Ubuntu Seedbox with rtorrent | rutorrent | pureftpd | multi-user (optional)

saroos1

Member
May 25, 2018
718
0
16
PART 1:

Subsy's Seedbox Setup Guide

Changelog:
- April 3rd 2010: Original version
- April 4th 2010: Minor Bugfixes
- April 5th 2010: Added FTP setup instructions
- April 13th 2010: Added multiple user setup instructions (optional)
- April 17th 2010: Fixed bug in Pure-FTPd setup instructions
- December 18th 2012: Updated for Ubuntu Server 12.04 (Tested using x64 version), and to use libtorrent 0.13.3 and rtorrent 0.9.3

Introduction

This guide will walk you through a full install of a secure seedbox environment, running rtorrent with the rutorrent web front end and the pureftpd FTP server.
The guide also includes optional steps to configure for multiple users, each with their own web login and running instance of rtorrent.

Pre-requisites: An Ubuntu 12.04 or later server (should also work on some earlier versions, and on other Debian based distros, but this is untested) with root SSH access.

Basics

Initial login

Login to your server as root via SSH

Code:
ssh root@<server IP>
(You can also use an SSH client if you prefer, eg PuTTY on Windows)

Type the password as requested

Create a new user that we’ll install everything with

For security purposes, we’re going to add a new user and disable SSH access for the root user

Code:
adduser <username>
Replace <username> with a username of your choosing.
Fill in all the details when prompted (e.g. password)

Add your new user to the sudoers file. This allows this user to use elevated privileges when needed to do things that normally only the root user could do.

Code:
visudo
In recent versions of Ubuntu this opens the sudoers file for editing in a lightweight editor called nano.

Scroll down and find this line:

Quote
root ALL=(ALL) ALL​


On the next line add:

Quote
<username> ALL=(ALL) ALL​


Replace <username> with the username we created earlier.

Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

Lock down SSH

Now we will change some SSH settings.
We're going to use a different port, and prevent root access via SSH

Code:
nano /etc/ssh/sshd_config
Change the following lines as below.
Use a high port of your choosing. I recommend a port over 20000

Quote
Port 21976
Protocol 2
PermitRootLogin no
X11Forwarding no​


Then add these lines at the end of the file:

Quote
UseDNS no
AllowUsers <username>​


(As usual, replace <username> with the name of the user you created)

Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

Now restart the SSH daemon

Code:
service ssh reload
Log out of SSH and log back in as the new user you created earlier

Code:
exit
ssh -p 21976 <username>@<server IP>
(Note the -p argument which specifies the new SSH port that you configured in the last step)

Type the password as requested

Update packages

Ok, now we're going to make sure our Ubuntu installation is up to date.

Code:
sudo apt-get update
This will update the package database with all the latest packages available. Using the sudo command will temporarily elevate your privileges to be able to execute these commands that normally only a super user could execute.

Code:
sudo apt-get upgrade
This will upgrade any packages that are out of date on your install.

Install necessary basic packages

Ok, now lets install some important packages that we're going to need throughout this guide:

Code:
sudo apt-get install apache2 apache2-utils autoconf build-essential ca-certificates comerr-dev libapache2-mod-php5 libcloog-ppl-dev libcppunit-dev libcurl3 libcurl4-openssl-dev libncurses5-dev ncurses-base ncurses-term libterm-readline-gnu-perl libsigc++-2.0-dev libssl-dev libtool libxml2-dev ntp openssl patch libperl-dev php5 php5-cli php5-dev php5-fpm php5-curl php5-geoip php5-mcrypt php5-xmlrpc pkg-config python-scgi dtach ssl-cert subversion unrar zlib1g-dev pkg-config unzip htop irssi curl cfv
Configure Apache

Basic configuration

We need to configure the Apache web server with some modules that we’ll need:

Code:
sudo a2enmod ssl
sudo a2enmod auth_digest

We want to edit our apache conf file to change some options.

Code:
sudo nano /etc/apache2/apache2.conf
Change the Timeout option to '30'

Quote
Timeout 30​


and add (or change if the line already exists)

Quote
ServerTokens Prod​


Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

Restart apache

Code:
sudo service apache2 restart
add a file named info.php that we will use to check that php is setup correctly

Code:
echo '<?php phpinfo(); ?>' | sudo tee /var/www/info.php
Lets just check apache is up and running

Open a browser and go to

Quote
http://<servername or IP>/info.php​


You should see the phpinfo page. if not, you failed.

Configure Apache for HTTPS and password protection

We are going to create an SSL certificate so that we can access the server via https

Code:
sudo openssl req -new -x509 -days 365 -nodes -newkey rsa:2048 -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
chmod 600 /etc/apache2/apache.pem
This will create a self-signed certificate for your server that lasts for 1 year. You'll be prompted for some information for the cert. Whenever you're asked for a name, use your domain name if you have one. The rest you can leave blank or fill in with whatever you like.

Now lets add password protection

Code:
sudo htdigest -c /etc/apache2/htpasswd rutorrent <username>
Where <username> is the username you'll use to connect to the rutorrent web UI. Preferably different than your system user for obvious reasons.
After running this command, you'll be prompted for a password. This will be the password you enter to log into the rutorrent web UI.

Code:
sudo nano /etc/apache2/sites-available/default
Now copy the following and paste to replace the contents of the file we're editing.
Then replace both instances of <servername or IP> with your real servername or IP address

Quote
<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined

<Location /rutorrent>
AuthType Digest
AuthName "rutorrent"
AuthDigestDomain /var/www/rutorrent/ http://<servername or IP>/rutorrent

AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/rutorrent"
</Location>

</VirtualHost>

<VirtualHost *:443>
ServerAdmin webmaster@localhost

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
<Location /rutorrent>
AuthType Digest
AuthName "rutorrent"
AuthDigestDomain /var/www/rutorrent/ http://<servername or IP>/rutorrent

AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/rutorrent"
</Location>
</VirtualHost>​


Now lets configure apache for HTTPS

Code:
sudo a2ensite default-ssl
We now need to modify the apache ports configuration file

Code:
sudo nano /etc/apache2/ports.conf
Replace the contents of that file with the text below

Quote
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>​


And now lets put these changes into effect

Code:
sudo /etc/init.d/apache2 restart
Check that everything is working by opening a browser and going to:

Quote
https://<servername or IP>​


You should see this message:

Quote
It works!
This is the default web page for this server.
The web server software is running but no content has been added, yet.​
 

simur612

Member
May 25, 2018
879
0
16
PART 2:

rtorrent

Ok, now lets install rtorrent

Building rtorrent from source

The precompiled binary of rtorrent from the repo has issues so we need to compile our own

Code:
cd ~
mkdir source
cd source
svn co https://xmlrpc-c.svn.sourceforge.net/svnroot/xmlrpc-c/stable xmlrpc
curl http://libtorrent.rakshasa.no/downloads/libtorrent-0.13.3.tar.gz | tar xz
curl http://libtorrent.rakshasa.no/downloads/rtorrent-0.9.3.tar.gz | tar xz

Now we’ll configure and make xmlrpc

Code:
cd xmlrpc
./configure --prefix=/usr --enable-libxml2-backend --disable-libwww-client --disable-wininet-client --disable-abyss-server --disable-cgi-server
make
sudo make install
Now time to do the same for libtorrent and rtorrent

Code:
cd ../libtorrent-0.13.3
./autogen.sh
./configure --prefix=/usr
make -j2
sudo make install

cd ../rtorrent-0.9.3
./autogen.sh
./configure --prefix=/usr --with-xmlrpc-c
make -j2
sudo make install

sudo ldconfig
Configuring rtorrent

Ok, now we've got rtorrent installed, but we have to configure it.

rtorrent needs a config file to initialize it. Heres mine...you'll need to edit it for your own environment, replace <username> with your username and make sure that the paths all exist and are writable by the user you will run rtorrent with.

TODO: This is old copy from dinosaur age, needing to be updated
Quote
# This is an example resource file for rTorrent. Copy to
# ~/.rtorrent.rc and enable/modify the options as needed. Remember to
# uncomment the options you wish to enable.
#
# Based on original .rtorrent.rc file from http://libtorrent.rakshasa.no/
# Modified by Lemonberry for rtGui http://rtgui.googlecode.com/
#
# This assumes the following directory structure:
#
# /Torrents/Downloading - temporaray location for torrents while downloading (see "directory")
# /Torrents/Complete - Torrents are moved here when complete (see "on_finished")
# /Torrents/TorrentFiles/Auto - The 'autoload' directory for rtorrent to use. Place a file
# in here, and rtorrent loads it #automatically. (see "schedule = watch_directory")
# /Torrents/Downloading/rtorrent.session - for storing rtorrent session information
#

# Maximum and minimum number of peers to connect to per torrent.
#min_peers = 40
max_peers = 100

# Same as above but for seeding completed torrents (-1 = same as downloading)
min_peers_seed = -1
max_peers_seed = -1

# Maximum number of simultanious uploads per torrent.
max_uploads = 50

# Global upload and download rate in KiB. "0" for unlimited.
download_rate = 0
upload_rate = 0

# Default directory to save the downloaded torrents.
directory = /home/downloads/<username>

# Default session directory. Make sure you don't run multiple instance
# of rtorrent using the same session directory. Perhaps using a
# relative path?
session = /home/downloads/<username>/.session

# Watch a directory for new torrents, and stop those that have been
# deleted.
schedule = watch_directory,5,5,load_start=/home/downloads/<username>/watch/*.torrent
schedule = untied_directory,5,5,stop_untied=

# Close torrents when diskspace is low. */
schedule = low_diskspace,5,60,close_low_diskspace=100M

# Stop torrents when reaching upload ratio in percent,
# when also reaching total upload in bytes, or when
# reaching final upload ratio in percent.
# example: stop at ratio 2.0 with at least 200 MB uploaded, or else ratio 20.0
#schedule = ratio,60,60,stop_on_ratio=200,200M,2000


# When the torrent finishes, it executes "mv -n <base_path> ~/Download/"
# and then sets the destination directory to "~/Download/". (0.7.7+)
# on_finished = move_complete,"execute=mv,-u,$d.get_base_path=,/home/downloads/<username>/complete/ ;d.set_directory=/home/downloads/<username>/complete/"

# The ip address reported to the tracker.
#ip = 127.0.0.1
#ip = rakshasa.no

# The ip address the listening socket and outgoing connections is
# bound to.
#bind = 127.0.0.1
#bind = rakshasa.no

# Port range to use for listening.
port_range = 55995-56000

# Start opening ports at a random position within the port range.
#port_random = yes

scgi_port = 127.0.0.1:5000

# Check hash for finished torrents. Might be usefull until the bug is
# fixed that causes lack of diskspace not to be properly reported.
#check_hash = no

# Set whetever the client should try to connect to UDP trackers.
#use_udp_trackers = no

# Alternative calls to bind and ip that should handle dynamic ip's.
#schedule = ip_tick,0,1800,ip=rakshasa
#schedule = bind_tick,0,1800,bind=rakshasa

# Encryption options, set to none (default) or any combination of the following:
# allow_incoming, try_outgoing, require, require_RC4, enable_retry, prefer_plaintext
#
# The example value allows incoming encrypted connections, starts unencrypted
# outgoing connections but retries with encryption if they fail, preferring
# plaintext to RC4 encryption after the encrypted handshake
#
encryption = allow_incoming,enable_retry,prefer_plaintext

# Enable DHT support for trackerless torrents or when all trackers are down.
# May be set to "disable" (completely disable DHT), "off" (do not start DHT),
# "auto" (start and stop DHT as needed), or "on" (start DHT immediately).
# The default is "off". For DHT to work, a session directory must be defined.
#
dht = disable

# UDP port to use for DHT.
#
# dht_port = 6881

# Enable peer exchange (for torrents not marked private)
#
peer_exchange = no

#
# Do not modify the following parameters unless you know what you're doing.
#

# Example of scheduling commands: Switch between two ip's every 5
# seconds.
#schedule = "ip_tick1,5,10,ip=torretta"
#schedule = "ip_tick2,10,10,ip=lampedusa"

# Remove a scheduled event.
#schedule_remove = "ip_tick1"​


The file should be saved in the home directory of the user you will run rtorrent with. I use the same system user we created earlier

Code:
nano ~/.rtorrent.rc
Paste your config into that file

Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

Ensure that the correct directories exist as you specified in the .rtorrent.rc file

Code:
sudo mkdir /home/downloads
sudo mkdir /home/downloads/<username>
sudo mkdir /home/downloads/<username>/watch
sudo mkdir /home/downloads/<username>/.session
sudo chown -R <username>:<username> /home/downloads/<username>
Now check your config file is ok by trying to start rtorrent

Code:
rtorrent
If rtorrent starts, you're good. Use CTRL-Q to quit it.
If rtorrent doesnt start and you get an error, then note the error and fix your config file as necessary. (this part of the tutorial needs updating)

rtorrent startup script

Since we dont want to have to start rtorrent manually every time the server boots, we're going to start it automatically, and we'll run it in dtach

Refer to http://forums.rutorrent.org/index.php?topic=1442.0
 

randac56

Member
May 25, 2018
915
0
16
PART 3:

rutorrent

Ok, now to install rutorrent

ruTorrent is really just a set of php and html files, so we're going to install them to a folder under our web server root.
We’re going to get the latest copy from the subversion repository.

Code:
cd /tmp
svn checkout http://rutorrent.googlecode.com/svn/trunk/rutorrent
svn checkout http://rutorrent.googlecode.com/svn/trunk/plugins

rm -r rutorrent/plugins
mv plugins rutorrent/
sudo mv rutorrent /var/www/
Now lets change ownership of the rutorrent files to the web server user, and change the permissions on them

Code:
cd /var/www
sudo chown -R www-data:www-data rutorrent
sudo chmod -R 755 rutorrent
you should look over rutorrent/conf/config.php and conf/plugins.ini and adjust it to your needs
Here is an exampleconfig and plugins.ini to get started with.

config.php
Code:
<?php
// configuration parameters

// for snoopy client
@define('HTTP_USER_AGENT', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9) Gecko/2008052906 Firefox/3.0', true);
@define('HTTP_TIME_OUT', 30, true); // in seconds
@define('HTTP_USE_GZIP', true, true);
$httpIP = null; // IP string. Or null for any.

@define('RPC_TIME_OUT', 5, true); // in seconds

@define('LOG_RPC_CALLS', false, true);
@define('LOG_RPC_FAULTS', true, true);

// for php
@define('PHP_USE_GZIP', false, true);
@define('PHP_GZIP_LEVEL', 2, true);

$do_diagnostic = true;
$log_file = '/tmp/rutorrent_errors.log'; // path to log file (comment or leave blank to disable logging)

$saveUploadedTorrents = true; // Save uploaded torrents to profile/torrents directory or not
$overwriteUploadedTorrents = false; // Overwrite existing uploaded torrents in profile/torrents directory or make unique name

$topDirectory = '/home'; // Upper available directory. Absolute path with trail slash.
$forbidUserSettings = false;

$scgi_port = 5000;
$scgi_host = "127.0.0.1";

// For web->rtorrent link through unix domain socket
// (scgi_local in rtorrent conf file), change variables
// above to something like this:
//
//$scgi_port = 0;
//$scgi_host = "unix:///tmp/rtorrent.sock";

$XMLRPCMountPoint = "/RPC2"; // DO NOT DELETE THIS LINE!!! DO NOT COMMENT THIS LINE!!!

$pathToExternals = array(
"php" => '/usr/bin/php', // Something like /usr/bin/php. If empty, will be found in PATH.
"curl" => '/usr/bin/curl', // Something like /usr/bin/curl. If empty, will be found in PATH.
"gzip" => '/bin/gzip', // Something like /usr/bin/gzip. If empty, will be found in PATH.
"id" => '/usr/bin/id', // Something like /usr/bin/id. If empty, will be found in PATH.
"stat" => '/usr/bin/stat', // Something like /usr/bin/stat. If empty, will be found in PATH.
);

$localhosts = array( // list of local interfaces
"127.0.0.1",
"localhost",
);

$profilePath = '../share'; // Path to user profiles
$profileMask = 0777; // Mask for files and directory creation in user profiles.
// Both Webserver and rtorrent users must have read-write access to it.
// For example, if Webserver and rtorrent users are in the same group then the value may be 0770.

?>
plugins.ini
Code:
;; Plugins' permissions.
;; If flag is not found in plugin section, corresponding flag from "default" section is used.
;; If flag is not found in "default" section, it is assumed to be "yes".
;;
;; For setting individual plugin permissions you must write something like that:
;;
;; [ratio]
;; enabled = yes ;; also may be "user-defined", in this case user can control plugin's state from UI
;; canChangeToolbar = yes
;; canChangeMenu = yes
;; canChangeOptions = no
;; canChangeTabs = yes
;; canChangeColumns = yes
;; canChangeStatusBar = yes
;; canChangeCategory = yes
;; canBeShutdowned = yes

[default]
enabled = user-defined
canChangeToolbar = yes
canChangeMenu = yes
canChangeOptions = yes
canChangeTabs = yes
canChangeColumns = yes
canChangeStatusBar = yes
canChangeCategory = yes
canBeShutdowned = yes

;; Default

[_getdir]
enabled = yes
[cpuload]
enabled = user-defined
[create]
enabled = user-defined
[datadir]
enabled = yes
[diskspace]
enabled = user-defined
[erasedata]
enabled = user-defined
[show_peers_like_wtorrent]
enabled = user-defined
[theme]
enabled = yes
[tracklabels]
enabled = user-defined
[trafic]
enabled = user-defined

;; Enabled

[autotools]
enabled = user-defined
[cookies]
enabled = user-defined
[data]
enabled = user-defined
[edit]
enabled = user-defined
[extratio]
enabled = user-defined
[extsearch]
enabled = user-defined
[filedrop]
enabled = user-defined
[filemanager]
enabled = user-defined
[geoip]
enabled = user-defined
[httprpc]
enabled = yes
canBeShutdowned = no
[pausewebui]
enabled = yes
[ratio]
enabled = user-defined
[ratiocolor]
enabled = user-defined
[rss]
enabled = user-defined
[_task]
enabled = yes
[throttle]
enabled = user-defined
[titlebar]
enabled = user-defined
[unpack]
enabled = user-defined

;; Disabled

[chat]
enabled = no
[chunks]
enabled = no
[feeds]
enabled = no
[fileshare]
enabled = no
[fileupload]
enabled = no
[history]
enabled = no
[instantsearch]
enabled = no
[ipad]
enabled = no
[logoff]
enabled = no
[loginmgr]
enabled = no
[mediainfo]
enabled = no
[mediastream]
enabled = no
[check_port]
enabled = no
[retrackers]
enabled = no
[rpc]
enabled = no
[rssurlrewrite]
enabled = no
[rutracker_check]
enabled = no
[scheduler]
enabled = no
[screenshots]
enabled = no
[seedingtime]
enabled = no
[source]
enabled = no
OK, now visit your rutorrent site to check its all working:

Quote
https://<servername or IP>/rutorrent​


You should be prompted for the username and password we set up earlier for password protection of our web server

Now you should see the rutorrent web gui, and be able to add torrents.

FTPS / SFTP

If you just want to use SFTP (FTP over SSH), you dont need to do anything more here.
Just connect with an FTP client via SFTP to your server on the SSH port you use. THIS IS RECOMMENDED!

If you really hate security and still listen to AM Radio you can keep reading...
If you want to setup FTPS (FTP using SSL encryption) then we'll setup Pure-FTPd.
I usually use proftpd on my servers but a bug in the current versions (1.3.2 in the Ubuntu karmic package repo, and 1.3.3 current stable) mean that a 550 error is thrown when browsing directories with '[' in their name.

Pure-FTPd

Code:
sudo apt-get install pure-ftpd
Now lets create another SSL certificate (you could use the ones you created earlier if you like - I prefer to keep them separate)

Code:
sudo openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
sudo chmod 600 /etc/ssl/private/pure-ftpd.pem
This will create a self-signed certificate for your server that lasts for 1 year. You'll be prompted for a lot of of information. Whenever you're asked for a name, use your domain name if you have one. The rest you can leave blank or fill in with whatever you like.

Now lets edit the Pure-ftpd config.
Pure-ftpd doesn't use a config file like other FTP daemons. Instead it starts with a set of command like switches.
However, the init.d startup script that is installed when you installed the pureftpd package can parse a directory of single line 'config files' in order to dynamically build the correct set of command line switches.
So all we need to do is create these single line files in the right place:

Temporarily act as root user

Code:
sudo su
Enter the root password when asked

Code:
cd /etc/pure-ftpd/conf/
echo ,22005 > Bind
echo 12.34.56.78 > ForcePassiveIP
echo 27200 27210 > PassivePortRange
echo 1 > TLS

The first 'echo' line above creates a file that tells Pure-ftpd to use a particular port, so change the number to the port you wish to use.
The second 'echo' line creates a file that tells Pure-ftpd to use the given static IP address for Passive mode. You need to set this to the IP of your server.
The third 'echo' line determines what port range to use for Passive mode.

If you want additional security, also do the following:

Code:
echo yes > ProhibitDotFilesRead
echo yes > ProhibitDotFilesWrite
echo yes > NoChmod
echo yes > BrokenClientsCompatibility
The first two 'echo' lines create files that stop users reading and writing system files that have a leading '.' in their filename (for example the '.rtorrent.rc' config file.
The third 'echo' line creates a file that stops users changing the permissions on files and folders.
The final 'echo' line creates a file that prevents clients that dont strictly adhere to the FTP/FTPS protocol from connecting.

Now lets configure how users will authenticate

Code:
echo no > PAMAuthentication
echo yes > UnixAuthentication
Here we are configuring to use system usernames.

Now just restart the FTP service

Code:
sudo /etc/init.d/pure-ftpd restart
Test everything is ok by connecting to the FTP service with an FTP client set to use the FTPS protocol, on the port you chose.

and return to the normal user

Code:
exit
OPTIONAL: Multi-user setup

This section is OPTIONAL. If you want a multi-user setup, follow these steps.
This will show you how to add one additional user, but just use the same steps to add more as needed.
Each user will be set up as a system user, with only basic priveleges, without shell access.
They would use their system credentials to access FTP.
They will use a separate username/password combination to access the rutorrent web GUI.

Create new system users

Lets add our new user to the system

Code:
sudo adduser <second_username>
Replace <second_username> with a username of your choosing.
Fill in all the details when prompted (e.g. password)

We also need to add a second user to our passwords file that protects the rutorrent web directory

Code:
sudo htdigest /etc/apache2/htpasswd rutorrent <second_webusername>
After running this command, you'll be prompted for a password. This will be the password you enter to log into the rutorrent web UI.

rtorrent config and startup

Each user needs to run their own instance of rtorrent. Each instance of rtorrent needs its own config file.
So we need to copy our previously created .rtorrent.rc config file and edit it specifically for this user

Code:
sudo cp ~/.rtorrent.rc /home/<second_username>
sudo chown <second_username>:<second_username> /home/<second_username>
Replace <second_username> with the username you chose previously.
Now lets edit that file and make some key changes

Code:
sudo nano /home/<second_username>/.rtorrent.rc
Find the following lines:

Quote
# Port range to use for listening.
port_range = 55995-56000

# Start opening ports at a random position within the port range.
#port_random = yes

scgi_port = 127.0.0.1:5000​


and change them for the new users config:

Quote
# Port range to use for listening.
port_range = 56001-56005

# Start opening ports at a random position within the port range.
#port_random = yes

scgi_port = 127.0.0.1:5001​


The port range needs to be different to the current users, and the scgi port also needs to be different to the current users.
If adding more users, ensure that each user has their own scgi port and torrent port range.

Also find the following lines

Quote
# Default directory to save the downloaded torrents.
directory = /home/downloads/<username>

# Default session directory. Make sure you don't run multiple instance
# of rtorrent using the same session directory. Perhaps using a
# relative path?
session = /home/downloads/<username>/.session

# Watch a directory for new torrents, and stop those that have been
# deleted.
schedule = watch_directory,5,5,load_start=/home/downloads/<username>/watch/*.torrent​


and change them to:

Quote
# Default directory to save the downloaded torrents.
directory = /home/downloads/<second_username>

# Default session directory. Make sure you don't run multiple instance
# of rtorrent using the same session directory. Perhaps using a
# relative path?
session = /home/downloads/<second_username>/.session

# Watch a directory for new torrents, and stop those that have been
# deleted.
schedule = watch_directory,5,5,load_start=/home/downloads/<second_username>/watch/*.torrent​


Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

We now need to make sure the relevant directories exist

Code:
sudo mkdir /home/downloads
sudo mkdir /home/downloads/<second_username>
sudo mkdir /home/downloads/<second_username>/watch
sudo mkdir /home/downloads/<second_username>/.session
sudo chown -R <second_username>:<second_username> <second_username>
Again, refer to http://forums.rutorrent.org/index.php?topic=1442.0

rutorrent config

Ok, now we need to configure rutorrent for multiple users.
To do this we need to create a configuration directory for each user that will hold that users config files.
Remember the SCGI mounts and ports weve configured? We'll need those details here.

Now we need to create the user conf directories and copy the config files to them

Code:
cd /var/www/rutorrent/conf/
mkdir users/<webusername>
mkdir users/<second_webusername>
Now, we need to copy a file from the current default conf directory to each users specific conf directory.

Code:
sudo cp config.php users/<second_webusername>
Now we need to edit each config file specific to each user.
In fact, we dont need to edit the config file for our first user (<webusername>) since that user is just going to use the config we had already setup for the single user system.
So we just need to edit the config file for the second user (<second_webusername>).

Code:
sudo nano users/<second_webusername>/config.php
Find the following lines:

Quote
$scgi_port = 5000;
$scgi_host = "127.0.0.1";​


and change them to:

Quote
$scgi_port = 5001;
$scgi_host = "127.0.0.1";​


Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

Remember, if you have more than 2 users you need to do this for each users unique config.php file and ensure the values for mount point and port match those set in previous steps when configuring rtorrent and apache

Lets edit the ownership and permissions on these files

Code:
cd /var/www
sudo chown -R www-data:www-data rutorrent
sudo chmod -R 755 rutorrent
Now when you browse to

Quote
https://<servername or IP>/rutorrent/​


you will be prompted with the login dialog.
Depending on what username and password you enter here, your rutorrent instance will connect to the relevant rtorrent session.

Pure-FTPd

Ok, lets make a couple of changes to our Pure-ftpd setup to support multiple users

Temporarily act as root user

Quote
sudo su​


Enter the root password when asked

Code:
cd /etc/pure-ftpd/conf/
echo yes > ChrootEveryone
echo 4 > MaxClientsPerIP
echo 20 > MaxClientsNumber
The first 'echo' line creates a file that stops users from navigating outside of their home directory.
The second 'echo' line creates a file that dictates how many connections can be made per connecting IP. Change this to whatever you deem appropriate for your needs.
The third 'echo' line creates a file that dictates how many connections in total can be made. Change this to whatever you deem appropriate for your needs.

Now return to the normal user

Code:
exit
We have each users torrent downloads being stored in /home/downloads/<the_username>.
But in the steps above we've jailed each FTP user to not be able to leave their home directory /home/<the_username/
So we want to create a link from the users home directory to their downloads directory.
However, a symbolic link wont work here as the chroot will prevent it.
Instead we need to create mount points.
We can do this using:

Code:
sudo mount --bind /home/downloads/<username> /home/<username>/downloads
sudo mount --bind /home/downloads/<second_username> /home/<second_username>/downloads
However we want these mounts to be permanent so we do the following:

Code:
sudo nano /etc/fstab
At the end of the file add these lines

Quote
/home/downloads/<username> /home/<username>/downloads none bind 0 0
/home/downloads/<second_username> /home/<second_username>/downloads none bind 0 0​


Hit CTRL-O to save the file (and hit Enter to confirm when prompted), then hit CTRL-X to exit the editor.

And thats the end of the multi-user setup!

Linux Firewall

Right, we’re almost done, but first its time to set up the linux firewall to close all the ports other than the ones we need.

Its easiest to use Webmin for this task

Open a browser window and go to:

Quote
https://<servername or IP>:10000​


You'll need to login with the system username we created earlier

On the left hand navigation menu, go to Networking->Linux Firewall

Set up the firewall as you need..Remember that we need to open the following ports that we've configured in this guide:

SSH: 21976
FTPS: 22005
Passive Ports for FTP: 27200 to 27210
SSL: 443
Webmin: 10000
rtorrent: 55995 to 56000 for <username>, and 56001 to 56005 for <second_username>

And we can lock the rest down.

You're encouraged to change the ports used as examples in this guide - just make sure you write them down, and double check them before implementing any firewall rules.
You should also check with your host in case that they use any automatic network monitoring tools.
If they do, you may need to leave some ports open to respond to pings and so on, otherwise their tools might think your server is down and try rebooting it or putting it into recovery mode. Best just to check with them.

Summary

That’s it, we’re done !
 

peshua19

Member
May 25, 2018
897
0
16
Thank you very much subvertbeats.
Since I ordered my dedicated server from xirvik.net 3 months ago I was waiting for an amazing guide to show me what I should have done when I set this up. I compiled sources from almost 20 different forums/guides (some from 2006) to get mine working like this. Now that rutorrent 3.0 is out, I might format the thing and do it right.
Thank you again!
 

saroos1

Member
May 25, 2018
718
0
16
thanks for this guide, I'm totally going to try it!
just a question, you setup everything with multi-user support, but all user will use the same IP.

what if I want to use different IPs for each users? how can I do it?
regards
 

simur612

Member
May 25, 2018
879
0
16
thanks for this guide, I'm totally going to try it!
just a question, you setup everything with multi-user support, but all user will use the same IP.

what if I want to use different IPs for each users? how can I do it?
regards
Im afraid I dont understand your question. This is all on a single server. A single server (with a single NIC) can only have one (physical) IP address.
 

randac56

Member
May 25, 2018
915
0
16
well not really.

I own an OVH dedicated server and I can set up more IPs on the same server, just with an IP alias: http://help.ovh.com/IpAlias

what I would like to do is to "bind" every IP to a different user so anyone will be able to access to rutorrent and to FTP using his own IP.

Hope someone can help me.

regards
 

lisas4567

Member
May 25, 2018
773
0
16
I'm on OVH plan too and I use OpenVZ to split my server in 3. Each "sub-server" have it ip. But with this configation you need to have everything three time... (3 rtorrent, 3 rutorrent, 3 web serveur, 3 os, 3 ftp server, etc..). But if you want i can help you.

++
 

saroos1

Member
May 25, 2018
718
0
16
Ah ok, you mean virtual servers.

Not too difficult. You first need to set up the IP aliases as described in that link you posted, and make sure they are set up at boot time.

Then you'll need a virtual server for each IP, for both your FTP server and for your web server

For PureFTPd it should be as simple as creating a symbolic link between the FTP directory and a file in /etc/pure-ftpd/

ln -s /home/<user> /etc/pure-ftpd/1.2.3.4

Theres plenty of documentation for how to do it for apache....eg http://httpd.apache.org/docs/1.3/vhosts/ip-based.html

Not tried any of that but it doesnt seem to complex
 

simur612

Member
May 25, 2018
879
0
16
I'm on OVH plan too and I use OpenVZ to split my server in 3. Each "sub-server" have it ip. But with this configation you need to have everything three time... (3 rtorrent, 3 rutorrent, 3 web serveur, 3 os, 3 ftp server, etc..). But if you want i can help you.

++
sounds very cool! that's exactly what I would, 3 indipended "sub-servers", each one assigned to a different users with a different IP!

if you have some spare time to help me setting it up it would be great!
we can talk (whenever you want) on msn or irc, just tell me what you prefer.
Ah ok, you mean virtual servers.

Not too difficult. You first need to set up the IP aliases as described in that link you posted, and make sure they are set up at boot time.

Then you'll need a virtual server for each IP, for both your FTP server and for your web server

For PureFTPd it should be as simple as creating a symbolic link between the FTP directory and a file in /etc/pure-ftpd/

ln -s /home/<user> /etc/pure-ftpd/1.2.3.4

Theres plenty of documentation for how to do it for apache....eg http://httpd.apache.org/docs/1.3/vhosts/ip-based.html

Not tried any of that but it doesnt seem to complex
thanks for your answer! I'll think I will try with OpenVZ first, probably it will be easier for me.


regards
 

randac56

Member
May 25, 2018
915
0
16
Easier, in as much as theres a few less steps, but you have to do the full setup as per this guide (minus the multi-user steps) for every virtual machine.
So ultimately its alot more work...


I take it you're doing all this so you can sell seedbox space?
 

peshua19

Member
May 25, 2018
897
0
16
At the moment I will share it with 2 friends but in the future if they decide to give up I want to be able to resell to someone else, just to share the monthly cost (no profit
).
 

lisas4567

Member
May 25, 2018
773
0
16
I do the same thing. In this way 3 people have a full server with root access if they can do everthing. With this plan we can share with no related people safely.

To use openVz, you can simply reinstall os on your primary server to PROXMOX. It's a user friendly interface to use openvz and you can find many tuto to how setup.

PM your mail/msn as you want and I will contact you.
 

saroos1

Member
May 25, 2018
718
0
16
PM sent and installing proxmox 1.5!


subvertbeats sorry if I "polluted" your thread with a slightly OT discussion! btw i'm gonna use this guide soon!

regards
 

simur612

Member
May 25, 2018
879
0
16
you can set up multple ip's for the rtorrent users and set each user as a different ip via the .rtorrent.rc

set up alias ip's, it's simple. I do it all the time.
 

randac56

Member
May 25, 2018
915
0
16
you can have multiple ip's on a single nic. It's called ALIAS IP's


Some server sellers call it "fail over ip"

Anyways, depending on your distro, it's different.

With FreeBSD you add the alias ip's to /etc/rc.conf like this:

let's pretned your first ip is set up like this in /etc/rc.conf

Code:
ifconfig_em0="inet 123.2.1.001 netmask 255.255.255.0 broadcast 94.00.00.00.0"

and you wanted to add ip 123.4.5.6 and 123.4.5.7

you'd add these 2 lines:
Code:
ifconfig_em0_alias0="inet 123.4.5.6 netmask 255.255.255.255
ifconfig_em0_alias1="inet 123.4.5.7 netmask 255.255.255.255

on most versions of linux, it's by editing the /etc/network/interfaces file like so:
Code:
auto eth0:0
iface eth0:0 inet static
name Ethernet alias LAN card
address 123.4.5.6
netmask 255.255.255.0
network 123.4.5.0

auto eth0:1
iface eth0:1 inet static
name Ethernet alias LAN card
address 123.4.5.7
netmask 255.255.255.0
broadcast 192.168.1.255
network 123.4.5.0
 

saroos1

Member
May 25, 2018
718
0
16
Yes Wonslung - as above I wrote you can only have one physical IP per NIC.

I subsequently clocked that Gnarkill was talking about virtual IPs and described to him how to set up FTP and Apache to work with IP aliases
 

simur612

Member
May 25, 2018
879
0
16
Yes Wonslung - as above I wrote you can only have one physical IP per NIC.

I subsequently clocked that Gnarkill was talking about virtual IPs and described to him how to set up FTP and Apache to work with IP aliases
but this isn't true

you can have multiple physical ip's per nic.

There is nothing "virtual" about them. They are real ip's.

A virtual ip is something entirely different (and has to do with routing)
 

randac56

Member
May 25, 2018
915
0
16
Hi, I followed the tuto and installed rtorrent+rutorrent with success.
I had some problems with pure-ftpd so I installed vsftpd.

everything is running good now.
one question: I would like to browse the file folder (/home/<username>/torrents) via web (https://<ipaddress>/torrents).

I guess I have to edit the apache config file, but how?

thanks!
 

peshua19

Member
May 25, 2018
897
0
16
Not necessary, only a symlink between your home and your www : ln -s /home/<username>/torrents /var/www/torrents
or maybe ln -s /home/<username>/torrents /var/www/rutorrent/torrents to keep it under password protection.