A geek log
Install mod-security for apache2
apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev sudo apt-get install libapache2-mod-security2 emacs /etc/modsecurity/modsecurity.conf
and change to following:
grep -i SecRuleEngine /etc/modsecurity/modsecurity.conf SecRuleEngine On
Restart apache2:
service apache2 restart
You need a VPS. Boot it up, login as root:
cd /root
apt-get install libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev gcc make git socat screen
wget http://nginx.org/download/nginx-1.11.13.tar.gz
tar xvf nginx-1.11.13.tar.gz
git clone git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
tar xzvf nginx-nginx-1.10.3.tar.gz
cd ~/nginx-1.11.13
./configure –with-http_ssl_module –add-module=~/ngx_http_substitutions_filter_module
make && make install
cd /usr/local/nginx/
./sbin/nginx
Test by going to the ip address of host.
cd /usr/local/nginx/conf
mv nginx.conf nginx.conf-backup
emacs nginx.conf
Add the code:
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
gzip on;
server {
listen 80;
server_name server_ip;
location / {
proxy_pass http://127.0.0.1:81/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
Start nginx after stopping it:
/usr/local/nginx/sbin/nginx -s stop /usr/local/nginx/sbin/nginx
Create a daemon:
emacs ~/socat.sh
#!/bin/bash socat tcp4-LISTEN:81,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:uj3wazyk5u4hnvtk.onion:80,socksport=9050
Run the daemon
screen -A -m -d -S SOCAT_DAEMON ~/socat.sh
To start it at boot, add to /etc/rc.local
/username/socat.sh
Enjoy
Credits:
1. https://proxybay.one/setup.html
2. http://tor.stackexchange.com/questions/13792/how-can-i-nginx-reverse-proxy-to-onion-site-which-is-on-tor-network/13884
Now that glyphicons have been phased out in Bootstrap 4, I needed an alternative and found opticons.
To install it:
First install Node Package Manager (npm):
curl -sL https://deb.nodesource.com/setup_6.x | sudo bash - apt-get install nodejs wget https://github.com/primer/octicons/archive/v5.0.1.zip unzip v5.0.1.zip cd octicons-5.0.1/
Now we need to edit the json to prevent npm from aborting saying that opticons cant be installed as a dependency of itself.
emacs package.json
Change the line:
"name": "octicons",
To
"name": "octicons-test",
Now continue:
npm install octicons –save
npm run build
Now the required files are available at ./build/
apt-get install libpq-dev postgresql php5 php5-pgsql php5-imap php5-curl php5-cgi libyaml-perl libdbi-perl davical emacs /etc/postgresql/9.4/main/pg_hba.conf
Add at the very top of the file:
local davical davical_app trust local davical davical_app trust
Reload postgresql:
/etc/init.d/postgresql restart
Now:
cd /usr/share/davical/dba su postgres -c /usr/share/davical/dba/create-database.sh
It gives message:
Supported locales updated. Updated view: dav_principal.sql applied. CalDAV functions updated. RRULE functions updated. Database permissions updated. NOTE ==== * The password for the 'admin' user has been set to 'something' Thanks for trying DAViCal! Check in /usr/share/doc/davical/examples/ for some configuration examples. For help, visit #davical on irc.oftc.net.
Create virtual server and edit the config:
emacs /etc/apache2/sites-available/davical.joel.co.in.conf
Davical wiki recommends the following:
<VirtualHost x.y.z.a> DocumentRoot /usr/share/davical/htdocs DirectoryIndex index.php index.html ServerName davical.yoursite.com ServerAlias calendar.yoursite.com Alias /images/ /usr/share/davical/htdocs/images/ ErrorLog /var/log/virtualmin/davical.yoursite.com_error_log CustomLog /var/log/virtualmin/davical.yoursite.com_access_log combined <Directory /usr/share/davical/htdocs/> AllowOverride None Order allow,deny Allow from all </Directory> AcceptPathInfo On </VirtualHost>
But only the following worked:
<VirtualHost *:80>
ServerName davical.yoursite.com
ServerAlias calendar.yoursite.com
DocumentRoot /usr/share/davical/htdocs
DirectoryIndex index.php index.html
Alias /images/ /usr/share/davical/htdocs/images/
ErrorLog /var/log/virtualmin/davical.yoursite.com_error_log
CustomLog /var/log/virtualmin/davical.yoursite.com_access_log combined
<Directory /usr/share/davical/htdocs/>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/joel/domains/davical.yoursite.com/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/joel/domains/davical.yoursite.com/fcgi-bin/php5.fcgi .php5
</Directory>
AcceptPathInfo On
</VirtualHost>
Now reload apache and the webpage.
Configure the file adding the following:
$c->admin_email = [email protected]'; $c->system_name = "DAViCal CalDAV Server"; $c->enable_row_linking = true; $c->default_locale = 'en_US.UTF-8'; $c->pg_connect[] = 'dbname=davical port=5432 user=davical_app';
Now reload the page and it should show login screen. Use the password that was earlier generated.
New information:
Requesting a certificate for your domains on an apache webserver running on Debian server is extremely easy.
Install certbot, a utility to help request letsencrypt certificates:
apt-get install python-certbot-apache -t jessie-backports
Now run it:
certbot --apache
This will start a curses interface to select sites whose certificates you want to renew.
This works very well and worked when the certicate module of webmin was botched up.
Older post:
This tutorial describes how to create a new SSL certificate using Let’s Encrypt (Public beta as of 06/12/2015).
Let’s Encrypt doku is at: http://letsencrypt.readthedocs.org/en/latest/using.html#installation
Let’s create a new droplet at Digitalocean to test Let’s Encrypt.
Now login via ssh to the server:
Install git, an editor (I prefer emacs) and letsencrypt:
apt-get install git emacs git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
To install and run the client you just need to type:
./letsencrypt-auto certonly --webroot -w /var/www/virtual/maindomain.com/mydomain.in/htdocs/ -d www.mydomain.in -d mydomain.in
IMPORTANT NOTES:
– If you lose your account credentials, you can recover through
e-mails sent to [email protected]
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.mydomain.in/fullchain.pem. Your cert will
expire on 2016-03-05. To obtain a new version of the certificate in
the future, simply run Let’s Encrypt again.
– Your account credentials have been saved in your Let’s Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let’s
Encrypt so making regular backups of this folder is ideal.
– If like Let’s Encrypt, please consider supporting our work by:Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Automatically installing letsencrypt certificates for a server running i-mscp control panel:
Once you’ve generated certificates as mentioned above, login to i-mscp,
Go to https://yourcpsite.com:2087/client/domains_manage.php
Next to your domain, click on “Add/Edit SSL Certificate”
Use the contents of the following file for each text box:
Private key -> /etc/letsencrypt/live/www.elephant.in/privkey.pem Certificate -> /etc/letsencrypt/live/www.elephant.in/cert.pem Intermediate certificate(s) -> /etc/letsencrypt/live/www.elephant.in/chain.pem
Manually installing letsencrypt certificates for a server running i-mscp control panel:
The following additional information pertains to manually installing these certificates for a server running i-mscp:
So, you’ve generated a certificate for the site www.elephant.in. The files created are at /etc/letsencrypt/live/www.elephant.in/ and are as followings:
lrwxrwxrwx 1 root root 36 Dec 6 09:12 cert.pem -> ../../archive/www.elephant.in/cert1.pem lrwxrwxrwx 1 root root 37 Dec 6 09:12 chain.pem -> ../../archive/www.elephant.in/chain1.pem lrwxrwxrwx 1 root root 41 Dec 6 09:12 fullchain.pem -> ../../archive/www.elephant.in/fullchain1.pem lrwxrwxrwx 1 root root 39 Dec 6 09:12 privkey.pem -> ../../archive/www.elephant.in/privkey1.pem
Copy these as follows:
cp /etc/letsencrypt/live/www.elephant.in/privkey.pem /var/www/imscp/gui/data/certs/elephant.in.privkey.pem cp /etc/letsencrypt/live/www.elephant.in/cert.pem /var/www/imscp/gui/data/certs/elephant.in.cert.pem cp /etc/letsencrypt/live/www.elephant.in/chain.pem /var/www/imscp/gui/data/certs/elephant.in.chain.pem
Now edit the file /etc/apache2/sites-enabled/elephant.in_ssl.conf:
Add/Edit the following directives:
SSLEngine On SSLCertificateFile /var/www/imscp/gui/data/certs/elephant.in.cert.pem SSLCertificateChainFile /var/www/imscp/gui/data/certs/elephant.in.chain.pem SSLCertificateKeyFile /var/www/imscp/gui/data/certs/elephant.in.privkey.pem
Restart apache2:
service apache2 restart
Now reload your website, and you will see the following certificate information:
SSLEngine On SSLCertificateFile /var/www/imscp/gui/data/certs/elephant.in.cert.pem SSLCertificateChainFile /var/www/imscp/gui/data/certs/elephant.in.chain.pem SSLCertificateKeyFile /var/www/imscp/gui/data/certs/elephant.in.privkey.pem
If your site shows invalid issuer information, you havent done these steps correctly.
Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.
For renewing, use the same command as you did when you generated the certificates. For automating renewal use --renew-by-default.
Eg:
./letsencrypt-auto certonly --webroot -w /var/www/virtual/joel.co.in/elephant.in/htdocs/ -d www.elephant.in -d elephant.in --renew-by-default
So, Mailcow seems to be a new kid on the block of mail servers. In this post, I’ll attempt to perform an installation of a freshly installed DigitalOcean droplet. (Digitalocean provides resizable VPSes that are useful to perform development and hobbyist work like this. )
Step 1:
Create a Dogital Ocean droplet. I’ll try the minimum size of droplet.
Step 2:
Login to the VPS as root. I’ll assume that you’ve installed your favorite text editor. I’ll be using emacs.
wget -O – https://github.com/andryyy/mailcow/archive/v0.11.tar.gz | tar xfz –
Substitute 0.11 with the latest release number from https://github.com/andryyy/mailcow/releases/latest
emacs mailcow.config
Edit it with your own values. It’s a piece of cake.
After running the install, I got an error:
+ DEBIAN_FRONTEND=noninteractive + apt-get --force-yes -y install zip jq dnsutils python-setuptools libmail-spf-perl libmail-dkim-pertp php-net-socket php-net-url php-pear php-soap php5 php5-cli php5-common php5-curl php5-fpm php5-gdent mysql-server nginx-extras mailutils pyzor razor postfix-mysql postfix-pcre spamassassin spamc surl libmime-base64-urlsafe-perl libtest-tempdir-perl liblogger-syslog-perl bsd-mailx E: Unable to correct problems, you have held broken packages. + '[' 100 -ne 0 ']' ++ redb '[ERR]' +++ tput bold +++ tput setaf 1 +++ tput sgr0 ++ echo '[ERR]' + echo '[ERR] - Package installation failed' [ERR] - Package installation failed + exit 1
I tried running the command manually:
apt-get --force-yes -y install zip jq dnsutils python-setp-mail-mimedecode php-net-dime php-net-smtp php-net-socket php-net-url php-pear php-soap php5 php5-c5-sqlite libawl-php php5-xmlrpc mysql-client mysql-server nginx-extras mailutils pyzor razor postfixtchmail liblockfile-simple-perl libdbi-perl libmime-base64-urlsafe-perl libtest-tempdir-perl liblogg Reading package lists... Done Building dependency tree Reading state information... Done bzip2 is already the newest version. curl is already the newest version. curl set to manually installed. libdbi-perl is already the newest version. libdbi-perl set to manually installed. mysql-client is already the newest version. openssl is already the newest version. openssl set to manually installed. python-setuptools is already the newest version. python-setuptools set to manually installed. unzip is already the newest version. unzip set to manually installed. Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: postfix-mysql : Depends: postfix (= 2.11.3-1) but it is not going to be installed postfix-pcre : Depends: postfix (= 2.11.3-1) but it is not going to be installed E: Unable to correct problems, you have held broken packages.
So I determined the problematic line:
$grep -inr 'install zip jq dnsutils' * includes/functions.sh:245:DEBIAN_FRONTEND=noninteractive apt-get --force-yes -y install zip jq dnsut
Edited the line to add postfix to the installation list, and reran installation:
[[email protected]] ~/build/mailcow-0.11 $emacs includes/functions.sh [[email protected]] ~/build/mailcow-0.11 $./install.sh
On the Node (server where we’ll install VMs):
egrep -c '(vmx|svm)' --color=always /proc/cpuinfo
4
apt-get install kvm qemu-kvm libvirt-bin virtinst emacs adduser `id -un` libvirt adduser `id -un` kvm
Testing:
virsh -c qemu:///system list Id Name State ---------------------------------------------------
–
apt-get install bridge-utils
Optional: Save network config to prevent getting lockedout due to misconfiguration:
emacs savenet.py chmod +x savenet.py
savenet.py contains:
#!/usr/bin/python
import datetime
import shutil
import os
mymin=str(datetime.datetime.now().minute)
myhour=str(datetime.datetime.now().hour+1)
rest=' * * * /bin/cp /root/interfaces.bak /etc/network/interfaces'
whole=mymin+" "+myhour+rest
print (whole)
shutil.copyfile('/etc/network/interfaces', '/root/interfaces.bak')
os.system("crontab -l > cronbox")
with open("cronbox", "a") as myfile:
myfile.write(whole+"\n")
myhour=str(datetime.datetime.now().hour)
mymin=str(datetime.datetime.now().minute+5)
whole=mymin+" "+myhour+rest
with open("cronbox", "a") as myfile:
myfile.write(whole+"\n")
os.system("crontab cronbox")
print "Cron set up to reverse network changes after 1 hour and five min.."
os.system("crontab -l")
emacs /etc/network/interfaces
Change /etc/network/interfaces
From:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth2
iface eth2 inet static
address 214.32.195.10
netmask 255.255.255.248
network 214.32.195.8
broadcast 214.32.195.15
gateway 214.32.195.9
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 199.255.156.3
To:
# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
address 214.32.195.10
netmask 255.255.255.248
network 214.32.195.8
broadcast 214.32.195.15
gateway 214.32.195.9
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
Restart networking. At this point, there is a potential that you will be locked out of the server if you’re doing this remotely. That’s why the python script saves network config, and reverts it after 5 minutes.
/etc/init.d/networking restart
ifconfig
br0 Link encap:Ethernet HWaddr 00:25:90:14:f0:12
inet addr:214.32.195.10 Bcast:214.32.195.15 Mask:255.255.255.248
inet6 addr: fe80::225:90ff:fe14:f012/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:197 errors:0 dropped:0 overruns:0 frame:0
TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11896 (11.6 KiB) TX bytes:13534 (13.2 KiB)
eth0 Link encap:Ethernet HWaddr 00:25:90:14:f0:12
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:111334 errors:0 dropped:0 overruns:0 frame:0
TX packets:10148 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:160232323 (152.8 MiB) TX bytes:1266350 (1.2 MiB)
Interrupt:43 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:350 errors:0 dropped:0 overruns:0 frame:0
TX packets:350 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:34375 (33.5 KiB) TX bytes:34375 (33.5 KiB)
apt-get install git python-pip python-libvirt python-libxml2 novnc supervisor nginx git clone git://github.com/retspen/webvirtmgr.git cd webvirtmgr pip install -r requirements.txt ./manage.py syncdb ./manage.py collectstatic cd .. mv webvirtmgr /var/www/ nano /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr; # or /srv instead of /var
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M; # Set higher depending on your needs
}
}
Now edit /etc/nginx/sites-available/default
nano /etc/nginx/sites-available/default
and Comment everything here.
service nginx restart chown -R www-data:www-data /var/www/webvirtmgr nano /etc/supervisor/conf.d/webvirtmgr.conf
[program:webvirtmgr] command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py directory=/var/www/webvirtmgr autostart=true autorestart=true stdout_logfile=/var/log/supervisor/webvirtmgr.log redirect_stderr=true user=www-data [program:webvirtmgr-console] command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console directory=/var/www/webvirtmgr autostart=true autorestart=true stdout_logfile=/var/log/supervisor/webvirtmgr-console.log redirect_stderr=true user=www-data
service supervisor restart
The installation is over.
At this point I realized that there were errors:
The following is my attempt to fix them (ineffectively):
On node to be monitored:
Uncomment the foll in /etc/libvirt/libvirtd.conf:
listen_tls = 0
listen_tcp = 1
tcp_port = “16509”
service libvirt-bin restart
On the server which monitors:
Edit: /etc/init/libvirt-bin.conf
Change on line 11:
env libvirtd_opts=”-d”
To:
env libvirtd_opts=”-d -l”
To fix error:
Trial1:
“# /usr/sbin/libvirtd -l
2015-06-20 15:08:33.484+0000: 6248: info : libvirt version: 1.2.2
2015-06-20 15:08:33.484+0000: 6248: error : virNetTLSContextCheckCertFile:117 : Cannot read CA certificate ‘/etc/pki/CA/cacert.pem’: No such file or directory
”
mkdir -p /etc/pki/CA
openssl genrsa 1024 > cakey.pem
openssl req -new -x509 -key cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
New error:
# /usr/sbin/libvirtd -l
2015-06-20 15:09:30.843+0000: 6267: info : libvirt version: 1.2.2
2015-06-20 15:09:30.843+0000: 6267: error : virNetTLSContextCheckCertFile:117 : Cannot read certificate ‘/etc/pki/libvirt/servercert.pem’: No such file or director
Trial2:
Following:
apt-get install gnutls-bin
(umask 277 && certtool –generate-privkey > host1_server_key.pem)
We’ll assume that you have a freshly installed Digitalocean server, and have logged into it via ssh:
alias l='ls -lah --color' apt-get update && apt-get install emacs
# Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes AllowUsers haiwen
service ssh restart useradd haiwen -s /bin/bash -m adduser haiwen sudo usermod -a -G www-data haiwen passwd haiwen apt-get install sudo sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list apt-get update locale-gen en_US.UTF-8
Now connect as user haiwen to ssh:
wget https://bitbucket.org/haiwen/seafile/downloads/seafile-server_4.1.2_x86-64.tar.gz tar -xzf seafile-server_* mkdir installed mv seafile-server_* installed cd seafile-server-4.1.2/ sudo apt-get install python2.7 python-setuptools python-imaging python-mysqldb mysql-server
Run setup-seafile-mysql.sh
[email protected]:~/seafile-server-4.1.2$ ./setup-seafile-mysql.sh Checking python on this machine ... Checking python module: setuptools ... Done. Checking python module: python-imaging ... Done. Checking python module: python-mysqldb ... Done. ----------------------------------------------------------------- This script will guide you to setup your seafile server using MySQL. Make sure you have read seafile server manual at https://github.com/haiwen/seafile/wiki Press ENTER to continue ----------------------------------------------------------------- What is the name of the server? It will be displayed on the client. 3 - 15 letters or digits [ server name ] acloud.dzon.in acloud.dzon.in is not a valid name What is the name of the server? It will be displayed on the client. 3 - 15 letters or digits [ server name ] DroidzoneCloud What is the ip or domain of the server? For example: www.mycompany.com, 192.168.1.101 [ This server's ip or domain ] 42.34.117.163 Which port do you want to use for the ccnet server? [ default "10001" ] Where do you want to put your seafile data? Please use a volume with enough free space [ default "/home/haiwen/seafile-data" ] Which port do you want to use for the seafile server? [ default "12001" ] Which port do you want to use for the seafile fileserver? [ default "8082" ] ------------------------------------------------------- Please choose a way to initialize seafile databases: ------------------------------------------------------- [1] Create new ccnet/seafile/seahub databases [2] Use existing ccnet/seafile/seahub databases [ 1 or 2 ] 1 What is the host of mysql server? [ default "localhost" ] What is the port of mysql server? [ default "3306" ] What is the password of the mysql root user? [ root password ] verifying password of user root ... Failed to connect to mysql server using user "root" and password "***": Can't connect to MySQL server on '127.0.0.1' (111) What is the password of the mysql root user? [ root password ] verifying password of user root ... done Enter the name for mysql user of seafile. It would be created if not exists. [ default "root" ] seafilusr Enter the password for mysql user "seafilusr": [ password for seafilusr ] Enter the database name for ccnet-server: [ default "ccnet-db" ] Enter the database name for seafile-server: [ default "seafile-db" ] Enter the database name for seahub: [ default "seahub-db" ] --------------------------------- This is your configuration --------------------------------- server name: DroidzoneCloud server ip/domain: 42.34.117.163 ccnet port: 10001 seafile data dir: /home/haiwen/seafile-data seafile port: 12001 fileserver port: 8082 database: create new ccnet database: ccnet-db seafile database: seafile-db seahub database: seahub-db database user: seafilusr --------------------------------- Press ENTER to continue, or Ctrl-C to abort --------------------------------- Generating ccnet configuration ... done Successly create configuration dir /home/haiwen/ccnet. Generating seafile configuration ... Done. done Generating seahub configuration ... ---------------------------------------- Now creating seahub database tables ... ---------------------------------------- creating seafile-server-latest symbolic link ... done ----------------------------------------------------------------- Your seafile server configuration has been finished successfully. ----------------------------------------------------------------- run seafile server: ./seafile.sh { start | stop | restart } run seahub server: ./seahub.sh { start <port> | stop | restart <port> } ----------------------------------------------------------------- If you are behind a firewall, remember to allow input/output of these tcp ports: ----------------------------------------------------------------- port of ccnet server: 10001 port of seafile server: 12001 port of seafile fileserver: 8082 port of seahub: 8000 When problems occur, Refer to https://github.com/haiwen/seafile/wiki for information. [email protected]:~/seafile-server-4.1.2$ ulimit -n 30000 [email protected]:~/seafile-server-4.1.2$ ./seafile.sh start Starting seafile server, please wait ... Seafile server started Done. [email protected]:~/seafile-server-4.1.2$ ./seahub.sh start Starting seahub at port 8000 ... ---------------------------------------- It's the first time you start the seafile server. Now let's create the admin account ---------------------------------------- What is the email for the admin account? [ admin email ] [email protected] What is the password for the admin account? [ admin password ] Enter the password again: [ admin password again ] ---------------------------------------- Successfully created seafile admin ---------------------------------------- Loading ccnet config from /home/haiwen/ccnet Loading seafile config from /home/haiwen/seafile-data Seahub is started Done.
Now seafile is accessible at http://45.55.195.173:8000/
Next up, setting https for seafile.
To start Seafile at Boot:
[email protected]:~$ sudo emacs /etc/init.d/seafile-server
#!/bin/bash
# Change the value of "user" to your linux user name
user=haiwen
# Change the value of "seafile_dir" to your path of seafile installation
# usually the home directory of $user
seafile_dir=/home/haiwen
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=false
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
#
# Write a polite log message with date and time
#
echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log}
echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log}
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
sudo emacs /etc/init/seafile-server.conf
start on (started mysql and runlevel [2345]) stop on (runlevel [016]) pre-start script /etc/init.d/seafile-server start end script post-stop script /etc/init.d/seafile-server stop end script
[email protected]:~$ sudo chmod +x /etc/init.d/seafile-server [email protected]:~$ sudo update-rc.d seafile-server defaults
Install owncloud on own server.
First add an apache virtualhost.
Edit
/etc/apache2/sites-available/default
Create the following:
<VirtualHost *:80> ServerName cloud.relsoft.in ServerAlias cloud.relsoft.in DocumentRoot /var/www/virtual/relsoft.in/cloud/htdocs </VirtualHost>
Create a “A” record in the DNS panel for relsoft.in:
A cloud.relsoft.in [myipaddress]
Create the virtual directory:
mkdir -p /var/www/virtual/relsoft.in/cloud/htdocs chown -R www-data.www-data /var/www/virtual/relsoft.in
Download and uncompress the latest owncloud installation package [Available at
https://owncloud.org/install/#instructions-server ] wget https://download.owncloud.org/community/owncloud-8.0.3.tar.bz2 tar xf owncloud-8.0.3.tar.bz2 mv owncloud/* ./ rm owncloud-8.0.3.tar.bz2 rm -rf owncloud/
Install php gd module, php5-curl and php5-mysql:
sudo apt-get install php5-gd php5-curl php5-mysql
Set always_populate_raw_post_data to -1 in your php.ini
Now to set the appropriate value in php.ini, first I have to locate the correct php.ini to edit.
find /etc -iname 'php.ini'
Now locate the location of the setting:
grep -in 'always_populate_raw_post_data' /etc/php5/apache2/php.ini
704:;always_populate_raw_post_data = -1
Edit the correct line with emacs:
emacs /etc/php5/apache2/php.ini
Alt-G G 704
takes me to the correct line to edit. Remove the two leading semicolons.
Restart apache2 server:
service apache2 restart
Now reload cloud.relsoft.in in your browser.
Now I got a security warning:
Your data directory and files are probably accessible from the internet because the .htaccess file does not work.
For information how to properly configure your server, please see the documentation.
This means that htaccess is not enabled for the server. So to setup .htaccess for apache:
Edit /etc/apache2/sites-available/default
emacs /etc/apache2/sites-available/default
Add the “AllowOverride All” directive.
So the block now looks like:
ServerName cloud.relsoft.in
ServerAlias cloud.relsoft.in
DocumentRoot /var/www/virtual/relsoft.in/cloud/htdocs
AllowOverride All
If while editing apache directive files, you face issues, run: systemctl status apache2.service Or journalctl -xn for details
Create database with mysql:
mysql -u root -p
mysql> CREATE DATABASE ‘owncloudie’;
mysql> USE owncloudie;
mysql> CREATE USER ‘cloudsrvrusr’@’localhost’ IDENTIFIED BY ‘mypassword’;
mysql> GRANT ALL PRIVILEGES ON owncloudie.* TO ‘cloudsrvrusr’@’localhost’ WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
mysql> EXIT;
Restart apache2, and reload the install page.
Now, add an admin username and password, and add the database details that we created with mysql.
When you click on ‘Finish setup’, mysql installation will be over, and you can login as administrator.
Create users.
Download the Desktop client at https://owncloud.org/install/#install-clients, and the Android client from https://play.google.com/store/apps/details?id=com.owncloud.android
To create ssl:
mkdir -p /etc/apache2/ssl openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
emacs /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin [email protected]
ServerName cloud.relsoft.in
ServerAlias www.loud.relsoft.in
DocumentRoot /var/www/virtual/relsoft.in/cloud/htdocs
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
a2ensite default-ssl.conf service apache2 reload
While opening a file which you were editing earlier, you might see the message prompting that auto-save data is available, and whether you wish to recover it. If you wish to do that,
Type:
Alt-X
recover-file
Press Enter
Now you will be prompted for filename. Enter it.
Confirm that you wish to recover autosave data.
You may sometimes be asked:
...htdocs/user/config.php locked by [email protected].. (pid 18467): (s, q, p, ?)?
You have the following options:
sSteal the lock. Whoever was already changing the file loses the lock, and you gain the lock.
pProceed. Go ahead and edit the file despite its being locked by someone else.
qQuit. This causes an error (file-locked), and the buffer contents remain unchanged–the modification you were trying to make does not actually take place.
Digital Ocean is a cloud VPS hosting service which lets you pay hourly, and once you start using it, keeps providing free credit to your account! For jumpstarting your hosting with the powerful VPSes from DO, click here.