Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: Smitro on October 02, 2006, 02:17:36 PM

Title: User-Manager Open to the World
Post by: Smitro on October 02, 2006, 02:17:36 PM

Hi all,

Is there a way to make User-Manager (https://server-name/user-manager/) accessable to the world?

There is posts on this, but those posts indicate adding 0.0.0.0 as a local network, thus making the server thing the whole world is a local network. I don't want to risk this security. I don't want to make my Server-Manager open. I want user-manager only.

This has been done in version 6 there was an upgrade/contrib for horde that did this. It added it in as an option in Horde. Over 80% of my users are external, and they are not expert enough to use putty to tunnel (yes I know how to, but they don't).

I know a little about Apache, so I might be able to figure this out and help others, just need to know where to start looking.

Can anyone help?

Title: User-Manager Open to the World
Post by: egerards on October 02, 2006, 03:28:05 PM

A way to achieve this would be the following:

- Edit /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92ProxyPassUser
- Locate the block:

Code: [Select]

ProxyPass /user-manager http://127.0.0.1:980/user-manager/
<Location /user-manager>
    SSLRequireSSL
    order deny,allow
    deny from all
    allow from $localAccess $externalSSLAccess
</Location>

and remove the lines:

Code: [Select]

   order deny,allow
    deny from all
    allow from $localAccess $externalSSLAccess
- Execute /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf and restart the webserver.

A more neat way would be to create a custom-template, but I'm not quite sure how such a custom-template should look like.

Title: User-Manager Open to the World
Post by: mmccarn on October 02, 2006, 04:21:04 PM

To use a custom template, just copy the original template to the corresponding folder under templates-custom, and edit it there.  If there is a custom template with the same name as a regular template, the custom template wins.

Code: [Select]


mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92ProxyPassUser .

vi 92ProxyPassUser

(make the changes suggested by egerards)

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

/etc/init.d/httpd-e-smith restart
/etc/init.d/httpd-admin restart
(Note the "." at the end of the "cp" command, telling cp where to put the copy)

Title: User-Manager Open to the World
Post by: Smitro on October 04, 2006, 12:31:01 AM

Thanks this worked perfectly. :D

Only recommendation I would make is to use "pico" for the text editor instead of "vi" much easier to use. But that's just a personal preference (after spending about 15 mins just trying to work out how to exit)

Title: User-Manager Open to the World
Post by: mmccarn on October 04, 2006, 12:40:37 AM

Quote

vi 92ProxyPassUser

would become pico -w 92ProxyPassUser

The "-w" is important, and keeps pico from automatically wrapping long lines when you past them in...

Title: User-Manager Open to the World
Post by: Smitro on October 04, 2006, 06:56:40 AM

Thanks, I didn't realise it wrapped. Much appricated.

Title: User-Manager Open to the World
Post by: stephen noble on November 01, 2006, 12:53:14 PM

there is a db setting

http://www.dungog.net/sme/changelog/smeserver-userpanel-0.9-9.noarch.rpm.txt

* Fri Feb 11 2005 Stephen Noble <support@dungog.net>

- allow remote access to /user, with alt IP range from /server-manager access
-  /sbin/e-smith/db configuration set httpd-user 188.122.45.122
-  /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
-  /etc/rc.d/init.d/httpd-e-smith restart
-  see also /sbin/e-smith/db configuration show httpd-admin for format
- [1.6.5-1]

Title: User-Manager Open to the World
Post by: Smitro on March 31, 2007, 01:36:04 AM

snoble,

Is there a way, that will enable my users to be on any IP address login to user manager over https. I have only local 2 users they rest are external and I'd prefer they changed their passwords themselves.

Something like this:
/sbin/e-smith/db configuration set httpd-user 0.0.0.0

But would this change access for the server manager?
if so, is there a way of keeping these separate?

Title: User-Manager Open to the World
Post by: stephen noble on March 31, 2007, 02:47:04 AM

httpd-user stopped working with the most recent change
it is not longer separate from the server-manager
check before and after httpd.conf if you want to try to get it to work again

and i think userpasswords has a bug at the moment
both regular and user-manager versions

Title: User-Manager Open to the World
Post by: Smitro on March 31, 2007, 04:03:34 AM

Quote

check before and after httpd.conf if you want to try to get it to work again

Do you mean using the method above first?

The Method above doesn't work any more, the templates have been changed around a bit since then. I've been looking through the template files and I'm not sure which one it would be that I should change. Maybe it's best if I wait till the bugs are ironed out..?

Title: User-Manager Open to the World
Post by: stephen noble on March 31, 2007, 06:07:37 AM

yes, if you can work around your problems

the most relevant is bug
http://bugs.contribs.org/show_bug.cgi?id=2455