I’m thinking about creating a Wiki for my local Pen and Paper group. I live in Germany, so basically any public website hosted here needs my name/address on it (which I’d rather not share, obviously). That’s why I wanted to restrict access to http://<your.IP>/wiki via lighttpd (if you access the page, you need to enter username and password before seeing anything), and I have some questions about that:

• Which file do I have to edit for that? Will there be a file for wiki in /etc/lighttpd/conf-enabled ?
• If I found the file, can I simply follow the tutorial from https://www.cyberciti.biz/tips/lighttpd-setup-a-password-protected-directory-directories.html (for example)?
• If I follow that tutorial, will it restrict access to all subfolder? (var/www/wiki/example)

You can restrict access to specific IPs with mod_access:

$HTTP[“remoteip”] !~ “IP1|IP2”

$HTTP[“remoteip”] match on the remote IP address or a remote network == or != CIDR mask (works with IPv6 since 1.4.40)

Here are some examples

# deny the access to www.example.org to all user which 
  # are not in the 10.0.0.0/8 network
  $HTTP["host"] == "www.example.org" {
    $HTTP["remoteip"] != "10.0.0.0/8" {
     url.access-deny = ( "" )
    }
  }

  # Allow only 200.19.1.5 and 210.45.2.7 to
  # have access to www.example.org/admin/
  $HTTP["host"] == "www.example.org" {
    # !~ is a perl style regular expression not match
    $HTTP["remoteip"] !~ "^(200\.19\.1\.5|210\.45\.2\.7)$" {
      $HTTP["url"] =~ "^/admin/" {
        url.access-deny = ( "" )
      }
    }
  }

Best would be to create your own config file in /etc/lighttpd/conf-available/ like 99-myown.conf and then symlink it to the conf-enabled directory.

sudo ln -s /etc/lighttpd/conf-available/myown.conf /etc/lighttpd/conf-enabled/
sudo systemctl force-reload lighttpd

to restrict access to a subfolder you can nest a rule into your config like:

$HTTP["url"] =~ "^/subfolder/" {
    url.access-deny = ("")
  }

mod_access docs

I guess it should be protected by password only, not by IP address.

This can be done with basic auth via mod_auth module.

https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_auth

edit:

found a nice quick how-to on github:
https://gist.github.com/MinaMikhailcom/b7619ed227c257b3b83e4511e8a65624

Thanks! I’ll set up Mediawiki now and see if I can get it working. First problem I encountered:

Social and Publishing Software Options - DietPi.com Docs lists “Database name” and “Database user” as “wikimedia”, but it’s “mediawiki”.

Edit:

Works like a charm!

What I did:

1. Add another .conf file (I called it “99-mediawiki-access.conf”, but it shouldn’t matter)

2. Fill the new .conf file with the following:

server.modules += ("mod_auth", "mod_authn_file")

auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/user_password"
auth.require = ( "/wiki" =>
    (
    "method"  => "basic",
    "realm"   => "Restricted!",
    "require" => "valid-user"
    ),
)

3. Create /etc/lighttpd/user_password , filled it with

username:password
username2:password2

4. Symlink:

sudo ln -s /etc/lighttpd/conf-available/99-mediawiki-access.conf /etc/lighttpd/conf-enabled/

5. Reboot

Thank you very much for all your help!

wtf, I’m going to adjust online docs. Thanks for the hin.