Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
virtualisation:file-server [2018/02/26 10:28]
buettner
virtualisation:file-server [2022/02/16 10:50] (current)
schmitt
Line 1: Line 1:
-!!!!! UNDER CONSTRUCTION !!!!! +====== ​How to set up a File Server ======
-====== ​NB2800 ​File Server ======+
  
-This Article describes how to install a file server on the NB2800 router+This Article describes how to install a file server on NetModule Routers. Most but not all routers support LXC-Containers,​ please check first.
  
-If you need instructions on how to set up a LXC Container on NB2800 Routers, you can refer to this page: [[http://​wiki.netmodule.com/​app-notes/​virtualisation]]. 
  
-In this setup, ​three programs are installes which gives you different ways to transfer files to your router. In addition, a way is shown to transfer files from an USB stick to your container:+This setup contains the installation and configuration of the vsftpd FTP serverthe Net2FTP web frontend for vsftpd, and Samba shares. In addition, a way is shown to transfer files from an USB stick to your container:
  
 ==== 1) Preparations ==== ==== 1) Preparations ====
  
-The first step you should take is to give your router a static IP adress. For this, use  
-<​code>​ 
-nano /​etc/​network/​interfaces 
-</​code>​ 
-and set up a static IP configuration for your primary interface. In this example, the configuration for the eth0 interface looks like this: 
-<​konsole>​ 
-auto eth0 
-iface eth0 inet static 
-address 192.168.1.50 
-netmask 255.255.255.0 
-network 192.168.1.0 
-broadcast 192.168.1.255 
-gateway 192.168.1.105 
-dns-nameservers 192.168.1.105 
-</​konsole>​ 
  
-After that, use +The first step you should take is to use 
 <​code>​ <​code>​
 apt-get update apt-get update
Line 41: Line 24:
  
 Now enter the IP address and the domain name you want it linked to and click "​Apply"​ Now enter the IP address and the domain name you want it linked to and click "​Apply"​
-{{ :​virtualisation:​local_domain_lxc2.png?​nolink&​600 |}}+{{ :​virtualisation:​dns0.png?​nolink&​600 |}}
  
  
 After this, your configuration should look like this: After this, your configuration should look like this:
  
-{{ :​virtualisation:​local_domain_lxc.png?​nolink&​600 |}}+{{ :​virtualisation:​dns.png?​nolink&​600 |}}
  
 Now you can access the file server with both its IP address a its local domain name. Now you can access the file server with both its IP address a its local domain name.
Line 64: Line 47:
 adduser ftpuser --shell /bin/false/ adduser ftpuser --shell /bin/false/
 </​code>​ </​code>​
 +and give this new user a password with which you can later login to your FTP server: 
 +<​code>​ 
 +passwd ftpuser 
 +</​code>​
 In the next step, the new non-existing shell must be told to the system. To do this, enter In the next step, the new non-existing shell must be told to the system. To do this, enter
 <​code>​ <​code>​
Line 86: Line 72:
 </​code>​ </​code>​
 to create a pair of keys. In this configuration,​ these keys have a 2048bit strong encryption and a runtime of 365 days, but you can change these setting on your needs. to create a pair of keys. In this configuration,​ these keys have a 2048bit strong encryption and a runtime of 365 days, but you can change these setting on your needs.
 +
 +<​konsole>​
 +root@LXC_MEDIA:​~#​ openssl req -x509 -nodes -days 365 -newkey rsa:​2048 ​ -keyout /​etc/​ssl/​private/​vsftpd.key -out /​etc/​ssl/​private/​vsftpd.pem
 +Generating a 2048 bit RSA private key
 +...........................................................................+++
 +............................................+++
 +writing new private key to '/​etc/​ssl/​private/​vsftpd.key'​
 +-----
 +You are about to be asked to enter information that will be incorporated
 +into your certificate request.
 +What you are about to enter is what is called a Distinguished Name or a DN.
 +There are quite a few fields but you can leave some blank
 +For some fields there will be a default value,
 +If you enter '​.',​ the field will be left blank.
 +-----
 +Country Name (2 letter code) [AU]:DE
 +State or Province Name (full name) [Some-State]:​Hessen
 +Locality Name (eg, city) []:Eschborn
 +Organization Name (eg, company) [Internet Widgits Pty Ltd]:​NetModule GmbH
 +Organizational Unit Name (eg, section) []:Test
 +Common Name (e.g. server FQDN or YOUR name) []:​mediacontainer.local
 +Email Address []:
 +root@LXC_MEDIA:​~#​
 +</​konsole>​
 +
 +While the certificates are created, you can answer every question as you wish, but be aware that at "​common name", you enter the name of your (local) domain on your router, otherwise clients using these certificates will provide an error message.
 +
  
 The main configuration of vsftpd is made in the /​etc/​vsftpd.conf file. Here you can see a exemplary configuration:​ The main configuration of vsftpd is made in the /​etc/​vsftpd.conf file. Here you can see a exemplary configuration:​
Line 93: Line 106:
 local_root=/​home/​Media local_root=/​home/​Media
 allow_writeable_chroot=YES allow_writeable_chroot=YES
-force_ssl_enable=YES+#force_ssl_enable=YES
 force_local_data_ssl=YES force_local_data_ssl=YES
 force_local_logins_ssl=YES force_local_logins_ssl=YES
Line 118: Line 131:
 </​konsole>​ </​konsole>​
 You can also add more users to let them get access to the FTP server. Be aware that this setting is depending on your configuration of the /​etc/​vsftpd.conf file. You can also add more users to let them get access to the FTP server. Be aware that this setting is depending on your configuration of the /​etc/​vsftpd.conf file.
 +
  
 ==== 3) Net2FTP ==== ==== 3) Net2FTP ====
  
-Net2FTP ([[https://​www.net2ftp.com/​|Homepage]]is a web interface for FTP servers. With this, you can up-and download files to your server just with your web browser and without the need of additional tools like FileZilla.+[[https://​www.net2ftp.com/​|Net2FTP]] is a web interface for FTP servers. With this, you can up-and download files to your server just with your web browser and without the need of additional tools like FileZilla.
  
-First, you have to download the Software from this  [[https://​www.net2ftp.com/​homepage/​download.html|Site]] (net2ftp_v1.1.zip, 6MB). After unzipping the folder, you now have a folder named "​filed_to_upload"​. Rename this folder to a name you want to access your file server later (e.g. FTPserver).+First, you have to download the Software from this  [[https://​www.net2ftp.com/​index.php?​state=homepage&​state2=3|Site]] (net2ftp_v1.3.zip, 6MB). After unzipping the folder, you now have a folder named "​filed_to_upload"​. Rename this folder to a name you want to access your file server later (e.g. FTPserver).
  
 In the next step, you have to install a web server and PHP in your container: In the next step, you have to install a web server and PHP in your container:
Line 131: Line 145:
 </​code>​ </​code>​
  
--Ordner "​FTP"​ in Webserver-Verzeichnis ​(/​var/​www/​html) ​hochgeladen+After this, upload your downloaded and renamed folder to your web servers default location ​(e.g. /​var/​www/​html). Now you can access the FTP server over the name of this folder (For example, if your domain is mediacontainer.local and you renamed the folder to ftpserver, you can access it via http://​mediacontainer.local/​ftpserver).
  
----nano /​var/​www/​html/​upload/​settings.inc.php: ​(geändert)+You also have to change the rights of the temp folder in your uploaded folder. Fot this, go to this folder and type 
 +<​code>​ 
 +chmod 777 temp 
 +</​code>​ 
 + 
 +Now you can also configure some settings to improve the performance of your system, especially with the size of files you want to upor download. 
 + 
 +The first setting is in the net2ftp files itself. Enter  
 +<​code>​ 
 +nano /​var/​www/​html/​ftpserver/​settings.inc.php 
 +</​code>​ 
 +Here you can change the parameters you want, in this example the following setting were changed: 
 +<code c /​var/​www/​html/​ftpserver/​settings.inc.php>​
 $net2ftp_settings["​max_filesize"​] ​ = "​10000000000";​ $net2ftp_settings["​max_filesize"​] ​ = "​10000000000";​
 $net2ftp_settings["​check_consumption"​] = "​no";​ $net2ftp_settings["​check_consumption"​] = "​no";​
 +</​code>​
  
----nano /​etc/​php/​7.0/​apache2/​php.ini ​(geändert):+The next setting are made in the web server (Apache) settings. Enter 
 +<​code>​ 
 +nano /​etc/​php/​7.0/​apache2/​php.ini 
 +</​code>​ 
 +and change the following settings: 
 +<code c /​etc/​php/​7.0/​apache2/​php.ini>​
 upload_max_filesize = 10G upload_max_filesize = 10G
 post_max_size = 11G post_max_size = 11G
Line 143: Line 175:
 max_execution_time = 9600 max_execution_time = 9600
 max_input_time = 3600 max_input_time = 3600
- +</​code>​ 
----nano ​/​etc/​apache2/​apache2.conf ​(hinzugefügt):+  ​ 
 +The last settings have to be made in the /​etc/​apache2/​apache2.conf ​file: 
 +<code c /​etc/​apache2/​apache2.conf>​
 LimitRequestBody 0  LimitRequestBody 0 
 +</​code>​
 +  ​
 +Now restart your web server with
 +<​code>​
 +/​etc/​init.d/​apache2 restart
 +</​code>​
  
----/​etc/​init.d/​apache2 restart 
  
 ==== 4) The samba file server ==== ==== 4) The samba file server ====
  
----apt-get install ​samba-common samba tdb-tools+With samba, you can easily share your folders and files from other computers with Windows, Linux or macOS installed.
  
----smbpasswd -a ftpuser +In the first step, install the samba server with some additional tools: 
-Passwort: mediac0ntr0l+<​code>​ 
 +apt-get install samba-common samba tdb-tools 
 +</​code>​
  
 +If you want, you can create a new user for logging in to the server, but you can also use the ftpuser created earlier for the use with samba. In this case, you have to set a new password for him:
 +<​code>​
 +smbpasswd -a ftpuser
 +</​code>​
  
----nano ​/​etc/​samba/​smb.conf ​(Hinzufügen am Ende)+The main configuration file for samba is the /​etc/​samba/​smb.conf. Here you can set up folders where your files shall be stored at after the upload. In this example, the folders created earlier a used for this. 
 +Open the file with an editor of your choice and add the following lines at its end: 
 +<code c c/​etc/​samba/​smb.conf>
 [Fotos] [Fotos]
 path = /​home/​Media/​Bilder path = /​home/​Media/​Bilder
Line 169: Line 216:
 path = /​home/​Media/​Musik path = /​home/​Media/​Musik
 writeable = yes writeable = yes
----EOF---+</​code>​
  
----testparm+After you finished your setup, type 
 +<​code>​ 
 +testparm 
 +</​code>​ 
 +to check if your samba configuration contains any errors. 
 + 
 +<​konsole>​ 
 +root@LXC_MEDIA:/#​ testparm 
 +Load smb config files from /​etc/​samba/​smb.conf 
 +rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) 
 +WARNING: The "​syslog"​ option is deprecated 
 +Processing section "​[homes]"​ 
 +Processing section "​[printers]"​ 
 +Processing section "​[print$]"​ 
 +Processing section "​[Fotos]"​ 
 +Processing section "​[Videos]"​ 
 +Processing section "​[Musik]"​ 
 +Loaded services file OK. 
 +Server role: ROLE_STANDALONE 
 + 
 +Press enter to see a dump of your service definitions 
 + 
 +# Global parameters 
 +[global] 
 +        log file = /​var/​log/​samba/​log.%m 
 +        max log size = 1000 
 +        syslog = 0 
 +        panic action = /​usr/​share/​samba/​panic-action %d 
 +        usershare allow guests = Yes 
 +        map to guest = Bad User 
 +        obey pam restrictions = Yes 
 +        pam password change = Yes 
 +        passwd chat = *Enter\snew\s*\spassword:​* %n\n *Retype\snew\s*\spassword:​* %n\n *password\supdated\ssuccessfully* . 
 +        passwd program = /​usr/​bin/​passwd %u 
 +        server role = standalone server 
 +        unix password sync = Yes 
 +        dns proxy = No 
 +        idmap config * : backend = tdb 
 + 
 + 
 +[homes] 
 +        comment = Home Directories 
 +        browseable = No 
 +        create mask = 0700 
 +        directory mask = 0700 
 +        valid users = %S 
 + 
 + 
 +[printers] 
 +        comment = All Printers 
 +        path = /​var/​spool/​samba 
 +        browseable = No 
 +        printable = Yes 
 +        create mask = 0700 
 + 
 + 
 +[print$] 
 +        comment = Printer Drivers 
 +        path = /​var/​lib/​samba/​printers 
 + 
 + 
 +[Fotos] 
 +        path = /​home/​Media/​Bilder 
 +        read only = No 
 + 
 + 
 +[Videos] 
 +        path = /​home/​Media/​Videos 
 +        read only = No 
 + 
 + 
 +[Musik] 
 +        path = /​home/​Media/​Musik 
 +        read only = No 
 +</​konsole>​ 
 + 
 +In the last step, type 
 +<​code>​ 
 +service smbd restart 
 +</​code>​ 
 +to restart the samba server. 
 + 
 +To add the shared folders to your Windows machine, go to "This PC (Arbeitsplatz)"​ and click on "Add a network location (Netzwerkadresse hinzufügen)"​. 
 +{{ :​virtualisation:​samba_einbinden_windows_1.png?​nolink&​600 |}} 
 + 
 +In the next window, click on "​Choose a custom network location (Eine benutzerdefinierte Netzwerkadresse hinzufügen). 
 +{{ :​virtualisation:​samba_einbinden_windows_2.png?​nolink&​600 |}} 
 + 
 +Now enter the address of your shared folder in the form "​\\IP_Adress_or_domain_name\shared_folder"​. 
 +{{ :​virtualisation:​samba_einbinden_windows_3.png?​nolink&​600 |}} 
 + 
 +In the next window, enter a name for your shared folder. 
 +{{ :​virtualisation:​samba_einbinden_windows_4.png?​nolink&​600 |}} 
 + 
 +Now click on "​Finish"​ and your shared folder is accessible over your Windows machine. 
 +{{ :​virtualisation:​samba_einbinden_windows_5.png?​nolink&​600 |}} 
 + 
 +{{ :​virtualisation:​samba_einbinden_windows_6.png?​nolink&​600 |}}
  
----service smbd restart 
  
 ==== 5) transfer files with an USB Stick ==== ==== 5) transfer files with an USB Stick ====
-:!: In der NB2800-UI zunächst die USB-Funktion aktivieren: 
-Interfaces - USB - Administration - enabled 
-    -"​-  ​     - Autorun - enabled 
--hier sollte man sich die autorun.key-Datei herunterladen. Diese enthält den Hash-Wert des Passworts, mit dem man sich auf dem Router angemeldet hat; sie ist also notwendig, um den Besitzer des USB-Sticks als zum Ausführen von Aktionen berechtigt zu identifizieren. 
  
-:!: Diese autorun.key-Datei muss zusammen mit einer autorun.sh-Datei auf dem USB-Stick gespeichert werden.+The next possibelity to copy files to your router is by using an USB Stick. 
 +For this, go to  Interfaces ​-USB -> Administration and set the "​Administrative status"​ on "​enabled"​. 
 +{{ :​virtualisation:​usb_1.png?​nolink&​600 |}}
  
-:!FAT16 oder FAT32+Next, go to "​Autorun"​ and again set the Administrative status on "​enabled"​. Also, download the "​autorun.key"​ file from this site. 
 +{{ :virtualisation:usb_2.png?​nolink&​600 |}} 
 +This file contains the hash values of the password the user uses to login to the router. So this file is necessary automatically run actions with root level access. 
 + 
 +In the next step you have to create the "​autorun.sh"​ file. This file contains the tasks which are run when the stick is plugged into the router. To create this file under windows, open the Editor, create a new file and fill it with the code you want it to run. Then, go to "Save As", enter "​autorun.sh"​ under "File Name" and make sure you choose "All Files" under "Save as type". Also, make sure u select "​UTF-8"​ in the Encoding drop-down menu. Now click on "​Save"​ to save the file. 
 + 
 +{{ :​virtualisation:​autorun.sh_erstellen.png?​nolink&​600 |}} 
 + 
 +In this example, files located in folders on the stick (Video-trans,​ Audio-trans,​ Bilder-trans) are copied to folders inside of the LXC Container (/​home/​Media/​Videos Bilder Musik). Existing files are being ignored. The /​mnt/​media/​autorun path is the path where the USB stick is mounted to; be aware that this path is not changeable.
  
--Dateien auf dem Stick werden auf den Router kopiert wobei existente Dateien ignoriert werden. 
 <​konsole>​ <​konsole>​
 rsync -arv --ignore-existing /​mnt/​media/​autorun/​Video-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Videos rsync -arv --ignore-existing /​mnt/​media/​autorun/​Video-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Videos
 rsync -arv --ignore-existing /​mnt/​media/​autorun/​Audio-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Musik rsync -arv --ignore-existing /​mnt/​media/​autorun/​Audio-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Musik
 rsync -arv --ignore-existing /​mnt/​media/​autorun/​Bilder-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Bilder rsync -arv --ignore-existing /​mnt/​media/​autorun/​Bilder-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Bilder
- 
 </​konsole>​ </​konsole>​
  
--Die Ordnerinhalte auf dem Router werden 1:1 mit den Ordnern auf dem Stick synchronisiert. D.h. wenn eine Datei auf dem Stick gelöscht wird wird sie auch auf dem Router glöscht usw. +In the second example, all files in the container will be replaced by the files stored on the USB stick. You will get an one-to-one copy of your USB stick:
 <​konsole>​ <​konsole>​
 rsync -arv --delete /​mnt/​media/​autorun/​Video-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Videos rsync -arv --delete /​mnt/​media/​autorun/​Video-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Videos
Line 199: Line 346:
 rsync -arv --delete /​mnt/​media/​autorun/​Bilder-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Bilder rsync -arv --delete /​mnt/​media/​autorun/​Bilder-trans/​ /​mnt/​storage1/​lxc/​guest1/​home/​Media/​Bilder
 </​konsole>​ </​konsole>​
 +
 +Now format an USB stick to the FAT16 oder FAT32 file format. Copy to it the "​autorun.key"​ file together with the "​autorun.sh"​ file and the files/​folders you want to transfer.
 +<​konsole>​
 +/​mnt/​media/​autorun $ ls -lh
 +drw-r--r-- ​   2 root     ​root ​       8.0K Feb  1 10:46 Audio-trans
 +drw-r--r-- ​   2 root     ​root ​       8.0K Feb  1 10:47 Bilder-trans
 +drw-r--r-- ​   2 root     ​root ​       8.0K Feb  1 13:25 System Volume Information
 +drw-r--r-- ​   2 root     ​root ​       8.0K Feb  1 16:46 Video-trans
 +-rw-r--r-- ​   1 root     ​root ​         65 Feb  1 11:21 autorun.key
 +-rw-r--r-- ​   1 root     ​root ​        286 Feb  1 16:44 autorun.sh
 +
 +</​konsole>​
 +
 +If you now plug in the stick into the router, the stick is mounted to the file system and all tasks from the "​autrorun.sh"​ file are run.
 +
 +