 okay we're continuing with our series on setting up simple web servers and we've been looking at using busybox and it's built in httpd and we're going to continue looking at that we're going to actually work on permissions kind of on this little tutorial here with config files we're going to create a config file that has the information for our server including allow and denies and username and passwords so let's go ahead and the server here this raspberry pi that i'm logged into i have set up a folder called www in my home directory of pi and we've been starting it up by saying busybox httpd saying use busybox and it's built-in tool httpd and we're going to say dash p and we're going to give it a port whatever port you want as long as that user has permission for that port i'm going to go 8080 we're going to say f and v for force it to go into the foreground and i give it lots of information using verbose mode and then we want to tell it dash h for whatever is going to be the root directory of our web server which in this case is home pi www we'll hit enter there our server is started let's bring up our web browser here the ip address for my server that's changed since last time i'm sorry for recording these tutorials because i didn't set up a static ip for it but uh i'm just going to navigate to its ip address tell it colon 8080 because it's we're running on port 8080 and we don't have an index file if you've been following these tutorials but we did create a file called my dot html i'll hit enter and there it is it says hello world you can see in our shell here that we have a response of 200 which means it's delivered up the file all right okay so that's our basic example there so let's come down here and control c to kill that and what we're going to do now is we're going to start creating a config file i'll say vim i'll call it my dot config or this is uh can be called whatever you want because we're going to tell it in our command to look at that so we'll create that and we're going to create a line here the first line will say h colon and that's going to be whatever the root directory of our server is which as we just stated was home pi w w w so this will say you know no matter where we're starting if we're looking at this config file this will be the home directory that we're working in and as you create a config file you can comment outlines using a pound symbol the number symbol if you would like to comment something out instead of having to delete the line so we'll save that and we'll run our last command but instead of telling our home directory what we're going to do is we're going to say c and we're going to say the name of our config file we'll hit enter here and we will bring up our web browser again and if i hit f5 now you see it's served it up no problem it is working the same so this way you can use a config file without having to give the home directory a big whoopee it's not a big deal things you want to think about though at this point if we kill our server here is you may want to give the full path of your config file that way no matter where you are when you're starting it it will find it okay because it found out i put the name of the file because it's in the folder i'm in but doing it like so you can be in any folder on the system and it will use that config file again if i f5 up here it refreshed real quick hello world you can see that it was served up and uh which computer was requesting that so you also know who's accessing your server let's add to our config file here we will vim my config and we'll add a line we'll add two lines actually a and d uh a will be allow and d will be deny so with d we can say okay i don't want actually before we have this allow we're going to say 192.168.1.150 that was the that's my computer that i'm working on now that i'm connecting to that server with so we're saying deny that ip address so that computer from that ip address will not be allowed to connect to this server alternatively you can also say a asterisk symbol that says deny access to everybody don't let anybody connect to this server well what good is that well that's why we have this allow so now you can give a list of ip addresses that you do want to allow so if you only want certain computers to be able to access this web server you can use this allow now remember you know in a lot of cases people can fake ip addresses but here's a case um that we're going to use we're going to say 192 or sorry 127.0.0.1 and that's itself that's local host if you're not familiar with servers and and and how they dish out ip addresses 1. sorry 127.0.0.1 is set aside for yourself that's how you loop back to yourself lots of times you might type into a browser local host to get that and that's only if your computer is set up to redirect local host to that and that's your loop back device um in fact if i save that if i type in if config to look at my in my uh network settings you see that you have this loop back device right here lo and that's your local loop back and you can see right here it's 127.0.0.1 and that's like a basically a virtual network device uh so you're looping back to yourself without having to use your wi-fi or your ethernet so even if you don't have those connected you can still loop back to yourself so going back to our config file we're saying don't let anybody in unless it's this ip address so what this is saying is only allow the server to connect to itself and this again is i mentioned briefly in previous tutorial commonly used with a lot of application nowadays um and it just allows you to run these web based applications locally without having to access any network or external server you're connecting to yourself so if i was to save this as like that and i was to run my command again using that config file and i was to come into here and i try refreshing this it's going to say give me an error of 403 forbidden and you can also see that down here so you can have a list of excuse me of um computers that are trying to access that are denied so you can see someone's constantly trying to connect now so the server's up and running but denying everybody so i can't connect there just to show you uh that it is working i'm going to open up another window here so down here this shell is also running on the same raspberry pi and i can use my wget command which should be on your system already and i am going to say uh local host and i'm going to say port 8080 and the name of the file i want to look at is my html and we're going to say q for quiet and dash capital o dash so it's just going to output that file and as you can see it did retrieve it because i am connecting from the server to itself now if you have a problem doing this with local host which in some cases you might you might have to put in the ip address of 127.0.0.1 and i'll hit enter and you can see we it's served up okay now again this server that we're running on we know the ip address is 192.168.1.121 if we hit enter now eh we didn't get it even though we're connecting from that server to itself just as we did in these two commands it's actually not using that loop back device it's actually using in this case my ethernet port and it's going out and coming back in and it's set going whoa whoa we don't want this so this is good using this uh the local host or the loop back device should help prevent i'm pretty sure about this any packet sniffing because even if you were to say oh hey allow this ip address it's actually going out to the network and coming back in so anybody on your network could be sniffing that information using the loop back device the only computer that can sniff that information is the server itself so much more secure doing that way and again it helps prevent people from you know booting you off the network and changing the ip address or something along those lines theoretically possible so uh that is denying service to all ips except for the loop back device let's take it a step further and uh allow other people to connect but require usernames and passwords so i'm going to control c here to fill that out clear the screen and again i'm going to go into my config file and i'm going to comment out these lines because i want to be able to connect from the computer of that right now to display this and what we're going to do here is we're going to say forward slash colon and we'll create a username i'll say bob colon and we'll give it a password we'll say my pass what this is saying is root directory user and password so now if i save this run our server using that config file and now try to refresh this you can see it asks for a username and password and i will say what i say bob and i said my pass enter and there we go it's brought up the um hello world because i typed in the proper username and password and it saves it so if i refresh it's still doing that so actually let's go back into our config file here real quick and change the password to my pass to save that start up our server again now if i refresh it asks again because the username and password is wrong so i want to do something here just to demonstrate something i'm going to say bob and i'm going to type in blah blah blah i'm just typing a bunch of stuff it's not the correct password and i say login and you can see it gave a responsive 401 um it's it's you weren't able to access it we didn't get 200 and you can see again it asks for the username and password now keep in mind if you're not using security keys as i'm not here this is being transmitted in plain text which again since i'm going across the network in this case anybody on my network sniffing traffic can very easily get this username and password in which case if i was using the loop back which again would only work on the server itself uh that would not be the case as far as i know um because it's using the virtual loop back device rather than your ethernet port um so keep that in mind that even though you're using passwords here everything is unencrypted um and so everybody can see it now uh speaking of which another issue here is that our password is in plain text inside our config file and that's not good because if someone gets hold of that file now they know your password so what we want to do is we want to use hash to hash out our password uh and we can do this and then if someone was to get access to the config file they could still use that hash to access the server but they still don't know your password so if you were to happen to use the same password on other machines they won't be able to access those other machines uh you know let's say use the same password for your google account they uh if they did get this hash whether they got it through packet sniffing or got it getting a hold of the config file they'll be able to access this server but they won't necessarily be able to access um your other stuff because they still don't know your password and even then we're still using hashes so and so yeah anyway let me get on to demonstrating that so we have to generate a hash first so let's go ahead kill our server here and the HTTP and busybox has a built-in function for doing this so we're going to say busybox httpd-m and then we're going to in quotations give our passwords so here we'll say again we'll say my pass and we'll say my pass three to give it a new password we'll hit enter and right there we have our hash so now we get to go into our config file then my config and over here instead of the password you put the hash and then we save it run our server again using that config file and hopefully if we hit f5 we'll ask for the password again we'll say bob and we'll say my pass three enter and we logged in so much better do that way and it takes one extra step it's built into httpd you just have to generate it and replace it in the config file so that your passwords aren't sitting there in plain text so uh also last thing i want to go over in today's tutorial killing our server here clearing the screen going up here let's clear the screen again uh going into our config file again we're saying slasher that's the root directory you don't have to password everything if you want a password a certain directory you can do so so in this case i can say slash um we'll call a folder private so i'll do that and i'll make a directory called private and inside that directory i'll say private index dot html and i'll just say this is my private stuff now if we run our server again using that config file i come up here and i hit f5 you notice it's served it up response 200 gave me my hello world up here without asking for a username and password if i was to try to go into my private directory though and hit enter private index dot html oh i know the problem i created the uh folder inside the wrong folder let's go ahead and uh make this full screen here clear this out i created it in my home directory let's move my private directory onto our server uh directory which is ww so i i just created that in the wrong directory and uh we can now run our server busybox html using that config file so again the problem was the private folder wasn't on our web server i created in the wrong directory but now that it's there i can again hit f5 here and there is my private stuff um of course it didn't ask for the username password because i've already entered it so let's go ahead and do a better example where it actually asked for the username password we're going to say um my config and i'm just going to do a plain text password here just to move this along i'm going to say my pass for save that run our server and again if i go here to uh my dot html i can view that but if i try to go into the private folder it asks for username password and i'll say bob my pass for and there i can see this is my private stuff so things to remember make sure you actually put the files you're trying access inside your web server directory um that's obviously very important um so that's it i hope that you learn something today again busybox is on many many systems out there i kind of said a couple weeks ago that's on pretty much every system and that's not true that well it's still on most systems especially again lightweight systems routers phones uh other small devices and if you have one that has httpd installed on it compiled into it you're all set for having a pretty full web server that can do a lot of things again remember that it's running as the user that's starting it up unless you tell it otherwise uh so it has the permissions of that user so if you start it as root your web server is now running as root and any of the script files it runs run at root remember that unless you're using security keys uh everything is unencrypted so even though you're using usernames and passwords if you're using something other than your loop back device anybody can sniff that traffic and get a hold of that information as well as everything that's being transmitted so i thank you as always for watching i ask that you visit filmsbychrist.com that's chris the k there should be a link in the description and as always i hope that you have a great day don't forget to like and subscribe okay this is an introduction to filmsbychrist.com i'm chris that's chris the k that's me right there my daughter ember and my wife jennifer we pretty much live in the swamps of florida i'm a firefighter by day as well as by night we work long hours but that's not why you're here you're here about the videos i put up on youtube these videos are mainly about computers and programming which means most of my videos look something like this and if that's what you're interested in great if not that's all right i do videos on other topics too such as video editing special effects photo editing 3d design and music creation if you are one of my viewers and you enjoy my videos my patreon page is a place where you can go to help support my videos so i asked that you take the time to go to my patreon page and look at different levels of rewards you can receive for different levels of backing there should be a link in the description of this video if you were watching it on youtube otherwise you can visit patreon.com forward slash metalx1000 and i thank you for your time and your support have a great day