Red Box

6,248

59

5

About: Linux System Administrator

Create your own reliable cloud server.

Step 1: Hardware

  • Use a metal box and paint it in your favorite color. (I used an old storage controller)
  • Hobbycolor plate that resists to at least 75 C
  • Raspberry pi 3
  • Micro SD card (I used 16GB but you can use any size >= 4GB)
  • USB hub with an external power jack
  • Usb to sata adapters
  • Disk drives
  • Network cable + network wall socket
  • Wires + power input jack
  • Bolts recovered from old computer's serial or vga port
  • Usb ports recovered from old computer

Raspberry pi is attached to the hobbycolor plate with bolts from vga port.

Disks are attached with regular bolts on the back.

Step 2: Wiring

  • Power input jack connects to both recovered usb ports.

First usb (behind all the wires in front left) is used as a power source, only red and black wires are used and connected to the power input jack. First usb cable in this port provides power for the pi, the second usb cable provides power to the USB hub.

Second usb (the one in the back - useful for connecting additional devices) has red and black connected directly to the power input, while the white and green of each port is connected to an usb cable recovered from some old mouse (the white ones directly connected to pi)

  • Lan cable connects the external network wall socket to the raspberry pi LAN port.
  • Disks are connected via usb to sata adapters to the external powered USB hub (bigger capacity disks require more power and we do not want to make pi unstable) , which is connected in one of the pi ports.

Step 3: Software

  • Install the Operating System

Use Centos 7 for arm for higher security. (http://mirror.centos.org/altarch/7/isos/armhfp/); tested: CentOS-Userland-7-armv7hl-Minimal-1611-RaspberryPi3.img.xz, tutorial here: https://wiki.centos.org/SpecialInterestGroup/AltA...

Put the image on the micro sd card from you Linux computer (for windows check: https://www.raspberrypi.org/documentation/install...

xzcat CentOS-Userland-7-armv7hl-Minimal-1611-RaspberryPi3.img.xz | sudo dd of=$/path/to/sd/card status=progress bs=4M

root password : centos

use nmtui to configure network and set a static ip address

  • Setup the disks

Create one partition on each disk (is better to be a little smaller than the entire disk - let's say 1GB smaller - different disks of the same capacity - ex: wd vs toshiba - have different sizes :) ). This way you will be safe if you need to replace one of the disks

Create a btrfs raid 1 filesystem on your disks

mkfs.btrfs -d raid1 -m raid1 /dev/sda1 /dev/sdb1

btrfs filesystem label /dev/sda1 rpi3

Mount the filesystem using autofs (prevents non booting of pi if something goes wrong with the disks)

yum install -y autofs

append the fllowing to /etc/auto.master:

/- /etc/auto.ext-usb --timeout=300

Create /etc/auto.ext-usb with the content:

/srv -fstype=auto,compress=lzo,noatime :/dev/disk/by-label/rpi3

service autofs restart

ls /srv, df -h, confirm that it is mounted

  • Install owncloud

Prerequisites (apache, php, mariadb):

yum install -y httpd;yum install -y mod_ssl; yum install -y mariadb-server; yum install -y php*

Install owncloud 9 which is compatible with php54 that comes with centos7, a good tutorial for that:

http://download.owncloud.org/download/repositories...

After owncloud is up and running, move data dir from the default location to the new drives (/srv)

service httpd stop

edit /var/www/html/owncloud/config/config.php and make this change:

'datadirectory' => '/srv/owncloud/data',

mkdir /srv/owncloud; mv /var/www/html/owncloud/data /srv/owncloud && chown -R apache:apache /srv/owncloud/data/

service httpd start

You can install owncloud desktop client on linux / windows and for phones I use foldersync

  • Enable and configure SELinux

    (working version is: selinux-policy-3.13.1-166.el7.5.noarch, selinux-policy-targeted-3.13.1-166.el7.5.noarch)

make sure you are not updating that policy (in /etc/yum.conf append: exclude = selinux-policy*)

restorecon -Rv /

/boot/cmdline.txt should contain: selinux=1 security=selinux enforcing=1

/etc/sysconfig/selinux should contain: SELINUX=enforcing and SELINUXTYPE=targeted

reboot

Make the following settings after reboot:

yum install -y policycoreutils-python

semange fcontext -a -t httpd_sys_rw_content_t /srv/owncloud(/.*)?

setsebool -P httpd_builtin_scripting=1; setsebool -P httpd_can_network_connect=1; setsebool -P httpd_enable_cgi=1; setsebool -P httpd_graceful_shutdown=1

if you encounter any issues put sd card into another computer and modify cmdline.txt to have: selinux=0

  • Secure your box

Change root password

Create yourself a user (adduser -s /bin/bash "me") and set a strong password ( passwd "me")

configure sshd to listen on another port and do NOT allow root logins

In /etc/ssh/sshd_config, set Port

(let's say 2222), PermitRootLogin no

Tell SELinux and firewalld about yout intentions:

semanage port -a -t ssh_port_t -p tcp 2222

service firewalld start && systemctl enable firewalld.service

firewall-cmd --permanent --add-port 2222/tcp

firewall-cmd --reload

service sshd restart

  • Make it public

On your internet router forward this ports to your static ip set in first step: 80, 443, 2222.

Setup DDNS on your router so you can access your box from anywhere.

  • Fine tuning

Set apache to 5 procs as memory is low:

/etc/httpd/conf.modules.d/00-mpm.conf

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

StartServers 5

MinSpareServers 5

MaxSpareServers 5

ServerLimit 5

MaxClients 5

MaxRequestsPerChild 3000

service httpd restart

Setup cron to weekly scrub the disks and make a snapshot each night (in /etc/crontab)

01 02 * * 6 root btrfs scrub start /srv
01 01 * * * root /usr/sbin/btrfs subvolume snapshot -r /srv /srv/@$(printf "\%s" $(/bin/date +\%d\%b\%Y-\%k-\%M))

check from time to time the volume with: btrfs dev stats /srv

Use watchdog to automatically reset if it becomes unresponsive (raspberry pi3 has a hardware one):

yum install -y watchdog

/etc/watchdog.conf

watchdog-device = /dev/watchdog
watchdog-timeout = 15

interval = 1
logtick = 1 log-dir = /var/log/watchdog

realtime = yes
priority = 1

service watchdog start && systemctl enable watchdog.service

Share

    Recommendations

    • Plastics Contest

      Plastics Contest
    • Optics Contest

      Optics Contest
    • Make it Glow Contest 2018

      Make it Glow Contest 2018

    5 Discussions

    0
    None
    Tachyon

    9 months ago

    Very nice!
    One caveat. I would never use btrfs for storing anything I cared about and even its creators are hesitant to recommend the btrfs RAID function.
    Better to use the Linux kernel md RAID function, and if you want to allow for future growth, LVM on top of that. Then throw XFS on top of that.

    1 reply
    0
    None
    EduardG8Tachyon

    Reply 9 months ago

    Hi Tachyon,

    This distribution (Centos 7) has proper support for btrfs, even for raid1/0, raid5/6 is not recommended and I would not use that yet. I am running this way for about one year now and I didn't had any issues.

    I opted for btrfs for multiple reasons: is a COW filesystem, so the corruption theoretically is very unlikely even if you unplug it directly (you will always have a previous version of the file), I can use read only snapshots to protect my data in case of any cryptolocker, I can scrub my disks to see if bad blocks are sitting undiscovered, I can use compression, and I wanted to test for myself it's reliability so I can use it in production (and I did that on several boxes). There are some kernel / init scripts issues if you are having the root filesystem on a btrfs raid1 array, but you can always recover your data (mount -o degraded ...) or mount it with autofs.

    If one of your volumes in the software raid is bad you can mount your filesystem without noticing it (same applies with lvm mirror), you have to periodically check or monitor it in some way. In a btrfs setup your volume will not mount and it's easier to see that on a box that you usually do not check (eg. owncloud will not work).

    0
    None
    idrawupay

    10 months ago

    Hi.

    Cool instructable.

    Could this be used as a media server for Plex?

    and how would you be able to access this from anywhere?

    would you have to set up a DNS link with your laptop or phone?

    1 reply
    0
    None
    EduardG8idrawupay

    Reply 10 months ago

    Hi,

    I think it can be used, as far as I saw Plex Media Server is not open source and obviously you can't compile it on raspberry (which is ARM v7), but I would download the synology package for arm v7 and extract that with tar and try to run it.

    My router in front of the raspberry has a dynamic dns service on it. The dynamic dns is used to map a chosen host name to your dynamic ip on the router. ( I assume you get a public ip from your network provider - if not this won't work). Furthermore you can ask a static ip from your provider and create a free DNS record to point to your public static ip or even buy your own domain.

    (https://www.google.ro/search?q=dynamic+dns+provide...

    Or if your raspberry is connected directly to the internet you can install some packages directly on it (https://www.google.ro/search?ei=HcBcWpOpLIjLwQLh9J...

    0
    None
    Swansong

    10 months ago

    That looks nice :)