HomeBrainDump Creating a Web Test Environment in Windows
Creating a Web Test Environment in Windows
As a web developer, having a localized web test environment is priceless. Having to constantly upload pages for testing after each edit is extremely time consuming and monotonous. In this article we’re going to take a look at creating a localized web test environment.
The greatest majority of web sites run on the Apache web server. Since Apache is most stable and most secure on Linux, this tends to be the trend, while most Windows-based servers are serving pages with IIS.
Another great majority of sites are developed using PHP on Linux. This is largely due to that fact that it is open source and very widely supported. Its chief competitor, of course, is ASP. Since ASP is a Microsoft technology, it is largely proprietary.
So what does all this mean?
Chances are that if you are a web developer and you're not developing on Linux, you're probably developing for Linux. So today we're going to take a look at how to install the most common components of a Linux server in Windows.
The idea here is to create a development and testing environment that is as close to the live environment as possible. Of course, for this article we're barring the idea of running virtual servers.
Let's take a look at what we'll be using. The list of titles below will create a very common setup found on most Linux servers. We're, of course, using the latest versions of the software available at the time of this writing. You should always take advantage of the newest releases available since programs are frequently updated for security.
Apache HTTP Server 2.2.4 with Openssl 0.9.8d
PHP 4.4.6 and PHP 5.2.1
PEAR 1.5.3
Perl 5.8.8.820
MySQL 5.0.37
Now, you could download and install all of these components separately, but chances are that getting them configured properly would take you quite some time. Thankfully, there's an easier way.
Knowing that installing and configuring Apache and the other necessary components is not easy, the kind folks over at Apache Friends decided to make things a little easier by developing XAMPP. XAMPP is a single installer that installs the whole package in a preconfigured, ready-to-run state.
The core of the project, of course, is Apache web server but they've included virtually everything you need, including support for PHP, MySQL, Perl, OpenSSL, and more.
You can download the XAMPP for Windows installer by visiting the ApacheFriends site. Installing XAMPP is simple and straightforward.
After starting the install, you'll be prompted for the language you would like to use. Next, you'll be asked to choose an installation directory. I recommend not putting this in your Program Files folder. You want this somewhere with easier access.
If you can, you should install this to a dedicated drive. This allows you the most flexibility for added security if you plan on running this for public access.
In the next stage of the installation you will be asked how you would like to install the XAMPP programs. I recommend choosing to install all of the components as services, especially if you will be running your web server full time. This allows your web server to function even when no one is logged on.
Once all of the files are copied, the installer will launch the PHP installer. This will set everything up for you without any input from the user.
At this point in the installation, all of the programs have been installed. The XAMPP installer will now attempt to start your web server. If you have Service Pack 2 installed, which you should, you will likely see a warning message like the one pictured above. Click the Unblock button to configure the Windows Firewall to allow access to Apache.
If you have some other third-party firewall installed, you will likely see a similar message. Choose whatever option allows access. If you have the option to remember this decision or to always allow, you should set that as well.
At a minimum, you will need access to Port 80. This is the standard port on which web servers operate. If you are running this on an intranet, you may wish to configure it differently for security purposes.
At this point your web server is installed and running which means it is serving pages. You can access your website locally by either using a hostname or a direct IP address. Opening your browser and navigating to http://localhost or http://127.0.0.1 will do the trick.
If you are on a network, you can also use your machine's hostname or IP address. In fact, you can use any network addressing method that points to your computer. You should keep this in mind if you are on a network or connected to the Internet for obvious security reasons. You are running a web server just as public as any other out there.
It should be obvious at this point that it's time to take some security precautions. Don't worry. The guys over at ApacheFriends took this into consideration too. With everything installed correctly you should see the screen above when you navigate to your web site.
Once you know everything is functioning properly, click the Security link in the menu on the left. XAMPP provides a built-in security check to make your life easier. With the default installation, the majority of things on the list will be marked as Unsecure. Click the link provided and run XAMPP's Security Console to begin fixing these vulnerabilities.
On this screen you'll be able to set the root password for your MySQL installation. This will prevent outside sources from accessing your databases. You're also given the opportunity to password protect the XAMPP directory so that no one else will be able to access this security console.
All remaining security fixes will have to be made manually, but it's not too hard.
As the Security Console shows you, there is a vulnerability in the FileZilla FTP server. There are a few ways to handle this. First, if you don't intend to use the ftp server, you can simply disable it. The same goes for the Mercury Mail server if installed.
Close your browser now, and double click the XAMPP icon on your desktop to start the XAMPP Control Panel. Here you have quick access to all of the components.
You can start and stop the various services quite easily from here. You can also click the Admin buttons for quick access to the control programs. Click the button to open FileZilla's administration utility.
The first thing you should do is secure this utility. Click the Settings button on the toolbar. Now select Admin Interface settings in the navigation pane to set an administrator password.
Next, click the Users button. XAMPP creates an account called newuser during the installation to test functionality. This account does not have a password and could present a vulnerability. You have two choices. You can set a password for this user or in most cases just delete it.
If you have the Mercury Mail server installed, you should follow similar procedures to protect it. Again, the test user can simply be deleted.
You now have a fully operational web server for local testing or serving web pages. Your web root is a folder called htdocs located in the XAMPP directory you chose during installation.
In my next article I'll take you through some of the steps necessary to configure this setup more like a traditional web server. I'll also show you how to unlock its true potential as a test environment.
If you're planning on running this as a public web server or a local intranet, I'll also show you what other security precautions you need to take into consideration. Until next time...
BrainDump 
Implement Gzip and Deflate Compression in ASP.Net
