The perfect linux server

[miT]

The perfect linux server to me is something that can maintain all of my downloads, whatever it may be (Torrent, newsgroups, soulseek, ect) that can be controlled and accessed from VPN, LAN or Internet via HTTP... and have it all running when it boots up! (That was the hardest part actually)

In this video tutorial, i walk you through installing:

- Webmin (HTTP Adminstration of your server)

- Torrentflux (HTTP Front-end for Torrent downloads)

- SABnzbd Plus (HTTP Front-end for Newsgroup downloads)

- irssi (Text based IRC Chat client)

- Museek (Soulseek music download daemon)

- Eggdrop IRC Bot (*does the robot*)

- Hamachi VPN (Free and easy VPN solution that even my grandma can understand)

Text version available @ my blog: http://www.timashley.me

http://www.youtube.com/watch?v=wIJQloQI8KQ

[3TeK]

nice one tim, i'll have to check it out

[miT]

nice one tim, i'll have to check it out

Thanks man, let me know if you have any questions about the video or tutorial in the article. :)

[jobdone]

great stuff.

[shonen]

Kick ass dude, I was planning on doing something like this with the 2nd server I scored and you have saved me a stack load of time searching on how to install it all.

I am by no means a linux expert and occasionally run into a few issues every so often and its nice to watch someone else do it with an explanation prior to diving into the deep end.

*tips hat* Thanks mate.

[miT]

great stuff.

Kick ass dude, I was planning on doing something like this with the 2nd server I scored and you have saved me a stack load of time searching on how to install it all.

I am by no means a linux expert and occasionally run into a few issues every so often and its nice to watch someone else do it with an explanation prior to diving into the deep end.

*tips hat* Thanks mate.

Thanks for the positive feedback guys :) It really means a lot when i get comments back on stuff i've posted.

If you're interested, i have a "Pimp my laptop" video i did awhile back with my Toshiba Portege. A lot of people were having trouble getting the touchscreen, digitizer pen and sound working on ubuntu linux.

http://www.youtube.com/watch?v=8q79gkMqS5w

Next mini tutorial will probably be a basic WEP/WPA auditing and possibly a "Pimp my desktop" via the new Ubuntu release 9.10 (I had a hell of a time deleting the gnome-panel for my minimalistic setup).

[shonen]

Thanks for the positive feedback guys :) It really means a lot when i get comments back on stuff i've posted.

If you're interested, i have a "Pimp my laptop" video i did awhile back with my Toshiba Portege. A lot of people were having trouble getting the touchscreen, digitizer pen and sound working on ubuntu linux.

http://www.youtube.com/watch?v=8q79gkMqS5w

Next mini tutorial will probably be a basic WEP/WPA auditing and possibly a "Pimp my desktop" via the new Ubuntu release 9.10 (I had a hell of a time deleting the gnome-panel for my minimalistic setup).

I had to fix a a Toshiba Portege the other day at work (first time I came across one). I must admit its one sexy looking laptop. Personally I am not a huge fan of touch screens n what not but I will check out your work when I get around to it (has your blog bookmarked).

WEP/WPA auditing on ubuntu sounds interesting. I wrote a similar tutorial for backtrack 3 linkage about a year or so ago.

I ended up installing ubuntu 9.04 and open ssh on my ESXi server the other night. First thing I installed through ssh was sudo-apt get ubuntu-desktop >:P yes yes laugh at the dyslexic GUI fan boy, what can I say startx is my security blanket.

From there I followed your tutorial and picked the two quieck/easiest to install apps webmin and torrentflux due to it being late at night. I have never used these packages before but after a quick look and fiddle I instantly fall in love.

I also plan on installing hamachi and irssi later on today, hopefully I wont bork the VPN install up like last time. =D

BTW I have a couple of questions and please excuse my n00bish-ness.

1: I was curious as to how much HDD space you have for your perfect ubuntu server and what you would class as the min install space for it?

2: What port do you forward on your router for hamachi?

3: Seeing as Webmin and torrentflux use either http or https if one was to configure a web server on the linux server will this cause issues with http:ipaddy for the apache server?

No probs on the comments, one must always give credit where it is due and you obviously spent a fair amount of time doing the video and posting blog up with all the command line.

[7h3kk1d]

I was wondering if anyone knew of any software which puts your HDs to sleep if they're not in use and if they overheat. And if the main HD overheats it shuts down the system and notifies me via email.

[shonen]

I was wondering if anyone knew of any software which puts your HDs to sleep if they're not in use and if they overheat. And if the main HD overheats it shuts down the system and notifies me via email.

Not to sure about that, I always thought the sleep function was supported in the O.S itself (well in windows it is) not so certain with ubuntu. It could also be a bios setting somewhere under power management.

[miT]

1: I was curious as to how much HDD space you have for your perfect ubuntu server and what you would class as the min install space for it?

The server i currently have this setup running on doesn't have a big hard drive. Only 75gb. Heck, even a little 40 gigger could support light downloading as long as you're pulling what you're downloading off the server after it completes.

2: What port do you forward on your router for hamachi?

That's beauty of Hamachi VPN. It's a reverse connection outbound to the hamachi heartbeat servers. There is no need to open any ports what-so-ever (great if you're "borrowing" some wifi and can't forward ports)

3: Seeing as Webmin and torrentflux use either http or https if one was to configure a web server on the linux server will this cause issues with http:ipaddy for the apache server?

In my tutorial, we're actually running two types of web servers, Apache and CherryPy. Webmin and Torrent flux work off of Apache, whereas SABnzbd+ works off of CherryPy. You could easily move SABnzbd+ over to apache and have every thing under one umbrella, but im a lazy linux admin ;)

To answer your question; you already have a web server (two infact!) rolled out. If you really wanted to roll out another variant of a web server, you would have to configure it to bind to alternate ports (hence why CherryPy uses port 8080 in my tutorial) as Apache takes over the common HTTP (80) and HTTPS (143) ports.

Hope this answers your questions, if not, REPLY! :)

[shonen]

Ahh so your pretty much in the same boat as me with HDD space. I only allocated 80gb for the ubuntu server data store and was planning on moving torrents to a 1tb shared drive on my HTPC.

Nice, I didn't know hachachi made a reverse outbound connection and I can see how that would be rather useful when leeching wifi. Just finished doing the hamachi install, I ran into a couple of minor issues in setting up my windows client but that was more to do with my comp acting weird and not showing the ubuntu server. lol that made me waste an hour or so I thought I cocked up another vpn install. A reinstall on the windows client corrected the issue and I now have my gateway hamachi VPN. =D Thanks again for the tutorial it made the linux side of things as painless as possible.

I figured that the ubuntu server had a web server installed already after loading those webgui programs but I didn't know that you could bind it to a different port (I will have to look into that). Is it possible to use one of the existing installed web servers and run it on port 80 with something like http://myipaddress/mywebsite (from what I can remember torrentflux does something like this)?

Thanks a bunch for answering my somewhat noobish questions, you have been a great help.

P.S: Just an Idea on the wifi leeching front, what about purchasing two wifi access points (or mod WRT firmware) that supports client mode and plug it into a Hot Brick LB2. I have been considering purchasing one when the financial gods bestow some money.

[miT]

Ahh so your pretty much in the same boat as me with HDD space. I only allocated 80gb for the ubuntu server data store and was planning on moving torrents to a 1tb shared drive on my HTPC.

Nice, I didn't know hachachi made a reverse outbound connection and I can see how that would be rather useful when leeching wifi. Just finished doing the hamachi install, I ran into a couple of minor issues in setting up my windows client but that was more to do with my comp acting weird and not showing the ubuntu server. lol that made me waste an hour or so I thought I cocked up another vpn install. A reinstall on the windows client corrected the issue and I now have my gateway hamachi VPN. =D Thanks again for the tutorial it made the linux side of things as painless as possible.

Quick note on this one. Make sure you're not downloading Hamachi2 from LogMeIn. My tutorial is for the first generation of hamachi, which is far superior than the new POS they released. The reason i point this out is because the hamachi2 clients are on a different heartbeat server, i.e. they cannot see the hamachi1 clients (the linux server). Ensure that you're using the first generation of hamachi on all computers you wish to have on the VPN.

I figured that the ubuntu server had a web server installed already after loading those webgui programs but I didn't know that you could bind it to a different port (I will have to look into that). Is it possible to use one of the existing installed web servers and run it on port 80 with something like http://myipaddress/mywebsite (from what I can remember torrentflux does something like this)?

Thanks a bunch for answering my somewhat noobish questions, you have been a great help.

I would just toss anything you want to host into the Apache HTTP folder which is located @ /var/www

Example: If i created a folder called hak5 in /var/www [/var/www/hak5] i could simply browse to http://ip.address.or.hostname/hak5 and i will see whats in that folder.

P.S: Just an Idea on the wifi leeching front, what about purchasing two wifi access points (or mod WRT firmware) that supports client mode and plug it into a Hot Brick LB2. I have been considering purchasing one when the financial gods bestow some money.

I have two wireless access points running DDWRT for this exact purpose. Now if i could only get my iptables right, i could start directing torrent traffic to one network while leaving the second network with plenty of available bandiwidth :)

In the end, i would love to get one of these puppies. I could start running karmetasploit side by side with some other fun tools :) .. but i digress, this is starting to get semi off-topic, plus i have this set aside for yet another tutorial to follow up WEP/WPA auditing.

[shonen]

I ended up installing hamachi2 and installing it on the windows clients, it worked perfectly fine on my quick test late last night, well except for my laptop client that was being problematic at first. Seeing as its working thus far I will leave it as is but if I get a problem that crops up I will roll back, thanks for the heads up on that.

Ahhh so thats where the bloody apache folder is, lol can't believe I forgot that. I was mucking around with that a few months back in backtrack4 while I was using ettercap for DNS re directions.

Oh yes I do like those puppies indeed and the Atheros AR2313 + AR5112 is pure <3. WOW Itegrated 13dBi antenna, external RPSMA connector and it supports PoE. You have excellent taste. =D lol out of the box that thing has almost as much power as my shitty TP Link AP with the upgraded 500mw singnal boster and external 15dbo antenna.

I had a quick look at karmetasploit and you have me very interested in your next tutorial. keep up the good work.

[shonen]

Hey mIT I am having a problem with torrentflux and can't quit work out what I am suppose to do. My search results for pirate bay always fails at loading (I don't receive any error messages), I did a quick search on google and believe it has something to do with setting a cookie but I have no idea on how to set it up.

Any advice?

[metatron]

IRSSI and Screen

OpenSSH

OpenVPN

Everything I need on a server

[miT]

Hey mIT I am having a problem with torrentflux and can't quit work out what I am suppose to do. My search results for pirate bay always fails at loading (I don't receive any error messages), I did a quick search on google and believe it has something to do with setting a cookie but I have no idea on how to set it up.

Any advice?

I never really used the torrent search built into torrent flux. I just copy the URL to the .torrent file, or save it locally and xfer it over to torrentflux. You got me on that one.

IRSSI and Screen

OpenSSH

OpenVPN

Everything I need on a server

Pretty much everything i need on a server as well. Except i replace OpenVNC with hamachi in my tutorial, but i cover the rest :)

[shonen]

Yeah I ended up doing the same thing with the torrent links, no big loss.

Hey when you setup your hamachi vpn did you have it setup as a gateway, mesh or hub and spoke? I had mine operating in a gateway (kind of fudged my way through it) and all off a sudden it went tits up on me.

Weird thing I noticed is in the logmein web management panel the ubuntu server never comes up as a listed connection. So I cant select it as the gate way. Server is on perfectly fine and shows up in mesh but I fail at hooking the gateway topology back up again.

Any idea as to why? Sorry to be annoying but I have been looking for a solution for the last 2 days and its starting to give me the shits.

[miT]

Yeah I ended up doing the same thing with the torrent links, no big loss.

Hey when you setup your hamachi vpn did you have it setup as a gateway, mesh or hub and spoke? I had mine operating in a gateway (kind of fudged my way through it) and all off a sudden it went tits up on me.

Weird thing I noticed is in the logmein web management panel the ubuntu server never comes up as a listed connection. So I cant select it as the gate way. Server is on perfectly fine and shows up in mesh but I fail at hooking the gateway topology back up again.

Any idea as to why? Sorry to be annoying but I have been looking for a solution for the last 2 days and its starting to give me the shits.

I don't specify anything anywhere, hamachi gets its own ip address and gateway from the heartbeat servers.

You can see the connection by typing ifconfig from terminal. I believe its interface is called ham0 or something along those lines (im on my netbook at the moment).

Never annoying my man, questions only produce more answers and sometimes more questions. Keep em coming :)

[shonen]

I don't specify anything anywhere, hamachi gets its own ip address and gateway from the heartbeat servers.

You can see the connection by typing ifconfig from terminal. I believe its interface is called ham0 or something along those lines (im on my netbook at the moment).

Never annoying my man, questions only produce more answers and sometimes more questions. Keep em coming :)

I did an ifconfig when I first noticed the problem and all appears to be good on ham0. I even went to the trouble of completely reinstalling a 2nd VM of ubuntu 9.04, ssh and hamachi on my esxi server because the original VM started playing up after I installed VMware tools (note to self use snapshot feature more).

All the outputs from the command line were as stated in the tutorial and when it came to configuring hamachi I created a network on the ubuntu 9.04 VM and attached one client (I didn't use the logmein web based network manager). Still get the same problem with hamachi using the mesh p2p type topology for itself which can be identified on a windows client by simply placing the mouse over the network name.

The mesh topology is bloody annoying seeing as I can't access other workstations, printers or networking device's in my internal LAN (they need to have the hamachi client installed) and the mesh topology wont allow for a VPN proxy type connection where I can utilize my home isp's IP address on my hamachi client machine.

As mentioned before I did have it up at one stage and it was handing out my ISP supplied IP address to a client who was web browsing (I checked it on ipchicking while borrowing some internet off a neighbor). Only issue I had was accessing other clients/devices on my internal lane via host names or class C TCP/IP addresses.

However I did find a fix for the issue of translating ham0 IP to internal TCP/IP as shown below

To check if the problem is caused by invalid routing entry do this:
Code:

ifconfig

Result:

ham0 Link encap:Ethernet HWaddr 00:FF:CA:D0:F5:AA
inet addr:5.23.68.35 Bcast:5.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1200 Metric:1
RX packets:100 errors:0 dropped:0 overruns:0 frame:0
TX packets:244 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:26780 (26.1 KB) TX bytes:21076 (20.5 KB)
  

The IP address of the ham0 interface is the IP of the gateway for all hamachi network bound connections. Check the routing table:
Code:

sudo route -n

Result (the 3rd line defines hamachi connections):

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
64.238.220.160 0.0.0.0 255.255.255.240 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
5.0.0.0 5.23.68.35 255.0.0.0 UG 0 0 0 ham0
0.0.0.0 64.238.220.161 0.0.0.0 UG 100 0 0 eth0
  

If in the Gateway column you don't see the IP of the ham0 interface, as it was the case with me, delete that line and create the correct routing entry for hamachi.
Code:

#delete invalid route:
sudo route del -net 5.0.0.0 gw 0.0.0.0 netmask 255.0.0.0 dev ham0

#add new route:
sudo route add -net 5.0.0.0 gw 5.23.68.35 netmask 255.0.0.0 dev ham0

Hamachi Network Types

ref: Getting started .pdf

Page: 6

About Mesh Networks

In a mesh network, every member is connected to every other member.

Organizations without a physical LAN can use the mesh network type to set up a virtual corporate LAN.

Mesh is also the typical choice for gamers, because network games constantly have to broadcast their current

status to all other participants in the game.

About Hub-and-Spoke Networks

In a hub-and-spoke network, one or more computers act as hubs, while other clients connect as spokes. Spokes

connect to hubs, but never to each other.

Hub-and-spoke is typically used when a workstation (spoke) needs to connect only to servers (hubs). Hub-and-spoke

is ideal if you want strict control over connections between network members.

About Gateway Networks

Use the gateway network type to provide transparent access to your entire network from a centralized Hamachi²

gateway. Members of a gateway network, such as mobile workers, will see one computer acting as a gateway

towards an entire LAN, thus making all network resources accessible.

From what I can gather the default install use's mesh if you want to use the gateway hamachi topology you need to create a logmein account, create a new network and select the gateway type. On the next screen page it asks for you to select the hamachi server that will be acting as the gateway. Problem here is the Ubuntu 9.04 server is not listed as a selectable computer, nor were any of the other 3 windows hamachi clients I had running, hence it can not be added. I ended up discovering that when I added my email address that is associated with my logmein account on a windows client computer it became selectable as a gateway or on the next page as a client member. I am guessing if I can associated my logmein account to my ubuntu 9.04 server things will run smoothly (any ideas how to do this?) and the gateway topology will work. Funny thing is I didn't do this last time and it was working just fine which is weird. 0_o

[miT]

However I did find a fix for the issue of translating ham0 IP to internal TCP/IP as shown below

Beautiful! Good job man :)

[miT]

I was thinking of doing a new "Perfect linux server" setup for 9.10 or 10.4.

Anything you guys want to add to it? What would you consider a perfect server?

[Bercik]

Well, other than just apt-get install stuff and leave default configs. Maybe consider briefly show how to secure box (change sshd settings, host allow/deny, iptables, maybe ssh-key generation). Also ... try netinstall of debian for this purpose. You can still use the joy of apt, but it's much smaller than ubuntu server (and IMO faster and better in any way ;) )

Edited March 16, 2010 by Bercik

[miT]

Well, other than just apt-get install stuff and leave default configs. Maybe consider briefly show how to secure box (change sshd settings, host allow/deny, iptables, maybe ssh-key generation). Also ... try netinstall of debian for this purpose. You can still use the joy of apt, but it's much smaller than ubuntu server (and IMO faster and better in any way ;) )

So let me break this down:

1) Secure SSH (Change ports, ect)

2) Host filtering (probably focus on squid for that one)

3) iptables (for what exactly?)

4) SSH-Key Generation (for auto SSH login? i did this for a project im working on, its quite easy)

5) Netinstall (You're referring to installation of a Debian server via Minimal CD? I.E. over the internet)

Side note: i understand netinstall via Minimal CD would save space (more space = awesome) but how would it keep it faster? Other than a couple services running that you usually wouldn't install, i don't see a great increase in performance.

Feel free to tag on any other things you guys want to see on the next perfect server build.

Thanks! :)

[Bercik]

ad 3

create rules that narrow your needs -- accept all = evil

ad 4

Not only for autologin - you can still use passphrase for key. It's little (IMO) better and more secure, because you don't even send encrypted password over network.

ad 5

yes, less space, less packages, don't install all recommended packages, keep to the minimum. Also when installing debian I always turned off network, so it wouldn't download any updates.

About performance - maybe you have really powerful machine. Any time I compared ubuntu vs debian I could CLEARLY feel performance difference.

[GLaDOS]

Eww, don't use TorrentFlux - Unless you like python based clients that spawn new processes for each torrent. Not very fun when you're seeding 6,000 Linux Distros.

rTorrent <3