http authentication

Talks about solar stuff
Post Reply
jeanmarc
Posts: 1867
Joined: Thu Aug 29, 2013 7:16 am

http authentication

Post by jeanmarc » Fri Apr 11, 2014 6:02 pm

Hi,

Here some example for http authentication :
Nginx

Code: Select all

# Test the syntax with nginx -t

user http;
worker_processes 1; # per CPU
worker_priority 5; #~25% system resources at nice=15

events {
worker_connections 32; # number of parallel per worker_processes
}

http {
	include mime.types;
	charset utf-8;
	default_type application/octet-stream;
	gzip on;
	gzip_comp_level 1;
	gzip_proxied any;

	## Size Limits & Buffer Overflows
	  client_body_buffer_size  4k;
	  client_header_buffer_size 1k;
	  client_max_body_size 10k;
	  large_client_header_buffers 2 4k;

	## Timeouts
	  client_body_timeout   10;
	  client_header_timeout 10;
	  keepalive_timeout     5 5;
	  send_timeout          10;

	## Limit user connections
	 limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
	 limit_req_zone $binary_remote_addr zone=req_limit_per_ip:25m rate=15r/s;

	#access_log logs/access.log main;
	 access_log off;
	 error_log /var/log/nginx/error.log;

	sendfile on;

	server {
		listen 80;
		server_name localhost yourserver.home.org;
		root /srv/http;

		# Anti DDOS
		limit_conn conn_limit_per_ip 10;
		limit_req zone=req_limit_per_ip burst=10 nodelay;

		## Only allow these request methods ##
			if ($request_method !~ ^(GET|HEAD|POST)$ ) {
			 return 444;
			}
		    
		## Default location 
			location / { 
			  index  index.html  index.php  /_h5ai/server/php/index.php;
			 #index index.php index.html index.htm;
			}

			location  /123solar/admin {
			  index index.php;
			  auth_basic            "Restricted";
			  auth_basic_user_file  /srv/http/123solar/config/.htpasswd;
			}

		#!!! IMPORTANT !!! We need to hide the password file from prying eyes
			location ~ /\. { deny  all; }

#location /ipcam/ {
#    proxy_pass http://192.168.1.6/;
#}

			location ~ \.php {
			 #root /srv/http;
			 fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
			 fastcgi_index index.php;
			 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
			 include fastcgi_params;
			}

		}
} 
lighttpd (add "mod_auth" in module)

Code: Select all

# test with lighttpd -t -f /etc/lighttpd/lighttpd.conf

### Load server modules
server.modules = (
"mod_alias",
"mod_access",
"mod_status",
"mod_proxy",
"mod_compress",
"mod_accesslog",
"mod_auth"
)

server.port		= 80
server.username		= "http"
server.groupname	= "http"
server.document-root	= "/srv/http"
server.errorlog		= "/var/log/lighttpd/error.log"
dir-listing.activate	= "enable"
status.status-url	= "/status"
#tunning
server.max-connections = 128
server.max-keep-alive-idle = 5
server.max-keep-alive-requests = 16
server.max-read-idle = 60
server.max-write-idle = 360

# Authentication config
auth.debug             = 2
auth.backend            = "htpasswd"
auth.backend.htpasswd.userfile   = "/srv/http/config/.htpasswd"

auth.require = ( "/admin/" =>
(
"method" => "basic",
"realm" => "Private",
"require" => "valid-user"
)
)

## PHP
include "fastcgi.conf"

## Compressing
compress.cache-dir = "/tmp/lighttpd/" 
compress.filetype = ("text/plain","text/css","text/xml","text/javascript") 

index-file.names	= ( "index.php","index.html" )
# mimetype mapping
mimetype.assign = (
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".pac" => "application/x-ns-proxy-autoconfig",
".dat" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tgz" => "application/x-tgz",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".asc" => "text/plain",
".c" => "text/plain",
".h" => "text/plain",
".cc" => "text/plain",
".cpp" => "text/plain",
".hh" => "text/plain",
".hpp" => "text/plain",
".conf" => "text/plain",
".log" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".diff" => "text/plain",
".patch" => "text/plain",
".ebuild" => "text/plain",
".eclass" => "text/plain",
".rtf" => "application/rtf",
".bmp" => "image/bmp",
".tif" => "image/tiff",
".tiff" => "image/tiff",
".ico" => "image/x-icon",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar",
".tar.gz" => "application/x-tgz",
".bz2" => "application/x-bzip",
".gz" => "application/x-gzip",
".tar" => "application/x-tar",
".zip" => "application/zip",
".jpeg" => "image/jpeg",
".jpg" => "image/jpeg",
".png" => "image/png",
".gif" => "image/gif",
".xhtml" => "text/html",
".html" => "text/html",
".htm" => "text/html",
".dtd" => "text/xml",
".xml" => "text/xml",
".css" => "text/css",
".js" => "text/javascript",
".deb" => "application/x-deb",
".php" => "application/x-httpd-php",
"" => "text/plain",
)

NevD
Posts: 147
Joined: Tue Mar 11, 2014 12:22 am

Re: http authentication

Post by NevD » Sun Apr 13, 2014 3:48 am

jeanmarc

I have also run into this http authentication problem and unfortunately I do not understand your examples or where they should be placed.

It would appear that many have run into this problem searching the forums and they talk about deleting the htaccesstest.txt file....using the command "whereis" does not locate this file for me.
I am running apache2 on a debian system on raspberry pi.

Are you able to help please.

Neville

jeanmarc
Posts: 1867
Joined: Thu Aug 29, 2013 7:16 am

Re: http authentication

Post by jeanmarc » Sun Apr 13, 2014 7:02 am

Hi,

Well i can't really help you with Apache, i don't run it. My guess is that the config file is located as /etc/httpd/conf/httpd.conf or you may also use "find / -name 'httpd.conf'".

Apache require mod_auth, i thought it was enable on each version. It should have work out of the box, but that's not always the case actually.

"Whereis" search the binarie (executable) path, for aurora, sma-get, sma-spot..

123solar create for your convenience an .htpasswd in admin/ you may or may not use this one, you can use and configure another located .htpasswd for your whole webserver.

Walter62
Posts: 32
Joined: Thu Aug 29, 2013 11:40 am
Location: Italia
Contact:

Re: http authentication

Post by Walter62 » Sun Apr 13, 2014 7:23 am

Hi,
try, to solve the problem, with this changes:

Code: Select all

cd /etc/apache2/sites-available
nano default
Change:
AllowOverride None
with:
AllowOverride All
change all instance (3 rows), maybe is enough the firsts 2 row.

restart Apache:

Code: Select all

service apache2 restart
Good luck

Walter

NevD
Posts: 147
Joined: Tue Mar 11, 2014 12:22 am

Re: http authentication

Post by NevD » Sun Apr 13, 2014 7:48 am

Thanks very much it worked.

I first checked and found that auth_basic was enabled was not working so I enabled all auth* rebooted but still was not working, but editing the sites-available default and it worked after a reboot.

Neville

neumi
Posts: 4
Joined: Sun Jun 12, 2016 2:51 pm

Re: http authentication

Post by neumi » Sun Jun 12, 2016 4:37 pm

Hello,
jeanmarc wrote: Here some example for http authentication :
lighttpd (add "mod_auth" in module)

Code: Select all

# Authentication config
auth.debug             = 2
auth.backend            = "htpasswd"
auth.backend.htpasswd.userfile   = "/srv/http/config/.htpasswd"

auth.require = ( "/admin/" =>
(
"method" => "basic",
"realm" => "Private",
"require" => "valid-user"
)
)

Thank you, this was exactly I was looking for....
Adapted the path to "/var/www/123solar/" and now at least the Web-Access works... :-)

Next step is to adapt my existing "SMASpot" (incl. PVOutput-Upload) enviroment to feed 123solar (while keeping PVoutput-upload).... but that's anothet story... :)

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests