Introduction
So here is my first shot at a tutorial. As I posted yesterday, I ordered a dedibox from Online.net and set up a seedbox on it. You can read my review on the setup process and my first thoughts after having ran it the first day HERE
I tried a couple scripts, namely flizbox and lefteris' scripts. I'm not saying that there is anything wrong with those scripts, but with my server they just were not working. Everything would install fine, but then I'd have to go through all sorts of code to find out why things were breaking down when I tried to make things work. I figured rather than spending too much time on it I'd just do the installs myself and gain the experience myself. Another upside with installing things yourself, is you have a hands on view of each step in the processes, making it FAR easier to troubleshoot or modify things later because you know where everything is, and how everything is configured. Plus it helps you to learn and understand more about how everything in your server is working and operating. This also makes sure that you know and input every command along the way so you know what's happening. I rarely use someone else's scripts because, especially with the long ones, it's far too easy for someone to slip something in there with everything and you never notice.
That said, here is what I did to get my server up and running. This guide assumes that you have at least a sudo user with root access via SSH. And while prior knowledge of Apache, general web server operation, setting up SSL, SFTP, and various seedbox programs are a plus, it is not required. Honestly, I have the rest of the server stuff on lock myself, but the seedbox part is completely new to me.
My System
I'm running a Dedicated Server on Online.net with Ubuntu Server 12.04 installed.
Via Nano U2250 1.3+GHz processor
2Gb RAM
500Gb Storage
1Gb/s network connection with guarantee for 150Mb/s
1 IPv4 Static IP Address
Process Overview
- Install XMLrpc, LibTorrent, rTorrent, ruTorrent, ruTorrent Plugins, and proFTPD
- Configure the installations for use on a secure connection
- Secure our connection through use of SFTP for transfer of materials, and SSL for default browsing and use
- Secure our browsing directories with basic pw authentication (this is safe enough because we are using HTTPS)
- Set a default theme for ruTorrent and securely connect to it
My Process
Note 1: Like I said, this was done on an Online.net Dedicated Server with Ubuntu Server 12.04 installed. If you are using a different provider and distribution or linux I cannot vouch for any of this working.
Note 2: Anytime you come across something like this: <<GENERIC>> this means that you much put in whatever variable that is specific to your system in that instance, this will mostly apply to UserName and IP. PAY ATTENTION TO THOSE DOUBLE KARATS!!!!!!
If you are using Online.net and do not read french, I recommend you change your locale.
Once opened you will see a LANG definition, change this to "en_US.UTF-8" or lookup whatever country you want to use on Ubuntu's website. Since this is still in French, you will hit "O" for yes and save your changes. Reboot the machine:
We are now going to start our installation. Run the following two commands to make sure your system is up-to-date.
Now it's time to install all our libraries and dependencies that we will need. For both the seedbox software, and webserver.
Let's enable SCGI MOD in Apache, while we are at it we can create our directory tree.
Now we are on to getting the install going for the seedbox itself. When you get to the "make" commands, be aware that those can take anywhere from 30 seconds to 4-5 minutes to complete.
Install XMLrpc
Install LibTorrent
Install rTorrent
Now that we have rTorrent installed, we need to add a configuration for your user in rTorrent
This is a config I found elsewhere on the forums here, mixed with some other stuff I found on other sources. I've only been running this for a bit over a day, but it seems stable. If I make any major changes I'll come back and update it here:
Take note of that line with DHT, this is where you disable it to adhere to those sites that require you disable it. Change the appropriate ports and username lines. Something important to know about ruTorrent is that every time you start a new session, it imports these settings as the default values for the settings within ruTorrent. ANY CHANGES MADE IN THE RUTORRENT SETTINGS DIALOG WILL BE LOST with the new session. This includes your default theme, I'll show you how to change that later.
Now that we have the backend of the seedbox set up, we are going to install our front end. Let's install ruTorrent
And there we go, now let's establish our permissions and start up rtorrent in a screen instance (so when you close putty it doesn't stop rtorrent)
Now that we got all that done, it's time to secure our connections to the server. We are going to start with setting up SFTP and making sure that it doesn't allow connection for SFTP over the SSH port.
First let's generate the keys
Here you may leave file blank, even the password if you wish. But I always toss one in, make sure you keep this passphrase though, YOU WILL NEED IT FOR CONNECTING VIA SFTP!
Now let's install and configure proFTPD
In the configuration we are going to find the ServerName setting, and set that to the IP address of your box. While we are at it, go take a look for this line: (hint, use ctrl-w to search)
Remove that pound sign "#" to enable that line. Save the file and lets move on to configuring access.
Now in here, you will need to copy the following snipit and save that file:
Now that our connections are good, let's configure authentication and disable SFTP on port 22
In this file you need to find the following line and remove the pound sign "#" to uncomment it.
Now let's reboot SSH so our changes take into effect
Now let's secure our ruTorrent directory. Username and password are case sensitive here.
Now let's set up SSL
Assuming you are using Online.net, these are the settings you want to use:
Country: FR
Province: Īle-de-France
City: Paris
Common Name: the IP address of your server ! Important or when you add the cert to the trusted zones on your computer it will error out !
Now open your vhost configuration for the SSL website
You will have what looks like an XML structure. go to the bottom, but make sure to stay within the VirtualHost tags and add this:
While we are in here, let's go ahead and set up our certificate references. Make sure to find these lines and change them:
Now you can save and close this out and open the regular HTTP default config
Change it so that it only says this (this is going to force HTTPS be used on your site)
Save and close that out and let's activate the SSL config within Apache and reload services
So we are just about done! Remember how I said earlier I would show you how to change your default theme? Run these commands
Now in this file, we want to put in this PHP code
I prefer Oblivion, but change that to whatever you want.
And voila, we are up and running! Let's reboot the server for good measure and set up our FTP client and Trust the Site. First thing first though, let's go open the following file and copy the entire contents to a file on your local computer
Copy the entirety of that file to your local computer, stick it in my documents or somewhere where you know you wont delete it and name it seedbox.ppk. You will need this to setup your key within your FTP client.
Configure Server for Socks Proxy
First thing's first, Let's back-up our current configuration and then make the changes we need for our tunnel.
There are a lot of options in this config file. There are a few that I would reccomend. TCP Forwarding is a must if you want to make your proxy work. Make sure to keep your authentication set to RSA, I know there has been some arguements over which is best, RSA or DSA, but I can tell you firsthand from experience that RSA is hands down the best to use. If you would like more information on this check out this link: http://security.stackexchange.com/qu...ntication-keys
Now that we made our changes, we need to restart SSH Daemon for them to take into affect
Voila, you can now use your server as a SOCKS Proxy to safely encript your web traffic.
Using our Seedbox
Since we have done all this with our server, let's reboot it for good measure.
SFTP Client (FileZilla)
For the sake of demonstration, I'm going to use FileZilla. For our FTP client, but you can google whatever client you use if you need instructions on something else.
1: Open FileZilla and go into site manager.
2: Create a new site, name it what you want, and put in the following for your connection information:
Host: Server IP
Port: 2222
Protocol: SFTP - SSH File Transfer Protocol
Logon Type: Normal
User: USERNAME
Password: PASSWORD
3: Click on the Advanced Tab and set up default local and remote directories if you like. On my system I have a folder in my downloads called Seedbox, and on the server I set /rtorrent/downloads as my default.
4: Click ok and then go to File > Settings
5: On the left, go to Connection > SFTP
6: Click on Add keyfile and point it to wherever you saved seedbox.ppk
7: Put in your password that you used back when you created the SSH keys.
SSH Client (Putty)
I use Putty for my SSH client, so I'm going to use it for my example on setting up your SOCKS Proxy:
Start Putty
1: For host name put the IP of your server, for Port use what you configured, Type is SSH
2: Click on Connection on the left.
3: Change keep alive to 1800 seconds, check Enable TCP keepalives
4: Select SSH > Tunnels
5: Source port is the same as your Port you configured, click Add.
Go back to the Session Tab and save your session using whatever name you would like. Then Connect, our tunnel has been established.
Browser Settings (FireFox)
Personally, I use Chrome for all my personal non-secure browsing. Any time I want to download a torrent, or get my net traffic on without having to worry about eavesdroppers then I use FireFox. So now we are going to use that SSH connection to establish our Proxy. Remember, that SSH client needs to be open for this to work.
Start FireFox
1: Press Alt key if the tools menu isn't at the top.
2: Tools > Options, Then click on the Advanced tab, and go to Network > Settings
3: Select Manual Proxy Configuration.
4: For SOCKS Host enter localhost, port is whatever you configured SSH to be.
5: Make sure SOCKS v5 is selected and this hit OK.
6: Go to whatismyip.org and verify that your ip address is your Seedbox Server's IP.
Now for trusting the website (ruTorrent Web UI). You'll notice when you go to http://ipaddress/rutorrent that it automatically redirects to https://ipaddress/rutorrent. This is fine, but you will probably get an error saying that the site is using a self-signed certificate and cannot be trusted. We are not looking for some 3rd party site's seal of approval of our server, we just want to encrypt our traffic. So to add this to your trusted sites, you need to do a couple things. First thing is click on the lock icon next to the address, go to the certificate information and then details, there you will see a button that says export or save to file or something. You are going to save that to a file and then go into your settings for the browser. You then just go add that certificate to your trusted authenticate sites. This will vary depending on the browser you use, so google it and it's pretty straight forward.
Conclusion
You should now have a fully fictional seedbox that when you communicate with it, either via SSH, SFTP, or ruTorrent, you will have fully encrypted and secure data transmission. There are plenty of places to go from here. On these forums and others you will find plenty of tutorials for getting yourself set up for auto-downloading of torrents, using plugins, getting IRC or whatever else set up. The goal of this guide was to hopefully get you to the point where you have a fully functional seedbox that can get you started that is safe and secure. Hope you found this helpful, if you come across an error or anything, let me know. I pretty much just took all the commands I ran and copied it to a notepad. So hopefully I didn't miss anything or mistype something.
EDIT: I added using your seedbox as a SOCKS Proxy for secure browsing.
EDIT: Made some changes to commands and streamlined a few processes.
Happy Seeding!
So here is my first shot at a tutorial. As I posted yesterday, I ordered a dedibox from Online.net and set up a seedbox on it. You can read my review on the setup process and my first thoughts after having ran it the first day HERE
I tried a couple scripts, namely flizbox and lefteris' scripts. I'm not saying that there is anything wrong with those scripts, but with my server they just were not working. Everything would install fine, but then I'd have to go through all sorts of code to find out why things were breaking down when I tried to make things work. I figured rather than spending too much time on it I'd just do the installs myself and gain the experience myself. Another upside with installing things yourself, is you have a hands on view of each step in the processes, making it FAR easier to troubleshoot or modify things later because you know where everything is, and how everything is configured. Plus it helps you to learn and understand more about how everything in your server is working and operating. This also makes sure that you know and input every command along the way so you know what's happening. I rarely use someone else's scripts because, especially with the long ones, it's far too easy for someone to slip something in there with everything and you never notice.
That said, here is what I did to get my server up and running. This guide assumes that you have at least a sudo user with root access via SSH. And while prior knowledge of Apache, general web server operation, setting up SSL, SFTP, and various seedbox programs are a plus, it is not required. Honestly, I have the rest of the server stuff on lock myself, but the seedbox part is completely new to me.
My System
I'm running a Dedicated Server on Online.net with Ubuntu Server 12.04 installed.
Via Nano U2250 1.3+GHz processor
2Gb RAM
500Gb Storage
1Gb/s network connection with guarantee for 150Mb/s
1 IPv4 Static IP Address
Process Overview
- Install XMLrpc, LibTorrent, rTorrent, ruTorrent, ruTorrent Plugins, and proFTPD
- Configure the installations for use on a secure connection
- Secure our connection through use of SFTP for transfer of materials, and SSL for default browsing and use
- Secure our browsing directories with basic pw authentication (this is safe enough because we are using HTTPS)
- Set a default theme for ruTorrent and securely connect to it
My Process
Note 1: Like I said, this was done on an Online.net Dedicated Server with Ubuntu Server 12.04 installed. If you are using a different provider and distribution or linux I cannot vouch for any of this working.
Note 2: Anytime you come across something like this: <<GENERIC>> this means that you much put in whatever variable that is specific to your system in that instance, this will mostly apply to UserName and IP. PAY ATTENTION TO THOSE DOUBLE KARATS!!!!!!
If you are using Online.net and do not read french, I recommend you change your locale.
Code:
sudo nano /etc/default/locale
Code:
sudo shutdown -r now
Code:
sudo apt-get update sudo apt-get upgrade
Code:
sudo apt-get install subversion build-essential automake libtool libcppunit-dev libcurl4-openssl-dev libsigc++-2.0-dev unzip unrar curl libncurses5-dev sudo apt-get install apache2 php5 php5-cli php5-curl sudo apt-get install libapache2-mod-scgi
Code:
sudo ln -s /etc/apache2/mods-available/scgi.load /etc/apache2/mods-enabled/scgi.load sudo mkdir /install sudo mkdir /home/<<USERNAME>>/rtorrent sudo mkdir /home/<<USERNAME>>/rtorrent/.session sudo mkdir /home/<<USERNAME>>/rtorrent/downloads sudo mkdir /home/<<USERNAME>>/rtorrent/watch
Install XMLrpc
Code:
cd /installsudo svn checkout http://svn.code.sf.net/p/xmlrpc-c/code/stable xmlrpc-c cd xmlrpc-c sudo ./configure --disable-cplusplus sudo make sudo make install
Code:
cd /installsudo wget http://libtorrent.rakshasa.no/downloads/libtorrent-0.13.2.tar.gz sudo tar xvf libtorrent-0.13.2.tar.gz cd libtorrent-0.13.2 sudo ./autogen.sh sudo ./configure sudo make sudo make install
Code:
cd /installsudo wget http://libtorrent.rakshasa.no/downloads/rtorrent-0.9.2.tar.gz sudo tar xvf rtorrent-0.9.2.tar.gz cd rtorrent-0.9.2 sudo ./autogen.sh sudo ./configure --with-xmlrpc-c sudo make sudo make install sudo ldconfig sudo chmod 777 /home/<<USERNAME>>/rtorrent/.session/
Code:
cd /home/<<USERNAME>> sudo nano .rtorrent.rc
Code:
# Directoriesdirectory = /home/<<USERNAME>>/rtorrent/downloads session = /home/<<USERNAME>>/rtorrent/.session # rTorrent encryption = allow_incoming,try_outgoing,enable_retry schedule = watch_directory,5,5,"load_start=/home/<<USERNAME>>/rtorrent/watch/*.torrent" max_downloads_global = 0 max_uploads_global = 0 min_peers = 100 max_peers = 300 min_peers_seed = 100 max_peers_seed = 300 max_uploads = 350 download_rate = 0 upload_rate = 0 check_hash = no # Network scgi_port = 127.0.0.1:5000 encoding_list = UTF-8 system.umask.set = 022 port_range = <<YOURPORTRANGE>> port_random = no use_udp_trackers = yes dht = disable peer_exchange = no
Now that we have the backend of the seedbox set up, we are going to install our front end. Let's install ruTorrent
Code:
cd /installsudo wget http://dl.bintray.com/novik65/generic/rutorrent-3.6.tar.gz sudo tar xvf rutorrent-3.6.tar.gz sudo mv rutorrent /var/www sudo wget http://dl.bintray.com/novik65/generic/plugins-3.6.tar.gz sudo tar xvf plugins-3.6.tar.gz sudo mv plugins /var/www/rutorrent
Code:
sudo apt-get install screensudo chown -R www-data:www-data /var/www/rutorrent sudo htpasswd -c /var/www/rutorrent/.htpasswd <<USERNAME>> sudo service apache2 restart screen -fa -d -m rtorrent
First let's generate the keys
Code:
cd /home/<<USERNAME>>sudo mkdir .ssh sudo chmod 700 .ssh ssh-keygen -t rsa
Now let's install and configure proFTPD
Code:
sudo apt-get install proftpd sudo nano /etc/proftpd/proftpd.conf
Code:
# DefaultRoot ~
Code:
sudo nano /etc/proftpd/conf.d/sftp.conf
Code:
<IfModule mod_sftp.c> SFTPEngine on Port 2222 SFTPLog /var/log/proftpd/sftp.log # Configure both the RSA and DSA host keys, using the same host key # files that OpenSSH uses. SFTPHostKey /etc/ssh/ssh_host_rsa_key SFTPHostKey /etc/ssh/ssh_host_dsa_key SFTPAuthMethods publickey SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u # Enable compression SFTPCompression delayed </IfModule>
Code:
sudo mkdir /etc/proftpd/authorized_keyssudo ssh-keygen -e -f /home/<<USERNAME>>/.ssh/id_rsa.pub | sudo tee /etc/proftpd/authorized_keys/<<USERNAME>> sudo service proftpd restart sudo nano /etc/ssh/sshd_config
Code:
#Subsystem sftp /usr/lib/openssh/sftp-server
Code:
sudo service ssh restart
Code:
sudo htpasswd -c /home/<<USERNAME>>/.htpasswd <<USERNAME>>
Code:
sudo a2enmod ssl sudo service apache2 restart sudo mkdir /etc/apache2/ssl sudo openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
Country: FR
Province: Īle-de-France
City: Paris
Common Name: the IP address of your server ! Important or when you add the cert to the trusted zones on your computer it will error out !
Now open your vhost configuration for the SSL website
Code:
sudo nano /etc/apache2/sites-available/default-ssl
Code:
<Location /rutorrent> AuthName "Private" AuthType Basic AuthBasicProvider file AuthUserFile /home/<<USERNAME>>/.htpasswd Require valid-user </Location>
Code:
ServerName <<SERVERIP>>:443 SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Code:
sudo nano /etc/apache2/sites-available/default
Code:
<VirtualHost *:80> ServerName <<SERVERIP>> Redirect permanent / https://<<SERVERIP>>/ </VirtualHost>
Code:
sudo a2ensite default-ssl sudo service apache2 reload
Code:
sudo mkdir -p /var/www/rutorrent/conf/users/<<USERNAME>>/plugins/theme/ sudo nano /var/www/rutorrent/conf/users/<<USERNAME>>/plugins/theme/conf.php
Code:
<?php $defaultTheme = "Oblivion" ; ?>
And voila, we are up and running! Let's reboot the server for good measure and set up our FTP client and Trust the Site. First thing first though, let's go open the following file and copy the entire contents to a file on your local computer
Code:
nano /home/<<USERNAME>>/.ssh/id_rsa
Configure Server for Socks Proxy
First thing's first, Let's back-up our current configuration and then make the changes we need for our tunnel.
Code:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bkup sudo nano /etc/ssh/sshd_config
Code:
Port 22 #Change this Protocol 2 PermitRootLogin no RSAAuthentication yes PubkeyAuthentication yes TCPKeepAlive yes AllowUsers <<USERNAME>> AllowTcpForwarding yes
Code:
sudo services ssh restart
Using our Seedbox
Since we have done all this with our server, let's reboot it for good measure.
Code:
sudo shutdown -r now
SFTP Client (FileZilla)
For the sake of demonstration, I'm going to use FileZilla. For our FTP client, but you can google whatever client you use if you need instructions on something else.
1: Open FileZilla and go into site manager.
2: Create a new site, name it what you want, and put in the following for your connection information:
Host: Server IP
Port: 2222
Protocol: SFTP - SSH File Transfer Protocol
Logon Type: Normal
User: USERNAME
Password: PASSWORD
3: Click on the Advanced Tab and set up default local and remote directories if you like. On my system I have a folder in my downloads called Seedbox, and on the server I set /rtorrent/downloads as my default.
4: Click ok and then go to File > Settings
5: On the left, go to Connection > SFTP
6: Click on Add keyfile and point it to wherever you saved seedbox.ppk
7: Put in your password that you used back when you created the SSH keys.
SSH Client (Putty)
I use Putty for my SSH client, so I'm going to use it for my example on setting up your SOCKS Proxy:
Start Putty
1: For host name put the IP of your server, for Port use what you configured, Type is SSH
2: Click on Connection on the left.
3: Change keep alive to 1800 seconds, check Enable TCP keepalives
4: Select SSH > Tunnels
5: Source port is the same as your Port you configured, click Add.
Go back to the Session Tab and save your session using whatever name you would like. Then Connect, our tunnel has been established.
Browser Settings (FireFox)
Personally, I use Chrome for all my personal non-secure browsing. Any time I want to download a torrent, or get my net traffic on without having to worry about eavesdroppers then I use FireFox. So now we are going to use that SSH connection to establish our Proxy. Remember, that SSH client needs to be open for this to work.
Start FireFox
1: Press Alt key if the tools menu isn't at the top.
2: Tools > Options, Then click on the Advanced tab, and go to Network > Settings
3: Select Manual Proxy Configuration.
4: For SOCKS Host enter localhost, port is whatever you configured SSH to be.
5: Make sure SOCKS v5 is selected and this hit OK.
6: Go to whatismyip.org and verify that your ip address is your Seedbox Server's IP.
Now for trusting the website (ruTorrent Web UI). You'll notice when you go to http://ipaddress/rutorrent that it automatically redirects to https://ipaddress/rutorrent. This is fine, but you will probably get an error saying that the site is using a self-signed certificate and cannot be trusted. We are not looking for some 3rd party site's seal of approval of our server, we just want to encrypt our traffic. So to add this to your trusted sites, you need to do a couple things. First thing is click on the lock icon next to the address, go to the certificate information and then details, there you will see a button that says export or save to file or something. You are going to save that to a file and then go into your settings for the browser. You then just go add that certificate to your trusted authenticate sites. This will vary depending on the browser you use, so google it and it's pretty straight forward.
Conclusion
You should now have a fully fictional seedbox that when you communicate with it, either via SSH, SFTP, or ruTorrent, you will have fully encrypted and secure data transmission. There are plenty of places to go from here. On these forums and others you will find plenty of tutorials for getting yourself set up for auto-downloading of torrents, using plugins, getting IRC or whatever else set up. The goal of this guide was to hopefully get you to the point where you have a fully functional seedbox that can get you started that is safe and secure. Hope you found this helpful, if you come across an error or anything, let me know. I pretty much just took all the commands I ran and copied it to a notepad. So hopefully I didn't miss anything or mistype something.
EDIT: I added using your seedbox as a SOCKS Proxy for secure browsing.
EDIT: Made some changes to commands and streamlined a few processes.
Happy Seeding!
Comment