I was wondering, is there a way to use my comp as a temporary secure server. I want it to be able to host a couple of files, just movies and stuff for my friends to download, and I have no idea how to do it, or if its even possible. I need secure server (this is also my workstation, so I dont want people to access my other files), a GUI ( cause I cant handle a terminal), and I do have a router with a built in hardware firewall(Netgear). Help appreciated!

I'm assuming this is your machine at home to share with friends online
(as opposed to at the office, sharing with friends down the hall).
If I'm backwards, look into Samba.

Otherwise...

A quick way to do it would be...

1. create an account on the machine with a home directory and maybe a "files" directory inside that.
2. Put a "nologin" stipulation on the account
3. Put the files to be downloaded in there.
4. Tell your friends about the account in an email (including userid and directory where the files are), and
CALL them with the password (very bad idea to email userid with passwd, no matter how insignificant).
5. Email your friends when you put a new file in place, tell them the filename.
6. Your buddies can use scp to get the files.
6a. If they only have Windows clients, tell them to download pscp at
http://the.earth.li/~sgtatham/putty/...-installer.exe (current version today)
or
http://www.chiark.greenend.org.uk/~s.../download.html (where the next version will be)

PuTTY is a great scp client for Windows, and it's free. It comes with the command line utility pscp.

...of course you'll want to redirect traffic on your external interface (router) to this machine on port 22 (called "port forwarding" in many circles, including all the netgears I've seen).

It sounds like you want a webserver runnig with the files on it. That way they can use their web browser.

You can setup an https login for people to use.

I thought of that, but he stressed "secure," so I figured that wasn't an option for one reason or another.

BTW, RagingIfrit, if that'll work, then yes, it's a better way. I believe your Fedora installation disks will have everything you need, but I've only installed Fedora once, so I'm not the one to tell you how to get it there w/o reinstalling. I'm sure it's pretty straightforward tho. And most of the default config will be fine.

...and click the affero button on DavidPhillips's post. ;)

I can give you an upload script if you need it.

Just be sure you redirect all http traffic to https before prompting for a password.

Something like this for Apache


<VirtualHost *>
ServerAdmin admin@dcphillips.net
DocumentRoot /var/www/unsecure/upload
ServerName upload.dcphillips.net
ErrorLog logs/error_log
CustomLog logs/access_log common
</VirtualHost>


<VirtualHost *:443>
Port 443
DocumentRoot "/var/www/upload"
ServerName upload.dcphillips.net
ServerAdmin admin@dcphillips.net
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>

<Directory /var/www/upload>
EnablePut On
Options +Indexes
AuthType Basic
AuthName Temporary
AuthUserFile /var/www/access/upload/.htpasswd
EnableDelete Off
umask 007
require valid-user
</Directory>



Your site for the http must redirect to https..

$ cat /var/www/unsecure/upload/index.php
<?php
header("Location: https://upload.dcphillips.net/");
exit();
?>





Of course you can simply allow downloads if you want to.

The important thing to have is the login requirement and the use of https.

You caould get fancy with the interface if you want, the one shown will simply prompt for a login using a popup dialog.



Here is a simple upload page..

<HTML>
<HEAD>
<TITLE>Upload ...</TITLE>
</HEAD>
<BODY BGCOLOR="396DA5">
<P>
<FORM ENCTYPE="multipart/form-data" ACTION="/cgi-bin/upload.cgi" METHOD="POST">
<H3>Choose the files you want to upload from your computer.</H3>
<HR size=l>
<TABLE BORDER=0 WIDTH="500">
<TR>
<TD ALIGN=RIGHT>
File #1:
</TD>
<TD>
<INPUT TYPE="FILE" NAME="file-to-upload-01" SIZE="35">
</TD>
</TR>
<TR>
<TD ALIGN=RIGHT>
File #2:
</TD>
<TD>
<INPUT TYPE="FILE" NAME="file-to-upload-02" SIZE="35">
</TD>
</TR>
<TR>
<TD ALIGN=RIGHT>
File #3:
</TD>
<TD>
<INPUT TYPE="FILE" NAME="file-to-upload-03" SIZE="35">
</TD>
</TR>
<TR>
<TD ALIGN=RIGHT>
File #4:
</TD>
<TD>
<INPUT TYPE="FILE" NAME="file-to-upload-04" SIZE="35">
</TD>
</TR>
<TR>
<TD COLSPAN=2>&nbsp;<BR></TD>
</TR>
<TR>
<TD>
<INPUT TYPE="SUBMIT" VALUE="Upload">
<INPUT TYPE="RESET" VALUE="Reset">
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>

Thanks everyone, ill look into it and get back to you (in a little while, cause im going to Peurto Rico). Also, will these servers work with my router auto, or will I have to screw with stuff?

Well, assuming the netgear is running a default config, yes. You'll have to mess with it. Actually, the likelihood of NOT having to change a thing is very slim.

Firewalled routers block everything coming in, unless you tell them otherwise. Regular web traffic uses port 80. Secure web traffic, 443 (see the post by DavidPhillips). If you go with ssh, it's port 22. All can be changed if you want, but the defaults are simplest.

To get your router to pass the desired traffic to the server, you'll have to use the "port forwarding" config in your router's setup. It basically means that when a packet hits your router looking for a connection to a (example) web server, the router "forwards" the packet to the machine predesignated as the web server and allows the connection to happen. Some Netgears have predefined port forwarding choices; I think they're listed as "services."

Have fun in Puerto Rico (hopefully it's a vacation).


....and DavidPhillips, thanks for the pointers; I've been wanting to set up a secure web server for a while, but had no real reason for doing it, so I haven't researched it. Since you've pointed me in the right direction, I'll be starting it next week.

Oh, one more question, since we're on secure web already... I just hit your page (link in your last post), and my browser (Firefox) flagged your cert. Is that just the nature of self-signed certs? I'm a bit fuzzy on that whole dealio.