Red Box





Introduction: Red Box

About: Linux System Administrator

Create your own reliable cloud server.

Step 1: Hardware

  • Use a metal box and paint it in your favorite color. (I used an old storage controller)
  • Hobbycolor plate that resists to at least 75 C
  • Raspberry pi 3
  • Micro SD card (I used 16GB but you can use any size >= 4GB)
  • USB hub with an external power jack
  • Usb to sata adapters
  • Disk drives
  • Network cable + network wall socket
  • Wires + power input jack
  • Bolts recovered from old computer's serial or vga port
  • Usb ports recovered from old computer

Raspberry pi is attached to the hobbycolor plate with bolts from vga port.

Disks are attached with regular bolts on the back.

Step 2: Wiring

  • Power input jack connects to both recovered usb ports.

First usb (behind all the wires in front left) is used as a power source, only red and black wires are used and connected to the power input jack. First usb cable in this port provides power for the pi, the second usb cable provides power to the USB hub.

Second usb (the one in the back - useful for connecting additional devices) has red and black connected directly to the power input, while the white and green of each port is connected to an usb cable recovered from some old mouse (the white ones directly connected to pi)

  • Lan cable connects the external network wall socket to the raspberry pi LAN port.
  • Disks are connected via usb to sata adapters to the external powered USB hub (bigger capacity disks require more power and we do not want to make pi unstable) , which is connected in one of the pi ports.

Step 3: Software

  • Install the Operating System

Use Centos 7 for arm for higher security. (; tested: CentOS-Userland-7-armv7hl-Minimal-1611-RaspberryPi3.img.xz, tutorial here:

Put the image on the micro sd card from you Linux computer (for windows check:

xzcat CentOS-Userland-7-armv7hl-Minimal-1611-RaspberryPi3.img.xz | sudo dd of=$/path/to/sd/card status=progress bs=4M

root password : centos

use nmtui to configure network and set a static ip address

  • Setup the disks

Create one partition on each disk (is better to be a little smaller than the entire disk - let's say 1GB smaller - different disks of the same capacity - ex: wd vs toshiba - have different sizes :) ). This way you will be safe if you need to replace one of the disks

Create a btrfs raid 1 filesystem on your disks

mkfs.btrfs -d raid1 -m raid1 /dev/sda1 /dev/sdb1

btrfs filesystem label /dev/sda1 rpi3

Mount the filesystem using autofs (prevents non booting of pi if something goes wrong with the disks)

yum install -y autofs

append the fllowing to /etc/auto.master:

/- /etc/auto.ext-usb --timeout=300

Create /etc/auto.ext-usb with the content:

/srv -fstype=auto,compress=lzo,noatime :/dev/disk/by-label/rpi3

service autofs restart

ls /srv, df -h, confirm that it is mounted

  • Install owncloud

Prerequisites (apache, php, mariadb):

yum install -y httpd;yum install -y mod_ssl; yum install -y mariadb-server; yum install -y php*

Install owncloud 9 which is compatible with php54 that comes with centos7, a good tutorial for that:

After owncloud is up and running, move data dir from the default location to the new drives (/srv)

service httpd stop

edit /var/www/html/owncloud/config/config.php and make this change:

'datadirectory' => '/srv/owncloud/data',

mkdir /srv/owncloud; mv /var/www/html/owncloud/data /srv/owncloud && chown -R apache:apache /srv/owncloud/data/

service httpd start

You can install owncloud desktop client on linux / windows and for phones I use foldersync

  • Enable and configure SELinux

    (working version is: selinux-policy-3.13.1-166.el7.5.noarch, selinux-policy-targeted-3.13.1-166.el7.5.noarch)

make sure you are not updating that policy (in /etc/yum.conf append: exclude = selinux-policy*)

restorecon -Rv /

/boot/cmdline.txt should contain: selinux=1 security=selinux enforcing=1

/etc/sysconfig/selinux should contain: SELINUX=enforcing and SELINUXTYPE=targeted


Make the following settings after reboot:

yum install -y policycoreutils-python

semange fcontext -a -t httpd_sys_rw_content_t /srv/owncloud(/.*)?

setsebool -P httpd_builtin_scripting=1; setsebool -P httpd_can_network_connect=1; setsebool -P httpd_enable_cgi=1; setsebool -P httpd_graceful_shutdown=1

if you encounter any issues put sd card into another computer and modify cmdline.txt to have: selinux=0

  • Secure your box

Change root password

Create yourself a user (adduser -s /bin/bash "me") and set a strong password ( passwd "me")

configure sshd to listen on another port and do NOT allow root logins

In /etc/ssh/sshd_config, set Port

(let's say 2222), PermitRootLogin no

Tell SELinux and firewalld about yout intentions:

semanage port -a -t ssh_port_t -p tcp 2222

service firewalld start && systemctl enable firewalld.service

firewall-cmd --permanent --add-port 2222/tcp

firewall-cmd --reload

service sshd restart

  • Make it public

On your internet router forward this ports to your static ip set in first step: 80, 443, 2222.

Setup DDNS on your router so you can access your box from anywhere.

  • Fine tuning

Set apache to 5 procs as memory is low:


LoadModule mpm_prefork_module modules/

StartServers 5

MinSpareServers 5

MaxSpareServers 5

ServerLimit 5

MaxClients 5

MaxRequestsPerChild 3000

service httpd restart

Setup cron to weekly scrub the disks and make a snapshot each night (in /etc/crontab)

01 02 * * 6 root btrfs scrub start /srv
01 01 * * * root /usr/sbin/btrfs subvolume snapshot -r /srv /srv/@$(printf "\%s" $(/bin/date +\%d\%b\%Y-\%k-\%M))

check from time to time the volume with: btrfs dev stats /srv

Use watchdog to automatically reset if it becomes unresponsive (raspberry pi3 has a hardware one):

yum install -y watchdog


watchdog-device = /dev/watchdog
watchdog-timeout = 15

interval = 1
logtick = 1 log-dir = /var/log/watchdog

realtime = yes
priority = 1

service watchdog start && systemctl enable watchdog.service



    • Clocks Contest

      Clocks Contest
    • Creative Misuse Contest

      Creative Misuse Contest
    • Oil Contest

      Oil Contest

    5 Discussions

    Very nice!
    One caveat. I would never use btrfs for storing anything I cared about and even its creators are hesitant to recommend the btrfs RAID function.
    Better to use the Linux kernel md RAID function, and if you want to allow for future growth, LVM on top of that. Then throw XFS on top of that.

    1 reply

    Hi Tachyon,

    This distribution (Centos 7) has proper support for btrfs, even for raid1/0, raid5/6 is not recommended and I would not use that yet. I am running this way for about one year now and I didn't had any issues.

    I opted for btrfs for multiple reasons: is a COW filesystem, so the corruption theoretically is very unlikely even if you unplug it directly (you will always have a previous version of the file), I can use read only snapshots to protect my data in case of any cryptolocker, I can scrub my disks to see if bad blocks are sitting undiscovered, I can use compression, and I wanted to test for myself it's reliability so I can use it in production (and I did that on several boxes). There are some kernel / init scripts issues if you are having the root filesystem on a btrfs raid1 array, but you can always recover your data (mount -o degraded ...) or mount it with autofs.

    If one of your volumes in the software raid is bad you can mount your filesystem without noticing it (same applies with lvm mirror), you have to periodically check or monitor it in some way. In a btrfs setup your volume will not mount and it's easier to see that on a box that you usually do not check (eg. owncloud will not work).


    Cool instructable.

    Could this be used as a media server for Plex?

    and how would you be able to access this from anywhere?

    would you have to set up a DNS link with your laptop or phone?

    1 reply


    I think it can be used, as far as I saw Plex Media Server is not open source and obviously you can't compile it on raspberry (which is ARM v7), but I would download the synology package for arm v7 and extract that with tar and try to run it.

    My router in front of the raspberry has a dynamic dns service on it. The dynamic dns is used to map a chosen host name to your dynamic ip on the router. ( I assume you get a public ip from your network provider - if not this won't work). Furthermore you can ask a static ip from your provider and create a free DNS record to point to your public static ip or even buy your own domain.


    Or if your raspberry is connected directly to the internet you can install some packages directly on it (

    That looks nice :)