Proxy pass example:

location /nginx/ {
proxy_pass http://nginx.org/;
}

• TLS setup example:

-ssl_certificate /etc/ssl/certs/admin.com.crt;
-ssl_certificate_key /etc/ssl/private/admin.com.key;
 IMPORTANT NGINX COMMANDS &
EXAMPLES
• Load balancing example:

- upstream admin-servers {
server web1.admin.com:8080;
server web2.admin.com:8080;
}
 HAPROXY
Key Concepts, Configuration
& Use Cases
 WHAT IS HAPROXY?
HAProxy (High Availability Proxy) is an open-source
software widely used for load balancing and proxying TCP
and HTTP-based applications.

Highlights:
Supports sticky sessions
Advanced health checks
TLS and IPv6 support
HTTP compression
HTTP/2 (in development)
 HAPROXY CONFIGURATION BASICS
Config file: haproxy.cfg
Location examples:
Debian/RHEL: /etc/haproxy/haproxy.cfg
FreeBSD: /usr/local/share/examples/haproxy

Simple Round-Robin Example:

frontend http-in
bind *:80
default_backend webservers

backend webservers
balance roundrobin
server web1 10.0.0.10:8080
server web2 10.0.0.11:8080
 FRONTEND AND BACKEND EXPLAINED

Frontend:
Receives client requests — defines port, IP, protocol.

Backend:
Sends requests to the right server — handles
routing and load balancing.
 TIMEOUT AND PERFORMANCE TUNING

Settings in defaults section:

timeout connect: Time to establish server connection

timeout client/server: Time to wait for response

Tip: Lower timeout on LAN environments (e.g., 500ms for

connect)
 SERVER STATISTICS VIA WEB UI

HAProxy stats module:

listen stats :8000

stats enable
stats uri /
stats auth myuser:mypass

View live backend status

Manually enable/disable servers
 TLS TERMINATION

Terminate TLS at HAProxy frontend:

frontend https-in
bind *:443 ssl crt /etc/ssl/private/admin.com.pem
default_backend webservers

Use a .pem file combining private key and cert.

Security Tip: Set chmod 400 on PEM file.

 BEST PRACTICES

Disable outdated SSL protocols

Use strong ciphers
Automate health checks
Monitor traffic via stats
Use sticky sessions only when necessary
 THANK YOU
GROUP NAMES:
AMPATIN, EMANUEL
BONCALES, CLARK
BERMUDEZ, JUNE LUIS
CACAYAN, PEARL JANETTE