66

I have an Ubuntu server in my apartment and I just got a printer, so it's time to share!

In the past I've used CUPS on my Desktop and I'd just point the browsers to localhost:631 to set things up. Can I used the web based admin tools remotely?

I've been playing with the /etc/cups/cupsd.conf file and am currently at the point where I can direct a browser on my LAN to server-ip:631 but I'm getting the 403 Forbidden error.

If it's not possible or it's a bad idea for security reasons to allow remote administrator of CUPS, would it be possible to accomplish this using an SSH tunnel to the sever?

htorque
  • 66,086
Evan
  • 3,765

5 Answers5

85

I found this way to be simpler.

# cupsctl --remote-admin --remote-any --share-printers

It will update the /etc/cups/cupsd.conf file and restart cups for you, saving a backup of the previous configuration in the same folder.

It's the similar to the method presented in the official CUPS guide to printer sharing. I found the options --remote-admin in man cupsctl.

eri
  • 245
acorello
  • 1,089
  • 1
  • 9
  • 7
42

The way I normally achieve this is to tunnel over ssh via an arbitrary port:

ssh admin@10.36.8.43 -T -L 3631:localhost:631

Secure, and allows remote access. Won't solve all problems but useful for irregular access.

Cheetos O'Lay
  • 421
37

Mission achomplished! This page helped me out a lot.

All I had to do was add "Allow all" to to the access to the server and the admin pages so that my configuration now looked like:

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow all
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
</Location>

Now I just need to figure out to only allow those on my local network to access the admin pages and the configuration files :) (though it's probably not a big deal since I don't have port forwarding for 631 set up on the router?).

EDIT: To only allow a certain computer I could have done something like

<Location /admin>
      Order allow,deny
      Allow from 10.10.10.5
</Location>

Or for the whole 10.10.10 subnet,

<Location /admin>
      Order allow, deny
      Allow from 10.10.10.*
</Location>
Evan
  • 3,765
0

You might need to add the following line to your CUPS configuration file (/etc/cups/cupsd.conf):

Listen 127.0.0.1:631           # existing loopback Listen
Listen /var/run/cups/cups.sock # existing socket Listen
// this two line 
// replace 192.168.10.250 with ur only ip
Listen 192.168.10.250:631      # Listen on the LAN interface, Port 631 (IPP)
Port 631  # Listen on port 631 on all interfaces
//
BeastOfCaerbannog
  • 16,703
user2876087
  • 101
0

Open up 2 terminals

Edit /etc/cups/cupsd.conf as root

sudo nano /etc/cups/cupsd.conf

Get the IP in the second terminal

hostname -I

Edit /etc/cups/cupsd.conf and have the server listen on the local ip, replace 192.168.1.111 with the above command

Listen localhost:631
Listen 192.168.1.111:631

Get the subnet mask in the second terminal

ip addr show | grep "inet " | grep -v "127.0.0.1" | awk '{print $2}' | cut -d'/' -f1 | cut -d'.' -f1-3 | sed 's/$/.*/'

Edit /etc/cups/cupsd.conf and add in this replacing 192.168.1.* with the subnet mask from above.

<Location />
  Order allow,deny
  Allow @LOCAL
  Allow from 192.168.1.*
</Location>

<Location /admin>
  Order allow,deny
  Allow @LOCAL
  Allow from 192.168.1.*
</Location>

Exit and save /etc/cups/cupsd.conf and then restart the cups server

sudo systemctl restart cups.service

Go to http://192.168.1.111:631/ in your web browser (replace IP with the results from hostname -I) and setup your printer.

mikeytown2
  • 131