LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-15-2013, 11:45 AM   #1
austinium
Member
 
Registered: Nov 2007
Location: India
Distribution: Debian Stable, Debian Testing
Posts: 209

Rep: Reputation: 27
Question Using Apache2 host files for download


Hi,

I need to make files (~500MB each) available for download. FTP is not an option, neither is using Dropbox or something similar. I've setup Apache2 (on Debian) and have placed the files in /var/www and have sent the links for download to the users. There isn't going to be much concurrency, there will be 10 downloads going on at the same time at most.

I am hoping to hear your thoughts on this.
  • Is this a reliable solution?
  • Is there anything i should be worrying about related to security? (The Apache server is only accessible via LAN/WAN and not accessible via the Internet, i have disabled server signature,directory listing based google results on securing Apache)
  • How would this setup respond to people using download managers?
  • How do i enable support for the user to pause and resume the downloads?
  • Is there anything i am missing in this setup?
  • Is there a better way to make files available over http?
  • Should i make any additional configurations to ensure reliable data transmission over long distances, some of the users are not in the same LAN as the Apache server?

Hoping to hear on this from the learned members of this forum.

Cheers!
 
Old 08-15-2013, 07:26 PM   #2
John VV
Guru
 
Registered: Aug 2005
Posts: 12,698

Rep: Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687
For starters it would be a lot easier to use a torrent

something like "Oneswarm" would be a good option
Quote:
there will be 10 downloads going on at the same time at most.
a P2P option would be good for this

but if you want to go to the trouble of setting up apache and BUYING $$$ a domain
or using something like "no-ip.com"
start by studying the apache documents
-- yes studying like for a final exam that you MUST pass with a 4.0
http://httpd.apache.org/docs/2.4/

if this is only going to about 10 people then you DO NOT want the whole internet to have access to the files
this requires you to lock it down and use "Authentication " like a username and password or locking out EVERY ip address EXCEPT the ones you want to have access

-- a lot of work ---

Last edited by John VV; 08-15-2013 at 07:27 PM.
 
1 members found this post helpful.
Old 08-16-2013, 09:24 AM   #3
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,418
Blog Entries: 33

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
Quote:
Originally Posted by John VV View Post
if this is only going to about 10 people then you DO NOT want the whole internet to have access to the files
this requires you to lock it down and use "Authentication " like a username and password or locking out EVERY ip address EXCEPT the ones you want to have access
I agree with this assessment. In addition I'd like to add you should use signed SSL certificates on top of it. You can run your own certificate authority and distribute the CA cert to your friends to trust. From there, SSL communication to your server can be verified. I used this tutorial to be my own certificate authority. If you prefer to go a more graphical route you can manage certificate authority certificates and signed certificates using xca.

Auth+SSL should always be your default option. I also agree that for so few users it would be more useful for you to run your own tracker and provide them with a torrent for P2P download.
 
1 members found this post helpful.
Old 08-16-2013, 09:46 AM   #4
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,241

Rep: Reputation: 2475Reputation: 2475Reputation: 2475Reputation: 2475Reputation: 2475Reputation: 2475Reputation: 2475Reputation: 2475Reputation: 2475Reputation: 2475Reputation: 2475
Quote:
Originally Posted by austinium View Post
Hi,
I need to make files (~500MB each) available for download. FTP is not an option, neither is using Dropbox or something similar.
WHY can't you use Dropbox or FTP?
Quote:
I've setup Apache2 (on Debian) and have placed the files in /var/www and have sent the links for download to the users. There isn't going to be much concurrency, there will be 10 downloads going on at the same time at most.

I am hoping to hear your thoughts on this.
Is this a reliable solution?
Sure, but for ten users, I think it's overkill.
Quote:
Is there anything i should be worrying about related to security? (The Apache server is only accessible via LAN/WAN and not accessible via the Internet, i have disabled server signature,directory listing based google results on securing Apache)
If these people are coming in over the Internet, then you will obviously have your server exposed to the Internet on that port. Anytime you do that, you SHOULD worry about security.
Quote:
How would this setup respond to people using download managers?
How do i enable support for the user to pause and resume the downloads?
Should be just fine, and I've never encountered any problems with download managers requiring special setups before.
Quote:
Is there anything i am missing in this setup?
Is there a better way to make files available over http?
Should i make any additional configurations to ensure reliable data transmission over long distances, some of the users are not in the same LAN as the Apache server?
Nothing you CAN do to make Internet transmissions more reliable. Once it leaves your server, you have ZERO control over it. Also, be aware that the speed of your Internet connection is going to be your bottleneck.

Personally, I'd use Google Drive, and set up a private partition that you need user ID/password for, and shovel your files up to it. There are Google Drive clients for Windows, Mac, Android, iOS, and Linux.
 
1 members found this post helpful.
Old 08-16-2013, 10:34 PM   #5
austinium
Member
 
Registered: Nov 2007
Location: India
Distribution: Debian Stable, Debian Testing
Posts: 209

Original Poster
Rep: Reputation: 27
Thank you John VV, Sag47, TB0ne for your replies.

The apache server is accessible only via Private IP (all users are on a corporate WAN).

I am using a web server because it is the only service that the security guys allow in/out of the corporate firewall. I've got the security guys to limit the people who can access the IP hosting apache. Do I still need SSL? I don't want to use Dropbox due to nature of the data involved.

There is packet loss of 3-6% to the farthest user(>1K Miles away), I'll post back if this caused issues.

Right now I am trying to track successful downloads by keeping an eye on the access logs, is this the right way?

Thanks again for your replies.
 
Old 08-16-2013, 11:19 PM   #6
John VV
Guru
 
Registered: Aug 2005
Posts: 12,698

Rep: Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687Reputation: 1687
for the access logs there is a very nice perl tool called "Awstats "
http://awstats.sourceforge.net/

unless you have access to something like this already

now if you are using the Apache from the apache foundation ( and built it and installed it manually )
then the default /var/www/httpd.conf file is VERY VERY well documented
90% of it is the notes on that config file

i take it you do not need a CMS ,but just a folder directory
like this example ( a site i use a lot )
http://pds-imaging.jpl.nasa.gov/data...e_orbiter/ctx/

http://httpd.apache.org/docs/2.4/mod...html#directory
see the part on " Options Indexes "
a snippet for the httpd.conf

Code:
<Directory "/var/www/files">
  Options Indexes 
</Directory>
where "/var/www/files" is where the downloads are
this could be the ROOT directory or not
it could be the "Public_html" folder in your HOME folder
Code:
<Directory /home/YourUserName/public_html>
    AllowOverride FileInfo  Options Indexes
    Options Indexes MultiViews
        Order deny , allow
        Deny from all
        Allow from 123.456.789.012 098.765.432.109  
</Directory>
the "allow from" is a space separated list of allowed ip addresses

but STUDY the documentation

Last edited by John VV; 08-16-2013 at 11:22 PM.
 
Old 08-19-2013, 09:06 AM   #7
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,418
Blog Entries: 33

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
Quote:
Originally Posted by austinium View Post
Do I still need SSL?
Well it depends on how secure the files need to be and how they're traveling. Sure the source IP is restricted from accessing the server but there's no way to restrict someone from pulling data off of the wire while in transit (i.e. packet capturing). I guess it highly depends on what layers of security you have for transport other than SSL. Remember, layers are supposed to be supplemental (no such thing as one size fits all and all security is assumed to by 'by-passable' one way or another). You just make it harder by adding layers.

So it depends on the nature of the data and how your coworkers are accessing it. If in doubt, use SSL, especially when credentials are involved because people tend to use the same password everywhere. It's not good to assume it's secure just because it's inside your corporate network. I manage a large number of internal corporate services for a University and all of those services are encrypted with top level signed certificates after being restricted to internal networks only. We assume our 'corporate' network is a hostile environment which you should too. You never know when a company computer is infected with malware and trying to access everything it can grasp or even a disgruntled employee (or student in my case) trying to do damage.

Since others have added config recommendations I will pitch in. Over the years I've seen different ciphers compromised and other people make recommendations on the internet and so here's a config for trying to limit weak ciphers from being used.
Code:
  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:-MEDIUM:!LOW:-SSLv2
  SSLCertificateFile /etc/httpd/ssl.crt/somehost.com.crt
  SSLCertificateKeyFile /etc/httpd/ssl.key/somehost.com.key
  SSLCACertificateFile /etc/httpd/ssl.crt/someca.crt
Here is the CipherSuite values explained.

You should also disable compression over http because it has recently been found as a vulnerability in SSL.

SAM

Last edited by sag47; 08-20-2013 at 02:58 PM.
 
  


Reply

Tags
apache2, download, fileserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 cgi-bin perl - My browser just wants to download the .pl files keenboy Linux - Server 4 05-19-2010 09:42 AM
[SOLVED] Apache2 - virtual host defaulting to default host slimjim Linux - Server 1 10-31-2009 01:47 AM
Apache2 virtual host. hgb Linux - Networking 10 01-24-2009 02:05 AM
Apache2 Host Issue mbazdell Linux - Networking 10 11-14-2007 04:53 AM
perl files download instead of parsed on apache2 mod-perl2 not parsing perl files zeigerpuppy Debian 1 02-16-2006 05:31 AM


All times are GMT -5. The time now is 06:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration