@flavoie, I tried running "free -m", but I don't have that command.
@Sweepsy, con't directions.
4) To setup Apache, we first must edit httpd.conf. The file is located in /usr/loacl/apache2/conf/. Using any text editor, edit :
- ie. /usr/local/apache2
Unsecure http usually runs on port 80, so we should usually leave this. If you change the port to something else, ie 8080, you will have to access your webserver by using "http://yourdomain.xxx:8080"
- This is very important to enter this correctly. "Port" is the number you entered in the above port directive.
- You can leave the as default or define a spefic location where you want your web pages to be. For example, if you chose /usr/local/apache2/htdocs/, Apache will serve this directory to the internet.
-this tells apache to look at httpd-ssl.conf for more directives.
Now open httpd-ssl.conf, default is located in /usr/local/apache2/conf/extra/;
- Leave the Listen directive at 443.
- You are now creating what is known as a virual host. Apache is basically serving to directories. One through port 80 as unsecured http and the other through port 443 as secured. Note, when you type https://anydomain.xxx,
the browser automatically attempts to connect to the server at port 443.
- You will want to change the DocumentRoot here to a different directory than your unsecurred one. That way you don't accidentally server the "secure documents" through an unsecure connection. You could change the DocRoot to /usr/local/apache2/secure_folder. Do not have this directory on a network share for security reasons.
Before we leave this file, we need to make sure that the certificate paths are correct. The Directives that you need to be concerned with for cert paths are
it is ok to leave the values at default, but make sure you place the certs in those directories with the specified names (ie. ca.crt).
The SSLCertificateKeyFile is the RSA key used to encrypt your server certificate. The SSLCACertificateFile is the Certificate-Authority certificate used to issue your server certificate. Your CA (ie versign) will tell you which are which, or if you decide to make a self-signed one with OpenSSL, you will have to be careful to identify which file is which correctly.
If you need to make a self-signed certificate, PM me and I'll try to help you there; self-signed certs is probable too off topic for this thread/forum. You can google "self-signed certificate using openssl" and find many tutorials as well. I possibly will create an wiki article for this.
anylinuxbox# /usr/local/apache2/bin apachectl start
will start apache if installed to default directory.
5) Okay, now the final part. After you have tested that you have got your server up and running, you will want to password protect certain directories. I assume that you know the basics of html coding. Design your index page to hearts desire and place file in you unsecured DocRoot. The important thing is that you will want to have a way to access your secured link.
For example, you may place a "login" button on your index page with a link to https://yourdomain.xxx.
Optionally, you can disable unsecured html and require users to type https://yourdomain.xxx.
To do so, comment out the Listen Directive in httpd.conf.
6) You have two options for basic-authentication with apache. First, you can create an .htaccess file, Second, you can add a "Directory" directive to the config files (here would be httpd-ssl.conf). .htaccess is highly discouraged as apache must run the script everytime it access a password-protected file, So I will explain the second method here.
Open httpd-ssl.conf w/ the text editor again. Someone in the file (doesn't really matter where, just not in the middle of any directives) add
Options Indexes FollowSymLinks
Allow from All
AuthName "Restricted Area"
require user user_with_permission1 user_with_permission2
Important things to know right now are that the AuthName can be whatever you want it to be. Just make sure you keep the same when you make this directive for the subdirectories. Otherwise, the user will have to type in their username and password each time they change directories. "Domain" is your domain name w/o the TLD (.com .net). You don't actually have to put .htpasswd here, but you will want to make sure that it's not located in either DocumentRoot or their subdirectories. If you place .htpasswd somewhere else, change AuthUserFile to point to
the "require user" specifies what users are allowed to access the directory. Note, these users are not the same as Linux users. We will be creating them when we create .htpasswd.
We need to create the passwd file for the directory. To do this, type
htpasswd -b -c /absolute/path/to/.htpasswd user_with_permission1 user1_password
Make sure no-ones looking when you do this. -b flag take the passwrd from the command line rather than prompting for it. The prompt doesn't always work, so use -b flag.
The -c flag tells htpasswd to create a new passwd file. You will need to repeat the above step to add additional users. Just remove the -c flag.
Place a symlink in your secure DocumentRoot pointing to /mnt/hda/user1
and so forth.
ln -s /mnt/hda/user1 /usr/local/apache2/secure_directory/user1
ln -s /mnt/hda/user2 /usr/local/apache2/secure_directory/user2
Do not place an index file in this folder. That way when someone contacts your Linkstation via https://youdomain.xxx,
the will be prompted to type their username/password and then they will see the directories they're given permission to access.
9) Last step -- I promise,
We will need to repeat steps 6 and 7 for each user directory. When you make a "directory" directive (step 6) for a user, make sure you set the directive for
*The path is the same as the symlink you made previously for each user directory.
Change require user to have only the user you want access. For example, if you want user3 to only have access to his/her directory. You would set the require user option to
require user user3
Change the AuthUserFile to the absolute path to .htpasswd2 that you will create for each user.
When making a .htpasswd file for a user folder, name the ,.htpasswd file to something like .htpasswd2, and use the c-flag. You can save the .htpasswd file in the same folder as the.htpasswd file for DocRoot.
Note, If you have to directories that the same users are allowed to use, you don't need to create additional .htpasswd files. Just point AuthUserFile to where the .htpasswd that has both users is.
Congrats, if all works right, you should now have a passwd protected/secure user directories accessible via http..
Make sure to disable FTP through webmin after this works. You will need to use OpenSSH and a SFTP client if you want to remotely upload files. I will post script that you can add to you webpage so that you can securely upload files through the browser after it is completed.
These instructions are rather generic (as it's supposed to just get you started w/ pointers), go to www.apache.org
to read more about apache directives. You will soon understand the directives used in this tut and will be able to customize it to your liking. If you have any questions, let me know. I will try to get to working on a wiki article that explains this method clearer soon. Good Luck
@everyone else, any suggestions on the best way to create upload scripts or telling browsers to view the files with a "folder view" is greatly appreciated.