Resilio Connect

For a couple of months ago i was looking at a p2p sync service which works almost as seafile or ‘owncloud’ except with a p2p engine which has been improved/hardening according to their webpage. So i signed up for some more information, and a possibility to try or look on a demo. It took a while and i thought it was a no show, but last week i received a phone call with more information about the products and how it worked. But I also received a demo key to try it out for the company where i work.

So in this short post i will go through the product from the installation point to fully test the product and give some pro’s and con’s. But first i’ll go through how it works.

P2P

Peer to Peer is a rather interesting protocol, instead of the old classic client -> server thinking it’s more about decentralise the content. This by putting files or content into smaller chunks and distributing it to peers or more like nodes that also has the file/content or parts of the file/content. This also means that we don’t need a dedicated server constantly to serve the file or content, but the collected bunch of nodes need to have 100% of the content/file to sync up. P2P works great as long the content is distributed to one or more nodes, computers that are fully synced or has the whole content is often called seeders since they are able to serve the whole content while the peers has parts of the content and is probably still downloading the content. But the main point is decentralise, increase the speed of the peers and distribute the load over several nodes.

Resilio

Free, Pro, & Workgroup
Resilio offers 3 different kinds of products, Resilio free / pro is a basic filesyncing program which resembles seafile except the engine. Free is rather limited but still a good product, if you spend some extra bucks you get a decent program that syncs your files across several devices and it also includes selective sync. I would go with Resilio free if it’s just syncing from device to device and if i don’t have several devices at home. But if i have several devices and across wan interface i would go with the pro edition, since i could limit the bandwidth usage and use selective sync to limit what i sync across the wan. More info about it here: https://www.resilio.com/individuals/

Workgroup is the second product that is rather good if you want to use it at work, for example projects. The difference between workgroup and resilio free/pro is the several user concept. Thus you are able to share files and folders with co-workers. And it’s very easy to manage which user have access to which file and easy to remove unacceptable users. Another thing they have done with workgroup that free/pro doesn’t offer is ease of access to the files, it’s very easy to share a qr code and give readonly access to specific user. This is also a good product compared to the other syncing tools because it offers unlimited data. More info here: https://www.resilio.com/workgroups/

Connect
Resilio Connect is a enterprise solution, unlike workgroup and pro/free solution its goal is to have a centralised management control over file syncing and command execution(almost like group policy in windows server) . It’s a rather good solution if you only want centralised control and not allowing the users to select what to sync and when to sync. It also has several good features that like scheduled syncing, wan optimisation, selective syncing and several other features. It’s a very good tool to sync data between servers and sending a distributed cmd, their management interface also allows the administrator the view if ‘jobs’ are done and executed. Connect allows almost no user control, this means the users / clients are not allowed to say when how where to sync the data, that is up to the administrator to direct and manage. More information can be found here: https://www.resilio.com/connect/

Installing

After a clean install of debian i decided to download and install Resilio, it seems very simple to install on windows since all the installation guides tend to deal with that. But from my perspective the linux install seems, odd. From what i can read it’s a basic download and un-tar in /opt. I would never do it this way. But since this is a test run with the product sure i’ll go with it. No boot script which means that you have either find one or write it on your own. Remember, NEVER RUN THIS AS ROOT!!!

Installing the management console:

# Install
cd /tmp/
wget https://changethis/resilio-connect-server-linux-x64.tar.gz
tar -xvf resilio-connect-server-linux-x64.tar.gz -C /opt

useradd -M -r -s /bin/false resilioconnect
chmod -R 755 /opt/resilio-connect-server
chown -R resilioconnect:resilioconnect /opt/resilio-connect-server

# No boot script published, please create your own. 

# To run it
/opt/resilio-connect-server/srvctrl start
Testing

First test contained syncing a 3.8gb ISO file between 2 computers and 1 server. 2nd test was to try syncing cmd’s and forcing the computers to reboot on demand. 3rd and final test was to work on the same document at the same time in a synced folder.

The setup
The setup is a very basic network, one AC access point connected to a gbic switch. one macbook connected to the access point with the max theoretical speed of 300Mbit. one server with debian connected to the switch with a 1 gbic interface, this server also has the resilio connect management control installed. And one client pc connected with a 1 gbic interface to the switch. Both the macbook and the pc client has the resilio agent installed and connected to the server. A clear image of the setup is shown bellow.

1. Result from filesync
The files synced rather fast, first the server got the whole file but at the same time the client was also synchronising. Which meant once the server was done it also pushed out (seeded) the file that was stored in the shared folder, pushing the client to a peak of 700Mbit, which wasn’t bad. It took a bit longer with several small files to sync up but it also the same, pushing both the server and the clients to its limit.

2. Results from cmd’s
First i ran basic restart script to find out if the computers & server actually reboots, resulted in none of them restarted since none of the agents on the computers had the privilege to execute it. Though the Resilio manager returned ‘job done’. It was rather neat since i was able to set different reboot cmd’s depending on OS. The second cmd was basic fetch sys information from the systems into the shared sync folder, which was a success. All the systems returned the information that they had privilege to access. This could be a alternative way to shoot out scripts and files, perfect if you are managing several servers that requires a patch or application.

3. Several editing the same file
I did a basic text document editing, just to find out what happens when two or more users were working with the same file at the same moment. On one computer i wrote a couple of lines saved and kept it open, on the other computer i edited the same file and save upon exit. I waited for the sync to be completed. It wrote over the file on computer 1. Saved and exit on computer 1 again and the old version was back. Thus no version check or conflicting copies were done, which i dislike since i always have users editing projects at the same time. Maybe a feature they might implement but who knows.

Conclusion

Resilio seems to be in the early stage of development, it has a really good concept and possible a good engine. But lacks several features that could give the administrator and the users more right to manage content. But i will give a very strong warning to who ever uses this software, make sure to jail this software and ensure no one ever gets access to the management interface without permission or experience. If this software is installed by default settings, and is running with the wrong permission it could do more damage than good.

What i would love to see is mixing both resilio connect and resilio workgroup, specially if it’s a larger company that needs workgroup features but still some control over how everything is used over the network and when. thus be able to limit the bw usage different hours and so on. And making it easier for those users that needs to be forced into syncing different folders. And maybe expand the possibility to backup user data using this tech. The selective sync might be advanced for beginners and would be easier with a interface showing what to sync and not to sync in a project.

This is almost as good as the project in the tv show ‘Silicon Valley’ super good idé and engine, but lacks the bigger picture and direction on where to go. It will be a hit for advanced users and administrators, but doesn’t reach the less savvy users.

Pros
+ Fast syncing
+ Server downtime isn’t the end of the world
+ Nice looking interface
+ BG Sync works perfect
+ Large file transfers
Cons
– Users will not be able to select what to sync.
– Users will use their bw to sync.
– Linux lacks boot script and sketchy install
– Has few functions compared to the competition
– Lacks the features that Resilio Workgroup has.
– Lacks a bigger picture

Freebsd 11.0 – FEMP

FEMP

This is a basic setup of FEMP, it’s splitted in several parts. First you have to select either installing it from ports or building it all from source files, both works but the port install takes less time todo. After you have done the installation move forward to configuration and trying it out. This is by no mean a optimal guid, but a fast jump into installing FEMP.

Through Ports

###################################################################
#
# First i start off with Nginx since its the easy part of the install
#
###################################################################

# Enter the ports folder for nginx
cd /usr/ports/www/nginx

# Configure the build, Basic settings are fine for beginners
make config-recursive

# Install and clean up
make install clean

# Add nginx to startup upon boot of the os
echo 'nginx_enable="YES"' >> /etc/rc.conf

# Create a www data folder that is easy to access for the future. And change owner.
mkdir /home/www
mkdir /home/www/default
chown www:www /home/www


###################################################################
#
#  Next step is install the database, i prefer mariadb.
#
###################################################################

# Enter the ports folder for mariadb server 10.1
cd /usr/ports/databases/mariadb101-server/

# Configure the build, accept basic settings
make config-recursive

# Install and clean up, this will take a while.
make install clean

# Setup the password for mysql root account, default is none if asked for passwd.
# Set a strong password, and then default settings on the rest.
/usr/local/bin/mysql_secure_installation

# Add it to startup upon boot of os.
echo 'mysql_enable="YES"' >> /etc/rc.conf

###################################################################
#
# Now time for the last part install php.
#
###################################################################

# Enter the ports folder for mariadb server 10.1
cd /usr/ports/lang/php70

# Ensure that fpm is marked.
make config-recursive

# Install and clean-up
make install clean

# Add php to spawn upon boot
echo 'php_fpm_enable="YES"' >> /etc/rc.conf

# Copy the production file into php.ini
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

# install following extensions Json, session, mysqli, mbstring, 
# gd, openssl, zlib, zip, pdo_mysql
cd /usr/ports/lang/php70-extensions
make config-recursive
make install clean
Building from source
######################################
#  Fetch all the files
######################################
cd /tmp/
fetch ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
fetch http://www.cpan.org/src/5.0/perl-5.24.1.tar.gz
fetch http://nginx.org/download/nginx-1.11.9.tar.gz
fetch http://se2.php.net/get/php-7.1.1.tar.gz/from/this/mirror
fetch http://acc.dl.osdn.jp/php-i18n/52624/libmbfl-1.2.0.tar.gz
fetch http://www.zlib.net/zlib-1.2.11.tar.gz
fetch --no-verify-peer https://www.openssl.org/source/openssl-1.0.2k.tar.gz
fetch http://www.libarchive.org/downloads/libarchive-3.2.2.tar.gz
fetch --no-verify-peer https://curl.haxx.se/download/curl-7.52.1.tar.gz
fetch --no-verify-peer https://cmake.org/files/v3.7/cmake-3.7.2.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/m4/m4-1.4.18.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/bison/bison-3.0.4.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/bash/bash-4.4.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/bash/readline-5.1.tar.gz
fetch ftp://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz
fetch --no-verify-peer https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
fetch ftp://ftp.gnu.org/gnu/gss/gss-1.0.3.tar.gz
fetch http://ftp.ddg.lth.se/mariadb//mariadb-10.1.21/source/mariadb-10.1.21.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/automake/automake-1.15.tar.gz
fetch --no-verify-peer https://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
fetch http://ftp.acc.umu.se/mirror/gnu.org/gnu/libtool/libtool-2.4.tar.gz
fetch ftp://xmlsoft.org/libxml2/libxml2-2.9.4.tar.gz
fetch http://downloads.webmproject.org/releases/webp/libwebp-0.6.0.tar.gz
fetch --no-verify-peer https://kent.dl.sourceforge.net/project/libpng/libpng16/1.6.28/libpng-1.6.28.tar.gz
fetch --no-verify-peer https://gmplib.org/download/gmp/gmp-6.1.2.tar.xz
fetch http://www.ijg.org/files/jpegsrc.v9b.tar.gz
fetch --no-verify-peer https://mirrors.netix.net/sourceforge/m/mc/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz



######################################
#  Un-tar everything in /tmp
######################################
tar -zxf pcre-8.40.tar.gz | tar -zxf nginx-1.11.9.tar.gz | tar -zxf mirror
tar -zxf mariadb-10.1.21.tar.gz  | tar -zxf perl-5.24.1.tar.gz | tar -zxf zlib-1.2.11.tar.gz
tar -zxf libmbfl-1.2.0.tar.gz | tar -zxf openssl-1.0.2k.tar.gz
tar -zxf libarchive-3.2.2.tar.gz | tar -zxf curl-7.52.1.tar.gz | tar -zxf cmake-3.7.2.tar.gz
tar -zxf m4-1.4.18.tar.gz | tar -zxf bison-3.0.4.tar.gz | tar -zxf bash-4.4.tar.gz
tar -zxf readline-5.1.tar.gz | tar -zxf libffi-3.2.1.tar.gz | tar -zxf Python-2.7.13.tgz
tar -zxf gss-1.0.3.tar.gz | tar -zxf mariadb-10.1.21.tar.gz | tar -zxf automake-1.15.tar.gz
tar -zxf autoconf-2.69.tar.gz | tar -zxf libtool-2.4.tar.gz | tar -zxf libmcrypt-2.5.8.tar.gz
tar -zxf libxml2-2.9.4.tar.gz | tar -zxf libwebp-0.6.0.tar.gz
tar -zxf libpng-1.6.28.tar.gz | tar -zxf gmp-6.1.2.tar.xz | tar -zxf jpegsrc.v9b.tar.gz


######################################
#
#  Required files/packages  before
#  install of php,nginx,mariadb
#
######################################
cd /tmp/perl-5.24.1
./configure.gnu
make
make install

cd /tmp/openssl-1.0.2k
./config -fPIC shared
make
make install

cd /tmp/libarchive-3.2.2
./configure
make
make install

cd /tmp/curl-7.52.1
./configure
make
make install

cd /tmp/cmake-3.7.2
./configure
make
make install

cd /tmp/m4-1.4.18
./configure
make
make install

cd /tmp/bison-3.0.4
./configure
make
make install

cd /tmp/bash-4.4
./configure
make
make install

cd /tmp/readline-5.1
./configure
make
make install

cd /tmp/libffi-3.2.1
./configure
make
make install

cd /tmp/Python-2.7.13
./configure --enable-shared --enable-optimizations
make
make install

cd /tmp/gss-1.0.3
./configure
make
make install

cd /tmp/pcre-8.40
./configure
make
make install

cd /tmp/autoconf-2.69
./configure
make
make install

cd /tmp/automake-1.15
./configure
make
make install

cd /tmp/libtool-2.4
./configure
make
make install

cd /tmp/libmbfl-1.2.0
chmod +x buildconf
./buildconf
./configure
make
make install

cd /tmp/libxml2-2.9.4
./configure
make
make install

cd /tmp/libwebp-0.6.0
./configure
make
make install

cd /tmp/libpng-1.6.28
./configure
make
make install

cd /tmp/gmp-6.1.2
./configure
make
make install

cd /tmp/jpeg-9b
./configure
make
make install

cd /tmp/libmcrypt-2.5.8
./configure --disable-posix-threads
make
make install

######################################
#  MARIADB
######################################
cd /tmp/mariadb-10.1.21
pw groupadd mysql
pw adduser mysql -g mysql -d /usr/local/mysql

# In the menu just press c for configure, takes a while.
# Write no on 'JEMALLOC_STATIC_LIBRARY' & 'WITH_JEMALLO',
# and last line to write no on 'PLUGIN_TOKUDB'
# press c and then g to save config & quit.
ccmake .

# Compiling using 4 threads.
make -j4

# Install everything
make install

# Add the run file
mkdir /usr/local/etc/
mkdir /usr/local/etc/rc.d
cd /usr/local/etc/rc.d
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/2017/mysql-server
chmod +x /usr/local/etc/rc.d/mysql-server

# Add the default my.cnf (change this later on..)
mkdir /var/db/mysql
cd /var/db/mysql/
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/2017/my.cnf

# Start sql server
/usr/local/etc/rc.d/mysql-server onestart

# Set password for root mysql user
/usr/local/mysql/bin/mysql_secure_installation


######################################
#  NGINX
######################################
cd /tmp/nginx-1.11.9
./configure --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --with-cc-opt="-I /usr/local/include" --with-ld-opt="-L /usr/local/lib" --with-http_stub_status_module
make
make install

# Add the run file
cd /usr/local/etc/rc.d
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/nginx
chmod +x /usr/local/etc/rc.d/nginx

mkdir /var/log/nginx/
mkdir /home/www
mkdir /home/www/default
chown www:www /home/www

######################################
#  PHP
######################################
cd /tmp/php-7.1.1

# Compiling php with the needed extensions.
./configure \
--enable-fpm \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-libxml \
--enable-zip \
--with-bz2=shared \
--with-curl=shared \
--with-gd \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--with-webp-dir=/usr \
--enable-gd-native-ttf \
--with-gmp=shared \
--enable-mbstring \
--enable-bcmath \
--with-mcrypt \
--with-mhash=shared \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-pdo-mysql \
--enable-sockets \
--with-zlib \
--enable-ftp \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--with-openssl

# Install
make -j4
make install

# Add the run file
cd /usr/local/etc/rc.d
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/2017/php-fpm
chmod +x /usr/local/etc/rc.d/php-fpm

# Copy the production ini to the correct folder and so php loads the correct ini
cd /usr/local/etc/
fetch --no-verify-peer https://lyxi.ga/wp-content/uploads/2017/php.ini
chmod 755 php.ini

cp /usr/local/etc/php-fpm.d/www.conf.default /usr/local/etc/php-fpm.d/www.conf
cp /usr/local/etc/php-fpm.conf.default /usr/local/etc/php-fpm.conf

# Change this line in /usr/local/etc/php-fpm.conf
include=NONE/etc/php-fpm.d/*.conf
# To
include=/usr/local/etc/php-fpm.d/*.conf

# And in php-fpm.conf uncomment and change
;pid = run/php-fpm.pid
# To
pid = /var/run/php-fpm.pid


######################################
#  Last part + cleanup
######################################
# Add programs to boot, nginx,php,mysql.
echo 'php_fpm_enable="YES"' >> /etc/rc.conf
echo 'mysql_enable="YES"' >> /etc/rc.conf
echo 'nginx_enable="YES"' >> /etc/rc.conf

# Remove all files in /tmp
rm -R /tmp/*
######################################
#  Now continue to configuration before trying out the services!
######################################


Configurations

There are a couple of basic configurations that need to be done. Lets start with configuring php-fpm, and continue with php.ini and then get nginx to work with php.

/usr/local/etc/php-fpm.d/www.conf

# Next we uncomment the user and group of the ownership
;listen.owner = www
;listen.group = www
;listen.mode = 0660

# To following 
listen.owner = www
listen.group = www
listen.mode = 0660

/usr/local/etc/php.ini

# Security option that needs to be uncommented and set to 0
# ;cgi.fix_pathinfo=1

# Change it to
cgi.fix_pathinfo=0

# If you plan to transfer large files, change this to preferred value
upload_max_filesize = 2M

# And if you have larger transfers make sure that the execution time is extended
max_execution_time = 30

/usr/local/etc/nginx/nginx.conf
First delete the old nginx.conf and replace it with the one bellow.

# Set the worker process to auto, or the amount of cpus/core you have
worker_processes  auto;
# Store errors in logs/error.log and log even warnings
error_log /var/log/nginx/error.log warn;
# Create and store pid in logs/pid
pid /var/run/nginx.pid;

events {
    worker_connections  1024;
    multi_accept on;
    use kqueue;
}


http {
    # Define the mime.types
    include       mime.types;
    default_type  application/octet-stream;

    # How logs are structured
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    # Store access logs in logs/access.log
    access_log  /var/log/nginx/access.log  main;

    # Optimising nginx, when serving static content.
    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay    on;
    # Set keepalive time out to 15 sec
    keepalive_timeout  15;

    # Enable gzip compression
    gzip  on;
    
    # Disable gzip on old crap iexplorer
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    # Include site configurations from the sites/ folder.
    include  /usr/local/etc/nginx/sites/*;
}

/usr/local/etc/nginx/sites/default.site

server {
    listen 80;
    server_name localhost;
    root /home/www/default;

    location / {
        index  index.php index.html index.htm;
    }

    location = /50x.html {
        root   html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    location ~ /\.ht$ {
         deny  all;
    }
}
/usr/local/etc/my.cnf

If you want to change some settings to mariadb, the settings are located in /usr/local/share/mysql/ with filnames such my-small.cnf, my-medium.cnf, my-larg.cnf, my-huge.cnf open the preferred size, configure it and save it as /usr/local/etc/my.cnf

And we are done! Good luck optimising!

Testing the build

Basic test could be done by running a phpinfo() call in the index file just to make sure it works
/home/www/default/index.php

< ?php
phpinfo();
? >

Or we could do a quick test to see if php, mariadb and nginx works together, by first trying to install and use phpmyadmin & wordpress.

Install Phpmyadmin

# Enter the tmp folder
cd /tmp

# Fetch the phpmyadmin
fetch --no-verify-peer https://files.phpmyadmin.net/phpMyAdmin/4.6.5.2/phpMyAdmin-4.6.5.2-all-languages.tar.gz

# Untar the file
tar -zxf phpMyAdmin-4.6.5.2-all-languages.tar.gz

# Make directory phpmyadmin in webfolder
mkdir /home/www/default/phpmyadmin

# Copy the files to the webfolder
cp -R /tmp/phpMyAdmin-4.6.5.2-all-languages/* /home/www/default/phpmyadmin

#remove temp files
rm -R /tmp/phpMyAdmin-4.6.5.2-all-languages | rm phpMyAdmin-4.6.5.2-all-languages.tar.gz

Now you should be able to access phpmyadmin @ http://ip_to_server/phpmyadmin While trying it out, ensure that you make a database for the wordpress install.

Install WP

# Enter the tmp folder
cd /tmp

# Fetch the latest wordpress file
fetch --no-verify-peer https://wordpress.org/latest.tar.gz

# Untar the file
tar -zxf latest.tar.gz

# Copy wordpress file into default www folder 
cp -R /tmp/wordpress/* /home/www/default/

# Remove temp files
rm -R /tmp/wordpress | rm latest.tar.gz 

# Done

After adding the wordpress files to the www-folder you have to enter http://ip_to_server/ and follow the installation guide, if everything is setup correctly the setup should work flawlessly. Remember to set the right folder permissions to get it to work, correct permissions can be found at: https://codex.wordpress.org/Changing_File_Permissions

There are alot of improvements that could be done to this setup. For example adding caching features, or adding/removing extensions, and solving the snmp issue if the service provider blocks it and so on.