Hardening my linux server

Install mod-security for apache2

apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev
sudo apt-get install libapache2-mod-security2
emacs /etc/modsecurity/modsecurity.conf

and change to following:

grep -i SecRuleEngine  /etc/modsecurity/modsecurity.conf
SecRuleEngine On

Restart apache2:

service apache2 restart

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

How to create a personal piratebay proxy

You need a VPS. Boot it up, login as root:
cd /root
apt-get install libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev gcc make git socat screen
wget http://nginx.org/download/nginx-1.11.13.tar.gz
tar xvf nginx-1.11.13.tar.gz
git clone git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
tar xzvf nginx-nginx-1.10.3.tar.gz
cd ~/nginx-1.11.13
./configure –with-http_ssl_module –add-module=~/ngx_http_substitutions_filter_module
make && make install
cd /usr/local/nginx/
./sbin/nginx

Test by going to the ip address of host.

cd /usr/local/nginx/conf
mv nginx.conf nginx.conf-backup
emacs nginx.conf

Add the code:

worker_processes auto;
events {
  worker_connections 1024;
}
http {
  include  mime.types;
  default_type application/octet-stream;
  sendfile on;
  gzip on;
  server {
    listen 80;
    server_name server_ip;

    location / {
    proxy_pass http://127.0.0.1:81/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
	}
  }
}

Start nginx after stopping it:

/usr/local/nginx/sbin/nginx -s stop
/usr/local/nginx/sbin/nginx

Create a daemon:

emacs ~/socat.sh
#!/bin/bash
socat tcp4-LISTEN:81,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:uj3wazyk5u4hnvtk.onion:80,socksport=9050

Run the daemon

screen -A -m -d -S SOCAT_DAEMON ~/socat.sh

To start it at boot, add to /etc/rc.local

/username/socat.sh

Enjoy

Credits:
1. https://proxybay.one/setup.html
2. http://tor.stackexchange.com/questions/13792/how-can-i-nginx-reverse-proxy-to-onion-site-which-is-on-tor-network/13884


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Building and using opticons

Now that glyphicons have been phased out in Bootstrap 4, I needed an alternative and found opticons.

To install it:
First install Node Package Manager (npm):

curl -sL https://deb.nodesource.com/setup_6.x | sudo bash -
apt-get install nodejs
wget https://github.com/primer/octicons/archive/v5.0.1.zip
unzip v5.0.1.zip
cd octicons-5.0.1/

Now we need to edit the json to prevent npm from aborting saying that opticons cant be installed as a dependency of itself.
emacs package.json
Change the line:

"name": "octicons",

To

"name": "octicons-test",

Now continue:
npm install octicons –save
npm run build

Now the required files are available at ./build/


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Installing Davical on Debian server

apt-get install libpq-dev postgresql php5 php5-pgsql php5-imap php5-curl php5-cgi libyaml-perl libdbi-perl davical
emacs /etc/postgresql/9.4/main/pg_hba.conf

Add at the very top of the file:

local   davical    davical_app   trust
local   davical    davical_app   trust

Reload postgresql:

/etc/init.d/postgresql restart

Now:

cd /usr/share/davical/dba
su postgres -c /usr/share/davical/dba/create-database.sh

It gives message:

Supported locales updated.
Updated view: dav_principal.sql applied.
CalDAV functions updated.
RRULE functions updated.
Database permissions updated.
NOTE
====
*  The password for the 'admin' user has been set to 'something'
Thanks for trying DAViCal!  Check in /usr/share/doc/davical/examples/ for
some configuration examples.  For help, visit #davical on irc.oftc.net.

Create virtual server and edit the config:

emacs /etc/apache2/sites-available/davical.joel.co.in.conf
Davical wiki recommends the following:

<VirtualHost x.y.z.a>
	DocumentRoot /usr/share/davical/htdocs
	DirectoryIndex index.php index.html
	ServerName davical.yoursite.com
	ServerAlias calendar.yoursite.com
	Alias /images/ /usr/share/davical/htdocs/images/
	ErrorLog /var/log/virtualmin/davical.yoursite.com_error_log
	CustomLog /var/log/virtualmin/davical.yoursite.com_access_log combined
	<Directory /usr/share/davical/htdocs/>
		  AllowOverride None
		  Order allow,deny
		  Allow from all
	</Directory>
	AcceptPathInfo On
</VirtualHost>

But only the following worked:

<VirtualHost *:80>
ServerName davical.yoursite.com
ServerAlias calendar.yoursite.com
DocumentRoot /usr/share/davical/htdocs
DirectoryIndex index.php index.html
Alias /images/ /usr/share/davical/htdocs/images/
ErrorLog /var/log/virtualmin/davical.yoursite.com_error_log
CustomLog /var/log/virtualmin/davical.yoursite.com_access_log combined
<Directory /usr/share/davical/htdocs/>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php .php
    AddHandler fcgid-script .php
    AddHandler fcgid-script .php5
    FCGIWrapper /home/joel/domains/davical.yoursite.com/fcgi-bin/php5.fcgi .php
    FCGIWrapper /home/joel/domains/davical.yoursite.com/fcgi-bin/php5.fcgi .php5
</Directory>
AcceptPathInfo On
</VirtualHost>

Now reload apache and the webpage.
Configure the file adding the following:

$c->admin_email = [email protected]';
    $c->system_name = "DAViCal CalDAV Server";
      $c->enable_row_linking = true;
        $c->default_locale = 'en_US.UTF-8';

  $c->pg_connect[] = 'dbname=davical port=5432 user=davical_app';

Now reload the page and it should show login screen. Use the password that was earlier generated.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Tutorial-How to use letsencrypt public beta to get a new SSL certificate

New information:
Requesting a certificate for your domains on an apache webserver running on Debian server is extremely easy.
Install certbot, a utility to help request letsencrypt certificates:

apt-get install python-certbot-apache -t jessie-backports

Now run it:

certbot --apache

This will start a curses interface to select sites whose certificates you want to renew.
This works very well and worked when the certicate module of webmin was botched up.

Older post:
This tutorial describes how to create a new SSL certificate using Let’s Encrypt (Public beta as of 06/12/2015).

Let’s Encrypt doku is at: http://letsencrypt.readthedocs.org/en/latest/using.html#installation

Let’s create a new droplet at Digitalocean to test Let’s Encrypt.
Now login via ssh to the server:

Install git, an editor (I prefer emacs) and letsencrypt:

apt-get install git emacs
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

To install and run the client you just need to type:

./letsencrypt-auto certonly --webroot -w /var/www/virtual/maindomain.com/mydomain.in/htdocs/ -d www.mydomain.in -d mydomain.in

IMPORTANT NOTES:
– If you lose your account credentials, you can recover through
e-mails sent to [email protected]
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.mydomain.in/fullchain.pem. Your cert will
expire on 2016-03-05. To obtain a new version of the certificate in
the future, simply run Let’s Encrypt again.
– Your account credentials have been saved in your Let’s Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let’s
Encrypt so making regular backups of this folder is ideal.
– If like Let’s Encrypt, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Automatically installing letsencrypt certificates for a server running i-mscp control panel:
Once you’ve generated certificates as mentioned above, login to i-mscp,
Go to https://yourcpsite.com:2087/client/domains_manage.php
Next to your domain, click on “Add/Edit SSL Certificate”

Use the contents of the following file for each text box:

Private key -> /etc/letsencrypt/live/www.elephant.in/privkey.pem
Certificate -> /etc/letsencrypt/live/www.elephant.in/cert.pem
Intermediate certificate(s) -> /etc/letsencrypt/live/www.elephant.in/chain.pem

Manually installing letsencrypt certificates for a server running i-mscp control panel:
The following additional information pertains to manually installing these certificates for a server running i-mscp:

So, you’ve generated a certificate for the site www.elephant.in. The files created are at /etc/letsencrypt/live/www.elephant.in/ and are as followings:

lrwxrwxrwx 1 root root   36 Dec  6 09:12 cert.pem -> ../../archive/www.elephant.in/cert1.pem
lrwxrwxrwx 1 root root   37 Dec  6 09:12 chain.pem -> ../../archive/www.elephant.in/chain1.pem
lrwxrwxrwx 1 root root   41 Dec  6 09:12 fullchain.pem -> ../../archive/www.elephant.in/fullchain1.pem
lrwxrwxrwx 1 root root   39 Dec  6 09:12 privkey.pem -> ../../archive/www.elephant.in/privkey1.pem

Copy these as follows:

cp /etc/letsencrypt/live/www.elephant.in/privkey.pem /var/www/imscp/gui/data/certs/elephant.in.privkey.pem
cp /etc/letsencrypt/live/www.elephant.in/cert.pem /var/www/imscp/gui/data/certs/elephant.in.cert.pem
cp /etc/letsencrypt/live/www.elephant.in/chain.pem /var/www/imscp/gui/data/certs/elephant.in.chain.pem

Now edit the file /etc/apache2/sites-enabled/elephant.in_ssl.conf:

Add/Edit the following directives:

SSLEngine On
SSLCertificateFile /var/www/imscp/gui/data/certs/elephant.in.cert.pem
SSLCertificateChainFile /var/www/imscp/gui/data/certs/elephant.in.chain.pem
SSLCertificateKeyFile /var/www/imscp/gui/data/certs/elephant.in.privkey.pem

Restart apache2:

service apache2 restart

Now reload your website, and you will see the following certificate information:

SSLEngine On
SSLCertificateFile /var/www/imscp/gui/data/certs/elephant.in.cert.pem
SSLCertificateChainFile /var/www/imscp/gui/data/certs/elephant.in.chain.pem
SSLCertificateKeyFile /var/www/imscp/gui/data/certs/elephant.in.privkey.pem

If your site shows invalid issuer information, you havent done these steps correctly.

Renewing certificates

Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

For renewing, use the same command as you did when you generated the certificates. For automating renewal use --renew-by-default.

Eg:

./letsencrypt-auto certonly --webroot -w /var/www/virtual/joel.co.in/elephant.in/htdocs/ -d www.elephant.in -d elephant.in --renew-by-default

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Installing mailcow mail server suite

So, Mailcow seems to be a new kid on the block of mail servers. In this post, I’ll attempt to perform an installation of a freshly installed DigitalOcean droplet. (Digitalocean provides resizable VPSes that are useful to perform development and hobbyist work like this. )

Step 1:
Create a Dogital Ocean droplet. I’ll try the minimum size of droplet.

Step 2:
Login to the VPS as root. I’ll assume that you’ve installed your favorite text editor. I’ll be using emacs.

wget -O – https://github.com/andryyy/mailcow/archive/v0.11.tar.gz | tar xfz –
Substitute 0.11 with the latest release number from https://github.com/andryyy/mailcow/releases/latest

emacs mailcow.config

Edit it with your own values. It’s a piece of cake.

After running the install, I got an error:

+ DEBIAN_FRONTEND=noninteractive
+ apt-get --force-yes -y install zip jq dnsutils python-setuptools libmail-spf-perl libmail-dkim-pertp php-net-socket php-net-url php-pear php-soap php5 php5-cli php5-common php5-curl php5-fpm php5-gdent mysql-server nginx-extras mailutils pyzor razor postfix-mysql postfix-pcre spamassassin spamc surl libmime-base64-urlsafe-perl libtest-tempdir-perl liblogger-syslog-perl bsd-mailx
E: Unable to correct problems, you have held broken packages.
+ '[' 100 -ne 0 ']'
++ redb '[ERR]'
+++ tput bold
+++ tput setaf 1
+++ tput sgr0
++ echo '[ERR]'
+ echo '[ERR] - Package installation failed'
[ERR] - Package installation failed
+ exit 1

I tried running the command manually:

apt-get --force-yes -y install zip jq dnsutils python-setp-mail-mimedecode php-net-dime php-net-smtp php-net-socket php-net-url php-pear php-soap php5 php5-c5-sqlite libawl-php php5-xmlrpc mysql-client mysql-server nginx-extras mailutils pyzor razor postfixtchmail liblockfile-simple-perl libdbi-perl libmime-base64-urlsafe-perl libtest-tempdir-perl liblogg
Reading package lists... Done
Building dependency tree
Reading state information... Done
bzip2 is already the newest version.
curl is already the newest version.
curl set to manually installed.
libdbi-perl is already the newest version.
libdbi-perl set to manually installed.
mysql-client is already the newest version.
openssl is already the newest version.
openssl set to manually installed.
python-setuptools is already the newest version.
python-setuptools set to manually installed.
unzip is already the newest version.
unzip set to manually installed.
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 postfix-mysql : Depends: postfix (= 2.11.3-1) but it is not going to be installed
 postfix-pcre : Depends: postfix (= 2.11.3-1) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

So I determined the problematic line:

$grep -inr 'install zip jq dnsutils' *
includes/functions.sh:245:DEBIAN_FRONTEND=noninteractive apt-get --force-yes -y install zip jq dnsut

Edited the line to add postfix to the installation list, and reran installation:

[[email protected]] ~/build/mailcow-0.11 $emacs includes/functions.sh
[[email protected]] ~/build/mailcow-0.11 $./install.sh

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Installing KVM on Debian [Failed]

On the Node (server where we’ll install VMs):

egrep -c '(vmx|svm)' --color=always /proc/cpuinfo

4

apt-get install kvm qemu-kvm libvirt-bin virtinst emacs 
adduser `id -un` libvirt
adduser `id -un` kvm

Testing:

virsh -c qemu:///system list
 Id    Name                           State
---------------------------------------------------

apt-get install bridge-utils

Optional: Save network config to prevent getting lockedout due to misconfiguration:

emacs savenet.py
chmod +x savenet.py

savenet.py contains:

#!/usr/bin/python
import datetime
import shutil
import os
mymin=str(datetime.datetime.now().minute)
myhour=str(datetime.datetime.now().hour+1)
rest=' * * * /bin/cp /root/interfaces.bak /etc/network/interfaces'
whole=mymin+" "+myhour+rest
print (whole)
shutil.copyfile('/etc/network/interfaces', '/root/interfaces.bak')
os.system("crontab -l > cronbox")
with open("cronbox", "a") as myfile:
    myfile.write(whole+"\n")
myhour=str(datetime.datetime.now().hour)
mymin=str(datetime.datetime.now().minute+5)
whole=mymin+" "+myhour+rest
with open("cronbox", "a") as myfile:
    myfile.write(whole+"\n")
os.system("crontab cronbox")
print "Cron set up to reverse network changes after 1 hour and five min.."
os.system("crontab -l")
emacs /etc/network/interfaces

Change /etc/network/interfaces
From:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth2
iface eth2 inet static
        address 214.32.195.10
        netmask 255.255.255.248
        network 214.32.195.8
        broadcast 214.32.195.15
        gateway 214.32.195.9
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 199.255.156.3

To:

# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
        address 214.32.195.10
        netmask 255.255.255.248
        network 214.32.195.8
        broadcast 214.32.195.15
        gateway 214.32.195.9
        bridge_ports eth0
        bridge_fd 9
        bridge_hello 2
        bridge_maxage 12
        bridge_stp off

Restart networking. At this point, there is a potential that you will be locked out of the server if you’re doing this remotely. That’s why the python script saves network config, and reverts it after 5 minutes.

/etc/init.d/networking restart
ifconfig
br0       Link encap:Ethernet  HWaddr 00:25:90:14:f0:12
          inet addr:214.32.195.10  Bcast:214.32.195.15  Mask:255.255.255.248
          inet6 addr: fe80::225:90ff:fe14:f012/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:197 errors:0 dropped:0 overruns:0 frame:0
          TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11896 (11.6 KiB)  TX bytes:13534 (13.2 KiB)

eth0      Link encap:Ethernet  HWaddr 00:25:90:14:f0:12
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:111334 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10148 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:160232323 (152.8 MiB)  TX bytes:1266350 (1.2 MiB)
          Interrupt:43 Base address:0x8000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:350 errors:0 dropped:0 overruns:0 frame:0
          TX packets:350 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:34375 (33.5 KiB)  TX bytes:34375 (33.5 KiB)

Now, on the server which will run the web panel (controller server):

apt-get install git python-pip python-libvirt python-libxml2 novnc supervisor nginx
git clone git://github.com/retspen/webvirtmgr.git
cd webvirtmgr
pip install -r requirements.txt
./manage.py syncdb
./manage.py collectstatic
cd ..
mv webvirtmgr /var/www/
nano /etc/nginx/conf.d/webvirtmgr.conf
server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr; # or /srv instead of /var
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M; # Set higher depending on your needs
    }
}

Now edit /etc/nginx/sites-available/default

nano /etc/nginx/sites-available/default

and Comment everything here.

service nginx restart
chown -R www-data:www-data /var/www/webvirtmgr
nano /etc/supervisor/conf.d/webvirtmgr.conf
[program:webvirtmgr]
command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr.log
redirect_stderr=true
user=www-data

[program:webvirtmgr-console]
command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=www-data
service supervisor restart

The installation is over.
At this point I realized that there were errors:
The following is my attempt to fix them (ineffectively):

On node to be monitored:
Uncomment the foll in /etc/libvirt/libvirtd.conf:
listen_tls = 0
listen_tcp = 1
tcp_port = “16509”

service libvirt-bin restart

On the server which monitors:

Edit: /etc/init/libvirt-bin.conf

Change on line 11:
env libvirtd_opts=”-d”

To:
env libvirtd_opts=”-d -l”

To fix error:
Trial1:
“# /usr/sbin/libvirtd -l
2015-06-20 15:08:33.484+0000: 6248: info : libvirt version: 1.2.2
2015-06-20 15:08:33.484+0000: 6248: error : virNetTLSContextCheckCertFile:117 : Cannot read CA certificate ‘/etc/pki/CA/cacert.pem’: No such file or directory

mkdir -p /etc/pki/CA
openssl genrsa 1024 > cakey.pem
openssl req -new -x509 -key cakey.pem -out /etc/pki/CA/cacert.pem -days 3655

New error:
# /usr/sbin/libvirtd -l
2015-06-20 15:09:30.843+0000: 6267: info : libvirt version: 1.2.2
2015-06-20 15:09:30.843+0000: 6267: error : virNetTLSContextCheckCertFile:117 : Cannot read certificate ‘/etc/pki/libvirt/servercert.pem’: No such file or director

Trial2:
Following:
apt-get install gnutls-bin
(umask 277 && certtool –generate-privkey > host1_server_key.pem)


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

How to setup a self hosted Seafile for your server.

We’ll assume that you have a freshly installed Digitalocean server, and have logged into it via ssh:

alias l='ls -lah --color'
apt-get update && apt-get install emacs
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
AllowUsers haiwen
service ssh restart
useradd haiwen -s /bin/bash -m
adduser haiwen sudo
usermod -a -G www-data haiwen
passwd haiwen
apt-get install sudo
sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list
apt-get update
locale-gen en_US.UTF-8

Now connect as user haiwen to ssh:

wget https://bitbucket.org/haiwen/seafile/downloads/seafile-server_4.1.2_x86-64.tar.gz
tar -xzf seafile-server_*
mkdir installed
mv seafile-server_* installed
cd seafile-server-4.1.2/
sudo apt-get install python2.7 python-setuptools python-imaging python-mysqldb mysql-server

Run setup-seafile-mysql.sh

[email protected]:~/seafile-server-4.1.2$ ./setup-seafile-mysql.sh
Checking python on this machine ...
  Checking python module: setuptools ... Done.
  Checking python module: python-imaging ... Done.
  Checking python module: python-mysqldb ... Done.
-----------------------------------------------------------------
This script will guide you to setup your seafile server using MySQL.
Make sure you have read seafile server manual at
        https://github.com/haiwen/seafile/wiki
Press ENTER to continue
-----------------------------------------------------------------
What is the name of the server? It will be displayed on the client.
3 - 15 letters or digits
[ server name ] acloud.dzon.in

acloud.dzon.in is not a valid name

What is the name of the server? It will be displayed on the client.
3 - 15 letters or digits
[ server name ] DroidzoneCloud

What is the ip or domain of the server?
For example: www.mycompany.com, 192.168.1.101
[ This server's ip or domain ] 42.34.117.163

Which port do you want to use for the ccnet server?
[ default "10001" ]

Where do you want to put your seafile data?
Please use a volume with enough free space
[ default "/home/haiwen/seafile-data" ]

Which port do you want to use for the seafile server?
[ default "12001" ]

Which port do you want to use for the seafile fileserver?
[ default "8082" ]

-------------------------------------------------------
Please choose a way to initialize seafile databases:
-------------------------------------------------------

[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases

[ 1 or 2 ] 1

What is the host of mysql server?
[ default "localhost" ]

What is the port of mysql server?
[ default "3306" ]

What is the password of the mysql root user?
[ root password ]

verifying password of user root ...
Failed to connect to mysql server using user "root" and password "***": Can't connect to MySQL server on '127.0.0.1' (111)

What is the password of the mysql root user?
[ root password ]

verifying password of user root ...  done

Enter the name for mysql user of seafile. It would be created if not exists.
[ default "root" ] seafilusr

Enter the password for mysql user "seafilusr":
[ password for seafilusr ]

Enter the database name for ccnet-server:
[ default "ccnet-db" ]

Enter the database name for seafile-server:
[ default "seafile-db" ]

Enter the database name for seahub:
[ default "seahub-db" ]

---------------------------------
This is your configuration
---------------------------------

    server name:            DroidzoneCloud
    server ip/domain:       42.34.117.163
    ccnet port:             10001

    seafile data dir:       /home/haiwen/seafile-data
    seafile port:           12001
    fileserver port:        8082

    database:               create new
    ccnet database:         ccnet-db
    seafile database:       seafile-db
    seahub database:        seahub-db
    database user:          seafilusr
---------------------------------
Press ENTER to continue, or Ctrl-C to abort
---------------------------------
Generating ccnet configuration ...
done
Successly create configuration dir /home/haiwen/ccnet.
Generating seafile configuration ...

Done.
done
Generating seahub configuration ...
----------------------------------------
Now creating seahub database tables ...
----------------------------------------
creating seafile-server-latest symbolic link ...  done
-----------------------------------------------------------------
Your seafile server configuration has been finished successfully.
-----------------------------------------------------------------

run seafile server:     ./seafile.sh { start | stop | restart }
run seahub  server:     ./seahub.sh  { start <port> | stop | restart <port> }

-----------------------------------------------------------------
If you are behind a firewall, remember to allow input/output of these tcp ports:
-----------------------------------------------------------------

port of ccnet server:         10001
port of seafile server:       12001
port of seafile fileserver:   8082
port of seahub:               8000

When problems occur, Refer to

        https://github.com/haiwen/seafile/wiki

for information.

[email protected]:~/seafile-server-4.1.2$ ulimit -n 30000
[email protected]:~/seafile-server-4.1.2$ ./seafile.sh start

Starting seafile server, please wait ...
Seafile server started

Done.
[email protected]:~/seafile-server-4.1.2$ ./seahub.sh start

Starting seahub at port 8000 ...

----------------------------------------
It's the first time you start the seafile server. Now let's create the admin account
----------------------------------------

What is the email for the admin account?
[ admin email ] [email protected]

What is the password for the admin account?
[ admin password ]

Enter the password again:
[ admin password again ]



----------------------------------------
Successfully created seafile admin
----------------------------------------



Loading ccnet config from /home/haiwen/ccnet
Loading seafile config from /home/haiwen/seafile-data

Seahub is started

Done.

Now seafile is accessible at http://45.55.195.173:8000/

Next up, setting https for seafile.

To start Seafile at Boot:

[email protected]:~$ sudo emacs /etc/init.d/seafile-server
#!/bin/bash

# Change the value of "user" to your linux user name
user=haiwen

# Change the value of "seafile_dir" to your path of seafile installation
# usually the home directory of $user
seafile_dir=/home/haiwen
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log

# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=false
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
#
# Write a polite log message with date and time
#
echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log}
echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log}
case "$1" in
        start)
                sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
                if [ $fastcgi = true ];
                then
                        sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
                else
                        sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
                fi
        ;;
        restart)
                sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
                if [ $fastcgi = true ];
                then
                        sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
                else
                        sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
                fi
        ;;
        stop)
                sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
                sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
        ;;
        *)
                echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
                exit 1
        ;;
esac
sudo emacs /etc/init/seafile-server.conf
start on (started mysql
and runlevel [2345])
stop on (runlevel [016])

pre-start script
/etc/init.d/seafile-server start
end script

post-stop script
/etc/init.d/seafile-server stop
end script
[email protected]:~$ sudo chmod +x /etc/init.d/seafile-server
[email protected]:~$ sudo update-rc.d seafile-server defaults

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

How to setup Owncloud for your own server

Install owncloud on own server.
First add an apache virtualhost.

Edit

/etc/apache2/sites-available/default

Create the following:

<VirtualHost *:80>
ServerName cloud.relsoft.in
ServerAlias cloud.relsoft.in
DocumentRoot /var/www/virtual/relsoft.in/cloud/htdocs
</VirtualHost>

Create a “A” record in the DNS panel for relsoft.in:

A cloud.relsoft.in [myipaddress]

Create the virtual directory:

mkdir -p /var/www/virtual/relsoft.in/cloud/htdocs
chown -R www-data.www-data /var/www/virtual/relsoft.in

Download and uncompress the latest owncloud installation package [Available at

https://owncloud.org/install/#instructions-server ]
wget https://download.owncloud.org/community/owncloud-8.0.3.tar.bz2
tar xf owncloud-8.0.3.tar.bz2
mv owncloud/* ./
rm owncloud-8.0.3.tar.bz2
rm -rf owncloud/

Install php gd module, php5-curl and php5-mysql:

sudo apt-get install php5-gd php5-curl php5-mysql

Set always_populate_raw_post_data to -1 in your php.ini
Now to set the appropriate value in php.ini, first I have to locate the correct php.ini to edit.

find /etc -iname 'php.ini'

Now locate the location of the setting:

grep -in 'always_populate_raw_post_data' /etc/php5/apache2/php.ini
704:;always_populate_raw_post_data = -1

Edit the correct line with emacs:

emacs /etc/php5/apache2/php.ini
Alt-G G 704

takes me to the correct line to edit. Remove the two leading semicolons.

Restart apache2 server:

service apache2 restart

Now reload cloud.relsoft.in in your browser.

Now I got a security warning:
Your data directory and files are probably accessible from the internet because the .htaccess file does not work.
For information how to properly configure your server, please see the documentation.

This means that htaccess is not enabled for the server. So to setup .htaccess for apache:

Edit /etc/apache2/sites-available/default
emacs /etc/apache2/sites-available/default

Add the “AllowOverride All” directive.
So the block now looks like:

ServerName cloud.relsoft.in
ServerAlias cloud.relsoft.in
DocumentRoot /var/www/virtual/relsoft.in/cloud/htdocs

AllowOverride All


If while editing apache directive files, you face issues, run: systemctl status apache2.service Or journalctl -xn for details

Create database with mysql:
mysql -u root -p
mysql> CREATE DATABASE ‘owncloudie’;
mysql> USE owncloudie;
mysql> CREATE USER ‘cloudsrvrusr’@’localhost’ IDENTIFIED BY ‘mypassword’;
mysql> GRANT ALL PRIVILEGES ON owncloudie.* TO ‘cloudsrvrusr’@’localhost’ WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
mysql> EXIT;

Restart apache2, and reload the install page.

Now, add an admin username and password, and add the database details that we created with mysql.
When you click on ‘Finish setup’, mysql installation will be over, and you can login as administrator.
Create users.

Download the Desktop client at https://owncloud.org/install/#install-clients, and the Android client from https://play.google.com/store/apps/details?id=com.owncloud.android

To create ssl:

mkdir -p /etc/apache2/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
emacs /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin [email protected]
        ServerName cloud.relsoft.in
        ServerAlias www.loud.relsoft.in
        DocumentRoot /var/www/virtual/relsoft.in/cloud/htdocs
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>
a2ensite default-ssl.conf
service apache2 reload

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

How to recover auto save file in emacs?

While opening a file which you were editing earlier, you might see the message prompting that auto-save data is available, and whether you wish to recover it. If you wish to do that,

Type:
Alt-X
recover-file
Press Enter

Now you will be prompted for filename. Enter it.
Confirm that you wish to recover autosave data.
You may sometimes be asked:

...htdocs/user/config.php locked by [email protected].. (pid 18467): (s, q, p, ?)?

You have the following options:
sSteal the lock. Whoever was already changing the file loses the lock, and you gain the lock.
pProceed. Go ahead and edit the file despite its being locked by someone else.
qQuit. This causes an error (file-locked), and the buffer contents remain unchanged–the modification you were trying to make does not actually take place.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.