Catalog / Web Servers Cheatsheet
Web Servers Cheatsheet
A quick reference guide to web servers, covering core concepts, popular servers like Apache and Nginx, and essential configurations.
Web Server Fundamentals
Core Concepts
Web Server: Software that responds to client requests over HTTP. HTTP (Hypertext Transfer Protocol): The foundation of data communication on the web. |
Client-Server Model: A client (e.g., a web browser) sends requests to a server, which processes them and returns a response. |
Static Content: Web content that is pre-built and served as-is (e.g., HTML, CSS, JavaScript files, images). |
Dynamic Content: Web content generated on the server-side, often using scripting languages (e.g., PHP, Python, Node.js). |
Application Server: A server that hosts web applications and provides services for them to run. |
Reverse Proxy: A server that sits in front of one or more web servers, handling client requests and forwarding them to the appropriate server. |
Common Web Servers
Apache HTTP Server |
A widely used, open-source web server known for its flexibility and module support. |
Nginx |
A high-performance web server and reverse proxy server, often used for its speed and efficiency. |
Microsoft IIS (Internet Information Services) |
A web server developed by Microsoft for use with Windows Server. |
Lighttpd |
Another open-source web server designed for speed-critical environments. |
Key Features
Virtual Hosts |
Hosting multiple websites on a single server. |
Load Balancing |
Distributing network traffic across multiple servers to improve performance and reliability. |
SSL/TLS Encryption |
Securing web traffic with encryption to protect sensitive data. |
Caching |
Storing frequently accessed content to reduce server load and improve response times. |
Apache Configuration
Configuration Files
|
Use Example: |
Common Directives
|
Specifies the directory from which Apache serves files for a website. Example: |
|
Specifies the domain name or IP address of the server. Example: |
|
Defines access control and other settings for a specific directory. Example:
|
|
Specify the location of error and access log files. Example: |
|
Enables specific Apache modules. Example: |
Virtual Hosts
A virtual host configuration allows you to run multiple websites on a single Apache server. Example Virtual Host Configuration:
|
Enable a virtual host using Example: |
Nginx Configuration
Configuration Files
|
Use Example: |
Common Directives
|
Defines a virtual server (similar to Apache’s VirtualHost). Example:
|
|
Specifies the port on which the server listens for connections. Example: |
|
Specifies the domain name or IP address of the server. Example: |
|
Specifies the directory from which Nginx serves files for a website. Example: |
|
Defines how Nginx handles requests for specific URIs. Example:
|
Reverse Proxy Example
Nginx can be used as a reverse proxy to forward requests to backend servers. Example Configuration:
|
Security Best Practices
General Security Measures
Keep your web server software up to date with the latest security patches. |
Use a firewall to restrict access to your server. |
Disable unnecessary modules or features. |
Regularly audit your server configuration for security vulnerabilities. |
SSL/TLS Configuration
Obtain an SSL/TLS Certificate |
From a trusted Certificate Authority (CA) like Let’s Encrypt, or purchase a certificate. |
Configure SSL/TLS |
Enable HTTPS by configuring your web server to use the SSL/TLS certificate. |
Use Strong Cipher Suites |
Configure your web server to use strong and secure cipher suites. |
Redirect HTTP to HTTPS |
Automatically redirect all HTTP traffic to HTTPS to ensure secure communication. |
Access Control
Limit Directory Access |
Restrict access to sensitive directories by configuring appropriate permissions. |
Implement Authentication |
Require users to authenticate before accessing certain areas of your website. |
Use a Web Application Firewall (WAF) |
A WAF can help protect your website from common web attacks like SQL injection and cross-site scripting (XSS). |
Regularly Monitor Logs |
Monitor your web server logs for suspicious activity. |