From 372fce28992bec7340829d86b24b37be819f0d8b Mon Sep 17 00:00:00 2001
From: 0xboobface <0xboobface@gmail.com>
Date: Sat, 10 Aug 2019 20:24:27 +0200
Subject: [PATCH] Update the RunningTheServer page

---
 .../src/main/java/ctbrec/docs/DocServer.java  |  2 +-
 .../resources/html/docs/RunningTheServer.md   | 43 +++++++++++++++++--
 .../ctbrec/servlet/StaticFileServlet.java     | 12 +++++-
 3 files changed, 51 insertions(+), 6 deletions(-)

diff --git a/client/src/main/java/ctbrec/docs/DocServer.java b/client/src/main/java/ctbrec/docs/DocServer.java
index 95ede4ee..2e386dae 100644
--- a/client/src/main/java/ctbrec/docs/DocServer.java
+++ b/client/src/main/java/ctbrec/docs/DocServer.java
@@ -48,7 +48,7 @@ public class DocServer {
         holder = new ServletHolder(searchServlet);
         handler.addServletWithMapping(holder, "/search/*");
 
-        StaticFileServlet staticFileServlet = new StaticFileServlet("/html");
+        StaticFileServlet staticFileServlet = new StaticFileServlet("/html", false);
         holder = new ServletHolder(staticFileServlet);
         handler.addServletWithMapping(holder, "/static/*");
 
diff --git a/client/src/main/resources/html/docs/RunningTheServer.md b/client/src/main/resources/html/docs/RunningTheServer.md
index ac3076c7..bb9f19a5 100644
--- a/client/src/main/resources/html/docs/RunningTheServer.md
+++ b/client/src/main/resources/html/docs/RunningTheServer.md
@@ -1,5 +1,8 @@
-How To Run The Server
-------------
+## How To Run The Server
+
+**!!! First things first !!!**
+If you expose the server to the internet, I highly recommend enabling authentication and secure communication via TLS. Otherwise the whole world has access to your CTB Recorder server.
+
 The archive you downloaded contains a `server.bat` or `server.sh`, which can be used to start the server. On the first start, the server uses a default configuration. Once you terminate the server by pressing <kbd>ctrl</kbd> + <kbd>c</kbd>, the config is stored in your user home.
 
 On Windows that is `C:\Users\{your user name}\AppData\Roaming\ctbrec\server.json`
@@ -8,4 +11,38 @@ On Linux it is `~/.config/ctbrec/server.json`
 
 On macOS it is `/Users/{your user name}/Library/Preferences/ctbrec`
 
-You can open this file in a text editor and change it to your likings. You probably only want to change `httpPort` and `recordingsDir`. Most of the other stuff is irrelevant since the server and CTB Recorder use the same config file format. When the server is running, you can connect to it with CTB Recorder by changing the setting "Record location" to "Remote". 
\ No newline at end of file
+You can open this file in a text editor and change it to your likings. You probably only want to change `httpPort` and `recordingsDir`. Most of the other stuff is irrelevant since the server and CTB Recorder use the same config file format. When the server is running, you can connect to it with CTB Recorder by changing the setting "Record location" to "Remote".
+
+### Web Interface
+You can enable the server's web interface in the configuration server.json. Just set `webinterface` to true and set values for `webinterfaceUsername` and `webinterfacePassword`.
+
+### SSL / TLS
+Since version 2.2.0 CTB Recorder supports SSL / TLS. To switch it on/off you have to change the server and client configuration. On the server side open the server.json and set
+`transportLayerSecurity` to true. The server will then open an additional port, which can be configured with `httpSecurePort`.
+On the client side open CTB Recorder and on the Settings tab change the port to the value of `httpSecurePort`. Then tick `Use Secure Communication (TLS)`. Afterwards restart
+CTB Recorder and you should be able to connect to the server.
+
+By default, CTB Recorder uses a self-signed certificate. If you also use the webinterface, your browser will complain about that, but you can just ignore the warning and add the 
+certificate to your trusted certificates.
+
+#### Custom certificate
+You can also use your own certificate, if you want to. Follow these steps to create a keystore, which can be used by the server:
+* `cd <your_ctbrec_directory>`
+* `openssl pkcs12 -export -in <certificate>.pem -inkey <private_key>.pem -out <some_name>.p12 -chain -name <some_name> -CAfile <ca_certificate>.crt -caname root`
+* `keytool -v -importkeystore -srckeystore <some_name>.org.p12 -srcstoretype PKCS12 -destkeystore <some_name>.ks -deststoretype PKCS12` (keytool is part of the Java distribution, so you should be able to find it in the bin directory of your Java installation. If not, download the current JDK from jdk.java.net).
+You will be asked to enter a password during the process. Enter the same password everytime and note that down.
+* Open the server.sh / server.bat
+* add `-Dkeystore.file=<some_name>.ks -Dkeystore.password=<your_password>` directly after $JAVA / java
+
+#### Running behind Apache / NGINX 
+You can also run the CTB Recorder server behind Apache or NGINX. I only tested it with Apache and mod_proxy:
+* disable `transportLayerSecurity` in the server.json, TLS should be handled by Apache 
+* set `servletContext` to `/ctbrec`
+* in your Apache config add:
+
+	`ProxyPass /ctbrec http://localhost:8080/ctbrec`
+
+	`ProxyPassReverse /ctbrec http://localhost:8080/ctbrec`
+* CTB Recorder will then be available under `https://your.server.name/ctbrec`, the webinterface (if enabled) under `https://your.server.name/ctbrec/static/index.html`
+* in the CTB Recorder app on the Settings tab enter `your.server.name` for the Server, `443` for the port, `/ctbrec` for the path.
+* tick `Use Secure Communication (TLS)`
\ No newline at end of file
diff --git a/common/src/main/java/ctbrec/servlet/StaticFileServlet.java b/common/src/main/java/ctbrec/servlet/StaticFileServlet.java
index 0eeaf9dd..942cd2d2 100644
--- a/common/src/main/java/ctbrec/servlet/StaticFileServlet.java
+++ b/common/src/main/java/ctbrec/servlet/StaticFileServlet.java
@@ -16,6 +16,7 @@ public class StaticFileServlet extends HttpServlet {
 
     private String classPathRoot;
     private Map<String, String> mimetypes = new HashMap<>();
+    private boolean contextAware = true;
 
     public StaticFileServlet(String classPathRoot) {
         this.classPathRoot = classPathRoot;
@@ -23,11 +24,18 @@ public class StaticFileServlet extends HttpServlet {
         mimetypes.put("js", "application/javascript");
     }
 
+    public StaticFileServlet(String classPathRoot, boolean contextAware) {
+        this(classPathRoot);
+        this.contextAware = contextAware;
+    }
+
     @Override
     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         String request = req.getRequestURI();
-        String contextPath = getServletContext().getContextPath();
-        request = request.substring(contextPath.length());
+        if (contextAware) {
+            String contextPath = getServletContext().getContextPath();
+            request = request.substring(contextPath.length());
+        }
         serveFile(request, resp);
     }