Updated documentation.
authorPhilipp Spitzer <philipp@spitzer.priv.at>
Tue, 15 Apr 2014 19:36:34 +0000 (21:36 +0200)
committerPhilipp Spitzer <philipp@spitzer.priv.at>
Tue, 15 Apr 2014 19:36:34 +0000 (21:36 +0200)
doc/apache2.txt

index db60660..79563e2 100644 (file)
@@ -1,22 +1,66 @@
-# Add a virtual host similar than that:
+# Add a virtual host similar than that (for apache 2.4):
 # (e.g. in /etc/apache2/sites-available/example.com.conf)
 #
-# The Rewrite* lines are necessary to prevent mod_cgi to filter the Authorization HTTP header.
+# Note that apache has to do authentication/authorization
+# as well if needed (which will normally be the case).
+# Normally, AuthBasic is used by DYNDNS systems.
+# See: http://wiki.apache.org/httpd/PasswordBasicAuth
 
 <VirtualHost *:80>
-  SSLEngine Off
   ServerName dyndns.example.com
   ServerAdmin webmaster@example.com
-  DocumentRoot /var/www/tdyndns
-  DirectoryIndex tdyndns.py
+
   ErrorLog /var/log/apache2/error.log
   CustomLog /var/log/apache2/access.log combined
+
+  DocumentRoot /var/www/tdyndns
+
   <Directory /var/www/tdyndns>
+         DirectoryIndex tdyndns.py
       SetHandler cgi-script
       Options ExecCGI FollowSymLinks
-      RewriteEngine on
-      RewriteCond %{HTTP:Authorization} ^(.*)
-      RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+
+         AuthType Basic
+         AuthName "tdyndns authorization"
+         AuthUserFile "/etc/tdyndns/.htpasswd"
+         Require valid-user
   </Directory>
+
 </VirtualHost>
 
+
+
+# Hint: For clients that do not support AuthBasic (if there should be any),
+# the "AuthBasicFake" parameter might be an option to overcome this.
+
+
+
+
+As an example for an non-standard authorization method, we provided the script
+tdyndns_auth_simplepwd that just checks whether the user is present in the
+system and whether a certain password is given:
+
+<VirtualHost *:80>
+  ServerName dyndns.example.com
+  ServerAdmin webmaster@example.com
+
+  ErrorLog /var/log/apache2/error.log
+  CustomLog /var/log/apache2/access.log combined
+
+  DocumentRoot /var/www/tdyndns
+
+  DefineExternalAuth tdyndnsauth environment /usr/local/bin/tdyndns_auth_simplepwd
+
+  <Directory /var/www/tdyndns>
+         DirectoryIndex tdyndns.py
+      SetHandler cgi-script
+      Options ExecCGI FollowSymLinks
+
+      AuthType Basic
+      AuthBasicProvider external
+      AuthExternal tdyndnsauth
+      AuthName "tdyndns authorization"
+      Require valid-user
+  </Directory>
+
+</VirtualHost>