General Support: 1-612-216-1296

Setting Up an Ubuntu Photo Server

Requirements
• Server running Ubuntu 14.x and 16.x
• DNS configured for the Ubuntu Server
• Familiarity with the Ubuntu command-line interface

Process
1. Run the following commands to obtain necessary binaries:

sudo apt-get update

sudo apt-get install openssh-server
sudo apt-get install apache2
sudo apt-get install curl

2. Run the following commands to set up DNS & SSL:

sudo a2enmod ssl

sudo a2ensite default-ssl
sudo nano /etc/apache2/apache2.conf

3. The last command in Step 2 will open a file in Nano. Enter the following:

ServerName <dns address>

When finished, the file header should look something like this:

Page 1
 General Support: 1-612-216-1296

4. Restart the apache2 service:

sudo service apache2 restart

5. Check to make sure your server is accessible over DNS before continuing

6. Run the following commands:

sudo mkdir /etc/apache2/ssl

sudo openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout /

etc/apache2/ssl/server.key -out /etc/apache2/ssl/server.csr

7. The second command will begin a prompt to make a new CSR. You will be asked
for the following, and can (should) skip the last few accordingly:

• Country 2 letter code

• State
• City
• Organization Name
• Organization Unit Name
• Common Name (DNS Name for Server that we wrote in during Step 3)
• Email - SKIP (Just press Enter)
• Challenge password - SKIP (Just press Enter)
• Optional company name - SKIP (Just press Enter)

Example:

Page 2
 General Support: 1-612-216-1296

8. Run the following command to view the CSR that we just created:

cat /etc/apache2/ssl/server.csr

9. Copy the ENTIRE contents of that CSR file to wherever is convenient. We’re going
to paste it in to the JSS in Step 12. You may need save it to a file and transfer it off of
your server depending on your setup. Make sure to include the BEGIN
CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines!

10. In the JSS, navigate to Settings > Global Management > PKI

11. Click Create Certificate from CSR

12. Paste the entire CSR that we copied in Step 9

13. Change the Certificate Type (at the bottom of the page) to Web Server Certificate

14. Click Create

• Rename the downloaded file to webcert.pem
15. Click Back

16. Click Download CA Certificate

• Rename the downloaded file to ca.pem
17. Navigate to Settings > Mobile Device Management > Apple Education Support >
Edit

18. Check the box to Enable User Images

Page 3
 General Support: 1-612-216-1296

19. Fill in Distribution Point URL for User Images. <FQDN> should be substituted for
the DNS Address we entered in Step 3:

https://<FQDN>/photos/$USERNAME.png

Keep the $USERNAME variable there. Using it will adjust the URL based on the
name of the photo. The name of the photo MUST be the same as the JSS User’s
username!

20. Click Download (right underneath the Certificate Download text on the page)
• Rename the downloaded file to photoca.pem
21. Check the box to Upload Additional Certificate

22. Upload the .pem file that was downloaded in Step 16. We’ve got 3 .pem files
floating around at this point, so make sure it’s the correct one. We are looking for
the Root CA.

23. Save

If you downloaded those 3 .pem files on a server other than the Ubuntu
Photo Server, transfer them all over to the server at this point, before
continuing. Make sure they have been named according to the bullet
points under each download step. This is essential to proceeding.

24. Move all 3 .pem files to /etc/apache2/ssl on the Ubuntu Photo Server.

25. Run the following command to open default-ssl.conf:

sudo nano -B /etc/apache2/sites-available/default-ssl.conf

26. Edit the file as follows:

Look for:
• SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
• SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Replace with:
• SSLCertificateFile /etc/apache2/ssl/webcert.pem
• SSLCertificateKeyFile /etc/apache2/ssl/server.key

Look for:
• #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
Uncomment and replace with:
• SSLCertificateChainFile /etc/apache2/ssl/ca.pem
Look for:
• #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
Uncomment and replace with:

Page 4
 General Support: 1-612-216-1296

• SSLCACertificateFile /etc/apache2/ssl/photoca.pem
Uncomment these two lines:
• SSLVerifyClient require
• SSLVerifyDepth 10
27. Save the file and close it.

28. Restart the apache2 service:

sudo service apache2 restart

29. Run the following command to create the Photo directory:

sudo mkdir /var/www/html/photos

30. Place all of your photos in this directory. As a reminder, they must be named
exactly the same as their JSS User username.

Congratulations! Your Ubuntu Photo Server is ready to go!

Page 5