MythWeb SVN Ubuntu

From MythTV Official Wiki
Jump to: navigation, search

installing and configuring mythweb from svn

Ok if you are here, you should have built mythtv mythtvplugins and mythtvthemes and mythtv itself should be working however now you are tearing your hair out because you cannot get mythweb working. You are also running a version of ubuntu, hopefully that's gutsy but if it isn't this little guide should still apply.

Apache Configuration

first problem i had was with php its not enabled on apache2 by default if thats not working mythweb isn't going to work.

To test if php5 installed correctly

sudo gedit /var/www/test.php

Insert the following line into the new file

<?php phpinfo();?>

and save it

now lets test it, if your working locally then 127.0.0.1 in your web browser should show you a short index and you can see test.php (use the lan address of the pc if your accessing from another pc on your lan). click on test.php and one of two things will happen either a pretty webpage gets loaded or your browser tries to download the file test.php.

if you get the webpage congratulations your past this hurdle. if not lets fix that.

first make sure you have this installed from synaptic libapache2-mod-php5

sudo synaptic 

and look for libapache2-mod-php5 if its not installed then do so now

sudo /etc/init.d/apache2 restart

chances are test.php still will not work.

Debian, Ubuntu (Apache 2): file locations


 ServerRoot              ::      /etc/apache2
 DocumentRoot            ::      /var/www
 Apache Config Files     ::      /etc/apache2/apache2.conf
                         ::      /etc/apache2/ports.conf
 Default VHost Config    ::      /etc/apache2/sites-available/default, /etc/apache2/sites-enabled/000-default
 Module Locations        ::      /etc/apache2/mods-available, /etc/apache2/mods-enabled
 ErrorLog                ::      /var/log/apache2/error.log
 AccessLog               ::      /var/log/apache2/access.log
 cgi-bin                 ::      /usr/lib/cgi-bin
 binaries (apachectl)    ::      /usr/sbin
 start/stop              ::      /etc/init.d/apache2   
 (start|stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean)

This list is shamelessly lifted from http://wiki.apache.org/httpd/DistrosDefaultLayout

Take a look at the above list, its different on different distro's which is one of the reasons I am creating this page.

Module Locations        ::      /etc/apache2/mods-available, /etc/apache2/mods-enabled

Now this is where we must look for php. Debian has these two directories hopefully in /etc/apache2/mods-available you will see php5.load

easiest way to do this is with nautilus, type sudo nautilus in to a terminal and browse to mods-available can you see php5.load?

if so right click on it and select create shortcut, now click on that shortcut and select cut, move up to apache2 and select the directory mods-enabled, open that and select paste, you now have created a link to the php5.load file. rename the shortcut to php5.load and then exit nautilus

now

sudo /etc/init.d/apache2 restart

and go find test.php with your web-browser. clicking on it now should bring up a webpage congratulations you just enabled php in your apache webserver.

brief discussion

Debian decided this was an easy way to configure apache, in principle all modules exist within mods-available and all enabled mods will have a link in mods-enabled that points to the corresponding module in mods-available

so if there are other modules you need it seems in principle you need to install with synaptic and then once the module is in mods-available create a link to it in mods-enabled.

Theres two very similar folders sites-available and sites-enabled. I would hope that you can guess that this is pretty similar to the mods-available/ enabled folders. We may use this knowledge later...

Install Mythweb

cd ~/src/mythtv/mythplugins/mythweb
sudo cp -rp . /usr/share/mythtv/mythweb

sudo ln -s /usr/share/mythtv/mythweb /var/www

sudo chgrp www-data /usr/share/mythtv/mythweb/data
sudo chmod 775 /usr/share/mythtv/mythweb/data
sudo chmod +t /usr/share/mythtv/mythweb/data
ls -ld  /usr/share/mythtv/mythweb/data

sudo /etc/init.d/apache2 restart

The above may or may not work for you, for me it didn't and i switched to mythbuntu weekly builds.

Securing Mythweb/Apache2 in Ubuntu.

By default mythweb and Apache are completely open, which means port forward port 80 and your mythweb is accessible anywhere on the internet as long as you know what IP you have, mythweb can stream your recordings stream and make downloadable your music files and allow recordings to be scheduled from anywhere. It also leaves you vulnerable to having your recordings deleted and possibly prosecuted for file sharing. So it is very important to secure mythweb and apache before making it available on the net.

you might also consider using coral cache for access to maximise your upload stream. While it can't magically make streaming over the internet much better if you stream a flash version of a particular video file it may be possible to have two or more copies streaming via coral cache to two destinations. I think its only good for 12 hours. basically http://youriphere.nyud.net:8090/mythtv/mythtv.php should work.

it will also be quite insecure.

lets take a look at /etc/apache2/sites-available in here we have default and mythweb.conf lets look at default first

sudo nano default
   NameVirtualHost *
      <VirtualHost *>

        ServerAdmin webmaster@localhost

1:        DocumentRoot /var/www/
2:        <Directory />
3:                Options FollowSymLinks
4:                AllowOverride None
#I added the lines here to make it so a password is required for any web file i hope
5:                AuthType Basic
6:               AuthName "Authentication Required"
7:                AuthUserFile "/etc/apache2/.htpasswd"
8:                Require valid-user
9:                Order allow,deny
10:                Allow from all
#if this is correct only users named in .htpasswd can access the webserver

11;        </Directory>

default is the site set up by apache by default usually this will show a list of directories and one named default in default is a web page which when loaded says it works. if you install phpmyadmin this is installed here by default as well. This is very dangerous especially if your root password to mysql is blank you do not want any random webuser getting into this! between the 2 #lines are the lines which secure the default site.

http://httpd.apache.org/docs/2.0/programs/htpasswd.html
http://httpd.apache.org/docs/2.2/howto/auth.html
/usr/bin/htpasswd -c /etc/apache2/.htpasswd auser

This will create a new password file .htpasswd with a user called auser for which you will give a password

 /usr/bin/htpasswd /etc/apache2/.htpasswd buser 

This appends the user buser to the .htpasswd file you created and stores this user and password in that file.

honestly the usernames and passwords can be anything they do not need to be user names on your system, in fact don't use existing user names and passwords.

heres a brief run down of the lines i added

5: authtype basic #there are two types of authorisation basic or digest either work digest is more secure htpasswd generates passwords for basic authorisation. I don't know how to do digest so this will do for now

6:

7: this is important it contains the path to the username and password file for this particular site. you can use the same file for other sites or different ones. since the location is chosen by you there can be several maybe you want a password for you with access to everything and a seperate password for limited access to mythweb you can get this control here. by seperate password files you have the ability to segregate your site users

8: is a directive which does what it says requires a valid user

9: order allow, deny means the users you defined get access even if you had a seperate rule denying access say from an ip block or something.

10: Allow from all ensures all valid users can have access, you can limit it to particular users.

note that these commands are in a <directory> block

ok if you have added these lines into default and have the users and passwords created you now need to restart apache you will be blocked from entering the default site. you will not be blocked from entering mythweb thou. that is seen as a separate site with separate security.

if you edit mythweb.conf and paste in the security block from default mythweb will also be secured, there may be a line in that file saying auth digest if you # that line and restart apache then both sites are secured to an extent.

if you want you can change the path to the passwd file or its name and have 2 sets of users for default and mythweb. for me this still isn't ideal I want to have two versions of mythweb a safe read only one and a full access version I will write this later...