Downloads folder access to public


#1

I wanted to know if it is possible to create a Https download folder which will be accessible without any username and pass?

Also, I’m not sure if it is a bug, I was able to login in to a user download folder by using my some other user credentials. I mean lets say I have two users A and B. I was able to access A’s download folder by entering B’s login credentials.


Remove pass for download directory
#2

yes and no, it would be simpler to mod ftp to have a anonymous login but may i ask why you want unsecure data?
it’s easy making a guest account and sharing what you want that way.

and i will make a bug report for the users log in
but this would also require the other user to know the others user name.
also does not work unless you have a login but still not good for users to be able to get into other user’s files. though it is read only. @JMSolo check msg to see what’s going on did a gif


#3

also there is a share plugin in rutorrent that you can share via links and gives option to use username and pass but you can leave blank


#4

I want to help my friend to use it to upload his Android Rom and share it with general public. I’m not concerned about the security. Even FTP is fine for me but it shouldn’t be password protected.

Share plugin has an expiry and sometimes is not resume friendly in IDM unlike https download.


#5

you can edit how long the share link lasts. make it a year. if you so wished.


#6

share plugin config file.
use this config for unlimited time for duration

<?php $limits['duration'] = 0; // maximum duration hours $limits['links'] = 0; //maximum sharing links per user $downloadpath = $_SERVER['HTTP_HOST'] . '/fileshare/share.php'; ?>

you can find this plugin here /srv/rutorrent/plugins/fileshare/conf.php


#7

next question your use brings me to are you using torrenting on the same server? or is it just to share your friends rom? because there are so many sites you can share files like that on. the idea for seedbox it torrenting more than dropbox concept.

google has great public sharing links. and as long as you’re not breaking laws you can share whatever you like. and that’s free… and roms never take more the 2gb and that’s plenty small enough for google. i know we can help you do the open ftp or even public download but there are so many out there i can’t see a reason to do it. that’s just me.


#8

Absolutely that is a bug. @dtech sent me an illustration of the issue and that is not intended behavior. Thank you for the report and we will work on patching this up today. The issue comes from apache requiring a valid-user. I am assuming that this is not weighing the authentication against any user in particular and simply saying “Hey, you’re a valid user with a password, here’s the directory.”

You can do this absolutely!

As @dtech stated, the share plugin can be set to an unlimited amount of time. However, if you wanted to set this in something like /var/www/html and have it forever public facing you could do this.

It will require the creation of an alias in your apache configuration like the following:

Navigate to /etc/apache2/sites-enabled/ and open the aliases-seedbox.conf for editing.

At the bottom of the file, create a new alias for the directory you would like to be public like so…

Alias /public.download "/var/www/html/"
<Directory "/var/www/html/">
  Options Indexes FollowSymLinks MultiViews
  AllowOverride None
  Order allow,deny
  allow from all
</Directory>

You can name this alias whatever you like. Now save and close the file and reload apache with service apache2 reload

You can now navigate to the location via http://_your_server_ip_/public.download/ and your file will be listed and publicly available… all in the meanwhile, keeping your username out of the picture and held in a completely different directory than where rtorrent data resides.


Public Seedbox User
#9

after following JMSolo’s instructions, I had to set some permissions in order to have write privileges in this newly created folder (i.e downloading directly to this folder using deluge/rtorrent). see this link: http://superuser.com/a/19333


#10

I tried to follow the procedure to create a public directory but the directory still asks for username and password.

Please help.


#11

Try clearing your browser cache. It’s possible that it is still caching the initial access to your directory.


#12

Clearing browser cache is not working with the public directory created. Tried several browsers and private mode too.


#13

Not sure why you’d be recieving any sort of authentication as if you follow the guidelines above you are not even using the same auth directories that QuickBox/ruTorrent are using.

Could you double check and ensure that you do not have any auth lines such as:

AuthType Digest
  AuthName "rutorrent"
  AuthUserFile '/etc/htpasswd'
  Require user USERNAME

Also, have you done a restart of apache?


#14

I recently found that thread and did what was posted but I’m getting a [quote]Job for apache2.service failed. See “systemctl status apache2.service” and “journalctl -xe” for details.[/quote] error when I do the service apache2 reload



Staff edit: Moved to relavant topic


#15

@Evoley, could you please give us the output of cat /etc/apache2/sites-enabled/aliases-seedbox.conf?
Apache is more than likely not starting due to a small typo.


#16

i wanted to post an update to this to show how i solved this problem. I followed JSolo’s instructions except modified it a bit.

Edit your /etc/apache2/sites-enabled/aliases-seedbox.conf like so:

Alias /publicDL "/var/www/publicDL/"
<Directory "/var/www/publicDL/">
  Options Indexes FollowSymLinks MultiViews
  AllowOverride None
  Order allow,deny
  allow from all
</Directory>

after doing that, create a publicDL folder in your user’s home directory.
cd ~/
mkdir publicDL

finally, let’s create a symlink between this folder to the apache2 folder
sudo ln -s ~/publicDL/ /var/www

What this essentially does is create a publicDL folder in your user’s home directory to which you can move files you want to appear public i.e http://serverip/publicDL


#17

I managed to get it fixed tho users are able to access the quickbox dashboard which is something I don’t want. Is there any way I can disallow that?


#18

At the moment additional created users have access to dashboards by default. Their dashboards however, lack the feature set of the master account and thus can use it for basic monitoring and link navigation. You could technically remove the ability for them to access the dashboard in general, however, that is a separate topic entirely.


Disabling dashboard access for newly created user
#19

This works tho the way that i did it overwrites the default user I created when setting up. The way I did was basically createseedboxuser , edit aliases-seedbox.conf, then reload apache.


#20

Just wanted to add a note here for people who found this page interested in making the folder their torrents download to public while keeping the rest locked away.

If you edit the file: /etc/apache2/sites-enabled/aliases-seedbox.conf

Find the section that links to your downloads folder (below this line: Alias /derp.rtorrent.downloads "/home/derp/torrents/rtorrent/")

Then remove the lines for authentication and add the line for Require all granted. It should look like this when you’re done:

Alias /derp.rtorrent.downloads "/home/derp/torrents/rtorrent/"
<Directory "/home/derp/torrents/rtorrent/">
  Options Indexes FollowSymLinks MultiViews
  Require all granted
  php_admin_value engine Off
</Directory>

When you’re done, run: service apache2 restart

Thanks :slight_smile: Ducky