Personal Web Pages

Getting Started

Using an SSH client application, login/ssh to unix.ucsc.edu, then use the following commands to prepare your web site:

  • touch ~/public_html/index.html
  • chmod 644 ~/public_html/index.html

These commands:

  • Permit the web server to access your home directory
  • Create an empty home page (index.html)
  • Permit the web server to access index.html

Viewing Your Web Pages

Once you have an index,html file created and the permissions properly set, you can access your personal web page at the following URL:

http://people.ucsc.edu/~<Your User Name>/

Note that initially, you will get a blank page. As long as you don't see an error message, you've done these steps correctly.

Updating Your Web Pages

Once your site has been created, you can access your web site files using a SFTP client application.  Note that in order to connect via SFTP, you must be on a UCSC wired network or the Eduroam wireless network.  If you are on a restricted network at UCSC or are off campus, you must connect to the UCSC VPN service before you will be able to login to our servers.

Anything you put in the public_html folder will be published on the web. In order for your files to be published, they must be world-readable. You can achieve this by using the following command:

chmod 644 <Your File Name>

Similarly, any sub-directories that you have in your web page need to be world-readable as well. You can accomplish this by using the following command:

chmod 755 <Directory Name>

If you're getting 403 Access Denied errors when you view your web page in a web browser, then you probably haven't set your file permissions correctly.

SFTP

You may wish to use a SFTP program to get access to your files.  FileZilla is one option; it is a free, open source application that supports SFTP and is available for Windows, macOS, and Linux.

The server information you need is as follows:

Server Name: sftp.ic.ucsc.edu (any of the dance servers would work)
Login Name: Your CruzID
Password: Your CruzID "Blue" Password

You should also set y=the "port" to 22 when transferring files via SFTP.

PHP and CGI Scripts

The web server support sPHP and CGI scripts for personal web pages. Please note that the Baskin Engineering does NOT generally offer script debugging services for personal web space. If you decide to use PHP or CGI scripts on your personal web page, you need to make sure that you have the proper expertise to do so. The PHP Web Site is an excellent place to get started. We strongly recommend PHP over CGI for everyone.

Running CGI and PHP scripts from your home directory can lead to your web files being compromised. PHP and CGI scripts that you create run with your permissions and ownership. These programs could potentially expose any files or information in your home directory to the outside world.

Before writing and running PHP or CGI script, please make yourself familiar with the risks involved, and take the necessary precautions to protect yourself and Baskin Engineering's properties. The "Open Web Application Security Project" is a good source of information on web application security. Their "Ten Most Critical Web Application Security Vulnerabilities" paper is a good place to start.

PHP

To use PHP, simply create PHP scripts directly in your public_html folder (or any subfolder). If you would like to see what PHP modules are installed, simply create a PHP script that calls the phpinfo(); function. As an example, create an hello.php file in your ~/.html/ folder and place the following code in it:

<?php

Header("Content-Type: text/plain");

echo "Hello!\n";

?>

Then, point your web browser to a URL like this one:

http://people.ucsc.edu/~<Your User Name>/hello.php

You should see the word Hello! printed back to you.

Password Protection for Personal Web Pages

You can password-protect your personal web pages using the following procedure. This procedure assume that you want to protect a folder called http://people.ucsc.edu/~CruzID/SECURE/ - if you wish to protect a different folder, change SECURE to whatever the name of the folder is.

  1. Create a password file using htpasswd, like this:

    htpasswd -c ~/.htpasswd username1

    This will prompt you for the password that you would like username1 to use when visiting your secure pages. Once you have added your first user, you should use htpassword without the -c option, like this:

    htpasswd ~/.htpasswd username2

    This will prompt you for the password for username 2. NOTE: If you use the -c option on the second user name, the first user name will be deleted! The -c option is only for use when first creating your .htpasswd file!

    Then make sure that ther permissions on your .htpasswd file are correct:

    chmod 644 ~/.htpasswd

  2. If you haven't already done so, create your secure folder, like this:

    mkdir ~/public_html/SECURE
chmod 755 ~/public_html/SECURE
cd ~/public_html/SECURE

  3. Create a .htaccess file using your favorite text editor. This example assumes you're using pico to edit your .htaccess file; be sure to replace pico with whatever editor you prefer to use:

    pico ~/public_html/SECURE/.htaccess

    Add the following to your .htaccess file:

    AuthName "My Secure Stuff"
AuthType Basic
AuthBasicProvider file
AuthUserFile /CruzID/.htpasswd
require valid-user

    Be sure to replace /CruzID/ with the actual path to your home directory.

    Make sure .htaccess is readable by the web server:

    chmod 644 ~/public_html/SECURE/.htaccess

That should be all there is to it! If you have any problems with this procedure, please e-mail webmaster@soe.ucsc.edu for help.