5 things that I look for when getting PHP / MySQL Web Hosting

1. SSH Access
Ftp access is not enough anymore as it is insecure (password is being transfered in plaintext). Besides, SSH access enables me to download updates and patch and updates directly inside the web server instead of having to upload it bit-by-bit from FTP server. Normally, some web hosting provider refuses to give SSH access out fear that their security would be compromised, well those providers aren’t for me.

2. PHP / MySQL release
Alot of webserver claimed to have the *latest* release of PHP and MySQL running on their webserver but is it true? Not all latest software are good/great, I will always ensure that the one offered by the web hosting is the most suitable for my application need.

3. Customizable DNS Record (NS)
A feature noticeably lacking in CPanel (I hate CPanel, with a passion). A customizable DNS record allows you to freely change your domain A, MX and CNAME record to point somewhere else. Sometime the domain registrar (ENOM comes in mind) lets you customize your own DNS Record without web hosting providers help. The ability to change DNS Record is important because it lets you host part of your web application somewhere else like by using Google Apps, etc.

4. Shared Hosting or Virtual Private Server (VPS)
Shared Hosting is probably the best choice if you are just starting to learn on how to host your own php/mysql application. Things to look in Shared Webhosting is whether you are within a ‘bad neighborhood’… meaning that whether my website has to share the same server/ip address with notorious spammers as this will affect website reputation. Plus, bad neighborhood is also the main cause for frequent downtime and website slow downs.

VPS is probably a better choice, but it requires some administrative skills from the site operator (read: you!) side. Things to look for in VPS hosting option is the total RAM and processor slice. If you are hosting a busy website with more than 5000++ unique visitors per day, then do not take a VPS with less than 512MB RAM, because you may find that it won’t cut it. Busy websites require higher RAM, it would also help if you use lighttpd or nginx webserver instead of the resource-hungry Apache. One more thing, when surveying for VPS provider, I will almost certainly look for the one that allows on-the-fly resource resizing or at least offer the option of letting users to re-size resources by themselves.

5. Mod Security Filters
This is in case of shared hosting — Mod security in Apache enhances the security of Apache-hosting websites. Although this feature is rarely advertised on the web hosting providers’ site, It is actually one of the most important feature to have, especially if you are going to host high-risk web application. I would prefer one that allow customization in ‘.htaccess’ file.

That’s it, the FIVE (5) things that I always look for when surverying for web hosting provider. Some of you might notice that I didn’t mention SLA (eg: 100% uptime guarantee or money back guarantee, etc). Well, to me SLA as promised by most Web Hosting provider aren’t even remotely realistic as it is not predictable, and most of the Web Hosting provider (including one that offers VPS) grossly oversell their service, so as a result, most of them fail to meet their own SLA. Don’t get me wrong, I rather host with a provider which have great track record with efficient service.

How to set the correct Android *.apk MIME Type for Apache Webserver

Android application uses *.apk file as its installation package. It is a variant of the Java JAR file format (which in turn a Zip 2.0 file). Usually the *.apk file is obtained from Android Marketplace, the official channel for getting Android application. However there are some vendors or carriers that allow *.apk file to be downloaded from 3rd-party websites.

Those who elect to upload the *.apk files on their own webserver can add the official Android APK MIME Type to their Apache Web server config file:

Option 1: edit mime.types (for those who have root access)
1. First edit the mime.types file – sudo nano /etc/apache2/mime.types
2. Then add this at the end of the file – application/vnd.android.package-archive
3. Reload the server configuration – “sudo service apache2 reload”
Option 2: edit .htaccess file (for shared server or user who do not have root access)
1. Edit .htaccess
2. Add this line – AddType application/vnd.android.package-archive

This will register the appropriate MIME type for the *.apk file so that both the server and mobile application can handle.

Using Apache mod_security and .htaccess to block comment spam on the web

Comment spam is the most annoying thing to web operators. Besides eating up bandwidth, comment spam can pollute web discussions area and which gives bad impression to visitors.

Apache HTTPD mod_security module can be configured to reduce web spam by filtering common keyword, content and referrer used by spam bots around the internet.

Here’s an example of .htaccess file to block common comment spam :

<IfModule mod_security.c>
SecFilterEngine On
SecFilterScanPOST On
SecFilterDefaultAction "deny,nolog,auditlog,status:503"
SecFilterSelective POST_PAYLOAD "(mortgage|viagra|poker|traffic|discount|medical|casino|lyrics|loan)"

</IfModule>

Please ensure that your Apache installation has mod_security module enabled. The method is suitable to be used on websites that receive a lot of user comments like forums, blogs (including WordPress and Drupal) and photo gallery.

Note: This is not a full-proof solution as it depends on the use of keywords.

How to solve Apache – Could not reliably determine the server’s fully qualified name – error in Ubuntu

Apache2 web server will almost always display this information message :
"Could not reliably determine the server's fully qualified name"
when it is first started in Ubuntu and Debian server.

The reason behind this message is because the web server fails to find the suitable domain name in the system.

How to remove the message
First, you need to edit “/etc/hosts” file and put your server name of choice in the file. For example:

127.0.0.1 server.mylocal

Then you need to add “ServerName” directive in the “/etc/apache2/apache2.conf” file.

ServerName server.mylocal

Finally, restart the web server for the changes to take effect. You will notice that the information message is gone now.

$ sudo service apache2 restart

How to make JavaME .jar files downloadable from Apache Web Server

Mobile application developers may have realize that one of the best (and recommended) way to distribute their JavaME/J2ME application is by hosting it on a website. This makes it easier for potential users to navigate and download the .jad or .jar files from their phone browsers and to execute it directly.

However, some web servers are not configured to handle .jar / .jad file requests, eventually leading to failed install response received by the mobile users.

To remedy this, .jad / .jar files need to be associated with the correct MIME type. In Apache, you can do this by creating ‘.htaccess’ file in your web directory, and inserting these lines :

# JavaME
AddType text/vnd.sun.j2me.app-descriptor .jad
AddType application/java-archive .jar

Afterwards, safe the file. The web server should behave accordingly when requests are made to either of these files. For other web servers, please refer to their respective manual or online-help on how to change document MIME type.

How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu

Secure HTTP (SSL/TLS) has become a must if you are planning to setup a website which includes user authentication (ie. login box) or sensitive data. HTTPS prevents the sensitive data from being transfered across the network in clear text where it is susceptible to being sniffed or altered. Here is the tutorial on how to setup a secure HTTP on Apache web server in Ubuntu 10.04 (Lucid Lynx).

What do you need?

  • apache2 (Web Server)
  • openssl
  • A bit patient, because it will take some time to learn

Step 1: Create a self-signed certificate
You need to create a self-signed certificate with openssl. To do that you will need to generate the server key.


openssl genrsa -des3 -out server-sec.key 4096

…and certificate signing request (CSR)


openssl req -new -key server-sec.key -out server.csr

After that, generate the server certificate by signing it with the server key.

openssl x509 -req -days 365 -in server.csr -signkey server-sec.key -out server.crt

Keep the server-sec.key in a secure location, with read/write permission assigned only to root. Then generate a password-less copy of the key for Apache use.

openssl rsa -in server-sec.key -out server.key

By this time, you should have :

  • server.key (passwordless key for Apache)
  • server.csr (certificate signing request)
  • server.crt (certificate)
  • server-sec.key (server key)

Continue reading “How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu”