Using IIS7.5 with Dropbox to host websites

Filed under Uncategorized

Up until recently I have been developing a web project using Processing.js and hosting it locally using IIS for development and testing.

For those who aren’t familiar with Dropbox it is a service that allows you to store 2GB of files in the cloud on Amazon’s S3 service for free. It also has Windows and Mac clients that sync files from a special folder on your hard drive to the cloud. The service is super simple to use and the integration with a local folder on your PC makes it extremely easy to work from multiple locations or computers with the same set of files because you can sync your files to multiple computers or with multiple Dropbox users by sharing folders.

When you combine this with the power of GitHub and a web server you can create a system that allows you to develop a web project, have it hosted from that folder on the web, and sync all the files between multiple machines as well as check in files to a managed repository cloud for others to work as well.

I can work from home and all my files are automatically synced from work, when I change a file at home it automatically syncs the file to the web server for me and because IIS points to the synced folder to serve to the web it means as I develop remotely my web server is always up to date within a few seconds of saving a file and the website is updated as well.

Recently though we had a power failure at Seneca and something caused IIS to throw permission errors when linking a virtual directory to the Dropbox folder containing my website.

It turned out I had to add the ‘Authenticated Users’ to the list of authorized accounts that can access the folder. I am also using Basic Authentication for password protection on the website for a quick and easy way to block anonymous access to the website.

The basic steps for creating a password protected development website that you can sync all your files between machines goes like this:

  1. Install Dropbox on all computers you will be working from including your host web server.
  2. Setup your website folder but do not share this folder with other people to modify. This is bad practice you don’t want others changing files on your website from a folder on their computer. Use a source control repository like Github to manage code.
  3. Install IIS on your host machine.
  4. Verify the port your using to host websites is open (usually port 80) on your network.
  5. Create a user for people who will be accessing the website remotely on the host web server.
  6. Create a virtual directory in the default website and set the alias to whatever name you want your users to access like mydevsite which will be accessed by myserveripordomainurl/mydevsite.
  7. Set the physical path to point to your Dropbox folder.
  8. Click on ‘Connect As…’ and check ‘specific User’, then enter a user that has permissions to access this folder and their password.
  9. Click ‘Test Settings…’ and verify both checks pass ok.
  10. If you have a domain name point it to your server ip or create a CNAME record that points to your IIS server ip to make a friendly url for those accessing your website.
  11. In IIS manager, select your virtual directory and pick ‘Authentication’. Disable Anonymous Authentication and enable Basic Authentication.
  12. Ideally you should Enable SSL and use HTTPS and also use a better authentication method than Basic Authentication but that is beyond the scope of this checklist.

4 Comments

  1. trancemanchik says:

    Thanks for good information!

  2. Maximilian says:

    don’t 4get to enable “directory browsing” also ;)

  3. Frank says:

    This is horrible security practice.
    Dropbox creates “Special Permissions” for the Users account. These special permissions include write permissions. I doubt you want your whole complete website to have write permissions enabled.

    Might be good for testing. But not good for deployment. I think you are better of installing git on your server and using its built in hooks to push updates to your web server.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*