Serving Web Pages (ftpd or Apache?)

[pcardout]

Hi there -- I already have a web site running on my university's servers. It works great for small
html and text files. I am getting to the point where I want to put pictures, videos and tarballs on it,
but I don't have enough server space allocated to me.

On the other hand, I have 130 free GBytes on my desktop, and I could put links from the web-server machine (call it
Ishmael) to my desktop (call it Moby). I thought I could just set Moby up serving anonymous ftp for the big
files. Unfortunately, it didn't run right. (I tried emerging ftpd and for some reason it never would
run).
When load ftpd as root@Moby, get
Error messages: Error loading /etc/ssl/certs/ftpd.pem: 3867:error:02001002:system library:fopen:No such file or directory:bss_file.c:278:fopen('/etc/ssl/certs/ftpd.pem','r')
3867:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
3867:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:515:

ftpd: SSLeay initialisation failed

Maybe I ought to just run apache, but it seems like a long learning curve, and at the moment I have too many other
things to work on.

Does anyone know of an "apache for the impatient" ... i.e., emerge it, edit 1 or 2 .conf files and go!
(Or can you help me with my ftpd error message).

Thank you -- Gentooites
_________________
I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman

[thebigslide]

either re-emerge ftpd without the ssl flag or generate your ssl certificates.

"Apache for the impatient" sounds like "How to get my box hacked and turned into a spam relay"

[pcardout]

Thank you. (Nice Avatar, Austin!)

I couldn't make sense of the error message, but I almost understand your suggestion. Is this sort of thing I do
with ssh-keygen?? I am familiar with ssh, but it wasn't clear whether the Gentoo ncu-ftpd was using similar
technology. In fact, I looked in the man page for something about missing files, but couldn't find it. So I'll poke around
and see if I can figure out how to generate these certs, but I'll take another hint if you're around.

As far as your point on Apache ... well taken. I never really wanted to get into it. Fixing FTP will solve all my needs.
_________________
I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman

[pcardout]

Taking your second suggestion (drop ssl)

Actually, I just tried
USE="-ssl" emerge -v ftpd

ftpd now no longer gives an error. However, ftpd isn't listed as a running process, and I can't ftp in. So something
more is wrong.

As far as your point on Apache ... well taken. I never really wanted to get into it. Fixing FTP will solve all my needs.
_________________
I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman

[Nard`]

you should always use /etc/portage/package.use for package specific USE flag changes. That way it doesn't get overwritten next time you update your system

Might sound stupid but have you started ftpd? /etc/init.d/<packagename> start normally

Have you configured it, maybye it needs to bind to a specific address? Also, it may (hopefully) not be running as root so make sure you use the 'a' flag on ps.
_________________
Programming is the process of putting bugs in.
Debugging is the process of attempting to take bugs out, doing an ugly hack, hitting your computer, then claiming insurance.

[thebigslide]

I believe ftpd is installed with xinetd by default with portage. It will need to be configured.

[pcardout]

Nard -- Thanks for "package-use" tip. Am still figuring out what USE flags are about.
I asked our resident gentoo expert and he started fudging. It seems to me that
USE flags make the difference between a package running or not and that you should strive
to always use the same set on all packages, but this fellow said they were only about
speed. I don't think I buy it. I think they are basically coding for include files or #DEFINES.
Feel free to wax rhapsodic if you know anything.

I do know to start a daemon and then add to rc-update,
and I got no error messages, and I know to use ps -A, but still no joy.

Got to look at inetd, which indeed was freshly installed with ftpd.
_________________
I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman

[pcardout]

I tried xinetd -stayalive just so I'd be able to see if xinetd was a running process. After I did
this I saw xinetd.

moby home # ps -A |grep -i xinetd
5111 ? 00:00:00 xinetd

I then tried ftpd again. (Compiled w/o SSL Use flag). Still didn't show as process
and was not log into able. (Tried anonymous and named user. Read directions in man ftpd on how to
set up anonymous account.)

Thanks if you know what to try. I already checked my passwd file:

moby home # cat /etc/passwd |grep -i ftp
ftp:x:21:21::/home/ftp:/bin/false

Don't know if I should also add "anonymous" as a user. The man page on ftpd was ambiguous about that, implying
that the user ftp was equivalent to anonymous.
_________________
I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman

[thebigslide]

[pcardout]

OK -- I think I'm figuring it out. One more hurdle. Thanks for sticking with me.

The reason xinetd service seemed not to start is because it went to sleep as it had no services at all to provide.
It didn't even appear is ps -A. I think xinetd is somewhat special as it spawns services on demand.

The key file for xinetd is xinetd.conf and there is an "includedir" feature which references (as if they were part of
xinetd.conf itself) any and all files which are in directory xinetd.d

One of these was called "ftp" and one of the lines was "disable=yes". Changing that line to disable=no and restarting
xinetd allowed xinetd to persist (show up on ps -A). After that, could start ftpd. Amusingly ps -A still does not show
ftpd. Again, that's because it doesn't really exist (as an active process) until an ftp request comes in. So when I
ran ftp from my own machine to my own machine, I could suddenly see ftpd as a process. When I closed the ftp
session, ftpd disappears again from ps -A. Whew!! Subtle!!!

So here's what's left. The following works:

I'm sitting at a command prompt on moby. I start ftp.
ftp> open moby.nmt.edu
Connected to moby.nmt.edu.
421 Service not available, remote server has closed connection
ftp> open localhost
Connected to localhost.
220- Successful login to MOBY! --rs
220 localhost FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready.
Name (localhost:richard):

Note then that I could ftp to localhost, but not to dirac. And I think it's because my machine is refusing the
connection. I looked for /etc/hosts.allow and hosts.deny. They don't exist. Maybe I need to create them?
_________________
I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman

[pcardout]

I added my entire university's domain (temporarily) to hosts.allow for the ftpd service. Still my connection is
refused.

I welcome more advice.
_________________
I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman

[pcardout]

BTW -- I don't need a helpful person to tell me to use scp instead of ftp. I use scp all the time.

However, to my knowledge, there is no
url scp:// tag in html, but there most certainly is a url ftp://. Thus you can use an ftp server as a web server,
and you can't use a Linux box running only sshd.

Crustily (but gratefully) yours. --picard out.
_________________
I was born not knowing and have only
had a little time to change that here and there.
--Richard Feynman

[NightCrawler]

I was having the same problem as you had, your posts helped me setup xinetd and ftpd working now, and so, I think I can help with your problem. Take a look at the /etc/xinetd.conf file, see if there's a line there saying: only_from: localhost. Comment it and your done!

Hope that helps.

[psi0nik]

if you're looking for just file serving, with no CGI or anything else via HTTP, I'd suggest using publicfile. it's in portage, it's written by djb, author of qmail, which you may or may not be familiar with. it's a simple, ultra-secure web server that's perfect for what you're looking for (it also happens to do anonymous ftp). djb writes (in my opinion) really great, easy to configure, useful software that does exactly what's advertised and nothing else. he also tends to actually *finish* a piece of software rather than perpetually updating it. it's good stuff