User Tools

Site Tools


web50

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
web50 [2019/03/18 14:10]
root created
web50 [2020/04/27 10:33] (current)
zog
Line 1: Line 1:
 =====Web-server===== =====Web-server=====
  
-====Module Start Page====+Web-server is the server which accepts HTTP-requests from clients (usually from web-browsers) and gives them HTTP-responses (usually with an HTML-page, image, file, media-stream or other data). Web server is called software that performs the functions of a web server, and directly the computer on which this software runs.
  
-Web-server is the server which accepts HTTP-requests from clients (usually from web-browsers) and gives them HTTP-responses (usually with an HTML-page, image, file, media-stream or other data). ​The client (usually a web-browser) sends to the web-server requests for resources indicated by URLs. Resources are the HTML-pages, images, files, media-streams or other data. In response the web-server sends the requested data to the client. This exchange is is done within ​ Hyper Text Transfer Protocol (HTTP).+The client (usually a web-browser) sends to the web-server requests for resources indicated by URLs. Resources are the HTML-pages, images, files, media-streams or other data. In response the web-server sends the requested data to the client. This exchange is is done within Hyper Text Transfer Protocol (HTTP).
  
-The module status, the turn off” button (or turn on” in case if module is offline) ​and the last entries in the log are displayed after entering the module.+The “Web” module is located in Fileserver” menu. This module is designed to configure ​and manage ​the web-server and contains four tabs: “Web server”, “Settings”,​ “Web resources” and “Log”.
  
-====Settings====+==== Web server. ​====
  
-Inthe tab “Settings” you can change the following parameters:+{{:web1.png?​|}}
  
-Host name - defines ​the external domain name of the server. Required for correct work of the web-resource by domain name.+On the “Web server” tab you can see status ​of this service and the “Disable” button (or “Enable”,​ if the module is disabled) and last log messages.
  
-Administrator E-mail - allows to specify e-mail address of a person responsible for web-server. Needed in case of trouble of server operation. 
  
-HTTP port - allows to specify port at which the web-server accepts HTTP-requests (by default this port is set to 80).+====Settings.====
  
-HTTPS port - allows to specify port at which the web-server accepts HTTPS-requests (by default this port is set to 443).+{{:web2.png?|}}
  
-Certificate for HTTPS. Web server can use standard HTTP protocol, where data is not encrypted when transferred (which is insecure). It is generally better and safer to employ secure HTTPS protocol with (Secure Socket Layer) SSL encryption. For these purposes SSL certificates are used. Pressing the button “[…]” ​ you can assign ​ a certificate,​ which has been previously create in corresponding module.+The “Settings” tab is designed ​to configure ICS CUBE web-server.
  
-Redirect from HTTP to HTTPS - tick this check box if you want the web-server to insist on using  secure connection even if a client requested otherwise.+The “Host name” field defines the external domain name of the server. Required for correct work of the web-resource by domain name.
  
-Automatically create an allow rule creates an allow rule in the firewall ​of ICS CUBE for HTTP/HTTPS ports of the web-server ​to be accessed from external networks.+The “Administrator E-mail” field allows to specify email address ​of a person responsible ​for web-server. Needed in case of trouble of server operation.
  
-Type of authorization. If your web-resource or virtual host are not intended for guest (public) access, ​this option ​is determines how users will undergo authorization  ​to use the resource.+The “HTTP port” field allows to specify port at which the web-server accepts HTTP-requests ​(by default ​this port is set to 80).
  
-====Web-resources====+The “HTTPS port” field allows to specify port at which the web-server accepts HTTPS-requests (by default this port is set to 443).
  
-In order to create ​web-resource which will allow to place your website at ICS CUBE, go to the tab "Web resources"​ and click "Add."+The "​Certificate for HTTPS" field allows ​to assign the service ​certificate previously created in the corresponding module for the server ​to work over the secure HTTPS protocol using SSL.
  
-You can choose ​the following types of web-resources:+Check the box “Redirect from HTTP to HTTPS” if you want the web-server to insist on using secure connection even if a client requested otherwise.
  
-|name|signification+{{:​web3.png?​|}} 
-|Web-resource|Responds to http-requests at -addresses of ICS CUBE interfaces.|+ 
 +Check the “Automatically create a permitting rule” box to create a permitting rule in the firewall of ICS CUBE for HTTP/HTTPS ports of the web-server to be accessed from external networks. 
 + 
 +**Attention!** When this flag is set, the Anti DNS Pinning (DNS rebinding) vulnerability will be opened, and the system administrator is responsible for this. 
 + 
 +The “Authentication type” field. If your web-resource or virtual host are not intended for guest (public) access, this option is determines how users will undergo authorization to use the resource. 
 + 
 + 
 +====Web resources.==== 
 + 
 +{{:​web4.png?​|}} 
 + 
 +The “Web resources” tab designed to manage own websites placed on ICS CUBE. 
 + 
 +There is an ability to create a following web resources types: 
 + 
 +|Web resource|Responds to HTTP-requests at IP-addresses of ICS CUBE interfaces.|
 |Virtual host|Allows to create an unlimited number of web-resources,​ each responsible for their own website, distinguished by the site name.| |Virtual host|Allows to create an unlimited number of web-resources,​ each responsible for their own website, distinguished by the site name.|
-|Virtual host with redirection|Allows ICS CUBE to redirect requests to a site with specified name in case the server of this website is located inside the company network (analogue of port forwarding).| +|Virtual host with reverse proxy|Allows ICS CUBE to redirect requests to a website ​with specified name in case the server of this website is located inside the company network (analogue of port forwarding).| 
-|Link to virtual ​host|Creates an alias for virtual host.|+|Virtual ​host shortcut|Creates an alias for virtual host.| 
 + 
 +{{:​web5.png?​|}} 
 + 
 +For adding a web resource you need to press the “Add” button and select a “Web resource”.In the opened window you should fill in a required fields - the “Resource name” and the “Source”,​ and the optional field - the “Description”. 
 + 
 +The “Resource name” can be any domain name. 
 + 
 +The “Source” is the directory from the structure of the ICS CUBE file storage in which the content of the website will be located. 
 + 
 +If necessary, it is possible to create a new folder in the directory. 
 + 
 +The "​Description"​ is intended for a brief description of the resource that will be displayed in the list of web resources, as well as in the file storage next to the corresponding folder. 
 + 
 +The “Allow directory listing” checkbox allows to display a list of all files and folders of the resource, if no index.html or index.php files are found in the root folder. 
 + 
 +The “Allow execution of PHP scripts” checkbox allows to execute PHP-scripts on HTML-pages. 
 + 
 +The “Default Encoding” field determines the value of the encoding of the displayed HTML-pages of the resource by default. 
 + 
 +The “Access permissions” tree determines the list of users who have access to view the website. 
 + 
 +The “Guest login” checkbox allows viewing and writing by any source. 
 + 
 +{{:​web6.png?​|}} 
 + 
 + 
 +====Virtual host.==== 
 + 
 +The virtual host is the main resource when website creating. 
 + 
 +For adding a virtual host you need to press the “Add” button and select a “Virtual host”. In the opened window you should fill in a required field - the “Source”,​ and the optional fields - the “Virtual host” and the “Description”. 
 + 
 +The virtual host is similar to the name of the web resource, but must contain the domain name of the website to which it will respond by HTTP-request. For the correct work of virtual host, in most cases, it is necessary to configure the DNS-zones of the domain name. 
 + 
 +Setting up a virtual host is similar to setting up a web resource. In addition to the specified settings, the following parameters can also be configured in the virtual host: 
 + 
 +{{:​web7.png?​|}} 
 + 
 +The “Create a shortcut for www.%domainname%” checkbox allows to configure DNS-records for receiving HTTP-requests both to the website name indicated in the name, and to it with the addition of the WWW domain. 
 + 
 +The “Use Web Application Firewall” checkbox allows to enable a [[waf50|Web Application Firewall module.]]
  
-====Web-resource====+{{:​web8.png?​|}}
  
-Source - specifying of the folder in which the files of this resource are located. After you enter the name and description for the resourceyou need to add directory from the file storage structureFor thatlike in other modules, press the “[…]” button and specify a folder where site content will be locate. If necessary, you can create ​new folder in the directory.+The “HTTPS settings” section designed for choosing to use the general settings ​of the web server, ​the LetsEncrypt certificateor to indicate to this website ​certificate created in advance in the corresponding moduleSpecifying a certificate manually activates the "​Redirect from HTTP to HTTPS" flagwhich is necessary ​so that this website always works over secure connection.
  
-Allow folders listing - allows ​the server ​to display a list of all the files and folders of the resource, if index/​index.html or index.php files are not found in the root folder. ​+The “ Add record on DNS server” checkbox ​allows to create zone for this host and the records at the ICS CUBE DNS-server:
  
-Allow PHP-scripts to run - allows the server to execute PHP-scripts on HTML-pages.+{{:web9.png?|}}
  
-Default Encoding - determines ​the value of the encoding of the displayed html-pages of the resource by default.+As well as a web resource, you can configure ​the level of user access (reading only) to the virtual host.
  
-Permissions - determines the list of users who have access to view the site. Tickingthe “Guest Login” box grants permission ​ view the site from any host, making it publicly accessible.+====Virtual ​host with reverse proxy.====
  
-====Virtual host====+{{:​web10.png?​|}}
  
-Virtual ​host is the preferred way of creating ​website. Parameter ​“Virtual host” ​is similar to the name of web-resource,​ but it should include domain name of website at which it will respond to https-requests. In most cases for correct work of virtual host you need to set up dns-zone of domain name. In addition ​to the settings present in web-resource ​the next one is added:+For adding a virtual ​host with reverse proxy you need to press the “Add” button and select ​a “Virtual host with reverse proxy”. In the opened window ​you should fill in a required field the “Redirect HTTP(S) ​to address”, and the optional fields ​- the “Virtual host” and the “Description”.
  
-Create a link for www.%domainname% - allows ​to accept http-requests ​to the website name with and without prepended www to it..+The “Redirect HTTP to HTTPS” checkbox activates the field for entering the address ​to which HTTP-requests ​will be redirected.
  
-Use Web Application Firewall - brings ​the module Web Application Firewall online for this virtual host.+The “Redirect HTTPS to address” field designed to enter the address to which HTTPS requests will be redirected.
  
-HTTPS settings - chooses ​to use general settings of web-server, LetsEncrypt certificate and to assign previously created in the corresponding module certificate to this website.+As addresses for redirection it is possible ​to specify: IP-address; domain <domain: port>; <​path_to_file>​.
  
-Re-direct from HTTP to HTTPS - tick this box if you want this website to always use secure connection.+The “Add record on DNS server” and the Use Web Application Firewall” checkboxes are similar ​to corresponding checkboxes at virtual host.
  
-Create record on the DNS-server - creates zone for this host at the ICS CUBE DNS-server. 
  
-Also like with a web-resource you can choose options for user’s access to virtual ​host.+====Virtual ​host shortcut.====
  
-====Virtual host with redirection====+{{:​web11.png?​|}}
  
-Since the server where web resource ​is located is responsible ​for all parameter of the web resource ​you can modify check only the following options:  ​+If a virtual host has been created on the ICS CUBE and it is necessary ​for it to respond to requests for a different domain name, you can use the shortcut.
  
-Redirect HTTP to address/​Redirect HTTP to HTTPS redirection of http-requests ​to specified address or redirection of http requests ​to https.+For adding a virtual host with reverse proxy you need to press the “Add” button and select a “Virtual host shortcut”. In the opened window you should fill in a required fields ​the “Shortcut” and the “Virtual host”, and the optional field the “Description”. As a shortcut you need to specify the name, and in the “Virtual host” field select from the list the one to which the shortcut will belong.
  
-Redirect HTTPS to address - redirects https-requests to specified address.+The “Add record on DNS server” checkbox is similar ​to corresponding checkbox at virtual host.
  
-====Link to virtual host==== 
  
-If a virtual host has been created on ICS CUBE and you want it to respond to requests for another domain name, you can use the link.+====Database.====
  
-When adding a link, you should specify the alias and select ​a virtual host from list of created ​virtual hosts to which the link will be pointing ​to. You can also add a description of the resource.+Every time you create a web-resource or a virtual host at ICS CUBE a database at MySQL database server ​of ICS CUBE is created ​and assigned ​to this websiteThe website ​can use the database by PHP-requests.
  
-====Database====+For displaying the parameters of the resource database, you should select it in the general list and click the "Database" button.
  
-Every time you create a web-resource or a virtual host at ICS CUBE  a database at MySQL database server of ICS CUBE is created and assigned to this website. The website can use the database by php-requests.+{{:web12.png?|}}
  
-In order to bring up the parameters ​of database ​associated with web resourceselect it in the general list and click the “Database” button.+A dialog window opens with the parameters ​for connecting to the database: database namelogin (User) ​and password for connection. These parameters should be used to connect to the database from PHP-scriptsThe window also displays three function buttons:
  
-In the window ​which will open, you will see the database connection settings: ​the database namelogin and password ​to connect. These parameters should be used for your php-scripts.+  * The “Download database” button - designed to export a dump of the resource database. 
 +  * The “Clear database” button - designed to clean the resource database. 
 +  * The “Upload database” button - designed for loading a dump of the working database. When pressed, a new dialog ​window will open, in which you will need to select ​the dump file for loading, ​the encoding of the dump, and also to check the box that determines the safety of previous data in the database after loading.
  
-If you already have a working ​database ​dump, you can load it using the “Load base” button. In the window, which will open, you will be able to select ​the name of dump file for loading, ​the dump coding and checkbox which determines if already existing data in the database is to be deleted after the download.+The database ​is loaded into the ICS CUBE asynchronouslythis allows ​you to continue working with the ICS CUBE without waiting ​for the download ​to finish. The download process will be shown at the right top bar.
  
-To clear the web resource ​database, click the corresponding ​button ​in the database settings window.+During loading all buttons become inaccessible. It is possible to cancel the loading of the database ​through ​the “Download Files” ​button ​on the top panel of the main menu.
  
-====Log==== 
  
-The summary of all system messages from the web server is located into the “Log” tab. Log is divided into pages, you can move between pages using “forward” and “back” buttons , or you can enter the page number in the corresponding field and switch to it immediately.+====Log.====
  
-Log entries are marked by color depending on the type of the message. Regular system messages are marked by white color, system status messages (on/off, user connection, etc.) - by green color, the errors messages - by red color.+{{:web13.png?|}}
  
-Search string is located in the upper right corner ​of the moduleWith it you can search in the log for specific records.+The “Log” tab displays a summary of all system messages ​of the corresponding servers with the date and timeThe log is divided into pages, using the “forward” and “back” buttons ​it is possible to go from page to page, or enter the number of the desired page.
  
-When opened, ​the log always displays events for the current dateTo view events for another dayselect the desired date using the calendar in the upper left corner of the module.+Log entries are highlighted in color depending on the type of messageNormal system messages are marked in whitesystem status messages (on / off, user connection) are green, warnings are yellow, errors are red.
  
-If necessary, you can save the log data to  a file by pressing ​the "Export" ​button.+In the upper right corner of the log is a search bar. And the ability to select the period for displaying the event log. By default, the log displays events for the current date. If necessary, you can save the log data to a file by clicking ​the Export” button or delete the log data for a certain period by clicking the “Delete logs” ​button.
  
web50.1552907408.txt.gz · Last modified: 2019/03/18 14:10 by root