Mailing List Archive: MythTV: Users

Securing mythweb

Index | Next | Previous | View Threaded

lists at foxhill

Feb 9, 2010, 2:33 AM

Post #1 of 7 (1045 views)
Permalink

Securing mythweb

I've read several guides on how to secure mythweb, but I'm using
mythbuntu and all my files seem to be in different places to what these
guides assume. I also don't seem to have a .htaccess file anywhere.

What's the easiest way to have open access from my 192.168.1.x network
and a single user/password for external access?

A pointer to a current guide would be useful.

Thanks

Ian

_______________________________________________
mythtv-users mailing list
mythtv-users [at] mythtv
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

philledwards at gmail

Feb 9, 2010, 2:46 AM

Post #2 of 7 (1023 views)
Permalink

Re: Securing mythweb [In reply to]

> What's the easiest way to have open access from my 192.168.1.x network
> and a single user/password for external access?

I'm on CentOS so files may be in different places. I don't use a
.htaccess file any more. I have this in a file called
/etc/httpd/conf.d/PME_mythweb.conf (PME is just my initials, BTW; call
it whatever you like):

<Location "/mythweb">
ProxyPass http://elm.edwards.home/mythweb/
ProxyPassReverse http://elm.edwards.home/mythweb/

# To create the myth_htdigest file run this command in /var/www/:
# htdigest -c myth_htdigest MythTV mythtv
# Realm ---^ ^--- username

AuthType Digest
AuthName "MythTV"
AuthUserFile /var/www/myth_htdigest
Require valid-user
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

</Location>

HTH,
Phill
_______________________________________________
mythtv-users mailing list
mythtv-users [at] mythtv
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

mrand at pobox

Feb 9, 2010, 7:35 AM

Post #3 of 7 (1003 views)
Permalink

Re: Securing mythweb [In reply to]

On Tue, Feb 9, 2010 at 4:33 AM, Ian Oliver <lists [at] foxhill> wrote:
> I've read several guides on how to secure mythweb, but I'm using
> mythbuntu and all my files seem to be in different places to what these
> guides assume. I also don't seem to have a .htaccess file anywhere.
>
> What's the easiest way to have open access from my 192.168.1.x network
> and a single user/password for external access?
>
> A pointer to a current guide would be useful.

If this is just for use within your 192.168.1.x network, all you
should need to do is:
Mythbuntu-control-centre -> Plugins -> Password protect mythweb. If
it is already set to enabled, disable it, click apply, then reenable
it.

Hope that helps,

Marc
_______________________________________________
mythtv-users mailing list
mythtv-users [at] mythtv
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

travis at tabbal

Feb 9, 2010, 7:37 AM

Post #4 of 7 (997 views)
Permalink

Re: Securing mythweb [In reply to]

On Tue, Feb 9, 2010 at 3:33 AM, Ian Oliver <lists [at] foxhill> wrote:

> I've read several guides on how to secure mythweb, but I'm using
> mythbuntu and all my files seem to be in different places to what these
> guides assume. I also don't seem to have a .htaccess file anywhere.
>
> What's the easiest way to have open access from my 192.168.1.x network
> and a single user/password for external access?
>
> A pointer to a current guide would be useful.
>

Honestly, it much more secure to only allow SSH or OpenVPN from the outside
and use those to connect to the Mythweb server. It's also significantly
easier to set up for someone not used to sysadmin duties. SSH being about as
easy as it gets. For even more security, disable login/password auth and use
public keys. With SSH, just use port forwarding and you're good to go. When
you're local, it's not protected so you're OK to just use it.

Most of the guides I've seen send your password with plaintext over the
internet. You might as well not bother, IMO. If you really must do it that
way, at least set up SSL so you can use encryption.

greg12866 at nycap

Feb 9, 2010, 8:00 AM

Post #5 of 7 (1006 views)
Permalink

Re: Securing mythweb [In reply to]

Ian Oliver wrote:
> I've read several guides on how to secure mythweb, but I'm using
> mythbuntu and all my files seem to be in different places to what these
> guides assume. I also don't seem to have a .htaccess file anywhere.
>
> What's the easiest way to have open access from my 192.168.1.x network
> and a single user/password for external access?
>
> A pointer to a current guide would be useful.
>
> Thanks
>
> Ian
>
>
>
> _______________________________________________
> mythtv-users mailing list
> mythtv-users [at] mythtv
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>
>
sudo a2enmod
When prompted for what module you want to enable enter:
auth_digest
Create your password directory
sudo mkdir /etc/mythtv/mythweb-digest/passwd

Create your password FILE
sudo htdigest -c /etc/mythtv/mythweb-digest/passwd/passwords MythTV greg

Grant permissions to the new password file:

sudo chown www-data /etc/mythtv/mythweb-digest/passwd/passwords

sudo chgrp www-data /etc/mythtv/mythweb-digest/passwd/passwords
sudo chmod 640 /etc/mythtv/mythweb-digest/passwd/passwords

sudo nano /etc/apache2/apache2.conf

<Directory "/var/www/mythweb">
Options Indexes FollowSymLinks
AuthType Digest
AuthName "MythTV"
AuthUserFile /etc/mythtv/mythweb-digest/passwd/passwords
Require valid-user
Order allow,deny
Allow from 192.168.1.
Satisfy any
</Directory>

sudo /etc/init.d/apache2 restart

You may have to change a few paths,but this is what I use..This allows
me to access over my lan without authoriziation, but is secure from the
net....

This was based on this how-to...
https://help.ubuntu.com/community/MythWeb#WhyAnAnchor
_______________________________________________
mythtv-users mailing list
mythtv-users [at] mythtv
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

lists at foxhill

Feb 9, 2010, 11:54 AM

Post #6 of 7 (992 views)
Permalink

Re: Securing mythweb [In reply to]

In article <4B7186B0.5030302 [at] nycap>, Greg wrote:
> This was based on this how-to...
> https://help.ubuntu.com/community/MythWeb#WhyAnAnchor

Thanks, I'll read that and your message carefully and then give it a
bash.

I may later try and use https with apache, but that's maybe best done
as a second stage. I'm going to stick this on an "odd" port, so it
will be hard for people to find it anyway.

Ian

_______________________________________________
mythtv-users mailing list
mythtv-users [at] mythtv
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

mythtv at ncc1701

Feb 9, 2010, 5:46 PM

Post #7 of 7 (977 views)
Permalink

Re: Securing mythweb [In reply to]

> To: mythtv-users [at] mythtv
> Subject: Re: [mythtv-users] Securing mythweb
>
> Ian Oliver wrote:
> > I've read several guides on how to secure mythweb, but I'm using
> > mythbuntu and all my files seem to be in different places to what
> these
> > guides assume. I also don't seem to have a .htaccess file anywhere.
> >
> > What's the easiest way to have open access from my 192.168.1.x
> network
> > and a single user/password for external access?
> >
> > A pointer to a current guide would be useful.
> >
> > Thanks
> >
> > Ian

Playing the role of Mr Obvious, if you installed mythweb via mythubuntu
packages
then the command

$ sudo dpkg-reconfigure mythweb

will reconfigure the mythweb package, prompting you for security
details.

If you are *not* using the packaged mythweb, then this helps you
not-at-all.

Rgds
Dave

_______________________________________________
mythtv-users mailing list
mythtv-users [at] mythtv
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads