Implementing Homepage on TKL Fileserver?

Hale's picture

I want to implement a homepage on the existing Fileserver installation.

By default lighthttp is configured to start ajaxplorer directly.

But I also want to install:

1) Web-based scanner service

2) local BBS/forum server and news page. (maybe using some basic web-page kit)

3) automatic PROXY configuration script (i.e. host http://server.lan/data/proxy.pac and http://wpad.server.lan/wpad.dat)

 

I.e. I need a separate index.html page with links to Ajaxplorer(), scanner webface page(1) and BBS page (2).

How can I do this?

 

The second question is, how can I organize http://wpad.server.lan to host wpad.dat on the currently installed lighthttp ?

Jeremy Davis's picture

IMO the best way to acheive your ends is to reconfigure virtual hosts in LigHTTPd.

Assuming that AjaXpolrer is installed to /var/www/ajaxplorer (which I can't confirm as i don't have a fileserver appliance handy right now) if you want it to have a landing page, then you could just configure the wed root to point to /var/www (instead of /var/www/ajaxplorer). Then creat a basic HTML welcome page with links to Ajaxpolorer (/ajaxplorer) and your newly installed forums app (whichever one you want to use - installed somewhere like /var/www/forum - i.e. link to /forum).

I know nothing about auto proxy scripts but assuming that both dat and pac files could go in http://server.lan/data then just make that directory and put the files there (/var/www/data). If you need the subdomain then you'll need to set up an additional virtual host...

Hale's picture

Thank you! Everything worked well :)


Jeremy Davis's picture

If you get a chance and would like to share your config then please do so. I imagine it may help others if they are trying to do something similar!

Hale's picture

For making proxy autoconfiguration to work 2 things are needed: DHCP and DNS

ISC DHCP is available in repo and there's also beautiful Webmin module.

BIND9 is also taken from repo and BIND8 Webmin module can be used with it. Though, some DNS knowledge is necessary and most of configuration is done with text editor.

Supposing you have working local zone ".lan", folowing lines should be added to the local zone:

  1. wpad.lan.    IN    A    <IP of the server hosting WPAD script>
  2. lan.    IN    TXT    "service: wpad:!http://wpad.lan:80/wpad.dat"
  3. wpad.tcp  IN    SRV    0 0 80 wpad.lan.

Line 1 is essential. It SHOULD be A, not CNAME ! Lines 2 and 3 are not essential and are just some compatibility recomendations I found.

In dhcp.conf you should put

  1. option local-proxy-config code 252 = text;
  2. option local-proxy-config "http://wpad.lan/wpad.dat";

into global scope or particular subnet scope.

 

The next step is obscure and is based just on experience and prejudices.

You should put your wpad.dat into the root directory of the HTTP server. The reason is that some browsers can convert URL to IP and ask for a <IP>/wpad.dat instead of wpad.<domain>/wpad.dat.
Of course, for better security it is better to separate the location of wpad.dat.
Then, you should create a virtual host named "wpad" to share the script for normal browsers

Here's the "insecure" case of configuration of lighttpd found in TKL

  1. # server.document-root           = "/var/www/ajaxplorer"
  2. server.document-root           = "/var/www" # In the case I want to change the website top page.
  3. $HTTP["host"] =~ "wpad\.lan" {
  4.     mimetype.assign = (
  5.         ".html" => "text/html",
  6.         ".dat" => "application/x-ns-proxy-autoconfig",
  7.         ".pac" => "application/x-ns-proxy-autoconfig",
  8.     )
  9.       server.document-root = "/var/www"
  10.       accesslog.filename         = "/var/log/lighttpd/error.log"
  11. }

3 is the virtual host. 6 and 7 are essential since MIME types are not mirrored to virtual hosts by default

The secure method should look like

server.document-root = "/var/www/wpad" # in the virtual host configuration

And I used simple redirect html to avoid users seing the directory.

<html><head><meta http-equiv="Refresh" content="0; url=http://server.lan/" /></head><body><p>Please follow <a href="http://server.lan/">this link</a>.</p></body></html>

The wpad.dat looks like

  1. function FindProxyForURL(url, host)
  2. {
  3.   var proxy = "PROXY server.lan:3128";
  4.   var direct = "DIRECT";
  5.   if (isPlainHostName(host)) return direct;
  6.   if (dnsDomainIs(host, "lan")) return direct;
  7.   if (isInNet(host, "<local subnet>", "255.255.255.0")) return direct;
  8.   if (
  9.       url.substring(0, 4) == "ftp:"   ||
  10.       url.substring(0, 6) == "rsync:" ||
  11.       url.substring(0, 6) == "https:"
  12.      )
  13.     return direct;
  14.   return proxy;
  15. }

That's all for the proxy autoconfig to work.

It should be noted that FireFox can't do a proxy autodetection if "use systems settings" is set in windows. The reason - mozilla developers are cheating claiming for features they couldn't complete. Use "autodetect proxy settings" in this case, and FireFox will use DNS wpad discovery.

 

Concerning virus scan, I have'nt complete it yet.
The problem is that most of SQUID-virus scanner interfaces are absent in repository. Or need a lot of APIs. For instance, only to access SQUID form Webmin you need a full set of Perl, where graphics modules can't be installed on TKL.  etc. Now I am trying SQUID+HAVP. Havp is made using ax and crucifix. It works but it is too clow. Next, I will try SquidClamAV, but it needs icap to be installed in prior.


Hale's picture

P.S. After considering pros and cons I have connected the scanner using SANE and SCANBUTTON daemon. But this approach is specifit to the scanner with epson-compatible buttons. Some webfaces are also available.


Post new comment