[K12OSN] OT: need help configuring web server on Ubuntu Server to allow file uploads
John Lucas
mrjohnlucas at gmail.com
Wed Apr 25 10:24:04 UTC 2007
In a similar situation I use WebDAV with LDAP authentication. I use WebDAV
*only* under https to encrypt passwords (while not affecting regular port 80
web access). I set up each user with a "public" and a "private" folder. The
public folder is read-only for the immediate planet (a regular web site), the
private folder is accessible only by the authenticated owner.
I have been meaning to write this up as a "How To" but I haven't done it yet,
so here are the pieces: excerpt from my "ssl.conf" file
(in /etc/httpd/conf.d), a further webdav configuration file (dav-folders.conf
in the same directory), and the ".htaccess" file that goes in each directory
(there are scripts to create the directory and add the .htaccess file). Sorry
for the length.
========================================================================
File: dav-folders.conf
#
# Public read-only access to WebDAV folders
#
# Users have read/write access to their own WebDAV
# folders within the SSL virtual server (see ssl.conf).
#
# Private folders are inaccessible from ordinary http browsing.
# They are only visible using https, and only by the owner with
# authentication (via LDAP).
#
# The ".htaccess" files used with the SSL virtual server are ignored here.
# To assure that this will always be so, we (re-)declare
# "AllowOverride None"
#
# -jrl Jan 2006
#
#
# Only add the Public folders to the main web folder tree -jrl
#
Alias /Public /usr/local/WebDAV/Public
Alias /Calendars /usr/local/WebDAV/Calendars
Alias /FreeBusy /usr/local/WebDAV/FreeBusy
<Directory /usr/local/WebDAV/Public>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>
<Directory /usr/local/WebDAV/Public/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>
<Directory /usr/local/WebDAV/Calendars>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>
<Directory /usr/local/WebDAV/Calendars/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>
<Directory /usr/local/WebDAV/FreeBusy>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>
<Directory /usr/local/WebDAV/FreeBusy/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride None
</Directory>
========================================================================
Excerpt from "ssl.conf":
#
# Private read/write access to WebDAV folders
#
# Users have read/write access to their own WebDAV
# folders within the SSL virtual server.
#
# Private folders are inaccessible from ordinary http browsing.
# They are only visible using https, and only by the owner with
# authentication (via LDAP).
#
# The directives below perform the following:
# - bring the WebDAV folders into web tree
# - allow browsing (with indexing)
# - includes individual user directory info (with auth)
#
# To provide a scalable authentication strategy, set:
# "AllowOverride AuthConfig" to use the local ".htaccess" file to control
# who can log in. This file belongs to "root" and is read-only for normal
# users. This strategy allows the configuration to be a trivial addition to
# folder creation without separate maintenence.
#
# -jrl Jan 2006
#
# Graft folders into web folder tree -jrl
#
Alias /Private /usr/local/WebDAV/Private
Alias /Public /usr/local/WebDAV/Public
# Allow WebDAV access to user folders, but not parent folders -jrl
#
<Directory /usr/local/WebDAV/Private>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
</Directory>
<Directory /usr/local/WebDAV/Calendars>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
</Directory>
<Directory /usr/local/WebDAV/FreeBusy>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
</Directory>
<Directory /usr/local/WebDAV/Private/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride AuthConfig
DAV On
Order deny,allow
Allow from all
AuthName DAV
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://minibox.uvi.edu/ou=People,dc=minibox,dc=uvi,dc=edu
</Directory>
# Access to Public folder itself is controlled in main httpd.conf file -jrl
#
<Directory /usr/local/WebDAV/Public/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride AuthConfig
DAV On
Order deny,allow
Allow from all
AuthName DAV
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://minibox.uvi.edu/ou=People,dc=minibox,dc=uvi,dc=edu
</Directory>
<Directory /usr/local/WebDAV/Calendars/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride AuthConfig
DAV On
Order deny,allow
Allow from all
AuthName DAV
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://minibox.uvi.edu/ou=People,dc=minibox,dc=uvi,dc=edu
</Directory>
<Directory /usr/local/WebDAV/FreeBusy/*>
Options MultiViews Indexes IncludesNoExec
IndexOptions FancyIndexing FoldersFirst
AllowOverride AuthConfig
DAV On
Order deny,allow
Allow from all
AuthName DAV
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://minibox.uvi.edu/ou=People,dc=minibox,dc=uvi,dc=edu
</Directory>
=======================================================================
File: ".htaccess"
require user jlucas
=======================================================================
The ".htaccess" file is world readable, but owned by root so in the Apache
context it is read-only. A simple bash script created the directory and
makes the ".htaccess" and sets ownership and permissions with only the user ID
as an argument.
--
"History doesn't repeat itself; at best it rhymes."
- Mark Twain
| John Lucas MrJohnLucas at gmail.com |
| St. Thomas, VI 00802 http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W AST (UTC-4) |
More information about the K12OSN
mailing list