Based on all the NSA sniffing and the recent article about who provides whom which information  I decided to set-up my own cloud on my private server. And actually – it was surprisingly easy! Searching around the internet seafile  seemed to be the most appropriate solution, since it is open-source, provides a nice web interface and actually has a client for all common operating system and devices.
So log in at the server – get root and download the server via wget:
root@jvr:~# wget https://bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz --2014-05-18 16:26:06-- https://bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz Resolving bitbucket.org... 220.127.116.11, 18.104.22.168 Connecting to bitbucket.org|22.214.171.124|:443... connected. HTTP request sent, awaiting response... 302 FOUND Location: http://cdn.bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz [following] --2014-05-18 16:26:07-- http://cdn.bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz Resolving cdn.bitbucket.org... 126.96.36.199, 188.8.131.52, 184.108.40.206, ... Connecting to cdn.bitbucket.org|220.127.116.11|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 18399709 (18M) [application/x-tar] Saving to: `seafile-server_3.0.3_x86-64.tar.gz' 100%[============================================================================================>] 18,399,709 51.0M/s in 0.3s 2014-05-18 16:26:07 (51.0 MB/s) - `seafile-server_3.0.3_x86-64.tar.gz' saved [18399709/18399709] root@jvr:~#
Of course now we have to unzip the file:
root@jvr:~# tar xzf seafile-server_3.0.3_x86-64.tar.gz root@jvr:~# cd seafile-server-3.0.3/
So just before we install, there are some packages which are required. For my system I needed to install the following additional packages:
root@jvr:~# apt-get install python python-setuptools python-simplejson python-imaging
If there is anything else missing, seafile will anyway note it during the installation, so no need to panic. So let’s get to the installation itself:
Follow the installation instructions – it should be quite straight forward. If you face any issue, the Seafile wiki  should be quite helpful. I installed the seafile server under /usr/share/ while I keep the data storage under /opt/seafile-data. If everything goes fine, the seafile server should be running with the following services under the listed ports:
port of ccnet server: 10001 port of seafile server: 12001 port of seafile httpserver: 8082 port of seahub: 8000
Please note that the sea hub service, which provides the web-end of the seafile server, needs to be started separately.
Ok, so far so good, everything should be up and running and you should be able to login via the web-interface on port 8000.
The next thing I’ve done was to create the links under /etc/init.d/ as follows and add both in the default run levels, so that the services fires up on a restart/start automatically:
root@jvr:/opt# cd /etc/init.d/ root@jvr:/etc/init.d# ln -s /usr/share/seafile-server-latest/seafile.sh . root@jvr:/etc/init.d# ln -s /usr/share/seafile-server-latest/seahub.sh . root@jvr:/etc/init.d# update-rc.d seafile.sh defaults root@jvr:/etc/init.d# update-rc.d seahub.sh defaults
And now the tricky part. Since you might have noticed in my other blog entries ,, I am a bit security fanatic. Therefore I’d like to secure certain critical parts additionally. This time I’ll do this for the seafile web-service. So first I create an additional site within the apache configuration under /etc/apache2/sites-available/seafile with the following content:
<VirtualHost seafile.jvr.at:443> ServerName seafile.jvr.at HostnameLookups Double CustomLog /var/log/apache2/access.log combined env=!dontlog SetEnvIf Request_URI "^/u" dontlog ErrorLog /var/log/apache2/error.log Loglevel warn SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem <Proxy *> AuthUserFile /srv/seafile/.htpasswd AuthName EnterPassword AuthType Basic require user seafile_user Order Deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8000/ ProxyPassReverse / http://localhost:8000/ </VirtualHost>
Now let’s create the htaccess file within the according directory:
root@jvr:~# mkdir /srv/seafile root@jvr:~# cd /srv/seafile root@jvr:/srv/seafile# htpasswd -cm /srv/seafile/.htpasswd seafile_user
Link the apache site to the sites-enabled and reload the apache service:
root@jvr:~# cd /etc/apache2/sites-enabled/ root@jvr:/etc/apache2/sites-enabled# ln -s ../sites-available/seafile . root@jvr:/etc/apache2/sites-enabled# /etc/init.d/apache2 reload * Reloading web server config apache2 [ OK ] root@jvr:/etc/apache2/sites-enabled#
And of course, disable the external access to the port 8000 on your firewall. Your web service should be now accessible with an extended htaccess security. Side note – since within certain companies certain ports are locked, it additionally enables you to access the service via https.