Beginner’s Guide to Seedboxes in Linux (*.Nix)

courtesy of TrackeReactor.

Maybe you’ve heard the term ’seedbox’ being used lately but aren’t sure what one is, or maybe you’ve decided to start one but don’t know where to start. The goal of this guide is to familiarize you with the basic steps needed to rent, setup, administer and use a seedbox from start to finish.

To get this out of the way, this guide will focus on using Linux for your server. I will strive to provide detailed explanations of the software and commands used so even an average user can find themselves successful in taking on a project like this. Linux may confuse you at first, but with a willingness to learn and attention to detail, you’ll do just fine.

So, what exactly is a seedbox? To put it in its most basic form, a seedbox is a computer used to seed torrents. This could be a spare computer you use at home, or in the case of this guide, a rented server. The benefits of renting a server (whether it be a dedicated one, or a virtual private server) is that they are usually on very fast connections that will allow you to download and seed at a much higher rate than you could at home. Another benefit is because you’re not using your own connection to use bittorrent, you can get around any throttling your ISP places on that traffic.

Keep in mind that this guide will be fairly narrow in scope, covering a basic option set in terms of software. The great thing about Linux is there is a vast amount of software available to do the same tasks, each having their own features that make them unique. Once you have the basic skills you’re free to explore these options to see what works best for you.

Finding a host

The biggest factor in choosing a host is probably going to be price. Servers are generally rented on a monthly basis, and can commonly be paid for with a credit card or PayPal (Vectoral even accepts eGold.) When it comes to prices, the sky’s the limit, but some packages can be found for dirt cheap (which come with their own caveats - you get what you pay for.) In general you’re going to be looking at a monthly cost of $30 to $80 USD.

What are the determining factors in price?

  • *Is it dedicated or a VPS?
  • *Memory
  • *Harddrive Space
  • *Bandwidth

Processor speed is usually not going to be that large of a factor in the price of servers suitable for use as a seedbox. Memory is far more important in this situation.

What is a dedicated server, and what is a VPS?

A dedicated server is just that, a server dedicated to just you. A VPS is a virtual private server, which uses a virtual machine to host your instance, along with many others on a powerful server. Resources are usually divided among the users, with guarantees of minimums.

Who are some reliable providers and what do they offer?

In any discussion about seedboxes, two names will invariably come up: http://www.leaseweb.com and http://vectoral.info. These are reliable, middle - high budget providers that offer a quality product. What you need to keep in mind when renting a server is how much bandwidth you expect yourself to go through on a monthly basis. I will go over how to monitor your bandwidth usage to ensure you’re under your limit. Bandwidth overages get costly fast, sometimes to the tune of $1 per GB!

Example plans (cheapest from either provider):

LeaseWeb - 39 Euro (~$60)

  • *Dedicated
  • *512MB Memory
  • *160GB HD space
  • *500GB Bandwidth

Vectoral - $29.95 + $9.95 Setup

  • *Dedicated
  • *256MB Memory
  • *10GB HD space
  • *500GB Bandwidth

Both of these providers claim their servers are on 100/100 connections with no speed caps. Your mileage may vary, but you should be able to attain suitably high speeds for your investment. Cheaper options exist, usually in the form of VPS resellers, but you may find issues with reliability, speed and processor load. I’ll leave discussion of these companies up to another thread.

Another choice you may face is which Linux distribution you’d like to use. It is my opinion that you should stick to CentOS 4-5, Debian Etch or Fedora Core 4. The setup will be done on a CentOS 5 system for this guide. You may also be offered a web administration addition. If it is free (like Webmin) and you are completely new to Linux, it might be a good idea to have it set up as a fallback, but I still recommend against it.

So, you’ve decided on a host, ordered your server and are ready to roll. Now what?

Getting started

Let’s start at the most basic of basics: Connecting to your server. Once it has been set up you’ll receive an IP or hostname to connect to along with root account information (with either a generated password or one you chose.) Connecting is done via SSH and is usually left on the default port of 22. To connect you’ll need a client. On Windows, the best client available is http://www.chiark.greenend.org.uk/~sgtatham/putty which is open source. On Macs you can use the ssh command from a terminal.

PuTTY tutorial: http://www.cs.rit.edu/~atg2335/putty

Once logged in you’ll be faced with a prompt similar to Fig.1. This is known as the bash shell and is the default for most current Linux distros.

Fig.1 SSH login prompt:

What are some standard Linux commands?

  • *cd : Change directory
  • *ls : List directory contents
  • *rm : Remove file (or directory with -r option)
  • *mv : Move file
  • *cp : Copy file
  • *cat : Echo file contents to stdout
  • *pwd : Print working directory
  • *grep : Search input for string
  • *ps : List processes
  • *su : Substitute user
  • *exit : Terminate SSH session
  • *man : Lookup manual pages for command

If you’re unfamiliar with Linux I would recommend reading some of the many Linux introductions available. A quick search on Google will net you many helpful pages with more than enough information to get you started. You should understand what it is you’re doing rather than blindly following along. When in doubt about how to use a command, check its man page. They are filled with useful information about what the command does, and how to use it.

IMPORTANT: Familiarize yourself with the vi text editor! Take the time to go through a http://ce.uml.edu/vi.htm tutorial. You should at least know how to switch modes (i for edit, esc for command), save files (:w), search (/ and ?) and quit (:q).

What exactly will we be using for this seedbox?

*http://www.lighttpd.net with php-fastcgi

*http://humdi.net/vnstat w/ http://www.sqweek.com/sqweek/index.php?p=1 (PHP frontend)

*http://libtorrent.rakshasa.no — libTorrent and rTorrent

vnstat will be used to monitor bandwidth usage with a PHP frontend served with lighttpd. Having lighttpd set up will also make future addition of a webui for rTorrent relatively painless (once a decent one is available.) Before we dive into setting all of this up though, it’s important to secure your server.

Security

With any luck your fresh-out-of-the-oven server will be attacked within the first few hours of it coming online. Security is extremely important. Always keep security in mind! The last thing you want is for someone to put a rootkit on your server and start eating up your bandwidth DDoSing, or getting you into trouble for what they do with it.

*Update your packages

Your packages (installed software) may be out of date so it’s a smart idea to get everything updated just in case any security flaws have been patched.

# yum update

  • Loading "installonlyn" plugin
  • Setting up Update Process
  • Total download size: 19 M
  • Is this ok [y/N]: y[/font]

*Configure a new user

It is important to set up a non-root user for yourself. It should go without saying, but use a password that is difficult to guess (mixed case, numbers, longer than 8 characters.) I also recommend using a username that is difficult to guess, as without a valid username, there is no password to bruteforce.

  • # useradd username
  • # passwd username
  • Changing password for user username.
  • New UNIX password:
  • Retype new UNIX password:
  • passwd: all authentication tokens updated successfully.

If you plan on having other user accounts you may want to only allow users in the wheel group to su. This step can differ between distros. Using vi, edit /etc/pam.d/su and remove the # before the following auth line:

# Uncomment the following line to require a user to be in the "wheel" group.

auth required pam_wheel.so use_uid

Press i to edit, then ESC to get back to command mode. Type :wq to save and quit. After saving, add your new user to the wheel group and verify its group memberships:

  • # usermod -a -G wheel username
  • # groups username
  • username : username wheel

*Reconfigure OpenSSH

Open /etc/ssh/sshd_config with vi and find the line with Port (enter /Port in command mode to search.) Change it to a number above 1024, I personally go with a 5-digit number no greater than 30000. Make sure you update your profile in your client to use the new port in future connections. While in sshd_config you should make some other changes, so edit or verify that the following settings match these values:

  • Protocol 2
  • MaxAuthTries 4
  • PermitRootLogin no
  • PermitEmptyPasswords no
  • ClientAliveInterval 600
  • Banner /etc/ssh/banner

Fig.2 Example banner:

Save and exit, and if you chose to use the Banner option in sshd_config, create the file with vi. Fig.2 shows a banner example. Once you have made the needed changes, you’ll need to restart the ssh daemon. Do so with the following command:

  • # service sshd restart

Fig.3 Restarting SSHd:

If there were errors SSH will fail to restart. Go back over your config and make sure you haven’t made any errors in the syntax. Fix any problems and try again. If SSHd restarted, it’s time to test your non-root login. Open a new instance of your client (don’t disconnect your first one yet!), connect to your server on the new port and login with the user you made previously. If you try to login to your root account you will not be able to because of the new SSHd settings. Try executing the su - command to get a root prompt:

  • $ su -
  • Password:
  • #

If you have problems connecting to the new port, chances are there are firewall rules in place and you’ll have to explicitly open the new port. In my case the following would be sufficient:

  • # iptables –list
  • Chain INPUT (policy ACCEPT)
  • target prot opt source destination
  • RH-Firewall-1-INPUT all — anywhere anywhere
  • # iptables -I RH-Firewall-1-INPUT 3 -p tcp -m tcp –dport 19191 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
  • # iptables-save > /etc/sysconfig/iptables

The argument -dport 19191 is the opened port. If you have trouble opening ports try asking your host for information on how to do so.

Many other security measures can be put in place, but those techniques are beyond the scope of this basic guide. As always, Google is your friend for this subject.

Some topics worth reading up on: SSH authentication via Private/Public key pairs

Services

If you do not need a webserver you can skip ahead to installing vnstat

*Install and configure lighttpd + PHP

lighttpd is a lightweight, efficient http daemon which we will use for our webserver along with PHP. We must first add the DAG repository:

# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Then it’s as simple as following these commands:

  • # yum install lighttpd lighttpd-fastcgi php-cli php-gd php-mysql
  • Total download size: X M
  • Is this ok [y/N]: y
  • # chkconfig –levels 235 lighttpd on

chkconfig is used to configure the run levels of the lighttpd service. In the event of a reboot, lighttpd will now start properly on its own.

From here we must configure PHP and lighttpd to our liking. We need to make a small change to php.ini, so issue the following command:

  • # echo ‘cgi.fix_pathinfo 1′ >> /etc/php.ini

Make sure you use >> and not > or you will erase the entire file. In /etc/lighttpd/lighttpd.info some more detailed changes must be made. Open the file in vi and find the server.modules section, and uncomment mod_fastcgi and mod_simple_vhost.:

  • server.modules (
  • # "mod_rewrite",
  • # "mod_redirect",
  • # "mod_alias","mod_access",
  • # "mod_cml",
  • # "mod_trigger_b4_dl",
  • # "mod_auth",
  • # "mod_status",
  • # "mod_setenv","mod_fastcgi",
  • # "mod_proxy","mod_simple_vhost",
  • # "mod_evhost",
  • # "mod_userdir",
  • # "mod_cgi",
  • # "mod_compress",
  • # "mod_ssi",
  • # "mod_usertrack",
  • # "mod_expire",
  • # "mod_secdownload",
  • # "mod_rrdtool",
  • "mod_accesslog" )

Uncomment and configure the following settings under virtual hosts:

  • simple-vhost.server-root "/srv/www/vhosts/"
  • simple-vhost.default-host "mydomain.com"
  • simple-vhost.document-root "/htdocs/"

Also find and configure:

  • server.document-root "/srv/www/vhosts/"

simple-vhost is a way to host multiple domains on the same server and works quite well for our purposes. A path to say, tflux.mydomain.com would end up being /srv/www/vhosts/tflux.mydomain.com/htdocs/.

Further down in lighttpd.conf you’ll find the following block, which you’ll need to uncomment and edit like so:

  • #### fastcgi module
  • ## read fastcgi.txt for more info
  • ## for PHP don’t forget to set cgi.fix_pathinfo 1 in the php.ini
  • fastcgi.server ( ".php" >
  • ( "localhost" >
  • (
  • "socket" > "/tmp/php-fastcgi.socket",
  • "bin-path" > "/usr/bin/php-cgi",
  • "max-procs" > 1,
  • "bin-environment" > (
  • "PHP_FCGI_CHILDREN" > "1"
  • )
  • )
  • )
  • )

max-procs and PHP_FCGI_CHILDREN are used to limit the memory usage lighttpd can take up with PHP children. These lines are optional but recommended to conserve memory.

Save the config and issue the following commands to create your new directory tree for lighttpd:

  • # mkdir -p /srv/www/vhosts/mydomain.com/htdocs
  • # chown -R lighttpd:lighttpd /srv/www/vhosts
  • # chmod -R 775 /srv/www/vhosts/*

You should now be all set to start lighttpd.

  • # /etc/init.d/lighttpd start

If there were errors, go over your configs and make sure that everything was properly configured.

*Install vnstat & frontend

vnstat is painless to set up and is extremely useful in monitoring your bandwidth usage. It’s important to figure out what the logical name for your NIC is, so let’s identify it using ifconfig.

  • # ifconfig
  • venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
  • inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
  • UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
  • RX packets:9487236 errors:0 dropped:0 overruns:0 frame:0
  • TX packets:8652113 errors:0 dropped:0 overruns:0 carrier:0
  • collisions:0 txqueuelen:0
  • RX bytes:4251125510 (3.3 GiB) TX bytes:4014294429 (3.1 GiB)
  • #

That, for example, is my server NIC. It is far more common for it to be named eth0, but I included mine to show that it can differ. This name is needed for the next step, installing and configuring vnstat. The final command is used to tell vnstat to create a database for the venet0 interface, which we’ll be configuring the webui to use.

  • # yum install vnstat
  • Total download size: X M
  • Is this ok [y/N]: y
  • # vnstat -u -i venet0

If you did not install a webserver you can skip installing the frontend.

Next is the web frontend for vnstat.

  • # mkdir -p /srv/www/vhosts/vnstat.mydomain.com/htdocs
  • # cd
  • # wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.3.tar.gz
  • # mkdir /srv/www/vhosts/mydomain.com/htdocs/vnstat
  • # tar -zxf vnstat_php_frontend-1.3.tar.gz -C /srv/www/vhosts/mydomain.com/htdocs/vnstat/
  • # chown -R lighttpd:lighttpd /srv/www/vhosts/*

Before you can use the frontend properly you must also edit config.php in your new vnstat directory using the name of the interface you found in the previous step.

  • $iface_list array(’venet0′);
  • $iface_title['venet0'] ‘Internet’;

You should now be able to visit http://mydomain.com/vnstat and view your vnstat information.



Archived by FSFmirror