You can use verry simple method with httpasswd:
htpasswd will return encrypted password
htpasswd -bnBC 10 "" password | tr -d ':\n'
Aici veti gasi detalii tehnice despre cum se pot realiza configurari software+ hardware.
Here you can find tehnical details about software/hardware configuration.
You can use verry simple method with httpasswd:
htpasswd will return encrypted password
htpasswd -bnBC 10 "" password | tr -d ':\n'
Whether you're a college professor wishing to grant students access to test results, or a research firm seeking to provide paying subscribers access to custom reports, you'll need to devise some way for your users to identify themselves in order to gain access to the restricted content. By identifying themselves, the users authenticate their identities. They often accomplish this authentication by providing a username and password, for which the college professor could provide the entire class with a single authentication combination. In other cases, however, you should grant a unique username and password to each subscriber.
In this article I'll show you how to implement both of these authentication approaches using nothing more than the Apache Web Server's native capabilities. The first approach can be implemented in mere minutes using a text file and a few command-line calls. The second approach is a tad more involved, requiring a bit of additional server configuration and a MySQL database, although you'll gain some additional flexibility along the way.
Before we begin, keep in mind that while you can indeed use these approaches to restrict access to a certain part of your website, they do not protect the transmission of the username and password from the client's computer to the server! Because the credentials are transmitted in plaintext, a savvy attacker could capture the information as it's passed over the network, thereby allowing the attacker to masquerade as an authorized user. To ensure maximum security, you should configure your server to use an SSL certificate, a task that although fairly easy to accomplish is out of the scope of this article.
Apache has long supported a fairly simple authentication solution
involving storing a username and password within a text file, which
resides within the directory you'd like to protect. This text file is
named .htpasswd
, and its contents generally look like this:
jason:npvd3u9E86LaU susie:z4ETQllnrvvDk
You'll create this file and add user accounts to it using a command-line utility appropriately named htpasswd
.
To password-protect a particular directory within your website,
navigate to that directory via the command line and execute the
following command:
%>htpasswd -c .htpasswd jason
This command accomplishes two important tasks: It creates the file and then creates a new user named jason
. When you execute the command you'll be prompted to provide and confirm a password for user jason
.
When your .htpasswd
file and user are created, you're free to add other users by executing the same command but this time omitting the -c
option and providing a different username. For instance, to add another user named susie
you would execute the following command and again provide and confirm Susie's password:
%>htpasswd .htpasswd susie
Creating the .htpasswd
file isn't enough to protect the directory. You'll also need to modify Apache's configuration to recognize the .htpasswd
file. Thankfully these configuration changes can be managed locally, meaning you won't need to modify Apache's httpd.conf
file in order to effect these changes -- something that wouldn't be
possible in most hosting environments. Instead, you'll use a file named .htaccess
, which can be used to configure Apache on a per-directory basis. Although the .htaccess
file can be used to perform many tasks, for the purposes of authentication you'll place it in the same directory as your .htpasswd
file, adding the following lines to it:
AuthName "Restricted Content"
AuthType Basic
AuthUserFile /var/www/wjgilmore.com/members/.htpasswd
Require valid-user
When saved, navigating to the directory will cause Apache to verify whether the user has already provided valid credentials. If so, the user is granted access to the directory.
Using Apache's native .htpasswd
capabilities, you can
password-protect a directory in mere minutes. However, maintaining user
accounts can be difficult, particularly in situations where account
subscriptions are regularly created, ending, or renewed. A more flexible
solution is managing the account credentials within a MySQL table and
configuring Apache to compare the provided credentials against this
repository. You can then create a Web-based interface to manage these
accounts, or even simply manage them using a utility such as phpMyAdmin.
Begin
by creating the table used to manage the account credentials. At a
minimum, this table should contain columns for storing the account
username and password. I'll call this table accounts
:
CREATE TABLE accounts ( username VARCHAR(100) NOT NULL, password CHAR(32) NOT NULL, PRIMARY KEY(username) );
Apache's default behavior is to use DES for password encryption. However, you can also use MySQL's native password()
function. I've opted to use the latter and so have adjusted the password
column width so it can manage 41 characters, which is the size of a string encrypted using the password()
function.
When the table has been created, add a few test accounts. As I mentioned previously you could use a utility such as phpMyAdmin to perform this task, but in any case the SQL query will look something like this:
INSERT INTO accounts VALUES('jason', password('secret'));
With a few rows added, the accounts
table will look like this:
+----------+-------------------------------------------+
| username | password |
+----------+-------------------------------------------+
| jason | *14E65567ABDB5135D0CFD9A70B3032C179A49EE7 |
| susie | *7C67218EF7410F248763DC99AEDC705367393C4A |
+----------+-------------------------------------------+
Next you'll need to configure Apache so it can communicate with the accounts
table. This is done by installing the mod_auth_mysql
module. If you're running Ubuntu or Debian, you simply execute the following command:
%>sudo apt-get install libapache2-mod-auth-mysql
When mod_auth_mysql
is installed, enable the module by executing the following command:
%>sudo a2enmod auth_mysql
Restart Apache, and make sure the module has been loaded by executing the following command:
%>apache2 -M
In the list of modules you should see auth_mysql_module
. When configured, you can update your .htaccess
file to refer to the accounts
table by adding the following directives:
AuthBasicAuthoritative Off
AuthMYSQL on
AuthMySQL_Authoritative on
AuthMySQL_Host localhost
AuthMySQL_User root
AuthMySQL_Password jason
AuthMySQL_DB developer
AuthMySQL_Password_Table accounts
AuthMySQL_Username_Field username
AuthMySQL_Password_Field password
AuthMySQL_Encryption_Types MySQL
Auth_MySQL_Scrambled_Passwords on
Save the file and attempt to access the restricted directory. This time Apache will talk to MySQL to determine whether you're allowed to enter!
In many cases I need to open a rtsp stream:
ffmpeg -i rtsp://user:pass@X.X.X.X:554
but I have following error:
[rtsp @ 0x80670e000] UDP timeout, retrying with TCP
[rtsp @ 0x80670e000] method PAUSE failed: 551 Option not supported
[rtsp @ 0x80670e000] Could not find codec parameters for stream 0 (Video: h264, none): unspecified size
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, rtsp, from 'rtsp://stream:c0L3g!u2021@X.X.X.X:554':
Metadata:
title : Media Presentation
Duration: N/A, bitrate: 64 kb/s
Stream #0:0: Video: h264, none, 90k tbr, 90k tbn, 180k tbc
Stream #0:1: Audio: pcm_mulaw, 8000 Hz, mono, s16, 64 kb/s
Stream mapping:
Stream #0:0 -> #0:0 (copy)
Stream #0:1 -> #0:1 (pcm_mulaw (native) -> aac (native))
Press [q] to stop, [?] for help
[rtsp @ 0x80670e000] UDP timeout, retrying with TCP
[rtsp @ 0x80670e000] method PAUSE failed: 551 Option not supported
rtsp://stream:c0L3g!u2021@X.X.X.X:554: Operation not permitted
[aac @ 0x8066a5100] Too many bits 8832.000000 > 6144 per frame requested, clamping to max
[segment @ 0x80670f200] dimensions not set
Could not write header for output file #0 (incorrect codec parameters ?): Invalid argument
In this case stream is on TCP but ffmpeg try first time with UDP. The problem is the ffmpeg not open the stream in this conditions.
To force ffmpeg to try in TCP only we use -rtsp_transport option tcp.
In this case we will have:
ffmpeg -rtsp_transport tcp -i rtsp://user:pass@X.X.X.X:554
This parameter work for following error:
Invalid data found when processing input
This example re-streams the sample.mp4 video.
Notes:
- The sample.mp4 file is about 10 minutes long. FFmpeg stops when streaming ends, so you may have to restart FFmpeg during configuration and testing. To loop your command to generate a constant test stream, preface the FFmpeg command with
FOR /L %% IN (0) DO
- To host FFmpeg on a computer other than the computer, change udp://127.0.0.1:10000 in the example to the IP address and any destination UDP port. Be sure that the specified UDP port is open on any routers or firewalls between the server hosting FFmpeg.
ffmpeg -re -i "%WMSAPP_HOME%/content/sample.mp4" -pix_fmt yuv420p -vsync 1 -threads 0 -vcodec libx264 -r 30 -g 60 -sc_threshold 0 -b:v 512k -bufsize 640k -maxrate 640k -preset veryfast -profile:v baseline -tune film -acodec aac -b:a 128k -ac 2 -ar 48000 -af "aresample=async=1:min_hard_comp=0.100000:first_pts=0" -bsf:v h264_mp4toannexb -f mpegts udp://127.0.0.1:10000?pkt_size=1316
ffmpeg -re -i "%WMSAPP_HOME%/content/sample.mp4" -pix_fmt yuv420p -vsync 1 -threads 0 -vcodec libx264 -r 30 -g 60 -sc_threshold 0 -b:v 640k -bufsize 768k -maxrate 800k -preset veryfast -profile:v baseline -tune film -acodec aac -b:a 128k -ac 2 -ar 48000 -af "aresample=async=1:min_hard_comp=0.100000:first_pts=0" -bsf:v h264_mp4toannexb -f mpegts udp://127.0.0.1:10000?pkt_size=1316
Content can also be re-streamed by passing the existing encode though FFmpeg without re-encoding. For passthrough re-streaming, use the -codec option and set it to copy. This example re-streams sample.mp4 as a passthrough instead of the full encode shown in the previous example.
ffmpeg -re -i "%WMSAPP_HOME%/content/sample.mp4" -codec copy -bsf:v h264_mp4toannexb -f mpegts udp://127.0.0.1:10000?pkt_size=1316
This example re-streams sample.mp4 with user authentication, level 3.0 logging verbosity, a 24-fps frame rate, 2-second keyframe frequency, 310 kbps bitrate, and 44.1 kHz stereo audio.
ffmpeg -re -i "%WMSAPP_HOME%/content/sample.mp4" -pix_fmt yuv420p -vsync 1 -threads 0 -vcodec libx264 -r 30 -g 60 -sc_threshold 0 -b:v 640k -bufsize 768k -maxrate 800k -preset veryfast -profile:v baseline -tune film -acodec aac -b:a 128k -ac 2 -ar 48000 -af "aresample=async=1:min_hard_comp=0.100000:first_pts=0" -f rtsp rtsp://username:password@[server-address]:1935/live/myStream
This example captures local hardware devices, uses a 15-fps frame rate, 8-bit color, and generates an SDP file that contains metadata about the streaming session.
ffmpeg -f dshow -s 640x480 -r 15 -i video="Logitech HD Pro Webcam C920" -f dshow -i audio="Microphone (HD Pro Webcam C920)" -pix_fmt yuv420p -vsync 1 -threads 0 -vcodec libx264 -r 15 -g 30 -sc_threshold 0 -b:v 640k -bufsize 768k -maxrate 800k -preset veryfast -profile:v baseline -tune film -an -f rtp rtp://127.0.0.1:10000 -acodec aac -b:a 128k -ac 2 -ar 48000 -af "aresample=async=1:min_hard_comp=0.100000:first_pts=0" -vn -f rtp rtp://127.0.0.1:10002 > 10000.sdp
ffmpeg -re -i inputfile.mp4 -codec copy -bsf:v h264_mp4toannexb -f mpegts udp://[<em>server-address</em>]:1234?pkt_size=1316
ffmpeg -re -i inputfile.mp4 -codec copy -bsf:v h264_mp4toannexb -f mpegts tcp://[<em>server-address</em>]:1234?listen
ffmpeg -re -i inputfile.mp4 -codec copy -f rtsp rtsp://username:password@[server-address]:1935/live/myStream
ffmpeg -re -i inputfile.mp4 -codec copy -rtsp_transport tcp -f rtsp rtsp://username:password@[server-address]:1935/live/myStream
ffmpeg -re -i inputfile.mp4 -codec copy -f flv rtmp://username:password@[server-address]:1935/live/myStream
ffmpeg -re -i inputfile.mp4 -codec copy -f mp4 output.mp4
source
- sudo apt update
apt
use packages over HTTPS:
- sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
- curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
- sudo apt update
- apt-cache policy docker-ce
ocker-ce:
Installed: (none)
Candidate: 5:18.09.7~3-0~debian-buster
Version table:
5:18.09.7~3-0~debian-buster 500
500 https://download.docker.com/linux/debian buster/stable amd64 Packages
docker-ce
is not installed, but the candidate for installation is from the Docker repository for Debian 10 (buster
).
- sudo apt install docker-ce
- sudo systemctl status docker
Output
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-07-08 15:11:19 UTC; 58s ago
Docs: https://docs.docker.com
Main PID: 5709 (dockerd)
Tasks: 8
Memory: 31.6M
CGroup: /system.slice/docker.service
└─5709 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
docker
command line utility, or the Docker client. We’ll explore how to use the docker
command later in this tutorial.docker
command can only be run the root user or by a user in the docker group, which is automatically created during Docker’s installation process. If you attempt to run the docker
command without prefixing it with sudo
or without being in the docker group, you’ll get an output like this:
Output
docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See 'docker run --help'.
sudo
whenever you run the docker
command, add your username to the docker
group:
- sudo usermod -aG docker ${USER}
- su - ${USER}
- id -nG
Output
sammy sudo docker
docker
group that you’re not logged in as, declare that username explicitly using:
- sudo usermod -aG docker username
docker
command as a user in the docker group. If you choose not to, please prepend the commands with sudo
.docker
command next.docker
consists of passing it a chain of options and commands followed by arguments. The syntax takes this form:
- docker [option] [command] [arguments]
- docker
Output
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
- docker docker-subcommand --help
- docker info
- docker run hello-world
Output
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:41a65640635299bab090f783209c1e3a3f11934cf7756b09cb2f1e02147c6ed8
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
...
hello-world
image locally, so it downloaded the image from Docker Hub, which is the default repository. Once the image downloaded, Docker created a container from the image and the application within the container executed, displaying the message.docker
command with the search
subcommand. For example, to search for the Ubuntu image, type:
- docker search ubuntu
Output
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
ubuntu Ubuntu is a Debian-based Linux operating sys… 9704 [OK]
dorowu/ubuntu-desktop-lxde-vnc Docker image to provide HTML5 VNC interface … 319 [OK]
rastasheep/ubuntu-sshd Dockerized SSH service, built on top of offi… 224 [OK]
consol/ubuntu-xfce-vnc Ubuntu container with "headless" VNC session… 183 [OK]
ubuntu-upstart Upstart is an event-based replacement for th… 99 [OK]
ansible/ubuntu14.04-ansible Ubuntu 14.04 LTS with ansible 97 [OK]
neurodebian NeuroDebian provides neuroscience research s… 57 [OK]
1and1internet/ubuntu-16-nginx-php-phpmyadmin-mysql-5 ubuntu-16-nginx-php-phpmyadmin-mysql-5 50 [OK]
ubuntu
...
pull
subcommand.ubuntu
image to your computer:
- docker pull ubuntu
Output
Using default tag: latest
latest: Pulling from library/ubuntu
5b7339215d1d: Pull complete
14ca88e9f672: Pull complete
a31c3b1caad4: Pull complete
b054a26005b7: Pull complete
Digest: sha256:9b1702dcfe32c873a770a32cfd306dd7fc1c4fd134adfb783db68defc8894b3c
Status: Downloaded newer image for ubuntu:latest
run
subcommand. As you saw with the hello-world
example, if an image has not been downloaded when docker
is executed with the run
subcommand, the Docker client will first download the image, then run a container using it.
- docker images
Output
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 4c108a37151f 2 weeks ago 64.2MB
hello-world latest fce289e99eb9 6 months ago 1.84kB
hello-world
container you ran in the previous step is an example of a container that runs and exits after emitting a test message. Containers can be much more useful than that, and they can be interactive. After all, they are similar to virtual machines, only more resource-friendly.
- docker run -it ubuntu
Output
root@d9b100f2f636:/#
d9b100f2f636
. You’ll need that container ID later to identify the container when you want to remove it.sudo
, because you’re operating inside the container as the root user:
- apt update
- apt install nodejs
- node -v
Output
v8.10.0
exit
at the prompt.
- docker ps
Output
CONTAINER ID IMAGE COMMAND CREATED
hello-world
image and another from the ubuntu
image. Both containers are no longer running, but they still exist on your system.docker ps
with the -a
switch:
- docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d42d0bbfbd35 ubuntu "/bin/bash" About a minute ago Exited (0) 20 seconds ago friendly_volhard
0740844d024c hello-world "/hello" 3 minutes ago Exited (0) 3 minutes ago elegant_neumann
-l
switch:
- docker ps -l
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- d42d0bbfbd35 ubuntu "/bin/bash" About a minute ago Exited (0) 34 seconds ago friendly_volhard
docker start
, followed by the container ID or the container’s name. Let’s start the Ubuntu-based container with the ID of d9b100f2f636
:
- docker start d42d0bbfbd35
docker ps
to see its status:CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d42d0bbfbd35 ubuntu "/bin/bash" About a minute ago Up 8 seconds friendly_volhard
docker stop
, followed by the container ID or name. This time, we’ll use the name that Docker assigned the container, which is friendly_volhard
:
- docker stop friendly_volhard
docker rm
command, again using either the container ID or the name. Use the docker ps -a
command to find the container ID or name for the container associated with the hello-world
image and remove it.
- docker rm elegant_neumann
--name
switch. You can also use the --rm
switch to create a container that removes itself when it’s stopped. See the docker run help
command for more information on these options and others.docker rm
command, the changes will be lost for good.
- docker commit -m "What you did to the image" -a "Author Name" container_id repository/new_image_name
container_id
is the one you noted earlier in the tutorial when you started the interactive Docker session. Unless you created additional repositories on Docker Hub, the repository
is usually your Docker Hub username.d9b100f2f636
, the command would be:
- docker commit -m "added Node.js" -a "sammy" d42d0bbfbd35 sammy/ubuntu-nodejs
- docker images
Output
REPOSITORY TAG IMAGE ID CREATED SIZE
sammy/ubuntu-nodejs latest d441c62350b4 10 seconds ago 152MB
ubuntu latest 4c108a37151f 2 weeks ago 64.2MB
hello-world latest fce289e99eb9 6 months ago 1.84kB
ubuntu-nodejs
is the new image, which was derived from the existing ubuntu
image from Docker Hub. The size difference reflects the changes that were made. And in this example, the change was that NodeJS was installed. So next time you need to run a container using Ubuntu with NodeJS pre-installed, you can just use the new image.Dockerfile
, which lets you automate the installation of software in a new image. However, that’s outside the scope of this tutorial.
- docker login -u docker-registry-username
- docker tag sammy/ubuntu-nodejs docker-registry-username/ubuntu-nodejs
- docker push docker-registry-username/docker-image-name
ubuntu-nodejs
image to the sammy repository, the command would be:
- docker push sammy/ubuntu-nodejs
Output
The push refers to a repository [docker.io/sammy/ubuntu-nodejs]
e3fbbfb44187: Pushed
5f70bf18a086: Pushed
a3b5c80a4eba: Pushed
7f18b442972b: Pushed
3ce512daaf78: Pushed
7aae4540b42d: Pushed
...
To enter in container you can run: docker exec -it /bin/bash
source