Securing MythWeb

From MythTV Official Wiki
Revision as of 21:54, 18 November 2005 by 66.56.208.117 (Edit performed by mwstuffer.pl)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Securing Myth Web

This assumes you have decided to open your web server to the internet, and now you need to secure it. Below I will guide you through setting up simple authentication. See the Apache documentation for more specifics, and for more complicated and secure methods.

This assumes Fedora Core 3, with Myth Web is installed in the default path /var/www/html/mythweb

Note: There are a number of ways this can be done; this is how I choose to do it.

We will start with creating an Apache password file. I put this in /usr/local/sbin, as I back up this directory every night to one of my other systems. Another good location may be /etc 

htpasswd -c /usr/local/sbin/httpd-passwords MYUSER1

Create additional users as needed: 

htpasswd /usr/local/sbin/httpd-passwords MYUSER2

Please make sure you DO NOT use the -c after the initial user, as this will overwrite the file and start from scratch.

Modify ownership of the file as follows: 

chown apache.apache /usr/local/sbin/httpd-passwords
chmod 640 /usr/local/sbin/httpd-passwords

Now edit /etc/httpd/conf/httpd.conf, and add the following section: 

<Directory "/var/www/html/mythweb">
    Options Indexes [[Follow Sym Links]]
    [[Auth Type]] Basic
    [[Auth Name]] "MythTV"
    [[Auth User File]] /usr/local/sbin/httpd-passwords
    Require user MYUSER1 MYUSER2 MYUSER3
    Order allow,deny
    Allow from all
</Directory>

Modify the password file location and required users per your needs.

If you have created a link from your music storage area to /var/www/html/mythweb/music, you can add the following to separately secure web access to this: 

#[[Myth Web]] music configuration
<Directory "/var/www/html/mythweb/music">
    Options Indexes [[Follow Sym Links]]
    [[Auth Type]] Basic
    [[Auth Name]] "MythTV-Music"
    [[Auth User File]] /usr/local/sbin/httpd-passwords
    Require user MYUSER4 MYUSER5
    Order allow,deny
    Allow from all
</Directory>

Again, tailor your password file and users to your needs. You can even use separate password files if you wish!


Now restart Apache, and you're done: 

service httpd restart

(this may be different on your distro)


You can do a lot more with these configuration sections, such as secure by ip address, and more. Please see the Apache docs for more at http://httpd.apache.org/docs-2.0/howto/auth.html

Questions: email me at johanreinalda at yahoo dot com. Preferred is an email to Myth Users list, however. Here's the configuration I used to allow users on my LAN to access Myth Web without a password, and require outside users to authenticate via pw 

<Directory "/var/www/html/mythweb">
  Options Indexes [[Follow Sym Links]]
  [[Auth Type]] Basic
  [[Auth Name]] "MythTV"
  [[Auth User File]] /etc/passwords
  Require valid-user
  Order allow,deny
  Allow from 192.168.1.
  Satisfy any
</Directory>

JJHayesIII at hotmail dot com Category How To

Retrieved from "http://www.mythtv.org/wiki?title=Securing_MythWeb&oldid=4098"