Category Archives: HomeLab

Setting up a simple DNS server

Right after I’ve configured the FTP server, I wanted to be able to “name” my server and so I’ve installed a lightweight DNS server. (context: previous article)

dnsmasq is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN.”

I’ve chosen this over the bind 9 dns server because it was very easy to setup, I almost got it right the first time.

To install and configure dnsmasq, you’d usually do the following:

# On Ubuntu
sudo apt-get install dnsmasq
sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

And override /etc/dnsmasq.conf with this configuration:

#/etc/dnsmasq.conf
domain-needed
bogus-priv

expand-hosts
 
# The address 192.168.0.176 is the static IP of this server
# You can find this ip by running ifconfig and look for the
# IP of the interface which is connected to the router.
listen-address=127.0.0.1
listen-address=192.168.0.176
bind-interfaces
 
# Use open source DNS servers
server=8.8.8.8
server=8.8.4.4
server=208.67.220.220
 
# Create custom 'domains'.
# Custom 'domains' can also be added in /etc/hosts
address=/busyserver.net/192.168.0.176

And that’s basically it.

You can check the status of dnsmasq server by running: sudo systemctl status dnsmasq.

To actually use the server and make your computer recognize your custom domains you need to tell your computers to use the IP of the server on which dnsmasq is installed, in my case it is 192.168.0.176.

Thank you for reading!

Twitter | DORefferal

Advertisements

Installing and configuring an anonymous VSFTPD server

After spending a good part of my weekend fiddling with VSFTPD, I’m very happy that I managed to get it to work properly.

My goal was to create a simple, anonymous and private FTP server for my home network. It should facilitate sharing files between my machines.

Configuring the Server

If you’d like to try out my configuration all you need to do is look at the following commands and replace your configuration file with mine. The configuration file will be provided later in the article.

# For Ubuntu
sudo apt-get install vsftpd
cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

# Make the directories for the server
sudo mkdir -p /srv/vsftpd/root/public
sudo touch /srv/vsftpd/banner

# Change permissions and set ownership
sudo chown -R ftp:ftp /srv/vsftpd/
sudo chmod -R 555 /srv/vsftpd/
sudo chmod 775 /srv/vsftpd/root/public

# Edit the configuration file
# /etc/vsftpd.conf with editor of choice

# Restart the service and check the status
sudo systemctl restart vsftpd
sudo systemctl status vsftpd

The configuration file vsftpd.conf that I use can be found below:

# Nucu Labs's BUSY vsFTPd server configuration file.
# Denis Nutiu 09.02.2019

# Scope of the server: The server is supposed to facilitate easy file sharing and should
# be only available on the local network. No outside access is allowed!

# The meaning of this configuration file and the full list of options can be found by
# checking the manual page of vsftpd.

listen=NO
listen_ipv6=YES

### Debug Options

# If enabled, a log file will be maintained detailing uploads and downloads. 
# By default, this file will be placed at /var/log/vsftpd.log,
xferlog_enable=YES

# debug_ssl=YES
# log_ftp_protocol=YES
# syslog_enable=YES

###

# If enabled, both the usernames ftp and anonymous are recognised as anonymous logins.
anonymous_enable=YES

# This option represents a directory which vsftpd will try to change into after an anonymous login. 
# Failure is silently ignored.
anon_root=/srv/vsftp/root
local_root=/srv/vsftp/root
allow_writeable_chroot=YES

# Enable local users to login to the FTP.
local_enable=NO

# This option is the name of a file containing text to display when someone connects to the server.
banner_file=/srv/vsftp/banner

# When enabled, this prevents vsftpd from asking for an anonymous password 
# - the anonymous user will log straight in.
no_anon_password=YES

# If set to YES, anonymous users will be permitted to create new directories under certain conditions.
# For this to work, the option write_enable must be activated, 
# and the anonymous ftp user must have write permission on the parent directory.
anon_mkdir_write_enable=YES

# If set to YES, anonymous users will be permitted to perform write operations 
# other than upload and create directory, such as deletion and renaming. 
# This is generally not recommended but included for completeness.
anon_other_write_enable=YES

# If set to YES, anonymous users will be permitted to upload files under certain conditions.
anon_upload_enable=YES

# When enabled, anonymous users will only be allowed to download files which are world readable.
anon_world_readable_only=YES

# If enabled, all anonymously uploaded files will have the ownership changed 
# to the user specified in the setting chown_username
chown_uploads=YES
chown_username=ftp
nopriv_user=ftp

delete_failed_uploads=YES

# If enabled, users of the FTP server can be shown messages when they first enter 
# a new directory. By default, a directory is scanned for the file .message.
dirmessage_enable=YES

# If enabled, all user and group information in directory listings will be displayed as "ftp".
hide_ids=YES

# Allows: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE.
write_enable=YES

# Upload files are executable.
chown_upload_mode=0777
file_open_mode=0777
local_umask=002
anon_umask=002

###

# Use the system's local time in GMT.
use_localtime=YES

# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty

# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd

# Uncomment this to indicate that vsftpd use a utf8 filesystem.
utf8_filesystem=YES

Using this setup will give you a fully working anonymous VSFTPD server. BUT WAIT! Make sure that you don’t expose the server to the internet! Keep it for private use only, since the server is anonymous everyone can download and upload files.

Troubleshooting Server Problems

I had lots of trouble getting the permissions right, if you don’t get the permissions right you’ll find yourself unable to upload files, download them, create directories or cd into directories.

The most common error I encountered was Writable root. Owner of the chroot() is root and has write permissions. This was fixed by removing the write permission from the /srv/vsftpd/root directory.

Another thing you may want is to add your user to the ftp group. I did miss the -a when I added myself and I ended up removing myself from all groups, except the ftp group. I had to boot Ubuntu in Recovery Mode, get a root shell and add myself back to sudo as well as other administrative groups. To add yourself to the ftp group, you can safely copy paste the following command: sudo usermod -a -G ftp $USER.

If the banner file (the one created with the touch command above) is not existent or permissions are insufficient, the server won’t start.

Troubleshooting Client Problems

To be honest I haven’t used FTP that much. Everytime you connect to the VSFTPD server you should do so in passive mode, this means that the server will open another socket when doing an operation instead of initializing a connection to you (the client), if you don’t use passive FTP mode, you’ll get a prompt from your firewall to allow the FTP client to pass through. To connect using passive FTP, you should run: ftp -p ftp_server_ip_or_alias

When uploading images, pdfs or other binary files, you’ll need to issue the binary command in your FTP client, before the put, otherwise things are going to get messy and the binary file will get corrupted.

Conclusions

I had great fun installing and configuring VSFTPD, also writing this article. If you need anymore help with VSFTPD I suggest visiting the Arch Linux wiki page, it contains a great deal of information.

Thank you for reading and have a great day!

This article is part of my Homelab series, you may want to check out my previous post: My Homelab Journey: Introduction

My Homelab Journey: Introduction

Hello everyone!

After following the /r/homelab reddit for a while I’ve decided to give it a try and make myself my own homelab environment. I don’t have access to expensive server equipment nor do I have the means to acquire it, so I will be using an old HP Laptop which has quite a few resources, it is a bit stronger than the average Raspberry PI.

The laptop has 11GB of RAM memory, a 740GB disk and an Intel i7-4702MQ CPU. I have it for almost 4 years now and I’ve only used it for a few months, I decided to re-purpose it. If you’re asking yourself why didn’t I used the laptop, well, the laptop is absolutely horrible to work with! HP has made a terrible consumer product, it wasn’t targeted to business users and it is sluggish (with windows) and made of cheap plastic. On Windows HP has failed to provide basic working drivers, the laptop freezes every minute or so.

The Busy Server

This will be the name of my new server Busy Server. The name was chosen because I plan to host all the services on this machine, for now.

For starting I’m going to put a DNS server, an OpenSSH server, an FTP server and a media server. In the future I’ll think about other services that might benefit me.

The DNS server’s purpose is to allow me to access the other resources in a more friendly manner, like ftp.busyserver.net instead if 192.168.0.*

The FTP server will be an anonymous server to facilitate easy file sharing in the local network, it won’t have any outside access.

The media server will be unused, for now. A potential use case for it would be to get a Chromecast and use it to watch movies together with my family, but I’m not even sure if I need a media server.

Cloud Services

I currently still rely on multiple cloud services for work.

There’s a few cloud services that I like a lot and I use them daily. I’m not ready to make the move from them to my own self-hosted alternatives. Some of these services are Trello, Slack, Dropbox, Github and Evernote.

Trello is a great tool for productivity, it gives me space to host my scrum boards, I don’t do any planning on it although I’ve heard about people that follow an agile lifestyle and plan their entire month using agile boards. I use Trello mostly to store programming notes and other technical stuff. I like the fact that I can invite other people to my boards and collaborate with them, but a huge turn-off is that it feels a bit weird to use when storing large notes, it’s not really meant for reading but I guess it could do for now. A replacement for it would be a 10$ Jira server license or another alternative.

Dropbox is the place where is store all the files that I need to take with me. Those files can be documents, books, software licenses and small programs. Of course they are encrypted with my personal GPG key so don’t even think about it.

While Slack is quite new to the scene, I’m thinking in making my own private work-space that I’ll share with my family members and perhaps close friends. In the future, I will attempt to compliment this with custom Slack apps, that will aid in home automation and status reporting, it’s going to be fun.

Evernote is my standard application for taking notes, it’s not perfect, but it works. I’m not going to pay for it (ever), I’d rather use simple markdown files if it goes this far. Evernote could be replaced with a MediaWiki or DokuWiki but since I rely on my notes a lot this won’t happen very soon.

Those are my plans for now, I also have a nice VPN raspberry pi server setup that allows me to access my LAN network from outside.

What do you think about my plans? Do you I could make use of other interesting services? Let me know in the comments if so.

Thank you for reading and have a nice day!