Department of Computing | Imperial College London |
Creating personal web pages |
These notes explain how DoC staff and students can make their web pages visible from the Departmental server. It refers to commands which should be run on departmental Linux systems.
DoC runs the Apache web server, version 2.2.6.
chmod a+x ~
Note: on directories the permissions set by the chmod
command are interpreted as follows:
r
= permission to get a directory listing
w
= permission to create and delete files in the directory
x
= permission to access files in the directory provided
the name of the files are known
mkdir public_html
chmod a+x public_html
index.html
within this directory
and make this readable by all:
cd public_html chmod a+r index.htmlThis will be your main personal web page.
chmod a+r filename
index.html
, will then be
visible around the world as the following URL:
http://www.doc.ic.ac.uk/~username/
The web server automatically maps URLs of the form
http://www.doc.ic.ac.uk/~username/
to the Unix filesystem path
/homes/username/public_html/index.html
.
http://www.doc.ic.ac.uk/~username/somefile.html
Again, the webserver automatically maps each such URL to the filesystem
path
/homes/username/public_html/somefile.html
.
All pages, and pages linked to, must be in the English language, non-political, legal, and must not bring the Department or the College into disrepute. Your home page must contain a link back to the Department's home page. Please make sure your page conforms to the usual computing regulations.
If you must edit plain HTML web pages on Windows, proceed as follows:
Once you have a public_html
folder you can save files to it
from Windows systems with the correct permissions in the following way:
Map network drive
.
\\fs-homes\public_html
Note the drive letter that the folder is allocated to and always save web pages to this location.
The reason for this is that the user files saved to your home directory
via the H: drive is private.
Files saved directly to the public_html
share are publically readable.
If you have web pages which you think should only be seen by people
within the Department of Computing, or even just particular groups
of users within DoC, this can be done by using the secure web server.
Create a file in this directory called
A convenient variation of the above is to allow
users using a computer within the department
(DoC IP addresses of the form
Notes:
To restrict access to staff only:
However, you can also protect files with password access with separate,
web-specific, passwords that you set yourself. This might be useful to
share secure access to a non-DoC person - because of course you should
never tell anyone a real DoC password (but you knew that, didn't you?).
To do this, the .htaccess file should contain something like:
The program will prompt you for the password twice and will add it to the file
(or create the file if you use -c).
You can link to the files using both http and https.
There is some more
documentation at the Apache web site.
Restricting pages to DoC only using the secure server
Restricting access to DoC staff and students only
public_html
directory,
eg. mkdir public_html/secure
.
chmod a+rx public_html/secure
.htaccess
(note that there is a dot at the beginning of the name of this file)
readable by all (chmod a+r .htaccess
)
containing the lines:
SSLrequireSSL
AuthType KerberosV5
AuthName "DoC Only"
require valid-user
satisfy all
This means that to gain access to the pages you put in this directory
the user will be prompted for their DoC Linux username and password
before they can gain access. On recent DoC Ubuntu Linux systems, if
you already have a Kerberos ticket [which you will if you've just logged
in fresh] then Firefox will use that instead of prompting you, but
secure authentication still occurs.
https://wwwhomes.doc.ic.ac.uk/~username/secure/page
"DoC Only"
is just a label for the password box.
Variation: Restricting pages to within DoC or to DoC users
146.169.X.Y
)
straight in without
authentication, while anyone using offsite computers will still be prompted
for their DoC Linux username and password before they can gain access.
.htaccess
file should contain the lines:
SSLrequireSSL
AuthType KerberosV5
AuthName "DoC Only"
order deny,allow
deny from all
allow from 146.169
require valid-user
satisfy any
https://wwwhomes.doc.ic.ac.uk/~username/secure/page
allow from 146.169
" constraint will only work as you
expect it to if you access wwwhomes directly; if you access your
page via https://www.doc.ic.ac.uk/~username/secure/page
,
the main web server will proxy the request onto wwwhomes
but then the request will always come from www
which is within 146.169.
order deny,allow
" constraint is now needed to do the
right thing, previous versions of Apache did not need this. A previous
version of this web page did not use this, so existing users may have
versions of the above without the order deny,allow
constraint
in; these will need editing.
Varation: Restricting access to particular DoC users or groups of users
Pages can also be set to only be accessible to particular users, or
to a Unix user group, by putting one or both of the following 'require'
lines in .htaccess instead of the above:
require user user1 user2 user3
require group groupname1 groupname2
require group doc-staff
Web-specific passwords
Up to now, all the secure authentication has been using DoC usernames
and DoC Linux (Kerberos) passwords. Frankly, we recommend this as it
makes sense within DoC.
AuthType basic
AuthName "Password Protected Area"
AuthUserFile /homes/your-username/protected/list
require user username
The AuthUserFile is a list of names and encrypted passwords. It should be
stored outside your public_html directory, and be publically readable.
To make a password file use the htpasswd program:
shell1% htpasswd --help
Usage: htpasswd [-c] passwordfile username
The -c flag creates a new file.
© CSG / Jan 2008 / help@doc.ic.ac.uk |