The trials and tribulations of a server migration
12 Sep 2019So I was hitting a wall in terms of storage space on my server. I got a new one and put CentOS 7 on it with raid 5. Then it was time to set about putting everything back in its place. Obviously I never documented anything that I did to set things up the first time around.
One small step
A fairly big disclaimer if you wanted to emulate what I've done: it is by no means elegant and there are probably some redundant instructions in the following text.
First things, first; let's install some packages to get the ball rolling:
yum install -y vim nginx ruby ruby-devel gcc openssl firewalld htop fail2banNow we're going to set up some firewall rules:
systemctl enable firewalld
reboot
firewall-cmd --permanent --add-port=8920/tcp
firewall-cmd --permanent --add-port=58846/udp
firewall-cmd --permanent --add-port=9117/tcp
firewall-cmd --permanent --add-port=5000/tcp
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reloadLet's set up fail2ban so we're not so heavily spammed by people trying to gain access to our server
vim /etc/fail2ban/jail.local
[DEFAULT]
# Ban hosts for one hour:
bantime = 3600
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
[sshd]
enabled = truesave the file and start up fail2ban
systemctl enable fail2ban
systemctl start fail2banHere's my nginx config:
vim /etc/nginx/conf.d/stuff.conf
server {
listen 80 default_server;
server_name SERVER1.com www.SERVER1.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/SERVER1.crt;
ssl_certificate_key /etc/nginx/ssl/SERVER1.key;
server_name SERVER1.com www.SERVER1.com;
root /var/www/SERVER1/;
location / {
index index.html index.htm;
}
location /emby {
proxy_pass https://127.0.0.1:8920;
}
location /radarr {
proxy_pass http://127.0.0.1:7878;
}
location /sonarr {
proxy_pass http://127.0.0.1:8989;
}
location /jackett {
proxy_pass http://127.0.0.1:9117/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /deluge {
proxy_pass https://127.0.0.1:8112/;
proxy_set_header X-Deluge-Base "/deluge/";
}
location /ombi/ {
proxy_pass http://127.0.0.1:5000;
add_header X-Frame-Options SAMEORIGIN;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:5000 https://$host;
}
if ($http_referer ~* /ombi/) {
rewrite ^/dist/(.*) $scheme://$host/ombi/dist/$1 permanent;
}
}
server {
listen 80;
server_name SERVER2.com www.SERVER2.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/SERVER2.crt;
ssl_certificate_key /etc/nginx/ssl/SERVER2.key;
root /var/www/SERVER2/;
server_name SERVER2.com www.SERVER2.com;
location / {
index index.html index.htm;
}
}If I were starting afresh I wouldn't install older versions of the programs that are used to build my blog. I would recommend that you grab the newer versions so rework the following. However, the theme I use would require some tweaking to work on the newer versions so...
Install [RVM] so that you can run the command:
rvm install 2.4.1To install the version of ruby gems that I use for my jekyll theme I run this:
gem install ruby-gems-update -v 2.6.14Finally, we're going to grab an older version of jekyll and the requisite gems that I use on my blog:
gem install jekyll -v 2.5.3
yum install -y ImageMagick ImageMagick-devel
gem install jekyll-sitemap -v 0.8.1
gem install jekyll-responsive-imageOne giant leap
Now we have some bigger components to sort.
Deluge
wget http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
rpm -ivh nux-dextop-release-0-5.el7.nux.noarch.rpmyum -y install deluge-web
service deluge-web start
firewall-cmd --permanent --zone=public --add-port=8112/tcp
firewall-cmd --reloadlogin to deluge WebUI with default password 'deluge' and change it to something actually secure
cd /home/
mkdir media
cd media
mkdir downloads
mkdir films
mkdir tvchown deluge:deluge downloads
chown deluge:deluge films
chown deluge:deluge tv
chmod 775 films
chmod 775 tvbetter to use symlinks here instead
cp /etc/nginx/ssl/SERVER.key /var/lib/deluge/.config/deluge/ssl/SERVER.key
cp /etc/nginx/ssl/SERVER.crt /var/lib/deluge/.config/deluge/ssl/SERVER.crtDeluge preferences:
Downloads
change download folder to /home/media/downloads
Network
Under network extras - turn off DHT
Encryption
Inbound: Forced
Outbound: Forced
Level: Full Stream
Check encrypt entire stream
Bandwidth
Maximum connections: 250
Maximum upload slots: 250
Interface
Turn on ssl and point to ssl/SERVER.key & ssl/SERVER.crt
Daemon
Allow remote connections
Queue
Total Active: 200
Downloading: 100
Seeding: 200
Stop seeding when ratio reaches 2
Plugins
turn on the label plugincreate a user with normal permissions by adding the following line to this file:
vim /var/lib/deluge/.config/deluge/auth
USERNAME:PASSWORD:5Sonarr
Gotta install some dependencies:
rpm --import "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF"
yum-config-manager --add-repo http://download.mono-project.com/repo/centos/
yum -y install wget mediainfo libzen libmediainfo curl gettext mono-core mono-devel sqlite.x86_64 git par2cmdline p7zip unrar unzip tar gcc python-feedparser python-configobj python-cheetah python-dbus python-devel libxslt-devel yum-utilsuseradd sonarr -s /sbin/nologin
tar -xvf sonarr.tar.gz -C /opt/
mkdir /opt/sonarr
mkdir /opt/sonarr/bin
mv /opt/Sonarr/* /opt/sonarr/bin
rm -rf /opt/Sonarr
chown -R sonarr:sonarr /opt/sonarrvim /usr/lib/systemd/system/sonarr.service
[Unit]
Description=Sonarr Daemon
After=syslog.target network.target
[Service]
User=sonarr
Group=sonarr
Type=simple
ExecStart=/usr/bin/mono /opt/sonarr/bin/Sonarr.exe -nobrowser -data /opt/sonarr
TimeoutStopSec=20
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.targetRadarr
yum install mono-core mono-devel mono-locale-extras curl mediainfo -y
cd /opt
curl -L -O $( curl -s https://api.github.com/repos/Radarr/Radarr/releases | grep linux.tar.gz | grep browser_download_url | head -1 | cut -d \" -f 4 )
tar -xvzf Radarr.blahblah.tar.gzvim /usr/lib/systemd/system/radarr.service
[Unit]
Description=Radarr Daemon
After=syslog.target network.target
[Service]
User=sonarr
Group=sonarr
Type=simple
ExecStart=/usr/bin/mono --debug /opt/Radarr/Radarr.exe --nobrowser
TimeoutStopSec=20
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.targetfirewall-cmd --permanent --add-port=7878/tcp
systemctl enable radarr.service
systemctl start radarr.serviceJackett
wget https://github.com/Jackett/Jackett/releases/download/v0.11.687/Jackett.Binaries.LinuxAMDx64.tar.gz
tar -xvzf Jackett.Binaries.LinuxAMDx64.tar.gz
yum install -y lttng-ust libcurl openssl-libs krb5-libs libicu zlib
chown -R sonarr:sonarr Jackett
cd Jackett
./install thingcopy torznab indexers for your trackers into sonarr and radarr along with jackett’s API key
Ombi
Not long left now
yum install -y compat-openssl10 libcurl-devel libunwind-devel openssl-devel
usermod -a -G deluge sonarrvim /usr/lib/systemd/system/ombi.service
[Unit]
Description=Ombi
After=network-online.target
[Service]
User=sonarr
Group=sonarr
WorkingDirectory=/opt/Ombi/
ExecStart=/opt/Ombi/Ombi
Type=simple
TimeoutStopSec=30
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.targetOpenVPN
Download your VPN config file then
yum install openvpn
wget https://roy.marples.name/downloads/openresolv/openresolv-3.9.0.tar.xz
tar -xvf openresolv-3.9.0.tar.xz
cd openresolv-3.9.0
./configure
make
make installifconfig to get your dev mine was enp4s0
[this]