Managing files in the Seafile personal cloud
Add Some Security to Your Server
When you buy a server from Digital Ocean or Linode, you get a bare minimal system. The first thing to do is ensure that it's fully updated. SSH into your server and update the system:
ssh root@SERVER_IP sudo apt-get update sudo apt-get dist-upgrade
Create a user for the system and add it to the sudoers file, so it has sudo powers and you can prevent other users from SSHing into the server as root user.
adduser swapnil gpasswd -a swapnil sudo
For additional security, change the default port for ssh and block root login. Open the sshd
configuration file using your preferred editor. Look for the port number and change it from default 22 to any higher port (just don't use any ports already used by system).
To block root SSH access, Look for the following directive and change it from yes
to no
:
PermitRootLogin no
Save and close the config file. Now restart ssh service:
service ssh restart
Don't log out of your server or close the terminal window.
Open another terminal window and ssh
into your system using the newly created user and port, using:
ssh -pPORT_NUMBER USER_NAME@SERVER_IP
For example:
ssh -p1977 swapnil@102.22.123.22
Give the password for the user and log into your system.
If everything works fine, you have added some basic security to the server. To add another layer of security, I recommend using a key instead of a password to log into your system.
Set Up the MariaDB Database
The next step is to install the core components needed for Seafile. I'll start with the database. I will use the latest stable branch (10.x) of MariaDB. Because Ubuntu doesn't have the latest MariaDB packages, I will add official MariaDB repositories.
Visit the download page of MariaDB [4] to obtain updated instructions for choosing the right mirror for your distro.
# apt-get install software-properties-common # apt-key adv --recv-keys --keyserver \ hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
Then, open the source.list
file and add the main repo at the bottom:
deb http://mirror.jmu.edu/pub/mariadb/repo/10.0/ubuntu trusty main
Update the repos and install the maridb
server (choose the 10.x branch):
apt-get update apt-get install mariadb-server
During the installation, MariaDB will ask to create a root password for the database server. Once the database is installed, you will need to create some system tables. First, however, you should stop the MySQL daemon (MariaDB is the drop-in replacement for MySQL, so it uses the same commands used for MySQL server – don't be confused with the sight of the term MySQL).
Kill the MySQL daemon:
killall mysqld
The following command will initialize the MariaDB data directory and create the necessary system tables.
mysql_install_db
The preceding command also created some test tables and users, which should be removed for security purposes. Start the service with:
service mysql start
Enter the following command to launch a script that will perform some tasks to secure the database:
sudo mysql_secure_installation
The scripts asks a series of questions. Say no to the first question, because you don't need to change the root password, and say yes to the rest.
To add one more layer of security, you need to open the my.cnf
file and add the line
local-infile=0
in the [mysqld]
section, somewhere after the bind-address
directive.
Set Up Nginx and Other Packages
If you want SSL support, you'll need to install ngix-full
instead of nginx
:
# apt-get install nginx-full # apt-get install python python-setuptools python-imaging \ python-mysqldb
Create a directory to store the certificate and the key:
# mkdir /etc/nginx/ssl
Then, you can generate the key and the certificate:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
You will have to provide some personal information on organization name, location, and web address to generate the SSL key and certificate. The certificate and the key will land in the /nginx/ssl
directory.
Now create an nginx
configuration file for this server inside the sites-available
directory and populate the config file with the contents shown in Listing 1.
Listing 1
Nginx Configuration File
You have to make three changes to the file in Listing 1. First, replace your-domain.com
with the name or IP address of your domain (two instances). Then, in the last section, location /media
, replace SITE_DIRECTORY
with the directory where you will download sea file packages. (Throughout this article, the root directory is sea
and its path is /var/www/sea
. Exchange these names with the names you chose on your server.)
Next, save and close this file and then create a symlink in the site-enabled
directory:
# ln -s /etc/nginx/sites-available/sea /etc/nginx/sites-enabled/
Remove the default config file from site-enabled directory as shown in the following example:
# rm -r /etc/nginx/sites-enabled/default
Then, open the nginx.conf
file un-comment the following lines:
server_tokens off; server_names_hash_bucket_size 64; server_name_in_redirect off;
After completing these steps, you can save and close the file.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs