patriot ps personal server os version 3.x (based on debian ... … · lets encrypt ssl certificate...
TRANSCRIPT
Patriot PS Personal Server OS Version 3.x
(Based on Debian 8.x)
Quick Start and Basic Configuration Guide
Pexus LLC
Document Version 1.1
8/7/2017
Contents Patriot PS OS Version 3.x Quick Start and Basic Configuration Setup ....................................................... 3
Steps to Register and Configure Patriot PS Personal Server ..................................................................... 3
Configure Network .................................................................................................................................... 6
Set Time Zone ........................................................................................................................................... 8
Configure Mail ........................................................................................................................................... 9
Personal Server Profile ............................................................................................................................ 22
Lets Encrypt SSL Certificate ..................................................................................................................... 29
Summary ................................................................................................................................................. 31
Appendix I – Accessing your Personal Server using SSH and Putty .......................................................... 33
Appendix II – Ensuring your personal server stays up to date with security updates ................................ 38
Patriot PS OS Version 3.x Quick Start and Basic Configuration Setup
The Patriot PS Personal Server comes pre-installed with Patriot PS Personal Server Custom Linux Distribution based
on Debian 8.x. The core OS can be updated from the US Debian repositories for all security updates and other
Debian packages.
The distribution includes custom configuration and applications written for your personal server. Before using
your personal server and the Patriot PS Configuration application (ppsconfig) register with your full name, e-mail
address and the registration key that was sent in an e-mail. The registration is local only and no information is sent
out of your personal server.
It is recommended you copy paste the registration key from the e-mail to the registration form.
During the registration process, you will also set the ppsadmin (Administrator user) password.
Figure 1 Patriot PS Personal Server Model K-900
Steps to Register and Configure Patriot PS Personal Server 1. Unpack contents
2. Place the Patriot PS Personal Server near your Home LAN Router. Patriot PS uses a wired network
connection.
3. Refer to Figure 1. Other models may have slight variations, but will have at least one Ethernet port and a
DC Jack.
4. Connect the Ethernet cable to your Patriot PS and one to a free port on your LAN router. If there are
multiple Ethernet ports, connect to the port numbered 1.
5. Connect the Power Adapter
6. Turn on the Patriot PS Personal Server using the power button
7. Wait for it to boot. This may take 1-5 minutes. You will hear a 3 beep sound once it boots successfully.
8. Discover the Patriot PS Personal Server on your local LAN from a Windows PC using Network Discovery or
if you are using an Apple Computer or laptop or Apple iOS device, you can type the URL: https://pps.local
to go to the home page of the server.
Figure 2 Network Discovery of your Personal Server from Windows PC
9. Double click on the discovered device or type the URL https://pps.local from your Apple computer or iOS
device. Accept/Trust the self-signed certificate warning the browser will display when navigating to the
home page URL.
Figure 3 Patriot PS Personal Server Home Page
10. Click on the PPS Configuration Application to register and configure your Patriot PS Personal Server
11. Click on Click to register and enter your First Name, Last Name, Email, key and the captcha
Figure 4 Key Registration
12. Next set the ppsadmin password and MySQL Database root password. (Remember these password as you
will need them later). Choose a strong password. We recommend using a password vault, such as free
KeePass (http://keepass.info/ )
13. Once the password is set, you can go to the ppsconfig application home page, login to do additional
configurations. Use userid as ppsadmin and password to login
Figure 5 Key Registration success
Figure 6 ppsconfig Sign In
14. To access your personal server from the internet, you will need to port forward port 443 to the IP address
of your personal server that you will set in the next step.
15. By default, your personal server uses a dynamic IP address. It is recommended to use a static IP address in
your LAN so that you can port forward to the static IP address from your router or firewall.
Configure Network 1. Next configure the network with static IP address, give your personal server a hostname and specify the
DNS servers provided by your ISP or use your gateway address in your LAN as the DNS server if it resolves
to the ISP DNS
Figure 7 Set a Static IP Address for your personal server in your LAN
Figure 8 Configure Network and Static IP Address from your LAN
2. Once the network is configured you will see the following success screen
Figure 9 Network Configuration Success Page
3. Click on any of the links to go to your personal server Sign In Page. Login In again
Set Time Zone 1. Next Confirm and set your Time Zone. You may have to reboot if the time zone is different than the
default time zone – US CST.
Figure 10 Set Time Zone
Figure 11 Select Time Zone and Submit
Configure Mail 1. Personal Server can be configured to just send outgoing mail from personal server or as a complete
private mail server.
• To configure your personal server to just send outgoing mail, you will need the SMTP server, port
and optionally userid / password from your ISP
• To configure as a mail server you will need a domain name and an MX Record created for your
domain name that will point to the external IP address of your ISP connection at home
2. Click on Configure
Figure 12 Configure Mail
3. Configuring personal server to just send outgoing mail:
Figure 13 Configure Personal Server to Just Send E-mail
Figure 14 Specify ISP SMTP Server and port (usually 25 or 587) and optionally User id and Password
4. If the configuration succeeds, you should get a test e-mail to your profile e-mail address you used during
registration
5. Next we will check how to configure the Personal Server as personal private mail server.
6. Log into your Domain Provider and ensure you have created an MX Record. A free DNS provided is DNS
Exit (https://www.dnsexit.com). You can create a FREE account and use DNS Exit to manage the Domain
Name for free. Create an account if you have not already created or your Domain Name provider may
offer this service. DNS Exit also offers free Dynamic DNS service which would be useful for Home ISP
connections as external IP address may change some times. Patriot PS can be configured to update the
Dynamic IP of your personal server host name which will also be your MX record whenever the Dynamic
IP addresses changes. This will ensure your mail server is always current and can receive your e-mails
without interruption and manual intervention.
(Note: You can use a different Domain Name Management provider. This www.dnsexit.com is an
example. We recommend using a DNS management provider that supports dynamic DNS updates. Patriot
PS supports the following DNS providers for dynamic DNS updates: Dyn DNS, DNS Exit, DNS Park Name
Cheap, No IP, Sitelution, Zone Edit, CJB Net, DNS Made Easy, DHIS, Free DNS, Static Cling, Zerigo,
Zonomi, dhs.org easydns.com, gnudip
7. In your DNS Management console, assign the IP address to your personal server host
Figure 15 Managing DNS for a domain. (Note your Domain name provider may be different)
8. Here we will use domain name as iserv4.me as an example
9. Create an MX Record for your domain name to handle mail e.g. mx.iserv4.me (1)
10. Next Create a host for your domain name that you will use for your personal server.: pps.iserv4.me (2)
11. Assign the external IP address of your ISP connection to this host – pps.iserv4.me. You can easily check
the external IP address of your IP address by typing the URL https://checkip.pexus.net on your browser
Figure 16 Check your external IP Address
12. Next alias mx.iserv4.me to your personal server host pps.iserv4e.me (3)
Figure 17 Creating MX Record, and Personal Server Host Name, Alias MX Record to Personal Server Host
13. Save your changes and log out from your DNS Management Console. Depending on your DNS provider,
the changes may take some time to propagate to the internet. So give it some time, may be an hour or so.
14. Log in to your Patriot PS ppsconfig application, and select Configure Mail
15. Choose option to configure as mail server
Figure 18 Select Configure Personal Server as an E-Mail Server
16. Click Next and Enter your domain name
Figure 19 Specify the domain name for your mail server
17. Click Next. You should see the MX Record host of your domain name automatically populated in ppsconfig
page
Figure 20 Discovered MX Record for the domain name
18. Click Next. For a Home ISP connection, choose Option 1, and specify your ISP’s SMTP server and port for
outgoing e-mails. Optionally provide the SMTP server authentication. Usually ISPs don’t need
authentication but some ISPs may need it. Choose Option 2 only if you have a Static IP assigned by your
ISP.
Figure 21 Specifying outgoing SMTP Server
19. Click Next.
20. Next provide the MySQL database root password. The Mail Server also creates a Mail Database. Specify
the password for the Mail database. The configuration also creates a default mail box
[email protected]. In this case [email protected]. You may want to note down the
passwords for future use. You will use this mail box and password to manage and add additional mail
boxes to your mail server using the Postfix Admin application which can be access using the url :
https://yourserver/postfixadmin
Figure 22 Specify passwords for root MySQL and Mail Database and Postfix Admin default mail box
21. Next specify the Mail SSL Certificate information. Specify an identifier e.g. to identify your mail certificate.
You can use the hostname for your personal server e.g. pps.iserv4.me. You will use this as your POP and
SMTP server when configuring your mail clients such as iOS, Thunderbird, Outlook etc. When the mail
client interacts for the first time, it will show the certificate as self-signed certificate and give a warning.
Identify the certificate using the fingerprint information that will be shown later to accept the certificate
as trusted.
Figure 23 Mail SSL Certificate Identifier
22. Click Next to confirm the Mail Server configuration and Submit. The Mail Server configuration may take a
couple of minutes
Figure 24 Configuring Mail Server Page
23. Once the configuration is complete, the resulting page will show important details about your mail server.
Print and make a note of the ports for POP and SMTP configuration that will be required when you
configure your client to receive mail from your mail server. An example page is shown below. You will also
need to port forward additional ports required for your mail server to function. These are highlighted in
the resulting success page below. This page also shows the finger print for your mail SSL Certificate that
you can use to verify when your mail client connect for the first time to your mail server to download
mails.
Figure 25 Your Mail Server Information - 1 of 3
Figure 26 Your Mail Server Info 2 of 3
Figure 27 Mail SSL Certification Fingerprint Info for POP3S / IMAPS and SMTPS Server
24. Don’t forget to click Confirm to confirm the configuration.
25. Next you can regenerate the Web Self Signed Certificate for your Personal Server. If you have an external
host pointing to your Personal Server e.g. in this case pps.iserv4.me, then specify this in your Personal
Server Profile, and use the Free Lets Encrypt SSL Certificate which is recognized by all major browser as a
trusted certificate signer. You can either use the Self Signed Certificate or the Let’s Encrypt Certificate. If
you plan to use your personal server to share files and media with persons outside your home, then we
recommend using Lets Encrypt certificate to avoid the self-signed certificate warning shown by the
browser.
Personal Server Profile
1. Click Personal Server Profile from Home Page – Specify button to specify the external hostname, and
configuration to update the Dynamic DNS.
Figure 28 Specify Personal Server Profile
2. Specify a Personal Server Name and assign a unique server id. This information is added to e-mails sent
from the personal server so that you can identify the mail notification from your personal server:
Figure 29 Personal Server Identifiers
3. Click Next to specify the External Hostname and IP Address, and Scheduling IP Check if your ISP
provides you a Dynamic External IP.
Figure 30 External Hostname and Schedule IP check and Dynamic DNS Update
4. Click Next and specify the Dynamic DNS update details
Figure 31 Dynamic DNS Update Details
Figure 32 Specify Dynamic DNS Details for Auto Update
Figure 33 Saved DDNS Host and Account Details - Used for Auto update of IP Address when IP Changes
5. Click Next
6. The last screen shows a mapping of external ports on your LAN to the personal server ports. By default
external ports required for the Web and the Mail Server are mapped to the internal port. You should port
forward each of the ports for your personal server web port and mail server ports to be accessible from
the Internet
7. Click Submit to save your personal server profile.
Figure 34 Port Forwards to personal server
Lets Encrypt SSL Certificate 1. Next create and Install a Let Encrypt Certificate. This certificate is valid for 90 days only. Patriot PS
Personal server will automatically renew the certificate before the 90 day expiration so that your server
always have a valid certificate.
Figure 36 Install Lets Encrypt SSL Certificate for your Personal Server HTTPS port
Figure 35 Port Forwarding to Personal Server
Figure 37 Host Name is automatically populated from Personal Server Profile
2. Click Submit. On success you will see the following page. You will also notice that the certificate used by
your personal server is now trusted by the browser and is shown as green. You can also verify the
strength of the SSL certificate by clicking the SSL Labs link that will do a quick check to show your server is
protected with the highest strength ciphers and validates the SSL Certificate installed.
Figure 38 Lets Encrypt SSL Certificate
Figure 39 SSL Labs Verification
Summary
This concludes the basic setup of your Personal Server that includes – ppsadmin password, MySQL Database
password, Network Configuration, Time Zone, Personal Server Profile, and SSL Certificate.
Additional documentation and video on configuration and usage is provided online from the following
location: http://pexus.com/patriotps/media/
Appendix I – Accessing your Personal Server using SSH and Putty
By default the SSH port on your Personal Server is disabled. Access via SSH is restricted via SSH keys
only. You can generate SSH Key pair using ppsconfig application, download the Putty compatible key to
your computer for access from your Windows or Mac or UNIX computer.
Follow the steps to setup access to Personal Server using SSH Keys
1. Log in ppsconfig application https://<IP>/ppsconfig
2. Click on More from the top menu
3. Click on SSH Keys button
Figure 40 Generate SSH Keys
4. Specify the SSH Key password and the ppsadmin password. The SSH Key Password must be
entered when connecting via Putty
Figure 41 SSH Key Password
5. Click Submit. The keys are generated and protected with the password you provided. Download
the Putty Keys and store it on your local computer where you will be accessing using Putty
Figure 42 Click Download and Confirm Download
6. Don’t forget to click Confirm Download to ensure the key is deleted from the server.
7. Next Enable SSH Port
Figure 43 Enable SSH Port
8. Start Putty
9. Create a session to connect to the server.
Figure 44 Putty Session
10. Specify the Hostname or IP address of your personal server
11. Click on Auth to specify the downloaded Putty Key File
Figure 45 specify the downloaded Putty Key File
12. Save the session and click Open to connect
13. Enter the password provided when creating the SSH Key
14. One successful authentication, you should get the SSH session to your personal server
15. When not using SSH, it is recommended to disable the SSH port either on your server or at the
firewall router, to prevent port scan and exploits from hackers.
Appendix II – Ensuring your personal server stays up to date with
security updates
Patriot PS Personal server comes with webmin. Webmin (http://www.webmin.com/intro.html ) is a
freely available popular and powerful system administration application. You will require some
knowledge of Linux to use it fully. This section will show how to configure webmin to send notification of
updates and optionally automatically install them. We recommend that you turn on security updates
from Debian repository to automatic modes and other updates for notification only that you can
selectively install after reviewing the updates.
You can launch webmin from ppsconfig application.
1. Login to ppsconfig application https://<personalServerIP>/ppsconfig
2. Click on More from top menu
Figure 46 Launch Webmin
3. Use ppsadmin and password to login
Figure 47 webmin login
4. From the left navigation menu, click on Software Package Updates, scroll down to Scheduled
checking options and specify the duration, notification e-mail address and action. You may want
to select Just notify or Install security updates option if you want to have the security updates
installed automatically
5. Configure your web min to send e-mails
6. From the left navigation, click on Webmin Configuration -> Sending E-mails
7. Select the options as shown, and specify the e-mail address where you want webmin to send
notifications. (Before doing this, ensure you have configured Mail in ppsconfig)