Topic: [ANNOUNCE] smeserver-backuppc-3.0-0

[Jabka]

Regarding EXTERNAL SSL access to the BackupPC 3.0 web interface: 

I played around with the custom template for 99BackupPC as indicated by Daniel (VIP-ire), trying to understand what it does. I'm at best making an uneducated guess, but for me, when I changed the "allow from" directive to "all" for BOTH /images AND /cgi-bin, external access to https://servername.domain.tld/backuppc is allowed for all SME users in the system. HTTP gets redirected properly to HTTPS as well. Thank you Daniel for getting me 99% of the way there!

Please DO NOT follow the directions below without first consulting someone who knows what this might do to your overall system security. I personally HAVE NO IDEA what serious ramifications occur when you do this. Seriously, don't do this just because it works for me:

1. Get to your server's command-line interface locally, via putty, etc. and login as root. You're going to make a directory to store a new custom template then copy the original BackupPC template there. Issue the following commands:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
cp -a /etc/e-smith/templates/etc/httpd/conf/httpd.conf/99BackupPC /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
2. Use your favorite editor to modify the new custom template for 99BackupPC. In this example, we'll use pico:

Code: [Select]

pico -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99BackupPC
3. Modify the template so it looks like this. Unless you've made other modifications, the only differences from what you already have are in the lines that start "allow from...". They get changed to "allow from all". You can also edit the line begining with "AuthName" to reflect the server's name, your company name, etc. This AuthName shows up in the authentication dialog box users see when they attempt to access the web interface. Here's what it should look like once you're done editing:

Code: [Select]

ScriptAlias /backuppc/cgi-bin /opt/backuppc/cgi-bin
Alias       /backuppc         /opt/backuppc/images

<Directory /opt/backuppc/images>
    Options None
    Options +Indexes
    Options +Includes
    AllowOverride None
    order deny,allow
    deny from all
    allow from all
</Directory>

<Directory /opt/backuppc/cgi-bin>
        SSLRequireSSL on
        Options ExecCGI
        AllowOverride None
        order deny,allow
        deny from all
        allow from all
        AuthName "Your Company Name"
        Satisfy all
        AuthType Basic
        AuthExternal pwauth
        Require valid-user
</Directory>


4. Assuming you used pico to edit the file, you can exit with Control-X. Pico will ask you to save the file. Do so. You should now be back at the command prompt.

5. You now need to expand the template for httpd.conf so that the changes you made will be merged into the "real" httpd.conf file.  Issue the following command to do this:

Code: [Select]

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
6. Now restart the Apache server so that it can read the new httpd.conf file you just generated:

Code: [Select]

/usr/bin/sv h /service/httpd-e-smith
That should do it. You should now be able to connect to the backuppc web interface via the WAN side of your SME server. If this worked for you, thank Daniel (VIP-ire) for this AWESOME contrib and thank everyone involved in putting the SME server together. OH, and don't forget to donate...