Chapter 1. Installing and configuring CUPS

You can use CUPS to print from a local host. You can also use this host to share printers in the network and act as a print server.

Procedure

  1. Install the cups package: 

    # dnf install cups

  2. If you configure a CUPS as a print server, edit the /etc/cups/cupsd.conf file, and make the following changes:

    1. If you want to remotely configure CUPS or use this host as a print server, configure on which IP addresses and ports the service listens: 

      Listen 192.0.2.1:631
Listen [2001:db8:1::1]:631

      By default, CUPS listens only on localhost interfaces (127.0.0.1 and ::1). Specify IPv6 addresses in square brackets.

      Important

      Do not configure CUPS to listen on interfaces that allow access from untrustworthy networks, such as the internet.

    2. Configure which IP ranges can access the service by allowing the respective IP ranges in the <Location /> directive: 

      <Location />
  Allow from 192.0.2.0/24
  Allow from [2001:db8:1::1]/32
  Order allow,deny
</Location>

    3. In the <Location /admin> directive, configure which IP addresses and ranges can access the CUPS administration services: 

      <Location /admin>
  Allow from 192.0.2.15/32
  Allow from [2001:db8:1::22]/128
  Order allow,deny
</Location>

      With these settings, only the hosts with the IP addresses 192.0.2.15 and 2001:db8:1::22 can access the administration services.

    4. Optional: Configure IP addresses and ranges that are allowed to access the configuration and log files in the web interface: 

      <Location /admin/conf>
  Allow from 192.0.2.15/32
  Allow from [2001:db8:1::22]/128
  ...
</Location>

<Location /admin/log>
  Allow from 192.0.2.15/32
  Allow from [2001:db8:1::22]/128
  ...
</Location>

  3. If you run the firewalld service and want to configure remote access to CUPS, open the CUPS port in firewalld: 

    # firewall-cmd --permanent --add-port=631/tcp
# firewall-cmd --reload

    If you run CUPS on a host with multiple interfaces, consider limiting the access to the required networks.

  4. Enable and start the cups service: 

    # systemctl enable --now cups

Verification

  • Use a browser, and access http://<hostname>:631. If you can connect to the web interface, CUPS works.

    Note that certain features, such as the Administration tab, require authentication and an HTTPS connection. By default, CUPS uses a self-signed certificate for HTTPS access and, consequently, the connection is not secure when you authenticate.

Next steps