Skip to content

Instantly share code, notes, and snippets.

@corncobble

corncobble/readme.md

Last active August 24, 2025 05:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save corncobble/23ec2636ea68bdd45ef8669a83186c1d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save corncobble/23ec2636ea68bdd45ef8669a83186c1d to your computer and use it in GitHub Desktop.
Download ZIP
Use a non-network capable printer (Brother HL-L2320D) on your network (CUPS, IPP, AirPrint)
Raw
readme.md

For the print server I'm using a mini PC running Debian. The general steps outlined here are likely similar for other distributions as well. This is used in a home network so almost all access and policy restrictions are removed.

  1. Install the CUPS package: sudo apt update && sudo apt install cups

  2. Modify the CUPS daemon configuration file /etc/cups/cupsd.conf:

    • Replace Listen localhost:631 with Port 631 to listen on all addresses.

    • Add ServerAlias yourhostname.yourdomain or ServerAlias * to effectively bypass HTTP Host header validation.

    • Verify that Browsing Yes, BrowseLocalProtocols dnssd, and WebInterface Yes are present.

    • For all <Location> </Location> entries, allow connections from any local address on the network:

      # Restrict access to the server...
<Location />
  Order allow,deny
  Allow @LOCAL
</Location>

# Restrict access to the admin pages...
<Location /admin>
#  AuthType Default
#  Require user @SYSTEM
  Order allow,deny
  Allow @LOCAL
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
#  AuthType Default
#  Require user @SYSTEM
  Order allow,deny
  Allow @LOCAL
</Location>

# Restrict access to log files...
<Location /admin/log>
#  AuthType Default
#  Require user @SYSTEM
  Order allow,deny
  Allow @LOCAL
</Location>

    • For the default policy <Policy default> </Policy>, comment out all <Limit> </Limit> entries:

      # Set the default printer/job policies...
<Policy default>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
#  <Limit Create-Job Print-Job Print-URI Validate-Job>
#    Order deny,allow
#  </Limit>

#  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
#    Require user @OWNER @SYSTEM
#    Order deny,allow
#  </Limit>

#  <Limit CUPS-Get-Document>
#    AuthType Default
#    Require user @OWNER @SYSTEM
#    Order deny,allow
#  </Limit>

  # All administration operations require an administrator to authenticate...
#  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
#    AuthType Default
#    Require user @SYSTEM
#    Order deny,allow
#  </Limit>

  # All printer operations require a printer operator to authenticate...
#  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
#    AuthType Default
#    Require user @SYSTEM
#    Order deny,allow
#  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
#  <Limit Cancel-Job>
#    Require user @OWNER @SYSTEM
#    Order deny,allow
#  </Limit>

#  <Limit CUPS-Authenticate-Job>
#    AuthType Default
#    Require user @OWNER @SYSTEM
#    Order deny,allow
#  </Limit>

#  <Limit All>
#    Order deny,allow
#  </Limit>
</Policy>

  3. Restart the CUPS service to apply changes: sudo systemctl restart cups

  4. Install the brlaser CUPS driver package: sudo apt install printer-driver-brlaser

  5. Use the CUPS web UI http://yourhostname.yourdomain:631 or http://youripaddress:631 to add your printer. Select the appropriate driver from the list and enable printer sharing during the process.

  6. If you are not going to be configuring any network printers in addition to the one from the previous step, then the cups-browsed service can be disabled: sudo systemctl stop cups-browsed && sudo systemctl disable cups-browsed

  7. Install the Avahi daemon package (if not already installed): sudo apt install avahi-daemon

  8. By default, Avahi is configured to use all active network interfaces, including docker, tun, etc. This is likely unnecessary, so we can specify which interfaces to use in /etc/avahi/avahi-daemon.conf:

     allow-interfaces=enp1s0

  9. Restart Avahi to apply changes: sudo systemctl restart avahi-daemon

AirPrint

  1. Use the airprint-generate this updated airprint-generate script to generate the Avahi AirPrint service file for your printer. The Docker container works well here.
  2. Copy the resulting AirPrint-CUPS-Brother_HL-L2320D_series.service file to /etc/avahi/services.
  3. Restart the Avahi daemon to apply changes: sudo systemctl restart avahi-daemon
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment