Easy Seedbox Install Guide

[FAGuru]

I have been through a lot of different seedbox setups but I have to say this is by far the easiest, most stable, uber small footprint, and fastest I have ever used.  

Props to dashboardy, he is the one who told me about this config and I am glad he did. Pick your favorite distro in my case I used Ubuntu Server.

In the case of Ubuntu Server, OVH will give you root so we need to create another user for security.

adduser user
Pick a password of 10 characters they are nearly impossible to hack.  Do the same for root by using passwd

Next lets add your new user into the sudoers list:
nano /etc/sudoers
under root ALL=(ALL) ALL add
user ALL=(ALL) ALL

now login as user

Now for updates etc:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get clean && apt-get autoclean

Now secure SSH (? means choose a port number) :
sudo nano /etc/ssh/sshd_config
Port ?
AllowUsers user
PermitRootLogin no

Restrict SSH by IP:
sudo nano /etc/hosts.deny
sshd: ALL

sudo nano /etc/hosts.allow 
sshd: 99.99.99.*
sshd: 88.88.88.88

Important you keep your existing connection in case something goes wrong and that way you can fix it.  

Restart SSH and then try and connect with a foreign IP and then one in the allow list to make sure it is working correctly.

sudo /etc/init.d/ssh restart

If your prefer to run the beta releases of wine do the following:
wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add -
sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/jaunty.list -O /etc/apt/sources.list.d/winehq.list

Fluxbox, Wine, and VNC install:
sudo apt-get install xterm fluxbox vnc4server wine
vncserver :1
vncserver -kill :1

cd .vnc
nano xstartup 

This includes a line to auto start uTorrent

----------------------------------------------------------------------------------------------------------------

#!/bin/sh

# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
fluxbox &

env LC_CTYPE=zh_TW.utf8 WINEPREFIX="/home/user/.wine" wine "/home/user/Apps/uTorrent/uTorrent.exe" &

----------------------------------------------------------------------------------------------------------------

make it executable: chmod +x xstartup

Restrict VNC by IP:
sudo iptables -A INPUT -p tcp --dport 5900 -s xxx.xxx.xxx.xxx -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 5900 -j DROP

Start vncserver (0 means the port would be 5900, 1 would be 5901):
vncserver :0 -depth 16 -geometry 1200x700

Depth is the color depth 16, 24, 32  and 1200x700 is the screen resolution so adjust according to your preference.

If you want to auto start VNC at boot (Change user to your id):
nano /etc/crontab
@reboot user vncserver :0 -depth 24 -geometry 1200x700

ProFTPD 1.3.2 with FTPES Explicit SSL/TLS:
sudo apt-get install proftpd
nano /etc/proftpd/proftpd.conf  (proftpd.conf example http://paste.ubuntu.com/316434/)
nano /etc/proftpd/tls.conf        (tls.conf example http://paste.ubuntu.com/316436/)

Certs:
cd /etc/ssl/certs/private
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
wget http://frodubuntu.free.fr/ubuntu/sign.sh
chmod +x sign.sh
./sign.sh server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

ProFTPD useful commands:
/etc/init.d/proftpd start
/etc/init.d/proftpd stop
/etc/init.d/proftpd restart

IP Restrict FTP port:
sudo iptables -A INPUT -p tcp --dport 21 -s xxx.xxx.xxx.xxx -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -j DROP

Save iptables in case of reboot:
su
iptables-save > /etc/firewall.conf
echo '#!/bin/sh' > /etc/network/if-up.d/iptables
echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables

Log into VNC:
In Fluxbox right click on the Desktop to get the menu.  

Screeny:
http://i33.tinypic.com/dylkcn.png

If you want the folder type feel of Ubuntu Desktop for example you can install Nautilus: 
sudo apt-get install nautilus
right click Desktop | Applications | File Management | Nautilus

Screeny of Nautilus
http://i36.tinypic.com/kb9icl.jpg

Nautilus Empty Trash doesn't work so be sure to change the gui.delete_to_trash to false in uTorrent Preferences | Advanced.  If you do send something to trash you will find the files in the following:
~/.local/share/Trash$ dir
files  info

By default Nautilus overwrites Fluxbox desktop and this is how you get around it:
sudo nano /usr/local/bin/filebrowser

---------------------------------------------

#!/bin/sh
nautilus2 --no-desktop

----------------------------------------------

chmod +x /usr/local/bin/filebrowser
sudo mv /usr/bin/nautilus /usr/bin/nautilus2
sudo mv /usr/local/bin/filebrowser /usr/bin/nautilus

Tweaks:
sudo nano /etc/security/limits.conf add to the end 
user hard nofile 8192

Reference this site for the below network tweaks http://www.santa-li.com/linuxonbb.html:
sudo nano /etc/sysctl.conf

vm.swapiness=0
net.core.rmem_default = 524288
net.core.rmem_max = 524288
net.core.wmem_default = 524288
net.core.wmem_max = 524288
net.ipv4.tcp_wmem = 4096 87380 524288
net.ipv4.tcp_rmem = 4096 87380 524288
net.ipv4.tcp_mem = 524288 524288 524288
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_ecn = 0
net.ipv4.route.flush = 1

sudo sysctl -p to apply

I am still testing the network tweaks but things seem snappier than before.  Top end I don't see much difference but it gets to top end quicker.

[gregor]

Wow lot of interesting detail here.  I've always wanted to setup my own box but I've been a bit too scared and so far have always opted for managed seedboxes.  If I can find a place with a cheap server maybe I'll try this.  Thanks for sharing it