Securing a Apache Directory with .htaccess

So I quickly needed a secure directory to deliver some files.

It can not be that hard can it?

I already had a webserver so I just borrowed a little disk space and created my directory.

I know you could secure this with a .htaccess but it took me forever to find the small nugget on information to allow me to get it working.

 

The idea is that you have two files .htaccess and .htpasswd

The .htpasswd I stored in the root on my web server so I have to amend the /etc/httpd/conf/httpd.conf  file in the

<Directory “/var/www/html”> element of the configuration.

You need to change this  AllowOverride None to AllowOverride AuthConfig

While you are in this config you might as well create the virtual host setting.

<VirtualHost *:80>
ServerName download.acme.com
DocumentRoot /var/www/html/download

<Directory "/var/www/html/download">
 AllowOverride All
 allow from all
 Options +Indexes
 </Directory>
</VirtualHost>

Now create the .htaccess file

vi /var/www/html/download/.htaccess

And add the following

AuthType Basic
AuthName "restricted area"
AuthUserFile /var/www/html/.htpasswd
require valid-user

 

Now you need to create the .htpasswd file. The password had to be encrypted so you can not create this by hand

cd /var/www/html/

And issue this command

htpasswd -bc .htpasswd someuser somepass

You know have a protected directory

 

Advertisements

ResourceSpace – changing the search tile

resourcespace

 

I personally do not like the search tile like this, to remove the basic search functionality is fairly easy.

Admin >> System Settings >> User interface >> Basic Simple Search

Change to “Enable”

So you go from this to this

Screen Shot 2018-04-04 at 23.40.52Screen Shot 2018-04-04 at 23.48.03

 


ResourceSpace – changing the metadata

resourcespace

Ok now you have changed the look of the application it is now time to set some of the inner workings. One of these settings is changing keywords that is associated with your images, e.g. brand, pattern, product, type of image etc… the world is your oyster. Well to the tune of 6 key areas.

Screen Shot 2018-04-04 at 21.55.59

There are two lots of changes that you can do here.

Change the titles i.e. “Keywords – Emotion” and the actual entries that can be selected

So to change these

Admin >> System >> Manage metadata fields

Search for keywords

Screen Shot 2018-04-04 at 22.13.20

You can now change the name and the values that can be selected. The other very cool thing is that you can add new Titles and selections, you can therefore add as many as you like, this is pretty cool.

Be careful as lists appear as checkboxes in the search. If you choose though the Dynamic Keywords List this make this type ahead which is pretty cool and makes the search page more slick.

 


ResourceSpace – changing the logon screen

resourcespace

You want to obviously brand the login page to satisfy your marketing team.

Screen Shot 2018-04-04 at 19.11.42

To change “Welcome to ResourceSpace, please log in…”

Admin >> System >> Manage Content

Enter  welcomelogin in the name search, then just edit to your requirements

To stop people applying for an account “Click here to apply for an account”

Admin >> System >> System configuration >> User Accounts

Allow users to request accounts change to  – No

The change the top header

Screen Shot 2018-04-04 at 20.02.28

Logo change

Admin >> System >> System configuration >> User Interface

Screen Shot 2018-04-04 at 20.08.11

The last thing is the background colour and font colour.

You can just change the css file, not sure if this is the best practice. I would suspect not due to upgrade aspects.

PleaseNote READER BEWARE.

cd /var/www/html/resourcespace/css

cp colour.css colour_org.css

sed -e 's/color:#474747;background: #ebebeb/color:#474747;background: #07114f/' colour.css > colour2.css
sed -e 's/h1 {color: #000000;}/h1 {color: #ffffff;}/' colour.css > colour2.css

yes | cp colour2.css colour.css

rm -f colour2.css

 

 

 


ResourceSpace – managing the tiles on the dashboard

resourcespace

Now you have the ResourceSpace  DAM up and running you want to do stuff with it. No one has written a book, (maybe I should. It would be a pretty short book though 🙂 ) to tell you how to administer it, so with a bit from the Knowledge base, some from the Google groups https://groups.google.com/forum/#!forum/resourcespace and just general Google, which tends to get you to the group you can start you journey.

There are some odd things, but once you get into it, it is not so bad

 

So you want to tidy up the front screen.

I wanted to remove the “Knowledge Base Tile”, this took forever to find.

Select the tile and drag it to the left, you will see a Red Remove arrow appear, drop the tile over the arrow and you will be presented with a dialog box

Screen Shot 2018-04-04 at 18.41.34

You can “Delete tile for all users” or you can choose the “Manage all user tiles” The url for this is http://images.acem.com/pages/team/team_dash_tile.php, this can be seen in the Admin section of “Manage dash tiles”

So for people searching Google. “How do I remove a dashboard tile from Resourcespace”, hopefully you will find this.

 

 

 

 


Resource Space – error creating a user

resourcespace

One of the first things I did was to create a user, just to test the system and received this error

/var/www/html/resourcespace/include/message_functions.php line 283: count(): Parameter must be an array or an object that implements Countable

It created the user but what a pain, this is to do with php 7.2 and version 8.4 of ResourceSpace. Have a look below (ResourceSpace errors) for the work around for now.

 

ResourceSpace errors

/var/www/html/resourcespace/include/message_functions.php line 283: count(): Parameter must be an array or an object that implements Countable

vi /var/www/html/resourcespace/include/message_functions.php line 283

:set number

:283

Copy the line, comment it and then change it to (this is not my code, I am no PHP developer)

// if($remote_activity==0 || $remote_refs==0 || count($remote_refs)==0 ){return false;}
if($remote_activity==0 || $remote_refs==0 || ((is_array($remote_refs)) && (count($remote_refs)==0 ))){return false;}

 

This line may be needed more often to get around some of the issues

((is_array($remote_refs)) && (count($remote_refs)==0 ))

 

 


Resource Space Install

resourcespace

We are going to utilise Resource Space digital asset system.

As always the install will be on AWS and the install instructions are sometime pretty good and sometime a bit dubious, so with the install instructions from here https://www.resourcespace.com/knowledge-base/systemadmin/install_overview  and some of my own unique knowledge you get these ramblings.

Because this Red Hat based then we will use https://www.resourcespace.com/knowledge-base/systemadmin/install_centos

So let us start.

yum update

yum install git

yum remove php-*
amazon-linux-extras install php7.2
yum install httpd php php-devel php-gd php-mysqli php-mbstring php-zip subversion

yum install php-pear gcc php-devel php-pear
yum install ImageMagick
yum install poppler

we need the following installed antiword, ExifTool and FFmpeg

Antiword

cd /opt/sofwtare
git clone https://github.com/rsdoiel/antiword.git
cd /opt/software/antiword

We need to edit the Makefile so that the install ends up in the correct place

cp Makefile Makefile_org
vi Makefile

Change these lines to match

LOCAL_INSTALL_DIR = $(HOME)/bin
LOCAL_RESOURCES_DIR = $(HOME)/.antiword

to this

LOCAL_INSTALL_DIR = /usr/local/bin
LOCAL_RESOURCES_DIR = /usr/share/antiword

Change the PATH in .bash_profile and .bashrc  and add /usr/local/bin to the path

Issue this for now to get us going

PATH=$PATH:$HOME/bin:/usr/local/bin

If you type anitword, you should get a listing

ExifTool

mkdir -p /opt/software/exiftool
cd /opt/software/exiftool

Navigate to https://metacpan.org/release/Image-ExifTool to find the latest version of the software.

wget https://cpan.metacpan.org/authors/id/E/EX/EXIFTOOL/Image-ExifTool-10.80.tar.gz
tar -xvzf Image-ExifTool-10.80.tar.gz 

cd Image-ExifTool-10.80

perl Makefile.PL 

Error

Can’t locate ExtUtils/MakeMaker.pm

yum install perl perl-devel
perl Makefile.PL 

make 
make install

FFmpeg

https://github.com/FFmpeg/FFmpeg

mkdir -p /opt/software

git clone https://github.com/FFmpeg/FFmpeg.git

cd FFmpeg

./configure

Error

nasm/yasm not found or too old. Use –disable-x86asm for a crippled build.

yum install nasm

./configure

make

make install

 

Change the php.ini file to reflect these settings, this can be done at a later date but it would be good to do this as soon as you can

vi /etc/php.ini

SecFilterEngine Off
SecFilterScanPOST Off
php_value memory_limit 200M
php_value post_max_size 100M
php_value upload_max_filesize 100M
php_value short_open_tag Off

Now to create the database and user. There are load of references for this all over my posts. I don’t know why I just don’t create a generic one and link to it.

yum install mysql

mysql -u sysadmin_of_mysql -p -h FQDN of database

Create the database

create database resourcespace;

Now create the user

create user 'resourcespace'@'%' identified by 'resourcespace_password';
grant all on resourcespace.* to 'resourcespace'@'%' with grant option;

 

mkdir /var/www/html/resourcespace

cd /var/www/html/resourcespace/

svn co http://svn.resourcespace.com/svn/rs/releases/8.4/ .

chown -R apache:apache /var/www/html/resourcespace

mkdir /var/www/html/resourcespace/filestore
chmod -R 777 /var/www/html/resourcespace/filestore
chmod -R 777 /var/www/html/resourcespace/include

No lets just quickly setup the httpd.conf file just to get us working. This will be the bare bones.

vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80> 
ServerName images.acme.com 
DocumentRoot /var/www/html/resourcespace 

<Directory "/var/www/html/resourcespace"> 
AllowOverride All 
allow from all 
Options +Indexes 
</Directory> 
</VirtualHost>
systemctl start httpd

journalctl -xe (This gives the output on what is running)

You know get to start to configure Resourcespace

Once you have run the configure you need to set the include directory back to normal

cd /var/www/html/resourcespace

chown apache:apache filestore
chmod 755 include

 

The install needs php-zip, for some strange reason this does not exist in AWS repo.

You can build this your self though have a look at this handy post that tells you how to do it 🙂

How to configure this beast will be coming soon

I got some of the ideas for this install from these links, but there was a lot of my own work

https://www.vultr.com/docs/how-to-install-resourcespace-on-centos-7 https://www.isquarehost.com/blog/install-xpdflibxp-antiword-linux/