Uploading files to start a website

Tagged:

The most common use of our Linux accounts is for hosting a website. HCS provides the distinct advantage (compared to other free web-hosting solutions at Harvard) of running dynamic content technologies such as PHP, MySQL, and Ruby on Rails. With these frameworks, your student group can run most of the cool web technologies out there today: wiki's, bulletin boards, blogs, community-managed content... the possibilities are innumerable. The most basic advantage provided by all of these applications is that many people can contribute content to your site, instead of a few webmasters who know HTML.

However, all websites need files. In the earlier tutorial about What to do at the prompt, you wrote a few simple files via the terminal that could comprise a couple very basic webpages. More likely however, you'll want to put together a more complicated site on your own computer, and then upload it all in one shot. (We don't blame you, designing multiple pages in pico or emacs or vi can be a bit tedious.) Or, perhaps you want to install one of the newfangled web apps above, like a TWiki, so that you can design and administrate your site dynamically through a browser; this likewise involves uploading a bunch of files to your ~/web directory.

First of all, we hope you've followed the SSH keys tutorial and set them up, because it will make uploading a snap to do on a day-to-day basis. If not, you can still follow this tutorial; however, you will first need to login to your account (need a review? check the login tutorial) and type at the HCS prompt:

sftppasswd

to which you'll receive the following message:

Changing HCS SFTP password for user hgc
Please note that student group passwords will be reset at 4am
every morning. If you need to give a user shell access to your
account, please type 'access' when logged into your HCS account.
After you setup this password, you will be able to use SFTP clients
like SecureFX (for Windows) or Fugu (for OS X) to transfer files to
your HCS account.
New password:

which basically means you can pick a temporary password for uploading files, but it will be reset every day at 4am for security purposes. Like we said, setting up keys would make your life easier, because you wouldn't have to worry about this. Enter in a password (if you have SSH keys, no need to run this at all); then continue below for directions on the Mac, or skip down for directions on a PC.

On a Mac

First, we need to download an SFTP client. You may have heard of FTP, or file transfer protocol, which is commonly used to transfer files across the internet; SFTP is similar except tunneled through an encrypted SSH connection. HCS only supports file transfer via SFTP.

You can get a number of free SFTP clients from the web. MacSFTP is the one FASCS provides, but it's rather crummy. Fetch is popular and is free for students/educators, but we will use a popular open-source alternative called Cyberduck. It's Swiss, so it has to be good.

Download the .dmg from their website and drag Cyberduck.app to your Applications folder. Then start it up. It should look something like this:

Open the bookmarks bar using the Bookmarks button, and then click the [+] button to add a new bookmark. Set up all the options like this (of course, substitute group-name with the name of your HCS account). If you set up SSH keys, you will want to roll down More Options and check Use Public Key Authentication. When you do that, it will ask which key you want, so select the id_dsa key that you created in the SSH key tutorial. Important: you want the id_dsa file (your private key), not the id_dsa.pub file!

Now close the bookmark properties window and admire your new connection in the bookmarks bar. Go ahead and double-click it to begin connecting.

If you have an SSH key with a passphrase, you'll be prompted to decrypt it. If you didn't set a passphrase (tsk tsk) you won't see this.

On the other hand, if you didn't set up keys, you'll need to enter in the password you set up with sftppasswd.

That's it, you should be looking at your home directory! Use of Cyberduck is essentially equivalent to using the finder: double-click on directories to open them, and drag stuff in and out of the window to transfer. If you want, you can set Cyberduck up with an editor like TextWrangler or BBEdit to edit files directly on the server: check Preferences>General. Any tasks that don't have a toolbar icon (renaming things, making new folders, etc.) can be found inside the Action button. And to go up to a parent directory, use the menu at the top of the filelist, or the up arrow next to it.

Enjoy your new graphical filesystem! See the last section for some important pointers.

On a PC

First, we need to download an SFTP client. You may have heard of FTP, or file transfer protocol, which is commonly used to transfer files across the internet; SFTP is similar except tunneled through an encrypted SSH connection. HCS only supports file transfer via SFTP.

We'll use WinSCP, which you can download here. Download and install it with the default options. Start WinSCP and you will be at the main Session dialog. Fill in "hcs.harvard.edu" in the Host name dialog, place your HCS group account name in the User name field.

If you used sftppasswd to set a temporary password, place it in the "Password" field. If you've already set up SSH keys, click the ... in the "Private key file" box and select your private key file from wherever you saved it on the computer. It is probably named key.ppk.

Click "Save..." to save this configuration for the future, and then click Login to connect to your account! WinSCP has an interface reminiscent of Windows Explorer. You will have your remote window, which shows files on HCS. Your local computer's files are in another window. Both windows have the familiar filetree on the left side for navigation. Simply drag stuff between the two windows or use the cut/copy/paste buttons you see on the toolbar to begin transferring stuff! Most everything should work the way Explorer does. For some closing tips, see the bottom of the page.

On a PC (old method)

First, we need to download an SFTP client. You may have heard of FTP, or file transfer protocol, which is commonly used to transfer files across the internet; SFTP is similar except tunneled through an encrypted SSH connection. HCS only supports file transfer via SFTP.

We'll use Secure FX, which can be found on the FASCS download site. Download and install it with all the default options. Then run it, and you will find yourself at the Connect dialog. Go to the New Session button and click it.

A wonderful wizard will appear. Leave SFTP selected and click Next.

Enter in the following information, substituting group-name with, well, your group account name.

You'll see your new connection in the dialog, but wait up. You have to set authentication options, so select your new connection and hit the properties button. Under SSH2 in the tree, select the appropriate authentication option. If you didn't make SSH keys, leave it at the default, Password:

But if you made SSH keys as we showed you in our previous tutorial, select PublicKey and deselect Password.

Now go ahead and double-click on your new connection. Since this is your first time connecting with SecureFX, you may see this funky dialog; click Accept & Save and you won't have to see it ever again.

If you're authenticating with a password, you'll receive this, and you should enter in whatever you set with sftppasswd:

Otherwise, if you're using an SSH key and you set a passphrase, you'll see this dialog. If you didn't choose a passphrase, you won't be asked for one.

You should be able to log straightaway into your account! Secure FX has an interface reminiscent of Windows Explorer. You will have your remote window, which is in front in this picture, which shows files on HCS. Your local computer's files is in another window. Both windows have the familiar filetree on the left side for navigation.

Simply drag stuff between the two windows or use the cut/copy/paste buttons you see on the toolbar to begin transferring stuff! To make a folder, use File>New>Folder. To go up a directory there is a button on the toolbar, or just use the filetrees. Most everything should work the way Explorer does. For some closing tips, see below.

The Final Word: Staying Secure

Now you can upload whatever you want to your HCS site with relative ease, but be sure to stay under quota: you can always check your remaining space by typing quota at the command line. Note that only files under the directory web/ in your home directory will be available to the public on the internet. We want you to be able to use all kind of interesting code on your site, so go ahead and put everything you can in there: PHP scripts, some Web 2.0 shlock, RSS feeds, the lot. But be mindful: it is very easy to put dynamic content on your site in a way that can get your whole account compromised.

A way to prevent this is to make sure that permissions are set correctly on your website. If permissions are set too low, you will get 403 Forbidden errors when loading pages; if they're set too high, an attacker may be able to rewrite anything on your site at will. To fix permissions on your account, SSH into HCS and enter the following commands at the prompt, one line at a time:

chmod 711 ~
chmod 711 ~/web/
chmod -R ugo+r ~/web/
chmod -R go-w ~/web/
chmod -R u+w ~/web/

This should prevent others from writing to your files, although insecure PHP code can still be used to hose your website with spam; we'll cover that later. But for now, if you're new to PHP and Ruby on Rails, try to only use well-maintained and well-known packages like Wordpress or Drupal, follow their instructions carefully, and keep your code up-to-date.