Johns Hopkins University
School of Medicine
Russell H. Morgan Department of Radiology and Radiological Science
Division of Magnetic Resonance Research
Your Personal Public Website
Your URL
The URL of your website is http://www.mri.jhmi.edu/~<username><username> is your UNIX login user name which is also your MR Research Division email name. Contact Yohannes Afework if you don't have a MR Research Division UNIX login and mail address (mri.jhu.edu).
The Root Directory
The root directory of your website is ~/public_html - i.e. a directory named public_html placed in your home directory. You can create sub-directories inside the public_html directory which create additional levels in the URL. A directory in the public_html named "Papers" would be accessed as http://www.mri.jhmi.edu/~<username>/Papers. Note that these paths in the URL are case sensitive.There is no way for visitors to your website to access files outside this root directory (unless you create links) so your other UNIX files are secure. The webserver is configured to follow UNIX soft links (similar to Windows shortcuts) so you can place such links inside your website to files or directories outside the root directory, giving visitors access to these items. Such links work only to files or directories owned by you. This "Follow Symlinks" behavior can be disabled if you want increased security.
Index File or Directory Listing
If there is a file in public_html named index.html or index.shtml, it
will be displayed when a visitor browses your website. Otherwise, a
listing of all the files in the directory will be displayed similar to
a UNIX directory listing, with filename, date, and size. It is
therefore best to always create an index.html file in every directory
if you want complete control of the content a visitor sees.There is a script called "makelinks" that will create index.html automatically. Contact me if interested and I will document it.
HTML Content
The index.html and any .html files you link to file must be a valid HTML or XHTML files. There are many ways to create HTML content from writing it by hand using a text editor to full-featured programs like DreamWeaver. A good freeware method is using SeaMonkey (formerly known as Mozilla). SeaMonkey includes a web browser, mail client, chat client and webpage editor in one program. The webpage editor works in both WYSIWYG mode and source code edit mode to allow fine tuning of HTML. Microsoft Word can be used by saving documents as "Web Page" and Microsoft Publisher has a variety of "Web Site" templates.Files that end with .shtml can contain "Server-Side Includes" which provide a small set of directives to dynamically modify the content of the webpage. Full dynamic content can be produced using CGI (compiled programs, Perl scripts, etc) but this requires some care to prevent exposing the system to security risks.
Other Content
Images linked into your webpages must be in JPEG, GIF or PNG format.PDF files in your website will generally be opened by a visitor's browser using Acrobat Reader as a helper.
You can put just about any other type of file in your website directories; browsers will offer visitors the oppurtunity to download files it does not recognize.
Limiting Access
You can limit access to directories in your website using a .htaccess
file. For example, to limit access to a sub-directory named JHU
(http://www.mri.jhu.edu/~johndoe/JHU) only to users at Hopkins, use a
text editor to create a file named .htaccess in the JHU directory. In
the file place the following directives:order deny,allow
deny from all
allow from jhmi.edu jhu.edu johnshopkins.edu
deny from all
allow from jhmi.edu jhu.edu johnshopkins.edu
Only visitors with the three designated internet domains will be allowed into this content. Others will get a permission denied message.
This .htaccess file has effect on the directory it is located in as well as any sub-directories within it that don't have a .htaccess file.
Your Personal Secure Website
Your URL
Your secure website is https://www.mri.jhmi.edu/~<username>Note the addition of "s" to http. This directs the visitor's browser to the SSL (Secure Sockets Layer) port of the webserver. All network traffic on this port to or from the webserver is encrypted. Access is provided only to authenticated users.
The Root Directory
The root directory of the secure website is ~/public_html/secure - this directory is not accessible from the non-secure website even though it is inside the public_html directory. It is hidden by the webserver.Authentication
To authenticate visitors to your secure website, a number of setup steps are necessary. To make creation of a secure webiste simple, a script has been written to automate the process. Just click here or login to kaiju.med.jhmi.edu using an SSH client and type "makesecure". This creates the necessary files and directories and adds you to the list of authorized users.To add other users to your secure website type:
htpasswd <new-username>It will prompt you for the new user's password, and then ask which group you want him in. The default is "all" and should generally be accepted. Groups provide a way to give different users selective access to the directories in your site.
Uploads
When makesecure creates your secure directory it also place a file there named "upload.pl". When a visitor clicks this file, it runs a script that permits files to be uploaded from the visitor's computer into your website. This must not be used in the non-secure site due to the potential for misuse by outsiders.The script restricts the upload
You can remove this script if you don't want any upload capability into your website.
makesecure Details for Those Who are Interested
This makesecure script does the following- creates the public_html directory, if it doesn't already exist
- creates the secure directory inside it, if it doesn't already exist
- creates a file named .htaccess in the secure directory with some needed directives
AuthType Basic
AuthName "Username <username> - Secure Website"
AuthUserFile /home/<username>/passwd/passwords
AuthGroupFile /home/<username>/passwd/groups
Require group all
AuthName "Username <username> - Secure Website"
AuthUserFile /home/<username>/passwd/passwords
AuthGroupFile /home/<username>/passwd/groups
Require group all
- copies in the script upload.pl
- creates directory named ~/passwd containing your passwords and groups files
- initializes the passwords file with your UNIX username and encrypted password from the system login password file
- initializes the groups file with a group named "all" with you as the only member
- sets permissions on all of the above for proper security
Make sure your passwd directory, passwords and groups files remain protected so other users can NOT write them. The webserver ignores writable files as security risks so your secure site will stop working.
The .htaccess file is never shown by the webserver even though it is inside your website. If you create new sub-directories inside the secure directory, they are protected by this top-level .htaccess file unless you create another .htaccess file in the sub-directory. You should copy the top-level file and make changes to it if necessary. You could allow individual users or other groups access to selected directories. Details can be found at Authentication, Authorization, and Access Control in the Apache manual.