Hello friends,
Route from Fiber Optic to the Web Server:
Fiber Optic Line to the NTU (Network Termination Unit):
The fiber optic line enters your home from the provider's network and connects to the NTU (Network Termination Unit), also known as the fiber termination box.
This unit acts as the connection point between the provider's fiber network and your home network.
NTU to the ONT (Optical Network Terminal):
The NTU is connected to the Optical Network Terminal (ONT) via a fiber optic cable.
The ONT converts the optical signal from the fiber into an electrical signal that your network devices can use.
From the ONT, a LAN cable carries the converted signal to your router.
Connection to the Router (A1 SU 5250):
The ONT sends the network signal (via the yellow LAN cable) to your Router (A1 SU 5250).
The router distributes the internet connection throughout your home network. You can see that multiple Ethernet cables (GbE ports) are connected to different devices, all of which receive internet from the router.
Connection from Router to UniFi USG:
The router is connected via a cable to the UniFi USG (UniFi Security Gateway). The USG serves as an additional router or firewall, managing your network security.
This adds another layer of protection to your network.
Connection from UniFi USG to a Switch:
The UniFi USG is connected to a Switch, which expands the number of available network ports, allowing you to connect more devices to the network.
Web Server Connection via the Switch:
Your web server is connected to the network through the Switch, which in turn is connected to the UniFi USG and the router.
The web server can now transmit and receive data over the internet through this network setup.
Best regards,
Otto
Route from Fiber Optic to the Web Server
- Otto
- Posts: 6396
- Joined: Fri Oct 07, 2005 7:07 pm
- Has thanked: 8 times
- Been thanked: 1 time
- Contact:
Route from Fiber Optic to the Web Server
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
- Otto
- Posts: 6396
- Joined: Fri Oct 07, 2005 7:07 pm
- Has thanked: 8 times
- Been thanked: 1 time
- Contact:
Re: Route from Fiber Optic to the Web Server
Hello friends,
If we move applications to the web, then we have to deal with these topics, regardless of whether we book hosting somewhere or do self-hosting.
Best regards,
Otto
Part 2:
I dealt with file system permissions today to prevent Backend/Endpoint (fopen(), file_get_contents(), etc.) from accessing files outside of htdocs.
With that, I have now completed the list recommended for secure server operation.
Summary of the action plan:
Prepare the server environment (strong passwords, Windows updates, antivirus software).
Apache installation and user configuration (set up apacheuser, securely run the service).
Set file system permissions (only apacheuser has read/write access).
Secure Apache configuration (SSL, disable directory listing, access restrictions).
Set up network security (firewall, secure remote access).
Configure security headers (to protect against XSS, clickjacking).
Install WAF (ModSecurity to defend against web attacks).
Protect against DoS attacks (mod_evasive, Fail2Ban).
Regular updates (Windows, Apache, PHP).
Implement a backup strategy (regular backups).
Set up logging and monitoring (Apache logs, IDS).
Prepare an emergency and incident response plan (react to security incidents).
By implementing these steps, your Apache server on Windows will be comprehensively secured and protected against the most common threats.
If we move applications to the web, then we have to deal with these topics, regardless of whether we book hosting somewhere or do self-hosting.
Best regards,
Otto
Part 2:
I dealt with file system permissions today to prevent Backend/Endpoint (fopen(), file_get_contents(), etc.) from accessing files outside of htdocs.
With that, I have now completed the list recommended for secure server operation.
Summary of the action plan:
Prepare the server environment (strong passwords, Windows updates, antivirus software).
Apache installation and user configuration (set up apacheuser, securely run the service).
Set file system permissions (only apacheuser has read/write access).
Secure Apache configuration (SSL, disable directory listing, access restrictions).
Set up network security (firewall, secure remote access).
Configure security headers (to protect against XSS, clickjacking).
Install WAF (ModSecurity to defend against web attacks).
Protect against DoS attacks (mod_evasive, Fail2Ban).
Regular updates (Windows, Apache, PHP).
Implement a backup strategy (regular backups).
Set up logging and monitoring (Apache logs, IDS).
Prepare an emergency and incident response plan (react to security incidents).
By implementing these steps, your Apache server on Windows will be comprehensively secured and protected against the most common threats.
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
Re: Route from Fiber Optic to the Web Server
Gracias Otón por compartir
saludos !
saludos !
Cesar Cortes Cruz
SysCtrl Software
Mexico
' Sin +- FWH es mejor "
SysCtrl Software
Mexico
' Sin +- FWH es mejor "
- Otto
- Posts: 6396
- Joined: Fri Oct 07, 2005 7:07 pm
- Has thanked: 8 times
- Been thanked: 1 time
- Contact:
Re: Route from Fiber Optic to the Web Server
Cesar,
Thank you.
When you take the application live, you'll need to have server security concepts that you understand and trust, and can confidently present to your customers. These concepts should comply with current best practices.
Whether you're moving applications to the web via hosted services or self-hosting, security is a topic we must address.
By implementing the necessary steps, your Apache server on Windows will be well-secured and protected against common threats.
The fact that we still lack a clear installation routine for the mod_harbour server, which includes securing the server, is a significant reason why we haven't been able to fully launch the mod_harbour project.
Very few Harbour/FiveWin users feel confident with Windows self-hosting. Additionally, if you opt for a hosting service, it often requires specialized servers that allow for full software installations. Windows hosting services are becoming rarer and more expensive, causing potential mod_harbour users to delay starting.
Without clear instructions and recommendations, the mod_harbour project is at risk of failing. Therefore, it is essential for all of us to contribute to this effort.
Best regards,
Otto
Thank you.
When you take the application live, you'll need to have server security concepts that you understand and trust, and can confidently present to your customers. These concepts should comply with current best practices.
Whether you're moving applications to the web via hosted services or self-hosting, security is a topic we must address.
By implementing the necessary steps, your Apache server on Windows will be well-secured and protected against common threats.
The fact that we still lack a clear installation routine for the mod_harbour server, which includes securing the server, is a significant reason why we haven't been able to fully launch the mod_harbour project.
Very few Harbour/FiveWin users feel confident with Windows self-hosting. Additionally, if you opt for a hosting service, it often requires specialized servers that allow for full software installations. Windows hosting services are becoming rarer and more expensive, causing potential mod_harbour users to delay starting.
Without clear instructions and recommendations, the mod_harbour project is at risk of failing. Therefore, it is essential for all of us to contribute to this effort.
Best regards,
Otto
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************