Improvements on the public and private brewpi pages
Disclaimer: I am by no means an expert at this, and am not very confident that this is extremely secure. If you expose your brewpi to the internet at all there is a risk that someone else will be able to control it, potentially controlling heating and cooling elements in YOUR HOME, which has some real risk to it. Even worse, they could potentially ruin a batch of your beer! Please understand the risks before exposing your brewpi to the internet.
These instructions should work for anyone who's already followed the steps in
this post.
Please make a backup of your current directory (/var/www) in case something goes wrong, or you lose something you have that you like. I will explain the modifications required to customize it to your setup. Any of these items can be done independently, but may require a bit of tweaking in case I've used file names from the previous step. The below modifications will improve upon the public and private versions of the brewpi web interface in the following ways:
- Make public page the default (index.html), so you can go directly to http://example.com to get to the public page, vs entering http://example.com/publicpage.php
- Add link from public to private page
- Add Previous Beers viewing to public page
- Add robots.txt file to keep search engines from finding your brewpi page.
- Bonus: setting up port forwarding and a dynamic dns to create a public page without a static IP.
1. Make public page the default (index.html)
This step will swap the filenames of your public and private pages, so that the default page when you go to your url is the private page. You'll need to rename the files themselves, and modify your .htaccess file to protect the proper pages.
First let's swap the files. If you're accessing your directory via an ftp client, you can simply right click on the files and rename, otherwise, here are the linux commands. First you'll rename the current private page to a temporary name. Then you'll rename your public page to index.php, so it becomes the default. Lastly, you'll change the temporary public page to the final name for your private page. Make sure to replace your_public_page.php with whatever the filename of the private page you've setup.
cd /var/www
sudo mv index.php tmpindex.php
sudo mv your_ public_page.php index.php
sudo mv tmpindex.php your_public_page.php
You'll now want to alter your .htaccess file to open up the public page and block the private page behind authorization. Please note, I'm not blocking the previous_beers.php file in the bottom section, as I want to leave that open to my public page.
Replace your .htaccess file with the data below. Make sure to replace "your_private_page.php", and "YourUserName" with the appropriate values.
The quotes are required!
<FilesMatch "your_private_page.php">
AuthUserFile /var/www/private/.htpasswd
AuthGroupFile /dev/null
AuthName "YourUserName"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
</FilesMatch>
<FilesMatch "(beer-panel|config|configuration|control-panel|maintenance-panel|program_arduino|save_beer_profile|start_script).php">
Order deny,allow
Deny from All
Allow from 127.0.0.1
</FilesMatch>
For some strange reason in the above quote, it is adding a space in 'start_script'. I do not have a space there, and one shouldn't be included. After changing this file, you'll have to restart the apache web server, or the whole raspberry pi for the changes to take effect.
2. Add link from public to private page
For this one, you'll edit the public page (now index.php) to add a link to your private page. Find and edit the public beer panel page you've previously created. FuzzeWuzze's write up has this named PublicBeerPanel.php. Look for this section
<div id="logo-container">
<img src="brewpi_logo.png">
<div id=beer-name-container>
</div>
and change it to this.
<div id="logo-container">
<a href="control.php"><img src="brewpi_logo.png">
<div id=beer-name-container>
</div>
3.Add Previous Beers viewing to public page
This update will modify the public page to add back in a link to a modified maintenance panel, so the Previous Beers option is publicly available. We'll modify your public page, and put in a modified copy of the maintenance panel page to do so.
First, open up your public page (if you've followed these instructions it's now index.php) and find the section below.
<div id="beer-panel" class="ui-widget ui-widget-content ui-corner-all">
<?php
include 'PublicBeerPanel.php';
?>
</div>
and change it to this
<div id="beer-panel" class="ui-widget ui-widget-content ui-corner-all">
<?php
include 'PublicBeerPanel.php';
?>
</div>
<div id="maintenance-panel" style="display:none"> <!--// hide while loading -->
<?php
include 'pub-maintenance-panel.php';
?>
</div>
Now create a new file called pub-maintenance-panel.php that has the below in it, saved to your web directory (probably /var/www)
<?php
/* Copyright 2012 BrewPi/Elco Jacobs.
* This file is part of BrewPi.
* BrewPi is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* BrewPi is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with BrewPi. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<ul>
<li><a href="previous_beers.php"><span>Previous Beers</span></a></li>
<!--kinda dirty to have buttons in the ul, but the ul is styled as a nice header by jQuery UI -->
</ul>
4.Adding robots.txt
By adding a robots.txt file to the main directory of your webpage, considerate web crawlers will not index your site. This should keep your page from showing up on google and such, which I believe adds a little bit of security. Since you're hosting this traffic on your raspberry pi and your ISP I can't imagine you want the extra traffic or attention of anyone except for people you provide the link to. However, this step is not neccessary if you don't care about that. This is also not any sort of real security, as using robots.txt is purely voluntary by webcrawlers, and any malicious ones will just ignore it anyway.
The steps are pretty simple. create a file called robots.txt and copy in the following text. Save this to your folder with your brewpi web interface (most likely /var/www).
User-agent: *
Disallow: /
Bonus: setting up port forwarding and dns forwarding to create a public page
I don't think this has been described so far in this thread, so I'll give it a go. The details will very based on your network hardware and the service you choose, this will merely point you in the right direction. There are PLENTY of resources on the web if you have any trouble, and you're probably better served looking elsewhere if you have any issues with this. You'll need to do a few things. Set up an account with a dynamic dns service. Set up your raspberry pi to update that dynamic dns service. Open port forwarding on your router to allow web traffic to flow through to your raspberry pi.
There are several dynamic dns services, such as
noip and
duckdns. Go to one of these sites, or another of your choosing and set up an account and choose a URL. I personally chose duckdns.
If you do the same, you can follow their instructions after clicking 'Install' and 'linux cron' on their site, so that your raspberry pi will update the service frequently with the information needed to route to your raspberry pi from anywhere on the web. If you use another service, you'll have to follow their instructions to set this up.
You'll now need to set up port forwarding on your router to allow web traffic on port 80 to your raspberry pi. You can use
Portforward.com, select your router make, and then model, and then Apache as the application for instructions. These instructions suggest opening both ports 80 and 443, but you can restrict this to just port 80 for our purposes, and to be a bit more secure.