Sonora Communications, Inc.

  • Increase font size
  • Default font size
  • Decrease font size

Web Hosting on SME 7

Wednesday, 09 August 2006 09:21 Gene Cooper
E-mail Print PDF

Configure Shared Web Hosting

Never give a web developer your admin password!

This procedure can just as easily be used to securely allow multiple web developers access to separate web sites hosted on the same SME Server.

This procedure will give the user 'webmaster' an e-mail address and public FTP access to a website that is only writable to them (and admin), but not to other users.

  • In Server-Manager Remote Access panel
    • set FTP user account access to 'Public'
    • set FTP access limits to 'Accept Passwords From Anywhere'
  • Create a user who will administer the new web site (ex: webmaster)
  • Create a group for the web developers (ex: webadmins)
  • Create an I-bay for the new web site
    • Set the group to the newly created group (ex: webadmins)
    • Choose writable by group and readable by everyone
    • Set access to "Entire Internet"
    • Enable execution of dynamic content only if necessary (CGI)
  • Create a virtual domain for the new website and point it to the newly created I-bay

Configure FTP Access

Access From the Internet

Install the Remote User Access contrib and then use the new Server-Manager web panel to control FTP access. It is most secure to lock the remote user down to just the 'html' directory of the new I-bay.

Don't forget to forward TCP port 21 to the SME server and to use passive FTP connections.

Install the Remote User Access Add-on

At the SME server command line as root:

yum install -y --enablerepo=smecontribs smeserver-remoteuseraccess

Now, when the web site administrator logs in via FTP with his regular username and password, he simply posts the new web files to the 'www' subdirectory.

Passive Mode

Normally, you can just forward port 21 from your firewall to get FTP access working. However, on SME 7, there is a new EPSV (Extended Passive) mode that supports non-IPv4 protocols. EPSV mode can cause problems with some FTP clients.

Disable EPSV Mode

Create a custom template fragment for /etc/proftpd.conf.

mkdir -p /etc/e-smith/templates-custom/etc/proftpd.conf

then create a new text file:

vi /etc/e-smith/templates-custom/etc/proftpd.conf/65LimitEPSV

containing:

<Limit SITE_CHMOD EPSV EPRT>
DenyAll
</Limit>

then execute:

expand-template /etc/proftpd.conf

and to verify:

cat /etc/proftpd.conf
< Prev   Next >
Last Updated on Thursday, 22 January 2009 07:47  

Main Menu

Your external IP

You are connecting to this site from: 38.107.179.241

Secure Client Login

Email Address:

Password: