Please NOTE correction for port 443 (rather than 80) below in the port forwarding section of the HowTo: < > >> Hi, >> >> >> >> Using Ubuntu 10.04 LTS. >> >> >> >> I have an intranet server behind a NAT router. Very standard linksys >> >> router home setup. The server has a static IP. I used port forwarding >> in >> >> the router to use SSH and log into the server remotely - it works OK. >> >> >> >> I want no one outside my home network to access any webpages on the >> >> server unless they're authenticated.. I know I could port forward like >> >> with ssh but with http port 80 and then see webpages , but again this >> >> would open it up to anyone with my cable modem's IP - wouldn't it? >> >> >> >> I need a secure way like SSH that requires a password before anyone >> >> could access port 80 and http from the server from a remote network. >> >> >> >> How do I do this? And on the local network people can get served pages >> >> normally as usual. Just remote would need authentication. Must be >> >> commonly done(?) >> >> Here's your Step X Step How to: > > 0) Configure DNS and URI port forwarding: > > Setup a free DynDNS.org WebHop using something like > https://leegold.homelinux.org which allows you to use custom URI > forwarding with an alternate port so your friends don't have to use > something horrible like https://198.23.22.13:8001/secret/index.htm. > > 1) Setup port forwarding: > > Configure your router to port forward all port 8001 to port *443* on your > local 192.168.n.n NAT network. > > 2) Configure your Authentication on Apache2: > > On your Apache web server, add a .htaccess file to the subdirectory under > your DocumentRoot (example= /var/www/htdocs/secret) for authentication > following the Apache2 Howto: > > :: hacked-up excerpt:: > > Authentication example > > If you jumped directly to this part of the document to find out how to do > authentication, it is important to note one thing. There is a common > misconception that you are required to use .htaccess files in order to > implement password authentication. This is not the case. Putting > authentication directives in a section, in your main server > configuration file, is the preferred way to implement this, and .htaccessfiles should be used only if you don't have access to the main server > configuration file. See above for a discussion of when you should and should > not use .htaccess files. > > Having said that, if you still think you need to use a .htaccess file, you > may find that a configuration such as what follows may work for you. > > You must have "AllowOverride AuthConfig" in effect for these directives to > be honored. > > .htaccess file contents: > > AuthType Basic > AuthName "Password Required" > AuthUserFile /www/passwords/password.file > AuthGroupFile /www/passwords/group.file > Require Group admins > > Note that AllowOverride AuthConfig must be in effect (in your httpd.conf > or apache2.conf in /etc/apache2 or /etc/httpd [depending on your distro]) > for these directives to have any effect. > > Please see the authentication tutorialfor a more complete discussion of authentication and authorization. > > ::end hacked up excerpt:: > This should work like a charm for you. > NOTE: If you are currently only running a port 80 system, you can do this also via port 80 and not install https 443 with a self signed server signature, as that might confuse some people with browser warnings. Just substitute http for https in the first step and where we reference port 443, use port 80. Port 80 authentication behind a NAT network is probably not secure enough. *One word of warning: HTTP Basic Auth passwords pass in very nearly plain text over the network, and thus are extremely insecure.* https://help.ubuntu.com/10.04/serverguide/C/httpd.html ::excerpt:: HTTPS Configuration The *mod_ssl* module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar. The *mod_ssl* module is available in *apache2-common* package. Execute the following command from a terminal prompt to enable the *mod_ssl* module: *sudo a2enmod ssl* There is a default HTTPS configuration file in /etc/apache2/sites-available/default-ssl. In order for *Apache2* to provide HTTPS, a *certificate* and *key* file are also needed. The default HTTPS configuration will use a certificate and key generated by the *ssl-cert*package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server. For information on generating a key and obtaining a certificate see the section called “Certificates” To configure *Apache2* for HTTPS, enter the following: *sudo a2ensite default-ssl* [image: [Note]] The directories /etc/ssl/certs and /etc/ssl/private are the default locations. If you install the certificate and key in another directory make sure to change *SSLCertificateFile* and *SSLCertificateKeyFile*appropriately. With Apache2 now configured for HTTPS, restart the service to enable the new settings: *sudo /etc/init.d/apache2 restart* ::end excerpt:: *Hints from experience: Do not use a passphrase for your self signed certificate, since you would have to add an additional step so you don't have to manually add that phrase everytime you restart your server.* > > > >> SNIP >> >> > -- > (602) 791-8002 Android > (623) 239-3392 Skype > (623) 688-3392 Google Voice > ** > HomeSmartInternational.com > > > > > > > > > > > > > > > > On Thu, Jun 30, 2011 at 5:22 PM, wrote: -- (602) 791-8002 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** HomeSmartInternational.com