I have bought a 500GB Mybook and discovered with this site that now i had a Linux server at home! all the tips here have been very useful for me and now i would like to bring my little contribution:
I found very nice the Lighttpd hack, but not usable over internet because not secure.
This is why i searched a different way to have a simple and secure web server activated on my mybook :
Objective :
- Activate a public web server on port 8080 (http + no authentication required).
- Activate a secure web server on port 443 (Https + authentication required).
- No modifications to the standard Admin Web site and minimum modification to the Mybook configuration
- manage web users via a simple web interface : https://mybook:3210 ( ScreenShot)
- Do not compile/install invasive tools on mybook : only copy a few files and change a few settings.(Manual install and manual uninstall must be possible)
- Allow download of large files over https
- Activate PHP
Description of my Network architecture on my Internet Router ( French freebox)
tcp Port 80 (http) is redirected to port 8080 on mybook ( used for Public Web access)
tcp port 443 (https) is opened and redirected to port 443 on mybook ( used for secure web access)
Web interface for access management ( configured on port 3210) is only available from home ( port 3210 is not opened to internet on my freebox).
You can create the user accounts that will be used by your friends to connect to your Mybook via the Web.
** The Web Feature Manager allows you to install components and features to your Mybook with a single click.**
The feature Manager 's allows to install some feature packs that would have been designed for the Mybook.
You can install a new feature pack, or generate a tar file for a feature pack you would have created yourself.
I am preparing other features pack that are not included in the basic installation : "Mybook Clone to clone your Mybook to a USB disk", "OpenVpn" … i hope that a lot of people will also propose some feature packs as it is so easy to create one …
Standard Mybook Web interface management (WD Shared Storage Manager) is only available from home (port 80 is not opened to internet on my freebox).
Gain Access to your Mybook
Activate SSH
The simplest/Safer/non invasive method is described here:
http://www.mybook-linux.co.nr/sshaccess.html
use the PUTTY tool to login via ssh.
1) Web Server Installation procedure
IMPORTANT : You do'nt want to brick your Mybook Do You?
then before you start, Reboot your Mybook and ensure that your ssh access is reliable.
IMPORTANT : This Fully automated installation procedure is NEW : 15/11/2008.
I tried to test every scenario i could imagine but if you have any issue, please tell me , i will be very reactive to help you :
TeinturMan.
As long as your ssh access is reliable, the installation is safe. (All the changes can be easily rolled back).
So please, reboot before you start…
Let's start now :
log in as root and type the following commands :
cd /shares/internal/PUBLIC
wget http://mybookworld.wikidot.com/local--files/web-server/webserver-setup.sh -O /shares/internal/PUBLIC/webserversetup.sh
sh /shares/internal/PUBLIC/webserversetup.sh
rm /shares/internal/PUBLIC/webserversetup.sh
Congratulations, you have finished the installation !
Do not reboot your Mybook until you have checked that everything works fine:
Access the web page using http://<MyBook>:8080/
you should see "Welcome World"
Connect to https://<Mybook>:3210 (user=admin, password=123456)
configure users that will have access to your secure Web site.
Connect to https://<Mybook> to access your secure web site (Use your newly created users to log in)
you should see "Welcome World - Secure"
2) Installing PHP Support
connect to https://<Mybook>:3210
click on the "Feature Manager" Link
click Web Server/PHP Support
click on the Install link for all proposed components in the displayed order…
(Note that this will install OPTWARE on your Mybook.)
( You should also go to the feature Manager and Fully configure OPTWARE installation, for future usage…)
Test the installation :
Create sample php files :
/shares/internal/PUBLIC/WWW/Welcome/index.php
and
/shares/internal/PUBLIC/WWW/Public/index.php
Containing the following line:
<?php phpinfo(); ?>
Browse to https://<MyBook-IP>/index.php : You should see all the information about the PHP installation.
Browse to http://<MyBook-IP>:8080/index.php : You should see all the information about the PHP installation.
4) Additional Ressources and Features of the webserver
- The Feature Packs main page : http://mybookworld.wikidot.com/featurepacks
- AccessBook : Remote access your files and share with your friends via Web + Lots More…
Use the Feature Manager to Activate AccessBook.
- Monitoring Your Temperature, Memory and CPU:
http://mybookworld.wikidot.com/mycheck-temp-mem-cpu-monitoring
- Turn Off your Mybook Leds?
http://mybookworld.wikidot.com/leds
TroubleShooting and feedback from other users
Be carefull, this tutorial will change the configuration of your Lighttpd web server.
Loosing the lighttpd web server AND the SSH access will definitively prevent you from accessing your mybook.
Before you do any modification, please reboot your Mybook and check that you can logon through ssh.
Perform the tutorial at once and do not do any other modification or reboot your Mybook until the standard Webif administration web site is working.
If you have a problem and you do not know what is happening, restore immediately the original configuration, restore the lighttpd.conf file using the following command:
cp /etc/lighttpd/lighttpd.conf.bak /etc/lighttpd/lighttpd.conf
If you have any questions please ask TeinturMan.
Uninstall the WebServer, to revert to standard configuration?
restore the lighttpd.conf file :
wget http://mybookworld.wikidot.com/local--files/web-server/lighttpd.conf.ori -O /etc/lighttpd/lighttpd.conf
then delete the /shares/internal/WWW folder…
Note that this will prevent any other hack using PHP or the Webserver to continue functionning…
Also note that this does not uninstall ipkg packages that may have been installed.
Check OPTWARE to see how to uninstall ipkg packages.
Frequently Asked Questions
- Question 1: (from erite)
hello,
Thanks for your very detailed instructions about setting up a web server.
I've followed them and it work well. But just on problem to do with the certificate server
When I bring up the link (https://<Mybook>) I get the severe warning message that the certificate server is not trusted nor recognised.
Can you tell me how to fix that?
- Answer 1:
Hello, This is the normal https behaviour : The certificate works correctly and all your traffic will be encrypted.
The message is a security warning from Microsoft saying that the certificate name does not fit your specific Mybook Name and
it has not been authenticated by a security company like VERISIGN.
You can ignore this popup by clicking "Yes continue, i trust this site"…( or something like that)…
In XP the message is less Alarming than in Vista where the message is very frightening…
Note that when you see this popup, you have the option to install the certificate on your computer… ,
if you do so, the popup will no longer be displayed on your computer…
but the popup will still be displayed if you connect from another computer…
Certificates ( pem file) must have 3 characteristics if you do not want this message :
- it must not have expired ( all certificate has an expiration date)
- it must have been generated with the url of your Mybook ( it is not the case of the provided pem file)
- it must be authenticated by a security company ( You will have to pay yearly for that ! ) and it is quite expensive…
==> without paying a "Official , Authenticated certificate", you cannot remove this security popup.
You can generate a new certificate if you want , following the following instructions :
1) install openssl package using optware ( on my mybook, it has been installed automatically when i have installed php support)
2) Launch the following command :
mkdir /usr/lib/ssl
cp /opt/share/openssl/openssl.cnf /usr/lib/ssl/openssl.cnf
cd /shares/internal/PUBLIC/WWW
/opt/bin/openssl req -new -x509 -keyout /shares/internal/PUBLIC/WWW/MyPrivateKey.pm -out /shares/internal/PUBLIC/WWW/MynewCertificate.pem -days 365 -nodes
it will ask several questions like country etc, ensure you enter the corresponding url of your Mybook.
Note that the generated MyNewCertificate.pem certificate will not be authenticated by any Security company
( you will have to pay for that), so the popup will still appear, but with only 1/3 security problem instead of 2/3 security problem…
- Question 2 ( from eppie)
Hello, I'm having trouble accessing my http://<Mybook>:8080 on FireFox. FireFox keeps trying to download a file 'which is a: application/octet-stream'
But when I use Explorer it works fine… any ideas?
- Answer 2
If you have updated ( ido'nt know how) the lighttpd version, this can occur.
in this case, edit the lighttpd.conf fileand search the following lines :
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".jpg" => "image/jpeg",
".png" => "image/png",
".gif" => "image/gif",
".css" => "text/css"
)
add inside the following line:
".htm" => "text/html",
if you need to enable opening of a different extension, just check on the following web page which is the correct line that you should Add…
http://trac.lighttpd.net/trac/wiki/mimetype.assignDetails
- Enjoy your Mybook and Web Server…
If you have any questions please ask TeinturMan.