The Linux Mint Planet » August 2, 2007

pLinux has always been a good choice for a server OS. In practical terms, however, this functionality has been out of reach for the everyday computer user, mainly due to the technical know-how required to manage a dedicated server OS. On the other hand, our homes today are more filled with computers than ever before - and, in a multi-node network, a server can provide many benefits. In this article, I am going to try to guide you in setting up a useful server for your home network, one that is headless (i.e., without monitor, keyboard, or mouse) and can be stowed away neatly out of view./pbr /pThis setup will be ideal for:/pbr /ullisecurely sharing a single Internet connection to multiple computers,/lilistreamlining of Internet traffic,/liliproviding a central file server in the home network,/lilipreventing bandwidth-hogging by P2P software,/liliallowing easy remote administration of the server./li/ulbr /pHardware required:/pbr /ulliAny old computer with commonly available components (thus ensuring driver availability for it). My own server is a Pentium III 800MHz with 256MB RAM, Intel chipset, an on-board graphic card, 2 Ethernet cards, 40GB hard drive (the larger the better, obviously), and a CD-ROM. This is really overkill - you can use a Pentium I with 64MB RAM (otherwise landfill material), and it would run moderately well. The two network cards are required. You can use a wireless card for your Local Area Network (LAN), but make sure it has Linux drivers available./liliAn Ethernet hub with at least as many ports as there are computers you wish to connect (including your server). If you use a wireless LAN, you will not need this.liliAs much "straight through" Ethernet cable as you will need (not required in a wireless setup)./li/ulbr /pThe basic setup:/pbr /pttInternet lt;--gt; Ubuntu Server lt;--gt; Ethernet Hub lt;--gt; LAN Machines/ttpbr /pServices we are going to be running on our system:/pbr /ullia href="http://webmin.com/"Webmin/a for remote Web-based administration,/lilia href="http://www.shorewall.net/"Shorewall firewall/a setup up for Internet connection sharing or network address translation (NAT),/lilia href="http://www.squid-cache.org/"Squid Proxy server/a for caching of Internet content,/lilia href="http://www.isc.org/index.pl?/sw/bind/"BIND DNS server/a working hand-in-hand with Squid,/lilia href="http://us1.samba.org/samba/"Samba file server/a,/lilia href="http://en.wikipedia.org/wiki/LAMP_(software_bundle)"LAMP Web server/a, which we are going to use to run a href="http://www.torrentflux.com/"TorrentFlux/a, a Web-based Torrent client. You can use LAMP to serve your own Web sites, if you so wish./li/ulbr /pLet us dive right in!/pbr /h41. Getting Ubuntu/h4br /pDownload the Ubuntu (currently at version 7.04, "Feisty Fawn") Server CD image from a href="http://www.ubuntu.com/getubuntu/download"Ubuntu's download page/a./pbr /h42. Making the installation CD/h4br /pBurn the ttubuntu-7.04-server-i386.iso/tt image to a CD using your favorite image-burning program. Remember, burn the image; do not extract the files from the image file. If you are going to be using an old CD-ROM, burn the CD at the slowest possible speed, for reliability./pbr /h43. Installing Ubuntu on Your Server/h4br /pUbuntu is well known for having an easy installation process. For now, plug in a monitor, keyboard, and the network cables (Internet and LAN, both), put in the Ubuntu server CD, and boot up! You may need to change your BIOS settings to allow booting from CD./pbr /olliSelect the hard disk installation, choose your desired language, then pick your country and keyboard./liliConfigure the network interface connected to the Internet, using one of 3 options; autoconfiguration, autoconfiguration with DHCP (automatically assigned IP addresses), or manual. Which one you choose really depends on your Internet connection; ask your ISP, if in doubt. If you have to configure manually, configure your Internet connection on the eth0 network card, for simplicity's sake./liliFor partitioning, I recommend "Guided - use entire disk", as it is a no-brainer, and accept the settings, thereby writing changes to disk./liliAllow the system clock to be set to UTC./liliCreate the system administrator's user account; enter the full user name, account name, and administrator's password (which has to be verified)./liliUbuntu will continue to install the base system./liliEnter your ISP's proxy server settings, if required./liliWhen you are asked to choose the software to install, select both DNS and LAMP server. You do this using the spacebar to check the boxes, cursor keys, and ttTAB/tt, to navigate through the menu./liliComplete the installation, reboot, and you will be presented with a command-line interface (CLI) prompting you to log in. Use the administrator account name and password, to do so./li/olbr /pBefore we continue, I did mention that I would try to make this as simple as possible, and now you are probably wondering what you are doing in a CLI. This is necessary, as we want our server to run as lean as possible. After all, it is going to be stowed away in a closet, so who needs a fancy GUI? I promise we won't be spending much longer on the CLI. A couple of tips for new users:br /ullithe cursor keys let you scroll through previous commands you entered,/lilithe ttTAB/tt key is a God-send for its auto-complete function. Type a couple of keys, hit the TAB key, and it will auto-complete or show you the valid commands or paths!/li/ulbr /h44. Checking Internet connectivity/h4br /pFirst thing we will do on our new system is to check if we are connected to the Internet. Do this simply by pinging Google./pbr /ttping www.google.com/ttbr /pStop the pinging with ttCtrl+C/tt. If all went well, you should be getting responses to your pings. If not, try switching the LAN and Internet cables around. Most probably, you will get a ping response by now. Keep in mind which card your Internet is configured on, tteth0/tt or tteth1/tt, and modify the instructions accordingly. In this guide, the Internet is on tteth0/tt and the LAN is on tteth1/tt.br /h45. LAN network configuration/h4br /pNow, we will configure our LAN network card. We will do this using ttvim/tt, a CLI text editor./pbr /pFour simple commands you will use in ttvim/tt are:/pbr /ullithe ttI/tt key, which will put you in Insert mode so you can edit the text file as in any other text editor,/lilithe ttEsc/tt key, which exits you out of the Insert mode,/lilitt:w!/tt, which saves/writes the file to disk,/lilitt:x/tt, which exits the ttvim/tt text editor./li/ulbr /pLet us open our network configuration file with administrative privileges:/pbr /ttsudo vim /etc/network/interfaces/ttbr /pYou will be asked to enter the administrator's password. Navigate with the cursor key and add the following at the end of this file:/pbr /prettauto eth1br /iface eth1 inet staticbr / address 192.168.0.1br / netmask 255.255.255.0br / broadcast 192.168.0.255/tt/prebr /pIf you need to change the configuration of your Internet connection, you should do this now in the tteth0/tt section. Restart your network interfaces using:/pbr /ttsudo /etc/init.d/networking restart/ttbr /h46. Update Ubuntu/h4br /pInstall any available updates by:/pbr /ttsudo apt-get update/ttbr /pand then/pbr /ttsudo apt-get upgrade/ttbr /h47. Installing Webmin/h4br /pNow we will install the packages required for Webmin, the Web-based administration tool:/pbr /ttsudo apt-get install libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl libmd5-perl/ttbr /pDownload Webmin:/pbr /ttwget [prdownloads.sourceforge.net] /pIf this does not work, there is probably a newer version of Webmin. Get the link to the latest tt*.deb/tt file from the a href="http://webmin.com/download.html"Webmin site/a. pInstall it:/pbr /ttsudo dpkg -i webmin_1.350_all.deb/ttbr /pYou will get the following output:/pbr /pWebmin install complete. You can now login to [https:] as root with your root password, or as any user who can use sudo to run commands as root./pbr /pAnd that's it! We are done with the CLI. Log out:/pbr /ttexit/ttbr /pNow, you can disconnect the monitor and keyboard, stow your server away, and continue from your desktop machine on a beautiful Web-GUI!/pbr /h48. Configure your LAN machines/h4br /pHowever, before you do that, you will have to configure your desktop machine's network card. Set it up as follows:/pbr /prettIP address: 192.168.0.2br /Subnet mask: 255.255.255.0br /Gateway: 192.168.0.1br /DNS server: 192.168.0.1/tt/prebr /pYour other machines would have incrementing IP addresses, e.g., tt192.168.0.3/tt, tt192.169.0.4/tt,.../pbr /h49. Upgrade Webmin/h4br /pOpen your favorite Web browser and navigate tobr /t [https:] Enter the administrator's user name and password. Welcome to the powerful Webmin!/pbr /pOn the tree menu on the left, go to ttWebmin gt; Webmin Configuration/tt. Click emUpgrade Webmin/em, and, with em"Latest version from www.webmin.com"/em selected, click the emUpgrade/em button. If there is an upgrade available, it will be installed for you./pbr /h410. Shorewall Firewall/h4br /pTo install the Shorewall firewall, go to ttSystem gt; Software Packages/tt and in the em"Install a New Package"/em section, select em"Package from APT"/em, enter ttshorewall/tt, and click emInstall/em. This may take some time, depending on your Internet connection, but Shorewall will be installed./pbr /pNow, go to ttNetworking gt; Shorewall Firewall/tt, and we'll begin setting up your firewall. Do emnot/em start the firewall yet, or you might lock yourself out of the server. We will configure Shorewall section by section./pbr /pstrongNetwork Zones:/strong This section defines zones to which we will assign "levels of trust". We will create three zones: the firewall, Internet, and local zones./pbr /pClick emAdd a new network zone/em. You will be provided with a number of options. We are interested in the emZone ID/em field and the emZone type/em list. For each zone, enter the options as follows, and click ttCreate/tt before returning to the page to create the next./pbr /ulliemZone ID/em = ttfwall/tt; emZone type/em = ttFirewall system/tt/liliemZone ID/em = ttnet/tt; emZone type/em = ttIPv4/tt/liliemZone ID/em = ttloc/tt; emZone type/em = ttIPv4/tt/li/ulbr /pstrongNetwork Interfaces:/strong This section tells the firewall which Ethernet card is connected to the Internet, and which one to the LAN. In our case, we have only two interfaces./pbr /pClick emAdd a new network interface/em, and again you will be presented with a vast array of options. We will define only emInterface/em, emZone name/em, and emBroadcast address/em. Here, also, you will have to setup one interface at a time, clicking emCreate/em before returning to configure the next. Configure as follows:/pbr /ulliemInterface/em = tteth0/tt; emZone name/em = ttnet/tt; emBroadcast address/em = ttAutomatic/tt/liliemInterface/em = tteth1/tt; emZone name/em = ttloc/tt; emBroadcast address/em = ttAutomatic/tt/li/ulbr /pstrongDefault Policies:/strong The default policies tell the firewall what to do with packets coming from various sources. We will set it to drop all requests from the Internet, and accept all from the LAN and the firewall itself. Click emAdd a new default policy/em. As before, we will define one policy at a time, clicking ttCreate/tt before proceeding. Configure the policies as follows:/pbr /ulliemSource zone/em = ttnet/tt; emDestination zone/em = ttAny/tt; emPolicy/em = ttDROP/tt/liliemSource zone/em = ttfwall/tt; emDestination zone/em = ttAny/tt; emPolicy/em = ttACCEPT/tt/liliemSource zone/em = ttloc/tt; emDestination zone/em = ttAny/tt; emPolicy/em = ttACCEPT/tt/li/ulbr /pstrongFirewall Rules:/strong This section defines specific rules for specific services. We will enable them as the need arises, later./pbr /pstrongTOS:/strong This section optimizes Web browsing as much as you can on your end. Click emAdd a new type of service/em, and we will proceed to configure the services one by one./pbr /ulliemSource zone/em = ttAny/tt; emDestination zone/em = ttAny/tt; emProtocol/em = ttTCP/tt, emSource ports/em = ttAny/tt; emDestination ports/em = with the emPorts or ranges/em radio button selected enter ttwww/tt; emType of service/em = ttMaximize-Throughput/tt/liliemSource zone/em = ttAny/tt; emDestination zone/em = ttAny/tt; emProtocol/em = ttTCP/tt, emSource ports/em = ttAny/tt; emDestination ports/em = with the emPorts or ranges/em radio button selected enter ttwww/tt; emType of service/em = ttMinimize-Delay/tt/liliemSource zone/em = ttAny/tt; emDestination zone/em = ttAny/tt; emProtocol/em = ttTCP/tt, emSource ports/em = with the emPorts or ranges/em radio button selected enter ttwww/tt; emDestination ports/em = ttAny/tt; emType of service/em = ttMaximize-Throughput/tt/liliemSource zone/em = ttAny/tt; emDestination zone/em = ttAny/tt; emProtocol/em = ttTCP/tt, emSource ports/em = with the emPorts or ranges/em radio button selected enter ttwww/tt; emDestination ports/em = ttAny/tt; emType of service/em = ttMinimize-Delay/tt/li/ulbr /pstrongMasquerading:/strong This tells the server to forward requests from the LAN to the Internet, which is required for Internet connection-sharing. Click emAdd a new masquerading rule/em, and enter the following rule./pbr /ulliemOutgoing interface/em = tteth0/tt; emNetwork to masquerade/em = with emSubnet on interface/em selected, choose tteth1/tt; leave the rest unchanged/li/ulbr /pstrongWhen Stopped:/strong This allows machines whose IP addresses are specified to access the server even when the firewall is not running. No other IP addresses will have access. Add as many as you want, but there should be at least one, just in case. In the example below, I have allowed access from two IP addresses on the LAN. Click emAdd a new stopped address/em, and configure as follows:/pbr /ulliemInterface/em = tteth1/tt; select emListed addresses and networks/em, and enter tt192.168.0.2,192.168.0.3/tt and/or any other addresses you wish./li/ulbr /pWe don't need to add any other settings./pbr /pBack on the Shorewall main page, click em"Check Firewall"/em. You should get the thumbs up. Note that an "OK" result here does emnot/em guarantee the firewall will work properly, or will work at all. It simply checks the rules syntax./pbr /pThere is a security feature that prevents an unconfigured Shorewall from being started up, when booting. This has to be changed manually. For this, you will need a Java-enabled Web browser to do it using Webmin, or you could resort to using vim from the CLI./pbr /pWhat you have to do is change the line/pbr /ttstartup=0/ttbr /pin the file tt/etc/default/shorewall/tt to/pbr /ttstartup=1/ttbr /pIn Webmin, go to emOthers gt; File Manager/em. This will give you a nice Java-based file manager. Navigate to the above mentioned file, and click the em"Edit"/em button at the top. A text editor window will pop up. (Disable pop-up blocker.) Make the change, and then save and close./pbr /pAgain, using this browser, browse to the file tt/etc/shorewall/shorewall.conf/tt, click em"Edit"/em, and find the line ttIP_FORWARDING=Keep/tt. Change the value from ttKeep/tt to ttOn/tt. Save and close./pbr /pNow, let us make sure that Shorewall is set to start at bootup. Go to emSystem gt; Bootup and Shutdown/em, look for ttshorewall/tt in the list. Tick the checkbox, and click em"Start Now and On Boot"/em at the bottom. Go back to the emNetworking gt; Shorewall Firewall/em page, and you should see six buttons where there were previously only two. Click em"Show Status"/em, to verify that all is running well. Your Internet connection sharing should be set up, now. Try it out!/pbr /h411. BIND DNS Server/h4br /pUbuntu server pretty much does all the configurations necessary for a working BIND DNS server. If you wish, there is one thing you can do to make the lookups marginally faster. We can tell our server to forward unknown requests to your ISP's DNS server. However, there are some security issues which arise from doing this as described aptly by a href="http://linuxgazette.net/authors/moen.html"Rick Moen/a on the a href="http://linuxgazette.net/141/lazar.html"Linux Gazette post of this article/a. After considering his comments I, personally, would stick to the default Ubuntu settings./pbr /h412. Squid Proxy Server/h4br /pNow, we will move on to installing and setting up Squid as your a href="http://en.wikipedia.org/wiki/Proxy_server#Caching_proxy_server"caching proxy server/a. Go to emServers gt;Squid Proxy Server/em. Webmin will inform you that Squid is not installed on your system, and provide you with an option to install it using APT. Click on the link (labelled em"Click here"/em) provided, to install Squid. Webmin will keep you informed of the progress and, once completed, will give you some information on the installed packages./pbr /pGo back to the main page for Squid, and now you should have a host of configuration tools available. I will not explain all the options available, but, if you require more clarification, help is available at the top left of the tool's page. (You will have to disable your browser's popup blocker.)/pbr /pstrongPorts and Networking:/strong Here we will tell Squid which port it will be listening on. The default is port 3128. We will stick to this, but you can change it. In the em"Options for port"/em field, enter tttransparent/tt. This will make Squid a transparent proxy server, which eliminates the need to configure machines on your LAN. Save the changes./pbr /pstrongMemory Usage:/strong Here, you can define memory usage limits for Squid, or choose to go with the default settings. I would draw attention to the em"Maximum cached object size"/em option. Here, you can define the maximum size of cached files./pbr /pstrongCache Options:/strong The option I would recommend you changing here is the em"Cache Directories"/em one. Squid defaults to a 100MB cache, which is pretty minuscule for our caching proxy objective. Decide how much of your hard disk you wish to use for the cache; I use 5GB out of my 40GB hard disk. In the em"Directory"/em field, enter tt/var/spool/squid/tt, em"Type"/em as ttUFS/tt, in em"Size (MB)"/em, enter however much you decided on in megabytes, for the 1st- and 2nd-level directories, enter one of the following numbers; tt16,32,64,128/tt or tt256/tt (defaults being tt16/tt and tt256/tt, respectively). These numbers basically define the file structure of your cache. Read the help documentation, for more information on this and other options. Save your changes./pbr /pstrongHelper Programs:/strong In the em"DNS server addresses"/em field, enter tt192.168.0.1/tt, select the radio button, and save. This tells Squid to send DNS requests to the BIND DNS server running on your server./pbr /pstrongAccess Control:/strong Here, we will define which LAN machines will be able to use Squid, by their IP addresses. At the bottom of the em"Access Control Lists"/em section, select ttClient Address/tt from the drop down list, and click em"Create new ACL"/em. In the page that appears, enter a name of your choice in the em"ACL Name"/em field (e.g., ttLocal_Network/tt), define the range of IP addresses you wish to grant access to, and the Netmask, e.g., emFrom/em = tt192.168.0.2/tt, emTo/em = tt192.168.0.7/tt, emNetmask/em = tt255.255.255.0/tt. If you would like to grant access to all machines on your LAN, enter as follows; emFrom/em = tt192.168.0.0/tt, emTo/em = *leave blank*, emNetmask/em = tt255.255.255.0/tt. Save your changes./pbr /pHaving defined the machines on our LAN, we will now tell Squid what to do with requests from these machines. Click em"Add proxy restriction"/em in the em"Proxy Restrictions"/em section. Select the em"Allow"/em action, and the ACL you just created (ttLocal_Network/tt) from the em"Match ACLs"/em list. Save your changes./pbr /pYour new restriction will be at the bottom of the restrictions list, and, since they are effectuated in order, you will have to move your new rule up the list to third place. Do this using the em"Move"/em arrows, to the right of the defined restrictions./pbr /pFor security reasons, we will create a new user named ttsquid/tt who will run squid. Go to emSystemUsers and Groups/em. Click em"Create a new user"/em, and enter the following;/pbr /ulliemUsername/em = ttsquid/tt,/liliemReal name/em = ttsquid/tt,/liliemPassword/em = ttNo login allowed/tt,/liliemPrimary group/em = ttNew group with same name as user/tt,/liliemCreate home directory/em = ttNo/tt,/liliemCopy files to home directory/em = ttNo/tt,/liliemCreate user in other modules/em = ttYes/tt,/li/ulbr /pLeave the rest unchanged. Click em"Create"/em./pbr /pNow, we will grant permissions to the user ttsquid/tt to write to our cache. Go to emOthers gt; Command Shell/em, and execute the following command:/pbr /ttchown -R squid:squid /var/spool/squid//ttbr /pReturn to the Squid Proxy Server page./pbr /pstrongAdministrative Options:/strong In the em"Run as Unix user"/em field, click the browse button, and select ttsquid/tt from the list of users. In the em"Visible hostname"/em field, enter the name of your server. This you can find out from the em"System Information"/em page in Webmin, as em"System hostname"/em. Save the changes./pbr /pClick em"Initialize Cache"/em. Once this terminates successfully, return to the Squid main page and click em"Start Squid"/em. Since we are making a transparent proxy server, we need to add some rules in the firewall, to redirect requests to pass through Squid. Go to emNetworkingShorewall FirewallFirewall RulesManually Edit File/em, and paste the following rule:/pbr /prett#squid transparent proxy redirectbr /REDIRECT loc 3128 tcp www/tt/prebr /pIf you changed the port Squid listens to, earlier on, use that port in this rule, instead of 3128. Save the changes, and emApply Configuration/em./pbr /pTest if your desktop machines have access to the Internet. The difference between a simple Internet connection sharing and using a caching proxy is that frequently visited Web sites will load faster, as some content is stored on your server./pbr /h413. Samba file sharing/h4br /pNow, we'll move on to installing and setting up Samba for file sharing to both Linux and Windows machines. Go to emServers gt; Samba Windows File Sharing/em. As was the case with Squid, Webmin detects that Samba is not installed, and provides an easy link to install it using APT. Go ahead and click the link, to download and install Samba. Once this is done, we will now configure file sharing./pbr /pSince we are sharing on a trusted network, we will setup our file server with read and write permissions for everybody./pbr /pReturn to emServers gt; Samba Windows File Sharing/em, and, in the first section, click em"Create a new file share"/em, then complete as follows:/pbr /ulliemShare name/em = enter whatever you would like to identify the share as (I am using ttpublic/tt),/liliemDirectory to share/em = tt/home/public/tt,/liliemAutomatically create directory/em = ttYes/tt,/liliemCreate with owner/em = ttroot/tt,/liliemAvailable/em = ttYes/tt,/liliemBrowseable/em = ttYes/tt,/liliemShare Comment/em can be whatever you wish./li/ulbr /pThis will create the share ttpublic/tt, with Read-only permissions for all. Using emOthers gt; File Manager/em, navigate to tt/home/tt, select the folder ttpublic/tt, and click emInfo/em. In the info window that opens, in the emPermissions/em section, select all the checkboxes for emUser/em, emGroup/em, and emOther/em, thereby giving permission to everybody to read and write to this folder./pbr /pNow, navigate to tt/etc/samba/tt, select ttsmb.conf/tt, and click emEdit/em. Look for the line/pbr /tt; security = user/ttbr /pand change it to/pbr /tt; security = share/ttbr /pScroll down to the end of the file, to find the section which describes the share we just created, and edit it to it look like this:/pbr /prett[public]br / comment = publicbr / path = /home/publicbr / public = yesbr / writable = yesbr / create mask = 0777br / directory mask = 0777br / force user = nobodybr / force group = nogroup/tt/prebr /pSave and close. If you need to change your Workgroup, do that from the emWindows Networking/em tool in the emGlobal Configuration/em section on the emSamba Windows File Sharing/em page. Samba's default workgroup is, ironically, ttMSHOME/tt. Click emRestart Samba Server/em, and verify that you have access to the shared folder with read and write permission from your desktop machine, by creating and deleting a file in the share. The only settings you will have to enter on your LAN machine to gain access are:/pbr /ullithe correct workgroup (Samba defaults to MSHOME),/lilithe server's address which is tt192.168.0.1/tt in our setup,/lilithe name of the share which is ttpublic/tt in our setup,/lilibno/b username or password is required./li/ulbr /h414. TorrentFlux/h4br /pFor those of us who use Bittorrent for peer-to-peer file sharing, we will install TorrentFlux, which is a Web-based Bittorrent client. Some of the advantages of using TorrentFlux include;/pbr /ullirunning all Torrents on a single machine, so your workstations do not bear that load,/liliother machines need not be left running solely for the Torrent connections,/liliautomatically sharing the downloaded files across the LAN,/lililimiting of bandwidth usage of Torrent downloads,/liliqueueing of Torrent connections./li/ulbr /pIn your Web browser, go to the a href="http://www.torrentflux.com"TorrentFlux Web site/a, and download the latest version of TorrentFlux. In Webmin, go to emOthers gt; Upload and Download/em. In the em"Upload files to server"/em section, browse to the tttorrentflux_2.x.tar.gz/tt file you just downloaded in the em"Files to upload"/em field. In the field em"File or directory to upload to"/em, enter tt/var/www/tt. Select in the emExtract ZIP or TAR files/em options the ttYes, then delete/tt radio button. Click em"Upload"/em to upload, and unpack TorrentFlux./pbr /pUsing emOtherFile Manager/em, browse to the tt/var/www/torrentflux_2.x/tt directory, and double-click the ttINSTALL/tt file, to open it in your browser. Read the instructions carefully./pbr /pFirst, and very important, we will set the root password for our MySQL database. Note that this root user is different from the system root user. The same applies to all MySQL users./pbr /pGo to emServers gt; MySQL Database Server/em, and click emUser Permissions/em from the emGlobal Options/em section. From the list of users, click on any of the instances of root. In the password field, select emSet to../em, and enter a password for the MySQL root user. You may be asked to log in, after setting the password. Repeat for all the other instances, with the same password./pbr /pTorrentFlux uses MySQL for its database features. So, let us go ahead and create a database for TorrentFlux. On the main MySQL page, click emCreate a new database/em. In the em"Database name"/em field, enter tttorrentflux/tt and don't make any other changes. Click emCreate/em./pbr /pTo create the required tables, click on the torrentflux database we just created, then click the em"Execute SQL"/em button. In the second section, which says em"Select an SQL commands file to execute on database"/em, select em"From local file"/em, and browse to the file tt/var/www/torrentflux_2.x/sql/mysql_torrentflux.sql/tt, click emOk/em, and then emExecute/em. Now, if you return to the table list, you will see that some tables have been created./pbr /pFor security reasons, we will create a MySQL user specifically for TorrentFlux. On the MySQL main page, click em"User Permissions"/em, and then em"Create new user"/em. Enter the following, and make sure to select the appropriate radio buttons:/pbr /ulliemUsername/em = tttorrentflux/tt,/liliemPassword/em = *enter a password which you will add to the config.php file later*,/liliemHosts/em = ttlocalhost/tt,/li/ulbr /pDon't select any of the permissions, and Save./pbr /pNow, we will allow this new user to modify the torrentflux database, only. Back on the MySQL main page, click on em"Database Permissions"/em, and then on em"Create new database permissions"/em. Remembering to select the appropriate radio buttons, select the following;/pbr /ulliemDatabases/em = tttorrentflux/tt (from the drop-down menu),/liliemUsername/em = tttorrentflux/tt,/liliemHosts/em = ttlocalhost/tt./li/ulbr /pFor the permissions, hold the Ctrl key, and select the following;/pbr /ulttliSelect table data,/liliInsert table data,/liliUpdate table data,/liliDelete table data,/liliCreate tables,/liliDrop tables,/liliAlter tables./li/tt/ulbr /pThat's it; we're done with MySQL!/pbr /pNow, we will tell TorrentFlux about the database settings we have just implemented. Using the Java browser, navigate to tt/var/www/torrentflux_2.x/html/tt, select the ttconfig.php/tt file, and click em"Edit"/em. Modify the em"Your database connection information"/em section, entering the correct settings. Hints are provided. It should look something like this:/pbr /ptt$cfg["db_type"] = "mysql"; // mysql, postgres7 view adodb/drivers/br$cfg["db_host"] = "localhost"; // DB host computer name or IPbr$cfg["db_name"] = "torrentflux"; // Name of the Databasebr$cfg["db_user"] = "torrentflux"; // username for your MySQL databasebr$cfg["db_pass"] = "/tt*password for MySQL user torrentflux*"tt; // password for database/tt/pbr /pSave and close./pbr /pNow, we will tell the Web server, Apache [httpd,] to serve TorrentFlux on port 80. Go to emServers gt; Apache Web server/em. You should have a Default Server and a Virtual Server, set up for you already. Click on the emVirtual Server/em, and, at the bottom, in the em"Virtual Server Details"/em section, make the following changes;/pbr /ulliemAddress/em = ttAny/tt,/liliemPort/em = tt80/tt (don't forget to select the radio button),/liliemDocument Root/em = tt/var/www/torrentflux_2.x/html/tt (replace the "x" with your version number),/li/ulbr /pand Save. Then, on the Apache server page, click em"Apply Changes"/em at the top right./pbr /pNow, in your browser, navigate to t [192.168.0.1] and you should get the TorrentFlux login page. Note that the username and password you enter here will create the administrator's account settings. Don't forget these. Choose wisely, and proceed to login./pbr /pYou will be taken to the settings page, where we will change a few things./pbr /ulliemPath/em = tt/home/public/tt/liliemMax Upload and Download rates/em: set these to your liking. If you have broadband, I would suggest setting the max upload rate to 5% of your total Internet bandwidth, and your max download rate to 40%. This should allow modest bandwidth for Web browsing, even with two Torrent downloads running. Ultimately, the choice is yours./liliemPort Range/em = tt40000/tt - tt40010/tt/li/ulbr /pHave a look at the other settings, and change them as you wish. You can change them later, as well. Click em"Update Settings"/em. There are "lights" that indicate problems in your settings. All should be green. Notice that TorrentFlux will download directly to our shared folder, giving instant access over the LAN./pbr /pA nice feature of TorrentFlux is queueing. Click on em"queue"/em at the top, and choose if you want to enable it, and define how many torrent connections you want to allow to run in total (server threads) and per user (user threads). Click em"Update Settings"/em. Going with the 40% max download bandwidth per Torrent and allowing two connections total to run at a time still leaves 20% of the bandwidth for Web browsing./pbr /pUse the em"new user"/em page to create normal or admin users for any one you want to grant access to. Other settings include search engine options and filters, external links, rss feeds, and database backups./pbr /pAdding torrents is done either by uploading from your desktop machine, pasting the URL of the torrent file, or searching using the available search engines. Files will be saved in folders according to TorrentFlux usernames in the shared folder./pbr /pNow, we will open ports 40000-40010 in Shorewall for the Torrent software to work properly. Go to emNetworking gt; Shorewall Firewall gt: Firewall Rules gt; Manually Edit File/em, and paste this rule at the end:/pbr /prett#torrentfluxbr /ACCEPT net $FW tcp 40000:40010/tt/prebr /pIf you wish to access your TorrentFlux from the Internet, e.g., while at work, and have a static external IP address, simply open port 80 on the external firewall, by adding this rule:/pbr /prett#Apache Web serverbr /ACCEPT net $FW tcp 80/tt/prebr /pClick emSave/em, and then emApply Configuration/em in the Shorewall main page. You can then access TorrentFlux from anywhere, by browsing to t [*your] external IP address*/tt/pbr /pIf you have a dynamic IP address, then you will also have to use a service such as that provided by a href="http://www.dyndns.com/services/dns/dyndns"Dynamic DNS/a, which is free. Instructions for this are available on a href="http://ubuntuguide.org/wiki/Ubuntu:Feisty#How_to_assign_Hostname_to_local_machine_with_dynamic_IP_using_free_DynDNS_service"ubuntuguide.org/a. Although they are meant to be done at the actual machine, you can do them through Webmin, running the sudo commands in emOthers gt; Command Shell/em and editing the ttdyndns_update/tt file in the Java file manager tool./pbr /pOne thing to be wary of is completely filling up your hard disk. This will inevitably cause problems. So, just make sure you have enough space, before you decide to run your Torrent session./pbr /h415. System logs/h4br /pSpeaking of space, although system log files are useful in diagnosing problems, they sometimes occupy a whole lot of space. We will now limit the size of the log files./pbr /pGo to emSystem gt; Log File RotationEdit Global Options/em and set the em"Maximum size before rotating"/em to tt50M/tt (for 50MB) and the em"Number of old logs to keep"/em to tt4/tt. This should allow you to have decent system logs, without eating up all your disk space. For a few days under normal use, keep an eye on the size of log files in tt/var/log/tt using the Java file manager. See which logs are huge, fiddle with their settings in emSystemLog File Rotation/em and emSystemSystem Logs/em. Bear in mind that all that logging might be due to a real problem in your system. In general, though, the debug logs are pretty massive, and not very important for our purpose, especially the ones that debug network traffic./pbr /h416. Backing up Webmin configurations/h4br /pOnce you have set everything up, and all is working fine, it would be wise to backup your settings, in case you get too adventurous trying to fiddle around and break something, or even if you decide to change your server machine. This will enable you to restore all your settings./pbr /pGo to emWebmin gt; Backup Configuration Files/em. In the em"Modules to backup"/em list, select all of them (using the ttShift/tt key); for the emBackup destination/em choose emLocal file/em, and enter a path, e.g., tt/home/*admin username*/backup-*date*.tar/tt; in the em"Include in backup"/em section, check em"Webmin module configuration files"/em and em"Server configuration files"/em, and click em"Backup Now"/em. I recommend naming your backup files including the date, as choosing which one to restore from becomes easier./pbr /pIf you wish, you can set up Webmin to periodically backup your configurations automatically, in the em"Scheduled backups"/em section. I set mine to backup up daily and weekly. Previous scheduled backups are replaced, and only the latest one is kept. Restoring is simply a matter of choosing which modules to restore, from which backup file, and whether the configurations should be applied./pbr /h417. Updating your server/h4br /pOnce in a while, it would be wise to update your server to get the latest fixes and patches. Do this by going to emSystemSoftware Packages/em, and in the em"Upgrade all Packages"/em section, select:/pbr /ulliemResynchronize package list/em = ttYes/tt,/liliemUpgrade mode/em = ttNormal upgrade/tt,/liliemOnly show which packages would be upgraded/em = ttNo/tt./li/ulbr /pClick em"Upgrade Now"/em, and it will all be done automagically, giving all the information about the upgrade. Also periodic upgrades to Webmin, as we did at the beginning of this guide, are advisable./pbr /phr/pbr /pOther tools and functionality you may be interested in including:/pbr /ullia href="http://ubuntuguide.org/wiki/Ubuntu:Feisty#SSH_Server"SSH/a will allow you log in to your server in CLI over any network, while keeping everything encrypted and secure. I would recommend this, as everything else pales in comparison to the CLI, when it comes to control over your system./liliusing a href="http://ubuntuguide.org/wiki/Ubuntu:Feisty#Apache [HTTP_Server"Apache] HTTPd, to host your own Web sites in tandem with services like Dynamic DNS,/lilia href="http://coppermine-gallery.net/"Coppermine Gallery/a or a href="http://ubuntuguide.org/wiki/Ubuntu:Feisty#Image_Gallery_Server"Image Gallery Server/a, for sharing your photos online while keeping them off public services,/lilihosting an a href="http://ubuntuguide.org/wiki/Ubuntu:Feisty#FTP_Server"FTP server/a, to share files over the Internet/liliusing a href="http://www.ubuntugeek.com/send-and-receive-your-hotmail-messages-through-evolution.html"hotway/a and a href="http://www.freepops.org/en/"freepops/a, to get your Hotmail and Yahoo mail right in your e-mail client,/liliThe list is endless, really, from disk quotas to clusters, and to think we have only used a fraction of the features in Webmin! Poke around! It only gets more interesting, and besides... what are backups for, anyway?/li/ulbr /pAs you may have gathered by now, administering a Linux server is not a brain-twisting business, as some may have you think. Once you have everything set up to meet your needs, your LAN server/gateway should run like clockwork, requiring only occasional upgrades and maybe a pat on the back. Moreover, Webmin makes it a pleasant point-and-click affair, although, like everything else, you have to know what it is you want to do. This is where the vast documentation and help from the Linux community is priceless and indispensable./pbr /pWith luck, everything has worked as expected, so far, and you now benefit from a free (as in free speech), powerful, flexible, easy-to-manage, easy-to-use, and cheap solution to your home networking needs. This, dear friends, is the brilliance of free and open source software!/pbr /pstrong[NOTE]/strong A huge thanks goes to the community at a href="http://www.linuxgazette.net"Linux Gazette/a and especially a href="http://linuxgazette.net/authors/moen.html"Rick Moen/a for proof reading this article and reviewing it from a technical and security stand point./p

The Linux Mint Planet » August 2, 2007

Feeds

(1 unread)

Serving Your Home Network on a Silver Platter with Ubuntu