NAS Server
After being affected by a ransomware, I started paying Dropbox so my files could be always backed up. But I had some security concerns regarding the online storage of personal files, so I decided to mount a NAS Server for them using a Raspberry Pi and Seafile file-hosting software.
The goal is to setup a local server with RAID 1, to ensure the data in case of one of the disk fails, like it has happened to me before :c.
Hardware
Raspberry Setup
Let's start by enabling the VNC server on the raspberry pi as it follows:
Now it's time to configure the security settings.
*Before you can delete the user don't forget to remove "access as pi user " in the Raspberry Configuration menu and reboot.
And then to remove the pi home folder just do:
sudo rm -rf /home/pi
We will setup the firewall and fail2ban later.
If the drives are news you can follow this video to configure them using Gnome Partition Editor. You can download Gnome Partition Editor by searching "gparted" on the "Add/ Remove Software" menu.
Then we need to install mdadm for setup the RAID configuration:
sudo apt-get install mdadm
For RAID 1, we use the following command:
sudo mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/sda1 /dev/sdb1
Then we check it by:
cat /proc/mdstat
Then let save the RAID configuration
sudo -i
mdadm --detail --scan >> /etc/mdadm/mdadm.conf
cat /etc/mdadm/mdadm.conf | tail
Output should be like:
Now lets create the file system using Gnome Partition Editor
Then:
Setup the size of the new partition and click Ok.
Then in the terminal type:
sudo mkfs.ext4 /dev/md0
Expected output:
Then
sudo mount /dev/md0 /mnt
sudo blkid
Output:
So, we copy the UUID for /dev/md0 and then
sudo vim /etc/fstab
And we add the following line:
UUID=uuid_copied /mnt ext4 defaults 0 0
then:
sudo chown -R pi:pi /mnt
sudo chmod -R 0777 /mnt
For further details you can check the following link.
Now is time to install the database using mariaDB:
sudo apt-get remove mariadb-server
Then install the software-properties-common:
sudo apt-get install software-properties-common
Then add the key:
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
Then install mariaDB
sudo apt update
sudo apt -y install mariadb-server mariadb-client
Then:
sudo mysql_secure_installation
You can check the following link.
Now its time to create the databases:
sudo mysql -u root -p
CREATE DATABASE seafile;
CREATE DATABASE ccnet;
CREATE DATABASE seahub;
Now we create the user:
CREATE USER 'seafile'@'localhost' IDENTIFIED BY 'password';
Now we grant privilieges:
GRANT ALL ON seafile.* TO 'seafile'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
GRANT ALL ON ccnet.* TO 'seafile'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
GRANT ALL ON seahub.* TO 'seafile'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
Now its time to install the dependencies needed:
sudo apt-get install python2.7 libpython2.7 python-setuptools python-pil python-ldap python-urllib3 ffmpeg python-pip python-mysqldb python-memcache python-requests unzip wget python libpython3.6 ffmpeg
pip install certifi idna
cd /mnt
wget https://github.com/haiwen/seafile-rpi/releases/download/v7.0.5/seafile-server_7.0.5_stable_pi.tar.gz
sudo tar -xvzf seafile-server_*
cd seafile-server-7.0.5/
Sudo ./setup-seafile-mysql.sh
Follow the instruction from here
Then in the file conf/gunicorn.conf dont forget to change it as it follows:
sudo vim conf/gunicorn.conf
Now it is time to download and setup nginx:
sudo apt -y install nginx
sudo vim /etc/nginx/sites-available/seafile.conf
And copy the following configuration:
sudo rm /etc/nginx/sites-enabled/default
ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
Now lets setup the Systemd Service
sudo vim /etc/systemd/system/seahub.service
sudo vim /etc/systemd/system/seafile.service
Finally:
sudo systemctl daemon-reload
sudo systemctl start seafile && sudo systemctl enable seafile
sudo systemctl start seahub && sudo systemctl enable seahub
Now, you should able to log into your server by at 127.0.0.1:8000 or your ip:8000.
Advanced Settings
First lets check the nginx version by:
sudo nginx -v
if its above 1.8.0 then we can add the following line in:
sudo vim /etc/nginx/sites-enabled/seafile.conf
Further configuration can be found here.
For safety reason, we need to avoid that nginx display his version, for that we remove the # in the line server_tokens off in the file:
sudo vim /etc/nginx/nginx.conf
Also we need to set a root password by:
sudo passwd
Then we add in the file /etc/sudoers
sudo vim /etc/sudoers
For adding captcha install the following stuff:
pip3 install django-simple-captcha
pip3 install django-recaptcha
pip3 install captcha
Firewall setup
For installation:
sudo apt-get install ufw
Then lets add the important ports:
sudo ufw allow 80/tcp
sudo ufw allow 8000/tcp
sudo ufw allow 8082
sudo ufw allow 22
Now, for enabling the firewall:
sudo ufw enable
And for checking:
sudo ufw status
More details here.
Fail2Ban Configuration
Install using:
sudo apt install fail2ban
Then create a file in /etc/fail2ban/ and write the following
sudo vim/etc/fail2ban/jail.local
SSMTP Configuration
So ssmtp is unmaintained but is good enough for us:
sudo apt-get install ssmtp
sudo vim /etc/ssmtp/ssmtp.conf
For Fail2ban add
sudo vim /etc/fail2ban/jail.local