How to Install Apache on Ubuntu 16.04 VPS

Introduction

Apache web server has a lion market share and is popularly known for serving millions of websites in the internet. The open http server is supported by most modern operating systems including Windows and Linux.

Apache works pretty well in Linux distributions and installing it on your Ubuntu 16.04 machine using the below steps  is a breeze.

Pre-requisites

Before installing Apache on Ubuntu 16.04, you should have a running VPS server. If you don’t have one purchase a $5 VPS plan from Digital Ocean , Vultr, or Linode.

These are the most reputable VPS providers that offer a $5 VPS plan bundled with 1GB guaranteed RAM, 1 core CPU, 20GB SSD storage and a monthly bandwidth of 1 Terabyte.

You should also have non-root username with sudo privileges and a command line tool such as Putty. However, some VPS providers have a free web-based CLI but you can use any tool.

Step 1: Install Apache

Ubuntu has a pretty simple package manager apt that allows us to virtually install any software from a central download repository. So let’s get started and install Apache.

First, update your system by typing the command below:

$ sudo apt update && sudo apt upgrade

Then, type the command below to Install Apache

$ sudo apt-get install apache2

Sudo will execute the above commands and display a confirmation message listing the Apache package that you intend to install together with the required disk space. To confirm the installation, press Y and  Enter  to proceed.

Step 2: Double check whether Apache was installed

Next we are going to spot check whether Apache was installed successfully. To do this, open a web-browser like Chrome, Mozilla or Windows Explorer and enter your VPS server public IP address  or domain name as shown below.

http://your_vps_server_IP_address

If the setup was completed without any hiccups, the default Ubuntu 16.04 Apache web page will be displayed as shown below. The page is for testing and information purposes.

 Step 3: Enabling basic Apache Modules

Installing Apache on your Ubuntu 16.04 Linux instance allows you to run different types of websites including blogs such as WordPress.  However, the basic modules required to run such websites are not enabled by default on Apache.

So let’s enable them.

Enabling Apache mod_rewrite on Ubuntu 16.04

This module is used to create pretty urls on a website. Enable it by typing the below command:

sudo a2enmod rewrite

Enabling Apache mod_deflate on Ubuntu 16.04

Consider enabling mod_deflate in all clean Apache installations. However, it might be enabled by default but it is good to double check. Mod_deflate saves you a lot of bandwidth because the module compresses output from your websites before it is sent to browsers.

To enable mod_deflate type the following command:

sudo a2enmod deflate

Enable mod_authz_host on Ubuntu 16.04

Mod_authz_host is used to control access to particular files on your VPS server. To enable it, run the following command:

sudo a2enmod authz_host

Enable Mod_headers on Apache

sudo a2enmod headers

Finally restart Apache to enable the changes above by typing the below Linux command:

sudo service apache2 restart

If you don’t get any errors, the above Apache modules were configured successfully.

Step 4: Understanding Apache Configurations

Now let’s master Apache’s directory structure. Remember, the more you familiarize yourself with the Apache settings, the better you will understand it.

Mastering Apache configuration files also makes troubleshooting easy because you exactly know where to go if something is not working on your server.

Apache web server is quite flexible and easy to configure. Thus, you can tweak your Apache instance by placing directives on plain text configuration files.

Here are the most basic files and directories that are used to configure your Apache web server on Ubuntu 16.04.

  1. /etc/apache2/apache2.conf: These file contains global settings for Apache 2
  2. /etc/apache2/conf-available: This directory contains all available configuration files.
  3. /etc/apache2/conf-enabled: The directory holds symbolic links to all files in the /etc/apache2/conf-available folder. When a symbolic link of configuration is created on this folder, it will be automatically loaded/enabled when Apache restarts.
  4. /etc/apache2/envvars: This file is used to set the Apache 2 environment variables.
  5. /etc/apache2/mods-available: It is an Apache 2 specific directory that holds modules together with their configurations. However, some modules may not have a configuration file.
  6. /etc/apache2/mods-enabled:  The directory stores symbolic links to the files in the ‘/etc/apache2/mods-available’ directory. When a symbolic link for a module is created in this directory, it will be enabled when Apache  restarts.
  7. /etc/apache2/ports.config: This file contains basic settings that direct Apache on which ports to listen to.
  8. /etc/apache2/sites-available: This is probably the most useful Apache directory, the folder holds all the settings for virtual hosts. Apache comes with a default virtual host named /etc/apache2/sites-available/000-default.conf. You can copy this file to create additional configurations for unlimited number of virtual hosts if you are hosting multiple sites on the same VPS server.
  9. /etc/apache2/sites-enabled: The directory holds symbolic links for /etc/apache2/sites-available directory. When a  website’s virtual host symbolic link  is created in this directory, the site will be enabled next time when Apache restarts.
  10. /etc/apache2/magic: This file contains instructions that determine the MIME type of a file.

Conclusion

Installing Apache on Ubuntu 16.04 is quite easy. Once you enable the necessary modules and understand the configuration directory structure, you will run your web server without any problems.

If you want to buy the best VPS hosts that can run your websites and web applications on Apache, I recommend Vultr , Digital Ocean or Linode. These cheap vps providers have a $5 vps host that is super affordable.

Remember to install Ubuntu 16.04 as your Operating System when you provision the server for the first time.

Top VPS providers offering $5 Virtual Private Server Plans

I have seen a blog listing cheap vps server providers going for $19.95/month and this is quite misleading!. The cost of VPS hosting has dramatically dropped over the last few years. Today, you can get a fully working VPS plan for around $5/month.  In this guide, I am going to talk about the best VPS providers who are on top of the market. Also, I have selected the only renowned VPS provider with proven track record. Remember, cheap VPS does not always mean the best and this is why I have selected only the best companies offering the Virtual Private Servers.

VPS hosting comparison

VPS Provider Digital Ocean Linode Vultr Amazon Lightsail
Price $5 $5 $5 $5
RAM 1GB 1GB 1GB 512MB
Storage 25GB 20GB 20GB 20GB
CPU Cores 1 1 1 1
Bandwidth 1TB 1TB 1TB 1TB
VPS Purchasing Links Try Digital Ocean Try Linode Try Vultr Try Amazon Lightsail

Digital Ocean $5 VPS

Digital Ocean was founded in 2011 and its droplets goes for as little as $5/month, 1Vcpu and an extended SSD drive space of 25Gb. You can see this is the noteable difference that makes digital ocean stand among the other players.

Their Cheap VPS hosting are well balanced and fine-tuned with a vast amount of memory that allows you to scale up as required. You should consider Digital Ocean whether you are running blogs, web applications or just testing with a server environment.

The New York based giant boasts of over a million customers and is the 3rd largest cloud computing company in the world rivaling Alibaba and Amazon.

Linode $5 virtual host plan

Linode was started in 2003 and has customers across more than 100 countries. They have friendly support and good services. Linode sees VPS as their top niche and are quite consistent with their services and their data centres are spread across the globe. Apart from their $5 VPS hosting, they have better VPS plans with more RAM, CPU cores and SSD storage. Linode boasts of a reliability of around 99.99%.

Vultr $5 vps hosting

Vultr offers $5 brilliant VPS hosting and you can deploy your Linux instance with their bare metal cloud storage. They also have great add-on products apart from the compute engine including dedicated servers block storage and dedicated cloud. Vultr has also introduced $2.5 plan that comes with a RAM of 512MB, 20GB SSD and a monthly bandwidth transfer of around 500GB. Vultr VPS runs on 100% Intel CPU’s

Amazon Lightsail $5 cheap vps

Amazon Lightsail advertises their $5 plans as ‘Virtual private servers made easy’. They have everything you need to jump start your cloud needs including compute engine, storage and network products. Amazon is a Big name and they keep their products simple, reliable and secure. They make virtual private server a breeze. Scaling up or down in Amazon is also very easy and their data centres span across 10 different global regions. They have a no non-sense pricing starting from $5 to $40.

Conclusion

If you are looking for cheap vps hosting , I would advise you to go with these top VPS providers in the market today. Do not be mislead by blogs that advertise for $19.95 VPS hosts. Most of them advertise high ticket plans so that they can make more commissions but they haven’t done any proper research on the best vps hosting. I hope my vps hosting comparison will assist you to buy the best VPS server.

As always if you are getting started, try Digital Ocean or Vultr and install Ubuntu 16.04 as the operating system because it is easy to deploy and manage. You can later switch to CentOs and other Os as your familiarize yourself with linux vps hosting.

Advantages of Virtual Private Server over Shared Hosting

The advantages of Virtual Private Server are quite staggering compared to shared hosting services. But before we dig deep on the merits of VPS web hosting , let’s first define some terms.

What is VPS hosting? VPS is an acronym of Virtual Private Server. As its name suggests, it is a service offered by the best VPS hosting providers in the market.

VPS allows a customer to have a virtual machine/computer that runs its own operating system and software applications.

The most notable and useful feature of virtual server hosting is root access. A customer running a VPS has a super-admin access and he can shut-down, boot, reboot or perform any task on the virtual machine instance.

Why VPS?

VPS is quickly gaining a lot of popularity and it’s the new form of hosting that is sought by millions of web masters on the internet today. However, there is still a lot of confusion for those who are looking for a web host. According to my experience VPS is far better than shared hosting and there is no comparison at all.

Benefits of VPS hosting

VPS hosting offers more control

VPS gives customer the autonomy to install any software of their choice including operating systems (OS). When you buy vps hosting from a company such as Vultr or Digital Ocean, you get access to a control panel where you can provision your VPS instance.

You can then boot your virtual machine and install an OS that will work well depending on your needs. Installing an OS, upgrading and updating just requires a few clicks of a mouse.

The most common operating system is Linux and vps providers offer different distributions that you can choose from. These include Ubuntu, CentOs, Fedora, Windows e,t,c.

If you are just starting out, Ubuntu 16.04 is the best because you can find a lot of learning materials on the internet talking about it. CentOs is for those who want to start their own web hosting business because it supports Cpanel and WHM.

For those developing with asp and .net technologies, Windows OS could be a better bet.

In addition, most people switching to VPS host do so because they want to install their favourite web server. In a linux environment, you can choose from Apache, Lightspeed and Nginx, webserver.

Apache webserver is preferred by many because it is open source and quite easy to configure.

In a shared hosting, you don’t have the choice of installing or changing an operating system and hence VPS is a winner.

VPS gives you full root access and you can setup your Virtual computer as though it was your own personal computer at home.

VPS hosting is reliable than shared hosting

If you buy vps server, you will be the only player in that hosting environment and you won’t be competing with other web masters.

Some shared hosting providers are known for overselling their servers and this makes websites extremely slow.

Also, In a shared environment, lots of web visitors are competing for resources in a single server including RAM, CPU and installed software applications like Apache and MySQL server.

However, best vps hosting gives you a guarantee on your resources allowing your sites and hosted applications to run at a lightning speed.

I once switched to VPS hosting when I realized my shared hosting provider was killing all MySQL select queries running for more than 30 seconds. VPS allows you to tweak everything according to your special needs.

VPS hosting provides better Flexibility

There are lots of affordable vps hosting provider on the market today e.g. Vultr and Digital Ocean. All of them give customers the flexibility to scale up or down according to their needs.

For instance, if you are just starting out, you can choose a VPS plan with a 5GB Solid state drive, 1 core CPU and 1GB RAM and you only get to pay around $5/mo.

You can later scale up when your websites or hosted applications gain popularity and probably choose a plan that offers more RAM, space and extra CPU cores.

In a shared environment, your applications can come to a complete halt if your site is overwhelmed by many visitors. Scaling up or down on a VPS hosting is very easy by using the control panel offered by many web hosts.

After changing a plan, the cost of the VPS is adjusted accordingly in the next billing cycle. Such flexibility is a win to any webmaster looking for a better solution to host websites.

The cost of VPS hosting has drastically dropped to the same prices as shared hosting

Cheap Linux VPS plans start from $5/month. This is so much cheaper compared to some shared hosting that goes for more than $15/month!

However, linux vps hosting  requires you to learn some basic but simple linux commands. If you like Microsoft products, you can still get best windows vps in the market including Google and Amazon.

But if you really want a Linux server provisioned within a few minutes, try Digital Ocean or Vultr, both have affordable plans starting from $5/month.

So, is VPS better than shared hosting?

The benefits of VPS hosting outweigh shared hosting with a big margin and if you need more power, control and flexibility on your server, VPS is the way to go.

One thing I like about VPS hosting is the ability to host multiple and unlimited websites using Virtual Hosts. Also, there are lots of learning materials on the web about provisioning your VPS instance for the first time.

If you are just starting out on VPS web hosting, I would advise you to buy vps server from Vultr or Digital Ocean and install a Linux distributions such as Ubuntu 16.04 because it is easy to deploy and set according to your needs.

Hawkhost Review from a Verified Customer

Hawkhost is one of the most affordable web hosting companies. It is based in Ontario Canada. I have been using their services since 2013 when a friend recommended them to me and I am going to give a genuine Hawkhost review in this article. Apart from their shared hosting, they also offer Cpanel reseller hosting. In addition, if you are looking for full control on your server, they have affordable VPS (Virtual Private Servers) that you can customize to host your websites or online applications.

Hawkhost Technologies

  • Data Centers; Hawkhost utilizes around seven tier 3 and tier 4 data centres located in Dallas, TX, New York City, NY, Los Angeles CA, Amsterdam NL, Singapore SG, Hong Kong CN and Toronto. As one of their customers, you can choose the data center with the lowest latency during signup. Most cheap hosting companies do not have this feature so this is a plus to you.
  • Server Technology: Hawkhost runs their server using Cisco and Juniper network and this makes them extremely faster. In addition, they have UPS backups and diesel powered generators to ensure their servers are fully running even in extended periods of power blackouts.
  • Operating System: All Hawkhost’s servers all powered by the most affordable, secure and open source software – Linux which is known for its compatibility and flexibility. Linux is the most stable operating system that powers millions of sites today. It less susceptible to memory leaks, allows multitasking while still giving website owners the flexibility to install virtually any software. Linux outperforms Windows due to its incredible network performance.
  • Cpanel: Another notable feature I would like to point out in this Hawk host review is the Cpanel. All shared and Reseller accounts from this cheap hosting come with a free Cpanel license. You can use it to access File Manager, change PHP version, install databases and even administer your Mysql/Marida db’s using the PhpMyadmin. If you are running a CMS website powered by WordPress, Magento, Drupal or Joomla, Cpanel makes it easy to install the scripts and configure all the necessary files without using complicated command lines tools.
  • Server: Hawkhost uses the most powerful LightSpeed web server which is well known for performance and security. If you care more about your site, LightSpeed server comes with free Mod security and DDOS protection. In addition it is lightweight and compatible with most software applications eliminating the need to install third party layers. In fact, this is why Hawkhost has a very large customer base because their clients can enjoy accelerated web performance due to the cutting edge speed of LightSpeed web server which comes with double the speed of apache and can support thousands of con current users.
  • PHP/MySQL support: Hawkhost supports all PHP versions starting from 5.2 to the latest 7.2. Also, if you are a fan of MySQL and Maria databases, you will find them on Hawkhost fully configured with the latest security updates.
  • Magnetic Hard Disk Drives (HDD) are quickly becoming obsolete because they generate heat, are slow and even consume a lot of power. Hawkhost servers utilize SSD (Solid State Drives) which are around 100-200 times faster than HDD. While a 15,000 RPM hard disc accesses data within 2.0 to 4.1ms, the SSD utilized by Hawkhost can fetch the same data within 0.1ms. Sounds fast aren’t it?
  • Free SSL certificates. Hawkhost is an official Let’s Encrypt sponsor. This is an open source collaboration that offers free digitally signed SSL certificates. So, if you are planning to host a web store or an online shop Hawkhost is the best bet because you won’t spend extra cash on an SSL certificate. Let’s Encrypt SSL certificates will automatically renew so you don’t have to worry about tracking their expiries.

 Hawkhost Products

Hawkhost Domain Names

I will start with domains, although Hawkhost domain name price is not the lowest in the market, they give customers full access to their domains. They don’t lock your domains so you can easily change your name servers.

If you are hosting with them, that means you will be managing all your websites products in one control panel and therefore, you won’t forget to renew your products.

Hawkhost offers all top level domains including .com at an affordable price of $10.95 per year. You can also get ID protection at an affordable price on top of their 24/7/365 customer support.

Hawkhost Shared hosting

There are two affordable hosting plans offered by Hawkhost. The Primary Plan goes for around $2.99/month if you choose a 24 months billing cycle which is the best because it allows you to save a lot. With the plan, you are entitled for a 10GB SSD space, unlimited domains, unlimited bandwidth, unlimited email accounts and unlimited databases. You also get free migration support if you are moving from another provider. The Primary Plan is ideal for start-up websites e.g. personal wordpress blogs.

If you are running a lot of websites e.g. to cater for different niches, Hawkhost offers a Professional Package that starts from $7.99/month for a 24 months billing cycle. The Professional plan comes from unlimited storage on top of all the Primary plan features.

Also both plans are shell and SSH ready for those who like using Putty and command line tools. They also offer unlimited spam protected email accounts that you can access from your phone, browser or email clients like Ms Outlook.

Hawkhost SSD reseller hosting

Hawkhost has the best hosting Reseller Program. Their best reseller hosting packages come in three affordable plans. Bronze plan goes for $12.99/month while Silver and Platinum go for $25.99/month and $45.99/month. The choice of your Cpanel reseller hosting depends on the number of Cpanel accounts that you want to create, required space and WHMCs license.

Apart from the Bronze plan the other two cheap reseller hosting plans offer free WHMC license which you can use to manage your customers invoices and payments. However all of the Hawkhost’s linux reseller hosting plans come with WHM so it is easy to manage your customer accounts and resources without using third party tools.

If you buy reseller hosting, you can manage your customers and craft affordable plans for them and make some profit from the Hawkhost’s unlimited reseller hosting plans.

For instance, if you have 50 customers paying $50 per year that translates to $2,500 per year. With that amount, you can buy the Silver plan that goes for $25.99/month or around $312/year and pocket the rest of the money. This is ideal for web developers or designers with several customers.

Hawkhost VPS (Virtual Private Server)

Hawkhost is one of the best VPS sellers with affordable fully managed server products. Their semi-managed VPS start from $18/month with the most expensive going for around $58.50/month. Most website builders/owners go for the VPS route because they want to have more freedom with their servers. Hawkhost offers all those privileges to their customers via their rich VPS Cpanel. As a VPS owner, you can install, update, boot, reboot or even stop your VPS instance without using any complicated tools.

Hawkhost VPS gives you full root access and a choice of installing either CentOs, Debian, Fedora or Ubuntu Operating Systems. If you are planning to start a hosting business, CentOs is the best because it supports Cpanel and WHM.

As a VPS starter, Ubuntu will be a good bet because it is widely supported across the web and there are lots of learning resources from the internet. All of these VPS plans are hosted on Raid 10 SSD drives with 1gbit network ports to make them fast.

Other features

  • You can pay for Hawkhost services with a PayPal account or a Credit card. They always send a reminder for upcoming and overdue invoices. Also they offer a generous complementary one week grace period for all invoices in case you are strapped for cash.
  • 30 day Money back guarantee. If you feel you are not satisfied with the Hawkhost products, you can get your money back within 30 days. However, this guarantee does not apply to domain names.
  • Hawkhost coupon – they sometimes offer coupon codes that you can use to enjoy their hosting at a more affordable cost. The Hawkhost coupon applies to most of their plans apart from domain names.
  • 99% up-time guarantee. I have never seen any down time while using Hawkhost for around 5 years now and this is perfect if you don’t want to frustrate customers visiting your websites.
  • 24/7/365 support via email, phone, discussion forums or knowledge base. Once you send an email to Hawkhost, they create a ticket automatically. They will then keep updating the ticket until you are satisfied with your query. Their response time is very fast. I have sent dozens of tickets to them and they have always assisted me within a few minutes.

Hawkhost cons

Hawkhost does not offer script support. To put this into perspective, if you are creating a PHP script to calculate traffic data in your country, they can’t assist with that. But this is the same case with all hosting providers, although a hosting company can troubleshoot everything wrong with your account; don’t expect them to code scripts for you.

Conclusion

I hope I have covered everything about the Ontario based company in this Hawkhost Review. While choosing a cheap shared hosting can become somewhat complicated, this guide will enable you to make a proper decision to buy your hosting services from a renowned hosting provider with a proven track record. I stick to Hawkhost mostly because; they are polite and have used LightSpeed server on top of their super fast SSD driven servers and free Let’s encrypt certificates on all their plans. When it comes to monetization, they have the best WHM reseller hosting. Try Hawkhost today.

Software Escrow – Creating Safe Applications

Building a software application can be easy as writing some codes which just involves some programming skills. However, if you want to dive to the corporate software industry, you must understand how to safeguard the intellectual properties (IP’s) of your applications.

In addition, you need to know everything about software escrow. An escrow firm keeps the sources of your software in the event that something happens to your firm or your developers. The service prevents your client from having direct access to your code and therefore they can’t re-sell or misuse it without your consent.

Escrow agents assist software company on their needs and the success is always tremendous. Whilst being a software developer can land you in an IP triangle, escrow experts ensures your business continuity when you seek their services.

As a programmer, you have learnt for many years, researched and even invested your money in hardware and software resources. You don’t want you to get involved in a legal battle and this is the primary objective of an escrow firms.

Benefits of a software escrow

Safeguarding your precious source code assets

Tons of source code including algorithms and complicated functions can take many years to code. When a client consults your firm for a custom software, exposing the logic of how your application works in plain text will affect your intellectual properties.

In some cases, a malicious client may resell your software application to other companies and compete against you in the future. The work of the escrow firm is to safeguard your valued source code so that it does not get scattered across multiple customers.

Ensuring business continuity

We have all heard cases of some big companies going bankrupt either due to poor management or unfair competition.  In other cases, the main business of a company can become less viable forcing you to pack and leave the industry.

But the question arises on what will happen to the maintenance of the software that you sold to a company that relies on it for their day to day operations.

A software escrow firm ensures business continuity in such a case. If you go bankrupt or your developers perish probably in an accident, the escrow firm can pass your sources to your client as agreed in an escrow contract.

Since most of the custom software applications have a well documented source code, the client can find another software firm to continue with their development. Addressing the concerns of the client is very important in business and this is where escrow agents come in.

Maintaining the software for a long time

Software escrow is not just about keeping your source code safe. It also helps you to have a formally written contract with your clients and this leads to smoother and successful negations.

This means you can maintain the software for a very long time and make more profits during the lifetime of the application. Without an escrow service, your client can terminate the contract at any time because they can hire another firm or probably employ an in house developer.

With a formal agreement, your license must stick with your services or terminate your services officially as agreed in the contract. This means that your efforts as a developer/software firm are rewarded. This ensures that you don’t waste years building custom software that will only get deprecated after a few days of usage. Remember such interruptions can damage your business.

Parties involved in a software escrow agreement

Every contract must have some parties and this is a not different in the software escrow agreement. The parties involved here include:

  • Licensor: This is the developer or the firm that is creating software application for another business. Think of the licensor as a programmer or an IT company.
  • Licensee: This is the client who requires the services of a software company. The word licensee arrives from the sense that the client is licensed to use a certain software application by another company if they are able to meet their terms of  contract.
  • Escrow firm: Finally, the escrow agent bridges the gap between the licensor and the licensee. The agent is the most important party in the software agreement. The company must have a proven track record, trustworthy and be in good financial standing. Of course you don’t want them to get bankrupt before you even start getting loyalty fees from your client for that cool app that you created. Their data centers should also be safe and their business should have sound legal and technical expertise including well staffed offices.

What does the software IP agreement cover?

  • Scope of the agreement. This covers everything about the needs of the licensee. The scope simply defines the modules, libraries and technical requirements of the software and the hardware components.
  • Conditions that must be met by all parties. Software escrow agents do not just release the source code to the licensee at their discretion. They follow some specific conditions that must be met before doing this. Also, the licensor roles and duties are listed on the conditions. For instance, the firm must maintain the latest source code with the agent at all times.
  • Possible use of the source code by licensee once the source code is released to them. The software IP agreement must precisely define whether and how the licensee can re-use the source code once it has been released to them. For instance, it might allow/prohibit any modifications that may interfere with the software logic or just allow changes because their business needs may be  dynamic in nature.
  • The agreement should also cover the source code, details of the programmers as well as the client’s data in case of Software as Service (SAAS) applications.

Scenarios that call for a software escrow agreement

The escrow service is recommended to all software companies targeting the corporate world. However, the cases below call for an urgent need for the same:

  • When the client software is pivotal to the operation of the business. E.g. in manufacturing industry.
  • When the application can have a direct effect on the income of the organisation. A good example is in the supermarkets point of sale module. Slow or non-functional software can affect the income of the organisation since most customers hate waiting when checking out.
  • When the software is so much customized that replacing it would require a lot of time. Tailor made software must be escrowed at all times because they take many years to design and code and if  the developers fail,the licensee could be disadvantaged.
  • When the software price is extremely high. Large corporate maintain very expensive software code bases and they can’t afford to lose them when a development company closes or goes bankrupt.

Available options

  • Single user software agreement: Usually involves one licensor and a licensee and is popular with custom software.
  • Multi-user software agreement. This is applicable in an application tailored to work for different firms that have identical needs. In case there is a problem with the licensor, the source code is released to all licensees.
  • Tailored software agreement. Depends on the features of the software including re-sellers and other parties that are involved in the life-cycle of the development. This kind of agreement is fully customizable according to the needs of all parties.

 Conclusion

In a nutshell, it is extremely hard to thrive in the software industry without relying on the services of an escrow agent. This is both true for the software provider and the licensee.

To be safe in all circumstances especially in the event of developer demise, the software escrow is very important since it allows business continuity while avoiding legal breaches.

So, if you are thinking of selling any software application, get the help of a professional escrow service . You will need to deliver your source code to them and other materials for safe custody as your software evolves.

In case a release condition occurs, your valuable IP will be treated as per the written agreement.

Links:

http://resources.infosecinstitute.com/why-do-we-need-software-escrow/#gref

Rest API Best Practices for Beginners

In this guide, I am going to talk about REST API best practices that you can follow to craft a standard API that your developers can use to consume your data and services without any trouble.

Even if you are not designing your API for the public, following the best API design guidelines standardizes your application hence making it easier to maintain  in the future.

The majority of web players  like Google, Facebook, Twitter and Bigcommerce have public API’s. Unfortunately, each of these companies uses a different format.

So, if you are starting out as a developer, you might wonder whether there is standard format of creating APIs bearing in mind that such big companies are following their own conventions.

Luckily, there are industry’s best standard API design guidelines that you can follow and I am going to talk about them here.

Separate your REST API interface into Logical Resources

Creating an API is both an art and a science. Use your software architectural skills to make a rest API interface that is easy for developers to understand. Creating logical resources is not hard.

You need to consider all possible endpoints that your API will expose to the public or your in-house software application. For instance, when designing my API endpoints I start with offices, followed by system roles, e.t.c.  The same case applies to your application.

To put this into perspective an API for an online shop can have the following endpoints:

  • products_categories – www.example.com/api/v1/products_categories
  • products – www.example.com/api/v1/products
  • customers – www.example.com/api/v1/customers
  • sales_orders – www.example.com/api/v1/sales_orders

API Interface Design Principles

When I first designed my API’s, I used all kind of names on the endpoints because I wasn’t following any design guidelines. However, here are a few points that you must keep in mind before creating your resources.

Use Nouns Instead of Verbs

A noun is a word used to identify something while a verb is a “doing word” that describes an action. For instance, if you are creating a products resource, you shouldn’t use an endpoint like “createproduct” or “editproduct”. Instead use an endpoint like “products”.

Use Plurals on your API Endpoints

Developers can have a hard time trying to consume an API that has both the singular and plural forms. E.g. a poorly designed API for retrieving customers can have different endpoints like www.example.com/api/v1/customers and www.example.com/api/v1/customer.

The former can be used to create, delete or retrieve a single customer while the latter can return all customers. Such a design is completely confusing. Just use the plural form even when your api is returning a single resource.

Differentiate API Actions Using HTTP verbs

As mentioned above, a good API should use the plural form of the noun e.g. www.example.com/api/v1/customers. However, you can differentiate the different kind of actions on that endpoint by using http verbs: POST, GET, PUT and DELETE.

So any call to your API will perform the appropriate action and take care of CRUD (Create, Read, Update, and Delete) operations. The Post http verb will be used for creating new records, GET will retrieve  records, PUT will update the records while DELETE will remove an existing record from database.

Your API Endpoints Should Accept Resource Id’s

Resource Id’s are very important when your API consumers want to retrieve, update or delete a single record. E.g. a sample URL like www.example.com/api/v1/customers/21 should be able to retrieve a customer with Id # 21 when called using a GET http verb. A delete request with the same URL will delete the customer with that id.

Generate Resource Ids Internally During POST Requests

Generate the resource id internally in a post request. Don’t ask your API consumer to supply it on the POST payload. This can lead to all sort of problems including skipped id’s, non standard formats (e.g. in case of bank application) e.t.c

Sample json API response with an id returned

{

"id": "143562",

"name": "John Doe"

}

REST API Filtering, Sorting and Paging 

Filtering: Your API should handle filtering when consumers want to return only a few records. Filtering is possible using the GET parameters  embedded on the URL. For instance to retrieve all the products in a specific category, one might use an URL format like www.example.com/api/v1/products?Category_Id=4.

Sorting: The need of arranging and separating records from an API  is inevitable. A good example is when an API consumer wants to display the most recent records at the top of a list view but display the opposite on a report.

To achieve such a function, allow the developers to include the sort parameters when requesting a resource e.g. the url www.example.com/api/v1/products?sort=product_name will display all products arranged in ascending order  by the product_name field. Also the records can be arranged in a descending order by prefixing the sort field by a “-” minus/negative sign e.g. www.example.com/api/v1/products?sort=-product_name

Pagination: A resource returning a lot of records should allow paging otherwise it might crash your API server. Different rest paging best practices exist but the common one uses a page parameter on the URL E.g. www.example.com/api/v1/products?page=4.

Also, the API consumer should know the total number of pages and count of records expected in a resource. Pagination information should be included in a meta member at the end of the json document.

meta : {
"page": 5,
"per_page": 20,
"total_pages": 27,
"count": 521
}

This way, developers can display the total number of pages expected from a resource without errors.

Spell out Magic Numbers

Using magic numbers in a database environment is inevitable due to optimization. For instance, if you are designing an e-commerce api, the possible statuses of the order can be ‘paid’,’unpaid’,’shipped’

Including the information on the orders table will bloat your database. To avoid the problem, you create a different table with all the resources and assign ids for the same e.g. unpaid -0, paid -1, shipped -2.

Once you do that, you should remember to spell out the magic numbers when returning the response to the consumer as shown below. Otherwise, they will have to make two round trips to your API server to get the representation of each magic number.

{

"order_id": 5,

"status_id": 2,

"status_name": "shipped",

}

REST API Response Formats

Json has become the standard format of REST API responses and XML is quickly becoming deprecated. Json is lighter and easy to serialize or deserialize. The Json API response should contain 3 mandatory top level members including data, errors and meta. However, data and errors cannot co-exist in the same document.

Here is a sample json response with all elements:

{

"data" :[

{"product_id" : 1,"product_name" : "Coast Sheena Maxi Dress"},

{"product_id" : 2,"product_name" : "Reila Mini Dress"},

{"product_id" : 3,"product_name" : "Siffon Midi Yellow"}

]
meta : 
{ "page": 1, "per_page": 3, "total_pages": 4, "count": 12 }


}

Json API Response with Errors

Returning a single error in a REST api response is recommended as it allows the client to deal with the error properly. Always include an error code and the details. Title is optional.

{

"errors" :{
"code" : 400,
"title" : "Validation Failed",
"detail" : "First_Name is a required."
}

}

Field Name Casing in Json REST APIs

You can use camelCase or snake_case in field names but most experts agree that snake case is easier to read. When I first show an API provider using camelCase, I thought their developers were making typing errors and I can attest that camelCase does not look any good!

Examples of Cases Used in REST API Fields

  • camelCase:  e.g. productName, categoryName
  • snake_case :  e.g. product_name, category_name or Product_Name, Category_Name

Rest API Guidelines on HTTP Status Codes

Always Include the status header on every rest response in regards to the following.

  • 200 Ok – should be returned on a successful GET, POST, PUT, DELETE or POST action
  • 201 Created – should be returned to indicate that a new resource is created e.g. a new customers
  • 202 Accepted – indicates that a request has been successfully received but it’s still waiting processing. Common in the finance industry.
  • 204 No Content – used upon a successful deletion
  • 400 Bad Request – The request is malformed e.g. when you send a payload with validation errors
  • 401 Unauthorized – means that the api users couldn’t be authenticated on the server
  • 403 Forbidden – useful to restrict the api user from accessing restricted resources
  • 404 Not Found – return this status if an item is not found or when a user request a resource that does not exist.
  • 405 Method Not Allowed – returned when the http method is not allowed on a resource. For instance, if a user sends a delete request to the users’’ endpoint, the response should be returned.
  • 429 Too Many Requests – used alongside rate-limiting to avoid dos(Denial of Service) attack.
  • 500 Internal server error : Generated when there is a problem with the server e.g. due to failed database connection.

Versioning your REST API

An API version number (e.g. v1, v2, v3, e.t.c) should be included in the URL like www.example.com/api/v1 . A rule of thumb is to always support the previous version when you migrate to a new one.

 Increment the version number once your release a new version. Don’t replace the previous version’s files with the new release since these will break the developer’s code.

REST Web Services Security Best Practices

Use SSL everywhere and when a client requests data through the non-secure channel http, never redirect them to https but just reply with an error message.

SSL makes your API secure since your consumers could be accessing the resources from unsafe wifi-hotspots and cyber cafes which may lead to a man-in-the-middle attack.

Use strong hashing algorithms like bcrypt and avoid the less secure functions like md5 when storing passwords and authentication tokens.

Your API should also have a strong form of authentication. You can use Oath2 or Basic authentication. Remember to create strong authorization rules and use roles to differentiate the different categories that an API user can access.

Use rate limiting in the API resource to avoid users from abusing your service and block all IP addresses trying to brute-force passwords.

Conclusion

I hope the API interface design principles on this guide will assist you craft better API’s that follow the standard specifications.

Remember updating your API in the future can be a painful process and conforming to the industry’s best rest web service guidelines will save your time.

Although this is not an exhaustive list, it has covered the most common features every pragmatic restful design  of an API should consider.

Further readings

Varnish HTTP Cache Connection Refused on Apache & Ubuntu

If you get an error connection refused when trying to connect to your Apache web server with Varnish HTTP cache enabled ,consider doing the following steps:

Edit the ‘lib/systemd/system/varnish.service‘ file using a nano editor

$ sudo nano /lib/systemd/system/varnish.service

Change the default port 6081 to port 80 and then hit CTRL + X , Y and Enter to save the changes.

ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f$

Then restart Apache, Systemd daemon and Varnish HTTP Cache using the commands below:

$ sudo systemctl restart apache2
$ sudo systemctl daemon-reload
$ sudo systemctl restart varnish

Varnish HTTP Cache should now work on your server without displaying the connection refused problem and your website should load really fast because frequented fetched information will be sourced from memory.