The Making of me.chschmid.com, Part 5: Server Configuration

With the base OS up and running it’s time to install and configure all the services. By the way it is important that the server is not connected to the Internet directly yet. – Working behind a router is ok. You just don’t want that out your server can be accessed via the web already.

server

SSH

SSH is a secure way of accessing your machine from anywhere. You can transfer files, run commands, tunnel services and probably much more using SSH in an easy and encrypted way. After the server installation SSH is running already. But I did some modifications to the config file “/etc/ssh/sshd_config” to make it even more secure. Basically I added one line

AllowUsers christian cs-git

to only allow incoming connections for those two users. Restarting the ssh daemon can be done via

sudo service ssh restart

Apache

I don’t want my machine to be accessible via HTTP, but only through the more secure HTTPS. So I configured port 80 to redirect to 443 and enabled https. I also added the following lines to my https config file

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
SSLCompression Off

to make the encryption more robust. – You can check how robust your encryption is via https://sslcheck.globalsign.com.The apache server can be restarted again via

sudo service apache2 restart

Owncloud

… can be installed easily via an opensuse repository at http://software.opensuse.org/download/package?project=isv:ownCloud:community&package=owncloud. The configuration works via the web interface https://localhost/owncloud.

In my case I just transfered the complete database from my old machine to the new server.

Samba Server

The Samba Server is used to share files locally, so that I can download the music files stored on the server from my tablet whenever I am in my local network and stuff. – Again Samba should be installed already and only needs to be configured. I added

[media]
    comment = Media
    path = /home/media
    browsable = yes
    guest ok = yes
    writeable = no
    write list = media
    force group = media
    create mask = 0775

to my “/etc/samba/smb.conf” to share what is in the /home/media folder and allowed following symlinks

follow symlinks = yes

I forgot of course I also created a user media using “sudo adduser media”. I again restarted smbd and nbmd

sudo service smbd restart
sudo service nmbd restart

Squeezebox Server

I use this system to stream my audio across multiple devices (including my Raspberry Pi). To install the server run

sudo add-apt-repository "deb http://debian.slimdevices.com stable main"
sudo apt-get update
sudo apt-get install logitechmediaserver

Misc

I also installed and configured the following things

  • A vncserver (x11vnc)
  • The Plex Media Server (can be found in Ubuntu’s repositories)

Im glad you made it to the end of this rather boring post, but that is what servers are all about: Running boring stuff in the background that makes our lives easier and more connected.

One thought on “The Making of me.chschmid.com, Part 5: Server Configuration

  1. Pingback: The Making of me.chschmid.com, Part 6: Connection to the World | Christian M. Schmid

Leave a Reply

Your email address will not be published. Required fields are marked *