A Quick and Dirty Web Maintenance Page Using .htaccess

Maintenance Page

Sometimes when working on a web site you need a quick and dirty “This Site is Down” Maintenance page. WordPress or other similar software may have this feature built-in or through a plugin, but sometimes you may need to put up a page while moving files around using ssh or scp/sftp/ftps.

If you use Apache or an Apache compatible web server that uses .htaccess, the easiest way to generate a  maintenance page is to combine the deny/allow directives with a custom 403 page which can be written directly in .htaccess. The directives will allow only your IP address to work on and view the web site while everyone else will see the maintenance page.

Single File Web Maintenance Mode

This method requires no php or other separate scripts, and no redirects.  Enabling the mode is simple – just remove (maintenance mode) or add (go live) the hash comment from two lines ( 21 and 23 in the example below).

Editing Htaccess File

Follow these simple steps:

  1. Using Winscp, ssh, or other similar utility login to your website server, and open .htaccess file located in your web root.
  2. Add the following lines to the top of the .htaccess file:
  3. Ask Google “What is my ip address ?“. This is your workstation ip address, select and copy it.
  4. Replace XXX.XXX.XX.XXX with the IP address you copied in the prior step.
  5. Edit the example to put in your own html code and save whatever picture you’d like to use as your background as “background.jpg” in your web root. Make sure any quotes on the ErrorDocument line (line 23 in the example) are  single quotes except the outer ones. Also the entire ErrorDocument line should all be on one line with no carriage returns (it will be displayed in the example as multiple lines but that’s just the presentation for this post, the code itself is all one line). 
  6. Save the .htaccess file.
  7. That’s it. To enable maintenance mode, uncomment line 21  “deny from all” and line 23 “ErrorDocument 403”. To disable maintenance mode and go “live” comment those same two lines out.
  8. Note that if you get an “Internal Server” error you have a syntax error in your .htaccess file. Fix and try again.

 

Maintenance Page

 

Raspberry Pi and Lighttpd

I’m familiar with apache but not lighttpd. There is very little I could find on how to setup lighttpd with ssl. I don’t have time todo a full blog post but here’s my example lighttpd.conf file for those of you who it might help. It has 2 virtual servers both using ssl. It does not listen on port 80 (non-ssl) at all.

I also followed this tutorial from the Nwgat blog to setup letsencrypt ssl certificates (the only one I could find that worked for me). I’m copying the steps below in case that link goes dead:

https://nwgat.ninja/setting-up-letsencrypt-with-lighttpd/

  1. Stop lighttpd
  2. combine files into ssl.pem
  3. Forward Secrecy & Diffie Hellman Ephemeral Parameters
  4. Copy and paste the following into /etc/lighttpd/lighttpd.conf dont forget to change yourdomain to your domain
    or you can put it into /etc/lighttpd/conf-enabled as letsencrypt.yourdomain.conf
  5. now open port and start lighttpd
  6. sudo ufw allow 443
    sudo service lighttpd start

Port Forwarding Http/Https to Different Computers Within Your Home Network

So you want to have different web servers on your home network that are exposed to the outside world?  How do you do that?  Most web servers listen on the same ports: 80 for non-ssl and port 443 for ssl. If a request comes in for port 80  

Say your home network is setup like this:

Home Network Computers
Router: 192.168.1.1

Your Study: 192.168.1.2 (running your personal wordpress blog )

Wife’s Office: 192.168.1.2 (running your personal wordpress blog)

Living Room Computer: 192.168.1.3 (Running Home Assistant web server)

1. Setup a dynamic DNS service. 

               Go to duckdns.org (super simple) to create a subdomain url for each computer you’d like to access in your internal network from any computer in the world.   I won’t explain it here as the DuckDNS site does a good job.  In my example you would need to set up 3 subdomains for your home network:

Example Dynamic DNS URLs

http://blog.duckdns.org -> your blog in your study

http://wifesblog.duckdns.org -> wife’s blog in her office

http://homey.duckdns.org -> home automation server at

2.  Setup Port Forwarding

                  Normally, if you are outside your home network, say at a coffee shop, and plug “http://homey.duckdns.org” in your browser you most likely will end up either with blank page/unauthorized page or will get the control panel login for your router which is at 192.168.1.1. 

To set-up port forwarding within your home network go into your router (192.168.1.1 in my example) and navigate to the port forwarding section. I use ddwrt so in my home network I would selecte DD-WRT’s NAT/QoS menu selection and set the port forwarding as follows:

Port From (incoming set by url, e.g.: http://blog.duckdns.org:202) Ip Address Port To (This is port server is listening on)
80 192.168.1.1 804 (fake port, nothing is listening here)
202 192.168.1.2 80
203 192.168.1.3 80
204 192.168.1.4 8123

Here’s a screen shot of my example setup:

 
Once Saved, you access your sites as follows:

URL -> Server

http://blog.duckdns.org:202 -> your blog in your study at 192.168.1.2 port 80

http://wifesblog.duckdns.org:203 -> wife’s blog in her office at 192.168.1.3 port 80

http://homey.duckdns.org:204 -> home automation server at 192.168.1.4 port 8123

If someone leaves the port out (http://blog.duckdns.org) it would just go to a blank page because it would be forwarded to 192.168.1.1:804  which is a fake port with nothing listening.

In actual practice you should use SSL for each of these,but for simplicity of explanation I’ve left that out. However, it would work the same way. You would turn off port 80 on each of the servers, and substitue 443 for 80 above, with an additional fake port for 443, such as the following:

Port From (incoming set by url, e.g.: http://blog.duckdns.org:202) Ip Address Port To (This is port server is listening on)
443 192.168.1.1 804 (fake port, nothing is listening here)
202 192.168.1.2 443
203 192.168.1.3 443
204 192.168.1.4 8123


Also, if you’re using ssl you’ll need to set up ssl certificates (use LetsEncryptfor free ssl certifices)

As a final note, you could have all of these sites on one computer (personally I’m doing this on Raspberry Pi 3 using lighttpd and homeassistent), but you would have to change the default  listening ports on each server that is running. For example, instead of your blog’s server software listening to 443, you would have the ssl port listen to say 452.   Likewise, your wife’s ssl port would listen to say 574, etc. .