LinHES Forums http://forums.linhes.org/ |
|
How to enable web security with R6? http://forums.linhes.org/viewtopic.php?f=21&t=20844 |
Page 1 of 1 |
Author: | ceenvee703 [ Sat Feb 13, 2010 9:20 pm ] |
Post subject: | How to enable web security with R6? |
How does one do this from the command line when one doesn't have access to the service menu? Thanks. |
Author: | Martian [ Sun Feb 14, 2010 7:25 am ] |
Post subject: | |
You should be able to set / change the web password by editing /etc/lighttpd/lighttpd.user The format is: user:pass other-user:pass for example: mythtv:secret ceenvee703:supersecret Then be sure to restart lighttpd with: sv restart lighttpd Hope this helps! Martian |
Author: | ceenvee703 [ Sun Feb 14, 2010 10:59 am ] |
Post subject: | |
Martian, thanks for the help. Unfortunately I think I need to edit something else besides creating that lighttpd.user file.... I added that and I got no prompt for a password when trying to access the server. I then went into lighttpd.conf and about line 295 (in mine anyway) there's a section for "auth module" that was all commented out. I can uncomment the first three lines (auth.backend, auth.backend.plain.userfile and auth.backend.plain.groupfile) and everything's fine, but if I uncomment the "auth.require" section the webserver gives me "unable to connect" errors. It also takes suspiciously long to do the "sv restart lighttpd" after uncommenting that section, and I have to do it three or four times to get it to give me an "ok" prompt (it says "timeout: down lighttpd: 1s, normally up, want up" when it doesn't restart). I'll nose around some more about editing lighttpd.conf for authentication, but if you have it working and can check that part of your lighttpd.conf file, I'd appreciate it. Thanks again. |
Author: | Martian [ Sun Feb 14, 2010 1:19 pm ] |
Post subject: | |
Ah yes, I think I know what the problem is. I also have a file named "auth-inc.conf" which contains: Code: auth.backend = "plain" auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user" auth.require = ( "/mythweb" => ( "method" => "basic", "realm" => "MythWeb", "require" => "valid-user", ) ) You can replace "valid-user" with "user=your username" You will need to have the following line in your lighttpd.conf (mine is just after #### include) Code: include "/etc/lighttpd/auth-inc.conf"
Hopefully I haven't forgotten anything else. Martian |
Author: | ceenvee703 [ Sun Feb 14, 2010 7:49 pm ] |
Post subject: | |
Thanks, that got me 99% of the way there. I already had the "auth-inc.conf" file and it contained the same code yours did. My lighttpd.conf file also had the include line, but it was commented out, so I uncommented and restarted. Still no luck. Then I realized I still had those other auth module lines uncommented at line 295. I recommented those and viola, authorization was working. Thanks again for the help. |
Author: | Martian [ Mon Feb 15, 2010 8:46 am ] |
Post subject: | |
Great!!! - Glad to hear you got it. I case you want to take this a little further - to secure phpMyAdmin perhaps? you can do something like this: Code: auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user" auth.require = ( "/mythweb" => ( "method" => "basic", "realm" => "MythWeb", "require" => "valid-user", ), "/phpMyAdmin" => ( "method" => "basic", "realm" => "phpMyAdmin", "require" => "user=myuser", ), "/torrent" => ( "method" => "basic", "realm" => "Torrents", "require" => "user=myuser", ) ) I'm running rutorrent (which is a web frontend to rtorrent) which is why I have the /torrent section. |
Author: | ceenvee703 [ Mon Feb 15, 2010 1:52 pm ] |
Post subject: | |
Just to confirm, if I wanted to authenticate everything, rather than directory by directory, I could just change "/mythweb" to "/" ? |
Author: | Martian [ Mon Feb 15, 2010 2:04 pm ] |
Post subject: | |
ceenvee703 wrote: Just to confirm, if I wanted to authenticate everything, rather than directory by directory, I could just change "/mythweb" to "/" ?
I believe that will work although I haven't tried it. The Lighttpd way is fairly new to me, I'm used to .htaccess files in Apache. Should be easy to test and see though. Martian |
Author: | ceenvee703 [ Mon Feb 15, 2010 3:44 pm ] |
Post subject: | |
Yep, that was it. Thanks again. |
Author: | alien [ Tue Feb 16, 2010 2:40 am ] |
Post subject: | |
I opened a flyspray to enable security on all pages a while ago. In lists the necessary changes. http://linhes.org/flyspray/index.php?do ... ask_id=421 |
Page 1 of 1 | All times are UTC - 6 hours |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |