Tag: proxmox

Install Syncthing on Debian 11 or Proxmox LXC container

Syncthing on the Debian 11

If you’re on this page I am going to assume you already know what Syncthing is.

This same setup should work on any of the latest Debian-flavor distros, no need to include additional Apt sources or GPG keys, Syncthing has been included in the Debian 11 apt repository as of 2/22/23. 

apt-get update && apt-get upgrade -y
apt-get install apt-transport-https -y

then

apt-get install syncthing -y

to make sure it has been installed…

syncthing --version

you should get something similar to:

syncthing v1.12.1-ds1 "Fermium Flea" (go1.15.9 linux-amd64) debian@debian 2021-07-23 20:27:51 UTC

This confirms that it is indeed installed.

Now we need to create a service file for systemd to start our Syncthing automatically as a system service. This configuration will allow you to access your Sycthing dashboard from any computer on your local network. YOU WILL STILL NEED TO ADD CREDENTIALS TO YOUR SYNCTHING GUI.

You can use vim or nano as your editor of choice.

nano /etc/systemd/system/syncthing@.service

Add the following lines to your syncthing@.service service file. The service file makes your Syncthing install accessible over the local network by default. By default, Syncthing uses port 8384, feel free to change it to your liking.

[Unit]
Description=Syncthing - BAMF Open Source File Synchronization for %I
Documentation=man:syncthing(1)
After=network.target

[Service]
User=%i
ExecStart=/usr/bin/syncthing -no-browser -gui-address="0.0.0.0:8384" -no-restart -logflags=0
Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

[Install]
WantedBy=multi-user.target

Save and close the file when you are finished. Then, reload the systemd daemon to apply the changes.

systemctl daemon-reload

Next, start the Syncthing service with the following command:

systemctl start syncthing@root

To access the server over your network you can simply get your local network address using

ip r

You should get a response like, the last value is your local network address:

default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10

We access our Syncthing dashboard by opening our browser of choice and entering http://192.168.1.10:8384 , note that, by default, Syncthing runs on port 8384. Depending on your application, if you’re server is a firewall running on it, you will need to update your settings to allow traffic on those ports or whatever ports you decide to use later.

Once logged into your dashboard you will want to update your GUI access settings. After securing your Syncthing dashboard you can then further customize your settings to your preferences.

Mounting A Windows Shared Folder/Drive For Syncthing Storage

If you have a NAS and want to mount a Windows shared drive as a storage option for Syncthing:

apt-get update && apt-get upgrade -y
apt-get install cifs-utils -y

Assuming you already have a Shared Windows Folder/Drive setup, we create a folder in our standard mnt directory:

mkdir /mnt/Syncthing

To test our connection, we mount our Windows Share drive:

mount -t cifs -o username=windowsUsername,password=windowPassword //COMPUTER_IP/SharedFolderName /mnt/Syncthing

If successful you can see your mounted folder’s content via /mnt/Syncthing

Due to the nature of Linux, this drive mount will not persist after reboot . In order to add persistence to the mount you will need to do some additional configuration to fstab.

Before we add details to our fstab, let’s create a file to store our Windows share credentials, storing in the root folder will also protect from other possible non-root users accessing the file. You can change this folder to whatever you like just keep in mind that if you have multiple users and don’t want them to see the contents of the file you will need to add additional permissions to the credentials file.

Create the local credentials file like this:

vim /root/windows_credentials

We then enter the corresponding details, don’t be a noob and actually enter windowsUsername and windowsPassword, enter your actual share details…

username=windowsUsername
password=windowsPassword

Save the file.

Now we edit our fstab

vim /etc/fstab

We add the following line:

//COMPUTER_IP/SharedFolderName  /mnt/Syncthing  cifs  credentials=/root/windows_credentials,file_mode=0755,dir_mode=0755 0       0

Save the file.

Mount the share:

mount /mnt/Syncthing

Tired of the mounted folder? Simply unmount it like this:

unmount /mnt/Syncthing

If you do unmount, don’t forget to remove the line from your fstab.

General note: when mounting folders, always mount to a new folder, don’t try to mount to an existing folder or you’re going to have fun figuring out what happened to the files you had in it…

Installing MariaDB + PHPMyAdmin on Debian 11/Debian 11 Proxmox LXC Container

Installing MariaDB 10.5

apt update; apt upgrade -y
apt -y install curl software-properties-common gnupg2

then

curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
bash mariadb_repo_setup --mariadb-server-version=10.5

then

apt install mariadb-server mariadb-client -y

then

mariadb-secure-installation

when prompted…

Switch to unix_socket authentication [Y/n]    (Answer: n)
Change the root password? [Y/n]               (Answer: n)
Remove anonymous users? [Y/n]                 (Answer: y)
Disallow root login remotely? [Y/n]           (Answer: n)
Remove test database and access to it? [Y/n]  (Answer: y)
Reload privilege tables now? [Y/n]            (Answer: y)

Install Apache2

apt install apache2 -y

Install PHP

We are using this server strictly for MariaDB, to make things simple, we can install our OS’s native PHP version, in Debian 11’s case that would be PHP 7.4. If needed PHP8 will also work.

apt install php php-common php-mysql php-gd php-cli -y
service apache2 restart

Install PHPMyAdmin

apt install phpmyadmin -y

log into MariaDB and create our Database Administrative user.

mysql -u root -p

once you’ve logged in, we create our new Administrative user via MySQL/MariaDB cli, take note of the bold words, don’t forget to use unique values if copy and pasting.

CREATE USER Administrator@localhost IDENTIFIED BY "mysecretpassword";
GRANT ALL PRIVILEGES ON *.* TO Administrator@localhost WITH GRANT OPTION;
FLUSH PRIVILEGES;

exit

once outside MariaDB’s cli and back into Debian’s terminal

service mysql restart

Install Vim (text editor)

apt install vim -y

Adding SSL/HTTPS Support to Apache/PHPMyAdmin

a2enmod ssl
a2enmod rewrite

Prepare our apache folder for SSL cert storage

mkdir /etc/apache2/certs/ssl

then

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/certs/ssl/ssl.key -out /etc/apache2/certs/ssl/ssl.crt

once completed with cert detail prompts you will want to edit apache’s defaut site config

vim /etc/apache2/sites-available/000-default.conf

Add the following three lines of code before the </VirtualHost> closing tag.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Finally we enable our ssl configuration and restart our apache services

a2ensite default-ssl.conf && systemctl restart apache2

to get your local server IP address, inside terminal use the following

ip addr

once you have your server’s local network address you should be able to access it from any computer on the same subnet using putty.

For this example, the server sits on the same local network. If you wanted to host the server remotely and access phpmyadmin you would likely use certbot to autogenerate validated ssl certs.