Website Support

What you can and cannot publish
Information about what can and cannot be published on our web servers is regulated by the university. We highly recommend that you read these recommendations carefully as you are responsible for what you publish.
 

Protecting a folder and its subfolders with .htaccess

Our web server has been configured for Shibboleth SwitchAAI or digest mode, which means that you MUST rewrite your .htaccess and .htpasswd files for Shibboleth or digest mode.
 

 

Configuring Shibboleth

To configure an access to your webpage using shibboleth you have two possibilities:
  1. Create and write your .htacess manually. This is useful if you are the owner of just one or two shares containing few users and if creating and managing those files does not take more than just a few minutes.
  2. Use our Group Management Tool (AAIgmt). The tool configures .htaccess files dynamically and is therefore appropriated if you must manage .htacess files with a lot of users. More informations about this tool are published on our intranet site, acessible inside of the University or via VPN.
 

 1. Creating .htacess Files manually

  • ssh to the diuf-ssh server: USERNAME@diuf-ssh
  • assuming your root folder, where the .htpassword and the .htaccess files should be, is /home/data/www-xxx/hello/world cd into your folder, create the .htaccess and .htpasswd files using the comment touch, then chmod the files.
cd /home/data/www-xxx/hello/world
touch /home/data/www-xxx/hello/world/.htaccess
chmod a+x /home/data/www-xxx/hello/world/.htaccess
  • copy-paste the following text into .htaccess, changing the email addresses to one or more valid users that should access to the webpage.

       Note that the space between the different email addresses is important.

AuthType shibboleth
       ShibCompatWith24 On
       ShibRequestSetting requireSession true
       Require shib-attr mail a.a@unifr.ch b.b@unifr.ch c.c@unifr.ch

Please consult the page "Shibboleth Service Provider Access Control" for other examples.

 2. Using AAIgmt group management tool

 

Configuring htdigest

To configure htdigest you need to follow these steps:
  1. ssh to the diuf-ssh server: USERNAME@diuf-ssh
  2. assuming your root folder, where the .htpassword and the .htaccess files should be, is /home/data/www-xxx/hello/world cd into your folder, create the .htaccess and .htpasswd files using the comment touch, then chmod the files. 
cd /home/data/www-xxx/hello/world
       touch /home/data/www-xxx/hello/world/.htaccess
       touch /home/data/www-xxx/hello/world/.htpasswd
       chmod a+x /home/data/www-xxx/hello/world/.ht* 

   3. copy-paste the following text into .htaccess, changing REALM to something like a diuf-group name

SSLRequireSSL
       AuthUserFile /home/data/www-xxx/hello/world/.htpasswd
       AuthName "REALM"
       AuthType Digest
       Require valid-user 
   4. create your users using the following command (replace REALM by the same name used in the .htaccess file)
htdigest .htpasswd REALM user 
        You can add as many users as you like, but you MUST use the same REALM

 

Error messages

Error messages when using the command htdigest
If you get the error message:
	The program 'htdigest' is currently not installed. To run 'htdigest' please ask your administrator to 
        install the package 'apache2-utils'

You did not use the diuf-ssh server as described above. You must login using USERNAME@diuf-ssh

Error Message in the Browser:
  • if nothing happens...did you try to access via https:// ?
  • Internal Server Error: Delete ALL CACHE in your web browser, then close and reopen your browser (or use another one). If the error persists: you probably did something wrong. Please follow the guide above exactly.
  • for AuthUserFile in private homes, use /home/data/www-diuf/people/USERNAME/.htaccess
It is NOT possible to use a path containing a symbolic link. It might be necessary to redirect an http to https in one of the files in a folder.
 root@webserver:/etc/apache2/sites-enabled 
... like this:
 Redirect    /hello/world               https://diuf.unifr.ch/hello/world
--> In this case, please send a mail to the sysadmin's; tell us exactly what you did and exactly what you need (path, commands a.s.o).
 
Checks to perform after a webserver migration
After a server migration, please do the following:
  • IN CASE OF VISUAL PROBLEMS, PLEASE DELETE YOUR BROWSER CACHE FIRST.
  • check the edit you did before the migration
  • log into your site
  • do a little edit, insert a picture and save it
  • logout
  • check if the picture is present
If you are having problems, please give provide the following information to the sys admins:
  • URL of the site or page
  • what worked before the migration?
  • what the problem is now, and in case of error messages please send
    • the exact error message
    • a print-screen
At the moment, the tomcat server is not installed as it does not seem to be used anymore. If you use or need tomcat, please send an email to the sysadmins.