Professional Documents
Culture Documents
Advanced Web Hosting PDF
Advanced Web Hosting PDF
● Reverse Proxy
● Apache Tomcat
● Node
● Concepts of CDN
● Inspecting Webpages
● Website Migration
1. Different Apache Methods:
What is HTTP?
The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.
HTTP works as a request-response protocol between a client and server.
Example: A client (browser) sends an HTTP request to the server; then the server returns a response to the client. The
response contains status information about the request and may also contain the requested content.
HTTP Methods
------------
GET
POST
PUT
HEAD
DELETE
PATCH
OPTIONS
The two most common HTTP methods are: GET and POST.
The GET Method
GET is used to request data from a specified resource.
The data sent to the server with POST is stored in the request body of the HTTP request:
A POST request is used to send data to the server; for example, customer information, file upload, etc., using HTML
forms. The HttpClient API provides a class named HttpPost which represents the POST request.
The following table compares the two HTTP methods: GET and POST.
GET POST
Restrictions on data type Only ASCII characters allowed No restrictions. Binary data is
also allowed
Security GET is less secure compared POST is a little safer than GET
to POST because data sent is because the parameters are
part of the URL not stored in browser history
or in web server logs
Never use GET when sending
passwords or other sensitive
information!
The difference between POST and PUT is that PUT requests are idempotent. That is, calling the same PUT request
multiple times will always produce the same result. In contrast, calling a POST request repeatedly have side effects of
creating the same resource multiple times.
The HEAD Method: HEAD is almost identical to GET, but without the response body.
In other words, if GET /users returns a list of users, then HEAD /users will make the same request but will not return
the list of users. HEAD requests are useful for checking what a GET request will return before actually making a GET
request - like before downloading a large file or response body.
The DELETE Method: The DELETE method deletes the specified resource.
The OPTIONS Method: The OPTIONS method describes the communication options for the target resource.
Reverse Proxy - Nginx
A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser)
requests to those web servers. Reverse proxies are typically implemented to help increase security,
performance, and reliability.
Continue..
Common uses for a reverse proxy server
● Load balancing – A reverse proxy server can act as a “traffic cop,” sitting in front of your backend
servers and distributing client requests across a group of servers in a manner that maximizes speed
and capacity utilization while ensuring no one server is overloaded, which can degrade
performance. If a server goes down, the load balancer redirects traffic to the remaining online
servers.
● Web acceleration – Reverse proxies can compress inbound and outbound data, as well as cache
commonly requested content, both of which speed up the flow of traffic between clients and servers.
They can also perform additional tasks such as SSL encryption to take load off of your web servers,
thereby boosting their performance.
● Security and anonymity – By intercepting requests headed for your backend servers, a reverse
proxy server protects their identities and acts as an additional defense against security attacks. It
also ensures that multiple servers can be accessed from a single record locator or URL regardless
of the structure of your local area network.
Apache Tomcat
Tomcat can be used as both a web server and application server where all processing is done
by Tomcat. Apache Tomcat is a free and open-source implementation of the Java Servlet,
JavaServer Pages, Java Expression Language and WebSocket technologies. Tomcat provides a
"pure Java" HTTP web server environment in which Java code can run.
Apache Tomcat is a webcontainer which allows to run servlet and JavaServer Pages (JSP) based
web applications. Most of the modern Java web frameworks are based on servlets, e.g.
JavaServer Faces, Struts, Spring.
Apache Tomcat also provides by default a HTTP connector on port 8080, i.e., Tomcat can also be
used as HTTP server. But the performance of Tomcat is not as good as the performance of a
designated web server, like the Apache HTTP server.
Role of Tomcat server:
Tomcat is an application server designed to execute Java servlets and render web pages that
use Java Server page coding. Accessible as either a binary or a source code version,
Tomcat’s been used to power a wide range of applications and websites across the Internet.
A Node.js server makes your app available to serve HTTP requests. It provides the
interaction between users and your application. It is a lightweight and efficient JavaScript
platform that is built based on Chrome’s V8 JavaScript engine and NPM is a default
NodeJS package manager.
Node is completely event-driven. Basically the server consists of one thread processing one
event after another. A new request coming in is one kind of event. The server starts
processing it and when there is a blocking IO operation, it does not wait until it completes
and instead registers a callback function
Node. js is primarily used for non-blocking, event-driven servers, due to its single-threaded nature. It's
used for traditional web sites and back-end API services, but was designed with real-time, push-based
architectures in mind.
Hack attempts Investigation
# last
This command will show you all user that logged successfully in the host.This is a good point to
start to understand if somebody get an unauthorised access on your server.
2 – Check the running processes with TOP
With top you can verify if some application are using more resource than usual.
With this command you can also find other useful information, like free Ram, average load, number of task, CPU
load ect.
3 - Check SSH attempt connections:
Another step is to check the ssh logs to understand is somebody is trying to get access to the server,
You can check the access log to the server ( SSH ) in this way
# netstat | more
this command is will show you 2 part the first is “Active Internet connections” (w/o servers) and the second
is “Active UNIX domain sockets (w/o servers)”
5-Antivirus scan
Scan website contents using clamscan and maldet. Which will show the infected files.
Running Clamscan
Running maldet
If you find any files infected, You can null route that file by giving no permission to that file by following
command.
There are several online websites are available to test the website loading speed from world wide.
EX :- https://tools.pingdom.com/
https://gtmetrix.com/
https://developers.google.com/speed/pagespeed/insights/
Concept of CDN
EX : Clouflare Nameservers
● dns1.cloudflare.com
● dns2.cloudflare.com
Inspecting webpages
We can inspect any website from the browser itself by entering f12 key.
● Shows mixed contents
● Broken links
● Missing files
● Script errors
Website migration
Take backup of document root and database dump, then copy to the destination server.
Step 2
Restore website backup in document root assigned for website on destination server.
Step 3
Create new database and restore database dump to the new database created.
Create new database user and grant all privileges to database user.
Once these steps are done successfully, the website starting working from new server. Once you verified
this you can update the DNS records on the DNS zone of the domain which is available in DNS server.
https://hosts.cx/
https://skipdns.link/
Thank you