Build A Complete Linux Media Server – Introduction

This entry is part 1 of 6 in the series Complete Linux Media Server

Linux Media Server From Scratch!

This series of articles describes how to build a complete linux media server for finding, downloading, organising and streaming media.


 

Before we start, it goes without saying (but I’m saying it here anyway!) that this is a grey area, that you should already have legal entitlement to watch these shows through your terrestrial TV / cable TV provider and that downloading shows is your backup option.

This is simply a way to change how you store, manage and view the shows which you have already paid for – if people don’t pay for the shows, production companies cut their budgets, actors eschew parts in great dramas and instead plump for making adverts for Coca Cola – in a nutshell, all the cute bunnies and kittens die because of you!! You get the message.


 

We will be using the following technologies:

To implement the full stack you will need to have usenet access from either your internet provider or one of the many monthly subscription usenet services. There are a few examples of these listed in the usenet configuration article.

We will approach this project in the following order:

  1. Debian installation and configuration
  2. Transmission-daemon installation and configuration
  3. Nzbget installation and configuration
  4. Sonarr installation
  5. Sonarr configuration – due 5th April 2016
  6. Plex Media Server installation and configuration – due 10th April 2016

The linux media server example detailed in this article is built in a virtual machine on ESXi 5.5.

The information provided here draws on other information already available on the internet and will be referenced as such, credit where credit is due!

The links 1-5 above will be activated when the articles are published over the next week – subscribe to be notified of new posts!

Build A Complete Linux Media Server – Debian Server Install

This entry is part 2 of 6 in the series Complete Linux Media Server

Debian Server Install

This article details how to create a standard, headless debian server install. For our linux media server project we will be using the latest version distribution available at the time of writing: Debian 8.3.

You can also use the process below to build a standard debian server. It will be headless, i.e. no desktop environment e.g. Gnome as we don’t want to waste resources on running a desktop environment we won’t be using after setup is complete.

Instructions

  1. Download either the netinstall image iso or the first complete image iso in the series
    • The net installer is about 315MB, the complete CD is around 650MB. If you are going to ever install more than one machine then the complete CD is far better value!
  2. Create a new virtual machine (or prepare your physical server if that’s what you will use)
  3. Go through a default install as shown below:
    1. Choose “Install” from the boot up screendebian server install - 1
    2. Configure your language, keyboard and country fro the options given – here we are using UK Englishdebian server install - 2
    3. Give your server a hostname, in this case we are using “merlin”debian server install - 3
    4. When asked to input a root password, we advise leaving this blank – this disables root login which is more securedebian server install - 4
    5. Enter a username – we are using “merlin” again here. This user will be able to carry out root permission commands using “sudo”, i.e. it will be a member of the “wheel” groupdebian server install - 5
    6. Accept all the default disk partitioning prompts (guided, use entire disk) then click to finish and write the partitions to diskdebian server install - 6
    7. When prompted to scan another disk, answer “no” – CD1 is enough to create what we need for our debian server
    8. Choose “yes” to use a network mirror in the next step. Don’t worry! We will not be downloading large amounts in the initial configuration but we will need it for the installation of individual packages later on. Pick your country and the relevant local network mirror site for quicker access to packages.debian server install - 7
    9. For the “Select and install software” use the arrow and spacebar  keys to deselect “Debian Desktop Environment” and “print server”, select “SSH server” and leave “standard system utilities” selected as shown below:debian server install - 8
    10. Choose the default to install grub to the master boot record, in our case /dev/sda and then “continue to finish the installation. debian server install - 9
  4. Set a static IP address
    • This is important so that you can always find your server! The article > here < details how to do this via the /etc/network/interfaces file.
  5. Make sure you can connect via SSH
    • Use a terminal client like putty to make sure you can connect – this install will all be done via console or SSH as we do not have a desktop environment.
  6. Run
    sudo apt-get update

    and then

    sudo apt-get upgrade

    to make sure you have all the latest updates, including security patches.

Give “nobody” a Home!

If you are following this guide as part of the Linux Media Server project then you must create a home directory for the nobody user – this is so that our media applications have somewhere central to store their configuration data.

For this, we need to edit the /etc/passwd file, create some directories and assign permissions:

  1. In /etc/passwd change the following line:
    • nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

      to

      nobody:x:65534:65534:nobody:/home/nobody:/usr/sbin/nologin
  2. Create the necessary directory, including one for NzbDrone to save configuration into:
    • mkdir -p /home/nobody/.config/NzbDrone/
  3. Assign permissions:
    • chown -R nobody:nogroup /home/nobody/

 

You should now have completed your debian server install – why not carry on to the next srticle in the Complete Linux Media Server!

Build A Complete Linux Media Server – Install transmission-daemon running as nobody

This entry is part 3 of 6 in the series Complete Linux Media Server

Install transmission-daemon

You could be forgiven for thinking that a simple “apt-get install” would suffice to install transmission-daemon and thoretically it does.

However! We want this set up securely and neatly as there are other components which need to interact with transmission and its files and directories and ideally we will have all of these running as user “nobody:nogroup”.

Install the Software

merlin@merlin:~$ sudo apt-get install transmission-daemon

Configure transmission-daemon to run as user nobody

If we now check our running processes, transmission is configured to run as user “debian-transmsission” – totally fine and secure but not quite what we want:

merlin@merlin:~$ ps aux | grep transmission
debian-+  1356  0.1  0.5  30708  6064 ?        Ssl  20:45   0:00 /usr/bin/transmission-daemon -f --log-error

We need to make the following edits and permission changes:

  1. Stop the daemon:
    • /etc/init.d/transmission-daemon stop
  2. Edit /etc/init.d/transmission-daemon and change the user:
    • change USER=debian-transmission to USER=nobody:nogroup and save the file
  3. As debian now uses systemd to manage services we also need to change the service “Unit” to reflect the different user. Edit the /lib/systemd/system/transmission-daemon.service file and change the following:
    •  User=debian-transmission to User=nobody
    • Add the absolute path of the config file to the end of the ExecStart line to workaround a slight bug with $HOME variables, the line should read:
      ExecStart=/usr/bin/transmission-daemon -f --log-error --config-dir=/var/lib/transmission-daemon/info
    • Save the file and reload the system configuration:
      sudo systemctl daemon-reload
  4. We now need to make sure that user nobody has permissions to the relevant files and directories:
    • merlin@merlin:~$ sudo chown -R nobody:nogroup /var/lib/transmission-daemon/
    • merlin@merlin:~$ sudo chown -R nobody:nogroup /etc/transmission-daemon

Set the UDP Send and Receive Buffers

The daemon will now start and run as user nobody:

merlin@merlin:~$ ps aux | grep trans
nobody     418  0.5  1.7  60628 18512 ?        Ssl  09:38   0:14 /usr/bin/transmission-daemon -f --log-error --config-dir=/var/lib/transmission-daemon/info

Tailing /var/log/syslog while restarting the service shows the following errors:

UDP Failed to set receive buffer: requested 4194304, got 327680 (tr-udp.c:78)
Failed to set send buffer: requested 1048576, got 327680 (tr-udp.c:89)

Transmission is requesting a 4MB receive buffer and a 1MB send buffer but not getting them. This can be swiftly corrected by adding the values to the sysctl.conf file and then refreshing with “sysctl -p”:

echo 'net.core.rmem_max = 4194304' >> /etc/sysctl.conf
echo 'net.core.wmem_max = 1048576' >> /etc/sysctl.conf
sysctl -p

You can also try using larger buffers to tweak performance e.g. 16MB receive buffer and 4MB send as below:

echo 'net.core.rmem_max = 16777216' >> /etc/sysctl.conf
echo 'net.core.wmem_max = 4194304' >> /etc/sysctl.conf

Once the values have been applied, a restart should be smooth and error free.

Change Default User Credentials & Allow Network GUI Access

As this is a headless server we are unlikely to be accessing it from localhost very often. Default settings allow only connections from 127.0.0.1 so edit the /etc/transmission-daemon/settings.json file and either add allowed IPs to the whitelist or disable the whitelist altogether (change rpc-enabled to false) – the latter should only be done if the server is not directly connected to the internet where anyone could access it!

  1. Stop the daemon before editing, otherwise your changes will be overwritten when the service is stopped / started later:
    merlin@merlin:~# sudo /etc/init.d/transmission-daemon stop
  2. Edit /etc/transmission-daemon/settings.json, look for the settings and change them as applicable:
    • Delete the hashed password between the quotes in this line and replace it with your new plain text password – transmission will automatically hash it as soon as it restarts:
      "rpc-password": "{b21ebef271608102725706c76924ca596ca0d3e6CA5En8YL",
    • Find the following line and change the username:
      "rpc-username": "transmission",
    • Either add your allowed IP(s) to the whitelist or set the enabled parameter to false to allow access from any IP:
      "rpc-whitelist": "127.0.0.1", "rpc-whitelist-enabled": true,
  3. Restart the service and you should now be able to connect via either the web gui or a front-end app e.g. Transmission Remote GUI

Implement a Blocklist (Optional)

In the Transmission Remote GUI go to Tools -> Transmission Options -> Network (WAN). Select “Enable blocklist” and enter the URL of your favourite blocklist provider. Generally the following is ample:

http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz

enable blocklist
Click OK and then Tools -> Update Blocklistupdate blocklist

References