Updated: April 9th, 2013
This HOWTO will give you the BEST home media and file server out there at a cheap (free) cost. It includes SSH2, Remote Desktop, UPNP/DLNA server, SAMBA Shares (Windows file-sharing), VPN server, and the Transmission bit-torrent server. The final piece of the schema is a new toy: Subsonic. This gives you web-based media streaming to watch your content anywhere via a web-browser.
Whilst Ubuntu may be installed on all sorts of hardware specifications, I recommend that you have no less than a 1GHZ dualcore machine (old AMD’s work great!), 2GB of RAM (I have 4GB), 40GB dedicated hard-drive space for Ubuntu, and an internet connection of decent speed (no old dial-up!). I have an AMD dualcore x64, 4GB of RAM, 40GB hard-drive dedicated to Ubuntu, two 2TB hard-drives for storage, and one 500GB hard-drive just for emergencies if space gets low.
Let’s start!
First - Install Xubuntu 12.04. It's available here at the middle of the page. If you have a processor capable of x64, you should use that version. I recommend this being on its own hard-drive. I used a 40GB hard-drive partitioned with EXT4 at “/” with 32GB of space. The remaining 8GB was partitioned as SWAP space.
NOTE: This works with Ubuntu-based operating systems versions 11.10, 12.04, and 12.10 as of the last revision.
Second - Once Ubuntu is installed, reboot into the system and run Software Update to install all of the latest packages. Reboot once more so that we are working from the latest kernel and software suites going forward.
Third - SSH2: Setting up SSH is very simple. This will give you console access should you be unable to reach the machine with Remote Desktop or like playing in terminal windows!
Open up Terminal.
Type “sudo su” so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type: “sudo apt-get install ssh” If you’re not worried about security, this is a stopping point as SSH is good to go.
Let’s secure the daemon by editing the configuration. Type: “gedit /etc/ssh/sshd_config” to open up the config file.
Find PermitRootLogin and set it to “no”
Add a line below that variable and type “AllowUsers (username)” where (username) represents your Ubuntu account’s username.
Type “restart ssh”
Forth -Vino VNC Server (Linux-style Remote Desktop) VINO is very simple to setup. Once it is setup, you can use a variety of applications on mobile devices, tablets, PC's and even browser web-apps to connect in and control the desktop environment.
Open up terminal and type in "sudo apt-get install vino"
Open up terminal and type in "sudo apt-get install vino"
Once it isntalls, type in "vino-preferences"
Go to the Xubuntu "start" menu, Settings, and open Settings Manager.
Select "Session and Startup" followed by "Application Autostart."
Click "Add".
In the name field put in "Vino Server", in the description field put in "Remote desktop," and for the path put in "/usr/lib/vino/vino-server"
Fifth - XDRP (Windows-style Remote Desktop). It’s a simple GUI to enable. The downside is that you must use TightVNC or some other VNC viewer for Windows if that is your OS of choice to Remote from. But if you want to have an RDP compliant server running (meaning want to use Windows native Remote Desktop client to connect to the server), complete the following steps.
Open up Terminal.
Type “sudo su” so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type: “sudo apt-get install xrdp”
Forward the external WAN port 3389 to the LAN IP address for the server.
For RDP: Make sure to forward any port to the server’s internal port 3389. I use 3401 external port forwarded to the server’s LAN IP at port 3389.
For Ubuntu’s built-in VNC: Make sure to forward port 5900 to the machine. If you want to use JAVA viewer to access the Remote Desktop, you must also forward 5800.
Sixth - SAMBA Server: installing and configuring data-sharing which functions with Windows file-sharing. We will setup a share system whereby all LAN computers can navigate, access, and modify the shares. You may wish to do something further to secure SAMBA if your LAN environment isn’t “home” use.
Open up Terminal.
Type “sudo su” so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type: “sudo apt-get install samba smbfs”
Edit the configuration. First, “mv /etc/samba/smb.conf /etc/samba/smb.conf.orig” and then “gedit /etc/samba/smb.conf”
[global]
workgroup = HOME (Set this to your Windows workgroup)
netbios = HOME (Set this to your Windows workgroup)
security = share
[Shared Drive] (Set this to the name you want the shared folder to have)
comment = entire shared drive (Comments about the shared folder)
path = /mnt/storage2/ (Path to the shared folder or mount-point of harddrive)
read only = no
guest ok = yes
writable = yes
Alternatively, you may want to have this as a share system where usernames and passwords or another form of security is in place. This isn’t hard to do and many tutorials are available, but will not be a part of this “home” guide.
Seventh - VPN: Setup a PPTP VPN which is supported by Microsoft and Android.
Open up Terminal.
Type “sudo su” so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type: “apt-get install pptpd”
gedit /etc/pptpd.conf
# TAG: ppp
# Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd
# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options
# TAG: debug
# Turns on (more) debugging to syslog
#
#debug
# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwise.
#
# noipparam
# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
logwtmp
# TAG: bcrelay <if>
# Turns on broadcast relay to clients from interface <if>
#
bcrelay eth0
# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
localip 192.168.1.49
remoteip 192.168.0.1-255
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
gedit /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd password *
/etc/init.d/pptpd restart
Create a new document in /etc/init.d/ by doing “touch /etc/init.d/ipv4pptpd
Edit the document with “gedit /etc/init.d/ipv4pptpd” and insert the following text:
### BEGIN INIT INFO
# Provides: IPV4PPTPD
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable service provided by daemon.
### END INIT INFO
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Type “update-rc.d ipv4pptpd defaults”
Either reboot the machine so that the new routing tables are used, or type “sh /etc/init.d/ipv4pptpd” to start those tables.
Eighth - uPNP DLNA MEDIA Server: Mediatomb -OR- MiniDLNA. I don't recommend installing this right way unless you absolutely feel the need. You can always add it later. Mediatomb can be troublesome for certain devices to use. MiniDLNA can eat up all of your resources when it updates causing a system lockup.
Open up Terminal.
Type “sudo su” so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type: “sudo apt-get install mediatomb”
Edit the config.xml to setup your own username, disable username requirements, add transcoders, and to enable Playstation3 requirements for playback.
OR
Open up Terminal.
Type “sudo su” so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the software package type: “sudo apt-get install minidlna"
Type "service minidlna stop" in your terminal.
Edit /etc/minidlna.conf to specify your pertinent directory structure for files and the server name. media_dir=/var/lib/minidlna friendly_name=HomeServerDLNA
Type "service minidlna start" in your terminal.
Update the database with the following command: "minidlna -R"
Ninth- Bittorrent Server: Transmission is a wonderfully compact Bit Torrent server. You can connect to it through its built-in web interface, through Tranmission GUI applications, and other third party applications. Transmission GUI applications exist for Windows, Mac, Linux, Android, and more.
Open up Terminal.
Type “sudo su” so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
Add the PPA repository for the TranmissionBT team: ""add-apt-repository ppa:transmissionbt/ppa"
Update the repository files available by typing "apt-get update"
To install the software package type: “apt-get install transmission-daemon”
We cannot modify the settings with this process running. Type “/etc/initi.d/transmission-daemon stop”
Modify the settings of the settings.json to fit your needs. Make sure to use the CORRECT paths for your setup. Mine are within a hierarchy of /mnt/torrents/. My customizations of choice are:
{
"alt-speed-down": 950,
"alt-speed-enabled": false,
"alt-speed-time-begin": 1,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": true,
"alt-speed-time-end": 585,
"alt-speed-up": 1,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": true,
"blocklist-url": "http://www.bluetack.co.uk/config/level1.gz",
"cache-size-mb": 2,
"dht-enabled": true,
"download-dir": "/mnt/torrents/Downloads/",
"download-queue-enabled": true,
"download-queue-size": 5,
"encryption": 2,
"idle-seeding-limit": 5,
"idle-seeding-limit-enabled": true,
"incomplete-dir": "/mnt/torrents/Incomplete/",
"incomplete-dir-enabled": true,
"lazy-bitfield-enabled": true,
"lpd-enabled": false,
"message-level": 2,
"open-file-limit": 4,
"peer-congestion-algorithm": "",
"peer-limit-global": 240,
"peer-limit-per-torrent": 60,
"peer-port": 51413,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": "default",
"pex-enabled": true,
"port-forwarding-enabled": true,
"preallocation": 1,
"prefetch-enabled": 1,
"proxy": "",
"proxy-auth-enabled": false,
"proxy-auth-password": "",
"proxy-auth-username": "",
"proxy-enabled": false,
"proxy-port": 80,
"proxy-type": 0,
"queue-stalled-enabled": true,
"queue-stalled-minutes": 30,
"ratio-limit": 0.1000,
"ratio-limit-enabled": true,
"rename-partial-files": true,
"rpc-authentication-required": true,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-password": "password",
"rpc-port": 9091,
"rpc-url": "/transmission/",
"rpc-username": "admin",
"rpc-whitelist": "*.*.*.*",
"rpc-whitelist-enabled": true,
"scrape-paused-torrents-enabled": true,
"script-torrent-done-enabled": false,
"script-torrent-done-filename": "",
"seed-queue-enabled": false,
"seed-queue-size": 10,
"speed-limit-down": 500,
"speed-limit-down-enabled": true,
"speed-limit-up": 1,
"speed-limit-up-enabled": true,
"start-added-torrents": true,
"trash-original-torrent-files": true,
"umask": 0,
"upload-slots-per-torrent": 14,
"utp-enabled": true,
"watch-dir": "/mnt/torrents/Autoload/",
"watch-dir-enabled": true
}
If you’re pleased with the setup as-is there is no reason to continue onward. If you would like to setup a script to automatically update the blocklists file, let’s keep going. It’s important to note that Transmission doesn’t automatically update and process the blocklist file even though the settings.json has a position for it. Let’s create a script to do it. Here’s mine. Remember to modify the path structure to fit your operation.
#!/bin/sh
# 2012-02-27 Rewrote for Ubuntu
# Orignial for FreeNAS 7.5
# By Derek Gordon (crypted or derekcentrico depending on forums)
PATH=/bin:/sbin:/usr/bin:/usr/local/bin; export PATH;
URL=http://www.bluetack.co.uk/config/level1.gz
cd /var/lib/transmission-daemon/info/
wget http://www.bluetack.co.uk/config/level1.gz
gzip -dfq level1.gz
mv /var/lib/transmission-daemon/info/level1 /var/lib/transmission-daemon/info/blocklists/
rm -rf level1.gz
echo "Blocklist update RAN on `date`" >> "/var/lib/transmission-daemon/info/update-blocklists.log"
Set the above file to chmod +x and execute it in the terminal “sh filename” to update the blocklists. You can set this as a cronjob to run daily if you wish.
Once that’s done, restart transmission.
Access the web GUI at http://localhost:9091
Tenth - Firewall Blocklists of Unwanted Systems Thousands of computers troll the internet trying to hack, crack, or bruteforce their way onto your network, computers, or open processes. Further, governments and corporations continue to attempt to see what kind of activity is occurring on your network. Lastly, people who might want to sue you are always looking to see what you're sharing. Peerguardian helps keep these systems from having a chance at accessing your private life.
Install the PPA for PG by typing the following into terminal: "add-apt-repository ppa:jre-phoenix/ppa" Press the enter key until you return to the prompt.
Then, type in "apt-get update && sudo apt-get install pgld pglcmd pglgui"
Open PeerGuardian from the Xubuntu "start" menu, under "Internet" called "pglgui."
Set up the Peerguardian. 4a. Select the blocklists to use. I recommend: atma/atma, bluetack/ad-trackers-and-bad-pr0n, bluetack/bad-peers, bluetack/bogon, bluetack/dshield, bluetack/forum-spam, bluetack/iana-reserved, bluetack/level-1, bluetack/microsoft, bluetack/proxy, bluetack/spider, bluetack/spyware, bluetack/web-exploit, bluetack/webexploit-forumspam, cldr-report/bogon, dchubad/faker, dchubad/hacker, dchubad/pedophiles, dchubad/spammer, peerblock/rapidshare, spamhaus/drop, tbg/bogon, tbg/business-isps, tbg/educationa-institutions, tbg/general-corporate-ranges, tbg/hijacked, tbg/priamary-threats, & tbg/search-engines. 4b. I recommend enabling "start peerguardian at system boot" 4c. I recommend enabling "update the blocklists automatically" and either each day or every week. These lists are updated once or twice per week.
Save your settings.
Eleventh - Web-based Media Server: Subsonic streams almost all video and audio files through a flash-player on a web interface. A small donation to the developers allows you to have access to apps for Android and iProducts. This means native streaming to them as well.
Open up Terminal.
Type “sudo su” so that we have root control. The password you used when setting up the Ubuntu user account will work for this.
To install the prerequisite packages, type: “sudo apt-get install openjdk-6-jre lame flac faad vorbis-tools ffmpeg”
Subsonic is not part of the repositories for Ubuntu. We must download the latest version at http://www.subsonic.org/pages/download.jsp. Download the version for Ubuntu/Debian. Put this file in your /home/username/ directory. Go to that directory in terminal.
Type “ dpkg -i filename” where as of this writing, my filename was titled subsonic4.6.deb so I typed “ dpkg -i subsonic4.6.deb”.
Now, go to http://localhost:4040 and sign in and finish setup via the web interface. Do what it instructs in RED. Click the link to secure the admin account.
Afterward, go to Settings and customize the system to your preferences. Make sure to add the media directories to the player.
If you prefer a barebones media server, I suggest checking out VLC. It takes a lot more work to get up and running and its web-interface isn’t as nifty.
Closing notes...
For two years I used FreeNAS 7.x as a file-server. The home-designed service fell by the wayside. The unfortunate consequence is that all of my data was stored on UFS GPT partitions which is does not have native support by either Windows or Linux kernels. The solution I decided upon was to purchase another 2TB hard-drive to use as a storage buffer to copy UFS data and repartition into EXT4 using Ubuntu 11.10’s terminal with a mount command.
Assumption: this guide assumes that you have had some minor, newbie experiences with Ubuntu or Linux at the least. If you haven’t, install Ubuntu and play around and explore the ecosystem for 10 to 20 minutes before continuing.
Assumption: you are not using this server as a router and are not using a firewall on this server because it is behind a home LAN network. If you use it as a router, take note of ports to open with your firewall script and the firewall rules used in the Remote Desktop section.