5.1.2 Apache

USER (see Who) use APACHE to browse the HTML catalogue and access archives. (For tips, you should maybe read this section first : see HTTP). APACHE is configured to query the SERVER (see Server) via the cgiClient (see cgiClient) CGI script.

The followings APACHE’s modules are enabled by MEDIATEX:

auth_digest

to cypher password (even if using HTTP).

authz_groupfile

to filter access to the catalogue, cache, extraction rules and GIT history.

autoindex

to display the cache’s content.

cgi

to call get.cgi and cgit.cgi scripts.

env

to use absolute paths into the HTML page’s headers and to retrieve the configuration of cgit.

include

SSI (server side includes) are used to reduce the size of the HTML catalogue.

rewrite

to force using HTTPS protocol (if wanted).

userdir

to access collection with a similar URL on every servers, by using the tilde (“~”).

setenvif

to provide switch to disable authentification, as cache’s .htaccess file must be generated by make.

ssl

to enable the HTTPS protocol.

They are left when mediatex software is removed, as they could still be in used for another purpose.

Process conceptual model:

• Events in

  # /etc/init.d/apache2 restart

  from init-remove-purge (see init-remove-purge): re-configure APACHE.

  # /etc/init.d/apache2 reload

  from new-free-clean (see new-free-clean): make APACHE aware of new collection’s system groups it belongs to.

  <http-get-query>

  from USER: resulting from a click on an archive’s URL.

  <http-post-query>

  from USER: requesting the submitted HTML form to provide its eMAIL address, in order to be called back when archive will become available.

  <http-get-file>

  from USER: final request for a file available into the cache.

• Processing

  Manage USER’s queries generated by its internet browser and replies from cgiClient (see cgiClient).

• Events out

  <cgiClt-get-query>

  <cgiClt-post-query>

  to cgiClient (see cgiClient): forward the USER’s HTTP query.

  <html-form>

  (if archive is not available) ...

  <html-redirect>

  (if archive is available)
  to USER: send back either a form asking for an eMAIL address, or a redirection link to the archive into one server’s cache.

  The APACHE’s configuration files given bellow are generated by init-remove-purge (see init-remove-purge) and new-free-clean (see new-free-clean) scripts.

• Data in

  /etc/apache2/conf-available/mediatex.conf

  Alias /mediatex /var/cache/mediatex
  <Directory /var/cache/mediatex>
  	Require all denied
  	AllowOverride None
  </Directory>
  

  /etc/apache2/conf-available/mediatex-mdtx.conf

  <IfModule mod_userdir.c>
  	<Directory /var/cache/mediatex/mdtx/public_html>
  		# enable cgi for ~mdtx
  		Options +ExecCGI +FollowSymLinks
  		AddHandler cgi-script .cgi
  		SetEnv CGIT_CONFIG /var/cache/mediatex/mdtx/cgitrc
  		Require local
  		Require all denied
  	</Directory>
  	<Directory /var/cache/mediatex/mdtx/home/mdtx-*/public_html>
  		Require all granted
  		AllowOverride All
  	</Directory>
  </IfModule>
  

  This file (and only this one) is generated by $ mediatex make [coll coll].

  ~mdtx-COLL/public_html/cache/.htaccess

  # fancy index for cache
  Options +Indexes
  SetEnv HOME /~mdtx-hello
  HeaderName /mediatex/mdtx/home/mdtx-hello/public_html/cacheHeader.shtml
  ReadmeName /mediatex/mdtx/home/mdtx-hello/public_html/footer.html
  
  # login/password
  Require env NO_AUTH
  Require group cache
  

  The following files are shared into each collection by servers using GIT (they are symbolic links). For instance, the first lines of the above file let the PUBLISHER modify the security behaviours for all servers.

  ~mdtx-COLL/public_html/.htaccess

  # uncomment to force https (no more http available)
  #SSLOptions +StrictRequire
  #SSLRequireSSL
  
  # uncomment to disable authentification
  #SetEnvIf Request_Protocol "^H" NO_AUTH
  
  # server side includes
  Options +Includes
  DirectoryIndex index.shtml
  
  # login/password
  AuthType Digest
  AuthName "mdtx-hello"
  AuthDigestProvider file
  AuthUserFile  /etc/mediatex/mdtx-hello/apache2/htpasswd
  AuthGroupFile /etc/mediatex/mdtx-hello/apache2/htgroup
  

  ~mdtx-COLL/public_html/index/.htaccess

  # login/password
  Require env NO_AUTH
  Require group index
  

  ~mdtx-COLL/public_html/score/.htaccess

  # login/password
  Require env NO_AUTH
  Require group score
  

  ~mdtx-COLL/public_html/cgi/.htaccess

  # enable cgi
  Options +ExecCGI +FollowSymLinks
  AddHandler cgi-script .cgi
  
  <Files get.cgi>
         # set log severity
         SetEnv MDTX_LOG_FACILITY local2
         SetEnv MDTX_LOG_SEVERITY_MAIN info
  
         # login/password
         Require env NO_AUTH
         Require group index
  </Files>
  
  <Files cgit.cgi>
         # cgit configuration
         SetEnv CGIT_CONFIG ../../cgitrc
  
         # login/password
         Require env NO_AUTH
         Require group history
  </Files>
  
  <Files put.*>
         # login/password
         Require group upload
  </Files>
  

  USER (see Who) logins and passwords are manage by the 2 files bellow. A first entry is generated by the new-free-clean (see new-free-clean) script using the server label as login (mdtx by default) and the password you provide.

  /etc/mediatex/mdtx-COLL/apache2/htgroup

  index: mdtx, username1
  cache: mdtx
  score: mdtx, username1
  history: mdtx
  

  • “index” section is the descriptive catalog.
  • “cache” section gives access to the archive files.
  • “score” section details the extraction meta-data. It provides scores for archives, servers and the whole collection.
  • “version” section shows the history of meta-data.
  • optional “upload” section provides a form to add archives.

  /etc/mediatex/mdtx-COLL/apache2/htpasswd

  mdtx:mdtx-COLL:75a895c47530b5177d8ba1616f49d648
  username1:mdtx-COLL:855531b7d2e25b190c6d1da662da5f90
  

You may want to automate the encryption in order to add new users (the htdigest tool does not accept pipe redirection). Simplest way is:

printf "username1:mdtx-COLL:yourPassword" | md5sum
855531b7d2e25b190c6d1da662da5f90  -

Code:

scripts/libs/htdocs.sh