[Thread Prev][Thread Next][Index]
Re: LAS Password Protection
Tony,
I have still some problems.
I made the authentication work, but when LAS tries to display the
output, it cannot access it: it returns error 401 !
I put the Authentication directives at the <Directory /> level.
and then, all files are password protected.
If I do as in your configuration (without a virtual host),
DocumentRoot $home/las/las_servlet/jakarta/webapps/
and Authentication directives at the DocumentRoot level,
with the <Files "*"> block
the password protection does not work...
In your configuration, why have you a virtual host? Is it necessary in
order to have password protected access?
What if I have only one IP address and only one Domain Name ? Can I have
still one actual and one virtual host ?
Thanks in advance for your answer
Jean-Marie
On Wed, 2005-03-23 at 16:53, Tony Jolibois wrote:
> Jean-Marie,
>
> Excuse me I didn't read the end of your mail !
> When you connect to an URL on the 8080 port, you usually connect the
> Tomcat server directly (default port of Tomcat), you don't use Apache
> in this case (default port of Apache is 80). Tomcat can be an http
> server (it is the case when you connect to port 8080), but it is safe
> to use Apache as the http server.
> So you must configure the communication between Tomcat and Apache.
> It's more simple with Apache 2 than Apache 1, see
> http://jakarta.apache.org/tomcat/connectors-doc/ to configure worker
> and mod_jk.
>
> First you configure your Tomcat : $tomcatHome/conf/server.xml, you
> define the port you want to use. Here 8180 for http, 8109 for
> Tomcat-Apache.
>
> See a part of server.xml :
>
> <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> port="8180" minProcessors="5" maxProcessors="75"
> enableLookups="true" redirectPort="8443"
> acceptCount="100" debug="0" connectionTimeout="20000"
> useURIValidationHack="false"
> disableUploadTimeout="true" />
> <!-- Note : To disable connection timeouts, set connectionTimeout
> value
> to 0 -->
>
>
>
> <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> port="8109" minProcessors="5" maxProcessors="75"
> enableLookups="true" redirectPort="8443"
> acceptCount="10" debug="0" connectionTimeout="0"
> useURIValidationHack="false"
>
> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
>
> If I connect on http://opendap.mercator-ocean.fr:8180/dodsC/ I will
> connect to Tomcat directly, no Apache.
>
> Then you configure workers.properties.
>
> See a part of my /etc/httpd/conf/workers2.properties
>
> [channel.socket:localhost:8109]
> port=8109
> host=127.0.0.1
>
> [ajp13:localhost:8109]
> channel=channel.socket:localhost:8109
>
> [uri:opendap.mercator-ocean.fr/*.jsp]
> worker=ajp13:localhost:8109
>
> [uri:opendap.mercator-ocean.fr/servlet/*]
> worker=ajp13:localhost:8109
>
> [uri:opendap.mercator-ocean.fr/thredds/*]
> worker=ajp13:localhost:8109
>
> [uri:opendap.mercator-ocean.fr/dodsC/*]
> worker=ajp13:localhost:8109
>
>
> With that when I connect to
> http://opendap.mercator-ocean.fr:8180/dodsC/ then Apache "know" that
> he must pass the job to Tomcat.
> But see the documentation on web site
> http://jakarta.apache.org/tomcat/connectors-doc/ because I'm not sure
> that I send all informations.
>
> Hope this help.
>
> Regards,
> Tony
>
> J-M Epitalon wrote:
> > Hi tony,
> >
> > I tried setting up a virtual host with the following lines:
> >
> > # Added for LAS server
> > NameVirtualHost *:8080
> > <VirtualHost *:8080>
> > DocumentRoot /usr/local/las/las_servlet/jakarta/webapps/
> > ServerName gascogne.cerfacs.fr:8080
> > ErrorLog logs/LAS-ui-error_log
> > CustomLog logs/LAS-ui-access_log common
> >
> > <Directory "/usr/local/las/las_servlet/jakarta/webapps/">
> > Options -Indexes
> > AllowOverride All
> > AuthType Basic
> > AuthName "Tout le site web"
> > AuthUserFile /usr/local/las/passwords
> > Require user discendo
> > </Directory>
> > </VirtualHost>
> >
> > This does not work. i.e. there is no password protection to the page
> > http:gascogne.cerfacs.fr:8080/las/servlets/dataset
> >
> > If I add the following line:
> > listen 0.0.0.0:8080
> >
> > then, the Apache server looks for an actual HTML page at this address
> > and returns
> > error 404: The requested URL /las/servlets/dataset was not found on this
> > server.
> >
> > I don't understand how Apache and Tomcat work together.
> > Where is the address /las/servlets/dataset translated to something like
> > /usr/local/las/las_servlet/jakarta/webapps ?
> >
> > Is Apache server transparent to any request coming on port 8080 ?
> >
> > I am lost
> > Jean-Marie
> >
> > On Wed, 2005-03-23 at 15:20, Tony Jolibois wrote:
> >
> > > Jean-Marie,
> > >
> > > I configured an Apache 2 with password protection, not for a LAS but
> > > you can apply this to any web site you want.
> > > I have several virtual host on the same server, the configuration of
> > > one of these is here (in /etc/httpd/conf/httpd.conf) :
> > >
> > > <VirtualHost opendap.mercator-ocean.fr>
> > > ServerAdmin webmaster@dummy-host.example.com
> > > DocumentRoot /data/mercat1
> > > DirectoryIndex index.html
> > > ServerName opendap.mercator-ocean.fr
> > > # ErrorLog logs/opendap.mercator-ocean.fr-error_log
> > > SetEnvIf Remote_Addr "62\.161\.32" dontlog
> > > SetEnvIf Remote_Addr "80\.245\.34" dontlog
> > > SetEnvIf Remote_Addr "10\.1" dontlog
> > > CustomLog logs/opendap.mercator-ocean.fr-access_log common
> > > Alias /data /data/commun
> > > Alias /conf /data/mercat1/tomcat/webapps/dodsC/data
> > >
> > > <Location /dodsC >
> > > AuthType Basic
> > > AllowOverride All
> > > AuthName "Opendap Mercator Access"
> > > AuthUserFile /etc/httpd/conf/users-opendap.mercator-ocean.fr
> > > Order allow,deny
> > > Allow from 127.0.0.1
> > > Require valid-user
> > > Satisfy any
> > > </Location>
> > >
> > > </VirtualHost>
> > >
> > > The file /etc/httpd/conf/users-opendap.mercator-ocean.fr has been
> > > created with the utility htpasswd of Apache.
> > >
> > > Then when someone try this URL :
> > > http://opendap.mercator-ocean.fr/dodsC/ you must enter login/passwd.
> > >
> > > Tony (with Y and not i :-)
> > >
> > > J-M Epitalon wrote:
> > >
> > > > Hi all,
> > > >
> > > > I also need to apply password protection to my LAS server.
> > > > I run Apache 2.0 and what said Toni does not apply exactly to me.
> > > >
> > > > I tried the following but it does not work.
> > > > <Directory $home/las/las_servlet/jakarta/webapps/ >
> > > > AuthType Basic
> > > > AuthName "Mersea Access "
> > > > AuthUserFile $home/users-valid
> > > > require valid-user
> > > > </Directory>
> > > >
> > > >
> > > > Before reading thru Apache and Tomcat documentation, I would like to
> > > > know if someone already set a password protection to a LAS based on
> > > > Apache 2.0
> > > >
> > > > Also I would like to understand this:
> > > > Is the Tomcat server using Apache as front end or is it serving HTML
> > > > pages by its own ?
> > > >
> > > > Please help.
> > > >
> > > > Jean-Marie
> > > >
> > > >
> > > > On Tue, 2005-02-08 at 18:15, Jonathan Callahan wrote:
> > > >
> > > >
> > > > > Toni Jolibois answers:
> > > > >
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > A response to the mail below.
> > > > > > I have a LAS configured with an http authentification :
> > > > > > http://las.mersea.eu.org.
> > > > > > Here is my Apache configuration (Warning : this is an Apache 1.3, I
> > > > > > don't know if the new Apache 2 which I recommend have the same
> > > > > > syntax for the configuration) :
> > > > > >
> > > > > > In the httpd.conf, I have a virtual host ($home is the path of the
> > > > > > mersea user, change it with the good one for you) :
> > > > > >
> > > > > > <VirtualHost las.mersea.eu.org>
> > > > > > ServerAdmin webmaster@mersea.eu.org
> > > > > > DocumentRoot $home/las/las_servlet/jakarta/webapps/
> > > > > > DirectoryIndex index.html
> > > > > > RedirectMatch /index.html /las/servlets/dataset
> > > > > > ServerName las.mersea.eu.org
> > > > > > ErrorLog logs/las.mersea.eu.org-error_log
> > > > > > CustomLog logs/las.mersea.eu.org-access_log common
> > > > > > ScriptAlias /las-bin/ $home/las/server/
> > > > > > Alias /las-output/ $home/las/server/output/
> > > > > > Include /etc/httpd/conf/mod_jk.conf-mersea
> > > > > > </VirtualHost>
> > > > > >
> > > > > > By default, this configuration file parse the access.conf placed in
> > > > > > the same directory, but you can put these lines into the httpd.conf.
> > > > > > Here is my access.conf :
> > > > > >
> > > > > > #
> > > > > > # This is the default file for the AccessConfig directive in
> > > > > > httpd.conf.
> > > > > > # It is processed after httpd.conf and srm.conf.
> > > > > > #
> > > > > > # To avoid confusion, it is recommended that you put all of your
> > > > > > # Apache server directives into the httpd.conf file and leave this
> > > > > > # one essentially empty.
> > > > > > #
> > > > > > <Directory $home/las/las_servlet/jakarta/webapps/ >
> > > > > > Options -Indexes
> > > > > > AllowOverride All
> > > > > > AuthType Basic
> > > > > > AuthName "Mersea Access "
> > > > > > AuthUserFile $home/users-valid
> > > > > > <Files "*">
> > > > > > require valid-user
> > > > > > </Files>
> > > > > > </Directory>
> > > > > >
> > > > > > I created the $home/users-valid with the Apache utility "htpasswd"
> > > > > > in order to have a user and an encrypted password.
> > > > > > Please see http://httpd.apache.org/docs/howto/auth.html for Apache
> > > > > > 1.3 and http://httpd.apache.org/docs-2.0/howto/auth.html for Apache
> > > > > > 2, all is explained.
> > > > > >
> > > > > > Note that there is an other way to configure http password for a
> > > > > > virtual host and not for a directory.
> > > > > >
> > > > > > If you have specific question please send me a mail.
> > > > > >
> > > > > > Regards,
> > > > > > Tony Jolibois
> > > > > >
> > > > > >
> > > > > benb wrote:
> > > > >
> > > > >
> > > > > > Hello All,
> > > > > >
> > > > > > To satisfy the data access policy for my project I need to require a logon to
> > > > > > my LAS site (anyone can get a password, we just need to keep track of everyone
> > > > > > that accesses the site). I saw "Adding password protection" in the FAQ at
> > > > > > http://ferret.pmel.noaa.gov/Ferret/LAS/FAQ/password_protection.htm but this
> > > > > > does
> > > > > > not work and seems to apply to version 5 and below. I'm running LAS 6.3. Can
> > > > > > anyone tell me how to achieve password protection with this version?
> > > > > >
> > > > > > The following is what I put in Apache httpd.conf (which doesn't work):
> > > > > >
> > > > > > -----
> > > > > > Alias /las "/usr/local/las/las/las_servlet/jakarta/webapps/las"
> > > > > > <Directory /usr/local/las/las/las_servlet/jakarta/webapps/las/>
> > > > > > AddHandler cgi-script .pl
> > > > > > Options +ExecCGI
> > > > > > AuthUserFile /usr/local/apache2/.auto_pass/.auto_pass.txt
> > > > > > AuthGroupFile /dev/null
> > > > > > AuthName 'WTF-CEOP members'
> > > > > > AuthType Basic
> > > > > > <Limit GET POST >
> > > > > > require valid-user
> > > > > > </Limit>
> > > > > > </Directory>
> > > > > > ------
> > > > > >
> > > > > >
> > > > > > Thank you,
> > > > > >
> > > > > > Ben
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> >
> >
[Thread Prev][Thread Next][Index]
Dept of Commerce /
NOAA /
OAR /
PMEL /
TMAP
Contact Us | Privacy Policy | Disclaimer | Accessibility Statement