This is the all-inclusive guide on installing a safe torrentflux
server. Tested on Ubuntu 8.04 Server and Debian Lenny. Using
torrentflux-b4rt edition.
1. Basic Security
You should perform these basic steps to secure your server.
1.1 SSH access
Change your root password:
# passwd
Create “normal” user account:
# adduser steffen
Change SSH port and disable root login:
# nano /etc/ssh/sshd_config"Port 2222"
"PermitRootLogin no"
Make shure you can login with the normal user account created in the
step before. Otherwise you will be locked out of your system.
Restart SSH:
# /etc/init.d/ssh restart
Now you can connect to your system with:
# ssh -p 2222 -l steffen xx.xx.xx.xx
Run “su” to get admin rights:
# su
1.2 Fail2Ban
Fail2Ban’s main function is to block selected IP addresses that may
belong to hosts that are trying to breach the system’s security. It
determines the hosts to be blocked by monitoring log files and bans any
host IP that makes too many login attempts or performs any other
unwanted action within a time frame defined by the administrator.
Install fail2ban:
# aptitude install fail2ban
Change the SSH port that fail2ban should monitor (same port you used during 1.):
# nano /etc/fail2ban/jail.conf[ssh]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
Restart fail2ban:
# /etc/init.d/fail2ban restart
2. Webserver setup
We will use Apache 2 as web server. But of course torrentflux-b4rt will also work on other web server (like lighttpd).
2.1 Install Apache
# aptitude install apache2
Open a brwoser and enter your IP
http://xx.xx.xx.xx
It should say “
It works!“.
2.2 SSL support
Installing and using SSL is optional. It will allow you to open the torrentflux webinterface threw a secure https connection.
# aptitude install openssl
Create a SSL certificate:
# mkdir /etc/apache2/ssl# openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
Answer the questions or just press enter on any prompt.
Create an SSL config file for Apache:
# nano /etc/apache2/sites-available/default-sslNameVirtualHost *:443
<VirtualHost *:443>
# SSL Options
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
# Webserver root
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
<Directory /var/www/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
</VirtualHost>
And open the default apache config file and change the first 2 lines to:
# nano /etc/apache2/sites-available/defaultNameVirtualHost *:80
<VirtualHost *:80>
Activate apache mod ssl:
# a2enmod ssl
Activate Apache default-ssl config file:
# a2ensite default-ssl
Restart Apache:
# /etc/init.d/apache2 restart
Now open a browser and go to:
https://xx.xx.xx.xx
You will get a certificate error (Secure Connection Failed) because
the certificate is self signed and not trusted. In Firefox you can add
an exception for this certificate so that firefox will not bother you
again. When you did that you will see “It works!” through a secure ssl
connection.
3. MySQL / PHPMyAdmin
The phpmyadmin let’s you create and change mysql databases with an easy-to-use web interface.
3.1 Install MySQL / PHPMyAdmin
# aptitude install mysql-server phpmyadmin
There will be a wizard to configure mysql/phpmyadmin. Here are the steps:
- password for the mysql root user: (create a new password)
- repeat password for the mysql root user: (repeat the new password)
- web server to reconfigure automatically: apache2
3.2 Configure a database for torrentflux-b4rt
Went into your phpmyadmin:
https://xx.xx.xx.xx/phpmyadmin orhttp://xx.xx.xx.xx/phpmyadmin
Login with your root credentials created in 3.1. On the center page
click on Privileges (Rights, Rechte). Under the table there is a link
called “Add new user”, click on it. Then fill out the forms:
Add new user:
- Username: b4rt (or another name)
- Host: localhost
- Password: (create a new password, note that it will be the same password you will later log in on your torrentflux-b4rt)
- Repeat the password:
Database for user:
- Check: Create database with the same name and give all privileges
Then click on OK in the lower right corner. Then there will be a note that the user was added.
4. Torrentflux-b4rt
Torrentflux-b4rt was originally based on the TorrentFlux BitTorrent controller written by Qrome, although has recently undergone
a major rewrite to allow transparent integration with a number of
transfer clients and protocols.
4.1 Prerequisites
# aptitude install bzip2 php5-cli php5-gd zip unzip unrar
libxml-dom-perl libxml-simple-perl libhtml-parser-perl
libdigest-sha1-perl bittorrent bittornado vlc-nox uudeview wget
4.2 Download and prepare torrentflux-b4rt
Create a temp directory where we can download and prepare torrentflux-b4rt:
# mkdir /home/steffen/temp
Change into that directory:
# cd /home/steffen/temp
Download torrentflux-b4rt:
# wget http://prdownload.berlios.de/tf-b4rt/torrentflux-b4rt_1.0-beta2.tar.bz2
(or alternativly from http://gunblade.fakap.net/doc/torrentflux-b4rt_1.0-beta2.tar.bz2)
Extract it:
# tar xjvf torrentflux-b4rt_1.0-beta2.tar.bz2 # cd torrentflux-b4rt_1.0-beta2
Copy the “html” folder to the web root:
# cp -R html /var/www/b4rt
Change owner:
# chown -R www-data:www-data /var/www/b4rt/inc/config/
Create a download directory:
# mkdir /var/b4rt/# chown www-data:www-data /var/b4rt/
4.3 Install torrentflux-b4rt
Open your new torrentflux-b4rt website:
https://xx.xx.xx.xx/b4rt orhttp://xx.xx.xx.xx/b4rt
There will be a wizard to guide you threw the installation:
- select type of database: MySQL
- enter your MySQL database settings below: (as created in 3.2)
Host: localhost
Name: b4rt
Username: b4rt
Password:
UNCHECK the “Create Database” option! CHECK the “Use Persistent Connection” option.
Follow the wizard… (next, next, next …)
- Server Settings
User Download Path: /var/b4rt (as created in 4.2)
- Check System Tools
Ignore the “NOT FOUND” on “cksfv”. Continue. Next …
- Setup Completed
Delete the
/var/www/b4rt/setup.php:# rm /var/www/b4rt/setup.php
4.4 Finish the installation
https://xx.xx.xx.xx/b4rt orhttp://xx.xx.xx.xx/b4rt
Login with your credentials (user, password).
You will see the Admin – Server Settings page. There will be a red
“lamp” on “transmissioncli” and “cksfv”. Ingnore that, you are good to
go. If you want to use transmission as bittorrent client have a look at
the bottom of this instructions. Press “Update Settings”. Then click on
“Home” in the menu at the top of the page.
No comments:
Post a Comment
If you have any suggestion or clarification you send it via on this form.