Sharing Gateway

download 0.1 src tgz | more downloads | browse svn | home page


This is a simple tool for managing a collection of file shares/networks (FTP, SSH, SMB/CIFS, etc.), conglomerating them into a single unified “gateway” that can then be re-exported.

Part of this acts like mount -a in mounting/unmounting a set of filesystems, but features:

The rest of this is mostly documentation on how to configure your own servers to do what you want.



Web Frontend

Create certificates

The following is a summary of Creating Certificate Authorities and self-signed SSL certificates.

Generate a CA:

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

Generate a certificate-signing request (CSR), using your server domain name as the “common name” when prompted for it:

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr

Sign the certificate with the CA:

openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Examine what you have so far:

openssl rsa -noout -text -in server.key
openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key
openssl x509 -noout -text -in ca.crt

Create insecure version of the key, so that you don’t need to enter a password when you start Apache:

openssl rsa -in server.key -out server.key.insecure
mv server.key
mv server.key.insecure server.key

Secure the keys:

chmod 600 *.key
sudo chown root *.key

By now you should have the following files; make all the .key files accessible only to root!

Allow users to download and install ca.crt, then you’re set!

Configure Apache for SSL

Setting up SSL: Ubuntu and Apache 2 is the continuation of the above guide. The following is the summary.

Duplicate the default site in /etc/apache2/sites-available/ as site ssl and edit it so that the argument to the NameVirtualHost and VirtualHost elements are *:443 instead of *. This causes this host to be effective only on that port (NameVirtualHost and VirtualHost are always paired up). Lastly, adjust the root directory to be something like /var/www-ssl/ instead of /var/www/.

Insert the following incantation under VirtualHost, pointing to wherever you put your certificates:

SSLEngine On
SSLCertificateFile      /etc/apache2/ssl/server.crt
SSLCertificateKeyFile   /etc/apache2/ssl/server.key
SSLCertificateChainFile /etc/apache2/ssl/ca.crt
SSLCACertificateFile    /etc/apache2/ssl/ca.crt

Verify that a configuration file has Listen 443. Now, enable the SSL module and the site we just configured, and reload Apache:

sudo a2enmod ssl
sudo a2ensite ssl
sudo service apache2 reload

If you see a warning about Apache being forced to resolve for its domain name, you may get rid of it by providing the domain name explicitly in apache2.conf with ServerName

Test out the site by going to

Finally, make the CA certificate available to the world:

sudo ln -s /etc/apache2/ssl/ca.crt /var/www/

Have your users visit to install your CA certificate first—thereafter, they will encounter no warnings about visiting your SSL sites.

Configure Authentication

Add something like the following to your ssl site configuration:

<Directory /var/www-ssl/gw/>
  AuthType Basic
  AuthName "Login Required"
  AuthUserFile /var/www-ssl/gw/.htpasswd
  Require Valid-User

Now create the .htpasswd file:

sudo mkdir /var/www-ssl/gw/
sudo htpasswd -c /var/www-ssl/gw/.htpasswd gw
sudo service apache2 reload

Web Gateway

Now simply create symlink to our gateway directory in /var/www-ssl/:

ln -s /path/to/gateway/ /var/www-ssl/gw/raw should now show you the gateway!

FTP Frontend

The FTP frontend means your users need to know how to use FTP, but there are numerous benefits that come from using an FTP client, including:

The FTP server we’ll use is ProFTPD.


Sharing Gateway is released under the GNU GPL3.


Copyright 2008 Yang Zhang.
All rights reserved.

Back to