Tag Archives: Cloud

Howto set-up your own cloud with Seafile

Based on all the NSA sniffing and the recent article about who provides whom which information [1] I decided to set-up my own cloud on my private server. And actually – it was surprisingly easy! Searching around the internet seafile [2] seemed to be the most appropriate solution, since it is open-source, provides a nice web interface and actually has a client for all common operating system and devices.

So log in at the server – get root and download the server via wget:

root@jvr:~# wget https://bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz
--2014-05-18 16:26:06--  https://bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz
Resolving bitbucket.org...,
Connecting to bitbucket.org||:443... connected.
HTTP request sent, awaiting response... 302 FOUND
Location: http://cdn.bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz [following]
--2014-05-18 16:26:07--  http://cdn.bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz
Resolving cdn.bitbucket.org...,,, ...
Connecting to cdn.bitbucket.org||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18399709 (18M) [application/x-tar]
Saving to: `seafile-server_3.0.3_x86-64.tar.gz'
100%[============================================================================================>] 18,399,709  51.0M/s   in 0.3s    
2014-05-18 16:26:07 (51.0 MB/s) - `seafile-server_3.0.3_x86-64.tar.gz' saved [18399709/18399709]

Of course now we have to unzip the file:

root@jvr:~# tar xzf seafile-server_3.0.3_x86-64.tar.gz
root@jvr:~# cd seafile-server-3.0.3/

So just before we install, there are some packages which are required. For my system I needed to install the following additional packages:

root@jvr:~# apt-get install python python-setuptools python-simplejson python-imaging

If there is anything else missing, seafile will anyway note it during the installation, so no need to panic. So let’s get to the installation itself:

root@jvr:~/seafile-server-3.0.3# ./setup-seafile.sh

Follow the installation instructions – it should be quite straight forward. If you face any issue, the Seafile wiki [3] should be quite helpful. I installed the seafile server under /usr/share/ while I keep the data storage under /opt/seafile-data. If everything goes fine, the seafile server should be running with the following services under the listed ports:

port of ccnet server:         10001
port of seafile server:       12001
port of seafile httpserver:   8082
port of seahub:               8000

Please note that the sea hub service, which provides the web-end of the seafile server, needs to be started separately. 

root@jvr:/usr/share/seafile-server-3.0.3# ./seahub.sh

Ok, so far so good, everything should be up and running and you should be able to login via the web-interface on port 8000.

The next thing I’ve done was to create the links under /etc/init.d/ as follows and add both in the default run levels, so that the services fires up on a restart/start automatically:

root@jvr:/opt# cd /etc/init.d/
root@jvr:/etc/init.d# ln -s /usr/share/seafile-server-latest/seafile.sh .
root@jvr:/etc/init.d# ln -s /usr/share/seafile-server-latest/seahub.sh .
root@jvr:/etc/init.d# update-rc.d seafile.sh defaults
root@jvr:/etc/init.d# update-rc.d seahub.sh defaults

And now the tricky part. Since you might have noticed in my other blog entries [4],[5],[6] I am a bit security fanatic. Therefore I’d like to secure certain critical parts additionally. This time I’ll do this for the seafile web-service. So first I create an additional site within the apache configuration under /etc/apache2/sites-available/seafile with the following content:

<VirtualHost seafile.jvr.at:443>
       ServerName seafile.jvr.at 
       HostnameLookups Double                                             
       CustomLog /var/log/apache2/access.log combined env=!dontlog        
       SetEnvIf Request_URI "^/u" dontlog                                 
       ErrorLog /var/log/apache2/error.log                                
       Loglevel warn                                                      
       SSLEngine On                                                       
       SSLCertificateFile /etc/apache2/ssl/apache.pem                              
      <Proxy *>                                                          
          AuthUserFile /srv/seafile/.htpasswd                       
          AuthName EnterPassword                                     
          AuthType Basic                                              
          require user seafile_user                                        
          Order Deny,allow                                           
          Allow from all                                             
       ProxyPass / http://localhost:8000/                                 
       ProxyPassReverse / http://localhost:8000/                         

Now let’s create the htaccess file within the according directory:

root@jvr:~# mkdir /srv/seafile
root@jvr:~# cd /srv/seafile
root@jvr:/srv/seafile# htpasswd -cm /srv/seafile/.htpasswd seafile_user

Link the apache site to the sites-enabled and reload the apache service:

root@jvr:~# cd /etc/apache2/sites-enabled/
root@jvr:/etc/apache2/sites-enabled# ln -s ../sites-available/seafile .
root@jvr:/etc/apache2/sites-enabled# /etc/init.d/apache2 reload
* Reloading web server config apache2 [ OK ] 

And of course, disable the external access to the port 8000 on your firewall. Your web service should be now accessible with an extended htaccess security. Side note – since within certain companies certain ports are locked, it additionally enables you to access the service via https.

[1] Gizmodo.com, Which Tech Companies Protect Your Data From the Government?

[2] Seafile.com, Next-generation Open Source Cloud Storage

[3] github.com, Seafile: Deploy/Upgrade Seafile Server

[4] jvr.at, Basic Security for Linux Hosts 

[5] jvr.at, Book Review: The Cuckoo’s Egg

[6] jvr.at, Anonymous SSH over Tor and disconnect without a trace