I'm busily collecting components to have a crack at this, although I'm extending and modifying the ideas a little bit;
- I'm binning FTP for a start because its horrendously insecure and with SSH alreading in place can use SFTP or SCP instead.
- I'll be setting up the various web services to run through an https:// connection rather that http:// and set up some form of .htaccess to the front page
- I'm installing Ninan as well as Torrentflux (Ninan is a newsgroups equivalent to Torrentflux)
- I'm adding a DVB-T tuner and IR Remote and installing MythTV and assorted related services too.
All in all its going to be quite a challenge - I'll see if I can document the process as I go along - Wish me luck!
Originally Posted by chimaera I'll be setting up the various web services to run through an https:// connection rather that http:// and set up some form of .htaccess to the front page
I went with http access from the local network, and https for external - saves me having to click away the certificate warning all the time.
Originally Posted by TheEclypse I went with http access from the local network, and https for external - saves me having to click away the certificate warning all the time.
That is also a reasonably likely outcome - will have a play and see what works :)
root@blackbox:/etc/samba# smbpasswd -a ashley
New SMB password:
Retype new SMB password:
Failed to modify password entry for user ashley
root@blackbox:/etc/samba# smbpasswd ashley
New SMB password:
Retype new SMB password:
Failed to find entry for user ashley.
Failed to modify password entry for user ashley
Great article! I've gotten the system running successfully on a PII 450 with 192MB RAM. (My goal was lowest power consumption using found parts. Rough calculations are about 84w at peak, assuming 25w for Mobo, 27w for CPU, 21w for three sticks of RAM, 4w for the NIC, and 7w for the fans.)
The only problem I've run into concerns the VNC connection. I followed the guide to the letter, set up the port, and created the script, and the first connection worked like a charm!
But after restarting the machine, I can no longer get in. The error message reads:
---------------------------
Ultr@VNC Info
---------------------------
Connection failed - Error reading Protocol Version
Possible causes:
- You've forgotten to select a DSMPlugin and the Server uses a DSMPlugin
- Viewer and Server are not compatible (they use different RFB protocoles)
- Bad connection
---------------------------
OK
---------------------------
I've got the connection to the CLI running through SSH just fine though... does anyone have any ideas on what might be causing this?
Or, is there an easy way to start the VNC service manually from the terminal?
But check if it's running allready before you do that by issuning a
Code:
sudo netstat -taunp | grep vnc
If it is, stop it first
Code:
killall x11vnc
Did you try tunneling through instead of connecting straight to it? I too had some problems with direct connections from Windows, but never had them when tunneling through an SSH connection (it's because windows has an other way of handeling VNC).
Also, are you sure you set autologin and the x11share script to be run at login?
alright got another problem with proftpd.
when restarting after saving changes to the .conf file i get this error
Quote:
root@blackbox:/etc# mousepad /etc/proftpd/proftpd.conf
root@blackbox:/etc# /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ OK ]
* Starting ftp server proftpd - Fatal: <Directory>: missing arguments on line 98 of '/etc/proftpd/proftpd.conf'
[fail]
Originally Posted by Glider Did you try tunneling through instead of connecting straight to it? I too had some problems with direct connections from Windows, but never had them when tunneling through an SSH connection (it's because windows has an other way of handeling VNC).
Also, are you sure you set autologin and the x11share script to be run at login?
Thanks for the reply, Glider! To make sure I understand, "tunneling through" simply means to open the SSH connection via PuTTY first, right?
I tried running the script manually, and here's what I see:
Since nothing returns, I assume that it's not running. But just to make sure:
Code:
aaron@server:~$ killall x11vnc
x11vnc: no process killed
Got it, I'm definitely sure that it's not running. So I restart it:
Code:
aaron@server:~$ sh /usr/local/bin/sharex11vnc
17/06/2007 08:01:06 passing arg to libvncserver: -rfbauth
17/06/2007 08:01:06 passing arg to libvncserver: /home/aaron/.vnc/passwd
17/06/2007 08:01:06 passing arg to libvncserver: -desktop
17/06/2007 08:01:06 passing arg to libvncserver: VNC aaron@
Settings:
display: null
authfile: null
subwin: 0x0
-sid mode: 0
clip: null
flashcmap: 0
shiftcmap: 0
force_idx: 0
cmap8to24: 0
8to24_opts: null
24to32: 0
visual: null
overlay: 0
ovl_cursor: 1
scaling: 0 1.0000
viewonly: 0
shared: 0
conn_once: 0
timeout: 0
inetd: 0
filexfer: 1
http: 0
connect: null
connectfile null
vnc_conn: 1
allow: null
input: null
passfile: null
unixpw: 0
unixpw_lst: null
stunnel: 0
accept: null
accept: null
gone: null
users: null
using_shm: 1
flipbytes: 0
onetile: 0
solid: null
blackout: null
xinerama: 1
xtrap: 0
xrandr: 0
xrandrmode: null
padgeom: null
logfile: null
logappend: 0
flag: null
rc_file: ""
norc: 0
dbg: 0
bg: 1
mod_tweak: 1
isolevel3: 0
xkb: 0
skipkeys: null
sloppykeys: 0
skip_dups: 0
addkeysyms: 1
xkbcompat: 0
clearmods: 0
remap: null
norepeat: 1
norepeatcnt:2
nofb: 0
watchbell: 1
watchsel: 1
watchprim: 1
seldir: null
cursor: 1
multicurs: 0
curs_mode: null
arrow: 1
xfixes: 1
alphacut: 240
alphafrac: 0.33
alpharemove:0
alphablend: 1
cursorshape:1
cursorpos: 1
xwarpptr: 0
buttonmap: null
dragging: 1
wireframe: 0xff,3,0,32+8+8+8,all,0.15+0.30+5.0+0.125
wirecopy: always
scrollcopy: always
scr_area: 60000
scr_skip: ##Soffice.bin,##StarOffice
scr_inc: ##Nomatch
scr_keys: null
scr_term: null
scr_keyrep: null
scr_parms: 0+64+32+32,0.02+0.10+0.9,0.03+0.06+0.5+0.1+5.0
fixscreen: null
noxrecord: 0
grabbuster: 0
ptr_mode: 2
inputskip: 10
speeds: null
wmdt: null
debug_ptr: 0
debug_key: 0
defer: 30
waitms: 30
wait_ui: 2.00
nowait_bog: 0
slow_fb: 0.00
readtimeout: 20
take_naps: 1
sb: 60
fbpm: 1
xdamage: 1
xd_area: 20000
xd_mem: 1.000
sigpipe: null
threads: 0
fs_frac: 0.75
gaps_fill: 4
grow_fill: 3
tile_fuzz: 2
snapfb: 0
rawfb: null
pipeinput: null
gui: 0
gui_mode: null
noremote: 0
unsafe: 0
privremote: 0
safer: 0
nocmds: 0
deny_all: 0
pid: 27037
17/06/2007 08:01:06 x11vnc version: 0.8.2 lastmod: 2006-07-12
17/06/2007 08:01:06
17/06/2007 08:01:06 *** XOpenDisplay failed. No -display or DISPLAY.
17/06/2007 08:01:06 *** Trying ":0" in 4 seconds. Press Ctrl-C to abort.
17/06/2007 08:01:06 *** 1 2 3 4
17/06/2007 08:01:22
17/06/2007 08:01:22 ***************************************
17/06/2007 08:01:22 *** XOpenDisplay failed (:0)
*** x11vnc was unable to open the X DISPLAY: ":0", it cannot continue.
*** There may be "Xlib:" error messages above with details about the failure.
Some tips and guidelines:
* An X server (the one you wish to view) must be running before x11vnc is
started: x11vnc does not start the X server.
* You must use -display <disp>, -OR- set and export your DISPLAY
environment variable to refer to the display of the desired X server.
- Usually the display is simply ":0" (in fact x11vnc uses this if you forget
to specify it), but in some multi-user situations it could be ":1", ":2",
or even ":137". Ask your administrator or a guru if you are having
difficulty determining what your X DISPLAY is.
* Next, you need to have sufficient permissions (Xauthority)
to connect to the X DISPLAY. Here are some Tips:
- Often, you just need to run x11vnc as the user logged into the X session.
So make sure to be that user when you type x11vnc.
- Being root is usually not enough because the incorrect MIT-MAGIC-COOKIE
file will be accessed. The cookie file contains the secret key that
allows x11vnc to connect to the desired X DISPLAY.
- You can explicity indicate which MIT-MAGIC-COOKIE file should be used
by the -auth option, e.g.:
x11vnc -auth /home/someuser/.Xauthority -display :0
x11vnc -auth /tmp/.gdmzndVlR -display :0
you must have read permission for the auth file.
- If NO ONE is logged into an X session yet, but there is a greeter login
program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need
to find and use the raw display manager MIT-MAGIC-COOKIE file.
Some examples for various display managers:
gdm: -auth /var/gdm/:0.Xauth
kdm: -auth /var/lib/kdm/A:0-crWk72
xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk
dtlogin: -auth /var/dt/A:0-UgaaXa
Only root will have read permission for the file, and so x11vnc must be run
as root. The random characters in the filenames will of course change,
and the directory the cookie file resides in may also be system dependent.
Sometimes the command "ps wwaux | grep auth" can reveal the file location.
See also: http://www.karlrunge.com/x11vnc/#faq
And I'm stuck there. Any ideas? This is the one issue that Google hasn't been able to fix. I appreciate the help!
Hey everyone. Long time reader, first time poster I guess. Anyways, I do have a question since I'm sort of ignorant on the subject.
I followed the article nearly exactly and have everything working fine on the file server. I can access it by typing the LAN IP of it into my browser, control TorrentFlux, etc. What I was wondering is how could I access it from outside my house? Say I'm at a friends and I want to start downloading a torrent onto the computer, would I just have to forward port 80 to the server and type in my WAN IP? Any help would be greatly appreciated.
Originally Posted by exanimas Hey everyone. Long time reader, first time poster I guess. Anyways, I do have a question since I'm sort of ignorant on the subject.
I followed the article nearly exactly and have everything working fine on the file server. I can access it by typing the LAN IP of it into my browser, control TorrentFlux, etc. What I was wondering is how could I access it from outside my house? Say I'm at a friends and I want to start downloading a torrent onto the computer, would I just have to forward port 80 to the server and type in my WAN IP? Any help would be greatly appreciated.
Alright, now for sub-questions. Is it possible my ISP has blocked port 80 to stop people from hosting websites? Is it possible to change that port if I wanted to? and finally, if I set it up like mentioned above and typed my WAN IP in, how would it know which computer to go to since there's multiple PCs on my network? Thanks for the response Eclypse.
This creates a new virtual host - now you need to set the port it is running on. Open mysite using any way you feel comfortable with (I use sudo nano), and change the following:
Code:
NameVirtualHost *
<VirtualHost *>
becomes
Code:
NameVirtualHost *:1111
<VirtualHost *:1111>
Now open /etc/apache2/ports.conf, and add the line:
Code:
Listen 1111
Finally, restart apache:
Code:
sudo invoke-rc.d apache2 restart
That will have th site running on port 1111.
Quote:
Originally Posted by exanimas how would it know which computer to go to since there's multiple PCs on my network?
In your router settings, there should be something called "Virtual Server". It should allow you to enter the IP address to route information to when its recieved on certain ports. Set it to forward traffic on your web server port to the computer running the webserver, and it will be accessible externally.
Wow, great answers. I'll have to give that a go tomorrow when I have some time. Thanks for helping this Linux (and for the most part networking) newbie out TheElcypse.
Oh, and the port blocking thing is just something I heard from a co-worker who uses the same ISP as me, so it isn't a definite thing.
It is possible tough that your ISP blocks port 80 (lots of them do). Same faith goes for port 21 (FTP). The only fix is to use a port that your ISP doesn't block, mostly the unpriviledged ones (>1024)
And, restarting services is done in Debian through
Code:
/etc/init.d/apache2 restart
,altough in this case a reload of apache is probably enough
Comments 101 to 125 of 531
I just wanted you to remove "SocketBindTight on" from the config file
Application, External Port, Internal Port, Protocol, IP Address
FTP, 21, 21, TCP, 192.168.1.{}
if i put the server's local ip address 192.168.1.68 in the address field and enable it. will that make it work over the net?
Bulb66
*edit*
I tried removing that but it didn't work.
Hmm, weird that removing that from the config didn't work... I'll look into it later on, but now I have to study :(
;)
bulb66
I used the same .conf that you uploaded. Using the unchanged config, this is what the FTP client outputted:
However, after removing SocketBindTight it, it now says:
- I'm binning FTP for a start because its horrendously insecure and with SSH alreading in place can use SFTP or SCP instead.
- I'll be setting up the various web services to run through an https:// connection rather that http:// and set up some form of .htaccess to the front page
- I'm installing Ninan as well as Torrentflux (Ninan is a newsgroups equivalent to Torrentflux)
- I'm adding a DVB-T tuner and IR Remote and installing MythTV and assorted related services too.
All in all its going to be quite a challenge - I'll see if I can document the process as I go along - Wish me luck!
Any help would be great
sudo smbpasswd -a ashley
The only problem I've run into concerns the VNC connection. I followed the guide to the letter, set up the port, and created the script, and the first connection worked like a charm!
But after restarting the machine, I can no longer get in. The error message reads:
---------------------------
Ultr@VNC Info
---------------------------
Connection failed - Error reading Protocol Version
Possible causes:
- You've forgotten to select a DSMPlugin and the Server uses a DSMPlugin
- Viewer and Server are not compatible (they use different RFB protocoles)
- Bad connection
---------------------------
OK
---------------------------
I've got the connection to the CLI running through SSH just fine though... does anyone have any ideas on what might be causing this?
Or, is there an easy way to start the VNC service manually from the terminal?
Thanks!
But check if it's running allready before you do that by issuning a
Did you try tunneling through instead of connecting straight to it? I too had some problems with direct connections from Windows, but never had them when tunneling through an SSH connection (it's because windows has an other way of handeling VNC).
Also, are you sure you set autologin and the x11share script to be run at login?
when restarting after saving changes to the .conf file i get this error
You could try the one TheEclypse provided...
Thanks for the reply, Glider! To make sure I understand, "tunneling through" simply means to open the SSH connection via PuTTY first, right?
I tried running the script manually, and here's what I see:
aaron@server:~$ sh /usr/local/bin/sharex11vnc 17/06/2007 08:01:06 passing arg to libvncserver: -rfbauth 17/06/2007 08:01:06 passing arg to libvncserver: /home/aaron/.vnc/passwd 17/06/2007 08:01:06 passing arg to libvncserver: -desktop 17/06/2007 08:01:06 passing arg to libvncserver: VNC aaron@ Settings: display: null authfile: null subwin: 0x0 -sid mode: 0 clip: null flashcmap: 0 shiftcmap: 0 force_idx: 0 cmap8to24: 0 8to24_opts: null 24to32: 0 visual: null overlay: 0 ovl_cursor: 1 scaling: 0 1.0000 viewonly: 0 shared: 0 conn_once: 0 timeout: 0 inetd: 0 filexfer: 1 http: 0 connect: null connectfile null vnc_conn: 1 allow: null input: null passfile: null unixpw: 0 unixpw_lst: null stunnel: 0 accept: null accept: null gone: null users: null using_shm: 1 flipbytes: 0 onetile: 0 solid: null blackout: null xinerama: 1 xtrap: 0 xrandr: 0 xrandrmode: null padgeom: null logfile: null logappend: 0 flag: null rc_file: "" norc: 0 dbg: 0 bg: 1 mod_tweak: 1 isolevel3: 0 xkb: 0 skipkeys: null sloppykeys: 0 skip_dups: 0 addkeysyms: 1 xkbcompat: 0 clearmods: 0 remap: null norepeat: 1 norepeatcnt:2 nofb: 0 watchbell: 1 watchsel: 1 watchprim: 1 seldir: null cursor: 1 multicurs: 0 curs_mode: null arrow: 1 xfixes: 1 alphacut: 240 alphafrac: 0.33 alpharemove:0 alphablend: 1 cursorshape:1 cursorpos: 1 xwarpptr: 0 buttonmap: null dragging: 1 wireframe: 0xff,3,0,32+8+8+8,all,0.15+0.30+5.0+0.125 wirecopy: always scrollcopy: always scr_area: 60000 scr_skip: ##Soffice.bin,##StarOffice scr_inc: ##Nomatch scr_keys: null scr_term: null scr_keyrep: null scr_parms: 0+64+32+32,0.02+0.10+0.9,0.03+0.06+0.5+0.1+5.0 fixscreen: null noxrecord: 0 grabbuster: 0 ptr_mode: 2 inputskip: 10 speeds: null wmdt: null debug_ptr: 0 debug_key: 0 defer: 30 waitms: 30 wait_ui: 2.00 nowait_bog: 0 slow_fb: 0.00 readtimeout: 20 take_naps: 1 sb: 60 fbpm: 1 xdamage: 1 xd_area: 20000 xd_mem: 1.000 sigpipe: null threads: 0 fs_frac: 0.75 gaps_fill: 4 grow_fill: 3 tile_fuzz: 2 snapfb: 0 rawfb: null pipeinput: null gui: 0 gui_mode: null noremote: 0 unsafe: 0 privremote: 0 safer: 0 nocmds: 0 deny_all: 0 pid: 27037 17/06/2007 08:01:06 x11vnc version: 0.8.2 lastmod: 2006-07-12 17/06/2007 08:01:06 17/06/2007 08:01:06 *** XOpenDisplay failed. No -display or DISPLAY. 17/06/2007 08:01:06 *** Trying ":0" in 4 seconds. Press Ctrl-C to abort. 17/06/2007 08:01:06 *** 1 2 3 4 17/06/2007 08:01:22 17/06/2007 08:01:22 *************************************** 17/06/2007 08:01:22 *** XOpenDisplay failed (:0) *** x11vnc was unable to open the X DISPLAY: ":0", it cannot continue. *** There may be "Xlib:" error messages above with details about the failure. Some tips and guidelines: * An X server (the one you wish to view) must be running before x11vnc is started: x11vnc does not start the X server. * You must use -display <disp>, -OR- set and export your DISPLAY environment variable to refer to the display of the desired X server. - Usually the display is simply ":0" (in fact x11vnc uses this if you forget to specify it), but in some multi-user situations it could be ":1", ":2", or even ":137". Ask your administrator or a guru if you are having difficulty determining what your X DISPLAY is. * Next, you need to have sufficient permissions (Xauthority) to connect to the X DISPLAY. Here are some Tips: - Often, you just need to run x11vnc as the user logged into the X session. So make sure to be that user when you type x11vnc. - Being root is usually not enough because the incorrect MIT-MAGIC-COOKIE file will be accessed. The cookie file contains the secret key that allows x11vnc to connect to the desired X DISPLAY. - You can explicity indicate which MIT-MAGIC-COOKIE file should be used by the -auth option, e.g.: x11vnc -auth /home/someuser/.Xauthority -display :0 x11vnc -auth /tmp/.gdmzndVlR -display :0 you must have read permission for the auth file. - If NO ONE is logged into an X session yet, but there is a greeter login program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need to find and use the raw display manager MIT-MAGIC-COOKIE file. Some examples for various display managers: gdm: -auth /var/gdm/:0.Xauth kdm: -auth /var/lib/kdm/A:0-crWk72 xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk dtlogin: -auth /var/dt/A:0-UgaaXa Only root will have read permission for the file, and so x11vnc must be run as root. The random characters in the filenames will of course change, and the directory the cookie file resides in may also be system dependent. Sometimes the command "ps wwaux | grep auth" can reveal the file location. See also: http://www.karlrunge.com/x11vnc/#faqAnd I'm stuck there. Any ideas? This is the one issue that Google hasn't been able to fix. I appreciate the help!If just from cli, then try (not sure if it will work tough)
I followed the article nearly exactly and have everything working fine on the file server. I can access it by typing the LAN IP of it into my browser, control TorrentFlux, etc. What I was wondering is how could I access it from outside my house? Say I'm at a friends and I want to start downloading a torrent onto the computer, would I just have to forward port 80 to the server and type in my WAN IP? Any help would be greatly appreciated.
P.S. Great article Glider.
EDIT: i forwarded ports 21 and 22
Oh, and the port blocking thing is just something I heard from a co-worker who uses the same ISP as me, so it isn't a definite thing.
And, restarting services is done in Debian through