One place for hosting & domains

      Apache

      How To Configure WebDAV Access with Apache on Ubuntu 18.04


      Introduction

      WebDAV is an extension of the HTTP protocol that allows users to manage files on remote servers. There are many ways to use a WebDAV server, you can, for example, share Word or Excel documents with your colleagues by uploading them to your WebDAV server. You can also share your music collection with your family and friends by simply giving them a URL. All of this can be achieved without them installing any additional software as everything is built right into their operating system.

      In this article, you’ll configure an Apache web server to enable WebDAV access from Windows, Mac, and Linux with SSL and password authentication.

      Prerequisites

      Before you begin this guide, you will need the following:

      WebDAV requires very few server resources, so any sized virtual machine will be enough to get your WebDAV server up and running.

      Log in to your server as the sudo-enabled, non-root user to start the first step.

      Step 1 — Enabling the WebDAV Apache Modules

      The Apache web server provides a lot of functionality as optional modules. You can enable and disable these modules to add and remove their functionality from Apache. Its WebDAV functionality is included in a module that you installed along with Apache, but is not enabled by default.

      You enable the WebDAV module for Apache using the a2enmod utility. The following two commands will enable the WebDAV modules:

      • sudo a2enmod dav
      • sudo a2enmod dav_fs

      Now, restart Apache to load the new modules:

      • sudo systemctl restart apache2.service

      You’ve now loaded and started the WebDAV module. In the next step, you will configure Apache to serve your files via WebDAV.

      Step 2 — Configuring Apache

      In this step, you will create all the configurations that Apache needs to implement a WebDAV server.

      First, create the WebDAV root folder at /var/www/webdav that will hold the files you want to make available over WebDAV:

      • sudo mkdir /var/www/webdav

      Then, set Apache’s user, www-data, to be the owner of the WebDAV directory:

      • sudo chown www-data:www-data /var/www/webdav

      Next, you need to create a location for the database file that Apache uses to manage and lock the files that WebDAV users are accessing. This file needs to be readable and writable by Apache, but must not be available from the website as this can leak sensitive information.

      Create a new directory with the mkdir utility for the database file at /usr/local/apache/var/:

      • sudo mkdir -p /usr/local/apache/var/

      The -p option tells the mkdir utility to create all the directories in the path you specified if they don’t exist.

      Next, set the owner and group of the new directory to Apache’s user and group with the chown utility:

      • sudo chown www-data:www-data /usr/local/apache/var

      Now, you need to edit the VirtualHost file that holds the Apache configuration about your domain name. This file is located in /etc/apache2/sites-enabled/ and ends in le-ssl.conf if you used Certbot to register the SSL certificate.

      Open the VirtualHost file with a text editor:

      • sudo nano /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      On the first line, add the DavLockDB directive:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      DavLockDB /usr/local/apache/var/DavLock
      . . .
      

      Next, add the following Alias and Directory directives inside the <VirtualHost> tags following all the other directives:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      . . .
      Alias /webdav /var/www/webdav
      
      <Directory /var/www/webdav>
          DAV On
      </Directory>
      

      The Alias directive maps requests to http://your.server/webdav to the /var/www/webdav folder.

      The Directory directive tells Apache to enable WebDAV for the /var/www/webdav folder. You can find out more about mod_dav from the Apache docs.

      Your final VirtualHost file will be as follows, which includes the DavLockDB, Alias, and Directory directives in the correct locations:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      DavLockDB /usr/local/apache/var/DavLock
      <IfModule mod_ssl.c>
      <VirtualHost *:443>
          ServerAdmin admin@your_domain
              ServerName your_domain
              ServerAlias your_domain
              DocumentRoot /var/www/your_domain/public_html
              ErrorLog ${APACHE_LOG_DIR}/error.log
              CustomLog ${APACHE_LOG_DIR}/access.log combined
      
              SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
              SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem
              Include /etc/letsencrypt/options-ssl-apache.conf
      
              Alias /webdav /var/www/webdav
      
              <Directory /var/www/webdav>
                  DAV On
              </Directory>
      
      </VirtualHost>
      </IfModule>
      

      If you make any syntax errors while you are editing Apache’s configuration it will refuse to start. It’s a good practice to check your Apache configuration before restarting Apache.

      Use the apachectl utility to check the configuration:

      • sudo apachectl configtest

      If your configuration is error free, apachectl will print Syntax OK. When you receive this, it is safe to restart Apache to load the new configuration:

      • sudo systemctl restart apache2.service

      You’ve now configured Apache as a WebDAV server to serve files from /var/www/webdav. However, you don’t yet have authentication configured or enabled so anyone that can access your server will be able to read, write, and edit your files. In the next section, you will enable and configure WebDAV authentication.

      Step 3 — Adding Authentication to WebDAV

      The authentication method that you will use is called digest authentication. Digest authentication is the more secure method of WebDAV authentication, especially when coupled with HTTPS.

      Digest authentication works with a file that stores the usernames and passwords of users that are allowed to access the WebDAV server. Just as with the DavLockDB the digest file needs to be stored in a location that Apache can read and write to and that cannot be served from your website.

      As you already created /usr/local/apache/var/ for this purpose, you will place the digest file there as well.

      First, create an empty file called users.password at /usr/local/apache/var/ with the touch utility:

      • sudo touch /usr/local/apache/var/users.password

      Then change the owner and group to www-data so Apache can read and write to it:

      • sudo chown www-data:www-data /usr/local/apache/var/users.password

      New users are added to WebDAV using the htdigest utility. The following command adds the user sammy:

      • sudo htdigest /usr/local/apache/var/users.password webdav sammy

      The webdav in this command is the realm and should be thought of as the group you are adding the new user to. It is also the text displayed to users as they enter their username and password when they access your WebDAV server. You can choose whatever realm best describes your use case.

      It will prompt you to enter a password and confirm it when you run the htdigest command:

      Output

      Adding user sammy in realm webdav New password: Re-type new password:

      Next, you’ll tell Apache to require authentication for WebDAV access and to use the users.password file.

      Open your VirtualHost file:

      • sudo nano /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      Then, add the following lines inside the Directory directive block:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      AuthType Digest
      AuthName "webdav"
      AuthUserFile /usr/local/apache/var/users.password
      Require valid-user
      

      These directives do the following:

      • AuthType Digest: Use the digest authentication method.
      • AuthName "webdav": Only allow users from the webdav realm.
      • AuthUserFile /usr/local/apache/var/users.password: Use the usernames and passwords contained in /usr/local/apache/var/users.password.
      • Require valid-user: Allow access to any user listed in the users.password file that supplied the correct password.

      Your <Directory> directive will be as follows:

      /etc/apache2/sites-enabled/your_domain-le-ssl.conf

      <Directory /var/www/webdav>
        DAV On
        AuthType Digest
        AuthName "webdav"
        AuthUserFile /usr/local/apache/var/users.password
        Require valid-user
      </Directory>
      

      Next, enable the auth_digest Apache module so that Apache knows how to use the digest authentication method:

      Finally, restart Apache to load all the new configuration:

      • sudo systemctl restart apache2.service

      You’ve now configured your WebDAV server to use HTTPS and digest authentication. It is ready to start serving files to your users. In the next section, you’ll access a WebDAV server from either Windows, Linux, or macOS.

      Step 4 — Accessing WebDAV

      In this step, you’ll access a WebDAV server with the native file browsers of macOS, Windows, and Linux (KDE and GNOME).

      Before you get started accessing your WebDAV server you should put a file into the WebDAV folder, so you have a file to test.

      Open a new file with a text editor:

      • sudo nano /var/www/webdav/webdav-testfile.txt

      Add some text then save and exit. Now, set the owner and group of this file to www-data:

      • sudo chown www-data:www-data /var/www/webdav/webdav-testfile.txt

      You are now ready to start accessing and testing your WebDAV server.

      Linux KDE

      First, open the KDE Dolphin file manager. Then edit the address bar with a URL that has the following form:

      webdavs://your_domain/webdav
      

      image showing WebDAV link in the Dolphin address bar

      When you hit ENTER you will be prompted to enter a username and password.

      image showing the username and password dialog box

      Check the Remember password option if you want Dolphin to retain your password. Then click OK to continue. It will now present you with the contents of the /var/www/webdav/ directory, which you can manipulate as if they were on your local system.

      Bookmark your WebDAV server by grabbing the folder icon in the address bar and dragging it under the Remote section in the left-hand navigation panel.

      Image showing the WebDAV server in the Dolphin Remote locations

      Linux GNOME

      First, open the Files application by clicking on its icon on the right-hand side of the desktop.

      Image showing Finder icon

      When Files opens do the following:

      1. Click on + Other Locations.
      2. Enter the URL of your WebDAV instance with the following form:
      davs://your_domain/webdav
      

      Image showing the Files application

      Then, click on Connect. It will then prompt you with a username and password dialog box.

      Image showing the username and password dialog

      Enter your username and password then click Connect to log in to your WebDAV server. Check the Remember forever option if you do not want to enter your password every time you access your files.

      Your WebDAV folder will now be available in Files where you can manage your files:

      Image showing the WebDAV server in the Files application

      macOS

      First, open the Finder application. Next, click on the Go menu and then on Connect to server.

      Image showing the Go menu in the Finder application

      You will now find a new dialog box where you enter the URL of the WebDAV server. This URL must have the following form:

      https://your_domain/webdav
      

      Image showing the URL entry dialog box

      Click on the Connect button to continue. It will prompt you to enter a username and password.

      Image showing the username and password dialog

      Click on Connect to complete adding your WebDAV server to your system.

      You will now find your WebDAV server in Finder under the Locations section.

      Image showing the WebDAV share in Finder

      Windows

      First, from the Start Menu, open the File Explorer application. When this opens select This PC from the left-hand navigation panel.

      Image showing This PC in the navigation panel

      Next, click on the Map network drive icon in the top navigation bar.

      Image showing the Map network drive icon in top navigation panel

      Enter the URL of your WebDAV server with a URL of the following form:

      https://your_domain/webdav
      

      Image showing the URL entry dialog

      Click Finish to connect to your WebDAV server. It will prompt you to enter a username and password.

      Image showing username and password entry dialog

      Enter your username and password and click OK to log in to your server. Check the Remember my credentials option if you do not want to enter your password every time you access your files.

      Your WebDAV will now appear as a location under the This PC section of the File Explorer left-hand navigation panel.

      Image showing the WebDAV share in File Explorer

      Conclusion

      You have now set up and configured a secure WebDAV server to serve your files to your users. No matter what operating system your users have on their local system they will be able to access and manage the files in your WebDAV server.



      Source link

      What is Apache?


      The Apache HTTP Server is an open-source web server popular for its flexibility, power, and widespread support. It can be extended through a dynamically loadable module system, and is able to process a large number of interpreted languages without connecting out to separate software.

      For more resources about the Apache web server, please visit:

      • A complete list of our Apache tutorials and other content
      • How To Install the Apache Web Server on Ubuntu 20.04



      Source link

      How To Install OpenEMR on Ubuntu 20.04 with a LAMP Stack (Apache, MySQL, PHP)


      Introduction

      OpenEMR is an open source electronic health records and medical practice management tool. It is used by physicians and healthcare facilities to manage electronic medical records, prescriptions, patient demographic tracking, scheduling, reports, and electronic billing. At the time of this publication, OpenEMR supports more than 30 languages.

      In this tutorial, you will install OpenEMR on an Ubuntu 20.04 server running a LAMP environment (Linux, Apache, MySQL, PHP).

      Prerequisites

      • An Ubuntu 20.04 server with a non-root sudo-enabled user account and a basic firewall. This can be configured using our initial server setup guide for Ubuntu 20.04.
      • A fully installed LAMP stack, including Apache, MySQL, and PHP, with firewall settings adjusted to allow HTTP traffic. Instructions for installing a LAMP stack can be found in Steps 1 through 3 in our guide How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 20.04. Note that Steps 4 through 6 of the LAMP guide are optional as they are for testing purposes and unnecessary for this tutorial.

      Step 1 — Installing Additional PHP Extensions

      When setting up our LAMP stack, a minimal set of extensions were required to get PHP to communicate with MySQL. OpenEMR requires two additional PHP extensions that you will need to install for it to work correctly. Use apt to update your server’s package list and install the php-xml and php-mbstring extensions:

      • sudo apt update
      • sudo apt install php-xml php-mbstring

      After both extensions have been installed, you’ll need to reload the Apache web server for changes to take effect:

      • sudo systemctl reload apache2

      When your webserver has reloaded, you should be ready to proceed to the next step.

      Step 2 — Create a MySQL Database for OpenEMR

      You will now create a database in MySQL for OpenEMR. First, log in to MySQL as the database root user:

      Once you are logged into MySQL as the database root user, create a database named openemr with the following command:

      Next, create a new user and assign them a password by replacing PASSWORD below with a strong password of your choosing:

      • CREATE USER 'openemr_user'@'localhost' IDENTIFIED BY 'PASSWORD';

      Next, grant the new user permission to the openemr database:

      • GRANT ALL PRIVILEGES ON openemr.* TO 'openemr_user'@'localhost';

      To enable these changes, enter the following command:

      Once you have flushed the privileges, you can now exit MySQL:

      You are now ready to proceed to the next step.

      Step 3 — Configuring PHP for OpenEMR

      In this step, you’ll make some changes to the php.ini file as recommended by OpenEMR documentation. If you followed all prerequisites within a fresh Ubuntu 20.04 server, the php.ini that applies to your Apache web server should be located at /etc/php/7.4/apache2/php.ini. In case you have a different PHP version, this path may be slightly different. Adjust as necessary and open the file with a text editor of your choice. Here, we’ll use nano:

      • sudo nano /etc/php/7.4/apache2/php.ini

      Once you are in the php.ini file, you will change the values of several options as recommended by OpenEMR. If you are using nano, you can search for these options using CTRL + W. If there is a semicolon ; in front of the option you are adjusting, make sure to delete it as a semicolon is used to comment out an option.

      Values for the following options should be changed:

      max_ input_vars

      This option limits the number of variables your server can use in a single function. OpenEMR requires this option to have the value 3000:

      /etc/php/7.4/apache2/php.ini

      max_input_vars = 3000
      

      max_execution_time

      This option limits the amount of time (in seconds) a script is allowed to run before being terminated. OpenEMR requires this option to have the value 60:

      /etc/php/7.4/apache2/php.ini

      max_execution_time = 60
      

      max_input_time

      This option limits the time in seconds a script is allowed to parse input data. OpenEMR requires this option to have the value -1, which means that the max_execution_time is used instead:

      /etc/php/7.4/apache2/php.ini

      max_input_time = -1
      

      post_max_size

      This option limits the size of a post, including uploaded files. OpenEMR requires this option to have a value of 30M:

      /etc/php/7.4/apache2/php.ini

      post_max_size = 30M
      

      memory_limit

      This option limits the amount of memory a script is allowed to allocate. OpenEMR requires this option to have a value of 256M:

      /etc/php/7.4/apache2/php.ini

      memory_limit = 256M
      

      mysqli.allow_local infile

      This option enables access to local files with LOAD DATA statements. OpenEMR requires this option to be turned on:

      /etc/php/7.4/apache2/php.ini

      mysqli.allow_local_infile = On
      

      When you are done adjusting the options, save and exit the file. If you are using nano, you can do that by pressing CTRL+X, then Y and ENTER to confirm.

      Next, you’ll need to reload the Apache web server for changes to take effect:

      • sudo systemctl reload apache2

      When your webserver has reloaded, you should be ready to proceed to the next step.

      Step 4 — Downloading OpenEMR

      In this step, you will download OpenEMR and prepare its files for installation. To start, download OpenEMR using the command wget, which retrieves files from the internet:

      • wget https://downloads.sourceforge.net/project/openemr/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz

      Next, extract the files using the tar command. The xvzf argument is used to tell the shell to extract the files (x), name the files extracted (v), uncompress the files with gzip (z), and use the file named in the command (f).

      When the files are done being extracted, you should have a directory named openemr-5.0.2. Change the directory name to openemr using the mv command:

      Next, move the directory to your HTML directory:

      • sudo mv openemr /var/www/html/

      You now need to change the ownership of the directory. Use the chown command and R flag to set the owner of all files and the group associated with openemr to www-data:

      • sudo chown -R www-data:www-data /var/www/html/openemr

      For the installation process, OpenEMR also requires you to change the permissions of the sqlconf.php file so that all users can read and write the file but cannot execute it. After the installation is finished, we’ll change these permissions once again to secure your setup. These permissions can be granted with the chmod command using 666 as argument:

      • sudo chmod 666 /var/www/html/openemr/sites/default/sqlconf.php

      After you change the permissions for the sqlconf.php file, you are ready to proceed to the next step.

      Step 4 — Installing OpenEMR

      In this step, you will install OpenEMR through a web browser and configure the Apache web server. Open a web browser and navigate to http://server_ip/openemr, replacing server_ip with the IP address of your server.

      If everything is working correctly, the browser should display the OpenEMR Setup page:

      OpenEMR setup page

      Click Proceed to Step 1. You should now be directed to a new OpenEMR Setup page for Step 1 of the installation process:

      OpenEMR setup page — Step 1

      On the new page, select I have already created a database as you already created an OpenEMR database in Step 3 of this tutorial. Then click Proceed to Step 2.

      Your browser should now display Step 2 of the OpenEMR Setup:

      OpenEMR setup page — Step 2
      In the Login and Password fields in the MySQL Server Details section, enter the username and password you picked in Step 3.

      In the OpenEMR Initial User Details section, create an Initial User Login Name and password.

      If you’d like to enable 2 Factor Authentication for the initial user, click the option Enable 2FA.

      Then click Create DB and User. It may take a few minutes for the next page to load. This page will verify the successful creation of the user and database:

      OpenEMR setup page — Step 3

      Click Proceed to Step 4 to continue. The next page will confirm the creation and configuration of the Access Control List:

      OpenEMR setup page — Step 4

      Click Proceed to Step 5 to continue. The next page will show you the required PHP configurations for OpenEMR. Your current configuration should match their requirements as you already adjusted them in Step 4.

      OpenEMR setup page — Step 5

      Click Proceed to Step 6 to continue. The next page will show you how to configure your Apache Web Server for OpenEMR:

      OpenEMR setup page — Step 6

      To configure the Apache Web Server for OpenEMR, create a new configuration file named openemr.conf. You can do that from your terminal using the nano editor:

      • sudo nano /etc/apache2/sites-available/openemr.conf

      Inside the file, paste the following directives:

      /etc/apache2/sites-available/openemr.conf

       <Directory "/var/www/html/openemr">
            AllowOverride FileInfo
            Require all granted
        </Directory>
        <Directory "/var/www/html/openemr/sites">
            AllowOverride None
        </Directory>
        <Directory "/var/www/html/openemr/sites/*/documents">
            Require all denied
        </Directory>
      

      Save and close the file. Then, restart Apache so that the changes are loaded:

      • sudo systemctl restart apache2

      Next, return to the browser and click Proceed to Select a Theme. On the next page, select a theme and click Proceed to Final Step:

      OpenEMR setup page — Step 7

      You should now be directed to the final setup page with confirmation details regarding your installation:

      OpenEMR setup page — Final Step

      This page will also give the user name and password details for your initial user. Make sure to have these details available before you leave the page. When you are ready, click the link at the bottom to start using OpenEMR.

      A window will pop up asking whether you want to register your installation. After making your choice, log in to OpenEMR with your initial user credentials. Once you are logged in, your browser should display the OpenEMR dashboard:

      OpenEMR dashboard

      Before going any further, make sure to change the file permissions as indicated in the next step.

      Step 5 — Changing FileSystem Permissions

      To improve the security of the system, OpenEMR advises users to change permissions of several files after installation. In this step, you will change the permissions of these files to further restrict read and write access.

      First, you will change the permissions of the sqlconf.php file whose permissions you modified in Step 3 to give the owner read and write access and group members only read access.

      These permissions can be granted with the chmod command using 644 as the argument:

      • sudo chmod 644 openemr/library/sqlconf.php

      Next, you will change the permissions of several other files to allow only the file owner to read and write the file.

      Grant these permissions by using the chmod command with the 600 argument on the following files:

      • sudo chmod 600 openemr/acl_setup.php
      • sudo chmod 600 openemr/acl_upgrade.php
      • sudo chmod 600 openemr/setup.php
      • sudo chmod 600 openemr/sql_upgrade.php
      • sudo chmod 600 openemr/gacl/setup.php
      • sudo chmod 600 openemr/ippf_upgrade.php

      Your files should now have more secure permission settings.

      In addition to changing file permissions, OpenEMR’s documentation strongly advises additional steps for securing each of OpenEMR’s components. These steps include deleting scripts in OpenEMR after installation, enforcing strong passwords, enabling HTTPS-only traffic, adjusting the firewall, and hardening Apache. Make sure to visit OpenEMR’s security documentation to learn more about how you can best protect your OpenEMR installation.

      Conclusion

      You have now installed OpenEMR on an Ubuntu 20.04 server using Apache, MySQL, and PHP. For instructions on pointing a domain name to your server, you can follow our guide How To Point to DigitalOcean Nameservers From Common Domain Registrars. For OpenEMR documentation, you can visit the OpenEMR Wiki Page.



      Source link