Sunday 11 July 2010

My Simple Ubuntu Home Server


I wanted to set up a simple home server properly for a long time. Just something that would serve up my media files and give me somewhere to permanently set up some samba shares where any computer can access and store data. I also wanted to continue to be able to backup my (this) website at home. This I was doing using a simple NAS drive connected to my router. I could just FTP into it from the web server and mirror the server as a backup.

The things that bothered me about the current backup strategy was a) FTP is not very secure and b) I had only one NAS drive and no permanent automatic way of duplicating that drive in case it failed. I had a spare USB enclosure and HDD which I will use as the backup of the backup.

I had recently acquired an old Dell Latitude C640 which would do the job just nicely. I planned to do the following to start:




Installing the Operating System



I only had an 8.04 Hardy Server Edition CD to hand so I installed that. The laptop does not boot off USB as I would otherwise just have downloaded and created a bootable 10.04 USB drive. I also did not have a CD burner to hand.

I won't go through all the installation procedure as that's all pretty self explanatory. Once I had the base system installed I needed to get from 8.04 to 10.04 to get the latest version.

First I did:

sudo apt-get update
sudo apt-get upgrade

to get everything up to date. I then had to edit the update-manager config:


sudo vi /etc/update-manager/release-upgrades

Then find the line containing prompt=lts and change it to prompt=normal. Save and close, then run:


sudo do-release-upgrade

This updated to the next version, in my case 8.10. Obviously a reasonably good broadband connection will be required to download the c.300-500 MB upgrades between each distro. I repeated this until I got to the latest version, 10.04, Lucid Lynx. This may seem tedious but is the correct and neatest way to do it.

Once I got to 10.04, I ran sudo apt-get clean to remove old release installations files.

Back to top

Setting up SSH



I wanted to set up SSH to be secure, using public keys.

I wanted to remove password authentication to the server and only allow non-root, key access.

I editted /etc/ssh/sshd_config and checked the following lines:


PermitRootLogin no
PasswordAuthentication no
UsePAM no

I then created a key pair using ssh-keygen -t rsa. This creates a pair of keys, one public and one private in /home/user/.ssh. Ensure that directory is there before starting.

To use keys to log in via ssh, the server needs a copy of your public key in its /home/user/.ssh/authorized_keys2 so before you lock yourself out by disabling password authentication, scp the public key to the server, then append the contents of the key to ~/.ssh/authorized_keys2 by, for example, cat id_rsa.pub >> ~/.ssh/authorized_keys2. Be careful, using '>>' and not '>'; '>>' will append to the file, whereas '>' will replace everything in the file, i.e. loosing any other keys already in there.

Once the public key is put into authorized_keys2, restart the ssh service: sudo /etc/init.d/sshd restart. Then try and log into the server again, this time it should prompt you for your key 'passphrase'. If you still have password authentication enabled and you forget or get the passphrase wrong, it will prompt you for your regular password.

More information on setting up ssh keys can be found here.

Whilst on ssh, I also set up keys to access the server from my webserver. The same process again for regular ssh access. But I also wanted to setup a second key, which would just be used for backing up my webserver using rsync over ssh. The second key would have no passphrase, so could be run as part of a cron job to back up my webserver without the need to enter a passphase.

This sounds a bit insecure but I added a bit of security to this setup by adding a rule in the authorized_keys2 file on my home server.

Looking at the contents of authorized_keys2, you will see entries for the public keys on seperate lines. Something like this:


ssh-rsa AKSIDEJE...[long string of random characters]...==user@domain

I added a rule in front of the key that is to be used by the backup script:


from="ip.addy.of.webserver" ssh-rsa AKSIDEJE...[long string of random characters]...==user@domain

This means that this key will only be allowed access if the request is coming from the specified IP address. So the only way to get that is to log onto my web server, which will require a key and passphrase to access as well first. So hopefully secure enough.

Back to top

Setting Up External USB Hard Drives



The laptop's internal HDD is pretty small at 20 GB by today's standards and I know I have at least c.140 GB of data to store, so my only option was to use external HDDs. Well of course I could have replaced the internal HDD with a bigger one and just had one external USB HDD but that would mean buying a new drive and I already had a couple of spare 250 GB 5.25" HDDs, which would do the job for now.

The NAS could become a simple USB enclosure and I just needed to buy an empty USB HDD enclosure for the second one.

My problem with this route of external USB HDDs was that they really would need USB 2.0 ports to connect to on the laptop if it was to be of any use. The laptop only had one USB 1.1 port. So I bought a PCMCIA USB 2.0 adaptor, which would provide me with USB 2.0 ports.

Someone worth noting here; the first PCMCIA adaptor I bought was some unknown, cheap, made in China copy and this simply did not work. It would allow me to mount the USB HDDs and browse them but as soon as I started trying to transfer data through to the drives, the computer would crash. Every time I tried to rsync data (or FTP) from anywhere (remote or from internal HDD) through the USB adaptor, it would make the computer just lock up, with a hard reset the only option.

For a while I thought it just wasn't going to work via a PCMCIA adaptor, but I thought I would just try another adaptor in case I had a dodgy one. So I bought a more well known branded one, a D-Link one, and thankfully, this worked. So my lesson was that the cheapest option sometimes just doesn't work.

Before setting up the permanent mount of the two drives, the old NAS drive had to be reformatted to ext3. It was currently FAT (or NTS can't remember now) and I didn't want that. It also had all my data on it, so I manually mounted both temporarily and used rsync to copy all the data from the old NAS drive to the other, which was already ext3.

I then formatted the old NAS drive using fdisk:


sudo fdisk /dev/sdb #logical name of freecom drive
d #to delete partiton
n #new partition
p #primary partition
1 # partition number
1 #when asked about cylinder start 'from 1 to max'
enter to accept default maximum cylinder
w #write changes
exit

I then used mkfs to format the new partition to ext3:


sudo mkfs -t ext3 /dev/sdb1

I then used rsync to copy all the data back to this drive as this was now the primary 'media drive'. I now had two copies of my data on two drives.

Back to top

Mounting External USB HDDs Permanently



To mount the drives automatically every time the server boots, you just need to put some simple entries into /etc/fsab. The best way to refer to the drives is by their UUIDs so there is no confusion with another other drive that may arrive on your system bearing the same label.

To find out the UUIDs of the two drives, mount them somewhere temporarily and then:


ls -l /dev/disk/by-uuid/

This should produce an output similar to this:


lrwxrwxrwx 1 root root 10 2010-06-08 19:28 2cfda077-e676-4832-80b2-aad33963136b -> ../../sda1
lrwxrwxrwx 1 root root 10 2010-06-08 19:26 5b3df31b-5e75-47d7-886d-dc35722189b2 -> ../../sda5
lrwxrwxrwx 1 root root 10 2010-06-08 19:26 8a7d8e21-4def-4b00-8595-e1baae916b54 -> ../../sdb1
lrwxrwxrwx 1 root root 10 2010-06-08 19:26 a85c00fc-abc3-405f-bd84-6447b8b094ce -> ../../sdc1

sda* is the internal HDD, sdb* and sdc* are the two USB HDDs. You can double check with sudo fdisk -l to help be sure which drive is which.

Set up mount points. I created a directory in home called 'media' where I would mount the media drive and another directory in /mnt called 'backup250gb' for the backup drive. Then edit /etc/fstab and add the following lines:


UUID=8a7d8e21-4def-4b00-8595-e1baae916b54       /home/jonr/media  ext3    defaults   0   0
UUID=a85c00fc-abc3-405f-bd84-6447b8b094ce       /mnt/backup250gb  ext3    defaults   0   0

This now mounted the drives where specified every time on boot.

Back to top

Automatic Web Server Backup



In a previous blog post, I explained how I was using lftp to do a mirror of my web server to a NAS drive at home as I could only access the NAS drive via ftp.

Of course, now I have a small server running I can use better (more secure) methods. I wanted to set up rsync as the means to perform the backup.

After a few trial runs, using the --dry-run option of rsync to ensure everything was working, I editted my backup script like so:


#!/bin/bash
#Backup script for server

#set variable of date for labelling
date=`date +%F`

cd /home/jonr/backupdata/

#remove oldest mysql backup
rm `ls -t *mysql* | tail -n 1`

#Dump mysql databases
mysqldump --all-databases > /home/jonr/backupdata/${date}_mysql_backup

rsync -ave 'ssh -i /home/jonr/.ssh/backupkey' --delete --exclude g2data/tmp /home/jonr/ addy.home.server:/home/jonr/media/.jcrdev/home-backup
rsync -ave 'ssh -i /home/jonr/.ssh/backupkey' --delete /var/www/ addy.home.server:/home/jonr/media/.jcrdev/varwww-backup

The '-i' option for ssh specifies which key to use.

The rsync options:

-a for archive mode
-v for verbose output
-e to specify ssh command

So this is rsync'ing the parts of my web server I want to backup directly to the mounted media drive on my home server. I run this as a cron job once a week.

Back to top

Backing up the Media Drive



To add redundancy to the system, in case the media drive ever fails, the backup drive is there to simply be a mirror of the media drive, so once a week I run another simple script on the server using rsync:


#!/bin/bash
#Back up whole media external USB HDD to secondary external USB HDD

rsync -av /home/jonr/media/ /mnt/backup250gb

Simple.

Back to top

Setting up Samba



I simply edited /etc/samba/smb.conf and added:

    interfaces = 127.0.0.1, 192.168.0.2
    bind interfaces only = yes
    hosts allow = 127.0.0.1, 192.168.0.6 #plus any other IP addresses I want to allow access
    hosts deny = 0.0.0.0/0
    security = user

    [Music]
        comment = Music Share
        path = /home/jonr/media/music
        read only = no
        browseable = yes

This set-up allowed only my laptop on 192.168.0.6 to connect, any other will be denied.  security = user means only users with an account on the server can access it.

Browsing to 'network' in Nautilus showed me my server, and when accessing it, prompted my for username, then i could see the share.

The other way I could access this share is by mounting it using a command similar to this:


 //192.168.0.2/music /home/jonr/Music    cifs    credentials=/root/.smbcredentials,iocharset=utf8,f    ile_mode=0777,dir_mode=0777   0   0

Where credentials=/root/.smbcredentials is a file containing username and password for the share. This mounts the music share into my Music folder in my home directory.

I set up a few other directories on the server to be mountable via smb by just replicating the section in smb.conf with different directory settings.

Back to top

Setting up MPD


What I wanted was to be able to remote control the server to play music, that would be output from the physical server, which I would then plug into a home stereo system, thereby having my music collection available to play through the home sound system, rather than through computer speakers. I wanted it to be a web based thing, so that any computer could just open a web browser and play music.

This was much simpler than I expected.


sudo apt-get install mpd
Then edit /etc/mpd.conf and just adjusted the following lines to suit my needs:


music_directory     "/home/jonr/media/music"
playlist_directory      "/home/jonr/media/music/playlists"
bind_to_address     "192.168.0.2"

I had to chmod 777 the playlist directory so that the music player of my choice could write playlists to it.

Browser MPD Player


There are many different clients available to control an MPD daemon, but I specifically wanted a web based one, so after a bit of looking around, found many alternatives, so settled for trying phpmpreloaded.

Installation was as simple as unpacking the downloaded tar into the directory of your choice, probably /var/www/ so you can just access it from ip.address.of.server/9099 as default. This presents you with a choise of players that come with the installation. I prefer the first one.

It is very basic, but this is good as it works well from my phone too. But I can very simply browse by file or tag and search easily and then build and save playlists.

Volume



When it came to testing the player out, I struggled for a while to get any sound. After a lot of fiddling with wires in different configurations, I eventually discovered that the headphones socket (yes headphones out only unfortunately) wasn't putting any sound out when connected to headphones.

After a bit of digging around I eventually installed a simple little command line program called 'aumix'. This simply allowed me to turn on the (currently off) volume and we had MUSIC!

Very pleasing that I can now just flip to a certain input on the home cinema, and just browse with any device to the web address and control the music!

Back to top

Setting up Rhythmbox Library



One more thing to do with music I needed to get setup was getting Rhythmbox on my netbook to use the music samba share as its library source. The main reason for this was so that I could use Rhythmbox to sync music from the collection to my wife's iPhone.

I found that mounting the music samba share by using Nautilus or the Places menu 'connect to server' would not allow Rhythmbox to use the share as its library but using the mounting code described in the samba section above, it worked. So I could just mount the music share whenever I wanted with a simple script containing that mounting command or put it into my netbook's fstab to do it automatically every time.

Ubuntu 10.10  claims iPhone support and I can confirm, yes it does! I just plugged the phone into a USB port and it opened up a Nautilus window so you can browse the disk as with any USB storage device. Opening Rhythmbox and I can see the iPhone under the Devices list on the left.

Syncing music is as simple as finding the music in the library and drag-n-dropping it onto the iPhone device. Progress is shown in the status bar at the bottom. Simple!

Back to top

No comments:

Post a Comment