Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to make files (~500MB each) available for download. FTP is not an option, neither is using Dropbox or something similar. I've setup Apache2 (on Debian) and have placed the files in /var/www and have sent the links for download to the users. There isn't going to be much concurrency, there will be 10 downloads going on at the same time at most.
I am hoping to hear your thoughts on this.
Is this a reliable solution?
Is there anything i should be worrying about related to security? (The Apache server is only accessible via LAN/WAN and not accessible via the Internet, i have disabled server signature,directory listing based google results on securing Apache)
How would this setup respond to people using download managers?
How do i enable support for the user to pause and resume the downloads?
Is there anything i am missing in this setup?
Is there a better way to make files available over http?
Should i make any additional configurations to ensure reliable data transmission over long distances, some of the users are not in the same LAN as the Apache server?
Hoping to hear on this from the learned members of this forum.
For starters it would be a lot easier to use a torrent
something like "Oneswarm" would be a good option
Quote:
there will be 10 downloads going on at the same time at most.
a P2P option would be good for this
but if you want to go to the trouble of setting up apache and BUYING $$$ a domain
or using something like "no-ip.com"
start by studying the apache documents
-- yes studying like for a final exam that you MUST pass with a 4.0 http://httpd.apache.org/docs/2.4/
if this is only going to about 10 people then you DO NOT want the whole internet to have access to the files
this requires you to lock it down and use "Authentication " like a username and password or locking out EVERY ip address EXCEPT the ones you want to have access
if this is only going to about 10 people then you DO NOT want the whole internet to have access to the files
this requires you to lock it down and use "Authentication " like a username and password or locking out EVERY ip address EXCEPT the ones you want to have access
I agree with this assessment. In addition I'd like to add you should use signed SSL certificates on top of it. You can run your own certificate authority and distribute the CA cert to your friends to trust. From there, SSL communication to your server can be verified. I used this tutorial to be my own certificate authority. If you prefer to go a more graphical route you can manage certificate authority certificates and signed certificates using xca.
Auth+SSL should always be your default option. I also agree that for so few users it would be more useful for you to run your own tracker and provide them with a torrent for P2P download.
Hi,
I need to make files (~500MB each) available for download. FTP is not an option, neither is using Dropbox or something similar.
WHY can't you use Dropbox or FTP?
Quote:
I've setup Apache2 (on Debian) and have placed the files in /var/www and have sent the links for download to the users. There isn't going to be much concurrency, there will be 10 downloads going on at the same time at most.
I am hoping to hear your thoughts on this.
Is this a reliable solution?
Sure, but for ten users, I think it's overkill.
Quote:
Is there anything i should be worrying about related to security? (The Apache server is only accessible via LAN/WAN and not accessible via the Internet, i have disabled server signature,directory listing based google results on securing Apache)
If these people are coming in over the Internet, then you will obviously have your server exposed to the Internet on that port. Anytime you do that, you SHOULD worry about security.
Quote:
How would this setup respond to people using download managers?
How do i enable support for the user to pause and resume the downloads?
Should be just fine, and I've never encountered any problems with download managers requiring special setups before.
Quote:
Is there anything i am missing in this setup?
Is there a better way to make files available over http?
Should i make any additional configurations to ensure reliable data transmission over long distances, some of the users are not in the same LAN as the Apache server?
Nothing you CAN do to make Internet transmissions more reliable. Once it leaves your server, you have ZERO control over it. Also, be aware that the speed of your Internet connection is going to be your bottleneck.
Personally, I'd use Google Drive, and set up a private partition that you need user ID/password for, and shovel your files up to it. There are Google Drive clients for Windows, Mac, Android, iOS, and Linux.
The apache server is accessible only via Private IP (all users are on a corporate WAN).
I am using a web server because it is the only service that the security guys allow in/out of the corporate firewall. I've got the security guys to limit the people who can access the IP hosting apache. Do I still need SSL? I don't want to use Dropbox due to nature of the data involved.
There is packet loss of 3-6% to the farthest user(>1K Miles away), I'll post back if this caused issues.
Right now I am trying to track successful downloads by keeping an eye on the access logs, is this the right way?
unless you have access to something like this already
now if you are using the Apache from the apache foundation ( and built it and installed it manually )
then the default /var/www/httpd.conf file is VERY VERY well documented
90% of it is the notes on that config file
Well it depends on how secure the files need to be and how they're traveling. Sure the source IP is restricted from accessing the server but there's no way to restrict someone from pulling data off of the wire while in transit (i.e. packet capturing). I guess it highly depends on what layers of security you have for transport other than SSL. Remember, layers are supposed to be supplemental (no such thing as one size fits all and all security is assumed to by 'by-passable' one way or another). You just make it harder by adding layers.
So it depends on the nature of the data and how your coworkers are accessing it. If in doubt, use SSL, especially when credentials are involved because people tend to use the same password everywhere. It's not good to assume it's secure just because it's inside your corporate network. I manage a large number of internal corporate services for a University and all of those services are encrypted with top level signed certificates after being restricted to internal networks only. We assume our 'corporate' network is a hostile environment which you should too. You never know when a company computer is infected with malware and trying to access everything it can grasp or even a disgruntled employee (or student in my case) trying to do damage.
Since others have added config recommendations I will pitch in. Over the years I've seen different ciphers compromised and other people make recommendations on the internet and so here's a config for trying to limit weak ciphers from being used.
Code:
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:-MEDIUM:!LOW:-SSLv2
SSLCertificateFile /etc/httpd/ssl.crt/somehost.com.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/somehost.com.key
SSLCACertificateFile /etc/httpd/ssl.crt/someca.crt
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.