Amahi Access for Friends

bman289
Posts: 23
Joined: Wed Apr 08, 2009 5:55 am

Amahi Access for Friends

Postby bman289 » Tue Apr 14, 2009 6:13 pm

Hi All,

A few questions regarding a remote webpage interface...

I know the HDA can be accessed remotely via VPN...I'd also love to set it up as a webserver (I chose the webserver feature on the Fedora 9 install) so that friends can access it over the internet via my domain name. I'd like to throw up a webpage of my own design to greet visitors, with my own links to shares, etc. Is this possible?

Assuming I created a domain name of mystuff.com during the Amahi install, what would friends be typing into their address bar to access the site? Can anyone tell me where I'd put my "index" & other files for the page?

Also guess I'd need to allow port forwarding on a router port?

Are people doing this and if so should they be doing it? :? It sounds cool but also invites some special security concerns I'm sure. Lots of questions I know...appreciate the patience.

Thanks to the Amahi Team!!

rampage355

Re: Amahi Access for Friends

Postby rampage355 » Wed Apr 15, 2009 8:39 am

Huge security concerns, I would not recommend opening up HDA to the net unless you are a expert in linux and setting up security within it.

User avatar
cpg
Administrator
Posts: 2618
Joined: Wed Dec 03, 2008 7:40 am
Contact:

Re: Amahi Access for Friends

Postby cpg » Wed Apr 15, 2009 11:23 am

hi bman289,
I know the HDA can be accessed remotely via VPN...I'd also love to set it up as a webserver (I chose the webserver feature on the Fedora 9 install) so that friends can access it over the internet via my domain name. I'd like to throw up a webpage of my own design to greet visitors, with my own links to shares, etc. Is this possible?
it is certainly possible. we know of several people in the community having done so.

there is demand for this feature, so we will probably put something in soon to make it easy to do this in a safe way.

as rampage pointed out, it's something that we need to do with care, as there are potential security implications for doing so.

DISCLAIMER: following the instructions below may or may not be fully secure. please don't blame me if your system blows up in pieces! :)
Assuming I created a domain name of mystuff.com during the Amahi install, what would friends be typing into their address bar to access the site? Can anyone tell me where I'd put my "index" & other files for the page?

Also guess I'd need to allow port forwarding on a router port?
yes, you will need to forward port 80 and/or port 443 (https).
you will need to point mystuff.com to your ip address, or make it a CNAME to YOURNICK.yourhda.com
(or your own dyndns, if you have any).
Are people doing this and if so should they be doing it? :? It sounds cool but also invites some special security concerns I'm sure. Lots of questions I know...appreciate the patience.

Thanks to the Amahi Team!!
This is technical, so be cautious on what you do. I assume you can run commands in

What page gets shown by default is controlled by the order of the files in /etc/httpd/conf.d.
Link or copy (don't move!) the conf file of the app you want to make the default to a file called
00-default.conf. Say you have 1003-gallery2.conf running gallery and you want to show it by default.
You do this:

Code: Select all

ln 1003-gallery2.conf 00-default.conf service httpd restart
i would recommend making it password protected and perhaps running it over https.
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1

User avatar
moredruid
Expert
Posts: 791
Joined: Tue Jan 20, 2009 1:33 am
Location: Netherlands
Contact:

Re: Amahi Access for Friends

Postby moredruid » Wed Apr 15, 2009 12:35 pm

I second (well, third) the motion regarding the security concerns.

I wouldn't recommend having Amahi face the internet at large. However, a webserver luckily doesn't need lots of resources so you may have another option.
I'm thinking of running a very minimal install with webserver within a Virtual Machine (VMWare for instance). If you set up that image with its own IP address and let your router pass through traffic to that system your Amahi install isn't affected if the VM image is compromised. This will be some work to set up but it ensures a clear separation from your (valuable) data on Amahi.
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D2173656C7572206968616D41snlbxq' | dc
Galileo - HP Proliant ML110 G6 quad core Xeon 2.4GHz, 4GB RAM, 2x750GB RAID1 + 2x1TB RAID1 HDD

User avatar
cpg
Administrator
Posts: 2618
Joined: Wed Dec 03, 2008 7:40 am
Contact:

Re: Amahi Access for Friends

Postby cpg » Wed Apr 15, 2009 1:18 pm

i wonder if we could do something with http://www.freevps.com/ or with xen or even a chrooted httpd.
something lighter than a full vm.
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1

bman289
Posts: 23
Joined: Wed Apr 08, 2009 5:55 am

Re: Amahi Access for Friends

Postby bman289 » Thu Apr 16, 2009 7:45 am

Thanks for the opinions guys!

I can see why the demand would be high for it - that's the one thing WHS has going for it; being able to give a friend your domain/password to access your MP3 collection, etc.

IMO getting that set up safely for Amahi would make it the top choice home server for any newbie Linux or MS user...You'd have the stability of Linux and Amahi's price is much better than MS :D

kevmorris
Posts: 20
Joined: Mon Jan 10, 2011 12:03 pm

Re: Amahi Access for Friends

Postby kevmorris » Thu Jan 13, 2011 6:08 am

Thanks for the opinions guys!

I can see why the demand would be high for it - that's the one thing WHS has going for it; being able to give a friend your domain/password to access your MP3 collection, etc.

IMO getting that set up safely for Amahi would make it the top choice home server for any newbie Linux or MS user...You'd have the stability of Linux and Amahi's price is much better than MS :D

ill give this a bump!

Id like to be able to download files remotely just by using internet explorer, is this possible? This is so i can access my music from work where our computers are locked down.

User avatar
lou1z
Posts: 206
Joined: Fri Jul 17, 2009 1:58 am

Re: Amahi Access for Friends

Postby lou1z » Thu Jan 13, 2011 12:44 pm

i'm aware of people voicing these concerns but exactly what are they?
i'm also aware of the ideal world eg just use a sole box as a webserver etc

but.....
if the directory isn't writable, what damage can be done? i've had webservers going for years and never had an issue and yes before you ask, they have been targetted and we did get hacked on one. but that was via the xmb software and a flaw in that, not apache itself. the hackers were limited to that app only.

so, can anybody shed any light on this?

dinomic
Posts: 65
Joined: Mon Jan 03, 2011 6:49 am

Re: Amahi Access for Friends

Postby dinomic » Tue Jan 18, 2011 6:06 am

i'm aware of people voicing these concerns but exactly what are they?
i'm also aware of the ideal world eg just use a sole box as a webserver etc?
lou1z, I'm with you on this. Why is it OK to be able to access the HDA control panel in clear text over the internet, which allows you to change settings, but not your files that are on the server?

I'd be prepared to get involved in developing stuff for Amahi, so if no one is currently working on anything like this, and people tell us the following...:

a) for what reasons they think this is a security hole?
b) what kind of features do people want access to?
Norco 4220 Case
Gigabyte GA-G33-DS3R Motherboard w/ 8GB RAM
LSI SAS2116PCIe 6GB/s SAS (replaced 3Ware 9690SA-4I & Chenbro CK1360)
1 x Hitachi 160Gb2.5" System Drive (original 1 x OCZ 60GB Vertex 2 SATAII 2.5" SSD died)
8 x 4TB Hitachi Deskstars
6 x 3TB Hitachi Deskstars
6 x 2TB Hitachi Deskstars (1 dead!)

kevmorris
Posts: 20
Joined: Mon Jan 10, 2011 12:03 pm

Re: Amahi Access for Friends

Postby kevmorris » Thu Jan 20, 2011 1:54 pm

i would like to be able to download files and maybe upload them and give guest access read only to a particular share. I've been trying to research this but not knowing anything about Linux makes this a daunting and time consuming process. Is this easy to do with WHS? I don't want to do this if it is a big security risk though.

Who is online

Users browsing this forum: No registered users and 21 guests