Jelle Druyts

So with the decision made to run a dedicated server, it boiled down to configuring the services. Now of course I wanted to use as much features out of the box as possible so I wound up throwing SyGate and CiDial out of the door, as well as BulletProof FTP Server and even Apache. (Not PHP, I still need that.) As it happens, Windows Server and IIS can take care of all their business - if you can get it all configured of course

By the way, I just want to mention that I'm not a sysadmin. I know the services and protocols fairly well, and I've set some of them up on a Windows NT4 server a few years ago - but I don't really know my way around a Windows 2000 Server. So I'm not blaming Windows or Microsoft if something didn't work; I'm just assuming that I did something wrong

First up: DHCP. Well this one is fairly straightforward, it can all be easily set up in Windows: just set up a new DHCP Scope for the LAN. I actually tried to skip this and get it automatically done with the NAT router service (there's an option for that) but I couldn't get that to send the DNS address along so I switched back to the real thing and added the necessary services there. Great, with DHCP running I had a real LAN thingy going on - without internet access however so that's basically a dead cat.

As I mentioned, I tried setting up a NAT router service the simple way first. That means: launch the wizard, check the boxes and light some candles around Bill's picture while praying for his good health. Didn't work though. (Maybe it was the wrong scent of candles, I just assumed he'd like cinnamon.) First of all, the DHCP part didn't work: clients never got a DNS server address (IP address, subnet mask and default gateway were ok). Furthermore: it recognised the LAN adapter just find but I couldn't add a public interface on which to route all traffic to and from the internet. I could have expected this because it's just a USB modem (an Eicon Diva ADSL), not a full-fledged hardcore professional router from an expensive brand I could select in a router list. Panic-stricken (this was mission-critical of course), I started to search the web. Just when I was about to sign up for a sheep-herder course with an accompanying one-way ticket to New-Zealand, I bumped into a site describing how to get a SpeedTouch USB modem to work as a routing interface. In short, I had to find the registry key representing my modem (turned out to be "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E9 72-E325-11CE-BFC1-08002BE10318}\0007" for me), add two REG_DWORD keys "EnableForRouting" and "EnableForOutboundRouting" both set to 1, reboot, and do the magic jiggy dance. I think the dance actually did the trick, because it worked just fine! Futhermore, the routing service has an option to keep the connection dialed in so if the line was dropped by my provider, windows properly redialed and all was well again. Excellent, my LAN was up and running with full internet access!

Next in line was IIS to get my web and ftp servers back up. No big deal mostly, it's easy to configure and easy to keep running. The biggest differences with Apache in my experience are the fact that it's all configured in a GUI (which is easier but less portable, migrating Apache just means copying the httpd.conf file), and the fact that you authenticate using windows accounts in stead of using .htaccess files (both have their advantages and disadvantages but portability is again an issue with the IIS approach). The big problem with IIS was getting it to support SSL. You need a certificate for that of course, but I'm not running a production site and didn't feel like spending lots of money on a properly signed copy if I could run SSL on Apache just fine with a self-signed certificate. So I sailed out again to fix this but it was pretty hard too. I swear, the sheep-herding thing was on my mind again after a few days. As a workaround, I was facing a life where Apache was running as the default webserver, proxying all non-SSL requests for IIS. Not too cool. Finally, I ran across a site describing how to convert an Apache/OpenSSL HTTPS certificate to IIS. Whew! So I already had a crt and key file lying around from the Apache days(if you want to join in and play along: read the Apache+SSL HOWTO on how to do this yourself). Then it boiled down to running "openssl pkcs12 -export -in server.crt -inkey server.key -out IIS_server.p12" and I had a .p12 certification ready to be imported into the Windows Certificate Store (import it into your Personal store). Now I was finally able to select it in IIS under a website's Properties -> Directory Security -> Server Certificate. So with SSL up and running, the last of my previous server apps became obsolete. Clean! Cool!

Of course, the internet is not a safe zone. It's filled with evil predators determined to steal your passwords and eat your breakfast cereal. So a firewall was in order, and Norton Personal Firewall came to the rescue. Unfortunately, it's been quite hard to get it configured properly. Even after I found out that it has an event log (whoops, quite a help really), it still didn't really do it for me. "Implicit rule blocked access to unused port 80" while IIS was definitely running on port 80 bugged me for ages. Restarting IIS seemed to help but not for long. Very weird. And all of a sudden, https wasn't working again while plain http was. The best part is, from my own pc (on the loved and trusted LAN), everything worked just fine so I actually didn't notice it when my server was publicly unavailable for a couple of days. So with some more tinkering I think I got it right this time (allow connections to the local ftp, http and https ports, while the remote port may be anything - it's that last part I messed up). Fingers crossed! And doing a daily hipshake in Symantec's general direction of course.

Now of course to get the ASP.NET goodies installed which triggered the whole migration: dasBlog! I wanted to use it to host more than just a blog so it took quite some tuning and a bit of programming. But I'll save that for a last post...

As a sidenote: current uptime is 29 days. Yummie