Peppies-Site Forums

Fun Games and General Chat.

:dj: when radio is on air you can tune in by clicking on the Peppies-Jukebox link on the top of the page (members only) and by leaving it open you can browse the site content and join in with stuff all at the same time or if you join us you can join us in the irc channel to see whats being played, make requests and join in with us there too. :dj: ADVERTS DISAPPEAR ON JOINING OUR SITE ITS FREE TO SIGN UP AND REGISTER SO DO YOURSELF A FAVOUR AND JOIN US RIGHT NOW!! HELP US TO BUILD A NICE LITTLE COMMUNITY WHERE FUN NEVER STOPS............

    Ubuntu Seedbox with rtorrent and rutorrent

    Share
    avatar
    Peppies™
    Site Owner
    Site Owner

    Posts : 442
    Join date : 2010-06-23
    Age : 55
    Location : Newcastle Upon Tyne

    Ubuntu Seedbox with rtorrent and rutorrent

    Post  Peppies™ on 11th February 2011, 16:19

    Introduction

    This guide will walk you through a full install of a secure seedbox environment, running rtorrent with the rutorrent web front end and the pureftpd FTP server.
    The guide also includes optional steps to configure for multiple users, each with their own web login and running instance of rtorrent.

    Pre-requisites: An Ubuntu 9.10 or later server (should also work on some earlier versions, and on other Debian based distros, but this is untested) with root SSH access.

    Initial login

    Login to your server as root via SSH

    Create a new user that we�ll install everything with

    For security purposes, we�re going to add a new user and disable SSH access for the root user

    Quote:
    adduser <username>



    Replace <username> with a username of your choosing.
    Fill in all the details when prompted (e.g. password)

    Add your new user to the sudoers file. This allows this user to use elevated privileges when needed to do things that normally only the root user could do.

    Quote:
    visudo



    In recent versions of Ubuntu this opens the sudoers file for editing in a lightweight editor called nano.

    Scroll down and find this line:

    Quote:
    root ALL=(ALL) ALL



    On the next line add:
    Quote:
    <username> ALL=(ALL) ALL



    Replace <username> with the username we created earlier.

    Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

    Lock down SSH
    (Optional but advisable)

    Now we will change some SSH settings.
    We're going to use a different port, and prevent root access via SSH


    Quote:
    nano /etc/ssh/sshd_config





    Change the following lines as below.
    Use a high port of your choosing. I recommend a port over 20000


    Quote:
    Port 21976
    Protocol 2
    PermitRootLogin no
    X11Forwarding no





    Then add these lines at the end of the file:


    Quote:
    UseDNS no
    AllowUsers <username>





    (As usual, replace <username> with the name of the user you created)

    Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

    Now restart the SSH daemon


    Quote:
    /etc/init.d/ssh reload





    Log out of SSH and log back in as the new user you created earlier


    Quote:
    exit
    ssh -p 21976 <username>@<server IP>





    (Note the -p argument which specifies the new SSH port that you configured in the last step)

    Type the password as requested

    Update packages

    Ok, now we're going to make sure our Ubuntu installation is up to date.


    Quote:
    sudo apt-get update





    This will update the package database with all the latest packages available. Using the sudo command will temporarily elevate your privileges to be able to execute these commands that normally only a super user could execute.


    Quote:
    sudo apt-get upgrade





    This will upgrade any packages that are out of date on your install.

    Install necessary basic packages

    Ok, now lets install some important packages that we're going to need throughout this guide:


    Quote:
    sudo apt-get install apache2 apache2.2-common apache2-utils autoconf automake autotools-dev binutils build-essential bzip2 ca-certificates comerr-dev cpp cpp-4.1 dpkg-dev file g++ g++-4.1 gawk gcc gcc-4.1 libapache2-mod-php5 libapache2-mod-scgi libapr1 libaprutil1 libc6-dev libcppunit-dev libcurl3 libcurl4-openssl-dev libexpat1 libidn11 libidn11-dev libkdb5-4 libgssrpc4 libkrb5-dev libmagic1 libncurses5 libncurses5-dev libneon26 libpcre3 libpq5 libsigc++-2.0-dev libsqlite0 libsqlite3-0 libssl-dev libssp0-dev libstdc++6-4.1-dev libsvn1 libtool libxml2 linux-libc-dev lynx m4 make mime-support ntp ntpdate openssl patch perl perl-modules php5 php5-cgi php5-cli php5-common php5-curl php5-dev php5-geoip php5-sqlite php5-xmlrpc pkg-config python-scgi screen sqlite ssl-cert subversion ucf unrar zlib1g-dev pkg-config unzip htop screen irssi libwww-perl curl



    Configure Apache

    Basic configuration

    We need to configure the Apache web server with some modules that we�ll need:


    Quote:
    a2enmod ssl
    a2enmod auth_digest
    a2enmod scgi





    We want to edit our apache conf file for scgi support which is used to communicate with the rutorrent web front end.


    Quote:
    sudo nano /etc/apache2/apache2.conf





    Add this line at the end:


    Quote:
    SCGIMount /RPC2 127.0.0.1:5000
    servername localhost





    Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

    Reboot the server


    Quote:
    sudo reboot





    After a few minutes, log back in via SSH using the new port and user you created

    Lets just check apache is up and running

    Open a browser and go to


    Quote:
    [You must be registered and logged in to see this link.] or IP>





    You should see this message:


    Quote:
    It works!
    This is the default web page for this server.
    The web server software is running but no content has been added, yet.


    Configure Apache for HTTPS and password protection

    We are going to create an SSL certificate so that we can access the server via https


    Quote:
    openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
    chmod 600 /etc/apache2/apache.pem





    This will create a self-signed certificate for your server that lasts for 1 year. You'll be prompted for a lot of of information. Whenever you're asked for a name, use your domain name if you have one. The rest you can leave blank or fill in with whatever you like.

    Now lets add password protection


    Quote:
    sudo htdigest -c /etc/apache2/passwords gods <webusername>





    Where <webusername> is the username you'll use to connect to the rutorrent web UI.
    It can be the same as the system username you�ve created previously if you like.
    After running this command, you'll be prompted for a password. This will be the password you enter to log into the rutorrent web UI.


    Quote:
    sudo nano /etc/apache2/sites-available/default





    Now copy the following and paste to replace the contents of the file we're editing.
    Then replace all instances of <servername or IP> with your real servername or IP


    Quote:
    <VirtualHost *:80>
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/
    <Directory />
    Options FollowSymLinks
    AllowOverride None
    </Directory>
    <Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

    <Location /rutorrent>
    AuthType Digest
    AuthName "gods"
    AuthDigestDomain /var/www/rutorrent/ [You must be registered and logged in to see this link.] or IP>/rutorrent

    AuthDigestProvider file
    AuthUserFile /etc/apache2/passwords
    Require valid-user
    SetEnv R_ENV "/var/www/rutorrent"
    </Location>

    </VirtualHost>

    <VirtualHost *:443>
    ServerAdmin webmaster@localhost

    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    DocumentRoot /var/www/
    <Directory />
    Options FollowSymLinks
    AllowOverride None
    </Directory>
    <Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
    <Location /rutorrent>
    AuthType Digest
    AuthName "gods"
    AuthDigestDomain /var/www/rutorrent/ [You must be registered and logged in to see this link.] or IP>/rutorrent

    AuthDigestProvider file
    AuthUserFile /etc/apache2/passwords
    Require valid-user
    SetEnv R_ENV "/var/www/rutorrent"
    </Location>
    </VirtualHost>





    Now lets configure apache for HTTPS


    Quote:
    sudo a2ensite default-ssl





    And now lets reload Apache


    Quote:
    sudo /etc/init.d/apache2 reload





    Check that everything is working by opening a browser and going to:


    Quote:
    [You must be registered and logged in to see this link.] or IP>





    You should see this message:


    Quote:
    It works!
    This is the default web page for this server.
    The web server software is running but no content has been added, yet.



    Code
    Webmin

    (optional section)

    I like to use Webmin for web based administration of my servers. It offers a very convenient way to remotely administer your server from anywhere with a net connection and a web browser.

    First lets add the webmin repository to our sources.list file so that we can use apt to install is easily


    Quote:
    sudo nano /etc/apt/sources.list





    Add this line to the end of the file:


    Quote:
    deb [You must be registered and logged in to see this link.] sarge contrib





    Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

    Lets now fetch and install the PGP key for this new repository so we're not warned about it


    Quote:
    wget [You must be registered and logged in to see this link.]
    sudo apt-key add jcameron-key.asc





    Now we can install webmin


    Quote:
    sudo apt-get update
    sudo apt-get install webmin





    Test webmin is working by opening a browser and going to:

    Quote:
    [You must be registered and logged in to see this link.] or IP>:10000





    Login with the system user you created earlier

    We will return to use Webmin later for an easy way to configure the Linux IPTables firewall

    rtorrent

    Ok, now lets install rtorrent

    Building rtorrent from source

    You can install rtorrent using apt, but the package there isn�t compiled with xmlrpc-c, which we need to use with rutorrent.
    So we're going to compile our own version of rtorrent using xmlrpc-c


    Quote:
    cd ~/
    mkdir source
    cd source
    svn co [You must be registered and logged in to see this link.] xmlrpc-c
    wget [You must be registered and logged in to see this link.]
    wget [You must be registered and logged in to see this link.]
    tar -xvzf libtorrent-0.12.6.tar.gz
    tar -xvzf rtorrent-0.8.6.tar.gz
    rm *.tar.gz





    Now we�ll configure and make xmlrpc-c


    Quote:
    cd xmlrpc-c
    ./configure --disable-cplusplus
    make
    sudo make install





    Now time to do the same for libtorrent and rtorrent


    Quote:
    cd ../libtorrent-0.12.6
    ./autogen.sh
    ./configure
    make
    sudo make install

    cd ../rtorrent-0.8.6
    ./autogen.sh
    ./configure --with-xmlrpc-c
    make
    sudo make install

    sudo ldconfig





    Configuring rtorrent

    Ok, now we've got rtorrent installed, but we have to configure it.

    rtorrent needs a config file to initialize it. Heres mine...you'll need to edit it for your own environment, and make sure that the paths all exist and are writable by the user you will run rtorrent with.


    Quote:
    # This is an example resource file for rTorrent. Copy to
    # ~/.rtorrent.rc and enable/modify the options as needed. Remember to
    # uncomment the options you wish to enable.
    #
    # Based on original .rtorrent.rc file from [You must be registered and logged in to see this link.]
    # Modified by Lemonberry for rtGui [You must be registered and logged in to see this link.]
    #
    # This assumes the following directory structure:
    #
    # /Torrents/Downloading - temporaray location for torrents while downloading (see "directory")
    # /Torrents/Complete - Torrents are moved here when complete (see "on_finished")
    # /Torrents/TorrentFiles/Auto - The 'autoload' directory for rtorrent to use. Place a file
    # in here, and rtorrent loads it #automatically. (see "schedule = watch_directory")
    # /Torrents/Downloading/rtorrent.session - for storing rtorrent session information
    #

    # Maximum and minimum number of peers to connect to per torrent.
    #min_peers = 40
    max_peers = 100

    # Same as above but for seeding completed torrents (-1 = same as downloading)
    min_peers_seed = -1
    max_peers_seed = -1

    # Maximum number of simultanious uploads per torrent.
    max_uploads = 50

    # Global upload and download rate in KiB. "0" for unlimited.
    download_rate = 0
    upload_rate = 0

    # Default directory to save the downloaded torrents.
    directory = /home/downloads/<username>

    # Default session directory. Make sure you don't run multiple instance
    # of rtorrent using the same session directory. Perhaps using a
    # relative path?
    session = /home/downloads/<username>/.session

    # Watch a directory for new torrents, and stop those that have been
    # deleted.
    schedule = watch_directory,5,5,load_start=/home/downloads/<username>/watch/*.torrent
    schedule = untied_directory,5,5,stop_untied=

    # Close torrents when diskspace is low. */
    schedule = low_diskspace,5,60,close_low_diskspace=100M

    # Stop torrents when reaching upload ratio in percent,
    # when also reaching total upload in bytes, or when
    # reaching final upload ratio in percent.
    # example: stop at ratio 2.0 with at least 200 MB uploaded, or else ratio 20.0
    #schedule = ratio,60,60,stop_on_ratio=200,200M,2000


    # When the torrent finishes, it executes "mv -n <base_path> ~/Download/"
    # and then sets the destination directory to "~/Download/". (0.7.7+)
    # on_finished = move_complete,"execute=mv,-u,$d.get_base_path=,/home/downloads/<username>/complete/ ;d.set_directory=/home/downloads/<username>/complete/"

    # The ip address reported to the tracker.
    #ip = 127.0.0.1
    #ip = rakshasa.no

    # The ip address the listening socket and outgoing connections is
    # bound to.
    #bind = 127.0.0.1
    #bind = rakshasa.no

    # Port range to use for listening.
    port_range = 55995-56000

    # Start opening ports at a random position within the port range.
    #port_random = yes

    scgi_port = 127.0.0.1:5000

    # Check hash for finished torrents. Might be usefull until the bug is
    # fixed that causes lack of diskspace not to be properly reported.
    #check_hash = no

    # Set whetever the client should try to connect to UDP trackers.
    #use_udp_trackers = no

    # Alternative calls to bind and ip that should handle dynamic ip's.
    #schedule = ip_tick,0,1800,ip=rakshasa
    #schedule = bind_tick,0,1800,bind=rakshasa

    # Encryption options, set to none (default) or any combination of the following:
    # allow_incoming, try_outgoing, require, require_RC4, enable_retry, prefer_plaintext
    #
    # The example value allows incoming encrypted connections, starts unencrypted
    # outgoing connections but retries with encryption if they fail, preferring
    # plaintext to RC4 encryption after the encrypted handshake
    #
    encryption = allow_incoming,enable_retry,prefer_plaintext

    # Enable DHT support for trackerless torrents or when all trackers are down.
    # May be set to "disable" (completely disable DHT), "off" (do not start DHT),
    # "auto" (start and stop DHT as needed), or "on" (start DHT immediately).
    # The default is "off". For DHT to work, a session directory must be defined.
    #
    dht = disable

    # UDP port to use for DHT.
    #
    # dht_port = 6881

    # Enable peer exchange (for torrents not marked private)
    #
    peer_exchange = no

    #
    # Do not modify the following parameters unless you know what you're doing.
    #

    # Hash read-ahead controls how many MB to request the kernel to read
    # ahead. If the value is too low the disk may not be fully utilized,
    # while if too high the kernel might not be able to keep the read
    # pages in memory thus end up trashing.
    #hash_read_ahead = 10

    # Interval between attempts to check the hash, in milliseconds.
    #hash_interval = 100

    # Number of attempts to check the hash while using the mincore status,
    # before forcing. Overworked systems might need lower values to get a
    # decent hash checking rate.
    #hash_max_tries = 10

    # Max number of files to keep open simultaniously.
    #max_open_files = 128

    # Number of sockets to simultaneously keep open.
    #max_open_sockets = <no default>


    # Example of scheduling commands: Switch between two ip's every 5
    # seconds.
    #schedule = "ip_tick1,5,10,ip=torretta"
    #schedule = "ip_tick2,10,10,ip=lampedusa"

    # Remove a scheduled event.
    #schedule_remove = "ip_tick1"





    The file should be saved in the home directory of the user you will run rtorrent with. I use the same system user we created earlier


    Quote:
    sudo nano ~/.rtorrent.rc





    Paste your config into that file

    Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

    Ensure that the correct directories exist as you specified in the .rtorrent.rc file


    Quote:
    sudo mkdir /home/downloads
    sudo mkdir /home/downloads/<username>
    sudo mkdir /home/downloads/<username>/watch
    sudo mkdir /home/downloads/<username>/.session
    sudo chown -R <username>:<username> <username>





    Now check your config file is ok by trying to start rtorrent


    Quote:
    rtorrent





    If rtorrent starts, you're good. Use CTRL-Q to quit it.
    If rtorrent doesnt start and you get an error, then note the error and fix your config file as necessary.

    rtorrent startup script

    Since we dont want to have to start rtorrent manually every time the server boots, we're going to start it automatically, and we'll run it in a screen session.

    Now we'll create the startup script

    Edit this example as necessary to change the username that you want rtorrent to run as.

    Quote:
    #!/bin/sh
    #############
    ###<Notes>###
    #############
    # This script depends on screen.
    # For the stop function to work, you must set an
    # explicit session directory using ABSOLUTE paths (no, ~ is not absolute) in your rtorrent.rc.
    # If you typically just start rtorrent with just "rtorrent" on the
    # command line, all you need to change is the "user" option.
    # Attach to the screen session as your user with
    # "screen -dr rtorrent". Change "rtorrent" with srnname option.
    # Licensed under the GPLv2 by lostnihilist: lostnihilist _at_ gmail _dot_ com
    ##############
    ###</Notes>###
    ##############

    #######################
    ##Start Configuration##
    #######################
    # You can specify your configuration in a different file
    # (so that it is saved with upgrades, saved in your home directory,
    # or whateve reason you want to)
    # by commenting out/deleting the configuration lines and placing them
    # in a text file (say /home/user/.rtorrent.init.conf) exactly as you would
    # have written them here (you can leave the comments if you desire
    # and then uncommenting the following line correcting the path/filename
    # for the one you used. note the space after the ".".
    # . /etc/rtorrent.init.conf

    #Do not put a space on either side of the equal signs e.g.
    # user = user
    # will not work
    # system user to run as
    user="<username>"

    # the system group to run as, not implemented, see d_start for beginning implementation
    # group=`id -ng "$user"`

    # the full path to the filename where you store your rtorrent configuration
    config="`su -c 'echo $HOME' $user`/.rtorrent.rc"

    # set of options to run with
    options=""

    # default directory for screen, needs to be an absolute path
    base="`su -c 'echo $HOME' $user`"

    # name of screen session
    srnname="rtorrent"

    # file to log to (makes for easier debugging if something goes wrong)
    logfile="/var/log/rtorrentInit.log"
    #######################
    ###END CONFIGURATION###
    #######################
    PATH=/usr/bin:/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin
    DESC="rtorrent"
    NAME=rtorrent
    DAEMON=$NAME
    SCRIPTNAME=/etc/init.d/$NAME

    checkcnfg() {
    exists=0
    for i in `echo "$PATH" | tr ':' '\n'` ; do
    if [ -f $i/$NAME ] ; then
    exists=1
    break
    fi
    done
    if [ $exists -eq 0 ] ; then
    echo "cannot find rtorrent binary in PATH $PATH" | tee -a "$logfile" >&2
    exit 3
    fi
    if ! [ -r "${config}" ] ; then
    echo "cannot find readable config ${config}. check that it is there and permissions are appropriate" | tee -a "$logfile" >&2
    exit 3
    fi
    session=`getsession "$config"`
    if ! [ -d "${session}" ] ; then
    echo "cannot find readable session directory ${session} from config ${config}. check permissions" | tee -a "$logfile" >&2
    exit 3
    fi
    }

    d_start() {
    [ -d "${base}" ] && cd "${base}"
    stty stop undef && stty start undef
    su -c "screen -ls | grep -sq "\.${srnname}[[:space:]]" " ${user} || su -c "screen -dm -S ${srnname} 2>&1 1>/dev/null" ${user} | tee -a "$logfile" >&2
    # this works for the screen command, but starting rtorrent below adopts screen session gid
    # even if it is not the screen session we started (e.g. running under an undesirable gid
    #su -c "screen -ls | grep -sq "\.${srnname}[[:space:]]" " ${user} || su -c "sg \"$group\" -c \"screen -fn -dm -S ${srnname} 2>&1 1>/dev/null\"" ${user} | tee -a "$logfile" >&2
    su -c "screen -S "${srnname}" -X screen rtorrent ${options} 2>&1 1>/dev/null" ${user} | tee -a "$logfile" >&2
    }

    d_stop() {
    session=`getsession "$config"`
    if ! [ -s ${session}/rtorrent.lock ] ; then
    return
    fi
    pid=`cat ${session}/rtorrent.lock | awk -F: '{print($2)}' | sed "s/[^0-9]//g"`
    if ps -A | grep -sq ${pid}.*rtorrent ; then # make sure the pid doesn't belong to another process
    kill -s INT ${pid}
    fi
    }

    getsession() {
    session=`cat "$1" | grep "^[[:space:]]*session[[:space:]]*=" | sed "s/^[[:space:]]*session[[:space:]]*=[[:space:]]*//" `
    echo $session
    }

    checkcnfg

    case "$1" in
    start)
    echo -n "Starting $DESC: $NAME"
    d_start
    echo "."
    ;;
    stop)
    echo -n "Stopping $DESC: $NAME"
    d_stop
    echo "."
    ;;
    restart|force-reload)
    echo -n "Restarting $DESC: $NAME"
    d_stop
    sleep 1
    d_start
    echo "."
    ;;
    *)
    echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
    exit 1
    ;;
    esac

    exit 0





    Paste your edited config into that file


    Quote:
    sudo nano /etc/init.d/rtorrent





    Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

    Now we need to change the user and group ownership of that file and make it executable


    Quote:
    sudo chown root:root /etc/init.d/rtorrent
    sudo chmod a+x /etc/init.d/rtorrent





    Now lets tell ubuntu to run this script at startup

    Quote:
    cd /etc/init.d
    sudo update-rc.d rtorrent defaults





    Test the script:


    Quote:
    sudo /etc/init.d/rtorrent start





    Check that an rtorrent and a screen process are running using htop


    Quote:
    htop





    To exit htop, hit F10

    rutorrent

    Ok, now to install rutorrent

    ruTorrent is really just a set of php and html files, so we're going to install them to a folder under our web server root.
    We�re going to get the latest 3.0 files from the subversion repository.


    Quote:
    cd /var/www
    sudo svn checkout [You must be registered and logged in to see this link.]





    Now we'll download some useful rutorrent plugins


    Quote:
    cd rutorrent/plugins
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]
    sudo svn checkout [You must be registered and logged in to see this link.]





    Now lets change ownership of the rutorrent files to the web server user, and change the permissions on them


    Quote:
    cd /var/www
    sudo chown -R www-data:www-data rutorrent
    sudo chmod -R 777 rutorrent





    OK, now visit your rutorrent site to check its all working:


    Quote:
    [You must be registered and logged in to see this link.] or IP>/rutorrent





    You should be prompted for the username and password we set up earlier for password protection of our web server

    Now you should see the rutorrent web gui, and be able to add torrents.

    FTPS / SFTP

    If you just want to use SFTP (FTP over SSH), you dont need to do anything more here.
    Just connect with an FTP client via SFTP to your server on the SSH port you use.

    If you want to setup FTPS (FTP using SSL encryption) then we'll setup Pure-FTPd.
    I usually use proftpd on my servers but a bug in the current versions (1.3.2 in the Ubuntu karmic package repo, and 1.3.3 current stable) mean that a 550 error is thrown when browsing directories with '[' in their name.

    Pure-FTPd


    Quote:
    sudo apt-get install pure-ftpd





    Now lets create another SSL certificate (you could use the ones you created earlier if you like - I prefer to keep them separate)


    Quote:
    sudo openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
    sudo chmod 600 /etc/ssl/private/pure-ftpd.pem





    This will create a self-signed certificate for your server that lasts for 1 year. You'll be prompted for a lot of of information. Whenever you're asked for a name, use your domain name if you have one. The rest you can leave blank or fill in with whatever you like.

    Now lets edit the Pure-ftpd config.
    Pure-ftpd doesn't use a config file like other FTP daemons. Instead it starts with a set of command like switches.
    However, the init.d startup script that is installed when you installed the pureftpd package can parse a directory of single line 'config files' in order to dynamically build the correct set of command line switches.
    So all we need to do is create these single line files in the right place:

    Temporarily act as root user


    Quote:
    sudo su





    Enter the root password when asked


    Quote:
    cd /etc/pure-ftpd/conf/
    echo ,22005 > Bind
    echo 12.34.56.78 > ForcePassiveIP
    echo 27200 27210 > PassivePortRange
    echo 1 > TLS





    The first 'echo' line above creates a file that tells Pure-ftpd to use a particular port, so change the number to the port you wish to use.
    The second 'echo' line creates a file that tells Pure-ftpd to use the given static IP address for Passive mode. You need to set this to the IP of your server.
    The third 'echo' line determines what port range to use for Passive mode.

    If you want additional security, also do the following:


    Quote:
    echo yes > ProhibitDotFilesRead
    echo yes > ProhibitDotFilesWrite
    echo yes > NoChmod
    echo yes > BrokenClientsCompatibility





    The first two 'echo' lines create files that stop users reading and writing system files that have a leading '.' in their filename (for example the '.rtorrent.rc' config file.
    The third 'echo' line creates a file that stops users changing the permissions on files and folders.
    The final 'echo' line creates a file that prevents clients that dont strictly adhere to the FTP/FTPS protocol from connecting.

    Now lets configure how users will authenticate


    Quote:
    echo no > PAMAuthentication
    echo yes > UnixAuthentication





    Here we are configuring to use system usernames.

    Now just restart the FTP service


    Quote:
    /etc/init.d/pure-ftpd restart





    Test everything is ok by connecting to the FTP service with an FTP client set to use the FTPS protocol, on the port you chose.

    Linux Firewall

    Right, we�re almost done, but first its time to set up the linux firewall to close all the ports other than the ones we need.

    Its easiest to use Webmin for this task

    Open a browser window and go to:


    Quote:
    [You must be registered and logged in to see this link.] or IP>:10000





    You'll need to login with the system username we created earlier

    On the left hand navigation menu, go to Networking->Linux Firewall

    Set up the firewall as you need..Remember that we need to open the following ports that we've configured in this guide:
    Quote:
    SSH: 21976
    FTPS: 22005
    Passive Ports for FTP: 27200 to 27210
    SSL: 443
    Webmin: 10000
    rtorrent: 55995 to 56000 for <username>



    And we can lock the rest down.

    You're encouraged to change the ports used as examples in this guide - just make sure you write them down, and double check them before implementing any firewall rules.
    You should also check with your host in case that they use any automatic network monitoring tools.
    If they do, you may need to leave some ports open to respond to pings and so on, otherwise their tools might think your server is down and try rebooting it or putting it into recovery mode. Best just to check with them.

    and return to the normal user


    Quote:
    exit



    _________________
    [You must be registered and logged in to see this image.]

    Peppies ™ [You must be registered and logged in to see this image.] [You must be registered and logged in to see this image.]

      Current date/time is 21st July 2017, 21:30