PHP Code:
Setup
Linux
Torrent auto uploader by Janhouse can probably be used on any Linux distribution (and it has been tested on CentOS, various Debian and Ubuntu versions and ArchLinux) but this guide explains setup on Debian based distributions (Debian and Ubuntu). If you are experienced enough, you can probably set it up on other distributions as well.
Dependencies
While the Torrent Uploader (Tuper) depends on Perl and various Perl modules, some bittorrent client is needed for actual downloading and uploading, and web server with PHP is required to use Web panel and browser plugin. Uploader is made to work better with rTorrent bittorrent client. And for the sake of simpleness of the setup, Apache2 will be used as the web server.
If you are on a freshly installed box, make sure you first install sudo as user root.
apt-get update
apt-get install sudo
Then install other dependencies that will be needed to compile rtorrent and perl modules.
If some of the following packages doesn't exist (e.g. mktorrent or rar, you can remove them from the list and continue on, they are needed only for auto extract feature). While all of them should be there for later Ubuntu versions, Debian needs to have non-free and contrib repositories enabled. You can Google how to do it, or use this How To .
If you are on older Debian version, like Debian Lenny, PHP 5.3 won't be in the package list. In this case you can use Dotdeb repository. Insturctions on adding it are here .
sudo apt-get update
sudo apt-get install subversion build-essential libtool automake openssl libsigc++-2.0-dev libncurses5-dev libncursesw5-dev libcurl4-openssl-dev libcppunit-dev irssi screen apache2 libapache2-mod-php5 php5 php5-sqlite libapache2-mod-scgi php5-xmlrpc git-core rar mktorrent libxml-parser-perl libexpat1-dev unzip
Install Perl modules using cpan.
Uploader needs these Perl modules: Config::Tiny Convert::Bencode Date:arse DBI DBD::SQLite Digest::SHA1 HTML::Strip IO::Async IO::Async::SSL JSON::XS Net::BitTorrent::File PAR URI::Escape WWW::Curl XML::RPC XML::Simple String::CRC32 Encode LWP LWP::UserAgent LWP:rotocol::https HTTP::Cookies HTTP::Cookies::Netscape HTTP::Request HTTP::Request::Common URI Net::RTorrent::Socket XML:arser
First time starting cpan it will ask if you want it to configure automatically. Just press enter to accept default value (yes).
cpan
After it successfully configures cpan, cpan shell will open.
cpan[1]>
In it, execute the following command. It will keep asking if it should connect to the internet or install some additional modules. Just accept the default values by pressing enter.
force install Config::Tiny Convert::Bencode Date:arse DBI DBD::SQLite Digest::SHA1 HTML::Strip IO::Async IO::Async::SSL JSON::XS Net::BitTorrent::File PAR URI::Escape WWW::Curl XML::RPC XML::Simple String::CRC32 Encode LWP LWP::UserAgent LWP:rotocol::https HTTP::Cookies HTTP::Cookies::Netscape HTTP::Request HTTP::Request::Common URI Net::RTorrent::Socket
To quit cpan shell, after everything is installed, use "quit" command.
Compiling rTorrent
Let's make source directory
cd ~/
mkdir src
Following are instructions for compiling rTorrent with xmlrpc-c from SVN.
If errors come up during the setup, instead of SVN version, try using the stable version that can be downloaded from rTorrent web page .
Or you could use pyroscope setup script that will get all the dependencies and install rTorrent with some additional patches for the user that executes the script. (This could help for older outdated distribution versions). Guide can be found here .
Installing stable rTorrent:
Install libtorrent
wget http://libtorrent.rakshasa.no/...orrent-0.12.9.tar.gz
tar zxvf libtorrent-0.12.9.tar.gz
cd libtorrent-0.12.9
./autogen.sh
./configure
make
sudo make install
cd ../
Install xmlrpc-c
svn co https://xmlrpc-c.svn.sourcefor...oot/xmlrpc-c/stable/ xmlrpc-c-svn
cd xmlrpc-c-svn
./configure --disable-cplusplus
make
sudo make install
cd ../
Install rtorrent with xmlrpc-c support
wget http://libtorrent.rakshasa.no/...torrent-0.8.9.tar.gz
tar zxvf rtorrent-0.8.9.tar.gz
cd rtorrent-0.8.9
./autogen.sh
./configure --with-xmlrpc-c
make
sudo make install
echo "include /usr/local/lib" | sudo tee -a /etc/ld.so.conf
sudo ldconfig
cd ../
Apache (web panel)
Enable mod_scgi by executing following command.
sudo a2enmod scgi
Add SGCI mounts to /etc/apache2/httpd.conf
SCGIMount /rt1 127.0.0.1:5000
SCGIMount /rt2 127.0.0.1:5001
Create user that will be running Tuper and rTorrent. You can use whatever username and home directory you like but default configuration files use user "tup" with home directory /home/tup/ .
sudo adduser tup
Add Apache alias to default virtualhost by editing /etc/apache2/sites-available/default .
Web files will be located in /home/tup/www/ directory.
Add the following lines after "DocumentRoot" line.
Alias /auto/ "/home/tup/www/"
<Directory "/home/tup/www/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Create the web directory and set up permissions. Since Apache2 on Debian and Ubuntu runs from user www-data, chown it to that user.
sudo mkdir -p /home/tup/www
sudo chown www-data:tup /home/tup/www
sudo chmod g+rxw /home/tup/www
Restart Apache2. See if any errors come up. If there are errors, fix them and repeat the command.
sudo /etc/init.d/apache2 restart
If you now navigate to http://YOUR_HOST/auto/ , you should see empty directory index.
Edit /etc/sudoers file, to allow www-data to execute rTorrent and Tuper status scripts as user tup without entering password.
www-data ALL=(tup) NOPASSWD: /home/tup/tuper/status.sh, /home/tup/tuper/start-screen.sh
Getting Tuper from SVN
Login as user tup (you can switch to it quickly by doing "sudo -i -u tup").
Check out tuper, web_panel and browse_plugin folders from SVN.
SVN client will ask for password for user "tup". Do not enter it and press enter, it will then ask for different username. Enter your SVN username and password.
cd /home/tup
svn co https://svn.janhouse.lv/repos/tuper-v3/trunk/tuper/ tuper/
svn co https://svn.janhouse.lv/repos/tuper-v3/trunk/web_panel/ www/web_panel/
svn co https://svn.janhouse.lv/repos/tuper-v3/trunk/browser_plugin/ www/browser_plugin/
Configuring Tuper
Create needed directories and configuration files.
For Tuper to store .torrent files, .nfo, database and cookiejar:
mkdir -p storage/store
Session directories for rtorrent, downloads and watch directories:
mkdir .session1
mkdir .session2
mkdir downloads
mkdir storage/watch1
mkdir storage/watch2
... must finish.
cd tuper
mv default.tuper.conf tuper.conf
mv default.tuper.db ../storage/tuper.db
mv default.tuper.filter.conf tuper.filter.conf
cd ../www/web_panel
mv default.config.inc.php config.inc.php
cd ../browser_plugin
mv default.upload_plugin_config.php upload_plugin_config.php
Add username and key in /home/tup/tuper/tuper.conf and you should be able to run it.
Ok you dont need a pin or anything for this .. All you need is to make sure those keys ( pin ) match in the browser plugin an the tup.config an if you need help ask I will sort it out I used it an have all the details
second guide
PHP Code:
This guide assumes a few things:
- Ubuntu 10.04
- You are connecting via Putty
- After you are done editing via nano you know to hit Ctrl-O, Enter, Ctrl-X
- This is on a remote server by OVH, Leasweb, etc... and you have root access
- You are not retarded and can follow insructions :)
- You know this will not setup all configurations for your specific site and/or your sources. This is a stepping stone.
- You do not have to do all of the things in this guide if you do not want to. Pick and choose if youd like.
This guide shows you how to setup and configure for:
- Setup root password, Delete Authorized Keys, Update System
- Add user tup, Set visudo permissions
- SSH setup
- Windows Auto Logon SSH Tunnel
- Install Packages
- Setup tinyproxy (Proxy server to hide your IP, and this setup does so as Anonymous)
- Ubuntu Desktop - Gnome No Recommended Packages
- FreeNX
- CPAN (for tuper client)
- Tuper Client
- rTorrent - libtorrent - xmlrpc
- ruTorrent
- Apache
- Webmin
- FTP (SFTP only)
- Linux Firewall
- Fail2Ban
- This guide is just an edit to a thread I made on T-I, I just added Jans Wiki to it for the auto uploader.
- This guide is for those having troubles understanding how servers work and/or are new to Linux.
- There are many, many ways to configure a server with the packages in this guide. If you have a better/newer/easier way for any of them leave a comment and maybe it will replace mine.
- ...and lastly I hope this helps most n00bs in setting up thier servers and getting that much closer to learning how tuper works.
- I lied....and now lastly....Thank You Jans for the awesome uploader, and to dent and all other who help out as well in forums in problem solving/reporting. :)
Now....On with the show....
#Setup root password, Delete Authorized Keys, Update System
- sudo passwd
- ls .ssh/authorized_keys2
- rm .ssh/authorized_keys2
- apt-get update && apt-get upgrade
- apt-get clean && apt-get autoclean
#Add user tup, Set visudo permissions
- adduser tup
- visudo
root ALL=(ALL) ALL
tup ALL=(ALL) NOPASSWD: ALL
www-data ALL=(ALL) NOPASSWD: ALL
nx ALL=(ALL) NOPASSWD: ALL
#SSH setup
- sudo nano /etc/ssh/sshd_config
Port 22002
Protocol 2
PermitRootLogin no
X11Forwarding no
UseDNS no
AllowUsers tup
- sudo service ssh reload
#Windows Auto Logon SSH Tunnel
- MyEnTunnel
On your Windows machine open your internet browser and go to
http://nemesis2.qx.net/pages/MyEnTunnel
Scroll down and download the latest Stable version.
-Install it as Windows Service
-Open MyEnTunnel
-Click the settings tab
-Set your settings as if it were Putty
SSH Server = <Server IP address>
SSH Port = <Servers SSH Port>
Username = <Your Normal User on the Server>
Passphrase = <Your Normal User's Password on the Server>
Port = <Whatever port you want your tunnel to be under. I set mine to the same as the SSH Port on the server for less confusion>
-Check mark whatever boxes youd like. Enable Dynamic Socks MUST be checked.
Other notable ones would be:
Connect on Startup
Reconnect on Failure
Infinite Retry Attempts
-Click Connect, and after it has connected click Save, and then Hide. Now it is in your systray, and will always auto reconnect if dropped.
-Any program you want to use this tunnel (Firefox, uTorrent, mIRC, etc...) you must set it to use a SOCKS5 proxy with the IP address of 127.0.0.1 and the Port for
whatever you chose MyEnTunnel to use.
#Install Packages
- sudo apt-get update && sudo apt-get upgrade
- sudo apt-get clean && sudo apt-get autoclean
- sudo apt-get install apache2 apache2.2-common apache2-utils aptitude apt-show-versions autoconf automake autotools-dev binutils build-essential bzip2 ca-certificates comerr-dev cpp cpp-4.1 curl dpkg-dev fail2ban file firestarter g++ g++-4.1 gawk gcc gcc-4.1 git-core htop irssi libapache2-mod-php5 libapache2-mod-scgi libapr1 libaprutil1 libapt-pkg-perl libauthen-pam-perl libc6-dev libcppunit-dev libcurl3 libcurl4-openssl-dev libexpat1 libexpat1-dev libidn11 libidn11-dev libkdb5-4 libgssrpc4 libkrb5-dev libmagic1 libncurses5 libncurses5-dev libncursesw5-dev libneon26 libnet-ssleay-perl libpam-runtime libio-pty-perl libpcre3 libpq5 libsigc++-2.0-dev libsqlite0 libsqlite3-0 libssl-dev libssp0-dev libstdc++6-4.1-dev libsvn1 libtool libwww-perl libxml2 libxml-parser-perl linux-libc-dev lynx m4 make mktorrent mime-support ntp ntpdate openssl patch perl perl-base perl-modules php5 php5-cgi php5-cli php5-common php5-curl php5-dev php5-geoip php5-sqlite php5-xmlrpc pkg-config python python-minimal python-scgi rar screen sqlite ssl-cert subversion tinyproxy ucf unrar unzip zlib1g-dev
#Setup tinyproxy
- sudo apt-get update && sudo apt-get upgrade
- sudo apt-get clean && sudo apt-get autoclean
- sudo nano /etc/tinyproxy.conf
Port 32002
BindSame yes
ErrorFile 404 "/usr/share/tinyproxy/404.html"
ErrorFile 400 "/usr/share/tinyproxy/400.html"
ErrorFile 503 "/usr/share/tinyproxy/503.html"
ErrorFile 403 "/usr/share/tinyproxy/403.html"
ErrorFile 408 "/usr/share/tinyproxy/408.html"
LogLevel Critical
XTinyproxy No
Allow 127.0.0.1
Allow XXX.XXX.XXX.XXX
DisableViaHeader Yes
#ConnectPort 443
#ConnectPort 563
- sudo service tinyproxy start
#Ubuntu Desktop - Gnome No Recommended Packages
- sudo apt-get update && sudo apt-get upgrade
- sudo apt-get clean && sudo apt-get autoclean
- sudo aptitude install --without-recommends ubuntu-desktop
#FreeNX
- sudo apt-get update && sudo apt-get upgrade
- sudo apt-get clean && sudo apt-get autoclean
- sudo add-apt-repository ppa:freenx-team
- sudo apt-get install python-software-properties
- sudo apt-get install freenx
- wget https://bugs.launchpad.net/freenx-server/+bug/576359/+attachment/1378450/+files/nxsetup.tar.gz
- tar xvf nxsetup.tar.gz
sudo cp nxsetup /usr/lib/nx/nxsetup
- sudo /usr/lib/nx/nxsetup --install
Now install NXclient on your home machine and connect through your SSH port
#Unlimited Open Files
- su root
- nano /etc/pam.d/su
session required pam_limits.so
- nano /etc/security/limits.conf
soft nofile 100000
hard nofile 100000
-reboot
#CPAN
-sudo cpan
Hit Enter when asked to accept defaults
-force install Config::Tiny Convert::Bencode Date::Parse DBI DBD::SQLite Digest::SHA1 HTML::Strip IO::Async IO::Async::SSL JSON::XS Net::BitTorrent::File PAR URI::Escape WWW::Curl XML::RPC XML::Simple String::CRC32 Encode LWP LWP::UserAgent LWP::Protocol::https HTTP::Cookies HTTP::Cookies::Netscape HTTP::Request HTTP::Request::Common URI Net::RTorrent::Socket ExtUtils::Constant Socket
Hit Enter to accept and install and other dependency modules when asked
-exit
#Tuper Client
- cd /home/tup
- svn co https://svn.janhouse.lv/repos/tuper-v3/trunk/tuper/ tuper/
- svn co https://svn.janhouse.lv/repos/tuper-v3/trunk/web_panel/ www/web_panel/
- svn co https://svn.janhouse.lv/repos/tuper-v3/trunk/browser_plugin/ www/browser_plugin/
When asked for SVN user and pass enter them.
Store them if youd like as well.
- mkdir storage
- cd storage && mkdir store watch1 watch2 && cd ~
- mkdir .session1 .session2 downloads
- cd tuper
- mv default.tuper.conf tuper.conf
- mv default.tuper.db ../storage/tuper.db
- mv default.tuper.filter.conf tuper.filter.conf
- cd ../www/web_panel
- mv default.config.inc.php config.inc.php
- cd ../browser_plugin
- mv default.upload_plugin_config.php upload_plugin_config.php
- nano upload_plugin_config.php
Change the password to something storng, for example:
$access_key="EK&fY308VfdP";
- nano /home/tup/tuper/tuper.conf
Add your username and key given to you by Jans:
username=
key=
#rTorrent - libtorrent - xmlrpc
- cd ~ && mkdir apps && cd apps
- svn co https://xmlrpc-c.svn.sourceforge.net/svnroot/xmlrpc-c/advanced xmlrpc-c
- wget http://libtorrent.rakshasa.no/downloads/libtorrent-0.13.2.tar.gz
- wget http://libtorrent.rakshasa.no/downloads/rtorrent-0.9.2.tar.gz
- tar zxfv libtorrent-0.13.2.tar.gz
- tar zxfv rtorrent-0.9.2.tar.gz
- cd xmlrpc-c
- ./configure && make && sudo make install
- cd ../libtorrent-0.13.2
- ./configure && make && sudo make install
- cd ../rtorrent-0.9.2
- ./configure --with-xmlrpc-c && make && sudo make install
- sudo ldconfig && cd ..
- rm *.tar.gz
- cd ~ && mkdir rtorrent && cd rtorrent
- mkdir .session downloads torrents
- cd ~ && nano .rtorrent.rc
#bind = 127.0.0.1
#ip = 127.0.0.1
encryption=allow_incoming,try_outgoing,enable_retry
upload_rate = 30000
download_rate = 95000
use_udp_trackers = no
min_peers = 500
max_peers = 500
min_peers_seed = 100
max_peers_seed = 500
max_uploads = 300
directory = /home/tup/downloads/
session = /home/tup/.session1/
schedule = watch_directory,5,5,load_start=/home/tup/storage/watch1/*.torrent
schedule = tied_directory,5,5,start_tied=
schedule = untied_directory,5,5,close_untied=
system.method.set_key = event.download.inserted_new,mark_start,"execute=/home/tup/tuper/tuper.sh,astatus,started,$d.get_hash="
system.method.set_key = event.download.finished,mark_fin,"execute=/home/tup/tuper/tuper.sh,astatus,uploaded,$d.get_hash="
system.method.set_key = event.download.finished,notify_me,"execute=/home/tup/tuper/tuper.sh,aupload,$d.get_hash="
system.method.set_key = event.download.erased,mark_erase,"execute=/home/tup/tuper/tuper.sh,adel,down,$d.get_hash="
port_range = 21006-21010
check_hash = no
encryption = allow_incoming,enable_retry,prefer_plaintext
#hash_read_ahead = 8
#hash_max_tries = 5
#hash_interval = 10
Enable the default ratio group.
ratio.enable=
Change the limits, the defaults should be sufficient.
ratio.min.set=120
ratio.max.set=200
ratio.upload.set=20M
Changing the command triggered when the ratio is reached.
system.method.set = group.seeding.ratio.command, d.erase=
scgi_port = localhost:5000
#scgi_local = /home/tup/rpc.socket
dht = disable
peer_exchange = no
- nano .rtorrent2.rc
#bind = 127.0.0.1
#ip = 127.0.0.1
encryption=allow_incoming,try_outgoing,enable_retry
upload_rate = 95000
download_rate = 15000
use_udp_trackers = no
min_peers = 500
max_peers = 500
min_peers_seed = 500
max_peers_seed = 500
max_uploads = 500
directory = /home/tup/downloads/
session = /home/tup/.session2/
schedule = watch_directory,5,5,load_start=/home/tup/storage/watch2/*.torrent
schedule = tied_directory,5,5,start_tied=
schedule = untied_directory,5,5,close_untied=
system.method.set_key = event.download.inserted_new,mark_seeded,"execute=/home/tup/tuper/tuper.sh,astatus,seeded,$d.get_hash="
system.method.set_key = event.download.erased,mark_erase,"execute=/home/tup/tuper/tuper.sh,adel,up,$d.get_hash="
port_range = 21001-21005
check_hash = no
encryption = allow_incoming,enable_retry,prefer_plaintext
#hash_read_ahead = 8
#hash_max_tries = 5
#hash_interval = 10
Enable the default ratio group.
#ratio.enable=
Change the limits, the defaults should be sufficient.
ratio.min.set=850
ratio.max.set=1200
ratio.upload.set=250M
Changing the command triggered when the ratio is reached.
system.method.set = group.seeding.ratio.command, d.erase=
scgi_port = localhost:5001
#scgi_local = /home/tup/rpc.socket
dht = disable
peer_exchange = no
- screen dmS rtorrent1 rtorrent -n -o import=~/.rtorrent.rc
screen -dmS rtorrent2 rtorrent -n -o import=~/.rtorrent2.rc
#ruTorrent
- cd ~ && mkdir www && cd www
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/rutorrent
- mv rutorrent rtorrent1
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/rutorrent
- mv rutorrent rtorrent2
- cd rtorrent1/plugins
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/plugins/throttle
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/plugins/ratio
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/plugins/Diskspace
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/plugins/Source
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/plugins/Data
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/plugins/Cpuload
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/plugins/Theme
- sudo svn co http://rutorrent.googlecode.com/svn/trunk/plugins/Data
- cd ../ && cp -R plugins /home/tup/www/rtorrent2/
#Set permissions
- cd ~ && sudo chown R tup:tup /home/tup
cd ~ && sudo chown -R www-data:www-data www && sudo chmod -R 777 rutorrent
#Apache
- sudo a2enmod ssl
- sudo a2enmod auth_digest
- sudo a2enmod scgi
- sudo nano /etc/apache2/apache2.conf
Add these lines lines at the end:
SCGIMount /rt1 127.0.0.1:5000
SCGIMount /rt2 127.0.0.1:5001
servername localhost
- openssl req $@ new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
chmod 600 /etc/apache2/apache.pem
- sudo htdigest c /etc/apache2/passwords gods tup
sudo nano /etc/apache2/sites-available/default
Replace all instances of <servername or IP> with your real servername or IP
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /home/tup/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/tup/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
Possible values include: debug, info, notice, warn, error, crit,
alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<Location /rtorrent1>
AuthType Digest
AuthName "gods"
AuthDigestDomain /home/tup/www/rtorrent1/ http://<servername or IP>/rtorrent1
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/home/tup/www/rtorrent1"
</Location>
<Location /rtorrent2>
AuthType Digest
AuthName "gods"
AuthDigestDomain /home/tup/www/rtorrent2/ http://<servername or IP>/rtorrent2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/home/tup/www/rtorrent2"
</Location>
<Location /web_panel>
AuthType Digest
AuthName "gods"
AuthDigestDomain /home/tup/www/web_panel/ http://<servername or IP>/web_panel
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/home/tup/www/web_panel"
</Location>
<Location /browser_plugin>
AuthType Digest
AuthName "gods"
AuthDigestDomain /home/tup/www/browser_plugin/ http://<servername or IP>/browser_plugin
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/home/tup/www/browser_plugin"
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
DocumentRoot /home/tup/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/tup/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
Possible values include: debug, info, notice, warn, error, crit,
alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<Location /rtorrent1>
AuthType Digest
AuthName "gods"
AuthDigestDomain /home/tup/www/rtorrent1/ http://<servername or IP>/rtorrent1
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/home/tup/www/rtorrent1"
</Location>
<Location /rtorrent2>
AuthType Digest
AuthName "gods"
AuthDigestDomain /home/tup/www/rtorrent2/ http://<servername or IP>/rtorrent2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/home/tup/www/rtorrent2"
</Location>
<Location /web_panel>
AuthType Digest
AuthName "gods"
AuthDigestDomain /home/tup/www/web_panel/ http://<servername or IP>/web_panel
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/home/tup/www/web_panel"
</Location>
<Location /browser_plugin>
AuthType Digest
AuthName "gods"
AuthDigestDomain /home/tup/www/browser_plugin/ http://<servername or IP>/browser_plugin
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/home/tup/www/browser_plugin"
</Location>
</VirtualHost>
- sudo a2ensite default-ssl
- sudo service apache2 reload
Check that everything is working by opening a browser and going to:
http://<servername or IP>/rtorrent1
http://<servername or IP>/rtorrent2
http://<servername or IP>/web_panel
#Webmin
- sudo nano /etc/apt/sources.list
deb http://download.webmin.com/download/repository sarge contrib
- wget http://www.webmin.com/jcameron-key.asc
- sudo apt-key add jcameron-key.asc
- sudo apt-get update
- sudo apt-get install webmin
https://<servername or IP>:10000
#SFTP
Connect via your FTP client. Set it to use SFTP and connect through your SSH, just like you would with Putty.
#Linux Firewall
Now it is time to set up the linux firewall to close all the ports other than the ones we need. This is where the GUI will come in handy for those who do not
understand IPTables.
- sudo apt-get update && sudo apt-get upgrade
- sudo apt-get clean && sudo apt-get auto-clean
Connect with your NX client on your windows machine.
- System > Administration > Firestarter
- When you launch firestarter for the first time, it will take you through a setup wizard.
-Click forward, and you will be able to select the network device. This device you must choose correctly. There may be a list of them. On almost all setups you will
chose eth0.
-Select eth0
-Do not check the other boxes.
-Click Forward, and then click Forward again.
-Uncheck to start the Firewall now. You must uncheck this or it will lock out all ports when you click Save.
-Click the Policy tab
-Make sure that Editing is set to Inboud Traffic Policy
-Right click under Allow Service, and you will do this individually for all your ports you need open.
Port = 32002, 80, 443, 10000, 57001
Anyone should be set for 57001
All others are to be set to your IP, unless you have a Dynamic IP address in which case you should set all of these ports to Anyone.
#Fail2Ban
- su root
- apt-get update && apt-get upgrade
- apt-get clean && apt-get autoclean
- nano /etc/fail2ban/jail.conf
ignoreip = 127.0.0.1 Your_Home_IP
EX : ignoreip = 127.0.0.1 24.127.*.* 192.168.1.*
You can use as many IP's as you want. Just use a space in between each IP address. If you have a Dynamic IP, it would be a good idea to accept the whole range like i gave in the example above.
[ssh]
enabled = true
port = ssh
maxretry = 3
[Apache]
All Apache modules should be changed to yes.
Scroll to the bottom of jail.conf and add these lines to monitor Webmin
[webmin-auth]
enabled = true
port = 10000
filter = webmin-auth
logpath = /var/log/auth.log
maxretry = 3
- service fail2ban restart
To delete 1 rules:
- iptables -F fail2ban-ssh
To delete just 1 IP rule:
- iptables -D fail2ban-ssh host-name/ip DROP
#Update/Upgrade and Reboot
- apt-get update && apt-get upgrade
- apt-get clean && apt-get autoclean
- reboot
...and you're done
Replies (2)
Comment
RE: Server setup for n00bs - Added by Janhouse 18 days ago
Nice, this looks quite good. :)
I didn't like the server setup part about visudo and the NOPASSWD. (!)
Comment
RE: Server setup for n00bs - Added by voidale 18 days ago
Installing the script seems to be easy the hard part is to setup download/upload scripts no good guides for it :( but nice work nonetheless
(1-2/2)
|