Coral: general access ssl

From The Uniform Server Wiki
Jump to navigation Jump to search

Root folder ssl - Access

Creating a new server certificate for The Uniform Server automatically enables SSL in Apache's configuration file. You can now access your server using either http or https. The Uniform Server has a predefined folder (ssl root folder) that is reserved for https access. By default this folder is restricted to local access only. The following covers opening up your server for public or intranet access, and optionally restricting access using a name and password.

UniServer 8-Coral
  Home
  Quick Start
» General
  Apache
  MySQL
  PHP
  MSMTP
  CRON
  DtDNS
  Db Backup
  Perl
  Main Index

Overview

UniController: Server Configuration > General > Root ssl - Change passwords and access

This menu is split into three sections as follows:

1) The top section allows you to change the access name and password; the defaults are set to root.

  • Generally for a private server a single name and password are used.
  • These are displayed and changeable using buttons A) B) D)
  • Note: When using a list, only the first entry is displayed and directly changeable.
  • Using a list of names and passwords requires that you directly edit the associated name-password configuration file. Use edit button E) to open the file in notepad. The Reload values button C) displays just the first entry in list.


2) Change state: enables or disables the use of a password to access root folder ssl. Default is disabled.


3) Access section: allows you to set who can gain access to root folder ssl. Default is local access only.

Note 1: Server access is controlled using an .htaccess file. This can be directly edited using Edit button K)
Note 2: Apache does not require restarting. All changes take effect immediately.
Note 3: Test button L) opens the index page in the default browser, allowing you to quickly test changes. This index page (root folder ssl) is user configurable with the Change ssl page.

Top

Background information

There are three ways of restricting access to documents: either by IP address, hostname or by asking for a username and password. The first two are very similar and can be used to restrict access on an intranet. The last option allows users to be restricted on an individual basis using a username and password before being allowed access. This process is commonly referred to as user authentication. The Uniform Server can restrict access using both IP address and user authentication.

Setting up user authentication requires two steps. First you create a file containing a list of usernames and passwords. Secondly you specify what resources are to be protected and which users are allowed to access them. Setting up IP address access requires only server configuration. Server configuration uses an .htaccess file located in the folder it is protecting (root folder ssl). This allows configuration to take immediate effect and does not require a server restart.

Creating a password file

A list of users and passwords needs to be created in a file. For security, this file must be located outside of the document root. The Uniform Server is pre-configured and uses file: UniServer\htpasswd\ssl\.htpasswd

The file contains a list of name and password pairs,
each on a single line.
The name and password are separated using a colon.
A password file can consist of a single line.
The default is root:root

root:root
mike:fred123
john:xyz45
dave_smith:za123 
mike smith:good1234

Edit or change password

  • A) Enter new name or edit existing one.
  • B) Enter new password or edit existing one.
  • D) Click change name password Note: This changes only the first entry in the list.

Add name/password pair to list

  • E) Click Edit button. Opens file .htpasswd in notepad.
  • Enter new name and password with format name:password
  • Save file.
  • Optionally click C) which refreshes first name/password displayed.

Note: The menu provides a convenient way to enter names and passwords. You can edit the file UniServer\htpasswd\ssl\.htpasswd directly using an alternative text editor.

Top

Enable or disable name password access

Server configuration uses an .htaccess file located in root folder UniServer\ssl. It is pre-configured for basic authentication, default is basic authentication disabled. Four lines (Apache directives) in this configuration file control authentication and are edited as follows:

Enable authentication

  • G) Click radio button Password enabled
  • Alternatively edit file UniServer\ssl\.htaccess and uncomment (remove #) four lines as shown:
AuthName "Uniform Server - Secure Server Access"
AuthType Basic
AuthUserFile ../../../htpasswd/ssl/.htpasswd
Require valid-user

Disable authentication

  • F) Click radio button Password disabled
  • Alternatively edit file UniServer\ssl\.htaccess and comment (add #) to four lines as shown:
#AuthName "Uniform Server - Secure Server Access"
#AuthType Basic
#AuthUserFile ../../../htpasswd/ssl/.htpasswd
#Require valid-user

  

Note: Menu provides a convenient way to enable or disable authentication.

Top

Change Access

Server configuration uses an .htaccess file located in root folder UniServer\ssl. It is pre-configured to allow local access only. Four lines (Apache directives) control who can access to the server. These lines are edited as follows:

Local Access

  • H) Click radio button Local Access
  • Alternatively edit file UniServer\ssl\.htaccess and uncomment (remove #) four lines as shown:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1

Local and Intranet Access

  • I) Click radio button Local and Intranet Access
  • Alternatively edit file UniServer\ssl\.htaccess and uncomment (remove #) four lines as shown:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168
Allow from ::1

Local, Intranet and Internet Access

  • J) Click radio button Local, Intranet and Internet Access
  • Alternatively edit file UniServer\ssl\.htaccess and comment (add #) to four lines as shown:
#Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1

  

Deny from all. No one allowed access
Allow from 127.0.0.1 192.168 Access is restricted to locahost and Intranet
Allow from 127.0.0.1 Access is restricted to locahost (127.0.0.1) ipv4
Allow from ::1 Access is restricted to locahost (::1) ipv6

Note: The menu provides a convenient way to change and restrict access.

Top