Automatic Nextcloud Installation on Raspberry Pi

Nextcloud is an open source software package providing remote file sharing services. It is similar to Dropbox. But with Nextcloud, you retain ownership, security and control of the shared data. This procedure describes how to build a working Nextcloud service using just 3 commands.  It has been tested on Raspbian Stretch and on the Raspberry Pi 4 / Raspbian Buster (this article updated 9/8/19)

Note: If you would rather do the installation manually, step-by-step, without the help of a script, please see my previous article Simple Nextcloud Installation on Raspberry Pi. It explains how to do the installation in detail, and provides more background information on Nextcloud. Both procedures achieve the same overall result, however.

Note: If you are running Raspbian Buster, then Nextcloud 16 will be installed.  For Stretch, it’s Nextcloud 15.

Continue reading

SSH Proxying and Agent Forwarding

SSH allows secure connections from one host to another. All traffic is encrypted. Authentication is usually by means of a key pair, where the private key resides on your local machine, and the public key is imported to the remote system. SSH keys have become particularly important for cloud computing, where users need to access cloud servers over a potentially hostile Internet.

Sometimes, the requirement is to access one system via another. You “hop” through the first system to reach the second. For example, an AWS server through a gateway or “jump” system. The following article shows how to do that, in a secure way, either by proxying or agent forwarding, without having to place a private SSH key onto the middle system. Continue reading

Renaming a Bitbucket Repository

Bitbucket is a paid-for version of Github*. Along with Jira and Confluence, it forms the Atlassian framework, a suite of devops tools in widespread use.

Using the Bitbucket web interface, a repository can easily be renamed. However, this causes a change in the URL, which breaks the link from existing clones of the repo. They can be deleted and re-cloned, or renamed. This post explains how to do the rename. Continue reading

Using Address Ranges and Port Ranges with Iptables

Iptables is the name of the firewall built into the Linux kernel. It is also the tool used for firewall configuration. This post explains how to use iptables with a range of IP addresses and/or ports. It could be used, for example, to allow SSH traffic from a number of systems. Or to open up a range of ports with a single firewall rule.

Note: This article is not about blacklisting. If you are looking to set up a blacklist, perhaps to protect your server from a number of unrelated IP addresses, my related procedure on how to protect your webserver with IPset might be more appropriate.

The Linux firewall (part of the Netfilter project) is important on Internet facing systems, “edge” servers and “jump” boxes. Particularly when they do not sit behind another protective network element such as a load balancer or discrete firewall. For example, standaline cloud instances that are not part of a protected VPC infrastructure. Continue reading