Setting Up A Streaming Subscription Site, Part 2

Technology sites are dominated by news of new security holes being found in Microsoft’s IIS server almost weekly. Most of the viruses and worms out there are written to attack this platform, and a huge number of servers have already been compromised by hackers (just check your server logs for proof of this claim). Compare that with an almost complete lack of reports of weaknesses in Apache servers and you have every reason to go with an open-source Web server.

Apache can be downloaded for use on either your Linux or Window servers from www.apache.org.It is easy to configure - though the user interface is non-existent. You will have to use a text editor to edit its configuration files. Installation takes maybe five minutes on a typical Windows or Linux machine, and if you take your time with the configuration options (and reading all the READMEs) it will probably take about thirty minutes to configure the basic Web server.

Obtaining a digital certificate from VeriSign

You will have to obtain a digital certificate from VeriSign if you want to configure a secure server. A digital certificate establishes a "chain of trust" between two parties – in this way, you know that you are giving your money to a legitimate, licensed business, rather than some 16-year old in an Internet café in the Ukraine. This is a one-time charge that will cost between $249 to $1,400 depending on what level of protection (the size of your encryption key) and what features you want to have. We would definitely recommend that you try their Trial Secure server ID (at the time of this writing good for two weeks) while you set up your server.

There are actually two server options for Apache. You can use an Apache module (mod_ssl) or a server with integrated secure sockets (Apache SSL). Modules are extensions to the Apache server that can be loaded at run-time to enhance its functionality.

If you’re basing your implementation on a Linux platform, you should probably choose the Apache SSL option. Unfortunately, if you are using Windows as a base for your secure server you will have to use the mod_ssl option rather than the Apache SSL server as the Apache SSL server has not been ported to Windows-based systems yet.

Apache modules are added or removed from the server by editing a configuration options file. When you restart the server the new configuration takes effect. This makes the entire process of re-configuring your server quite easy.

This being said, setting up a secure server is non-trivial – it will require you to get under the hood and plug in a few wires. We would recommend that you take the time to set up a regular Apache server before you try to install a secure server. If you want a greater level of security, Red Hat Linux provides a "secure server in a box" – their Stronghold 3 Secure Web server is $995. Fortunately, there is a lot of documentation to support the task and a very active group of users to whom you may turn for advice. The procedure for integration of the certificate should be identical for mod_ssl users. Apache tends to function the same and uses just about the same configuration files independent of the platform it is running on.

If you take your time and read all the documentation before starting, you should be up and running in as little as two hours. Budget three hours and a couple of pots of coffee and you should be fine. Better yet, bribe a programmer buddy with movie tickets and save yourself some grief.

Page 2: Keeping Track of Your Users >>