I am currently testing CruiseControl + phpUnderControl for our PHP CI process and am stuck with a fairly simple question: is it possible to somehow restrict access to the web interface?
I cannot seem to find anything indicating this is possible, but I am probably overlooking something.
Why wouldn't Apache's mod_auth work?
Why don't you use mod_proxy ot redirect cruisecontrol's web interface through apache? then use apache auth. At phpexperts.pro, i have cruisecontrol listening on localhost:8080 and then i use mod_proxy like:
<VirtualHost *:80>
ServerName phpexperts.pro
<Location "/cruisecontrol/">
# Controls who can get stuff from this server.
Satisfy any
Order allow,deny
Allow from 127.0.0.1
AuthType Basic
AuthName "private"
AuthUserFile /var/www/phpexperts.pro/.htpasswd
AuthGroupFile /dev/null
Require valid-user
# Pass in CruiseControl's web interface.
ProxyPass http://localhost:8080/
ProxyPassReverse http://localhost:8080/
</Location>
</VirtualHost>
Related
I am migrating a svn server from CentOS 5 to a CentOS 7 Server.
What I did is very simple.
I have installed subversion and websvn with yum package manager.
I have followed following document to create svn dumps and to set up svn on CentOS 7:
https://www.vultr.com/docs/how-to-setup-an-apache-subversion-svn-server-on-centos-7
I configured config.php to point to /home/svn like so:
$config->parentPath('/home/svn')
I then configured a virtualhost for apache like so:
<Location /home/svn>
DAV svn
SVNParentPath /home/svn
SVNListParentPath on
AuthzSVNAccessFile /etc/subversion/svn-acl-conf
AuthType Basic
AuthBasicProvider ldap
# - Removed from Apache 2.4 and beyond
#AuthzLDAPAuthoritative off
AuthLDAPGroupAttributeIsDN off
AuthLDAPUrl <LDAPServer>cn=users,dc=<LDAPServer>,dc=rinis,dc=nl?uid
AuthName "SVN: Login met je gebruikersnaam en wachtwoord"
Require valid-user
</Location>
<VirtualHost *:80>
DocumentRoot /var/www/html/subversion.<domain>.nl
ServerAdmin admin#<domain>.nl
ServerName subversion.<domain>.nl
ServerSignature email
DirectoryIndex index.html index.htm index.shtml index.php
ErrorLog /var/log/httpd/subversion-error.log
CustomLog /var/log/httpd/subversion-access.log combined
</VirtualHost>
WebSVN is showing up, I have imported one repository to check if it's working, but the repository does not show.
I can't see what I am missing or doing wrong.
I solved it by granting correct (apache) rights to the repository directories.
Context: production server with SSL installed. Running apache server. PHP.
Problem: for an specific url like (for example: www.domain.com/whatever/edit/*) I want to ask users to use their certificate in order to authenticate them for an specific task.
I have read that this way of authentication is called two-way authentication SSL. I don't know whether I am right or not.
What I have tried on server configuration is the following
<VirtualHost _default_:433>
ServerAdmin webmaster#localhost
DocumentRoot /Applications/MAMP/htdocs/smartdataprotection/web/
Options FollowSymLinks
Options Indexes FollowSymLinks MultiViews
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /Applications/MAMP/htdocs/certificates/server.cer
SSLCertificateKeyFile /Applications/MAMP/htdocs/certificates/server.key
SSLOptions +StdEnvVars
# Below for 2 way ssl
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /Applications/MAMP/htdocs/certificates/ca.cer
What I would like to get is something similar to the following screen capture:
Thank you very much in advanced any help will be very welcome and highly appreciate.
Regards.
I think that you're missing SSLCipherSuite directive . In apache documentation:
This complex directive uses a colon-separated cipher-spec string
consisting of OpenSSL cipher specifications to configure the Cipher
Suite the client is permitted to negotiate in the SSL handshake phase.
Also normally you want to login in a site with certificate in specific location not directly in www.yourdomain.com, for example in a button link with goes to wwww.yourdomain.com/yourApp/loginCert so you have to configure <Location> inside the <VirtualHost>.
Finally check the file indicated in the SSLCACertificateFile directive, this file is a concatenation of CA certificates in a PEM format, which issues the certificates allowed to login in your site, if your certificate is not issued by one of the CAs inside this file they will be not showed up in the browser popup.
The configuration could looks like:
<VirtualHost _default_:433>
...
<Location /yourApp/loginCert>
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile conf/trustedCA.cer
SSLVerifyClient required
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>
Hope this helps,
This is driving me crazy. I have a Apache2 server with WebDAV enabled on my Debian Wheezy server. I can access it and read from it and it appears to be running correctly.
From my Windows 7 laptop I am running a software called NetDrive2 that mounts a network drive to my WebDAV folder so that I can access it with a drive letter.
Whenever I try to copy files from the Windows 7 laptop to my WebDAV drive, I sometimes get the error message:
Error 0x80070522: A required privilege is not held by the client."
The WebDAV folder has Basic AuthType and I have ofc provided correct user/pass. It is not SSL.
I have done some debugging myself and I am not sure, but it appears that I cannot create a folder that has the same name as a file in the same directory:
Folder:
- file.php
- file/ (cannot create this dir because file.php exists).
Anyone have any ideas? I am stuck!
OK so Googling further I finally found what was causing the problem. I cannot believe this is not mentioned in any tutorials out there.
This guy gave me the answer:
Apache Webdav, unable to create "test" folder when file test.txt exists
Basically, you have to add AllowOverride none, and Options None to your webdav directory.
This is my final configuration for my webdav host in Apache2:
Alias /devshed /home/www/sites/dev
Alias /devsheddav /home/www/sites/dev
<Directory /home/www/sites/dev/>
AllowOverride none
Order allow,deny
Allow from all
Options +Indexes +MultiViews
IndexOptions FancyIndexing
</Directory>
<Location /devshed>
DAV Off
Order allow,deny
Allow from all
AuthName "Pennybridge Devshed Web"
AuthType Basic
AuthUserFile /home/www/htaccess/sites/dev/dev.htpasswd
Require valid-user
</Location>
<Location /devsheddav>
DAV On
Options None
Order allow,deny
Allow from all
AuthName "Pennybridge Devshed WebDAV"
AuthType Basic
AuthUserFile /home/www/htaccess/sites/dev/dev.htpasswd
Require valid-user
php_flag engine off
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
DirectoryIndex disabled
</Location>
I have been searching around to see if there is a way I can mock SSL for local development using Laravel's artisan to serve HTTPS with no luck.
Is this possible and if so, how?
I understand this is a very general question, but I am not seeing anything on this in searches.
You can use ngrok for that
php artisan serve
cd <path-to-ngrok>
./ngrok http localhost:8000
https://ngrok.com/
Laravel uses the in-built PHP5.4 development server php -S (http://php.net/manual/en/features.commandline.webserver.php) for it's artisan serve command (see Illuminate\Foundation\Console\ServeCommand). This only supports plain HTTP, so no, this isn't possible. Your best bet would be to use a Vagrant box set up to work with SSL/TLS.
If you're using xampp, then you can setup HTTPS locally with xampp (this post is also useful for setting up HTTPS) and then you can:
move your project to htdocs folder and visit it with https://localhost/projectFolder/public/
or just create a special VirtualHost in httpd-vhosts.conf for this project (always point to that public folder, this is from where the project is running) and then visit it with https://localhost/ in this example (you can of course, run it on a subdomain if you want to)
<VirtualHost *:80>
ServerName localhost
DocumentRoot "c:\pathToYourProject\projectFolder\public"
<Directory "c:\pathToYourProject\projectFolder\public">
Options All
AllowOverride All
</Directory>
</VirtualHost>
# this should ensure https (this is mentioned in the stackoverflow post, that I linked as useful
<VirtualHost *:443>
ServerName localhost
DocumentRoot "c:\pathToYourProject\projectFolder\public"
SSLEngine on
SSLCertificateFile "conf\ssl.crt\server.crt"
SSLCertificateKeyFile "conf\ssl.key\server.key"
<Directory "c:\pathToYourProject\projectFolder\public">
Options All
AllowOverride All
</Directory>
</VirtualHost>
Theoretically, when you're using this method, you don't even need php artisan serve (tbh I'm not entirely sure if it has any purpose in this case).
Do I need to update my host file and apache httpd.conf files manually whenever I create a new zf project using command.
For ex: if my new project is zendi.
in host file:
127.0.0.1 localhost zendi
in httpd.conf:
NameVirtualHost 127.0.0.1
<VirtualHost 127.0.0.1>
DocumentRoot "C:\wamp\www"
ServerName localhost
</VirtualHost>
<VirtualHost 127.0.0.1>
DocumentRoot "C:\wamp\www\zendi\public"
ServerName zendi
ErrorLog "C:\wamp\logs\apache_error.log"
<Directory "C:\wamp\www\zendi\public" >
Options Indexes FollowSymLinks
AllowOverride all
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
If you are using PHP 5.4, then you can use the built-in web server, and you don't even need Apache.
http://php.net/manual/en/features.commandline.webserver.php
If you need to use virtual host for your newly created zf application then the answer is YES you need to configure it manually command line project creation doesn't configure it for you. But if you don't need to have virtual server for every application you create then you can skip the process and go with direct url:
localhost/zendi/public
(But it is often considered good practice to have virtual hosts configured for the projects that you'll be working for a while)