Web Server Aliases

How to make homepages

If you want a personal web page on the ECE/CIS machines, please post a help-request ticket at http://www.eecis.udel.edu/service. Once space has been allocated, you will access your WWW files under /usb/$USER/public_html.

The URL for research accounts will be https://www.eecis.udel.edu/~$USER.

For acad accounts the URL will be https://www.acad.ece.udel.edu/~$USER.

Static Site Generation

Care to make a personal or professional site for you or or reasearch group?

We use and recommend Hugo, a fast and lightweight program that converts text files composed in the wiki-like Markdown syntax into static html files which are served quite efficiently to the web. You can go to the Hugo Documentation page to find more information about installation, base templates, and configuration.

If you intend to use Hugo to generate your personal site, we are happy to help with configuring and uploading your generated site. In the Hugo configuration, make sure you specify your base URL as listed above.

For example: baseURL = "https://www.eecis.udel.edu/~$USER"

CGI server, cgi-bin to make homepages

User cgi scripts are not enabled on the main web servers mentioned above for security reasons. There is a web server available to run CGI scripts on. It is on a separate, untrusted server to minimize security risks. Users are only given CGI space on request.

Requested space will be available at /cgi/$USER on the same system(s) where your website can be edited.

Info:

• Location to put cgi program: /cgi/$USER/public_html/cgi-bin/.
• Name of cgi program must end in .cgi, for example program.cgi
• URL would be https://www.eecis.udel.edu/~$USER/cgi-bin/program.cgi
• perl with CGI.pm, a CGI library, is installed
• python with cgi module is installed
• program.cgi will run as $USER, and therefore can write and read anything that $USER can in /cgi/.
• /cgi/$USER/public_html/cgi-bin/ needs to be readable and executable to httpuser, either mode 755 or with ACLs. However, your scripts do not need to be readable or executable to anyone other than $USER.
• Access to this server is through the filesystems mentioned above. Users do not have access to login to the server.

Note: To have a filesystem made on this server to enable you to create/use CGI scripts, use the Computer Service / Help Request system and request access to the CGI server.

There are security issues that you should be aware of when writing your own scripts. Note, that if you have a security hole in a script, your account the CGI server can be compromised. Special care should be taken, when writing CGIs and in processing any data from them. (This is why CGI scripts are not enabled on the main dept. web servers)

Access Control

An htaccess file provides a method to limit directory and file access to authorized users with username/password pairs. First, create a directory that is mode 755 (or at least readable and executable to httpuser using ACLs.

[~/public_html/]> ls -al
drwxr-xr-x 4 user group 512 May 18 11:39 .
drwxr-xr-x 3 user group 512 Mar 3 09:28 ..
drwxr-xr-x 2 user group 512 May 18 11:39 protected

The next step is to create your htaccess password file which will be used for authentication.

htpasswd -c /usb/$USER/public_html/.htpasswd new_username

Where new_username is the username you would like to add to the password file. This username does not have to nor should it be the same username or password as your EECIS account. The -c option is used to create a new file. Do not include that flag if you are adding new passwords to an existing file. Users can be deleted by using the -D option.

NOTE: The htpasswd file you create will contain ENCRYPTED passwords. The default encoding is standard Unix crypt, but MD5 hashes can be used by using the -m option and SHA1 hashes can be used by using the -s option. To avoid sending passwords in the clear over networks https should always be used instead of http in these situations.

After you have created the htpasswd file, the next step would be to create an .htaccess file in the directory you wish to restrict access to.

[~/public_html/]> ls -al protected/
total 10
-rwxr-xr-x 1 user group 125 May 18 11:47 .htaccess

NOTE: The .htaccess file and your htpasswd file MUST be world readable. ( mode 644 ), or at least readable by the user httpuser using ACLs, and exist in the /usb web filesystem so the web server has access to them.

The contents of the .htaccess file ( which protects the entire directory ) are as follows:

AuthType Basic
AuthName "My Protected Directory"
AuthUserFile /usb/username/public_html/.htpasswd
require valid-user

From above:

• The AuthType tells the server what protocol is to be used for authentication. At the moment, Basic is the only method available. However a new method, Digest, is about to be standardized, and once browsers start to implement it, digest authentication will provide more security than the basic authentication.
• The AuthName is what the user will see when accessing this directory.
• The AuthUserFile contains the username / encrypted password pairs.
• The require valid-user line only allows users in the chosen password file even try to authenticate.
• You should now be able to test the new configuration by accessing that directory with your web browser.

An example of htaccess can be found on github.

Advanced Features

You can also require that the user use an encrypted session to access certain files. This is good for sensitive or confidential documents which you would not want to send over the network as cleartext. When used in conjunction with the password file you created above, you can allow secure access to only certain users, and certain ip addresses.

To do so, add the following to your .htaccess file (Changing it of course):

<Files secret.txt>
  SSLRequireSSL
  require user secure
  order deny,allow
  deny from all
  allow from 128.4.
</Files>

In the example above, SSL will be required when accessing the file secret.txt. The required username is ‘secure’, but any username which is in your htpasswd file can be specified there. Another option is to specify ‘require valid-user’, which will allow any user in your htpasswd file to authenticate. The ‘allow from 128.4.’ statement specifies that only users connecting from 128.4.*.* are allowed to access ‘secret.txt’. A filemask can also be used in place of a specific file name.

End-of-Service

Please note that personal web pages will remain active only so long as your account is in good standing. When your account expires, your personal web site will be archived and no longer served. See the following section for how to set up a web redirect.

Redirection

The form for web redirection is on the front page of the accounts site, upon logging in. Read on for details.

You might have had a website served by EE/CIS but have moved it somewhere else. This is common for folks who graduate or leave our department, for example.

Now you can set a 301 Redirection for your website. Search engines will see the redirection and replace your EE/CIS results with the redirected URL. Entire a URL into the form, submit & wait for processing. In most cases it is recommended to have a complete URL with schema (starting with http:// or https:// ).

Default behavior

Any/All URLs prefixed by www.eecis.udel.edu/~username will be redirected to the URL entered in the form.

Alternatives

New Username

Perhaps your username changed.
For example, this can happen when a user gets married. Your redirect will look like simply:

/~newusername

Site Mirror

Perhaps you have moved your entire website, keeping the same structure. Your wish is to recursively forward all requests. For example, have a request to https://www.eecis.udel.edu/~username/directory/page.html redirect straight to https://www.example.com/directory/page.html.

In this case, use the following redirection in the web form, which contains a directive that our web server will understand:

https://www.example.com$request_uri

In the above example request, $request_uri expands to /directory/page.html.