HOWTO: Install Tinyproxy in your Ubuntu Server VPS

Tiny proxy is a simple light-weight proxy server which allows me to browse the Internet is a more secured way.
The installation is very simple:

# apt-get update
# apt-get install tinyproxy

The configuration would take a few minutes, you need to edit the configuration file:

vi /etc/tinyproxy.conf

...
Port 8888 # Either keep this default value or modify to any port number (usually 80, 8080, 8088)
...
LogLevel Error # Reduce the log level to improve system performance on entry-level VPS
...
#Allow 127.0.0.1 # Comment this line to allow any network (the Internet) to use this proxy server

Some suggested that tinyproxy will eat up your memory, and we can clear the issue by restarting the service every day. Simply run the command (the system may prompt for preferred text editor, feel free to choose):

# crontab -e

Add the below line at the bottom of the file (the character after "22" and the last "*" are a "Tab" character, do NOT copy the command directly). The below settings tell the system to restart tinyproxy at 22:00 everyday, you may change the time by modifying the second value (22 in this case):

0 22    * * *   root    /etc/init.d/tinyproxy restart

Restart the service:

# service tinyproxy restart

You can refer to http://support.microsoft.com/kb/135982 for how to configure a proxy server to used in Internet Explorer. The address should be the IP / DNS Name of your VPS and the port is the value we set earlier (8888 in our case).

HOWTO: Install and configure (with two access levels) ProFTPD in your Ubuntu VPS server

This guide is trying to help new linux users to setup ProFTPD service in a VPS server running Ubuntu server. The instructions here are my expereience and may not be best-practice for any production use. The configuration includes two users who have different access rights to same directory.

Preparation:
Add a dummy shell to the system (so that the ftp users cannot login to the system via ssh)

# echo "/bin/false" >> /etc/shells

Create two directories for upload / download purposes respectively.

# mkdir -p /home/ftphome/download /home/ftphome/upload

Modify the directories to approiate access rights.

# chmod 775 /home/ftphome/download
# chmod 775 /home/ftphome/upload

Create users for ftp access:

# useradd userftp -d /home/ftphome -p password -s /bin/false
# useradd adminftp -d /home/ftphome -p password -s /bin/false

Reset the password again (enter the below command one by one and input the password again when prompted):

# passwd userftp

# passwd adminftp

Add the adminftp user to the same group as userftp. This step allows adminftp to modify files uploaded by userftp.

#usermod -a -G userftp adminftp

Modify owner of the directories.

# chown userftp:userftp/home/ftphome/download /home/ftphome/upload

Installation:

# apt-get update
# apt-get install proftpd

You will be asked if ProFTPD should run in inetd or standalone mode. While inetd in general use less system resources but I would recommend to run in standalone mode for easier configuration and troubleshooting.

Configuration: Edit the file using vi (vi is an advanced text editor which may not be as user friendly, you may use nano (apt-get install nano) instead) or other text editor and modify the settings:

# vi /etc/proftpd/proftpd.conf

...
ServerName                      "Debian" # Enter the name of this ftp server
...
DefaultRoot                   ~ # uncomment this line to enable default root option
...
PassivePorts                  60000 61000 # uncomment and modify this line to enable passive ftp support (range around 1000)
...
AllowOverwrite                  on # this line should exist by default
AllowRetrieveRestart            on # add this line to allow download resume
AllowStoreRestart               on # add this line to allow upload resume

You could continue the configuration file by adding per-directory settings at the bottom of this file but I prefer to create a separated file under /etc/proftpd/conf.d/
The configuration file allows access for two users. The user adminftp has administrative rights over the ftp server and should not be disclosed to third party (despite that ftp is insecure in nature). The user userftp will have limited rights to allow download / upload in certain ways:
- userftp can upload to the "upload" directory, but cannot view any documents inside (the file will be hidden after a refresh).
- userftp can view and download any files (including subdirectories) in the "download" directory.
- adminftp can view, upload and download in both "upload" and "download" directories

# vi /etc/proftpd/conf.d/ftp.conf

<Limit LOGIN>
AllowUser userftp
AllowUser adminftp
DenyAll
</Limit>

<Directory /home/ftphome>
Umask 022 022
AllowOverwrite off
        <Limit DIRS>
        AllowAll
        </Limit>
</Directory>
<Directory /home/ftphome/download>
Umask 002 002
AllowOverwrite on
        <Limit DIRS READ>
        AllowAll
        </Limit>
        <Limit WRITE>
        AllowUser adminftp
        DenyAll
        </Limit>
</Directory>
<Directory /home/ftphome/upload/*>
Umask 002 002
AllowOverwrite on
        <Limit WRITE>
        AllowAll
        </Limit>
        <Limit DIRS READ DELE>
        AllowUser adminftp
        DenyAll
        </Limit>
</Directory>

<Directory /home/ftphome/upload>
Umask 002 002
AllowOverwrite on
        <Limit DIRS WRITE>
        AllowAll
        </Limit>
        <Limit READ DELE>
        AllowUser adminftp
        DenyAll
        </Limit>
</Directory> 

It is recommended to test the configuraion file using the below command. Note the number after -td is the debug level, more details will be displayed at high value (ranged from 0 to 10).

# proftpd -td2

Note: You may suffer from unexpected service down and may refer to my previous post

HOWTO: Prepare your first Ubuntu in VPS environment

You should be able to notice the IP address of your VPS. A SSH client program is required to access your VPS, Putty is a very common choice of all available SSH clients in the market as it is open-sourced. Enter your IP address of your VPS as shown in the screen below:


Step 1: Change password
Many VPS provider offers an interface to change password at the management portal, however it is suggested to perform change password request within the VPS environment for better security. Please note that by changing the password within the VPS you will prevent the VPS management portal to learn the new password thus any "password recovery" options offered will be useless. You will need to re-build the VPS if you lost your password changed with the below command:

# passwd

The system will prompt you to input new password twice. Note that no masked characters will be shown on screen as you type.

Step 2: Change timezone
This is not a critical step but I prefer to set the timezone corresponding to the location of the VPS. This may help troubleshooting.

# dpkg-reconfigure tzdata

Depends on your VPS configuration, this command yields different interfaces for configuring timezone. Below is an example (which is a fancy one) of the configuration screen:

Step 3: Configure firewall
Setup a firewall in the VPS to enhance network security. It is important to note that you should enable ufw directly from the console interface of your VPS instead of from SSH.

# apt-get update
# apt-get install ufw

After enabling the firewall service by running

# ufw enable

You may want to continue your setup using SSH client. Simply allow the below rule (assume you are running SSH server on standard TCP port 22)

# ufw allow 22/tcp

Note:
1. You may sometimes check your firewall status by running:

# ufw status verbose

2. For entry level VPS you may also want to disable logging to improve system performance (the current log level is displayed by the above status check command):

# ufw logging off

3. Current distributions of VPS (Ubuntu Server 13.10 or later) support simple setup to allow port range. The command below would allow any traffic to TCP port ranged 60000 to 61000. This rule may be useful for enabling passive FTP transfers.

# ufw allow 60000:61000/tcp

Your Ubuntu VPS is now good to go! Enjoy!