Publish a web page on your B3 but *not* the admin page

A collection of tips on howto tweak your Bubba.
Post Reply
Posts: 1403
Joined: 10 Aug 2011, 03:18

Publish a web page on your B3 but *not* the admin page

Post by Gordon » 26 Apr 2013, 10:45

In my opinion this is somewhat of a design flaw in the B3. Many of the virtual pages are globally defined, so that if you create your own named host definition on a different root visitors will still be able to access the admin page. I don't want that and if you don't want that too than you should read on.

Let's assume that you already experimented with named virtual hosts, then you may have found that if you named your config file 'blog.conf' apache would keep showing the bubba page and if you named it 'myblog.conf' you actually get to see the intended site. This is due to the (ASCII byte value) load order apache uses and I'm going to implement that to completely ignore the site definition in the original bubba.conf file.

First step is to split this original bubba.conf file into the two individual site definitions: SSL enabled and plain HTTP. As many of you know, I like automation and I'll use that for this purpose again:

Code: Select all

cd /etc/apache2/sites-available

# Find the site definition offsets
offset80=$(grep -b "<\s*VirtualHost.*80\s*>" bubba|cut -d: -f1)&&echo $offset80
offset443=$(grep -b "<\s*VirtualHost.*443\s*>" bubba|cut -d: -f1)&&echo $offset443

# Split the file into two new separate files
if (( $(echo "$offset80 > $offset443"|bc -l) )); then
  dd bs=$offset80 count=1 if=bubba of=bubba-ssl
  dd bs=$offset80 skip=1 if=bubba of=bubba-intranet
  dd bs=$offset443 count=1 if=bubba of=bubba-intranet
  dd bs=$offset443 skip=1 if=bubba of=bubba-ssl
So now I have an SSL enabled version of bubba.conf in 'bubba-ssl' and a plain HTTP version in 'bubba-intranet'. Next step is to enter the LAN IP address as the listen address in the VirtualHost header, so that I can still access the B3 admin site from the LAN:

Code: Select all

# Get the lan interface and find the IP address for it
lanIF=$(bubba-networkmanager-cli getlanif)&&echo $lanIF
lanIP=$(ip route show dev $lanIF|grep "scope link"|awk '{print $7}')&&echo $lanIP

# Change the listen address of the bubba-intranet site to LAN only
sed -i "s/<\s*VirtualHost.*80\s*>/<VirtualHost $lanIP:80>/" bubba-intranet
Now I want a new 'catch all' vhost to replace the default bubba host. I'm not looking to add sensible information on this vhost, since people that are going to be serviced by it are most likely hackers. So I'll quickly prepare a new web root for this vhost:

Code: Select all

mkdir /home/web/errors
cp /var/www/index.html /home/web/errors/index.php
Note that I've renamed the file to .php, so that I can add some dynamic actions or content later on.

This is a listing of the corresponding defaulthost conf file:
# cat /etc/apache2/sites-available/defaulthost
<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /home/web/errors
DirectoryIndex index.php index.html
<Directory />
Options FollowSymLinks
AllowOverride None

ScriptAlias /cgi-bin/ /home/web/errors

ErrorLog ${APACHE_LOG_DIR}/defaulthost-error.log
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/defaulthost-access.log combined

# Remap the Bubba defined paths to the error page
AliasMatch ^/manual /home/web/errors/index.php
AliasMatch ^/pim /home/web/errors/index.php
AliasMatch ^/organizer /home/web/errors/index.php
AliasMatch ^/mail /home/web/errors/index.php
AliasMatch ^/calendar /home/web/errors/index.php
AliasMatch ^/horde3 /home/web/errors/index.php
AliasMatch ^/album /home/web/errors/index.php
AliasMatch ^/admin /home/web/errors/index.php

# Custom error pages
ErrorDocument 400 /errors/index.php
ErrorDocument 401 /errors/index.php
ErrorDocument 403 /errors/index.php
ErrorDocument 404 /errors/index.php
ErrorDocument 500 /errors/index.php
Using quote kills indenting, but in this case I wanted to mark the lines that you want to include in your named vhost as well.

To enable the new site definitions, run the following:

Code: Select all

cd /etc/apache2/sites-available

# assign the highest load priority to defaulthost
ln -s ../sites-available/defaulthost ../sites-enabled/00-defaulthost

# ... and the second highest to bubba-intranet
ln -s ../sites-available/bubba-intranet ../sites-enabled/01-bubba-intranet

/etc/init.d/apache2 reload
If you already have your own named vhost definition (remember to add the appropriate blocks from the defaulthost listing above) in /etc/apache2/sites-enabled, then prepend a number (I suggest you start at 10) to that name as well. This will ensure that it will always get loaded before 'bubba'.

Posts: 1403
Joined: 10 Aug 2011, 03:18

Re: Publish a web page on your B3 but *not* the admin page

Post by Gordon » 31 Dec 2013, 03:58

It was pointed out to me that one thing is not completely clear about the above setup:

The reordering of the web definition as proposed by this howto is that if you access the LAN IP address (by any name!) then you will see the regular bubba page. To see the default page that you created yourself, you need to access the WAN IP address with a name that does not match a named host you defined (essentially its raw IP address or the generic - anything that points to you from the internet but is not supposed to display a valid html page).

Post Reply