Cara Install Mail Server di Ubuntu 20.04

Cara menginstal dan mengkonfigurasi Mail server di Ubuntu Server 20.04 menggunakan Postfix dan dovecot serta mengaktifkan SSL Certificate pada mail server. Sebelumnya pastikan rekan-rekan sudah mempunyai DNS, jika belum lihat pada link dibawah ini.

1. Installasi Postfix & Dovecot

Tahap pertama yang akan kita lakukan adalah menginstall Postfix dan Dovecot, untuk installsi postfix dan dovecot jalankan perintah berikut ini.root@mail:~# apt -y install postfix sasl2-bin dovecot-core dovecot-pop3d dovecot-imapd

Pada pilihan mail configuration pilih No configuration

2. Konfigurasi Postfix

Sebelum kita konfigurasi postfix ada baiknya kita backup terlebih dahulu file utama postfix yaitu file main.cf silahkan jalankan perintah berikut untuk backup file main.cf.root@mail:~# cp /usr/share/postfix/main.cf.dist /etc/postfix/main.cf root@mail:~# vi /etc/postfix/main.cf

Pada halaman vi ketik : set number untuk menampilkan Number lalu Edit pada bagian bagian dibawah ini

78 mail_owner = postfix 94 myhostname = mail.aspal.com 102 mydomain = aspal.com 123 myorigin = $mydomain 137 inet_interfaces = all 185 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain 228 local_recipient_maps = unix:passwd.byname $alias_maps 270 mynetworks_style = subnet 287 mynetworks = 127.0.0.0/8, 192.168.22.0/24 407 alias_maps = hash:/etc/aliases 418 alias_database = hash:/etc/aliases 440 home_mailbox = Maildir/ 576 #smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) 577 smtpd_banner = $myhostname ESMTP 650 sendmail_path = /usr/sbin/postfix 655 newaliases_path = /usr/bin/newaliases 660 mailq_path = /usr/bin/mailq 666 setgid_group = postdrop 670 #html_directory = 674 #manpage_directory = 679 #sample_directory = 683 #readme_directory =

Tambahkan pada bagian baris akhir

# limit email size 10M message_size_limit = 10485760 mailbox_size_limit = 1073741824 # SMTP-Auth setting smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, \ permit_sasl_authenticated, reject

Simpan perubahan

root@mail:~# newaliases

Restart posftix

root@mail:~# systemctl restart postfix

3. Konfigurasi Dovecot

Dovecot adalah server IMAP dan POP3 open-source untuk sistem operasi mirip Unix, yang ditulis terutama dengan mempertimbangkan keamanan. Bagian ini menjelaskan cara mengaturnya sebagai server IMAP atau POP3.

Edit file dovecot.conf

root@mail:~# vi /etc/dovecot/dovecot.conf # line 30: uncomment listen = *, ::

Edit file 10-auth.conf

root@mail:~# vi /etc/dovecot/conf.d/10-auth.conf # line 10: uncomment and change ( allow plain text auth ) disable_plaintext_auth = no # line 100: add auth_mechanisms = plain login

Edit file 10-mail.conf

[root@srv1 ~]# vi /etc/dovecot/conf.d/10-mail.conf # line 30: change to Maildir mail_location = maildir:~/Maildir

Edit file 10-master.conf

root@mail:~# vi /etc/dovecot/conf.d/10-master.conf # line 96-98: uncomment and add # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }

Restart Dovecot

root@mail:~# systemctl restart dovecot

4. SSL Certificate

Selanjutnya kita akan membuat Self sign Certificate jalankan perintah berikut.

root@mail:/home/kris# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/sertificate.key -out /etc/ssl/certs/sertificate.crt Generating a RSA private key ................+++++ .............................+++++ writing new private key to '/etc/ssl/private/sertificate.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:Indonesia Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:PT.Nama_pt Organizational Unit Name (eg, section) []:sysadmin Common Name (e.g. server FQDN or YOUR name) []:aspal.com Email Address []:sysadmin@aspal.com root@mail:/home/kris#

Certificate akan masuk pada direktori /etc/ssl/certs dan /etc/ssl/private

Edit file postfix main.cf

root@mail:~# vi /etc/postfix/main.cf

Lalu tambahkan pada bagian akhir

# add Certificate smtpd_use_tls = yes smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_cert_file = /etc/ssl/certs/sertificate.crt smtpd_tls_key_file = /etc/ssl/private/sertificate.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Edit file master.cf

root@mail:~# vi /etc/postfix/master.cf # line 17-21: uncomment like follows submission inet n - y - - smtpd -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes

Edit file 10-ssl.conf

root@mail:~# vi /etc/dovecot/conf.d/10-ssl.conf # line 6: ganti ssl = yes # line 12,13: uncomment dan masukan direktori penyimpanan certificates ssl_cert = </etc/ssl/certs/sertificate.crt ssl_key = </etc/ssl/private/sertificate.key

Restart service postfix dan dovecot

root@mail:~# systemctl restart postfix dovecot

Tambahkan beberapa user dengan perintah

root@mail:~# adduser user1 root@mail:~# passwd user1

5. Pengetesan

Testing menggunakan Mozila Thunderbird pada Client Windows

Testing menggunakan Mozila Thunderbird pada Client Ubuntu

Tesing Kirim Email

Email diterima di Client Windows

Balas Email

Email diterima

Read More

Cara Install Samba di Ubuntu Server 20.04

Samba adalah program yang bersifat Opensource yang memungkinkan untuk berbagi file yang dibagikan di kedua sistem windows dan linux. Jadi dengan menggunakan Samba, kedua sistem dapat berbagi file, printer dan folder melalui jaringan.

Samba Server merupakan sebuah protokol yang dikembangkan di Sistem Operasi Linux untuk melayani permintaan pertukaran data antara mesin Ms. Windows dan Linux.
Disamping untuk melayani file sharing antara Windows dan Linux, Samba juga merupakan salah satu protokol yang digunakan di Sistem Operasi Linux untuk melayani pemakaian data secara bersama-sama.
Apa kira-kira yang menjadi dasar pengembangan Samba? Sebenarnya yang menjadi dasar dari pengembangan Samba adalah protokol SMB yang merupakan singkatan dari Server Message Block yang merupakan protokol standard yang dikeluarkan oleh Microsoft yang digunakan oleh Windows. Fungsi SMB dalam Windows adalah sebagai protokol yang digunakan untuk membagi data, baik dari perangkat CD-ROM, hard disk, maupun perangkat keluaran seperti printer dan plotter untuk dapat digunakan bersama-sama.

Berikut adalah beberapa pengertian dari SAMBA :

1. Samba adalah program yang dapat menjembatani kompleksitas berbagai platform system operasi Linux(UNIX) dengan mesin Windows yang dijalankan dalam suatu jaringan komputer. Samba merupakan aplikasi dari UNIX dan Linux, yang dikenal dengan SMB(Service Message Block) protocol. Banyak sistem operasi seperti Windows dan OS/2 yang menggunakan SMB untuk menciptakan jaringan client/server. Protokol Samba memungkinkan server Linux/UNIX untuk berkomunikasi dengan mesin client yang mengunakan OS Windows dalam satu jaringan.
2. Samba adalah sebuah software yang bekerja di sistem operasi linux, unix dan windows yang menggunakan protokol network smb (server massage block). Smb adalah sebuah protokol komunikasi data yang juga digunakan oleh Microsoft dan OS/2 untuk menampilkan fungsi jaringan client-server yang menyediakan sharing file dan printer serta tugas-tugas lainnya yang berhubungan.

Perbedaan smbd dengan nmbd

Sebenarnya Samba disusun atas dua damon, yatu smbd dan nmbd. Smbd adalah daemon yang secara nyata menangani servis sharing file sistem dan printer untuk klien. Pada saat sebuah klien melakukan autentikasi, smbd akan membuatkan duplikat dirinya, bagian asli akan kembali ke port 139 untuk mendengarkan permintaan baru dan bagian duplikat menangani koneksi terhadap klien. Dulikat ini juga mengubah ID user efektifnya dari root ke user yang terautentikasi. Misalnya , kalau user “wafi” melakukan autentikasi dengan smbd, duplikat baru akan berjalan dengan permisi “wafi”, dan bukannya permisi “root”). Duplikat ini akan berada di memory selama masih terkoneksi dengan klien.

Daemon nmbd bertanggung-jawab untuk menangani permintaan server name NetBIOS. Ia akan mendengarkan port 137, tidak seperti smbd, nmbd tidak membuat contoh dirinya untuk menangani setiap pertanyaan. Kedua daemon

Selain 2 daemon utama di atas, aplikasi samba juga mempunyai beberapa program pendukung yaitu :

1. smbclient, aplikasi di klien dengan tampilan mirip ftp untuk mengakses SMB resource share (mengakses share files)
2. smbtar, Program yang memback up data yang dishare. Mirip tar di Linux.
3. Nmblookup, Program yang membantu mencari nama (names lookup) dengan memanfaatkan NetBIOS over TCP/IP. Nmblookup dapat digunakan untuk meresolve dari nama komputer ke nomor IP dan sebaliknya.
4. smbpasswd, Program yang memungkinkan administrator mengatur password yang terenkripsi yang dipergunakan oleh Samba Server.
5. Smbstatus, Program yang memonitor status terakhir dari share resources yang diberikan oleh Server Samba.
6. Testparm, Program kecil untuk melakukan proses debug (memeriksa parameter) terhadap file konfigurasi Samba (smb.conf)
7. Swat, Samba Web Administration Tool, program bantu yang memberikan interface model web untuk mengadministrasi Samba. SWAT mempermudah edit smb.conf (file konfigurasi Samba) mengatur resource share, melihat status Samba terakhir, dengan dukungan file help yang sangat bermanfaat.

Fungsi dari Samba Server

1. Menghubungkan antara mesin Linux (UNIX) dengan mesin Windows. Sebagai perangkat lunak cukup banyak fungsi yang dapat dilakukan oleh samba software, mulai dari menjembatani sharing file, sharing device, PDC, firewall, DNS, DHCP, FTP, webserver, sebagai gateway, mail server, proxy dan lain-lain. Fasilitas pengremote seperti telnet dan ssh juga tersedia. Salah satu keunggulan lainnya adalah adanya aplikasi pengaturan yang tidak lagi hanya berbasis teks, tetapi juga berbasis grafis yaitu swat. Menempatkan masin Linux/UNIX sebagai PDC (Primary Domain Controller) seperti yang dilakukan oleh NT dalam jaringan Wondows.
2. Samba PDC (Primary Domain Controller) bertujuan sebagai komputer yang akan melakukan validasi user kepada setiap client yang akan bergabung dalam satu domain tertentu, dengan kata lain hanya user yang terdaftar yang diijinkan masuk ke domain tersebut dan mengakses semua fasilitas domain yang disediakan.
3. Dapat berfungsi sebagai domain controller pada jaringan Microsoft Windows.

Keunggulan SAMBA

1. Gratis atau free
2. Tersedia untuk berbagai macam platform
3. Mudah dikonfigurasi oleh administrator
4. Sudah terhubung langsung dengan jaringan
5. Mudah dikonfigurasi sesuai dengan kebutuhan administrator
6. Mempunyai performa yang maksimal.
7. dan jarang ditemui masalah dalam penggunaannya di  jaringan
8. Dapat diandalkan karena jarang terjadi kesalahan.

Pada tutorial kali ini, sobat akan belajar cara menginstal dan mengkonfigurasi Samba di Ubuntu server 12.04. sobat juga akan belajar cara membuat folder yang dapat diakses bersama dan membuat folder yang dapat diakses hanya user tertentu saja.

Installasi Samba

Buka terminal lalu login sebagai root user lalu masukan perintah berikut.

root@srv1:~# apt install samba

Konfigurasi

File konfigurasi Samba utama terletak di /etc/samba/smb.conf silahkan backup file utama samba sebelum kita membuat perubahan. jalankan perintah berikut.root@srv1:~# cp /etc/samba/smb.conf /etc/samba/smb.conf.ori

Membuat Folder Bersama

Selanjutnya kita akan membuat Folder yang dapat di akses untuk semua User

root@srv1:~# mkdir -p /srv/samba/share root@srv1:~# chown nobody:nogroup /srv/samba/share/

Buka file smb.conf

root@srv1:~# nano /etc/samba/smb.conf

Lalu Tambahkan pada baris bagian bawah

[Folder_Bersama] comment = File Sharing untuk bersama path = /srv/samba/share browsable = yes guest ok = yes read only = no create mask = 0755

Simpan perubahan lalu restart service samba

root@srv1:~# systemctl restart smbd.service nmbd.service

Untuk pengetesan silakan dari Client windows jalankan perintah \\[IP Address Server]

Untuk pengetesan dari Client Ubuntu jalankan perintah smb://[IP Address Server] lalu Klik Connect

Membuat Folder untuk User Group

Selanjutnya kita akan membuat Sebuah Folder yang hanya bisa diakses oleh Group. sebagai contoh disini saya akan membuat group bernama sales yang nantinya hanya akan bisa diakses oleh user yang berada pada group sales.Sebelumnya kita install paket-paketnya, jalankan perintah berikut.

kris@srv1:~$ sudo apt install libpam-winbind

Pertama kita buat group untuk sales

kris@srv1:~$ sudo addgroup smbsales

Lalu kita membuat user baru untuk group sales disini saya membuat dua user yaitu bob dan jane

kris@srv1:~$ sudo useradd bob kris@srv1:~$ sudo passwd bob New password: masukan password Retype new password: masukan password passwd: password updated successfully

kris@srv1:~$ sudo useradd jane kris@srv1:~$ sudo passwd jane New password: masukan password Retype new password: masukan password passwd: password updated successfully

Selanjutnya kita tambahkan user ke dalam group smbsales

kris@srv1:~$ sudo usermod -a -G smbsales bob kris@srv1:~$ sudo usermod -a -G smbsales jane

Cek di direktori group apakah user sudah berada pada group smbsales

kris@srv1:~$ cat /etc/group mysql:x:124: winbindd_priv:x:125: smbsales:x:1002:bob,jane

Selanjutnya kita akan membuat password untuk user samba

kris@srv1:~$ sudo smbpasswd -a bob New SMB password: masukan password Retype new SMB password: masukan password Added user bob.

kris@srv1:~$ sudo smbpasswd -a jane New SMB password: masukan password Retype new SMB password: masukan password Added user jane.

Selanjutnya kita buat direktori untuk Group Sales

kris@srv1:~$ sudo mkdir -p /srv/samba/sales

Selanjutnya memberikan ijin agar user root dan group sales saja yang dapat mengakses Folder sales

kris@srv1:~$ sudo chown -R root:smbgroup /srv/samba/sales kris@srv1:~$ sudo chmod -R 0770 /srv/samba/sales

Selanjutnya Edit file smb.conf

kris@srv1:~$ sudo nano /etc/samba/smb.conf

Lalu masukan pada baris paling bawah

[Folder_sales] comment = Ubuntu File Sharing Group Sales path = /srv/samba/sales valid users = @smbsales browsable = yes guest ok = no writable = yes

Simpan perubahan lalu restart service samba

kris@srv1:~$ sudo systemctl restart smbd.service nmbd.service

#nano /etc/samba/smb.conf

Tambahkan lah tulisan di paling bawah dari file tersebut.

[samba1]
comment = folder ini milik samba1
path =  /home/samba1/
valid users = samba1  
browseable = yes      
public = no         
writable = yes        

[samba2]             
comment = folder ini milik samba2
path = /home/samba2/
valid users = samba2
browseable = yes
public = no
writable = yes

[hrd]
comment = hanya bisa read only tidak bisa di tulis, di edit ataupun dihapus
path = /home/hrd/
browseable = yes
writable = no
valid users = samba1 samba2
admin users = root

[gudang]
comment = hanya bisa read only tidak bisa di tulis, diedit ataupun dihapus
path = /home/gudang/
direktori samba di home
browseable = yes
writable = no
valid users = samba1 samba2
admin users = root

Lebih jelasnya bisa dilihat seperti gambar dibawah ini

Kemudian setelah selesai jangan lupa tekan CTRL+X+Y,Enter untuk menyimpan semua perubahan, selanjutnya sobat lakukan perintah testparm untuk mengecek kesalahan parameter yang kita masukkan, ketikkan : testparm

# testparm

Setelah muncul tampilan seperti ini, Sobat kemudian Enter untuk melihat mengecek kesalahan parameter yang kita masukan

Kemudian restart paket samba server nya.

# service samba restart

Nah konfigurasi samba sudah selesai, sekarang sobat tinggal melakukan test akses menggunakan user samba1 dan samba2 di explorer.

Pengetesan

Untuk pengetesan silakan dari Client windows jalankan perintah \\[IP Address Server] untuk mengakses Folder Sales. Klik Folder sales lalu masukan user dan password user sales.

Testing buat folder baru di dalam Folder Sales

Untuk pengetesan silakan dari Client Ubuntu jalankan perintah smb://[IP Address Server] untuk mengakses Folder Sales. Klik Folder sales lalu masukan user dan password user sales.

Folder baru yang sebelumnya dibuat

Read More

How to Configure an FTP Server on FreeNAS

FreeNAS is a powerful operating system to build customizable NAS solutions. With this tutorial we are going to see how to configure an FTP server to allow a user or a group of users to store and download data to/from the NAS.

The configuration will take a few minutes but it’s not as intuitive as it should be.

The first step is to create the Dataset we will share via FTP:

The configuration is straightforward, be careful to correctly set the Case Sensitivity:

Go to the Users area and add a new user, the one able to access the FTP share:

Assign as home the FTP folder:

Assign to the user the write permissions to the FTP Dataset:

It’s time to configure and run the FTP server. Go to the Services area and click FTP:

Select the FTP folder, then click Ok:

Enable the FTP service:

You’re ready to use the FTP server:

Read More

Integrating FreeNAS with Windows Active Directory

FreeNAS offers a powerful array of features and is adaptable to a wide range of network-attached storage solutions. We look at integrating Windows Active Directory, taking snapshots, replicating, and backing up.

Whether you need a network-attached storage (NAS) solution for your enterprise or small business or just want to build a storage solution for your Windows network, FreeNAS has got you covered.

In a previous issue [1], I showed you how to install FreeNAS, configure sharing, and set up a basic client node. In this article, I dive into more advanced features, such as integrating Windows Active Directory, snapshots, replication, and backup.

Directory Options

Your FreeNAS system [2] can easily integrate with your existing network directory services or use its own local user configuration. If you are running Windows Active Directory, LDAP (e.g., OpenLDAP), NIS (Network Information Service), or NT4 (I hope not!), you can pull the usernames and passwords directly from your directory. In this article, I focus on integrating your FreeNAS box with Windows Active Directory.

In this example, I am building on Windows 2012 R2, but you could build this many other ways. For example, if you have an open source environment, you might build this on Samba 4, which can provide much of the same technology.

Unlike the last installment on FreeNAS, in which I used a local FreeNAS authentication system, this time, I instead point the FreeNAS system to a Windows 2012 Active Directory server. This effectively means that I don't have to recreate users in FreeNAS; instead, I refer to Windows AD for authentication.

In this configuration, FreeNAS polls the Windows 2012 Active Directory domain controller and imports the users into FreeNAS. Keep in mind that FreeNAS also supports being a domain controller (DC) itself or being an additional DC alongside your others. Here, I use it for authentication only, not as a full active directory implementation.

Prerequisites

Before beginning, you must take care of a few prerequisites. To check your configuration in the web management interface, go to Network | Global Configuration (Figure 1). Double-check your network settings (IP, Gateway, etc.) and make sure the correct domain is listed and you are pointed at the correct DNS server. This is easily accomplished by going to the FreeNAS shell in the web GUI or the Console. In this case, assure you are pointing to your Active Directory (AD) domain controller.

Figure 1: Checking your configuration.

Next, you should go to your DNS server (which happens to be your AD domain controller as well) and add a DNS record for your FreeNAS box. Finally, test the name resolution and network availability from the shell on FreeNAS with ping or dig.

Network Time Protocol (NTP) synchronizes time on a network. Time is of vital importance to many services such as Kerberos and logging, among others. In this case, you want to assure both your Windows 2012 R2 server and FreeNAS box are pointing to the same NTP server. In FreeNAS, you can do so by going to System | General | NTP Servers .

If you are running an End-of-Support/End-of-Life version of any software, it is time to upgrade. Systems such as Windows NT4 to 2003 (end of life in 2015) or NIS are beyond antiquated, insecure technologies that should only be exhibited in museums.

Setting up AD Authentication

With the prerequisites out of the way, you are ready to begin. For this section, I assume you already have a basic FreeNAS setup that is using local authentication (FreeNAS local users/passwords) and you are reconfiguring it to use Windows Active Directory. Starting this process is simply accomplished by navigating in the FreeNAS web GUI to Directory | Active Directory (Figure 2). Simply put in your domain, AD administrator account and AD administrator password. When it finalizes, you will see a success message flash at the top of the FreeNAS screen.

Figure 2: Active Directory settings window.

Generally, you will be fine using the default option (non-advanced mode), but quite a few options are customizable by clicking the Advanced Mode button [3]. Once you have set up your FreeNAS box to use AD, you can go to your volumes and change the permissions as desired under Storage | View Volumes . Simply select the volume you want to manage and then click the Change Permissions icon. From there, you will see the usual options for assigning permissions.

Now that you have set your FreeNAS server with Active Directory, you can use a Windows client to test it. As you see in Figure 3 on a Windows 7 client joined to the domain, I'm able to connect to the share and enjoy the music (metal specifically) that I have stored there.

Figure 3: Streaming music after joining the domain.

Snapshots

If you ever had to recover a deleted file or roll back to an older version, you'll love snapshot functionality. Once you set up snapshots, you can access files as they were from the point in time at which the snapshot was made. Previous snapshots can also be cloned and used to recover data from that snapshot in time. Snapshots can also be replicated (copied) to another remote system. With FreeNAS, you can do one-time snapshots or periodically scheduled them. In this case, I want to set up periodic or scheduled snapshots, so I go to the FreeNAS web interface and navigate to Storage | Volumes | Periodic Snapshot Tasks | Add Periodic Snapshot (Figure 4; Table 1).

Figure 4: Scheduling snapshots.

Table 1

Periodic Snapshot Options

SettingDescription

Volume/Dataset Select an existing ZFS volume, dataset, or zvol.

Recursive Check this box to take separate snapshots of the volume/dataset and each of its child datasets; if unchecked, only one snapshot is taken of the specified Volume/Dataset.

Lifetime How long to keep the snapshot on this system; if the snapshot is replicated, it is not removed from the receiving system when the lifetime expires.

Begin Do not create snapshots before this time.

End Do not create snapshots after this time.

Interval How often to take snapshots between Begin and End times.

Weekday Which days of the week to take snapshots.

Enabled Uncheck to disable the scheduled replication task without deleting it.

Select the lifetime and frequency of the snapshots based on your particular needs to schedule a snapshot at your specified time. It is important to note that snapshots are not the same as backups. Although snapshots are very powerful, they don't replace backups and a full disaster recovery plan. Now that you have scheduled snapshots, you replicate them to an off-site system. This process enhances your ability to recover and restore your most valuable asset: your data.

Replication

For increased fault tolerance, you want to replicate your ZFS dataset or pool to another server. Replication occurs over a secure SSH tunnel, which is an additional security benefit. For the sake of the example, you will have two nodes:

FreeNAS1 – The original FreeNAS server (PUSH)

FreeNAS2 – Your FreeNAS Secondary/Backup Server (PULL)

When setting up replication [4], the original server on which you created your snapshot is always the push server (FreeNAS1) and the server receiving the snapshots is the pull server (FreeNAS2). In my configuration, I have two FreeNAS boxes, but you could just as easily replicate to another Linux/Unix server with ZFS. The push and pull servers must each have a ZFS pool, and the push server must have a periodic snapshot task. SSH should be running on the pull server.

You will be using key-based authentication, so you first need to set up the pull configuration on the FreeNAS box. To assure SSH is up and running, visit Services | Control Services and click SSH to the ON position.

Next, navigate to Storage | Replication Tasks | View Replication Tasks | View Public Key to set up key-based authorization. On the PULL (FreeNAS2) machine, copy the contents of this public key and navigate to Account | Users | View Users . Click the Modify User button of the user you will be using for replication and paste in the copied key (Figure 5).

Figure 5: Adding the public key.

Before continuing, you should verify that your periodic snapshots are working by going to Storage | Replication Tasks | Add Replication Tasks . The Remote ZFS Volume/Dataset is the name of the ZFS filesystem on the remote side (the pull server), and the Remote hostname is the IP of the pull server. By default, replication occurs when a snapshot is created. Generally, you might want to schedule replication with the Begin and End times during non-peak working hours.

All other settings can accept the defaults unless your configuration requires something different. Now when you click SSH Key Scan , your push server will grab the SSH key for you. Finally, click OK : The screen should flash that the replication task was updated successfully.

Backup

Now that you have a share set up and your clients access it, you should plan some basic disaster recovery. A major part of this planning is having the proper backups in multiple places. In this case, you will set up both configuration and local data backups. Above and beyond that, I recommend you also do some form of encrypted offsite backup of your critical data either online, in the cloud, or at a secure storage facility.

FreeNAS natively supports many options for backup, including:

• Bacula via a plugin
• Almost any general backup software for a local backup to an external device
• Backup to the cloud with CrashPlan
• Backup to the cloud via any number of online backup SaaS services

Given the many options, you have a lot of choice as to how to configure for fault tolerance and disaster recovery. To make your life a bit easier – just in case you have to recover your FreeNAS box – you should always back up your configuration, ZFS layout, and data. In the web interface, choose System | Advanced | Backup .

You will see the backup window in Figure 6. Fill this in with the required information for the target server to which you will backing up. Once you are done, simply click Do backup . To verify that the backup has taken place, look at the server you backed up to and see if it is there. As you can see in Figure 7, the metal music backed up as planned.

Figure 6: Getting ready to back up.

Figure 7: Metal music, FreeNAS configuration, and ZFS layout backed up!

This backs up your FreeNAS configuration, ZFS layout, and (if you so choose) your data. It occurs over an encrypted SSH connection to another server. This other backup server only needs to have an SSH daemon running and sufficient storage to save the data from your FreeNAS box. I highly recommend you use key-based authentication rather than just passwords everywhere. To do so, place your public key of the root user in ~root/.ssh/authorized_keys.

If you want more fault tolerance in your FreeNAS install, you can mirror the boot device. This means that whatever storage you use for the install (compact flash, USB flash drive, SSD, or regular SATA hard drive as the boot device), you need two of them so the install is mirrored. However, always remember that this doesn't magically back up your FreeNAS configuration if both drives should fail. You should still plan on backing up your data [5].

CrashPlan

CrashPlan [6] is a offsite cloud-based backup solution. It is one of the many FreeNAS plugins. Thanks to the FreeBSD jail system, you are able to run CrashPlan right on your FreeNAS box. FreeBSD jails allow you to isolate and compartmentalize your system. Built on the chroot concept, jails are essentially OS-level virtualization that allows you create a separate instance. Jails are isolated from the host as a virtual instance but share the same kernel. For the CrashPlan configuration here, you will be creating a jail in which it runs.

Getting CrashPlan installed and configured takes a few steps, but I will go through them in detail. First, on the FreeNAS server, go to Plugins , choose CrashPlan , and click Install to download and install the CrashPlan application to your FreeNAS box (Figure 8).

Figure 8: Installing the CrashPlan plugin.

To configure the plugin, go to Jails | View Jails , then select your crashplan listed under Jail and click the Shell icon at the bottom of the screen (Figure 9). Edit /etc/rc.conf to enable SSHD by changing the sshd_enable line to "YES":sshd_enable="YES"

Next you need to create a new user who is a member of the wheel group via the console with Account | Users | Add User . Simply follow the questions and make sure to specify this user as a member of the wheel group.

Figure 9: Configuring your CrashPlan plugin.

Now that you have created a user, you should copy your public key (from the desktop) to the CrashPlan jail:ssh-copy-id crashplan@<ipaddressofjail>

Finally, create a tunnel to the CrashPlan jail with this SSH command:ssh -L 4200:127.0.0.1:4243 crashplan@<ipaddressofjail> -N -v -v

To be assured this is running, you can check withnetstat -na | grep LISTEN | grep 42

You should see the CrashPlan daemon running.

A CrashPlan Client on the Desktop

The CrashPlan configuration will be "headless" on FreeNAS, and the client will be on one of the desktops. On your desktop machine (mine is Linux), install the CrashPlan client:tar zxvf CrashPlan_3_7_0_Linux.tgz

Change into the CrashPlan install directory and run the install script:./sudo .install.sh

Once the script completes, edit your local CrashPlan configuration file ui.properties. The file is located in /usr/local/crashplan/conf/ui.properties. Uncomment and change your port to 4200.

Next go back to your FreeNAS box and visit Plugins | CrashPlan . Enable the CrashPlan plugin by moving the switch from the OFF position to ON.

Connecting to a Headless CrashPlan Jail

Now that the CrashPlan client is installed on your desktop and configured on the FreeNAS server, you can connect to it. First create a tunnel to the CrashPlan jail with the following SSH command:ssh -L 4200:127.0.0.1:4243 crashplan@<ipaddressofjail> -N -v -v

Now change to the directory where the CrashPlan client is installed and start up the client CrashPlanDesktop.

Configure a CrashPlan Backup Plan

This configuration does not provide a CrashPlan GUI on the FreeNAS box but, instead, lets the user run CrashPlan from another system (my Linux desktop in this case).

With the CrashPlan client up and running (Figure 10), you can configure your backups on your FreeNAS server. Simply select the files you would like to back up (Figure 11). Your CrashPlan client doesn't need to be running after you set up your backup plan.

Figure 10: The CrashPlan client.

Figure 11: Choosing the files to back up.

Conclusion

I hope this exploration of FreeNAS has been both interesting and fun. More importantly, I hope this introduction gives you the options to build whatever you need.

Open source is a powerhouse of innovation, and FreeNAS is a good example. So explore, have fun, and let me know what you build with this impressive and flexible storage platform.

Read More