The separation between server administration and web development is hazy to most beginners and non-technical folks alike. They are related and there is crossover (especially with the advent of servers specifically designed to run applications built on a certain technology). But rest assured — administering and maintaining a web server is generally a different skill-set altogether from web development.
For a related analogy: the person who builds the fancy safety systems in a new car might not know the first thing about building the car’s frame.
Nonetheless: as a web developer, you will benefit from knowledge of basic server administration tasks. Just be aware, by operating on cPanel software, you’re not anywhere near proficient. You’re just doing the very barest basics to get your site up and running.
Purchase of Hosting and Domain Names
Especially if you’re working on a small team or as a freelancer, you’ll want to familiarize yourself with basic web servers and domain names. You need to know how to purchase both domains and servers, how to set them up, and basic management. You’ll probably end up building a website or seven for someone who does not have a web presence. Familiarity with buying domains and hosting is a good thing to have.
Types of Hosting and Traffic Requirements
- Differences between shared hosting, VPS hosting, and dedicated hosting.
- Estimating the type of hosting needs based on analytics data of past website visitors or (realistic) projections as to future visitors.
- How to test servers for their load capacities (advanced skill, not necessary when you’re starting out but good to know when your clients’ traffic needs increase).
A client who needs dedicated hosting to handle their traffic also generally needs to either purchase a managed dedicated server from their host, or hire a systems administrator. You should say so if someone thinks you can operate their server. As a web developer, it’s almost surely a bad idea for you to undertake serious server administration for a paying client or employer. If you want to learn server administration, awesome — but it’s better to do so on a personal project.
Another thing you should be able to recognize — when your client has been upsold! A tiny blog just starting out doesn’t need a dedicated server all to itself in most cases, so your client was likely upsold by the hosting company. Instructing the client to downgrade to something more appropriate can save them tons of money, and you’ll look great for having made the recommendation.
Basic Server Management
There are ways to accomplish every one of these tasks entirely through your server’s SSH (Secure Shell) prompt… but as a beginning web developer, you’ll probably end up doing these things via something like cPanel or Plesk.
There are people out there who will snark you for using cPanel, Plesk, and phpMyAdmin… but honestly, it’s hard enough wrapping your head around all this web stuff. It’s fine to get used to the graphical interface for these tasks, and later resolve to learn the text-based stuff. If your aim is to be a web developer, you might never even have to learn that stuff — if you’re working in a larger environment, there are people who will know it better because it’s their whole job!
These are some basic management tasks to learn:
- Creating subdomains
- Managing databases (often via phpMyAdmin)
- Making back-ups
- Scheduling cron jobs for small, scripted tasks (e.g., taking a back-up)
You’ll also want basic familiarity with the Domain Name System (DNS) and how to avoid taking your customer’s site down (i.e., in the instance of swapping servers over). There are lots of little gotchas — e.g., Internet Service Providers (ISPs) taking up to a week to refresh their cached DNS, causing latent issues in a transferred website for an unlucky few hosts — that you should know before diving in with a DNS transfer.
This is something you should cover extensively. DNS transfers are an easy way to tank a client website if you don’t know what you’re doing and you’re not careful. Read up before you’re under any pressure.
And remember, if you’re having problems — online tools can make troubleshooting much easier.
Secure Sockets Layer (SSL) Implementation
SSL certificates are deceptively simple at the cPanel/Plesk/server level, but troublesome when it comes to page content, 301 redirection, and reporting tools such as Google Analytics, Google Webmaster Tools, etc.
- Purchasing an SSL certificate and installing it on your server.
- One IP, one SSL — you need dedicated IPs for each SSL domain you have unless you’re using modern server infrastructure and SNI
- Fixing insecure content errors — Why No Padlock is a useful testing tool.
- Understanding that “SSL” does not mean “completely secured website.” There’s a ton more you have to do, security-wise, in order to ascertain your website remains secure.
As a web developer, you’ll be working with e-mail sooner or later (contact forms, account registrations, etc.). Learn the basics of how e-mail works, and common troubleshooting steps you can take when e-mail does not work. Mail server administration is an in-depth subject with lots to learn (much of which will not be relevant to you) so don’t stress too much. And, good news: a lot of the basic stuff (e.g., TO/CC/BCC) you probably already know.
Some important points to hit:
- Email Basics: differences between TO/CC/BCC, e-mail headers and how to access them when viewing a message.
- Ways to Send Mail: the different ways you can send from a contact form — e.g., PHP’s sendmail() function vs. SMTP — and the benefits/drawbacks of each.
- Antispam: ways to protect your contact forms and other automated mailing systems from spam submissions (especially if rolling your own submission script)
- DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF): common methods of e-mail validation, useful for troubleshooting contact form messages that get sent to spam.
- Tools for Troubleshooting: Familiarize yourself with the following tools, useful for troubleshooting e-mail problems:
That’s not everything you’ll need to know — but the above will definitely help you get started.
Basic Security and Compliance
I say basic because, as with much else in web, security is a rabbit hole you can fall deep into. Security is also best left to professionals if you don’t know what you’re doing. That said, there are some basic things you can do to improve security (some even non-technical — such as randomly generating passwords and enforcing strong passwords are used everywhere). Most of these things are not server level security:
- Avoiding XSS (Cross-Site Scripting) and other major code-based security holes.
- Avoiding insecure, outdated, or otherwise poor scripts, code, etc.
- Understanding when you’re in over your head or doing something that’s a Very Bad Idea (e.g., roll-your-own credit card processing, storing medically-sensitive data to an insecure web server in violation of United States HIPAA laws) and you need a professional’s touch
- Most importantly, human security — such as not storing passwords on a post-it note attached to a monitor, not giving up passwords over the phone or to “important looking people” in the office, and similar. People are often the greatest exploitable point, so even if you’re not great at the technical aspects of security, you can enforce good human behaviors related to security!