CGS 2825 - Web Site Management

CGS 2825

Web Site Management

Fall 1999 (99-4)

Time & Place: Ref No. 08893: Thursday, 7:15 - 10:00 PM, Dale Mabry Room Tech-202

Instructor: Name: Wayne Pollock
E-mail Address: pollock@acm.org
Office & Phone: Tech-404, 253-7213.
Office Hours: Tuesday, Thursday 2:30-5:00 PM, or by appointment.
homepage URL: http://www.hcc.cc.fl.us/services/faculty/Wayne_Pollock/Index.htm

Description: "Students in this course learn how to establish and maintain a Web environment by concentrating on the establishment and maintenance of Web Servers, FTP servers, and Domain Name Servers. Other elements of the course will include security and firewalls, Proxy Servers, ~~Audio and video servers, Chat Servers,~~ establishing access policies, MIME types, and enabling CGI applications. This should be one of the last courses the student takes in the Web Technology AS degree."

The course uses Linux as the server platform and Apache as the web sever. Additional elements of this course include Perl CGI scripting and SQL database access. The class format will be lecture and discussion; class participation is strongly encouraged. In addition, there will be many hands-on exercises. Students are expected to prepare for each class by completing all reading assignments and reviewing examples.

Because of the large scope of this course, the primary focus will be web server set up, configuration, and maintenance.

Objectives: "After completing this course, the student will be able to:

establish a CGI interface for users.
create multihomed web and ftp servers.
establish TCP/IP connectivity to the Internet.
compare capabilities of various servers.
make backend databases available via a Web site.
address Web-related security and legal issues.
establish access policies for Web and FTP servers.
investigate Domain Name Registration.
build and enable a Domain Name Server."

Prerequisites: CGS 2820 (Web Authoring HTML), CTS 1106 (Unix), COP 2822 (CGI Programming for the Web), or Permission of the Instructor.

Facilities: A special lab has been set up including Linux servers/workstations with removable hard disk drives. (The lab also contains other networking hardware to support firewalls and proxies.) Students will be assigned their own hard drive for the duration of the course. This hard drive is available for your use in the open lab (room Tech-462) as well. However you will need your own floppy disks and writing materials, plus Scantron sheets for the exams.

Grading: 3 equally weighted exams: 50%
Several equally weighted projects: 50%

A=90-100, B=80-89, C=70-79, D=60-69, F=0-59

No make up exams will be offered without the prior approval of the instructor.
Class attendance is required for every class. All phones, pagers, and beepers must be turned off during class time, except with prior permission of the instructor. Credit for class participation includes attendance, preparedness, and adding to class discussions by asking questions and participating in discussions. Playing computer games, surfing the internet, or working on other assignments for this or other classes during class time will lose you credit.
Additional time outside of class will be required to complete most projects.
A project is late if not turned in by the start of class on the day it is due. Late projects will be accepted up to one week late only if you obtain the instructor’s permission at least one week prior to the due date of the project, or for a documented serious medical reason. All late projects will lose at least one letter grade penalty regardless of the reason for the delay. Projects later than one week will receive a grade of F (0).
Working together on individual assignments is considered as cheating! Cheating will result in an automatic F (zero) for the project for all parties. Note that some projects may be group projects, where each member of a small group works together on a project and all receive the same grade. You must follow the academic honesty policy for HCC. I take these matters very seriously. You have been warned!

Projects: Projects will be assigned at various times. You will have sufficient time to complete the projects. Although there will be in-class group exercises, you should work individually on the other projects. Further details will be provided in class.

Classes Begin: Monday 8/23/1999

Add-Drop ends: Friday, 8/27/1999

Last Day to Withdraw: Monday, 10/18/1999

Classes End (Finals Week): Monday 12/6/1999 - Friday 12/10/1999

No Class on: Monday, 9/6/1999 (Labor Day),
Thursday, 11/11/1999 (Veterans Day),
Thursday - Saturday, 11/25/1999 - 11/27/1999 (Thanksgiving)

Request For Accommodation

If, to participate in this course, you require an accommodation due to a physical disability or learning impairment, you must contact the Office of Services to Students with Disabilities, Dale Mabry Campus, Student Services Building Room 204. Voice Phone: (813) 259–6035, TTD: (813) 253-7035, FAX: (813) 253-7336.

Course schedule for CGS 2825

Week	Topics	Readings Due
1	Course introduction, personal introduction. Classroom procedures. Linux overview and administration. Creating user accounts. Using a web browser. Open Lab procedures and hours.	Get book; look over: preface, Chapters 5, 6, 10, 11, and Appendix A.
2	Basic concepts: Web, Internet, URLs, intranet/internet, ISPs, DNS (overview and configuration), selecting a platform, CGI and Applets and scripts, business aspects (responsibilities and rolls of a web site administrator, advertising, billing, payments, and selecting a DNS name), Security, SSL, MIME types, Virtual Hosts, Proxy servers, TCP/IP (also Ports, Daemons, Inetd), HTTP.	Chapters 1-2 (pp. 1-58)
3 4	Overview of Apache. Installation and configuration (and security). A first web site. Controlling Apache. Basic Apache directives. Virtual hosts.	Chapter 3 (pp. 59-102, 107-118)
5	EXAM #1
6 7	Overview of Perl scripting. Perl and CGI (review of HTML forms). Configuring Apache for CGI (and mod_perl and fast_CGI). Imagemaps. Server-Side Includes (SSIs). Overview of embedded scripts (PHP, ASP, etc.). Gateway services. email from CGI. Cookies. Some security concerns when using Perl or shell scripts for CGI.	Chapter 3, 8, 9 (pp. 102-107, 401-433, 457-466, 467-518, 531-536, 541-569)
8 9	Review of SQL database concepts. Installation and configuration of mySQL. Database access with CGI and Perl. Overview of applet database access (JDBC).	Chapter 8, 9, 11 (pp. 458, 518-531)
10	EXAM #2
11 12	Security issues. Authentication. User directories. Access control and policies. User tracking via Cookies. Proxy Servers, firewalls. Basic Encryption concepts. SSL (Installing, obtaining certificates, configuring, using).	Chapter 4, Appendix C (pp. 148-149, 176-202, 536-541, 723-777)
13	Additional Apache configuration and optional features: Content and Language Negotiation, Indexing, Redirection, extra modules. Site keyword searching.	439-448, 455-457, plus supplemental material (to be provided)
14	Managing a web site loose ends. Configuration of FTP servers, Mail servers.	pp. 394-400, 433-439, plus supplemental material (to be provided)
15	EXAM #3

Quotes: Tell me and I'll listen.
Show me and I'll understand.
Involve me and I'll learn. - Lakota Indian saying

Learning is not a spectator sport! - Chickering & Gamson

Sample BIND DNS files for Primary and Secondary Name Servers
(Using hcc.com for a domain on an IP network of 192.168.35.0 .)

/etc/hosts Local (and possible other) host to IP address information. /etc/networks Network name to IP address file (not required)
/etc/host.conf Determines which services should be tried to resolve names, and in what order. /etc/resolv.conf Configure the resolver libraries: default domains to search, which name servers should be used, etc.

/etc/named.conf Configures a local name server (named ver 8.x) as a primary (master). /etc/named.conf.secondary Sample /etc/named.conf which shows the configuration for a local name server (named ver 8.x) as a secondary (slave).
/etc/named.boot Configures a local name server (named ver 4.x) as a primary (master). /etc/named.boot.secondary Sample /etc/named.boot which shows the configuration for a local name server (named ver 4.x) as a secondary (slave).

/var/named/db.hcc.com DNS (zone) records for the hcc.com domain. /var/named/db.192.168.35 DNS (zone) records for the hcc.com domain. (This file contains records for 0.35.168.192.in-addr.arpa, which is used to map IP numbers to domain names.)
/var/named/db.127.0.0 DNS records for the localhost (IP 127.0.0.0). /var/named/root.cache The standard "hints" file (as of October 1999), tells DNS where the top level name servers on the Internet are.

Sample BIND DNS files for Primary and Secondary Name Servers (Using hcc.com for a domain on an IP network of 192.168.35.0 .)
/etc/hosts	Local (and possible other) host to IP address information.	/etc/networks	Network name to IP address file (not required)
/etc/host.conf	Determines which services should be tried to resolve names, and in what order.	/etc/resolv.conf	Configure the resolver libraries: default domains to search, which name servers should be used, etc.
/etc/named.conf	Configures a local name server (named ver 8.x) as a primary (master).	/etc/named.conf.secondary	Sample /etc/named.conf which shows the configuration for a local name server (named ver 8.x) as a secondary (slave).
/etc/named.boot	Configures a local name server (named ver 4.x) as a primary (master).	/etc/named.boot.secondary	Sample /etc/named.boot which shows the configuration for a local name server (named ver 4.x) as a secondary (slave).
/var/named/db.hcc.com	DNS (zone) records for the hcc.com domain.	/var/named/db.192.168.35	DNS (zone) records for the hcc.com domain. (This file contains records for 0.35.168.192.in-addr.arpa, which is used to map IP numbers to domain names.)
/var/named/db.127.0.0	DNS records for the localhost (IP 127.0.0.0).	/var/named/root.cache	The standard "hints" file (as of October 1999), tells DNS where the top level name servers on the Internet are.

Only the first four files are needed for a resolver only configuration. Note the networks file is optional. So is the resolv.conf file if you are not using DNS at all, such as in host only or NIS configurations.

In a caching only configuration you would additionally need the files named.conf (or named.boot if using an older version of BIND), db.127.0.0, and root.cache. The named.conf and named.boot files here are for a primary (or master) name server, so for a caching only setup you would need to edit the file and remove the sections that state this name server is authoritative for hcc.com and 35.168.192.in-addr.arpa. (If your caching only name server is also a fowarding server, then the root.cache file is not needed since the name server would never contact the Internet servers directly.)

Note that other files may be used to support networking and DNS on different Unix and Linux versions. Some of these might be /etc/HOSTNAME, /etc/system.cnf, /etc/rc.config, /etc/inetd, /etc/nsswitch, /etc/sysconfig/*, and possibly others. To find out which, use find and grep to locate files under /etc that contain IP numbers or commands such as "route" and "ifconfig". When all else fails, you can always read your system documentation!

Part of the DNS setup includes creating aliases for a host, and setting up MX records for email. For this to actually work, the MTA (Mail Transport Agent or MAILLER-DAEMON) must be configured properly as well. Usually this is the sendmail program, with its configuration file /etc/sendmail.cf. This (and other MTAs) can be quite tricky to configure correctly!

There is a system configuration tool for Linux called linuxconf that is designed to configure Linux systems, regardless of which distribution you may have. This package can be found on the internet if not already installed on your system.

Sample CGI Perl Scripts using MySQL database (via the DBI module)

HccDump The SQL statements needed to create the hcc MySQL database. graphics.tgz The gzipped tar file containing the sample gif files for the hcc.com postcard system. (Unpack in the directory: DocumentRoot/graphics)
send-postcard.pl Perl script to send an e-card; uses CGI and DBI (DB access). show-postcard.pl Perl script to retrieve an e-card; uses CGI and DBI.

Other Sample files (use as models for your own site)

robot.txt Tells Webots (Web Robots, or Spiders) what part of your website can be indexed. httpd.conf Sample Apache configuration file.
<ServerRoot>/passwd Apache password file for restricted access by users. <ServerRoot>/group Apache group file for restricted access by groups.

Sample CGI Perl Scripts using MySQL database (via the DBI module)
HccDump	The SQL statements needed to create the hcc MySQL database.	graphics.tgz	The gzipped tar file containing the sample gif files for the hcc.com postcard system. (Unpack in the directory: DocumentRoot/graphics)
send-postcard.pl	Perl script to send an e-card; uses CGI and DBI (DB access).	show-postcard.pl	Perl script to retrieve an e-card; uses CGI and DBI.
robot.txt	Tells Webots (Web Robots, or Spiders) what part of your website can be indexed.	httpd.conf	Sample Apache configuration file.
<ServerRoot>/passwd	Apache password file for restricted access by users.	<ServerRoot>/group	Apache group file for restricted access by groups.

Send comments and mail to Wayne Pollock.

pollock@acm.org