2. Introduction

Before we learn to develop web applications, we need a basic understanding of the Internet and the World Wide Web. For a more in-depth explanation of these two terms, take a look at en.wikipedia.org/wiki/Internet and en.wikipedia.org/wiki/Hypertext_Transfer_Protocol. The Internet is a globally distributed network of networks. It connects billions of computers and devices allowing them to communicate with each other. The World Wide Web (WWW) is just one of many services running on the Internet. It is a huge collection of documents and other resources interlinked via hyperlinks. Each resource Fhas a uniform resource locator (URL), which gives access to this resource. Typically we use browsers (e.g. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer) to access the Internet. Browsers use the Hypertext Transfer Protocol (HTTP) to communicate with other computers, so called web servers on the Internet. The Internet uses a whole suite of protocols that are split into several layers. At the top level, the application layer, we have HTTP and many other protocols. Below, on the transport layer, we have the Transport Control Protocol (TCP). Beneath this layer we have the Internet Protocol (IP) on the Internet layer.

The WWW has evolved significantly since the early nineties. Today the web browser and related technologies are increasingly becoming the platform of choice for application development, for a number of reasons:

  1. Write once run anywhere. A web browser is installed by default on virtually every desktop, tablet, smartphone and other devices. A web application will run on all of these devices without requiring the user to download and install anything or the developer to provide executables for different operating systems.

  2. Updates are instantaneous, i.e. the next time the user uses the application, he/she will automatically be using the latest version.

  3. The performance of browser JavaScript engines rivals the best Java just in time compilers (JIT) and the gap to compiled C++ and assembler is dwindling. Today’s web apps use multithreading, accelerated 3D graphics and many other techniques that make full use of the available hardware.

  4. There are a large amount of standard application programming interfaces (API) as well as highly sophisticated open source libraries for all kinds of purposes.

  5. A virtually unlimited amount of documentation is available. The following is a small sample list of web applications to provide a glimpse of what can be done:

3. Operating systems

3.1. Ubuntu

3.1.1. Installation and configuration

The server guide provides the details. Get the ISO from Ubuntu and create a bootable USB stick.

If you have your own domain, use Certbot to get a free certificate. Use /letsencrypt/certbot-auto renew to renew all certificates. Follow SSL v3 goes to the dogs - POODLE kills off protocol and forward secrecy:

SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
a2enmod headers

Add the following line to default-ssl.conf in the <VirtualHost default:443> directive:

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

Make sure that the file headers.load is in the mods-enabled folder. If it isn’t, copy it from mods-available. Add your site to hstspreload.appspot.com.

Test your server security.

To set umask permanently, add umask 0027 to /etc/profile or change the following in /etc/pam .d/common-session (cf. serverfault.com/questions/231717/how-to-get-full-control-of-umask-pam-permissions):

session optional pam_umask.so umask=0027

If you get the error apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 when restarting Apache, edit your /etc/hosts file and make sure it contains 127.0.0.1 localhost servername.domain.com servername (cf. source).

.htaccess

In order to be able to use .htaccess files:

  1. The Apache rewrite module needs to be enabled, if it isn’t already:

    a2enmod rewrite
    apache2ctl restart
  2. The AllowOverride All directive needs to be in your Apache config file (usually in /etc/apache2) for the directory tree where your access file is located.

For the rest see Security.

Missing .Xauthority file

If you log in via SSH and get this message use

ssh -X user@host

to have the file created (source).

3.1.2. Administration

Useful commands
find without permission denied messages
find / -name <name> -print 2>&-

which is equivalent to (cf. unix.stackexchange .com/questions/19430/how-do-i-remove-permission-denied-printout-statements-from-the-find-program[source^]):

find / -name <name> -print 2>/dev/null
chmod all directories but not files

find . -type d -exec chmod o+rx {} +

chmod all executable files

find . -executable -type f -exec chmod o+rx {} +

Activate root

sudo passwd root and give root a password. Afterwards, you can for instance run su -.

Setting umask permanently
Main directories
Using USB drives

Find out what the drive is called using fdisk -l, then mount the drive using mount <drive> /media/usb. To unmount use umount /media/usb.

To have a drive mounted automatically, add it to /etc/fstab. Use lsblk -O or fdisk -l to get the required information for your drive. After a system reboot, your drive should be available.

Backup

System backup is essential. Install storeBackup, create a directory for your backups and add a crontab task using crontab -e. Here is an example crontab entry where an email is sent after backup completion (cf. how-to-sendmail):

* 3 * * 1 /opt/storeBackup/bin/storeBackup.pl --sourceDir /var/www --backupDir /root/backup
| sed 's/^/To: mail address\nSubject: backup\n\n/' | sendmail -t

Alternatively you can set up a systemd timer. A discussion about pros and cons can be found at cron vs systemd timers.

Instead of ro in addition to local backup you might consider cloud backup using Duplicity, preferably with encryption.

Mail

Whilst you may not want to run your own mail server, if you want to enable your server to send emails, install Postfix. To send an email, create a file with content structured as in the following example and then use sendmail recipient < file:

Subject: everling.lu backup job

Backup has been run

You can manage emails using mail.

Remote copy
rcp -prv source target
Fail2ban

To unban an IP address, use

fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE

The hard part is finding the right jail: Use iptables -L -n to find the rule name then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which (source).

Grub2

Grub2 is the default boot loader and manager for Ubuntu.

MySQL
Create DB

3.2. Windows

3.2.1. Administration

DNS

Display data in the DNS resolver cache:

ipconfig /displaydns

Flush DNS resolver cache:

ipconfig /flushdns

Renew all DHCP leases and reregister all DNS names:

ipconfig /registerdns

Trace a route to a server:

tracert hostname

4. Tools of the trade

4.1. Integrated Development Environments

4.1.1. Portable work environment

Vagrant serves to isolate dependencies and their configuration within a single disposable, consistent environment, without sacrificing any of the tools you are used to working with (editors, browsers, debuggers, etc.). Once you or someone else creates a single Vagrantfile, you just need to vagrant up and everything is installed and configured for you to work. Other members of your team create their development environments from the same configuration, so whether you are working on Linux, Mac OS X, or Windows, all your team members are running code in the same environment, against the same dependencies, all configured the same way. Say goodbye to "works on my machine" bugs.

4.1.2. Codiad

Codiad is a web-based IDE framework with a small footprint and minimal requirements.

4.1.3. Atom

Get the editor from atom.io. Installation instructions can be found in the flight manual. It is recommended to install the two Asciidoc packages for Atom as mentioned in Asciidoc live preview. Activate live preview with ctrl-shift-a as described in asciidoc-preview.

4.1.4. PhpStorm

PhpStorm is the ideal IDE for web app development. It provides full database and server integration.

Portable installation

To install PhpStorm on a portable drive, go to JetBrains and click the Download button. Cancel the automatic download of the .exe file and right click direct link, select Copy Link Location, paste the link into a new tab and replace the exe extension with zip, then press enter. This will download and open the zipped version of PhpStorm. Extract it to your portable drive.

Open the file bin/idea.properties, replace the line starting with #idea.config.path with idea.config.path=${idea.home}/.WebIde/config, #idea.system.path with idea.system.path=${idea.home}/.WebIde/system, #idea.plugins.path with idea.plugins.path=${idea.config.path}/plugins and #idea.log.path with #idea.log.path=${idea.system.path}/log.

If you have settings from another PhpStorm installation that you’d like to import, you can do this via File → Import Settings…​.

Project setup

First, we set all file encodings to UTF-8 in order to avoid any problems with special characters:

Now we configure a new project:

Database connection setup

First we need to make sure that the drivers are loaded:

Then we need to create a data source:

Make sure to right click the connection and select Make Global so that you don’t need to configure it for each project:

Template adjustment

4.1.5. NetBeans

Download NetBeans.

If this is the first time you install NetBeans on your device, you need to install the Java Development Kit (JDK) first (point 1 on the screenshot). This will open the following screen: