johnodon Posted February 23, 2016 Share Posted February 23, 2016 I'm using the LSIO Apache container. I basically deleted the index.html file so I can use Apache as a simple file server for family/friends to grab stuff directly from my server. So, I created a volume map from /www/ --> /mnt/user/Web/ and I dump files there. I installed apache2-utils in the container so I could use htpasswd to create the .htpasswd file. What I want is for the document root (/www/) to be wide open and all folders/files visible and the /www/Private/ folder to be restricted by user/pass. My issue is that I can reach the Private folder if I manually add it to the end of the URL but it is not visible in the root. How can I correct this? Here is the relevant section of my default.conf: <VirtualHost *:80> DocumentRoot /www/ <Directory /www/> Options +Indexes AllowOverride AuthConfig Order allow,deny Allow from all </Directory> <Directory /www/Private/> AuthType Basic AuthName "Restricted Access" AuthUserFile /config/.htpasswd Require user private </Directory> </VirtualHost> John Link to comment
CHBMB Posted February 23, 2016 Share Posted February 23, 2016 John, you shouldn't need to install anything in the container to get this working. My whole webserver is protected with a .htpasswd file using the default apache container. I haven't tried what you are doing, but my thought is it's probably easier to have two folders inside web, one for private access and one for public... Here's my default.conf (Well an excerpt of it... It's quite long..) <VirtualHost *:80> ServerName server.com ServerAlias server.com DocumentRoot /config/www/ Redirect permanent / https://server.com/ </VirtualHost> <VirtualHost *:443> ServerName server.com ServerAdmin webmaster@localhost DocumentRoot /config/www/ SSLCertificateFile /config/keys/2_server.com.crt SSLCertificateKeyFile /config/keys/ssldecrypted.key SSLCertificateChainFile /config/keys/sub.class1.server.ca.pem Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" SSLEngine on SSLProxyEngine On RewriteEngine On ProxyPreserveHost Off SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLHonorCipherOrder on <Directory "/config/www/"> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny Allow from all </Directory> <Directory "/config/www/books/"> AuthType Basic AuthName "CHBMB's Library" AuthUserFile /config/keys/.htpasswd Require valid-user AllowOverride None Order allow,deny Allow from all </Directory> Also one other thought. Make sure it's not the browser caching the password access to the private folder. Link to comment
johnodon Posted February 23, 2016 Author Share Posted February 23, 2016 John, you shouldn't need to install anything in the container to get this working. My whole webserver is protected with a .htpasswd file using the default apache container. From what I read, you use the htpasswd program to encrypt the password in the .htpasswd file. Are you just using plain text? This is what the contents of mine looks like: private:$apr1$KZaZRK74$v2UwSAPEFERKhishMYlAp/ John Link to comment
CHBMB Posted February 23, 2016 Share Posted February 23, 2016 Yep mines encrypted too Link to comment
johnodon Posted February 23, 2016 Author Share Posted February 23, 2016 When I tried to run htpasswd in the container it told me it wasn't installed. Link to comment
CHBMB Posted February 24, 2016 Share Posted February 24, 2016 When I tried to run htpasswd in the container it told me it wasn't installed. You don't run htpasswd in the container... I generated the file online and copied it to my appdata folder... Link to comment
johnodon Posted February 24, 2016 Author Share Posted February 24, 2016 When I tried to run htpasswd in the container it told me it wasn't installed. You don't run htpasswd in the container... I generated the file online and copied it to my appdata folder... Ha. I didn't know there were websites to do that for you. The guide I was following had me run it on the apache server itself. Now that we worked that out, my original dilemma still exists. As soon as I prohibit access to a folder in the root, it is no longer visible. Link to comment
hernandito Posted February 24, 2016 Share Posted February 24, 2016 Hi John, I use Owncloud docker to do exactly what you want to accomplish. You can even create separate user accounts. I also use Apache to host a Maraschino-like portal I created myself. I could not have implemented Apache without my pal CHBMB's help. H. Link to comment
CHBMB Posted February 24, 2016 Share Posted February 24, 2016 When I tried to run htpasswd in the container it told me it wasn't installed. You don't run htpasswd in the container... I generated the file online and copied it to my appdata folder... Ha. I didn't know there were websites to do that for you. The guide I was following had me run it on the apache server itself. Now that we worked that out, my original dilemma still exists. As soon as I prohibit access to a folder in the root, it is no longer visible. I missed that point in your first post, I thought it was VISIBLE... H5AI is a docker that may be better suited to setup for you, and then reverse proxy it via the Apache container. Link to comment
johnodon Posted February 24, 2016 Author Share Posted February 24, 2016 When I tried to run htpasswd in the container it told me it wasn't installed. You don't run htpasswd in the container... I generated the file online and copied it to my appdata folder... Ha. I didn't know there were websites to do that for you. The guide I was following had me run it on the apache server itself. Now that we worked that out, my original dilemma still exists. As soon as I prohibit access to a folder in the root, it is no longer visible. I missed that point in your first post, I thought it was VISIBLE... H5AI is a docker that may be better suited to setup for you, and then reverse proxy it via the Apache container. I looked at that briefly but I don't think you can set permissions. Link to comment
johnodon Posted February 24, 2016 Author Share Posted February 24, 2016 Hi John, I use Owncloud docker to do exactly what you want to accomplish. You can even create separate user accounts. I also use Apache to host a Maraschino-like portal I created myself. I could not have implemented Apache without my pal CHBMB's help. H. I had owncloud at one point but I want somehting completely simple..."just go to the website" and the files will be staring them in the face...I'm dealing with parents here But I also want one folder that will require authentication for stuff I don't want public. Link to comment
CHBMB Posted February 24, 2016 Share Posted February 24, 2016 When I tried to run htpasswd in the container it told me it wasn't installed. You don't run htpasswd in the container... I generated the file online and copied it to my appdata folder... Ha. I didn't know there were websites to do that for you. The guide I was following had me run it on the apache server itself. Now that we worked that out, my original dilemma still exists. As soon as I prohibit access to a folder in the root, it is no longer visible. I missed that point in your first post, I thought it was VISIBLE... H5AI is a docker that may be better suited to setup for you, and then reverse proxy it via the Apache container. I looked at that briefly but I don't think you can set permissions. If it were me, I'd run two instances of H5AI one for public, one for private. Then reverse proxy both of them, one to a subroot folder with authorisation set. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.