Eternal photo archive for home

I do not understand the desire to nostalgic for old photos. But the girls can not be undone, so I had to think about the repository for all, so that they no longer pestered to show off karapuz and seals from the company. I do not want to upload all the pictures in a public cloud.

Theory

The service life of the SSD drive is theoretically unlimited, if you do not exceed the number of rewriting cycles in the cell.

Task

Make a storage and viewing of home photo archive from any device in the house,
and put away for the next 10 or 20 years. At the same time, it is possible to upload and view photos from any device connected to the internet, I do not use public storage services and without installing additional client software.

The choice of glands is subjective, but for myself I have formulated a requirement for a small form factor. In addition, everything that is hidden from the eyes in the apartment, as a rule, lies in a fire-hazardous place, for this we wanted power in USB, and a minimum of wires.

As a result, I bought a set of Raspberry Pi 3b (Malinka) - 2000r in a well-known Chinese store, an aluminum box usb-sata 2.5 "- 500r, in an ordinary store SSD 240G 4100r. SD card for 64gb and a tube of ancient KPT-8 were found in a drawer of the table.

It is not known why, but we have an SSD drive that is packed in a usb-sata box is 80% more expensive than separately.

Build a minicomputer Raspberry Pi

Fascinating designer, requires attention and a little space on the table. Mandatory tool only Phillips screwdriver. I downloaded Ubuntu MATE and Win32 Disk Imager from the Raspberry website, recorded the system image on the SD card. Nothing exciting, just press the Ok button. Slightly modified the radiators that came with the raspberry. I cut a piece of double-sided tape with a scalpel and smeared KPT-8, then carefully removed the protective paper from the remaining double-sided tape with tweezers and glued it into place.

Connected to the TV, began to put the system and watch what current consumes Raspberry Pi.
Raspberry Pi 3b current consumption is not more than 0.8A.

Consumption of a usb-sata box with an SSD disk inside at rest 0.1A in operation no more than 0.36A
After installing Ubuntu MATE, I tried to run a video on Raspberry. I quickly realized that life was not successful. In general, the system assembly was similar to a street cat, to which some hooligans tied a tin can to the tail.

He opened SSH on the malinka and carried the entire structure to the mezzanine.

sudo apt install openssh-server sudo systemctl enable sshd 

 sudo ufw allow 22 

 ssh -X @ip__ Raspberry_Pi 

The SSH port did not immediately open. Managing the firewall through the gui program did not work, so I used UFW.

I connected the whole system to the MTS RV6699 router. USB power, wired data. Prior to this, measure the current that RV6699 gives to the USB port. USB to RV6699 quietly gives 1.5A and the whole system started up without problems. But just in case, turned off the Wifi interface on the raspberry.

 ifconfig wlan0 down 

Connect usb drive. The system saw the device, but did not mount the file systems. Proceeding from the desire not to be involved in the process of viewing family photos even in an uncertain future, the disk was formatted in advance in NTFS.

created a new user named user

 adduser user 

made the Photo folder to connect the drive to the home folder of the new user / home / user /

 mkdir Photo 

I looked at the UUID of the partition on the usb disk.

 sudo blkid 

I mounted the partition in the folder / home / user / Photo /, appending a line at the end of the / etc / fstab file

 UUID="7C26EDB626ED7216" /home/user/Photo/ ntfs rw,nls=utf8,gid=plugdev,umask=0000 0 0 

On the router from MGTS RV6699 fixed the ip address of the raspberry.

  > LAN >   

I rebooted the system, I checked that everything starts as it should.

Selecting the interface for downloading and viewing files in the archive

It is clear that access should be through a browser, without additional add-ins and plug-ins. Desirable fast and trendy. Fashionable, so that the cubes on which the interface is assembled are no longer rotten. I also really wanted the ability to view and edit files directly in the browser.

As a result, I chose Cloud Commander. Quick, you can watch pictures in the browser, written in node.js.

Installation

Just Node.js is not enough to install, it has its own installer for programs that needs to be installed additionally.
First put Node.js

 sudo apt-get install nodejs 

and the installer for her

 sudo apt-get install npm 

Then we start the installation of the Cloud commander itself using the npm installer. Installation also asks for root rights.

 sudo npm i cloudcmd -g 

We start Cloud commander

 cloudcmd 

FIG there does not work. We google where the problem is. Eventually:

 sudo ln -s /usr/bin/nodejs /usr/bin/node 

and again..

 $ cloudcmd url: http://localhost:8000/ 

Hurray works!

We rule the Cloud commander config in the /usr/local/lib/node_modules/cloudcmd/json/config.json folder
change the root parameter in order to immediately open a USB drive attached to the folder / home / user / Photo /

 "root": "/home/user/Photo/" 

It remains to open the port for access and configure autorun.

Open the port for access.

 sudo ufw allow 8000 

Customize autorun.

Create a text file cloudcmdstart in / usr / sbin / local to use it to launch Cloud commander.

  > cloudcmdstart mcedit cloudcmdstart 

Writing text in cloudcmdstart

 #!/bin/sh sudo -u user cloudcmd --root /home/user/Photo 

Copy to / usr / sbin

 sudo cp cloudcmdstart /usr/sbin/ 

We inform the system that the cloudcmdstart file can be run.

 sudo chmod +x /usr/sbin/cloudcmdstart 

After that we add it to the autorun at startup. Open the file /etc/rc.local

 sudo mcedit /etc/rc.local 

add the last but one line.

 /usr/sbin/cloudcmdwin 

Save F2, exit F10 editor, reboot.

 sudo reboot 

If everything is ok, after reloading, open on the phone connected to the apartment Wifi address.

 http://ip__RaspberryPi:8000 

I uploaded photos from a computer to check, the speed of copying files is about 4mb (32mbits) per second, the bottleneck is usb-sata box.

Possible problems in the process

1. USB drive is read-only - check the mask in the write disk in the fstab file, there should be all zeros.
2. apt-get install writes errors - update the system from the command line (approximately 1.5 hours) and don’t forget to write sudo before the command
3. ancient test radios get tired - connect ssh -X user @ raspberry, then call sudo gedit path_to_file.
4. Web interface is not always convenient - https://winscp.net

If access to the archive is needed only from home, then that's it.

If you want to use the archive everywhere, then read on - there will be some BDSM.

In the Cloud commander is not possible to enable access via HTTPS on this start to prepare crutches.

First of all, we create a self-made certificate and install the Nginx web server.

Certificates are tricky text files that are needed to encrypt the traffic between you and the device.

How to make such a file yourself so as not to pay every year with different Thawte and other VeriSign steps are written here .

With a self-made certificate, the browser will swear and blush, but the connection will encrypt.

Everything you need to create a self-made certificate in Ubuntu MATE is already installed.

 sudo apt-get install nginx 

Nginx is installed by / etc / nginx, we need to edit its nginx.conf config to enable a password request when accessing Cloud Commander.

 sudo gedit /etc/nginx/nginx.conf 

In the http {} section, add lines to enable password checking and show the path to the htpasswd password file.

 http { ....................... auth_basic "closed site"; auth_basic_user_file /home/user/htpasswd; } 

Create a file with passwords to log in via Nginx

 > htpasswd 

We generate passwords using the form on the site http://seriyps.ru/crypt/htpasswd/ we copy to the file each account from a new line.

Create a file with the configuration of our new site for secure access to the Cloud commander and put it in the / etc / nginx / sites-available folder

 > cloudcmdsite.conf gedit cloudcmdsite.conf sudo cp cloudcmdsite.conf /etc/nginx/sites-enabled 

the contents of the cloudcmdsite.conf file

 server { listen 443; client_max_body_size 712m; ssl on; ssl_certificate /home/user/ssl/server.crt; ssl_certificate_key /home/user/ssl/server.pem; server_name malinka.io; access_log /var/log/nginx/malinka.access.log; location / { proxy_pass http://127.0.0.1:8000; } } 

In this config:
ssl_certificate /home/user/ssl/server.crt; -your public certificate file
ssl_certificate_key /home/user/ssl/server.pem;- your secret key from the certificate

check that everything turned out.

 sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful 

Now you need to configure the Cloud commander. It works out of the box as root.

  gedit /usr/local/lib/node_modules/cloudcmd/json/config.json 

In the file we change the value in the lines:

 "username": "user" "password": "   user   http://md5decrypt.net/en/Sha512/" "console": false 

save.

open port 443 on the firewall.

 sudo ufw allow 443 

reboot raspberry

  sudo reboot 

We forward the port on the router RV6699

  >  > NAT > Port Mapping 

then from the phone connected to the Wifi go to https : // your_the_ external_ip: port

The login and password from the htpasswd file should be requested.

According to the results for a small amount of money, I got the storage for photos that does not gleam, does not take place, and to which you can fasten a million more different features without any special distortions. Bonus to summary time at home for the next 10 years as you want to think.
Make sure that such a system is suitable only for home use.

Why is this better than a ready-made NAS?

It's cheaper. I became confident that the system would work without active cooling, and would not die from overheating when the time of a cheap Chinese fan approached. The ability to not just upload files from the phone, but to view them immediately in the browser. Create test files and edit them. It seems to me that it works faster than a google drive, but this is my subjective opinion.

What else can you do?

To fasten authorization on Nginx using certificates, but I haven’t yet understood why.