Using an SSH client application, login/ssh to unix.ucsc.edu, then use the following commands to prepare your web site:
- touch ~/public_html/index.html
- chmod 644 ~/public_html/index.html
- Permit the web server to access your home directory
- Create an empty home page (index.html)
- Permit the web server to access index.html
Viewing Your Web Pages
Once you have an index,html file created and the permissions properly set, you can access your personal web page at the following URL:
http://people.ucsc.edu/~<Your User Name>/
Note that initially, you will get a blank page. As long as you don't see an error message, you've done these steps correctly.
Updating Your Web Pages
Once your site has been created, you can access your web site files using a SFTP client application. Note that in order to connect via SFTP, you must be on a UCSC wired network or the Eduroam wireless network. If you are on a restricted network at UCSC or are off campus, you must connect to the UCSC VPN service before you will be able to login to our servers.
Anything you put in the public_html folder will be published on the web. In order for your files to be published, they must be world-readable. You can achieve this by using the following command:
chmod 644 <Your File Name>
Similarly, any sub-directories that you have in your web page need to be world-readable as well. You can accomplish this by using the following command:
chmod 755 <Directory Name>
If you're getting 403 Access Denied errors when you view your web page in a web browser, then you probably haven't set your file permissions correctly.
You may wish to use a SFTP program to get access to your files. FileZilla is one option; it is a free, open source application that supports SFTP and is available for Windows, macOS, and Linux.
The server information you need is as follows:
Server Name: sftp.ic.ucsc.edu (any of the dance servers would work)
Login Name: Your CruzID
Password: Your CruzID "Blue" Password
You should also set y=the "port" to 22 when transferring files via SFTP.
PHP and CGI Scripts
The web server support sPHP and CGI scripts for personal web pages. Please note that the Baskin Engineering does NOT generally offer script debugging services for personal web space. If you decide to use PHP or CGI scripts on your personal web page, you need to make sure that you have the proper expertise to do so. The PHP Web Site is an excellent place to get started. We strongly recommend PHP over CGI for everyone.
Running CGI and PHP scripts from your home directory can lead to your web files being compromised. PHP and CGI scripts that you create run with your permissions and ownership. These programs could potentially expose any files or information in your home directory to the outside world.
Before writing and running PHP or CGI script, please make yourself familiar with the risks involved, and take the necessary precautions to protect yourself and Baskin Engineering's properties. The "Open Web Application Security Project" is a good source of information on web application security. Their "Ten Most Critical Web Application Security Vulnerabilities" paper is a good place to start.
To use PHP, simply create PHP scripts directly in your public_html folder (or any subfolder). If you would like to see what PHP modules are installed, simply create a PHP script that calls the phpinfo(); function. As an example, create an hello.php file in your ~/.html/ folder and place the following code in it:
<?php Header("Content-Type: text/plain"); echo "Hello!\n"; ?>
Then, point your web browser to a URL like this one:
http://people.ucsc.edu/~<Your User Name>/hello.php
You should see the word Hello! printed back to you.
Password Protection for Personal Web Pages
You can password-protect your personal web pages using the following procedure. This procedure assume that you want to protect a folder called
http://people.ucsc.edu/~CruzID/SECURE/ - if you wish to protect a different folder, change SECURE to whatever the name of the folder is.
Create a password file using htpasswd, like this:
htpasswd -c ~/.htpasswd username1
This will prompt you for the password that you would like username1 to use when visiting your secure pages. Once you have added your first user, you should use htpassword without the -c option, like this:
htpasswd ~/.htpasswd username2
This will prompt you for the password for username 2. NOTE: If you use the -c option on the second user name, the first user name will be deleted! The -c option is only for use when first creating your .htpasswd file!
Then make sure that ther permissions on your .htpasswd file are correct:
chmod 644 ~/.htpasswd
If you haven't already done so, create your secure folder, like this:
mkdir ~/public_html/SECURE chmod 755 ~/public_html/SECURE cd ~/public_html/SECURE
Create a .htaccess file using your favorite text editor. This example assumes you're using pico to edit your .htaccess file; be sure to replace pico with whatever editor you prefer to use:
Add the following to your .htaccess file:
AuthName "My Secure Stuff" AuthType Basic AuthBasicProvider file AuthUserFile /CruzID/.htpasswd require valid-user
Be sure to replace
/with the actual path to your home directory.
Make sure .htaccess is readable by the web server:
chmod 644 ~/public_html/SECURE/.htaccess
That should be all there is to it! If you have any problems with this procedure, please e-mail firstname.lastname@example.org for help.