Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update for info text after installation #77

Open
realsobek opened this issue Apr 13, 2016 · 3 comments
Open

update for info text after installation #77

realsobek opened this issue Apr 13, 2016 · 3 comments
Assignees
@krugar

Comments

@realsobek
Copy link

After installation of JournalTouch 0.4.1 on CentOS 7 x86_64 I noticed the messages near the top on orange background at:
http://journaltouch/
The messages read:
You are using JournalTouch with demo settings. Head over to Settings to set up you own configuration.
and
The admin folder is not secured by an .htaccess file. Anyone has access. Just rename admin/.htaccess.sample to .htaccess if you don't care and want to disable this message.

From my point of view, the surplus empty spaces at end of both lines should be removed.

For the second line I would change the wording from:
The admin folder is not secured by an .htaccess file. Anyone has access. Just rename admin/.htaccess.sample to .htaccess if you don't care and want to disable this message.
to:
Anyone seems to have access to the admin area. Just create admin/.htaccess, if you want to disable this message.

For unknown reasons admin/.htaccess with content (I replaced IP address with a dummy):
require ip 1.2.3.4
did not work out for me. Even after a restart. Everyone had access. Hence I solved it this way:
cat > "/opt/rh/httpd24/root/etc/httpd/conf.d/journaltouch.conf" << EOF
<VirtualHost *:80>
DocumentRoot "/opt/rh/httpd24/root/var/www/html/bibliocoll-JournalTouch-869729f"
</VirtualHost>
<Directory "/opt/rh/httpd24/root/var/www/html/bibliocoll-JournalTouch-869729f/admin/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require local
Require ip 1.2.3.4
</Directory>
EOF
@krugar krugar self-assigned this Apr 14, 2016
@krugar
Copy link
Contributor

krugar commented Apr 14, 2016

  1. yea

  2. it would probably make sense to add a link to the apache documentation regarding .htaccess files here. people using other web servers (ie: nginx) have to improvise here anways.
    aside: imho, JournalTouch is not yet fit for open-internet use, regardless of how the admin page is secured (because of the whole "javascript-based cart to server-side email"-thing).

  3. i'm not familiar with centos' default apache config, but i'm assuming it is configured to ignore .htaccess files in subdirectories?

@realsobek
Copy link
Author

  1. http://httpd.apache.org/docs/current/mod/core.html#allowoverride seems to be a good starting point; it links to https://httpd.apache.org/docs/current/howto/htaccess.html

  2. indeed, 'AllowOverride None' was in place; 'AllowOverride All' worked out

@krugar
Copy link
Contributor

krugar commented Apr 15, 2016

damn, forgot about this before pushing 0.4.2 out the door. this goes into the next round :S

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@krugar krugar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@krugar @realsobek