Sign up here and you can log into the forum!

Add custom webend user for website

Feature requests / enhancements discussion regarding the web interface

Add custom webend user for website   

Postby rikifeld » Fri Oct 07, 2011 3:10 am

Hi,

I will go into Webend section with this, even thought it could easily be put elsewhere.
Currently I have ddclient up and running and serving my WTLXTV Live to me and my household over the Internet. Probably the best private server ;)
Other than setting up torrents and serving ftp access I've tried to do simple website hosting/sharing.

I would like to achieve this with minimal intervention, and using only connected USB ext drive, and rw location on WDTV Live.
So, currently I did something very simple - created symlink from www-plugins to external drive directory with simple html page.

The page is accessible through http link mywd*****.dyndns.org/plugins/my_website. Great! :mrgreen:

But, I have a few questions for masterminds here who will know if I'm on a right track here.

1.) Is it possible to create new/custom user other than predefined "wdlxtv" user which could have access to my_webite and not to the webend itself (so, different permissions depending on a location)?
2.) Is it possible to remove user/password protection from my_website location, and keep "wdlxtv" user for locking out Webend?
3.) Is it possible to remove "wdlxtv" user/password in general... thus enabling free access from outside, even though it's very unwanted scenario? ;)

Thank you very much!

PS. I've taken into account two other topics that discuss website hosting, but I reckon this method could be easy workaround...
User avatar
rikifeld
n00b
 
Posts: 6
Joined: Fri Oct 07, 2011 2:48 am

Re: Add custom webend user for website   

Postby recliq » Fri Oct 07, 2011 4:22 am

1) yes
Code: Select all
htdigest -c /conf/htpasswd WDLXTV-Webend <newuser>


2) possible but I would have to test how exactly, I'm pretty sure you would have to alter the apache config for this, so you would have to patch that on boot or use an ext3 version to get R/W filesystem to change the file (/etc/apache/sites-enabled)

3) also possible, see above. I'd strongly recommend NOT to do this, especially when it's reachabble from the internet.
­WDLXTV Project Maintainer
-:] If you like my contributions feel free to donate for a beer or a new flash drive. ...and always remember: RTFM! (README, FAQ, WIKI) [:-
User avatar
recliq
WDLXTV Team
 
Posts: 5513
Joined: Thu Apr 15, 2010 8:09 am
Location: Kiel, Germany

Re: Add custom webend user for website   

Postby rikifeld » Fri Oct 07, 2011 5:10 am

@recliq... thx for short and precise directions, will get into it. ;)

Currently Im checking out idea weather is possible to use .htaccess file to grant access to a linked directory (my_website) to all outside connections without authentication...
This way authentication for Webend is kept intact, and would still require user/pass for Webend. Still, direct url to my_website would allow access to a webpage.
Anyways, that's the plan, not sure if possible. So, I will try to get it working.

Then, i'll try with creating new user.
recliq, when creating new user, where can permissions be set (example - deny access to Webend for newuser)?
User avatar
rikifeld
n00b
 
Posts: 6
Joined: Fri Oct 07, 2011 2:48 am

Re: Add custom webend user for website   

Postby recliq » Fri Oct 07, 2011 6:00 am

well, i can't tell right now for sure without playing around with it myself....

here's some more information regarding apache2 authentification which might help:
http://httpd.apache.org/docs/2.2/howto/auth.html
http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html
­WDLXTV Project Maintainer
-:] If you like my contributions feel free to donate for a beer or a new flash drive. ...and always remember: RTFM! (README, FAQ, WIKI) [:-
User avatar
recliq
WDLXTV Team
 
Posts: 5513
Joined: Thu Apr 15, 2010 8:09 am
Location: Kiel, Germany

Re: Add custom webend user for website   

Postby rikifeld » Fri Oct 07, 2011 2:56 pm

Here's the thing for now...

I've used directions in http://wiki.wdlxtv.com/NoPasswordApache, not to disable password protection, but only to change <Directory /> settings in apache-default configuration file.
Changed section only:
Code: Select all
    <Directory />
        AllowOverride All  # This is changed line!
        Options FollowSymLinks
    </Directory>


Now I sure get apache2 to use .htaccess file that is in website folder, which is a step forward but, still... I get 500 Internal Server Error.
Hmm :shock: maybe I'm missing something, or the syntax of the .htaccess file is wrong?
Code: Select all
<Directory>
  Allow From All
  Satisfy Any
</Directory>
User avatar
rikifeld
n00b
 
Posts: 6
Joined: Fri Oct 07, 2011 2:48 am

Re: Add custom webend user for website   

Postby recliq » Sat Oct 08, 2011 1:24 am

Your .htaccess syntax is wrong, you can't have a <Directory> section in there, because .htaccess is itself like a <Directory> block in config.
http://httpd.apache.org/docs/2.2/howto/htaccess.html
­WDLXTV Project Maintainer
-:] If you like my contributions feel free to donate for a beer or a new flash drive. ...and always remember: RTFM! (README, FAQ, WIKI) [:-
User avatar
recliq
WDLXTV Team
 
Posts: 5513
Joined: Thu Apr 15, 2010 8:09 am
Location: Kiel, Germany

Re: Add custom webend user for website   

Postby rikifeld » Mon Oct 10, 2011 2:56 pm

After some messing around, here is a solution on how to host simple web site while keeping Webend settings intact, and using minimal resources.
To sum it up, the whole topic is just about it, so I guess I just could open a new one with appropriate title.

So here we go. Task is - host a simple (html) website on WDTV Live, using only external drive as resource.
Prerequisites could be ddclient set up for dynamic addressing if you wish. ;)

1. Use directions from http://wiki.wdlxtv.com/NoPasswordApache to create writable apache config file, but not removing Webend protection. So...
Code: Select all
cp /etc/apache2/sites-available/default /conf/apache-default

2. Edit new file apache-default (using nano for example) and add new section after existing <Location> section/directive, assuming that web page will be located at path /tmp/www-tmp/my_site. This will allow connections without having to input user/password.
Code: Select all
<Location /tmp/my_site>
   Allow From All
   Satisfy Any
</Location>

3. Again from wiki page: Create a new file /conf/S00user-script (it may already exist) putting the following into it:
Code: Select all
#!/bin/sh
mount -o bind /conf/apache-default /etc/apache2/sites-available/default

4. Restart... not sure if needed, you could just try rebooting apache (/etc/init.d/S66apache2 restart)... but... nevermind:
sync; sync; reboot
5. Assuming that your website directory is placed in a root of external hdd on path /tmp/mnt/12D3-4321/my_website ... (with main page index.html...)
Code: Select all
cd /var/www/tmp
ln -s  /tmp/mnt/12D3-4321/my_website my_website


And thats it! You can try to access your site by using WDXLTV IP address or domain name for outside (ex. 192.168.0.4/tmp/my_website).
You should not be asked for user/pwd for your site, while keeping Webend protected. ;)
Ok, it's pretty late, maybe there are some errors, but... you're free to try it if you need/want it.
User avatar
rikifeld
n00b
 
Posts: 6
Joined: Fri Oct 07, 2011 2:48 am

Re: Add custom webend user for website   

Postby mad_ady » Mon Oct 10, 2011 10:36 pm

I took the liberty to wikify your post. Feel free to change it/improve it on the wiki, if necessary: http://wiki.wdlxtv.com/Web_Hosting
User avatar
mad_ady
Developer
 
Posts: 4522
Joined: Fri Nov 05, 2010 9:08 am
Location: Bucharest, Romania

Re: Add custom webend user for website   

Postby rikifeld » Sun Oct 16, 2011 2:25 pm

Okey, there is one step further... ;)
After having web page up-and-running using one of least demanding servers in the world 8-) next task is to have secured web part accessible only to some users.
So, lets assume you want to have another user... say donaldduck, who will have access to website located on (for ex.) 192.168.0.4/tmp/my_secured_website

1.) Create new apache user donaldduck
Code: Select all
htdigest /conf/htpasswd WDLXTV-Webend donaldduck

You will be asked for a new user password, so enter it.
2.) Edit config file, as previously described.... nano /conf/apache-default
Change Require line in <Location /> directive to:
Code: Select all
      Require user wdlxtv

This will make Webend accessible only to exsisting wdlxtv user, and keep Webend password protected.

Add new section in apache-default file... assuming that your secured web page will be on location /tmp/mnt/12D3-4321/my_secure_website, symlinked by:
Code: Select all
cd /var/www/tmp
ln -s  /tmp/mnt/12D3-4321/my_secure_website my_secure_website


The new section in apache-default that you currently editing is:
Code: Select all
    <Location /tmp/my_secure_website>
      Require user donaldduck wdlxtv
    </Location>

This will allow access to website location for these two users. ;)

Restart apache before trying it out...
Code: Select all
/etc/init.d/S66apache2 restart



Ok, thats it!

Next, I have a question for you guys that are willing to help out.
I was trying to get php scripts running... and everything works fine, if you just try to execute php script (say index.php) on any newly created locations - but! - the user is allways prompted for a password!
I would like to bypass that... And I was trying to accomplish that, but the only solution by now is to turn off digest authentication completly on <Location /> in config apache-default file.
Any other configuration, even on same location as simple html page (from my previous post) is freely accessible from Internet - which opens to anyone, results in asking user/password before execution. After I enter credentials for wdlxtv user, the php page renders successfuly.
So - I need help, if anyone could direct me how to "bypass", or allow php execution on "my_website" location?
User avatar
rikifeld
n00b
 
Posts: 6
Joined: Fri Oct 07, 2011 2:48 am

Re: Add custom webend user for website   

Postby hursey013 » Sun Jul 22, 2012 4:18 pm

rikifeld -

Thanks for the guide. Im onFW Base: 1.05.04 / 0.5.1.1 and for me whenever I try and create a symlink in the /tmp/www-tmp folder it's wiped out upon reboot - does this not happen for you?

Thanks!
hursey013
WDTVer
 
Posts: 22
Joined: Tue Nov 08, 2011 9:27 pm

Next

Return to Webend Web Interface

Who is online

Users browsing this forum: No registered users and 2 guests