Ryan Roth wrote: > OK I have stunnel working. I would like to write a howto for the wiki, > but I would like to include the encrypted passwords in the how to also.
Great wiki page. I think it would be better to use a tuple for encrypted user names and passwords, then the password checker can detect that it is a tuple and use the first word as the type of key. Some _smart_ user will use a password 'crypt-' and then no login. Better to use a tuple. Something in the back of my mind tells me that encrypted passwords are a bit of a waste of time on a freevo box, unless it is shared by different people. One of the big problems is that there is no access control, such as read (play) only and read-write. BTW crypt is not very secure, that's why shadow uses md5 passwords; md5 is easy to get from the command line: echo 'password' | md5sum In the patch, you were messing around with local_conf.py, which is not a good idea. Better to just output the line, which can be pasted into the local_conf.py Duncan > > Duncan Webb wrote: >> Ryan Roth wrote: >> >>> The reason I wanted this is start making the web interface more secure. >>> I wanted to take with people and see what they though about changing the >>> web server to a secure server. This would be nice for those of us who >>> forward web traffic from our public IP to our Freevo box. >>> >> That's what I thought the intention was. However making the password >> more secure does not mean that the freevo box is secure. There are >> several things that you need to do to make the box more secure when >> accessed externally. >> >> First install stunnel, this means that you can access the freevo box >> using the https:// protocol, this means that the data, including >> passwords is not transmitted over the net in a readable form. See: >> http://www.linuxfromscratch.org/blfs/view/svn/postlfs/stunnel.html >> >> Configure a service for freevo webserver: >> [https] >> accept = 443 >> connect = 8080 >> TIMEOUTclose = 0 >> >> You will need a group and a user for freevo webserver access. Lets say: >> groupadd -g 80 freevo >> useradd -c "Freevo Webserver" -d /home/freevo \ >> -g freevo -s /bin/false -u 80 freevo >> >> Change the freevo webserver port and user and group ids in local_conf.py >> WEBSERVER_UID = 80 >> WEBSERVER_GID = 80 >> WEBSERVER_PORT = 8080 >> >> Then you have to change the group and the permissions of the freevo >> media directories. Something like: >> find /freevo -type d -exec chgrp freevo {} \; >> find /freevo -type d -exec chmod g+ws {} \; >> >> You will also need to change the ownership and permissions on other >> files, eg webserver-80.log, so that the freevo user can write to these >> files. There may be more that you need to change. >> >> Lastly you need to open port 443 on your firewall that then points to >> the freevo box. >> >> Hope this helps and when you have got it working may be adding a wiki >> page would be good. >> >> Duncan >> >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Freevo-users mailing list >> Freevo-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/freevo-users >> >> > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Freevo-users mailing list > Freevo-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freevo-users > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Freevo-users mailing list Freevo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freevo-users
