rutorrent is great. We all love it. If you have an internet facing web browser running rutorrent though, you don't want to leave it with no protection. Basic authentication can help. Basic authentication forces a user to enter a username/password pair before it will display the content for this page. In apache you can set it in your config file or in an .htaccess file. I'm going to cover config file settings.
Now, some of this is dependant on setup but regardless of setup, for apache and lighttpd you will need a file holding the username/password pairs. A great tool called htpasswd comes with apache which will generate these but you can also use this page http://www.engr.sjsu.edu/daluu/scripts/htpasswd.php
i personally prefer using the htpasswd program that comes with apache. You should keep your passwords somewhere outside of your webspace. Something like /etc/private/.htpasswd is fine. To create a new password file in this location for the user Joe you would do this:
Code:
htpasswd -c /etc/private/.htpasswd joeIf will then ask you to enter your password twice. if you look at the file it created in a text editor you'll see something like this:
Code:
Joe:bXk/vYyTxFA7s
You can add as many users to this file as you want. You can even use the same file for multiple locations by using a group file. I'll cover that in a bit.
To add a second user to the file, the command is similar, you just do not use the -c option. Let's add Milkweed to the file.
Code:
htpasswd /etc/private/.htpasswd Milkweed
if you look at it now, you'll notice it has both users
Code:
Jeff:bXk/vYyTxFA7s
Milkweed
1TR./g4T9Fqo
Password files by themselves don't help you any though. You need to add some code to your webserver config file in order to make use of it.
For apache, Let's say we want to protect /files in our webspace (http://your.ip.or.host/files ) you would add a directive like this to your config
Code:
<Location /files>
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /etc/private/.htpasswd
Require valid-user
</Location>
With this setup, any user you've added to the /etc/private/.htpasswd file will be able to access /files If you wanted to protect multiple areas you could set multiple password files. This works well for a small number, but if you wanted to maintain more than a few, i fine it much easier to use a htgroups file. It's setup is very similar, except you add a group file location and change the Require directive to Require group SOMEGROUP. In this way you can have multiple locations within your webspace, and easily maintain just 2 files, the .htpasswd file you know of, and a new .htgroups file
The format for a group file is very simple and can be handled with a text editor. Let's create our .htgroups file in the same dir we have our password file
(i use vi but you can use any editor you like)
Code:
vi /etc/private/.htgroupsthen we simply name the group, put a colon and then the members of the group. For a group called filedownloaders with members Jeff Bob and Chris we'd do this:
Code:
filedownloaders: Jeff Bob Chris
we can add another group, say, jeffrutorrent with members Jeff Admin and Joe simply by adding a second line to the group file, it would then look like this:
Code:
filedownloaders: Jeff Bob Chris
jeffrutorrent: Jeff Admin Joe So long as all these members exist in your .htpasswd file and you use the group directive, it will work fine. you can see how this would be pretty powerful when you have multiple locations you wish to protect. Back to our apache config. If jeff's rutorrent directory was /Jeff and files was /files our config would look like this:
Code:
<Location /files>
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /etc/private/.htpasswd
AuthGroupFile /etc/private/.htgroups
Require group filedownloaders
</Location>
<Location /Jeff>
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /etc/private/.htpasswd
AuthGroupFile /etc/private/.htgroups
Require group jeffrutorrent
now keep in mind, this is only the authentication part of the config, how you set up the actual webspace may vary from system to sytem. I personally find it easiest, when dealing with apache, to use an INCLUDES directory with mod_alias. This makes having several locations easy.
ok, moving on to lighttpd. Lighttpd is a great webserver that many people use....unfortunately, the config is much more complicated.
First, make sure the the authentication module is loaded in your config. look for the server modules block
Code:
server.modules = (and add or uncomment "mod_auth" if you have to add it in, make sure to add a comma after it unless it's the last item (in which case you'll need to add a comma to the module that WAS the last item) It may look something like this:
Code:
server.modules = (
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_rewrite",
"mod_auth"
)
now that you have your module added, you need to add soemthing like this to your config:
Code:
auth.debug = 2
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/private/.htpasswd"Then, using our original first example from apache, we'll add the section for http://your.ip/files
Code:
auth.require = ( "/files/" =>
(
"method" => "basic",
"realm" => "Private",
"require" => "valid-user"
)
)
Now, Like before, you may wish to have authentication on multiple locations. This is where things can get tricky in lighttpd. You can't just add a second block like you do in apache. you have to separate them with a comma all in the same section (at least this is the only way it's ever worked for me)
This is what it would look like if you wanted to set up 3 different folders with authentication, each with different users
Code:
auth.require = ( "/files/" =>
(
"method" => "basic",
"realm" => "private",
"require" => "user=Jeff|user=Bob|user=Chris"
),
"/Jeff" =>
(
"method" => "basic",
"realm" => "Jeff's Rutorrent",
"require" => "user=Jeff|user=Admin|user=Joe"
)
"/Joe/" =>
(
"method" => "basic",
"realm" => "Joe's Rutorrent",
"require" => "user=Joe|user=Admin"
)
)
For Cherokee, you can do everything with cherokee-admin. Cherokee-admin is GREAT. It is basically a webserver itself which helps you configure the cherokee server. I'm not going to get into how to start/connect to cherokee-admin, i'm going to assume you know how to do this, or know how to find out. With cherokee admin, you can use multiple forms of authentication but because we've been dealing with basic authentication, i'll stay on subject.
To add authentication, browse over to Virtual Servers, pick the virtual server you are using (probably default unless you've set up another) and select Behavior
now, in I'll assume you've already set up a directory which you want to protect, but you can also apply this to one of your scgi mounts, anyways, select the path/item you wish to add authentication to from the Target section. For this example i'll use the SCGI mount for rtorrent because i already have one setup, and it's easier for me.
Then select the SECURITY tab
When you click it, you'll notice a lot of options. We've been using htpasswd files for everything else, so first, let's do the same here.
It's pretty self explanatory, but heres another screenshot showing how it should look.
What's cool though, is with cherokee, you don't even have to use a htpasswd file at all! you can select Fixed List from the Methods tab and add user/password pairs like so:
anyways, I hope this helps someone. If you have any questions let me know.
Now, some of this is dependant on setup but regardless of setup, for apache and lighttpd you will need a file holding the username/password pairs. A great tool called htpasswd comes with apache which will generate these but you can also use this page http://www.engr.sjsu.edu/daluu/scripts/htpasswd.php
i personally prefer using the htpasswd program that comes with apache. You should keep your passwords somewhere outside of your webspace. Something like /etc/private/.htpasswd is fine. To create a new password file in this location for the user Joe you would do this:
Code:
htpasswd -c /etc/private/.htpasswd joeIf will then ask you to enter your password twice. if you look at the file it created in a text editor you'll see something like this:
Code:
Joe:bXk/vYyTxFA7s
You can add as many users to this file as you want. You can even use the same file for multiple locations by using a group file. I'll cover that in a bit.
To add a second user to the file, the command is similar, you just do not use the -c option. Let's add Milkweed to the file.
Code:
htpasswd /etc/private/.htpasswd Milkweed
if you look at it now, you'll notice it has both users
Code:
Jeff:bXk/vYyTxFA7s
Milkweed
1TR./g4T9FqoPassword files by themselves don't help you any though. You need to add some code to your webserver config file in order to make use of it.
For apache, Let's say we want to protect /files in our webspace (http://your.ip.or.host/files ) you would add a directive like this to your config
Code:
<Location /files>
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /etc/private/.htpasswd
Require valid-user
</Location>
With this setup, any user you've added to the /etc/private/.htpasswd file will be able to access /files If you wanted to protect multiple areas you could set multiple password files. This works well for a small number, but if you wanted to maintain more than a few, i fine it much easier to use a htgroups file. It's setup is very similar, except you add a group file location and change the Require directive to Require group SOMEGROUP. In this way you can have multiple locations within your webspace, and easily maintain just 2 files, the .htpasswd file you know of, and a new .htgroups file
The format for a group file is very simple and can be handled with a text editor. Let's create our .htgroups file in the same dir we have our password file
(i use vi but you can use any editor you like)
Code:
vi /etc/private/.htgroupsthen we simply name the group, put a colon and then the members of the group. For a group called filedownloaders with members Jeff Bob and Chris we'd do this:
Code:
filedownloaders: Jeff Bob Chris
we can add another group, say, jeffrutorrent with members Jeff Admin and Joe simply by adding a second line to the group file, it would then look like this:
Code:
filedownloaders: Jeff Bob Chris
jeffrutorrent: Jeff Admin Joe So long as all these members exist in your .htpasswd file and you use the group directive, it will work fine. you can see how this would be pretty powerful when you have multiple locations you wish to protect. Back to our apache config. If jeff's rutorrent directory was /Jeff and files was /files our config would look like this:
Code:
<Location /files>
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /etc/private/.htpasswd
AuthGroupFile /etc/private/.htgroups
Require group filedownloaders
</Location>
<Location /Jeff>
AuthName "Private"
AuthType Basic
AuthBasicProvider file
AuthUserFile /etc/private/.htpasswd
AuthGroupFile /etc/private/.htgroups
Require group jeffrutorrent
now keep in mind, this is only the authentication part of the config, how you set up the actual webspace may vary from system to sytem. I personally find it easiest, when dealing with apache, to use an INCLUDES directory with mod_alias. This makes having several locations easy.
ok, moving on to lighttpd. Lighttpd is a great webserver that many people use....unfortunately, the config is much more complicated.
First, make sure the the authentication module is loaded in your config. look for the server modules block
Code:
server.modules = (and add or uncomment "mod_auth" if you have to add it in, make sure to add a comma after it unless it's the last item (in which case you'll need to add a comma to the module that WAS the last item) It may look something like this:
Code:
server.modules = (
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_rewrite",
"mod_auth"
)
now that you have your module added, you need to add soemthing like this to your config:
Code:
auth.debug = 2
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/private/.htpasswd"Then, using our original first example from apache, we'll add the section for http://your.ip/files
Code:
auth.require = ( "/files/" =>
(
"method" => "basic",
"realm" => "Private",
"require" => "valid-user"
)
)
Now, Like before, you may wish to have authentication on multiple locations. This is where things can get tricky in lighttpd. You can't just add a second block like you do in apache. you have to separate them with a comma all in the same section (at least this is the only way it's ever worked for me)
This is what it would look like if you wanted to set up 3 different folders with authentication, each with different users
Code:
auth.require = ( "/files/" =>
(
"method" => "basic",
"realm" => "private",
"require" => "user=Jeff|user=Bob|user=Chris"
),
"/Jeff" =>
(
"method" => "basic",
"realm" => "Jeff's Rutorrent",
"require" => "user=Jeff|user=Admin|user=Joe"
)
"/Joe/" =>
(
"method" => "basic",
"realm" => "Joe's Rutorrent",
"require" => "user=Joe|user=Admin"
)
)
For Cherokee, you can do everything with cherokee-admin. Cherokee-admin is GREAT. It is basically a webserver itself which helps you configure the cherokee server. I'm not going to get into how to start/connect to cherokee-admin, i'm going to assume you know how to do this, or know how to find out. With cherokee admin, you can use multiple forms of authentication but because we've been dealing with basic authentication, i'll stay on subject.
To add authentication, browse over to Virtual Servers, pick the virtual server you are using (probably default unless you've set up another) and select Behavior
now, in I'll assume you've already set up a directory which you want to protect, but you can also apply this to one of your scgi mounts, anyways, select the path/item you wish to add authentication to from the Target section. For this example i'll use the SCGI mount for rtorrent because i already have one setup, and it's easier for me.
Then select the SECURITY tab
When you click it, you'll notice a lot of options. We've been using htpasswd files for everything else, so first, let's do the same here.
It's pretty self explanatory, but heres another screenshot showing how it should look.
What's cool though, is with cherokee, you don't even have to use a htpasswd file at all! you can select Fixed List from the Methods tab and add user/password pairs like so:
anyways, I hope this helps someone. If you have any questions let me know.