USER (see Who) use APACHE to browse the HTML catalogue and access archives. (For tips, you should maybe read this section first : see HTTP). APACHE is configured to query the SERVER (see Server) via the cgiClient (see cgiClient) CGI script.
The followings APACHE’s modules are enabled by MEDIATEX:
auth_digest
to cypher password (even if using HTTP).
authz_groupfile
to filter access to the catalogue, cache, extraction rules and GIT history.
autoindex
to display the cache’s content.
cgi
to call get.cgi and cgit.cgi scripts.
env
to use absolute paths into the HTML page’s headers and to retrieve the configuration of cgit.
include
SSI (server side includes) are used to reduce the size of the HTML catalogue.
rewrite
to force using HTTPS protocol (if wanted).
userdir
to access collection with a similar URL on every servers, by using the tilde (“~”).
setenvif
to provide switch to disable authentification, as cache’s .htaccess file must be generated by make.
ssl
to enable the HTTPS protocol.
They are left when mediatex software is removed, as they could still be in used for another purpose.
Process conceptual model:
# /etc/init.d/apache2 restart
from init-remove-purge (see init-remove-purge): re-configure APACHE.
# /etc/init.d/apache2 reload
from new-free-clean (see new-free-clean): make APACHE aware of new collection’s system groups it belongs to.
<http-get-query>
from USER: resulting from a click on an archive’s URL.
<http-post-query>
from USER: requesting the submitted HTML form to provide its eMAIL address, in order to be called back when archive will become available.
<http-get-file>
from USER: final request for a file available into the cache.
Manage USER’s queries generated by its internet browser and replies from cgiClient (see cgiClient).
<cgiClt-get-query>
<cgiClt-post-query>
to cgiClient (see cgiClient): forward the USER’s HTTP query.
<html-form>
(if archive is not available) ...
<html-redirect>
(if archive is available)
to USER: send back either a form asking for an eMAIL address, or a redirection link to the archive into one server’s cache.
The APACHE’s configuration files given bellow are generated by init-remove-purge (see init-remove-purge) and new-free-clean (see new-free-clean) scripts.
Alias /mediatex /var/cache/mediatex <Directory /var/cache/mediatex> Require all denied AllowOverride None </Directory>
<IfModule mod_userdir.c> <Directory /var/cache/mediatex/mdtx/public_html> # enable cgi for ~mdtx Options +ExecCGI +FollowSymLinks AddHandler cgi-script .cgi SetEnv CGIT_CONFIG /var/cache/mediatex/mdtx/cgitrc Require local Require all denied </Directory> <Directory /var/cache/mediatex/mdtx/home/mdtx-*/public_html> Require all granted AllowOverride All </Directory> </IfModule>
This file (and only this one) is generated by $ mediatex make [coll coll].
# fancy index for cache Options +Indexes SetEnv HOME /~mdtx-hello HeaderName /mediatex/mdtx/home/mdtx-hello/public_html/cacheHeader.shtml ReadmeName /mediatex/mdtx/home/mdtx-hello/public_html/footer.html # login/password Require env NO_AUTH Require group cache
The following files are shared into each collection by servers using GIT (they are symbolic links). For instance, the first lines of the above file let the PUBLISHER modify the security behaviours for all servers.
# uncomment to force https (no more http available) #SSLOptions +StrictRequire #SSLRequireSSL # uncomment to disable authentification #SetEnvIf Request_Protocol "^H" NO_AUTH # server side includes Options +Includes DirectoryIndex index.shtml # login/password AuthType Digest AuthName "mdtx-hello" AuthDigestProvider file AuthUserFile /etc/mediatex/mdtx-hello/apache2/htpasswd AuthGroupFile /etc/mediatex/mdtx-hello/apache2/htgroup
# login/password Require env NO_AUTH Require group index
# login/password Require env NO_AUTH Require group score
# enable cgi Options +ExecCGI +FollowSymLinks AddHandler cgi-script .cgi <Files get.cgi> # set log severity SetEnv MDTX_LOG_FACILITY local2 SetEnv MDTX_LOG_SEVERITY_MAIN info # login/password Require env NO_AUTH Require group index </Files> <Files cgit.cgi> # cgit configuration SetEnv CGIT_CONFIG ../../cgitrc # login/password Require env NO_AUTH Require group history </Files> <Files put.*> # login/password Require group upload </Files>
USER (see Who) logins and passwords are manage by the 2 files bellow.
A first entry is generated by the new-free-clean (see new-free-clean) script
using the server label as login (mdtx
by default) and
the password you provide.
index: mdtx, username1 cache: mdtx score: mdtx, username1 history: mdtx
mdtx:mdtx-COLL:75a895c47530b5177d8ba1616f49d648 username1:mdtx-COLL:855531b7d2e25b190c6d1da662da5f90
You may want to automate the encryption in order to add new users
(the htdigest
tool does not accept pipe redirection).
Simplest way is:
printf "username1:mdtx-COLL:yourPassword" | md5sum 855531b7d2e25b190c6d1da662da5f90 -
Code: