Bayar da UserDir da Kalmar wucewa Kare adiresoshin Yanar Gizo akan Zentyal Webserver - Sashe na 10


A kan mahallin masu amfani da yawa kamar Zentyal PDC Active DirectoryGudanar da sabar gidan yanar gizo na iya zama babban taimako, idan kuna son barin kowane mai amfani ya sami shafin yanar gizon sa na sirri wanda za'a iya gudanar da shi akan nasu gidajen.

Ana iya saita tsarin Webserver akan Zentyal 3.4 don kunna Users Public HTML kuma tare da taimakon wasu rubutun Linux BASH don samar da wani abun ciki a hankali don shafin yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon da kuma aika da masu amfani da bayanan da ake buƙata akan tambarin su zuwa yanki.

Hakanan Apache yana jigilar kaya na dogon lokaci tare da wani fasalin da ke da alaƙa da tsaro da aka isar da abun ciki kuma shine Password yana kare kundin adireshin gidan yanar gizo a ɗayan mafi sauƙi nau'ikan kawai ta amfani da .htaccessfayiloli da ƙirƙirar jerin masu amfani da ake buƙata don samun dama ga albarkatun, har ma da kare abun ciki na yanar gizo daga masu binciken injunan bincike.

  1. Zentyal Shigar Jagora
  2. Shigar da Sabis na Yanar Gizo (Apache) a cikin Sabar Zentyal

Mataki 1: Kunna Html Jama'a

1. Shiga zuwa Zentyal PDC Kayan aikin Admin Web ta amfani da https://zentyal_ip.

2. Kewaya zuwa Module Sabar Yanar Gizo -> duba Enable peer user public_html, danna maballin Change sannan Ajiye canje-canje .

3. Bude burauzar sai ka shiga URL ka shigar da wadannan: http://mydomain.com/~your_username.

Kamar yadda kuke gani Apache ba shi da izini don shiga kowane kundin adireshin mai amfani ko gidan mai amfani. Don gyara wannan ɗabi'a dole ne mu samar da www-data tare da izinin aiwatarwa akan kundin adireshin /gida/$USER sannan a ƙirƙiri babban fayil public_html ƙarƙashin hanyar masu amfani.

Don sauƙaƙa abubuwa kaɗan, za mu rubuta rubutun Linux Bash wanda zai ƙirƙira kundin adireshin public_html kuma yana ba da izini daidai ga duk masu amfani da tsarin, atomatik yana samar da shafukan yanar gizo na html ga kowa. masu amfani da ingantaccen tsarin gida da kuma wani rubutun, wannan lokacin rubutun Windows Bach, wanda zai danganta shi zuwa GPO na Tsohuwar domin kowane mai amfani za a sa shi da shafin yanar gizon sa na sirri bayan shiga tare da bayanan yanki daga b>Windowstsararru sun shiga cikin yanki.

4. Don kammala wannan aikin shiga cikin Zentyal Server ta amfani da Putty tare da asusun gudanarwa na Zentyal da aka kirkira akan tsarin shigarwa kuma ƙirƙirar rubutun farko ta amfani da editan rubutu da kuka fi so. Za mu sanya masa suna user-dir-creation.

# nano user-dir-creation

5. Ƙara abun cikin ƙasa akan rubutun user-dir-creation

#!/bin/bash

for i in `ls /home | grep -v samba| grep -v lost+found`;  do

        mkdir /home/$i/public_html

## Make world readable and executable, so that www-data can access it  ##

        chmod -R 755 /home/$i

      chgrp -R www-data /home/$i/public_html/

## Next code should be on a single line ##

echo "<html><body style='background-color:#2DC612'><div align='center'><p><H1 style='color:#fff'>Welcome user $i on <a style='color:#fff' href='https://mydomain.com'>`hostname -f` </a></H1></p></div></body></html>" > /home/$i/public_html/index.html

## List /home/$USER permissions and public_html perm optional ##

echo "......................."

ls -all /home/$i

echo "......................"

ls -all /home/$i/public_html

done;

6. Ajiye rubutun kuma ku sanya shi mai aiwatarwa sannan ku gudanar da shi tare da tushen gata.

# chmod +x user-dir-creation
# sudo ./user-dir-creation

7. Bude browser kuma ka nuna shi zuwa ga URL iri ɗaya kamar yadda yake a sama (duba batu na 3).

An ƙirƙiri littafin public_html kuma an samar da fayil ɗin html don duk masu amfani don haka yanzu duk sun mallaki shafin yanar gizon da aka keɓance (Wannan shafin gwaji ne mai sauƙi amma ka yi tunanin abin da za ku iya yi da wasu PHP). , MySQL ko CGI rubutun ).

8. Idan Zentyal 3.4 Server kuma shine Mai Gudanar da Domain Primary za mu iya sanya kowane shafin yanar gizon mai amfani don buɗewa ta atomatik a cikin burauzar lokacin da masu amfani suka shiga daga runduna ta Windows sun shiga cikin yanki.

Don kunna ta shiga cikin tsarin Windows da aka haɗa zuwa yanki kuma ƙirƙirar rubutun batch na windows mai suna “public_html.bat” ta amfani da Notepad tare da abun ciki mai zuwa.

explorer http://your_domain.tld/~%username%

Lura: Da fatan za a lura da ~ na musamman da kuma % username% wanda shine canjin yanayin windows.

9. Bude Zentyal Kayan aikin Gudanarwar Yanar Gizo (https://zentyal_IP) kuma je zuwa Yanki -> Abubuwan Manufofin Rukuni -> Tsoffin Manufofin yanki -> GPO Editan.

10. Danna Edit, gungura ƙasa zuwa Configuration User -> Ƙara Sabon Rubutun Logon, bincika hanyar da aka ƙirƙira rubutun ku kuma danna < b>ADD.

Barka da zuwa! Yanzu lokaci na gaba da ka shiga yankin mai bincike na tsoho zai buɗe wani keɓaɓɓen shafin yanar gizo mai alaƙa da sunan mai amfani.

Mataki na 2: Kalmar wucewa ta Kariyar Jagorar Yanar Gizo

Wannan ɓangaren yana buƙatar ƙarin tsari na ci gaba akan tsarin Apache wanda ba za a iya samun siffan Zentyal Web Interface amma kawai daga layin umarni da gyara wasu samfuri na Zentyal Apache.

Idan kayi ƙoƙarin gyara saitin Apache kai tsaye kamar yadda kuke yi akan sabar Linux duk abubuwan da aka yi za su ɓace saboda Zentyal yana amfani da wasu samfuran samfuran da ke sake rubuta kowane fayilolin sanyi na sabis bayan sake kunnawa ko sake kunna sabis.

Don a zahiri kare babban fayil ɗin gidan yanar gizo ta amfani da amincin Apache da yin canje-canje na dindindin AllowOverride umarni yana buƙatar gyara kuma auth_basic yana buƙatar lodawa kuma kunna shi akan sabar gidan yanar gizo na Apache. .

11. Don kunna duk saitunan da ake buƙata shiga ta hanyar layin umarni ta amfani da Putty akan Zentyal Server tare da asusun tushen.

12. Kunna auth_basic ta hanyar ba da umarni mai zuwa sannan kuma a sake kunna sabis na gidan yanar gizon zental.

# a2enmod auth_basic
# service zentyal webserver restart

13. Bayan an ɗora ma'auni shine lokacin da za a gyara Zentyal Apache Vhost samfuri da ke cikin /usr/share/zentyal/stubs/webserver/ hanya da saitin >Ba da izinin sokewa”.

Ajiye na farko vhost.mas fayil.

# cp /usr/share/zentyal/stubs/webserver/vhost.mas  /usr/share/zentyal/stubs/webserver/vhost.mas.bak

Sannan buɗe edita, kewaya ƙasa akan fayil kuma maye gurbin Babu da Duk akan layin umarni Ba da izini kamar a cikin hoton allo. .

14. Bayan kun gama gyara sake kunnawa Zentyal Webserver module don amfani da sabbin canje-canje.

# service zentyal webserver restart

Babban burin AllowOverride umarnin shine don canza saitunan Apache daga wasu fayiloli daban-daban fiye da waɗanda aka yi amfani da su a tushen Apache (/etc/apache2/) akan kowane hanya ta amfani da .htacess fayil.

15. Yanzu lokaci ya yi da za a ƙirƙiri wasu masu amfani waɗanda aka ba su izinin bincika kalmar sirri ta sirrin abun ciki na yanar gizo. Da farko muna buƙatar ƙirƙirar kundin adireshi da aka sanya a waje da hanyar yanki inda za a adana fayil ɗin .htpasswd da kiyaye shi.

# mkdir /srv/www/htpass
# chmod –R 750 /srv/www/htpass
# chgrp –R www-data /srv/www/htpass

16. Yanzu lokaci yayi da za a ƙirƙiri fayil ɗin .htpasswd kuma ƙara wasu masu amfani ta amfani da umarnin htpasswd. Lokacin da aka ƙirƙiri mai amfani na farko ƙara \–c (ƙirƙira) canjin umarni don ƙirƙirar fayil ɗin kuma ƙara mai amfani sannan shigar da tabbatar da kalmar wucewa ta mai amfani.

# htpasswd –c /srv/www/htpass/.htpasswd first_user
# htpasswd /srv/www/htpass/.htpasswd second_user

17. Yanzu an ƙirƙiri fayil ɗin .htpasswd kuma an ɓoye shi ta amfani da MD5 gishiri algorithm kuma kuna iya ƙara yawan masu amfani da ake buƙata don samun damar abun ciki na babban fayil ɗin yanar gizo kamar yadda ake buƙata.

18. Yanzu bari mu ɗauka cewa kuna son kare http://www.mydomain.com URL daga wasu masu amfani sannan waɗanda aka ƙirƙira akan fayil ɗin ku na htpasswd don samun damar shiga yankin. Don kunna wannan hali ƙirƙiri fayil .htaccess akan hanyar tsarin www.mydomain.com kuma ƙara abun ciki mai zuwa.

AuthType basic
AuthName “What ever message you want”
AuthBasicProvider file
AuthUserFile  /path/to/.htpassd file created
Require user  your_user1 user2 userN

Hakanan a tabbata cewa fayil ɗin .htacces yana da kariya ta kalmar da za a iya karantawa.

# nano /srv/www/www.mydomain.com/.htaccess
# chmod 750  /srv/www/www.mydomain.com/.htaccess
# chgrp www-data /srv/www/www.mydomain.com/.htaccess

Barka da zuwa! Yanzu kun sami nasarar kare kalmar sirri www.mydomain.com reshen yanki a gidan yanar gizon ku kuma za a sa masu amfani su shigar da bayanansu don samun damar abun cikin gidan yanar gizon.

Hakanan idan kuna son kare wasu yankuna ko yanki da aka ƙirƙira akan sabar ku tare da takaddun shaidar da aka ƙirƙira riga, kawai kwafi fayil ɗin .htaccess akan hanyar Apache na yanki kuma ku tabbata www-data > ya sami damar karantawa.

Tare da taimakon Apache Web Direcory Password Kare Za a iya ƙirƙira Zentyal Weberver tare da wasu ƙarin matakan tsaro kan fallasa mahimman bayanai da aka buga akan wuraren da ke cikin yankinku amma a shawarce ku cewa wannan hanyar tana kare kundayen adireshi ne kawai ba ana aika fayiloli da kalmomin shiga ba. a bayyane ta hanyar burauza don haka gwada amfani da ka'idar HTTPS don kare bayanan mai amfani don kutse.