Category Archives: ubuntu

Installing ubuntu/debian with PXE using a Windows machine

There is an official tutorial on Ubuntu’s website to install Ubuntu over the network via PXE, using a Windows machine as a DHCP/TFTP server.

I managed to make it work after a few hours of struggle because one crucial piece of information was unclear/missing. The same procedure is applicable for Debian.


You need to:

  • delete pxelinux.0 and pxelinux.cfg from the root of the created netboot/ folder
  • copy netboot/ubuntu-installer/amd64/pxelinux.0 to netboot/ (path will vary depending on what you are installing)
  • create a pxelinux.cfg folder in the netboot/ folder
  • copy the proper version of default to the netboot/pxelinux.cfg/ folder you just created (once again, the location will vary depending on what distribution you are installing)

The details above are not required, provided you are an admin when extracting the netboot.tar.gz archive (otherwise the symlinks get lost in translation and you need to manually recreate them).

I used the following options in tftp32:

  • Current directory: C:\tftp\netboot
  • Settings
    • GLOBAL: TFTP Server + DHCP Server
    • TFTP: Base Directory: C:\tftp\netboot | PXE Compatibility | Bind to this adress
    • DHCP: Pool starting address: beginning of an unused IP range | Size: 10 | Boot file: pxelinux.0 | WINS/DNS: DNS IP | Router: Router IP | Mask: network mask | Select 3 options: Ping, Bind, Persistent

And don’t forget to turn off other DHCP servers on your network!

Advertisements
Tagged , ,

Installing ownCloud on Ubuntu

The goal today: replacing DropBox with ownCloud. This assumes no web server was previously installed.

Features needed:

  • Files accessible from the internet
  • Ability to synchronize a folder on multiple computers / devices with the main server
  • Transferring data in a secure way, hopefully more secure than Dropbox

Installation

We’ll do it from the command line via SSH.

Install the dependencies

The ownCloud website proposes to run

apt-get install apache2 php5 php5-json php-xml php-mbstring php5-zip php5-gd

but that returns several error messages:

Note, selecting 'php5-common' instead of 'php5-json'
E: Unable to locate package php-xml
E: Unable to locate package php-mbstring
E: Unable to locate package php5-zip

I then tried:

apt-get update
apt-get upgrade
apt-get install apache2 php5 php5-json php5-gd php5-sqlite curl libcurl3 libcurl3-dev php5-curl php5-common php-xml-parser
apt-get install sqlite

And it worked much better. I also ran

apt-get autoremove

afterwards to clean installed packages, but that is not required.

Download and install ownCloud

Download the latest version from ownCloud website:

cd Downloads/
wget http://owncloud.org/releases/owncloud-4.0.6.tar.bz2
tar -xjf owncloud-4.0.6.tar.bz2
mv -r owncloud /var/www
rm owncloud-4.0.6.tar.bz2
chown -R www-data:www-data /var/www

note: www-data is the default group / user used by the apache server.

Configuration

The official website recommends to enable .htaccess and mod_rewrite. The first part is done by editing the 000-default file:

vi /etc/apache2/sites-enabled/000-default

and setting AllowOverride to All
(in vi: select the N of None in “AllowOverride None” and press R (replace), type All, Escape, select the extra e and Delete. Type : x to exit and save.)

The second part is done with the following commands:

a2enmod rewrite
a2enmod headers
service apache2 restart

Then login on http://the-ip/ or http://localhost from the server and finalise the configuration steps.

Securing the server

At the end of the previous step, we have a working ownCloud server. But connections are not encrypted (file content and user/password information), which is a no go.

Creating a Certificate Authority (CA)

That’s a required step to be able to issue the certificate that will be used by the web server.

First edit /etc/ssl/openssl.cnf file, especially:

dir = /root/sslCA
default_days = 3650 # 10 years
default_bits = 2048 # recommended by NSA until 2030
countryName_default = UK
0.organizationName_default = organization name

We will now create the CA in the root directory with permission 700:

cd ~root/
mkdir sslCA
chmod 700 sslCA
cd sslCA
mkdir certs private newcerts

echo 1000 > serial
touch index.txt

openssl req -new -x509 -days 3650 -extensions v3_ca \
-keyout private/cakey.pem -out cacert.pem \
-config /etc/ssl/openssl.cnf

    Country Name (2 letter code) [UK]:
    State or Province Name (full name) [Some-State]:.
    Locality Name (eg, city) []:London
    Organization Name (eg, company) [company]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, YOUR name) []:web.server.ip.address OR url
    Email Address []:admin@webserver.com

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

You can enter . to enter a blank information or press [enter] to keep the default value. The Country, State, Organization Name and Common Name fields seem mandatory.

Generating a Certificate for apache

Create the SSL request:

> openssl req -new -nodes \
	-out apache-req.pem \
	-keyout private/apache-key.pem \
	-config /etc/ssl/openssl.cnf

Generate the certificate and copy the files to the ssl directory:

> openssl ca \
	-config /etc/ssl/openssl.cnf \
	-out apache-cert.pem \
	-infiles apache-req.pem
mkdir /etc/ssl/crt
mkdir /etc/ssl/key
cp apache-cert.pem /etc/ssl/crt
cp private/apache-key.pem /etc/ssl/key

Enable HTTPS on the apache server

>  a2enmod ssl
mkdir /var/www/logs
cd /etc/apache2/conf.d
vi httpd-ssl.conf

    <VirtualHost *:443>
    ServerName web.server.ip.address
    SSLEngine on
    SSLCertificateFile /etc/ssl/crt/apache-cert.pem
    SSLCertificateKeyFile /etc/ssl/key/apache-key.pem

    DocumentRoot /var/www/owncloud
    CustomLog /var/www/logs/ssl-access_log combined
    ErrorLog /var/www/logs/ssl-error_log
    </VirtualHost>

service apache2 restart

You can now type https://web.server.ip.address in a browser and the ownCloud login page should appear.

Note: I got various emails reporting an error in PHP:
PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib/php5/20090626+lfs/sqlite.so’ – /usr/lib/php5/20090626+lfs/sqlite.so: cannot open shared object file: No such file or directory in Unknown on line 0

This warning was cleared by commenting out the second line in /etc/php5/conf.d/sqlite.ini with a ;

Synchronizing with a windows computer and mobile devices

  • I installed the Windows Client and… it does not work (can’t connect to the site blablabla)… Hum… Using the default WebClient service on Windows 7 did not work (apparently because of issues with SSL). I tried cyberduck and it seems to work fine to read / write files but the synchronizing process is cumbersome…
  • On Android, ES File Explorer was able to access owncloud by setting a new FTP / WEBDAV server – the address is web.server.ip.address/files/webdav.php
Tagged ,