Based on all the NSA sniffing and the recent article about who provides whom which information  I decided to set-up my own cloud on my private server. And actually – it was surprisingly easy! Searching around the internet seafile  seemed to be the most appropriate solution, since it is open-source, provides a nice web interface and actually has a client for all common operating system and devices.
So log in at the server – get root and download the server via wget:
root@jvr:~# wget https://bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz
--2014-05-18 16:26:06-- https://bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz
Resolving bitbucket.org... 184.108.40.206, 220.127.116.11
Connecting to bitbucket.org|18.104.22.168|:443... connected.
HTTP request sent, awaiting response... 302 FOUND
Location: http://cdn.bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz [following]
--2014-05-18 16:26:07-- http://cdn.bitbucket.org/haiwen/seafile/downloads/seafile-server_3.0.3_x86-64.tar.gz
Resolving cdn.bitbucket.org... 22.214.171.124, 126.96.36.199, 188.8.131.52, ...
Connecting to cdn.bitbucket.org|184.108.40.206|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18399709 (18M) [application/x-tar]
Saving to: `seafile-server_3.0.3_x86-64.tar.gz'
100%[============================================================================================>] 18,399,709 51.0M/s in 0.3s
2014-05-18 16:26:07 (51.0 MB/s) - `seafile-server_3.0.3_x86-64.tar.gz' saved [18399709/18399709]
Of course now we have to unzip the file:
root@jvr:~# tar xzf seafile-server_3.0.3_x86-64.tar.gz
root@jvr:~# cd seafile-server-3.0.3/
So just before we install, there are some packages which are required. For my system I needed to install the following additional packages:
root@jvr:~# apt-get install python python-setuptools python-simplejson python-imaging
If there is anything else missing, seafile will anyway note it during the installation, so no need to panic. So let’s get to the installation itself:
Follow the installation instructions – it should be quite straight forward. If you face any issue, the Seafile wiki  should be quite helpful. I installed the seafile server under /usr/share/ while I keep the data storage under /opt/seafile-data. If everything goes fine, the seafile server should be running with the following services under the listed ports:
port of ccnet server: 10001
port of seafile server: 12001
port of seafile httpserver: 8082
port of seahub: 8000
Please note that the sea hub service, which provides the web-end of the seafile server, needs to be started separately.
Ok, so far so good, everything should be up and running and you should be able to login via the web-interface on port 8000.
The next thing I’ve done was to create the links under /etc/init.d/ as follows and add both in the default run levels, so that the services fires up on a restart/start automatically:
root@jvr:/opt# cd /etc/init.d/
root@jvr:/etc/init.d# ln -s /usr/share/seafile-server-latest/seafile.sh .
root@jvr:/etc/init.d# ln -s /usr/share/seafile-server-latest/seahub.sh .
root@jvr:/etc/init.d# update-rc.d seafile.sh defaults
root@jvr:/etc/init.d# update-rc.d seahub.sh defaults
And now the tricky part. Since you might have noticed in my other blog entries ,, I am a bit security fanatic. Therefore I’d like to secure certain critical parts additionally. This time I’ll do this for the seafile web-service. So first I create an additional site within the apache configuration under /etc/apache2/sites-available/seafile with the following content:
CustomLog /var/log/apache2/access.log combined env=!dontlog
SetEnvIf Request_URI "^/u" dontlog
require user seafile_user
Allow from all
ProxyPass / http://localhost:8000/
ProxyPassReverse / http://localhost:8000/
Now let’s create the htaccess file within the according directory:
root@jvr:~# mkdir /srv/seafile
root@jvr:~# cd /srv/seafile
root@jvr:/srv/seafile# htpasswd -cm /srv/seafile/.htpasswd seafile_user
Link the apache site to the sites-enabled and reload the apache service:
root@jvr:~# cd /etc/apache2/sites-enabled/
root@jvr:/etc/apache2/sites-enabled# ln -s ../sites-available/seafile .
root@jvr:/etc/apache2/sites-enabled# /etc/init.d/apache2 reload
* Reloading web server config apache2 [ OK ]
And of course, disable the external access to the port 8000 on your firewall. Your web service should be now accessible with an extended htaccess security. Side note – since within certain companies certain ports are locked, it additionally enables you to access the service via https.
 Gizmodo.com, Which Tech Companies Protect Your Data From the Government?
 Seafile.com, Next-generation Open Source Cloud Storage
 github.com, Seafile: Deploy/Upgrade Seafile Server
 jvr.at, Basic Security for Linux Hosts
 jvr.at, Book Review: The Cuckoo’s Egg
 jvr.at, Anonymous SSH over Tor and disconnect without a trace