We use email and cloud file storage services such as Gmail or Dropbox. However, these services may not be suitable for storing personal and professional confidential data. It is unsafe to use online cloud storage service for business. There is a solution to this problem. PEPS is a platform for the exchange of mail and files based on end-to-end encryption. Data is encrypted and decrypted on your computer (the client) but not on the server. In this case, the server never sees unencrypted data. This gives the confidence that even if the server is hacked, the hackers won’t get access to your correspondence or any data that is stored on the server.
This tutorial consists information about the basic functions, the principle of installation and operation of this software.
PEPS is distributed as a Docker container to simplify the installation.
Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux. Allows you to “package” the application with all their surroundings and dependencies in a container that can be moved to any Linux system with cgroups support in the kernel, and also provides an environment for managing containers.
You need Digital Ocean Droplet with Ubuntu 14.04 x64 and installed Docker program. System requirements:
- Ubuntu 14.04 x64 Droplet with 2 GB RAM capacity (if you have only several users). Select 4 GB RAM or more if you need to create more users or you have to save a huge amount of information;
- SSL certificate to use instead of the self-signed. It is strongly recommended for production environments. You can also create a self-signed SSL free of charge.
If you are going to send messages via e-mail to external e-mail services, you will need to configure RDNS, to avoid getting your emails in spam. Digital Ocean will automatically configure PTR record.
All commands in this tutorial must be performed by a user without root permissions. If the command requires root access, use Sudo command. Initial Ubuntu 14.04 server setup explains how to add users and give them SUDO access.
Step 1 – Docker installation
Installation on Ubuntu.
Update the software:
sudo aptitude update sudo aptitude -y upgrade
Make sure that AUFS is available on your server. Aufs — completely rewritten UnionFS code, it is used to improve stability and increase productivity.
sudo aptitude install linux-image-extra-`uname -r`
Add key to the Docker repository to check a package:
# sudo sh -c "wget -qO- https://get.docker.io/gpg | apt-key add -" sudo: unable to resolve host localhost.localdomain OK
Add Docker repository:
sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\ > /etc/apt/sources.list.d/docker.list"
Update repository list:
sudo aptitude update
Upload and install docker:
sudo aptitude install lxc-docker
Ubuntu firewall (UFW: Uncomplicated firewall) rejects all redirected traffic, which is required for Docker (by default).
Activate redirection with UFW:
Change UFW configuration using nano – text editor.
sudo nano /etc/default/ufw
Scroll down and find the line “DEFAULT_FORWARD_POLICY”, change the configuration from DROP to ACCEPT.
Save using CTRL+X and press Y to confirm saving the file. After that, restart UFW:
service ufw restart
To start the Docker daemon use:
sudo docker -d &
You need to add the user to work now in the docker group (change root user name to your own name):
sudo usermod -aG docker root
Step 2 – Deploying PEPS
Reconnect to the system using SSH from your user account:
Clone the repository:
# git clone https://github.com/MLstate/PEPS
Cloning into 'PEPS'... remote: Counting objects: 282, done. remote: Total 282 (delta 0), reused 0 (delta 0), pack-reused 282 Receiving objects: 100% (282/282), 78.74 KiB | 0 bytes/s, done. Resolving deltas: 100% (137/137), done. Checking connectivity... done.
Go to PEPS directory:
Configure the domain name, enter your domain name instead of example.com:
echo example.com > domain
This command creates a text file with the domain name (according to the the domain name you have specified as the first and only line in the file).
Install make utility:
sudo apt-get update sudo apt-get install make
Create containers (it may take you 10-20 minutes).
If everything was done correctly, yu would see:
Removing intermediate container e830b6ce75c0 Successfully built bbafc12c71c8
For the first run we are going to create temporary SSL certificates / TLS and to run containers.
If you already have the SSL certificate for your domain, skip this step and copy the certificate and key (Step 5).
To create the temporary certificate use the following command:
Fill in the fields to create a certificate.
We are ready to run PEPS using the following command:
sudo make run
Step 3 – The first entrance
To connect to the Web-intarface enter in the browser bar: https://Server_IP_Adress
Now we are usig the temporary SSL certificates, your browser will warn you that this website is unsafe. To continue press Additionally button (Chrome browser).
The field to create an administrator password appears at the first start.
In the encryption system end-to-end in PEPS Admin account can create and remove users, but cannot view their files
You will see the main interface after you set the administrator password.
Then create the domain and the certificate correctly.
Step 4 – Domain settings
PEPS is working correctly now. Now you have to set up the domain properly (use real SSL certificates, configure DNS and others).
Let`s start with DNS. The DNS configuration will differ depending on your provider of the domain names and also if you use a custom interface for configuring your DNS records.
You have to set up A and MX records. For example, example.com is placed on:
mail.example.com. 10799 IN A your_server_ip mail.example.com. 10799 IN MX example.com.
Your Droplet name must be mail.example.com. You can rename Droplet easily. Click on Droplet name to see the details, select Settings tab, press Rename tab. It can take some time so you have to wait till the records will be updated.
You can also setup the additional records. Use MXToolBox test: this service will check your domain settings.
As usual, DNS records update can take up to 48 hours.
Important: If you cannot send or receive email from external domain after you finished configuring PEPS, double check your A and MX records. Perhaps a mistake was made when creating records or these records may not be updated yet.
Step 5 – SSL certificate setup
To install the SSL certificate you have to copy files for your domain to PEPS directory (you received them from the certification center).
You may use the following command to copy files:
scp server.key server.crt your_server_ip:/etc/peps/
where your_server_ip – IP of your server.
Check whether your browser can open https://example.com without SSL error. Try to open it using an incognito tab in your browser.
Step 6 – Testing
To create more users you need to go to PEPS control panel with Administrator access and go to the “People” panel. Select “Users” and click on “New User” function button.
To check email try to send a letter to any Inbox and receive a response to the letter. If the letter is sent, but no response, then most likely the problem is in DNS records. They might not be updated or contain errors. Go back to step 4: Domain settings. Do not forget to check the receive email from the user.
Congratulations! Now you have PEPS working on Digital Ocean Droplet. You can send emails, share files and do a lot of other activities with special plugins.You may not worry about your data. They are protected on the server.
There are several manuals to know more:
More documentation for developers can be found at GitHub.