Common Setup Commands for Ubuntu 12.x onwards

September 20, 2014 Leave a comment

To change the hostname of the machine
sudo nano /etc/hostname

sudo nano /etc/hosts

To change the IP Address of the machine

sudo vi /etc/network/interfaces

auto eth0
iface eth0 inet static

sudo /etc/init.d/networking restart

To change the account password


To shutdown the machine

sudo shutdown –h 0


To install and enable openssh

sudo apt-get update
sudo apt-get install openssh-server
sudo ufw allow 22


sudo nano /etc/ssh/sshd_config
# line 28: uncomment and change ‘no’
# default setting "without-password" means that root login is permited but require keys authentication
PermitRootLogin no


sudo initctl restart ssh

Categories: Ubuntu

Seafile end to end encryption for encrypted libraries (v3)

May 11, 2014 Leave a comment

Rephrased from and

FYI, encryption used are all symmetric

Master Key
When you create an encrypted library, a random file key (master key) is generated. This master key is the main key that is used to encrypt and decrypt the files and this key has NOTHING to do with your password, and is not stored anywhere in the system. As long as you can get this key, your access to the data is confirmed! There is also no known way to change this easily.

Enc Master Key
The password you entered is used to encrypt the master key (enc master key) , this data is stored in the server to send out to the clients in order to derive the actual file key by decrypting with the password.
I.e master key enc master key

Web Browsers (8000, 8082)
For browsers and all access thru http protocols (inc mobile devices) the enc master key and encrypted data is sent to the client/server and the client/server will do the neccessary decryption to get the file key which is then used to decrypt the encrypted data to get the actual file. For mobile apps, it seems the file key is also stored in the app data.

cc net (10001) and seaf daemon (12001)
A magic token is generated from the library id and password and stored on the server. This is used to confirm the password is correct. Once it is confirmed, the master key is stored on the client.

Although no passwords are stored anywhere, this does not really matter since all it does is to decrypt the encrypted master key, what really matters is the file key, which unfortunately seems to be stored on both the client as well as mobile app, quite possibly in an unencrypted format.

So while the sys admin is not able to your files. Should your devices be compromised, the hackers potentially have access to your file key which will unlock the files when they request it from 8082 which does not need any form of authentication.

Categories: Uncategorized

Windows Server Storage Spaces–Auto attach disk

May 8, 2014 Leave a comment

Sometimes when you reformat a server, the volume in the storage spaces is not auto attached.


to set it to automatically load use the following powershell

Set-VirtualDisk -FriendlyName Mirror -IsManualAttach 0

Categories: Windows Server

Enabling HTTPS for Seafile (Windows)

May 7, 2014 36 comments

EDIT: Video tutorial can be found at

While there has been documentation on how to enable HTTPS for seafile in *nix environment. There is no documentation for doing this on windows.   Looking at the nginx implementation, it is essentially doing a reverse proxy. This is something that IIS+URL Rewrite can easily achieve!   Before we proceed, take a look and understand the reverse proxy requirements found at   I will not go into steps on how to generate your own SSL cert, but rather focus on how to use IIS to reverse proxy the necessary ports.   Requirements

  1. Standard implementation of seafile ONLY
    1. ie seafile listens on the following port: 8000, 8082, 10001, 12001
  2. HTTP requests to port 80 will be redirected to HTTPS calls on port 443
  3. HTTPS requests on port 443 will be treated as follows
    1. if it starts with seafhttp, send it to seafile port 8082
    2. otherwise send it to seafile port 8000

Step by Step Guide

  1. Install seafile on the server
  2. Install IIS with default options
  3. Run IIS Manager image
  4. Install Web Platform Installer (WebPI)
  5. Inside WebPI, install URLRewrite
  6. Create 2 websites, pointing to separate physical folders. Ensure the https website is associated with a valid SSL certificate image
  7. Edit the web.config for the HTTP site

    <?xml version=”1.0″ encoding=”UTF-8″?> <configuration> <system.webServer> <rewrite> <rules> <rule name=”Redirect to HTTPS” stopProcessing=”true”> <match url=”(.*)” /> <action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}” /> </rule> </rules> </rewrite> </system.webServer> </configuration>

  8. Edit the web.config for the HTTPS site

    <configuration> <system.webServer> <rewrite> <rules> <rule name=”seafhttp” stopProcessing=”true”> <match url=”seafhttp/(.*)” /> <action type=”Rewrite” url=”{R:1}” appendQueryString=”false” logRewrittenUrl=”true” /> </rule> <rule name=”Reverse Proxy” patternSyntax=”ECMAScript” stopProcessing=”true”> <match url=”(.*)” /> <!– Redirect all requests to non-HTTPS site. –> <action type=”Rewrite” url=”http://localhost:8000/{R:1}” logRewrittenUrl=”true” /> </rule> </rules> </rewrite> </system.webServer> </configuration>

  9. Enjoy a secure version of seafile :)
Categories: General, Hacking, IIS

Disabling/Removing IIS Shared Configuration

March 1, 2014 Leave a comment


If you are using IIS Shared Configuration and changed the password for the account accessing the file path, you might encounter the following error

The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error:
The user name or password is incorrect.

The Windows Process Activation Service service terminated with the following error:
The user name or password is incorrect.

Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.


Internet Information Services (IIS) Manager will also start with a weird error message and then prompts you to login


All these points to an inability to access the shared configuration


How to resolve?


  1. Stop IIS (iisreset /stop)
  2. Goto C:\Windows\System32\inetsrv\config
  3. Open redirection.config inside notepad
  4. Change the <configurationRedirection> part to <configurationRedirection />
  5. Start IIS again (iisreset)
Categories: IIS, Windows Server

Windows 8.x–Disable Hibernation and Sleep

January 17, 2014 Leave a comment

To turn off either one, first start an administrator mode command prompt

and then type the required commands


#turn off hibernate
powercfg /H off

#disable sleep
powercfg -change -standby-timeout-ac 0



Categories: General

Commonly used AppFabric cmdlets

January 7, 2014 Leave a comment

Note, all cmdlets must run in administrator mode powershell preferable from the Caching Administration shortcut, else in any normal powershell, run

import-module DistributedCacheAdministration



An easy way to get all the commands available in the module is to run the following powershell

Get-Command -module DistributedCacheAdministration | Sort-Object > C:\AppFabric.txt


Get-AFCacheHostStatus, gets the status of the cache hosts in the cluster



Get-CacheStatistics [cachename], gets statistics about the cache


Get-CacheClusterHealth, gets the health of the Cache Cluster



Get-CacheHostConfig, gets the host configuration



Get-CacheConfig [cachename], gets the cache configuration







The name of the cache.


The default time that items reside in the cache before expiring.


The type of cache. This is always Partitioned.


A value of 1 indicates that the cache uses the high availability feature.


Indicates whether objects in the cache can expire.


Specifies an eviction type of Least-Recently-Used (LRU) or None.


Indicates whether notifications are enabled for this cache.

Taken from

Some other useful URLs

Categories: AppFabric

Get every new post delivered to your Inbox.