Setup SSL (https) for ownCloud (info.dump)

Here is another info.dump with directions on how to setup SSL on your ownCloud server.  This will greatly improve the security of your server by not allowing an attacker to intercept your password in plain text over the internet. If you are going to be using the ownCloud outside of a private LAN, this is a must!

NOTE: Most of these directions where found here on the ‘Ubuntu Server Guide’ site…

http://ubuntuserverguide.com/2013/04/how-to-setup-owncloud-server-5-with-ssl-connection.html

Server is assumed to be running Linux (Ubuntu 12.04).

Change to ‘root’:
sudo -i

Edit file /etc/apache2/sites-enabled/000-default,  change AllowOverride None to AllowOverride All.

You should edit the section of the file to looks like this:
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride All

You will need to enable apache module mod_rewrite, mod_headers and mod_ssl to enable both modules use the following command:
a2enmod rewrite && a2enmod headers && a2enmod ssl

Restart apache2 daemon:
service apache2 restart

Edit the configuration file /ect/ssl/openssl.cnf:
Change the following lines in the document with the following information:

dir = /root/SSLCertAuth
default_days = 3650
default_bits = 2048
countryName_default = US
0.organizationName_default = "Organization Name"

Create Directory to save the SSL Certificate Authority, in this case make the directory name SSLCertAuth:

mkdir /root/SSLCertAuth
chmod 700 /root/SSLCertAuth
cd /root/SSLCertAuth
mkdir certs private newcerts
echo 1000 > serial
touch index.txt

To generate the Certificate Authority (CA) run the following:
Note: Be sure to enter in your PEM passphrase and log it in a secure location. Also, you should make sure that you fill in the correct information for your cert. The common name will be your sites external site address.

openssl req -new -x509 -days 3650 -extensions v3_ca \
-keyout private/cakey.pem -out cacert.pem \
-config /etc/ssl/openssl.cnf

Create a Certificate Signing Request:

openssl req -new -nodes \
-out apache-req.pem \
-keyout private/apache-key.pem \
-config /etc/ssl/openssl.cnf

Generate the certificate:

openssl ca \
-config /etc/ssl/openssl.cnf \
-out apache-cert.pem \
-infiles apache-req.pem

Copy the files to directory /etc/ssl:

mkdir /etc/ssl/crt
mkdir /etc/ssl/key
cp /root/SSLCertAuth/apache-cert.pem /etc/ssl/crt
cp /root/SSLCertAuth/private/apache-key.pem /etc/ssl/key

Configure HTTPS apache2 web server, create the SSL log and create a new file /etc/apache2/conf.d/owncloud5-ssl.conf to add the SSL virtualhost:

mkdir/var/www/logs
touch /etc/apache2/conf.d/owncloud5-ssl.conf

Edit the file with the following info:

ServerName "Server IP"
SSLEngine on
SSLCertificateFile /etc/ssl/crt/apache-cert.pem
SSLCertificateKeyFile /etc/ssl/key/apache-key.pem
DocumentRoot /var/www/owncloud
CustomLog /var/www/logs/ssl-access_log combined
ErrorLog /var/www/logs/ssl-error_log

Restart the apache2 server:

service apache2 restart

That is it! Now goto your ownCloud page with https:// and you should have a secure connection!

NOTES:

  • You will need to make sure that you have your NAT forwarding port 443 to your server to allow the secure traffic to reach it.
  • If this does not work (EX. You dont get a webpage) you may need to make sure that you have the correct info entered in the /etc/apache2/conf.d/owncloud5-ssl.conf under DocumentRoot /var/www/owncloud. I have seen this location possibly be different if you did not install using the ownCloud repo (see me other post on installing ownCloud for the right way to do it: http://atari911.com/2013/07/29/install-owncloud-info-dump/).
  • You will see a red X over the https://. This is because we are using a “self signed certificate” and it was not verified with a trusted authority. All this means is that the world wide web does not trust you because you are not a big, money hungry corporation. This message can be safely ignored because if you cant trust yourself, who can you trust?

Install ownCloud (info.dump)

Here is a quick info.dump that lays out the commands required for installation of ownCloud 5.0.x on a server running Ubuntu 12.04.

Run the following as root (EX sudo -i):

Add the repository key to apt:
wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/Release.key
apt-key add - < Release.key

Add the PPA:
echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/ /' >> /etc/apt/sources.list.d/owncloud.list

Install:
sudo apt-get update
sudo apt-get install owncloud

That is about it!

Notes:
./var/www/owncloud/data is where the info is stored.
./var/www/owncloud/config/config.php is where the configuration file is located.

Check active internet connections

Every once in a while I will notice the network light on my laptop is flashing when I am not doing anything that I know of online that would cause this. Wouldn’t it be nice to be able to see what programs are communicating with the network?

By using the ‘netstat’ command you can! Just use the following switches to get a nice list of what programs are communicating with what remote server and on what port:

netstat -tunp

You should get an output similar to this:
outputofnetstat

PLEX Media Server

I recently setup PLEX on my home media server. Here I will go over the setup and configuration required to allow PLEX to serve your media files and then push them to your Roku for TV viewing.

There where a few things to note about PLEX:

* I could find no solution for adding authentication to your PLEX server. This means I would not recommend that you point your PLEX server to the outside world. If you do, anyone who knows your IP address could brows and watch your media. Also, this may open up a plethora of attack vectors to your server.

* PLEX is a great solution if you have a ‘headless’ server. Headless means that you only have the server connected via network connection and do not have a monitor attached. In this case I would connect the PLEX server to something like a Roku box (http://www.roku.com).

* It is very important to the PLEX server how you organize your media. Once setup (see below), PLEX does an excellent job of searching various databases for media information and it displays that information seamlessly. Once everything is configured it does all the work for you.

This being said I am going to go over how to install PLEX on an Ubuntu 12.10 (Most other versions of Ubuntu and flavors of Linux should be similar, if not the same) configure it and organize your media files.

Install PLEX:

Installation of PLEX as a breeze because they support Linux from the start so no compiling of source code is required. They also make it easy for Debian based distributions (EX Ubuntu) by including a .deb on their site.

First thing you will want to do is download the package:

Version 0.9.7.28.3 64-bit: 
wget http://plex.r.worldssl.net/plex-media-server/0.9.7.28.33-f80a4a2/plexmediaserver_0.9.7.28.33-f80a4a2_amd64.deb

Version 0.9.7.28.3 32-bit:
wget http://plex.r.worldssl.net/plex-media-server/0.9.7.28.33-f80a4a2/plexmediaserver_0.9.7.28.33-f80a4a2_i386.deb

NOTE: They also have RPM packages for CentOS and Fedora available on the site: http://www.plexapp.com/getplex/

Now that you have the package downloaded on your server you are going to want to install that package:

dpkg -i <package.deb>
Where <package.deb> is the name of the package you downloaded.

This will install the PLEX server onto your system. That’s really all there is to it.

Configuration of PLEX:

Once PLEX is installed on your server you can check to make sure it is running, as well as configure the server by pointing your browser to:

http://localhost:32400/web/index.html

To begin adding content to your PLEX server you will have to point the server to where you have your media stored. You can do this by going to the “My Library” section at the top of the page and clicking on the “+” sign to path a location. When you press the “+” button you will be presented with the following window:
 
1_PLEX Add Library Section
It is important here to point out the different options that you are able to select because each option will tell the server what ‘type’ of media is stored at the location.

For instance, if you point the Movies section of the PLEX server to a folder that contains all of your Simpsons episodes, the server will not display the media in the correct format. It will think that every episode is a movie and will attempt to download movie information about each episode and fail, leaving you with a mess of content and no media info.

You can refer to the Wiki to get a good idea of the proper naming conventions here:
http://wiki.plexapp.com/index.php/Media_Naming_and_Organization_Guide

Once I pointed PLEX’s “Movies” option to the folder that contained all my movies, it picked it up and automatically added the meta data without any special re-naming of the actual sub-folders or video files.

Also, PLEX has dealt with just about every video format and container that I have thrown at it without a problem.