During my third year at GT, I realized that I have all the skills that I need to deploy my own cloud storage solution. My main goals were:
- Gain production experience on a product that I use daily
- Have my own data in my own hardware, and access it anywhere
- Learn more about networking, raid, and vpns
- Raspberry pi
- Mdadm (software raid tool)
Seafile is an open source dropbox like file storage solution. (https://www.seafile.com/en/home/). It has two components, seafile and seahub. Seahub stores the files to a disk and manages versioning and history. Seahub is a django server which handles the UI, upload, download and authentication stuff. It has good community support and active development. I prefered seafile over other alternatives due to community support, good reviews and I can nearly read any python code, and seafile has a django backend.
Openvpn is a vpn server, it is quite robust and easy to install. I followed this tutorial to install my openvpn server. (https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04). Special note here: I’m planning to move some of my stuff to digital ocean because of their tutorials.
Raspberrypi is a single board computer, I’m using it to actually store my data. I attached two hard drives via usb and configured them as raid 0 (they are the exact copy of each other)
Nginx is a http server (it can also do some other fancy stuff proxies and so, also rtmp and websockets, I’m still exploring). It can handle more concurrent connections than apache. Also it has other fancy functionalities. It is used to cache the static content also provide a way to install https certificate to the server.
The picture above was the end result of the project, I can access my seafile server from anywhere that I have internet access. It is incredibly secure. In order to interact with the seafile server you need to be inside of my internal vpn network which requires a special certificate.
Here are the screens for the UI of seafile, desktop console + web interface.
Currently this setup is not open to world wide web and it requires a special certificate to access my data. Compared to dropbox and google drive, this is a terrible deal. I need to open it to world wide web. In order to do that I need the following:
Active Log monitoring – so that I can see brute force attempts and any connection attempts to my infrastructure.
IP whitelisting – leaving the endpoint open to www can be dangerous if a crawler finds it.
UPS – I have experienced more than 5 power failures in my apartment since deployment, and each power failure causes my inodes to disappear and i have to do fsck and stuff.