Simple yet Secure HTTP File Serving with SSO: Part 1

Disclaimer: what I am about to describe is the creation of a piece of concise software from fairly non-concise parts. It will be a pretty ride, but the end result should be very nice.

I have wanted to set up a secure yet painless server solution for downloading files I need from my machine when I behind the firewall on another machine. Given my new found penchant for web development and the incredibly good fit of HTTP to such an application I went about investigating how to solve this problem. It does not need to be easy to configure the server itself, but it definitely needs to be trivially easy to host files.

Making it easy:

  • drag-and-drop or copy-paste sharing setup (just put the files to share in a folder)
  • single sign-on (SSO) because everyone has too many usernames and passwords as it is
  • upon authenticating a file list should be displayed: manually typing in URLs is inconvenient and error prone

Proposed Solution:

  • Lighttpd (ssl) for its ease of setup and reputation for static hosting
  • OpenSSL for securing the communication channel
  • OpenLDAP for supporting SSO

The Lighttpd documentation makes a configuration like this easy and Jeremy Mates' tutorials on sial.org pick up most of the SSL work for us. However, OpenLDAP has been a giant pain for me because of the broken Berkeley DB v4 package in MacPorts. I resolved the MacPorts db4 package problem through some hacking (see HOWTO: sudo port install db4 Successfully).

Experience has taught me that SSL and LDAP are a dynamic duo for creating sleepless nights. This is one of them and I plan to get the meagre amount of sleep remaining to me.

Stay tuned for progress on the Simple yet Secure HTTP File Serving with SSO in Part 2…