Tagged: Debian

Install & Setup UFW on Debian 8 (Firewall)

iptables is old and terrible to interact with. UFW or Uncomplicated Firewall is easy and awesome.

Install

sudo apt-get install ufw

Setup Defaults (Incoming/Outgoing/SSH)

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh

Turn It On

sudo ufw enable

— More Info & Documentation —

Allow Connections

sudo ufw allow www
sudo ufw allow ftp
sudo ufw allow 80/tcp
sudo ufw allow 21/tcp

Deny Connections

sudo ufw deny www
sudo ufw deny 80/tcp

Deleting

sudo ufw delete allow ssh
sudo ufw delete allow 80/tcp
sudo ufw delete allow 1000:2000/tcp

Status

sudo ufw status
sudo ufw status verbose

Reset Everthing

sudo ufw reset

—–

Reference: https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

Linux chroot, jail or isolate SFTP user to a directory – Debian/Ubuntu – How-to

I’m assuming you are logged in as root.

!IMPORTANT!
The directory and its parent directories you assign to ChrootDirectory MUST be owned by root and assigned the group root. Otherwise SFTP clients will not be able to connect, access, upload or modify files and directories.

Install Open SSH Server

apt-get install openssh-server -y

chroot user

adduser USERNAME
passwd USERNAME

Edit SSH Server config

nano +77 /etc/ssh/sshd_config

Comment out & add

# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Chroot USERNAME to directory /var/www/html
Add to bottom of config & save file.

### Custom ###
Match User USERNAME
ChrootDirectory /var/www/html
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Restart SSH Server

service ssh restart

Linux Self-signed SSL Certificate & Setup on NGINX – Debian/Ubuntu – How-to

I like to organize my SSL certs inside my web server folder for easy access and organization. I also like to create sub-folders for each domain and name each certificate with its corresponding domain name (example: /etc/nginx/ssl/domain.com/domain.com.crt). You can organize and name your certs in any way you see fit.

*I assume you are logged in as root.
*Replace NAME with your host/domain name. Don’t forget the NGINX config as well!

Install OpenSSL

apt-get install -y openssl

Create SSL directories

mkdir /etc/nginx/ssl
mkdir /etc/nginx/ssl/NAME
cd /etc/nginx/ssl/NAME

Generate key

openssl genrsa -out "/etc/nginx/ssl/NAME/NAME.key" 2048

Create SSL request

openssl req -new -key "/etc/nginx/ssl/NAME/NAME.key" -out "/etc/nginx/ssl/NAME/NAME.csr"

Validate SSL request and create SSL certificate

openssl x509 -req -days 1825 \
    -in "/etc/nginx/ssl/NAME/NAME.csr" \
    -signkey "/etc/nginx/ssl/NAME/NAME.key" \
    -out "/etc/nginx/ssl/NAME/NAME.crt"

Setup NGINX

Add to NGINX host config

listen 443 ssl;
ssl_certificate     /etc/nginx/ssl/NAME/NAME.crt;
ssl_certificate_key /etc/nginx/ssl/NAME/NAME.key;

Or just use my config. It also includes a non-https redirect, just replace NAME with your host name. (VIEW CONFIG HERE).

wget --no-check-certificate -O /etc/nginx/sites-available/rutorrent-hostip-ssl https://raw.githubusercontent.com/internetbear/library/master/nginx/site-available/hostip-ssl

Install ruTorrent (Debian 8) NGINX, PHP-FPM, rTorrent – How-to

This is a diagram of my preferred setup that this tutorial will guide you through.

Install rTorrent, ruTorrent, NGINX PHP-FPM - Debian 8 (Jessie) - How-to

I assume you are logged in as root and running Debian 8 (Jessie).

Update available packages and upgrade your system.

apt-get update -y
apt-get upgrade -y

Create the user that will be running rtorrent. In this case the user will be ‘seedbox’.

adduser seedbox
passwd seedbox

Install rTorrent

I’m using my rTorrent config for this install. (VIEW CONFIG HERE).

apt-get install -y rtorrent unzip unrar-free mediainfo curl libav-tools screen
# avtools needs to be linked to ffmpeg for rTorrent
ln -s /usr/bin/avconv /usr/bin/ffmpeg
mkdir -p /home/seedbox/rtorrent/{.session,watch}
wget --no-check-certificate -O /home/seedbox/.rtorrent.rc https://raw.githubusercontent.com/internetbear/library/master/rtorrent/.rtorrent.rc
chown -R seedbox:seedbox /home/seedbox

Add rTorrent to startup

wget --no-check-certificate -O /etc/init.d/rtorrent https://github.com/internetbear/library/raw/master/rtorrent/init.d/rtorrent
chmod +x /etc/init.d/rtorrent
update-rc.d rtorrent defaults
/etc/init.d/rtorrent start

Install NGINX PHP-FPM and self-signed SSL certificate

I’m using my NGINX config for this install. In the commands and config replace NAME with your host name. (VIEW CONFIG HERE).

apt-get install -y nginx php5-fpm php5-cli php5-geoip apache2-utils openssl
wget --no-check-certificate -O /etc/nginx/sites-available/rutorrent-hostip-ssl https://raw.githubusercontent.com/internetbear/library/master/nginx/site-available/rutorrent-hostip-ssl
cd /etc/nginx/sites-enabled
rm default
ln -s ../sites-available/rutorrent-hostip-ssl
htpasswd -c /var/www/html/.htpasswd seedbox
chown www-data:www-data /var/www/html/.htpasswd
service nginx reload

Create SSL directories

mkdir /etc/nginx/ssl
mkdir /etc/nginx/ssl/NAME
cd /etc/nginx/ssl/NAME

Generate SSL key

openssl genrsa -out "/etc/nginx/ssl/NAME/NAME.key" 2048

Create SSL request

openssl req -new -key "/etc/nginx/ssl/NAME/NAME.key" -out "/etc/nginx/ssl/NAME/NAME.csr"

Validate SSL request and create SSL certificate

openssl x509 -req -days 1825 \
    -in "/etc/nginx/ssl/NAME/NAME.csr" \
    -signkey "/etc/nginx/ssl/NAME/NAME.key" \
    -out "/etc/nginx/ssl/NAME/NAME.crt"

Install ruTorrent

apt-get install -y git
git clone https://github.com/Novik/ruTorrent /var/www/html/rutorrent
wget --no-check-certificate -O /var/www/html/rutorrent/conf/config.php https://github.com/internetbear/library/raw/master/rutorrent/config.php
chown -R www-data:www-data /var/www/html/