Networking Archive

Revisiting the POGO-E02 for ownCloud and storage

Posted October 4, 2013 By Landis V

In a recent post, I reconfigured one of my POGO-E02 devices to run Linux (also in a much older post, but I intend to go back and revisit that device with the updated process at some point).  I have reccently replaced my laptop (OfficeMax had a pretty impressive flash sale on a Gateway with an AMD quad core, and huge kudos to the OfficeMax in Kearney, NE for taking care of the customer incredibly well when the one I initially picked up had a dead left mouse button and a dead F10 key out of the box… literally zero hassle getting it replaced, great job to that team).  Unfortunately the old laptop is still sitting on the desk next to the new one, soaking up space I don’t have.  I need to make sure I have everything I’ve done on it in the past year and a half or so saved off and duplicate backup copies, as there are a couple of videos I’ve stored on there that are simply irreplaceable.

Time to get back into storage.  I like my Dropbox (you should definitely sign up here if you don’t already have an account) and I recently got some additional temporary space when I bought my Samsung Galaxy S3, but my space is otherwise full and I won’t pay for more.  I think ownCloud, an older version of which I reference briefly in the second linked post above, will prove quite suitable for this, especially in conjunction with my personal CA.

I brought my Linux-ified Pogo back online and hooked up a Seagate external drive I’ve had sitting around and been meaning to hook up for quite a while.  I hooked it up to the Pogo unit and it was recognized as sdb.  From there, I performed the following (as root) to create two, 1TB partions on the drive:

apt-get install parted
#confirm installation when prompted
parted -a optimal /dev/sdb
rm 2
rm 1
mkpart
#Answer prompts with label=OwnCloud, type=ext4, start=0%, end=50%
mkpart
#Answer prompts with label=Storage, type=ext4, start=50%, end=100%
quit
mkfs.ext4 /dev/sdb1
#I only created the OwnCloud partition at this time in the interest of saving time.
#Perform a similar command for sdb2
mkdir /mnt/owncloud
#Should edit /etc/fstab and add a line similar to the following for perpetuity:
#/dev/sdb1 /mnt/owncloud ext4 rw,relatime,data=ordered 0 0
#I did, and then rebooted to make sure everything came up/remounted as expected

From there, I proceeded with the installation of ownCloud on Debian as per the instructions on the site.  I followed the link for Debian Linux, verified my version (cat /etc/debian_version) – I am on 7.1 so followed the 7.0 instructions with a few verifications.

echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/ /' >> /etc/apt/sources.list.d/owncloud.list
apt-get update
#Received the following error here:
#W: GPG error: http://download.opensuse.org Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 977C43A8BA684223
#Added the following steps, per http://en.kioskea.net/faq/809-debian-apt-get-no-pubkey-gpg-error
gpg --keyserver pgpkeys.mit.edu --recv-key 977C43A8BA684223
gpg -a --export 977C43A8BA684223 | apt-key add -
#Reran update to verify
apt-get update
#Success! I then noticed they had an equivalent answer in the next step :/ Oh well.
apt-get install owncloud
#Accept dependencies

Once installation completed, I opened a browser to the owncloud URL on the Pogo at http://<pogo_ip>/owncloud.  Because I intend to make my access seamless whether I’m at home or connecting from the Internet at large, I have a few tricks I need to do yet.  But first I finished up the basic configuration.  I created my administrator account and password, hit the Advanced button and set my data directory to the /mnt/owncloud/data directory using the mountpoint I had created previously.  The database was set at SQLite, so I left it for the time being.  After submitting, I thought to check and found that there was an existing “data” directory in /var/www/owncloud with ownership www-data:www-data and ug+rwx, so I created a /mnt/owncloud/data directory with the same ownership and permissions.  After refreshing the initial page and setting the final config again, things seemed to load properly this time around.

I set up a WebDAV connection from the Dolphin file browser and started transferring some of the files from the Linux laptop per the user manual.  I experienced problems transferring a few of these files and remembered something about large file support, so I went back and took a look into that.  The default max size looks to be 800MB and I didn’t have anything beyond that, so I tried a reboot; it took a long time to complete, but it seemed to work.  I backed up the remaining files I had planned on, shut down the old laptop, and was able to get it out of the way.

I downloaded the Windows client on the new laptop and installed it.  When installation was complete, I took a moment to pause and reconfigure a few things.  As I plan to partially expose the ownCloud instance to the Internet and have it accessible from my smartphone, one of my first goals/low hanging fruit items for protecting it from a large chunk of port scans, hacks, and exploits is to change the web service to run on a non-default port number.  I could simply do this externally, but then I would have to change my client settings whenever I was on my wifi connection.  So instead I referenced changing the port number in Apache.  I’ve done this a few times in the past, but I decided I would like to also maintain the ability to serve some pages on the standard HTTP port if I so decided later.  I edited /etc/apache2/ports.conf and added an entry for my non-SSL port directly below the “Listen 80” directive, and for my SSL ports within the <IfModule mod_ssl.c> and <IfModule mod_gnutls.c> sections below the “Listen 443” directives in each of those sections.  Rather than edit the “default” site file, I created a new site file at /etc/apache2/sites-available/owncloud, similar to the following.  The port numbers and DNS names referenced are purposefully invalid as I’m not trying to create a honeypot; modify them appropriately for your configuration.

        #unfortunately this isn't pasting correctly, so parts are missing.
        #Too late in the day for me to fix right now.
        ServerName owncloud.example.com
        DocumentRoot /var/www/owncloud
        ServerAdmin me@example.com

                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

        #ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        #<Directory "/usr/lib/cgi-bin">
                #AllowOverride None
                #Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                #Order allow,deny
                #Allow from all
        #

        ErrorLog ${APACHE_LOG_DIR}/ownclouderror.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

In the future I will also be creating an owncloud-ssl file in the same directory. This will definitely happen before I configure any phone synchronization over the public Internet.  After restarting the apache service, I was able to access the ownCloud instance via http://owncloud_ip:newport#.  I have a bit of DNS work to do on my router to make the naming work universally, from the Internet or my LAN.  May document it up if there is any interest.  I would have to say this install was pretty slick and that I’m likely to pay for the client for my Android.

1 Comment. Join the Conversation

Nope, mesh networks won’t stop the NSA

Posted September 16, 2013 By Landis V

http://www.networkworld.com/community/blog/nope-mesh-networks-wont-stop-nsa

Be the first to comment

stack your knowledge: IOS IPsec ezVPN server – part I

Posted September 11, 2013 By Landis V

http://staystack.blogspot.com/2013/04/ios-ipsec-ezvpn-server.html

Helpful article, though I wasn’t working with ezVPN.  The ‘reverse-route’ component was a critical one I was missing, though I’m pretty sure it’s still not going to get me where I need to go.   I’m attempting to get a software VPN client configuration to work with a router that’s also performing IPSec VPN in conjunction with VRF and zone firewall.  We’ve already encountered one show-stopping bug between ZBF/ZFW and NAT virtual interface (NVI), and I’m fairly sure about five steps down the road from reverse route injection that we’ve encountered yet another bug that will prove fatal in this endeavor as well.

 

No matter I guess.  Probably need to get this lab back to a more standard configuration in any case.  If you do happen to encounter a problem with ZFW, VRF, and software VPN client I’d love to hear about it in the comments.  Always nice to know you’re not the only one Cisco’s feature sets are leaving up a creek. If I get time, I’ll try to post a more detailed configuration example and steps that lead me to this conclusion.  I still haven’t completely disproven it, and haven’t run any debugs at all yet, so there’s still a slim possibility it could actually function.

Be the first to comment

Serving multiple DNS search domains in IOS DHCP

Posted August 26, 2013 By Landis V

http://www.perkin.org.uk/posts/serving-multiple-dns-search-domains-in-ios-dhcp.html

DHCP option 119, though having to convert to hex and null-term is a PITA.  If it does what’s needed, then probably worthwhile.

Be the first to comment

NMAP open port statistical analysis

Posted August 22, 2013 By Landis V

https://svn.nmap.org/nmap/nmap-services

Found this while looking for honeypot/log information on scanning frequencies of given ports.

Be the first to comment

I’ve run across this image in the past and found it helpful, but not sure I’ve ever made a note of it so I’d have it available next time I need it.

Packet Flow in Netfilter and General Networking

http://blog.propter.net/wp-content/uploads/2012/12/nf-packet-flow.png

Be the first to comment

Interface Configuration Files

Posted June 25, 2013 By Landis V

http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-networkscripts-interfaces.html

http://www.science.uva.nl/research/air/wiki/LogicalInterfaceNames

Did some reading while trying to change interface names on a Devil Linux 1.6.3 multi-interface host this afternoon.  An interesting thing to note is that if the auto-generated udev file (in my case /etc/udev/rules.d/70-persistent-net.rules) exists and has the interfaces numbered, it will not be overridden by whatever you configure in /etc/sysconfig/nic/ifcfg-name for the HWADDR parameter.

Be the first to comment