The following documentation is a copy of the documentation created by the BarracudaDrive installation application.
You now have BarracudaDrive up and running, but the web-server is not accessible from the outside world before you make a number of changes to your home network. This tutorial is designed to help you configure your home network and make the web-server available on the internet. We assume you have a small home network with a router such as a D-Link, Linksys, etc.
If you are using a home router, you must set up port forwarding since a home router uses Network address translation. This may sound very difficult, but any person with home network skills should be able to do it.
Portforward.com contains step by step guidelines for how to set up port forwarding for BarracudaDrive. Portforward.com tells you to set up a static IP address for your computer, but in most cases this is generally not needed as new routers should remember your PC's MAC address. Just make sure that you do not turn off your router. Please follow the tutorial at Portforward.com by clicking the above link. Also, some routers allow you to lock in the IP address by using your PC's MAC address -- this is referred to as static DHCP. If the terminology is unclear, you can read about this in Portforward.com.
Ask a friend to test your web-server when you have set up the router. Tell him to enter the IP address of your WAN IP address in the browser as http://69.123.225.54, where 69.123.225.54 is an example of a WAN address. You can get your WAN IP address here.
Your friend should see your start page if you managed to correctly configure your router.
We explained how to make your web-server available on the internet above. You can now access your computer remotely by using your WAN IP address.
Using the WAN IP address is cumbersome for two reasons:
We need to find a method for using names such as http://mycomputer.com instead of http://69.123.225.54. This translation is normally handled by a DNS server and can be configured if you register a domain name and if you have a static WAN IP address. As an example, you can access the Google search engine by typing in http://www.google.com in a browser. The domain name google.com is registered to Google and made available on the internet. The browser asks a DNS server, and the DNS server translates the domain name to an IP address behind the scene.
Most home/broadband users have a dynamic IP address with a lease that typically expires after 24 hours. You may have to pay extra to get a static IP address at home. It is also difficult to configure DNS. A much easier solution is to use one of the Dynamic DNS (DDNS) service providers. This service is also easy to use if you have a static IP address.
DDNS providers typically provide two types of DDNS services: a free service and a commercial service.
The free service typically lets you select from a list of pre-registered domain names, and your domain name will have the form: myname.preregistered-domain.com. Example: erik.homeftp.org, where homeftp.org is a pre-registered domain from a DDNS provider.
The commercial service allows you to register and select your own domain name. As an example, realtimelogic.com could have been handled by a DDNS service provider.
One of the free DDNS service providers is DynDNS. In the following section, we will show you how to register and get a DynDNS account up and running. You are not limited to using DynDNS -- any of the other DDNS providers available can be used. You do not need to understand how this works, but if you are curious, you can read about how Dynamic DNS works at Wikipedia.
Click the following link to create a free DynDNS account: register.
You can create a computer name as soon as you have received the confirmation email from DynDNS. Click the following link to login and create a computer name: add computer.
You have now registered a host name and domain name in the DynDNS database. The database must be periodically updated, and, therefore, you must install a DynDNS updater on your computer. Your internet computer name will not work unless the DynDNS updater periodically updates the database.
Notice that some routers, such a D-Link, allow you to setup a DDNS updater directly in the router. This means that you may skip the next section if your router supports this option.
Windows DynDNS updater:
Macintosh/OS X DynDNS updater.
The administrator panel is an application built into the BarracudaDrive web-server. This application lets you control and manage the BarracudaDrive web-server.
The administrator panel is designed using cutting edge web technology. Thus, the application must be run in Internet Explorer 6.0 or better, or Firefox 1.5 or better.
You can operate the administrator panel from a remote computer, but you should always use a secure connection (HTTPS). Also, we do not recommend remotely operating the administrator panel from a public computer as the public computer may have spyware such as keystroke logging software installed.
Only users in the "admin" role will see the administrator panel link on the settings page. Users and roles are introduced in administrating users.
You will see the following links in the left pane of the administrator panel.
Please click on one of the above links for a detailed explanation of how to use the administrator panel applications. Please see administrating users for an introduction to managing users and setting user permissions.
The following tutorial shows you how to manage BarracudaDrive users and give the users access to the built in web-file-manager and the WebDAV server.
This tutorial is based on the two users, thomas and james, that we used as an example in the "how it works link" on the create users page. Assume also that we have a user called gordon that was created by clicking the Set admin link.
The following two images shows a fragment of the Users Editor and the Drive Constraints Editor after we have created the admin user gordon, and the two users, thomas and james.
| Users Editor | Drive Constraints Editor |
|---|---|
|
|
From the above left image, the Users Editor, you see that we have the following:
From the above right image, the Drive Constraints Editor, you see that we have the following constraints:
A constraint is just an anchor point for joining path elements and roles. The name of the constraint is irrelevant. We are naming the constraints the same as the roles in the above example since the constraints we created only contain one role. A constraint typically consists of one or more roles. A constraint with zero roles implies that it includes all roles -- i.e., a wildcard constraint.
A role is a collection of one or more users. A role is also sometimes called a group. Roles are used by the constraints Editor when setting permissions. The constraints editor makes it possible to give access or deny access to roles, but not to users -- i.e., you do not directly set permission rules for users, but for the roles.
It is common to group users into roles as you may want to set certain permissions for a group of users. It is also common to give users unique access rights such as giving a specific user access to his/her home directory.
The roles thomas and james above are used for giving the user thomas and james unique access rights to their home directories. The role common is used for giving all users full access rights to the common directory. The role users_r is used for giving users read access to the users base directory. We will discuss the role users_rw later.
Users can be in more than one role. User thomas is in the thomas and users roles. User james is in the james and users roles. User gordon is in all roles since his roles list is empty. An empty roles list means that a user is in all roles. Be very careful about not including users in any roles as they in effect become administrators. When you create a new user, the user is automatically added to the role "guest" to make sure the roles list is not accidentally left empty.
We briefly discussed above that we set permissions for roles and not directly for users. This gives us greater flexibility in managing the permissions for the users. The Drive Constraints Editor uses the roles when setting up constraints for the BarracudaDrive users.
You might be used to setting file permissions on files on your hard drive. One can typically set permissions such as read only access, or read and write access on a particular file or directory. BarracudaDrive uses a very different scheme for setting access permissions on files and directories. You do not set permissions on the physical file or directory. BarracudaDrive's permission rule set is based on the path element of a URL. It is possible to set permissions on a file or directory that does not yet exist.
Let us start by analyzing the permissions we set in the how it works link on the create users page. We have the following:
|
Path |
Access thomas |
Access james |
Access Gordon |
|
c:\bdusers |
Read |
Read |
Read and write |
|
c:\bdusers\common |
Read and write |
Read and write |
Read and write |
|
c:\bdusers\thomas |
Read and write |
No access |
Read and write |
|
c:\bdusers\james |
No access |
Read and write |
Read and write |
|
Any other directory |
No access |
No access |
Read and write |
The above table can be translated to the following URL path elements and the following roles:
|
Path |
Roles |
Access type |
|
/* |
admin |
Read and write |
|
/c/bdusers/* |
users_r |
Read |
|
/c/bdusers/* |
users_rw |
Read and write |
|
/c/bdusers/common/* |
common |
Read and write |
|
/c/bdusers/thomas/* |
thomas |
Read and write |
|
/c/bdusers/james/* |
james |
Read and write |
A path ending with /* indicates that the permission is for this directory and all sub-directories -- i.e., a wildcard match.
We explained above that user gordon is in all roles since his roles field is empty. We want gordon to have access to all directories so let us analyze how this works.
Gordon is in all groups and also in group admin. You can see from the above table that the admin group has access to /* -- i.e., access to everything. You might think that gordon will have access to all directories since he is part of the admin group, but this is not the case. In BarracudaDrive, a longer path takes precedence over a shorter path. This means that, for example, the path /c/bdusers/common/* takes precedence over /* and the group admin no longer applies in this directory. Luckily, gordon is in all roles and, therefore, also in role "common", which has read and write access to /c/bdusers/common/*.
Role "user_r" with path /c/bdusers/* takes precedence over the admin group. This role has read access to the /c/bdusers/ directory, and consequently, gordon has read access to /c/bdusers/. We want gordon to have read and write access to this directory so we must create a new group that also has write access. The group "users_rw" fixes this problem and gives gordon full access to /c/bdusers/ -- i.e., the only reason for this group is to give gordon full access to directory /c/bdusers/.
User thomas is in role thomas and users. He, therefore, has read and write access to /c/bdusers/thomas/* and /c/bdusers/common/*. He also has read access to /c/bdusers/.
User james is in role james and users. He has read and write access to /c/bdusers/james/* and /c/bdusers/common/*. He also has read access to /c/bdusers/.
We explained above that a constraint with a longer path takes precedence over a constraint with a shorter path. We also explained that a constraint with zero roles implies that it includes all roles. We can use this information to make constraints that limit access for all roles to certain directories.
Making limitations to certain directories is very useful on a Windows computer. We explained in the web-file-manager tutorial that BarracudaDrive sees the disks on your computer as root directories. The following image shows a Web Folder window (WebDAV client) viewing the root of BarracudaDrive. We are logged into the server by using the user gordon as only this user has access to the root.
The above image shows how the disks A, C, D, F, and Z show up in Web Folders. Many WebDAV clients automatically descend into directories and start reading information from these directories. Reading from volatile/removable disks such as the floppy drive A and the two CD-ROM drives D and F is not good as it slows down the BarracudaDrive server when there are no disks in these drives. What we should do is to make the disks A, D, and F invisible for clients. This is easily accomplished by creating a constraint that limits access to all roles.
Open the Drive Constraints Editor and do the following:
You can now open either the web-file-manager by using a browser or connect to the server using a WebDAV client such as Web Folders. The volatile disks will no longer be visible in the client.
The Users Editor makes it possible to locally or remotely manage the BarracudaDrive users. The image below shows the "Users Editor" with the users we created in the introduction.
The "admin" role is a role used by a number of services in the server. It is a hardwired role built into the system. For example, this tutorial you are reading now is only accessible to users in the "admin" group.
The admin panel and the admin panel's communication with the BarracudaDrive server is protected and only users in the "admin" role are allowed to access the admin panel. Our user gordon is in all roles since his "Roles list" is empty. He is, therefore, allowed to access the admin panel. We suggest that you keep your admin account's "Roles list" empty as you can otherwise accidentally deny yourself access to the admin panel.
The Drive Constraints Editor makes it possible to locally or remotely manage the web-file-manager and the WebDAV access rights. The image below shows the Drive Constraints with the users we created in the introduction.
We briefly explained how one adds a path element to a constraint in (7) above. Assume that we want to give user thomas read and write access to james' home directory. One can either type in the path to james' home directory in the input field or press the browse button. The image below shows the Drive Constraints Editor when we have selected constraint thomas and pressed the "Add path" button.
The "Add path" button opens a directory browser that lets you remotely navigate your BarracudaDrive server. The client web-application uses Web Services and communicates with the BarracudaDrive web-file-manager server in the background. You simply navigate to the desired directory, click the directory, and drag the directory to the URL path elements list. In the above image, we drag /c/bdusers/james to the thomas constraints, thus giving the user thomas read and write access to james' home directory.
The directory browser initially appears in the top left corner. One can move this pop-up window around by clicking on it with the mouse and dragging it to a different location. We have moved the directory browser to the bottom right corner in the above image to make it easier to view.
You remove the directory browser by pressing the hide button located in the lower left corner.
The Tunnel Constraints Editor makes it possible to locally or remotely manage permissions for the built in BarracudaDrive HTTPS tunnel server. See the HTTPS tunnel client for more information on how to use the BarracudaDrive HTTPS tunnel.
The Tunnel Constraints Database is by default empty; hence no user is allowed to use the tunnel. The Tunnel Constraints Editor is similar to the Drive Constraints Editor and makes it possible to give roles access to use the tunnel service.
The tunnel constraints use URL path elements similar to the drive constraints. The path element works as follows:
/computername/port
One can use wildcard path elements so the following is allowed:
/computername/*
/*
Examples:
|
Description |
Constraint path element |
|
Give role(s) access to localhost port 23 |
/localhost/23 |
|
Give role(s) access to google.com port 80 |
/google.com/80 |
|
Give role(s) access to any port on the computer with IP address 192.168.1.100 |
/192.168.1.100/* |
|
Give role(s) access to any computer and any port. |
/* |
The following image shows a constraint called "thomas". The constraint gives the role thomas, which is unique to the user thomas, access to use the telnet server running on the same computer as BarracudaDrive. The constraint also allows thomas to use any port on myserver.net. The user thomas is not allowed to use any other service.
In (3) above, you enter the hostname and either type in the port number or use the drop down list to select one of the standard ports, such as telnet. Leave the port field empty if you would like to add a path such as /computername/*. Leave the host field empty if you would like to add a path such as /*. You can modify a path element as follows: Click on the path in (4), modify the path, and press the "Modify" button.
BarracudaDrive is a web-operating-system that allows you to dynamically start and stop web-applications. The installation guide you are currently reading is designed using our LSP scripting language and is such an application. You can use the Application Manager to stop and then optionally remove this installation guide once you no longer need it.
The following applications are integrated into the web-server and cannot be removed: Web-File-Manager, WebDAV server, HTTPS tunnel server, administration panel and auxiliary HTML files.
An application can be one of the following:
Each application should have a file called ".appinfo" in the root of the application folder. Do not delete this file as it contains configuration data for the application, such as the application type and application mode.
An application can be in two modes: standard application or root application. The mode is set in the .appinfo configuration file. The .appinfo configuration file is automatically created when you create a new BarracudaDrive application.
A standard application has a name and the name is used as the base path for the application. For example, the base path to this setup guide is /setup/. You can see this in your browser's URL field.
A link to a running (active) standard application is automatically generated by the web-server if you visit one of the standard BarracudaDrive pages such as /rtl/settings/, /rtl/about.lsp, etc.. The link appears on the left side of the page.
A root application is installed into the web-server's root directory and the application does not have a base path. For example, a root application with an index.html will be the web-server's main index.html page -- i.e., the page visitors will first see when visiting your BarracudaDrive web-server. The set WWW" link to the left installs a root application.
One typically has one root application in addition to the hard wired BarracudaDrive root application. The BarracudaDrive root application directs visitors entering the servers root path /rtl/, which is our welcome page.
You can set a priority on your root application if you have purchased BarracudaDrive professional. The "Set WWW" link to the left creates an application with a higher priority than the hard wired BarracudaDrive root application. This means that once you have installed your WWW root application, visitors will no longer be directed to /rtl/ when they visit BarracudaDrive, but will instead see your own main index page.
You will see the following tabs at the top of the Application Manager:
The manager gives you a list of the applications the Application Manager is aware of. The applications may or may not be running. You can click on the application and the application manager will give you detailed information regarding this application. The page with the detailed information also lets you start, stop, and remove applications.
The Load button on the Load page makes it very easy to load new BarracudaDrive applications. The "applications" sub-folder, which is a subordinate directory of your BarracudaDrive installation, is where you keep deployed BarracudaDrive applications -- i.e., BarracudaDrive ZIP files. When you press the load button, the server analyzes the content of the "applications" sub-folder and loads new application(s) found in this directory.
A link to each running application is automatically generated by the web-server if you visit one of the standard BarracudaDrive pages such as /rtl/settings/, /rtl/about.lsp, etc.. The link(s) appear on the left side of the page.
The BarracudaDrive server is delivered with a few applications, such as this setup guide. Additional applications can be downloaded from barracudaserver.com.
The "New" page allows you to create new BarracudaDrive applications. This page is mainly intended for BarracudaDrive LSP application developers. The "Set WWW" link to the left is a simplified version of this page that allows you to create a BarracudaDrive root application by simply pressing one button.
A BarracudaDrive application is a plugin that extends the functionality in the server. You typically create a BarracudaDrive application, develop, test, and deploy the application by zipping the application together. A deployed application is typically copied to the "applications" sub-folder. The load button then allows you to load the deployed application. Note, data from a deployed application is typically sent compressed to the client which means faster response and bandwidth saved.
The following information is for web-developers with server side scripting experience.
The Lua scripting language is extensible and powerful. Lua is very fast compared to other scripting languages. The standard Barracuda Embedded Web Server API is only available to C/C++ programmers. The LSP plugin exports methods in the Barracuda Embedded Web Server to Lua. The list of currently exported methods can be found in our online LSP documentation. The Barracuda LSP plugin makes it possible to handle multiple concurrent requests. Multiple requests are typically not possible in standard scripting servers as most scripting languages are not concurrent. The LSP plugin uses a combination of Lua Coroutines and Barracuda threads, making it possible to have a database driven server application with multiple concurrent requests.
The current LSP plugin makes a subset of the Barracuda Embedded Web Server available to script developers. The server currently allows you to develop standard WEB 1 applications. We are developing a WEB 2 server API that will enable Bindows applications, using standard RPC and our unique EventHandler, to communicate with the server in real-time.
We have prepared a few tutorials you can download and copy to the applications directory. The tutorials are available at http://localhost/tutorials/ after you have downloaded and started the tutorial using the BarracudaDrive application manager. See "loading applications" for more information.
The ZIP file contains:
You may write your first LSP application as soon as you have used the application manager to create a new LSP application. Any of the sample scripts in the tutorial can be unpacked and copied to your new LSP application directory. Go to the plugins sub-directory in the BarracudaDrive installation directory, unzip and copy tutorials.zip to the location of your LSP application. The sample scripts will be available at http://localhost/name/, where name is the name of your LSP application, as soon as you have unpacked the zip file in your home directory.
We suggest that you try to modify some of the LSP scripts. Pressing refresh in the browser will automatically recompile and run your LSP script.
Deploying a web application:The web-application can be deployed as soon as you have completed the
development. A BarracudaDrive LSP application is deployed by zipping the
application together and then copying the zip file to the plugins sub-directory
in the BarracudaDrive installation directory. The root name of the application
is the name of the zip file. For example, our LSP demo is named tutorials.zip
and the root path is therefore http://localhost/tutorials/.
The LSP demo
contains a index.lsp file,
which is automatically loaded when we specify the URL: http://localhost/tutorials/.
The LSP plugin works in cooperation with the Barracuda Embedded Web Server. The Barracuda Embedded Web Server delegates the request to the LSP engine if a file has the extension ".lsp". All other files are handled directly by the Barracuda Embedded Web Server. You can make the server more efficient by keeping HTML data to a minimum in a LSP page. You can take advantage of response:include for including HTML fragments and response:forward for response delegation -- i.e., a LSP script can, for example, contain logic to handle data received from an HTML form and then delegate the response to a HTML file for rendering the response.
A zipped (compressed) deployed application can directly serve standard HTML files compressed to the client. A LSP page is uncompressed and run by the server. A LSP page can send compressed data to the client by delegating the response, using response:forward, to a HTML page.