Thursday, 16 October 2014

CentOS7 Configuring virtual directory to user FTP home

The purpose of this setup is to allow a single user to be able to use FTP to manage the website.
It is achieved by
  1. Changing the Apache service account to the user
  2. Adding the user to the group "apache"
  3. Adding a virtual directory in httpd.conf to within the user's home, e.g. /home/user/www
Steps (assuming user is named demo)
  • sudo usermod -a -G apache demo
  • sudo vi /etc/httpd/conf/httpd.conf
Edit the file as follows:
#User apache    << comment outUser demo       << add as next lineGroup apache
Alias /name "/home/demo/www"    << find a good place<Directory "/home/demo/www">    << and add these 6 lines    AllowOverride All    Options None    Require all granted</Directory>
Note: in my setup, demo has sudoer rights.

Restart Apache
  • sudo systemctl restart httpd
Configure and enable SSH
  • sudo yum -y install mod_ssl
Create self-signed keys with 10 year validity.  For the "Common Name", this is your domain name, or, lacking one, the IP adddress
  • sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
Now edit the Apache SSL configuration. Use the same domain name/ip address.
  • sudo vi /etc/httpd/conf.d/ssl.conf
Locate the relevant lines and reconfigure as shown below
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"    <<< uncomment
ServerName 176.31.122.82:443    <<< uncomment, and change server name
SSLCertificateFile /etc/httpd/ssl/apache.crt    <<< change
SSLCertificateKeyFile /etc/httpd/ssl/apache.key   <<< change
Restart Apache
  • sudo systemctl restart httpd
Create users and passwords to use with .htaccess (in the directory that needs to be secured)
  • sudo htpasswd -c ./.htpasswd someusername
  • sudo vi ./.htaccess

Put these lines into the .htaccess file
AuthType BasicAuthName "Authentication required"
AuthBasicProvider fileAuthUserFile /full/path/to/.htpasswdRequire valid-user

Lock down specific directories (URL paths) (using "sudo vi /etc/httpd/conf/httpd.conf")
<Directory "/home/demo/www/protecteddir">
    RedirectPermanent /demo/protecteddir/ https://domain.name.com/demo/protecteddir/
</Directory>

Install PHPMiniAdmin - search Google for this PHP file and FTP it to your new FTP root folder.
Note: It would be a good idea to "hide" it, e.g. rename to 'myhiddenmysqltool.php'
Create a MySQL with a password and a user-owned database

  • create user 'username'@'localhost' identified by 'password';
  • create database username;
  • grant all privileges on username.* to 'username'@'localhost';


No comments:

Post a Comment