In my previous post, I explained how to upload pictures from your iPhone straight to you Home Server but it turns out it requires some extra configuration on the vsftpd side. Pixelpipe is using passive ftp connections and I hadn't explained how to setup vsftpd to accept such connections. This feature is handy for all sorts of other reasons (e.g. most browser only support passive mode as well) so here is how you go about and enable Passive FTP mode in vsftp.

Step 1: Configure vsftpd
Open /etc/vsftpd.conf and add the following lines:

pasv_enable=YES
pasv_min_port=60000
pasv_max_port=60100
pasv_address=0.0.0.0

The first line is pretty self-explanatory (oh alright then, it enables passive mode). The second and third line are the ports that you allow vsftpd to use for the passive data connection. Basically, in passive mode, ftp assigns a random port > 1023 for handling the data connection. However, I want to limit this "randomness" to a narrow range as I need to open these ports up (see next steps). You can choose any number here, I settled for a 100 port range.

In the last line you need to set your WAN IP address (so not your server's LAN IP address, but the routers WAN IP address). Now I am aware that you might have a dynamic IP address that you get assigned by your ISP, but we can solve that with a little shell script, for now, just hard code it in the .conf file.

Step 2: Restart vsftpd server
> sudo /etc/init.d/vsftpd restart

Step 3: Open your data ports in your router and firewall
Make sure the following ports are forewarded to your server:20, 21 and the PASV range you specified in your vsftpd.conf file (60000 - 60100 in my case)

Fire up your favorite FTP client and you should now be able to connect in passive mode.

This setup is needed to get pixelpipe to upload your pictures to your FTP server.

What if you have a Dynamic IP address?

If you are on a dynamic IP address, you need to change the pasv_address every time you get a new IP address assigned. Alternatively, you can create a DNS name for your IP address (at dyndns.org or some other DynDNS service)and use a script to change your .conf file automatically (create a cronjob). Here is an example script:

#!/bin/sh
vsftpd_conf=/etc/vsftpd.conf
#change to your domain name in next line
my_ip=`host your_host.dyndns.org | cut -f4 -d" "`
vsftpd_ip=`grep pasv_address $vsftpd_conf | cut -f2 -d=`

if [ "$my_ip" != "$vsftpd_ip" ] ; then
( echo ",s/$vsftpd_ip/$my_ip/g" && echo w ) | ed - $vsftpd_conf
/etc/init.d/vsftpd restart
fi
Note that you need to run the crontab as sudo (so first do a sudo -i and then crontab -e and add your script, make it run e.g. every 15 minutes).

Cheers,
Mark.

I recently purchased an iPhone and I have been looking for a solution to get the pictures off the phone and on to my Linux Home Server. I concocted the following solution:

Step 1: Install vsftpd
From http://vsftpd.beasts.org: "vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable." Well, that did it for me, so I went ahead and installed it (using Synaptic Package Manager)

Step 2: Configure vsftpd
By default, vsftpd allows anonymous users to logon to your system (I think they can't actually do anything, not sure though) and I didn't want that so open up /etc/vsftpd.conf

> sudo gedit vsftpd.conf

and make the following changes
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
write_enable=YES

and restart the vsftpd server

>
/etc/init.d/vsftpd restart

Now only your Linux users can login and they can only access their home directories and write files.

Try it out with your favorite ftp client first to see if it works.

Now for the iPhone part.

Step 1: Download and install the pixelpipe iPhone application
This application lets you upload your pictures to all sorts of online photo websites (picasa, flickr etc) BUT it also lets you upload to an FTP server and we just happen to have one of those laying around.

Step 2: Create an account at pixelpipe
You need to setup a pixelpipe account that goes with your iPhone app and there you can add your FTP server as a "pipe"

Step 3: Take pictures and upload
You can take pictures as normal OR you can take them from within the pixelpipe application and have them uploaded straight to your server.

Cheers,
Mark.

Installing Firefox 3.5 NOW

Posted by mvilrokx | 2:55 PM | 1 comments »

Can't wait for the official release of Firefox 3.5 for Linux? Install it now with the following command:

wget -O - http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.5/linux-i686/en-US/firefox-3.5.tar.bz2 | tar xj -C ~

It won't replace your default browser (till it is added to the repositories) so you need to launch it manually:

~/firefox/firefox

Cheers,
Mark.

I am assuming you already have Apache 2.2 installed

Step 1: Install Webmin

You can do everything in this blog post manually, but I found webmin extremely useful. It provides a WebGUI for all kinds of services running on your Linux machine, including apache which is what we are going to use it for.

Step 2: Make sure that auth_digest Apache Module is enables
Go to webmin (https://localhost:10000/ if you installed it with the defaults), open the Servers menu on the left hand side, then click on Apache WebServer and then the Global Configuration tab. In there you will find a Configure Apache Modules icon, click on that. In the list of modules that appears, make sure that auth_digest is enabled (tick the box if not). When done click on "Enable Selected Modules"

Step 3: Add a port
I want to use a special port for my Virtual Host so we need to add this to the WebServer config file so it listens to this new port. You can do this in webmin, just go to Servers -> Apache WebServer and click on the Global configuration tab. There you can click on the Networking and Addresses icon. Add your IP address and the port you want your Apache WebServer to listen to the list and hit Save.

Step 4: Create some users
Your Apache Server comes with an application called htdigest (mine was in /usr/bin/htdigest) that you can use to create users. The syntax is:

sudo htdigest -c

e.g.
> sudo htdigest -c /etc/apache/pwds "By Invitation Only" mark

This will prompt you twice for the password of the user. If you want to add another user, use the same command but without the -c, so

> sudo htdigest -c /etc/apache/pwds "By Invitation Only" foobar

The realm is sort of a grouping mechanism, it will be used later.

This should have created a file pwds in /etc/apache and if you open this file you will see the users, their realms and their (encrypted version of) password.

Step 5: Create a Virtual Server
Go back to webmin, Servers -> Apache WebServer and click on the Create virtual host tab. I specified my ip address and the port I specified earlier (step 3), the document root where all the webfiles are that this Virtual Host is pointing to and I also gave a server name (although I am not sure where this is used), I left the rest as default.

Step 6: Create Directives
In order for the users we created to get access to our Virtual Server, we need to change the directive of the virtual server. You can do this in webmin, go to Servers -> Apache WebServer and click on the Existing virtual hosts tab. From the list, select the virtual server you created. From the page that comes up, select Edit Directives and add the following in the tag:

AuthType Digest
AuthName "By Invitation Only"
AuthDigestDomain
# Optional line:
AuthDigestProvider file
AuthUserFile /etc/apache/pwds
Require valid-user
Options +Indexes

You can see we use the realm here in the AuthName label. is the same as the folder attribute in the tag, and is the full path to your web site, including http://.

And that's it. Go to your website and you will get asked for a user and password or otherwise you cannot get in.

Cheers,
Mark