I don't trust cloud storage services, and you should either. So here is a guide to create your own online drive.
I should note, there are a couple services out there like
ownCloud and soon to be
NextCloud which will likely fulfill your cloud storage needs, but I found them to be cumbersome for my small use case. Plus doing it myself was a great way to learn some new things.
I choose
AWS as a hosting solution because I already use them for
my website and
other random projects.
1. Create an EC2 Instance
In the AWS console, navigate to EC2 then click Launch Instance.
Note: Make sure you have selected the region you want the instance to be created in.
Select an Ubuntu Server AMI instance.
Select an Instance Type. I'm choosing t2.micro because it should fit my needs. This size is also in the free tier for those that are new to AWS.
Click Next
Click Next
Add some tags to your instance for identification. e.g. Name=CloudDrive
Configure Security Group. Add HTTP to your security group.
Launch the instance and generate a new key pair. It is always good practice to generate a new keypair for each instance.
Write down the created instances public IP address for future reference.
2. (Optional) Update your DNS Records
This will allow a friendly name for your site. e.g. webdrive.standen.link
In Route 53, or your favourite domain registrar, add a
CNAME
with a value of the public DNS of the instance you just created.
3. Install Apache with SSL
SSH into your instance, using the public IP address obtained earlier.
3.1 SSH using PuTTY on Windows (Skip this step if you are not using PuTTY on Windows)
Access PuTTY Key Generator and load your keypair downloaded earlier. (xxx.pem)
Click Save private Key to store a xxx.pek file that is accessible for PuTTY
When accessing your instance via PuTTY you will need to add this file under Connection > SSH > Auth in the "private key file for authentication" box.
3. Cont.
Login as user
ubuntu
Obtain root permissions
sudo -s
Update apt-get cache
apt-get update
Install Apache with SSL
apt-get install apache2 libapache2-mod-auth-mysql apache2-utils
4. Get a Certificate for SSL
There are a couple options for this. Each is outlined or linked below. I recommend option 3.
4.1 Generate and Self Sign your own Certificate.
Browsers will not trust your certificate by default.
This will still enable secure communication.
Execute the following commands and fill in information as requested.
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Copy the certificate into the correct folder
cp server.crt /etc/ssl/certs
cp server.key /etc/ssl/private
4.2 Use your a Certificate provided by your Favourite Certificate Authority
Costs money. Why would you pay for something that is (and should be) free? Look below.
Install git on your instance
apt-get install git
Clone the certbot repository
git clone https://github.com/certbot/certbot
Update certbot and install your certificate
cd certbot
./certbot-auto --apache
During this you will have to supply the URL you will be accessing your instance from. This will either be your instance public IP address, or the address you specified in optional step 2.
Provide a valid email address! Just in case something goes wrong.
Agree to the terms and conditions, select
Secure
connection only.
4. Cont.
Confirm your SSL configuration is adequate at
https://www.ssllabs.com/ssltest/analyze.html?d=<your_website_here>
5. Set up WebDav
a2enmod dav
a2enmod dav_fs
Create a directory to share, and apply the appropritate permissions
mkdir /home/ubuntu/share
chown www-data:ubuntu /home/ubuntu/share
Set up a password
a2enmod auth_digest
mkdir /etc/password
Create a password for each user
htdigest -c /etc/password/digest-password CloudShare user1
Note: Additional users do not use the
-c
flag, as this overwrites the file.
Apply appropriate permissions to the password file
chown www-data:ubuntu /etc/password/digest-password
Edit the default-ssl config file (your config file may be
default-ssl.conf
)
nano /etc/apache2/sites-enabled/000-le-default-ssl.conf
Find the line
CustomLog /var/log/apache2/ssl_access.log
combined and under that place the following:
Alias /share /home/ubuntu/share
<Directory /home/ubuntu/share/>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location /share>
DAV On
AuthType Digest
AuthName "CloudShare"
AuthUserFile /etc/password/digest-password
Require valid-user
</Location>
Now restart Apache
/etc/init.d/apache2 restart
That's it!!
Well, kind of.
For information on how to map your cloud drive to your instance, check here
http://www.webdavsystem.com/server/access/
You can also remove the default apache configuration for a cleaner look. You might also want to replace the instance storage with S3 or EBS storage.
I'm investigating the latter and will hopefully provide an update here when that's done.
Let me know if you have any problems in the comments below.