Managing files in the Seafile personal cloud
Add Some Security to Your Server
When you buy a server from Digital Ocean or Linode, you get a bare minimal system. The first thing to do is ensure that it's fully updated. SSH into your server and update the system:
ssh root@SERVER_IP sudo apt-get update sudo apt-get dist-upgrade
Create a user for the system and add it to the sudoers file, so it has sudo powers and you can prevent other users from SSHing into the server as root user.
adduser swapnil gpasswd -a swapnil sudo
For additional security, change the default port for ssh and block root login. Open the sshd
configuration file using your preferred editor. Look for the port number and change it from default 22 to any higher port (just don't use any ports already used by system).
To block root SSH access, Look for the following directive and change it from yes
to no
:
PermitRootLogin no
Save and close the config file. Now restart ssh service:
service ssh restart
Don't log out of your server or close the terminal window.
Open another terminal window and ssh
into your system using the newly created user and port, using:
ssh -pPORT_NUMBER USER_NAME@SERVER_IP
For example:
ssh -p1977 swapnil@102.22.123.22
Give the password for the user and log into your system.
If everything works fine, you have added some basic security to the server. To add another layer of security, I recommend using a key instead of a password to log into your system.
Set Up the MariaDB Database
The next step is to install the core components needed for Seafile. I'll start with the database. I will use the latest stable branch (10.x) of MariaDB. Because Ubuntu doesn't have the latest MariaDB packages, I will add official MariaDB repositories.
Visit the download page of MariaDB [4] to obtain updated instructions for choosing the right mirror for your distro.
# apt-get install software-properties-common # apt-key adv --recv-keys --keyserver \ hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
Then, open the source.list
file and add the main repo at the bottom:
deb http://mirror.jmu.edu/pub/mariadb/repo/10.0/ubuntu trusty main
Update the repos and install the maridb
server (choose the 10.x branch):
apt-get update apt-get install mariadb-server
During the installation, MariaDB will ask to create a root password for the database server. Once the database is installed, you will need to create some system tables. First, however, you should stop the MySQL daemon (MariaDB is the drop-in replacement for MySQL, so it uses the same commands used for MySQL server – don't be confused with the sight of the term MySQL).
Kill the MySQL daemon:
killall mysqld
The following command will initialize the MariaDB data directory and create the necessary system tables.
mysql_install_db
The preceding command also created some test tables and users, which should be removed for security purposes. Start the service with:
service mysql start
Enter the following command to launch a script that will perform some tasks to secure the database:
sudo mysql_secure_installation
The scripts asks a series of questions. Say no to the first question, because you don't need to change the root password, and say yes to the rest.
To add one more layer of security, you need to open the my.cnf
file and add the line
local-infile=0
in the [mysqld]
section, somewhere after the bind-address
directive.
Set Up Nginx and Other Packages
If you want SSL support, you'll need to install ngix-full
instead of nginx
:
# apt-get install nginx-full # apt-get install python python-setuptools python-imaging \ python-mysqldb
Create a directory to store the certificate and the key:
# mkdir /etc/nginx/ssl
Then, you can generate the key and the certificate:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
You will have to provide some personal information on organization name, location, and web address to generate the SSL key and certificate. The certificate and the key will land in the /nginx/ssl
directory.
Now create an nginx
configuration file for this server inside the sites-available
directory and populate the config file with the contents shown in Listing 1.
Listing 1
Nginx Configuration File
You have to make three changes to the file in Listing 1. First, replace your-domain.com
with the name or IP address of your domain (two instances). Then, in the last section, location /media
, replace SITE_DIRECTORY
with the directory where you will download sea file packages. (Throughout this article, the root directory is sea
and its path is /var/www/sea
. Exchange these names with the names you chose on your server.)
Next, save and close this file and then create a symlink in the site-enabled
directory:
# ln -s /etc/nginx/sites-available/sea /etc/nginx/sites-enabled/
Remove the default config file from site-enabled directory as shown in the following example:
# rm -r /etc/nginx/sites-enabled/default
Then, open the nginx.conf
file un-comment the following lines:
server_tokens off; server_names_hash_bucket_size 64; server_name_in_redirect off;
After completing these steps, you can save and close the file.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.