个人工具
119.28.94.63
该IP地址的讨论
登录
查看“UbuntuHelp:MythWeb”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:MythWeb”的源代码
来自Ubuntu中文
←
UbuntuHelp:MythWeb
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
{{From|https://help.ubuntu.com/community/MythWeb}} {{Languages|UbuntuHelp:MythWeb}} <<Include([[UbuntuHelp:MythTV|MythTV]]/Header)>> === Installation and Setup === Installing mythweb is quite easy. One command will install the plugin and all of its dependencies (ie: apache2): <pre><nowiki> sudo apt-get install mythweb </nowiki></pre> You can now access mythweb with your browser by entering this address: http://localhost/mythweb You can access mythweb from other computers on your network by using the backend ip address. For example: http://192.168.1.101/mythweb === Security (This is important) === If you plan to use mythweb over the internet, or if you do not have a hardware firewall on your network, it is imperative that you setup proper security for mythweb. Failure to configure security properly will leave mythweb open to anyone who stumbles on your ip address, including search engines. It is best not to allow these security holes to remain open. '''Note:''' Mythbuntu 9.04 uses the more secure digest method in: [[UbuntuHelp:[WhyAnAnchor|A Little More Secure]]] * First, set up a password file: <pre><nowiki> $ sudo htpasswd -c /etc/apache2/httpd-passwords MYUSER1 </nowiki></pre> * Once the password files has been created, '''Do Not Use the "-c" Flag again''' or you will overwrite the file you just created. If you wish to add additional users run the same command without that flag: <pre><nowiki> $ sudo htpasswd /etc/apache2/httpd-passwords MYUSER2 </nowiki></pre> * Now that you have create that file, modify the permissions and ownership to protect the password information: <pre><nowiki> $ sudo chown www-data.www-data /etc/apache2/httpd-passwords $ sudo chmod 640 /etc/apache2/httpd-passwords </nowiki></pre> * To associate the password file with the mythweb directory you need to edit the apache configuration file: <pre><nowiki> $ gksudo gedit /etc/apache2/httpd.conf </nowiki></pre> * Cut and paste the following code to the file you have just opened, then save and close that file: <pre><nowiki> <Directory "/var/www/mythweb"> Options Indexes FollowSymLinks AuthType Basic AuthName "MythTV" AuthUserFile /etc/apache2/httpd-passwords require user MYUSER1 MYUSER2 MYUSER3 Order allow,deny Allow from all </Directory> </nowiki></pre> * Restart apache: <pre><nowiki> $ sudo /etc/init.d/apache2 restart </nowiki></pre> You will now be prompted for a username and password when first connecting to mythweb. This should give added protection from unauthorized access to your mythtv system. <<Anchor(WhyAnAnchor)>> === A Little More Secure === This is assuming you are running Ubuntu 8.04, Apache2 have [[UbuntuHelp:MythTV|MythTV]] and MythWeb installed and working correctly. Instead of using htpasswd to generate the passwords we are going to use htdigest. We will also make it so that when accessing MythWeb from your local network you won't need to authenticate. '''Note:''' Mythbuntu 9.04 stores the <Directory> directive in /etc/apache2/sites-enabled/mythweb.conf and stores the apache password file associated with mythweb at /etc/mythtv/mythweb-digest. Modify the directions below with these in mind. ==== Enable htdigest authentication in Apache ==== Enter this at the command line: <pre><nowiki> sudo a2enmod </nowiki></pre> When prompted for what module you want to enable enter: <pre><nowiki> auth_digest </nowiki></pre> The reason we use <code><nowiki>auth_digest</nowiki></code> is that it provides a little more security than basic (<code><nowiki>auth_basic</nowiki></code>). ==== Create your password directory ==== We are going to store the password file in the <code><nowiki>/etc/apache2/passwd</nowiki></code> directory. The <code><nowiki>passwd</nowiki></code> directory will not exist so we will need to make it. We are storing the passwords in this directory because this '''is not''' a directory that apache will serve out to the web. This is in case your web server becomes compromised the passwords file won't be easily accessible. <pre><nowiki> sudo mkdir /etc/apache2/passwd </nowiki></pre> ==== Create your password FILE ==== We need to generate a password file. <pre><nowiki> sudo htdigest -c /etc/apache2/passwd/passwords MythTV MYTHUSER </nowiki></pre> It will then ask you to enter a password and then to confirm that password by entering the same password again. This will create a file called "passwords" in the /etc/apache2/passwd/ directory. The "-c" option "creates" the file. It will add the user "MYTHUSER" to the realm (more on that later) "[[UbuntuHelp:MythTV|MythTV]]". All you need to do is change "MYTHUSER" to a username you want to use. '''DO NOT''' use the same password that you use for your login username or the root user. ==== Add users to password file ==== If you want to add another user then run the same command above except '''DO NOT''' use the "-c" option. As explained above the "-c" option "creates" the file and will overwrite any existing files. Say you want to add "MYTHUSER2"... you would enter <pre><nowiki> sudo htdigest /etc/apache2/passwd/passwords MythTV MYTHUSER2 </nowiki></pre> ==== Grant Permissions to the new passwords file ==== <pre><nowiki> sudo chown www-data /etc/apache2/passwd/passwords sudo chgrp www-data /etc/apache2/passwd/passwords sudo chmod 640 /etc/apache2/passwd/passwords </nowiki></pre> The first command changes the owner to "www-data". This is the user that apache runs on in Ubuntu. The second command changes the group of the passwords file to "www-data". This is the group that Apache runs on in Ubuntu. The third command limits access to the file. It gives read and write access to the user www-data and it gives read access to the group www-data. The world (or everyone else) will not have read, write or execute permissions to that file. ==== Edit Apache Config ==== <pre><nowiki> sudo nano /etc/apache2/apache2.conf </nowiki></pre> Add the following to the bottom of that file. <pre><nowiki> <Directory "/var/www/mythweb"> Options Indexes FollowSymLinks AuthType Digest AuthName "MythTV" AuthUserFile /etc/apache2/passwd/passwords Require valid-user Order allow,deny Allow from 192.168.1. Satisfy any </Directory> </nowiki></pre> *'''NOTE:''' You can substitute <code><nowiki>nano</nowiki></code> with <code><nowiki>gedit</nowiki></code>. If you are running Ubuntu with a desktop use <code><nowiki>gedit</nowiki></code>. If you want to use <code><nowiki>nano</nowiki></code> a few hints. <code><nowiki>Ctrl+o</nowiki></code> will save the file and <code><nowiki>Ctrl+x</nowiki></code> will close the file. I believe the default <code><nowiki>Directory</nowiki></code> for mythweb is <code><nowiki>/var/www/mythweb</nowiki></code>. If mythweb is stored somewhere else on your machine you will have to update the first line. As you can see the <code><nowiki>AuthType</nowiki></code> is set to <code><nowiki>Digest</nowiki></code> which tells Apache that we used <code><nowiki>htdigest</nowiki></code> to generate the passwords. <code><nowiki>AuthName</nowiki></code> is the realm. Remember we had <code><nowiki>MythTV</nowiki></code> in our htdigest command. That was the specify the realm which is the <code><nowiki>AuthName</nowiki></code>. <code><nowiki>AuthUserFile</nowiki></code> points to our <code><nowiki>passwords</nowiki></code> file that we generated using <code><nowiki>htdigest</nowiki></code>. <code><nowiki>Allow from 192.168.1.</nowiki></code> will allow anyone to connect that has a IP address matching to 192.168.1. This would be anything from 192.168.1.1 through 192.168.1.255. So, if your internal network is different, say, 172.20.1.9 you would change it to <code><nowiki>Allow from 172.20</nowiki></code>. This would allow anyone with a IP address between 172.20.0.1 through 172.20.255.255 to connect without authenticating. === Tips and Tricks === * Access from the Internet Some internet service providers block incoming requests to port 80 for residential connections. This is a security/bandwidth limiting feature that will prevent you from accessing mythweb from the internet. You can get around this by configuring your router to forward a different port number to port 80 on your mythtv machine. A setup as described is different for each router and cannot be outlined in this wiki. [[category:UbuntuHelp]]
该页面使用的模板:
模板:From
(
查看源代码
)
模板:Languages
(
查看源代码
)(受保护)
模板:Languages/Lang
(
查看源代码
)(受保护)
返回至
UbuntuHelp:MythWeb
。