I got a raspberry Pi B+ and decided to turn it into a web server for the moment. I installed Arch-linux and have to say that it pretty much reminds me of Slackware although they are not the same.
By the way you can build your own case:
http://sixes.net/rdcHQ/rdchq-extra-credit-raspi-b/
However my own experience is that it wasn't quite what it should be ... if you really want something that lasts buy a case.
First thing you have to do after you log in is to update the package repository:
After this we can start installing packages:
pacman -S mc
pacman -S iptraf-ng
pacman -S nginx
pacman -S php php-fpm
pacman -S whois
pacman -S dnsutils
pacman -S screen
To remove a package and its dependencies which are not required by any other installed package use:
pacman -Rs package_name
Let us enable nginx and php on boot:
systemctl enable nginx php-fpm
Then you might get the following error:
May 24 06:47:55 alarmpi systemd[1]: Starting A high performance web server .....
May 24 06:47:55 alarmpi nginx[19638]: 2015/05/24 06:47:55 [emerg] 19638#0: ...m)
May 24 06:47:55 alarmpi systemd[1]: nginx.service: control process exited, ...=1
May 24 06:47:55 alarmpi systemd[1]: Failed to start A high performance web ...r.
May 24 06:47:55 alarmpi systemd[1]: Unit nginx.service entered failed state.
May 24 06:47:55 alarmpi systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@alarmpi ~]# systemctl status nginx -l
* nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2015-05-24 06:47:55 MDT; 26s ago
Process: 19638 ExecStart=/usr/bin/nginx -g pid /run/nginx.pid; error_log stderr; (code=exited, status=1/FAILURE)
The solution to this is:
In /boot/cmdline.txt, add rw just before rootwait also you might consider enabling ipv6 ipv6.disable=0 later ufw will need this.
The numbers of your firewall rules can listed using:
ufw status numbered
To delete rules:
ufw delete ####
where #### is the number of your firewall rule.
Changing the local time: # ln -s /usr/share/zoneinfo/Europe/Minsk /etc/localtime
Other nice ideas please see the references. Cheers!
References:
http://blog.tersmitten.nl/ufw-delete-firewall-rules-by-number.html
http://guides.webbynode.com/articles/security/ubuntu-ufw.html
By the way you can build your own case:
http://sixes.net/rdcHQ/rdchq-extra-credit-raspi-b/
However my own experience is that it wasn't quite what it should be ... if you really want something that lasts buy a case.
First thing you have to do after you log in is to update the package repository:
pacman -Syu
pacman-db-upgrade
After this we can start installing packages:
pacman -S mc
pacman -S iptraf-ng
pacman -S nginx
pacman -S php php-fpm
pacman -S whois
pacman -S dnsutils
pacman -S screen
To remove a package and its dependencies which are not required by any other installed package use:
pacman -Rs package_name
Let us enable nginx and php on boot:
systemctl enable nginx php-fpm
Then you might get the following error:
May 24 06:47:55 alarmpi systemd[1]: Starting A high performance web server .....
May 24 06:47:55 alarmpi nginx[19638]: 2015/05/24 06:47:55 [emerg] 19638#0: ...m)
May 24 06:47:55 alarmpi systemd[1]: nginx.service: control process exited, ...=1
May 24 06:47:55 alarmpi systemd[1]: Failed to start A high performance web ...r.
May 24 06:47:55 alarmpi systemd[1]: Unit nginx.service entered failed state.
May 24 06:47:55 alarmpi systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@alarmpi ~]# systemctl status nginx -l
* nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2015-05-24 06:47:55 MDT; 26s ago
Process: 19638 ExecStart=/usr/bin/nginx -g pid /run/nginx.pid; error_log stderr; (code=exited, status=1/FAILURE)
The solution to this is:
In /boot/cmdline.txt, add rw just before rootwait also you might consider enabling ipv6 ipv6.disable=0 later ufw will need this.
Let's have a look at the web server configuration:
/etc/nginx/nginx.conf
#user html;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
And now about the final touches. It seems that I had some issue with arch running php so after some research I found that it was the "open_basedir" option in php.ini. You should point that parameter to your document root directory. It should be the same as the "root" option in this section:
/etc/nginx/nginx.conf
#user html;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
And now about the final touches. It seems that I had some issue with arch running php so after some research I found that it was the "open_basedir" option in php.ini. You should point that parameter to your document root directory. It should be the same as the "root" option in this section:
cat /etc/php/php.ini; open_basedir, if set, limits all file operations to the defined directory; http://php.net/open-basediropen_basedir = /usr/share/nginx/html
After some analysis I found that there was some interest ;) in my Raspberry so I secured it with ufw:
ufw allow from <ip> to any port <port number>
ufw status
The numbers of your firewall rules can listed using:
ufw status numbered
To delete rules:
ufw delete ####
where #### is the number of your firewall rule.
Changing the local time: # ln -s /usr/share/zoneinfo/Europe/Minsk /etc/localtime
Other nice ideas please see the references. Cheers!
References:
http://blog.tersmitten.nl/ufw-delete-firewall-rules-by-number.html
http://guides.webbynode.com/articles/security/ubuntu-ufw.html
https://wiki.archlinux.org/index.php/Nginx
https://bbs.archlinux.org/viewtopic.php?id=167407
https://www.archlinux.org/packages/community/any/glances/
http://www.tecmint.com/screen-command-examples-to-manage-linux-terminals/
http://www.rackaid.com/blog/linux-screen-tutorial-and-how-to/
https://www.raspberrypi.org/forums/viewtopic.php?f=9&t=2961
https://bbs.archlinux.org/viewtopic.php?id=167407
https://www.archlinux.org/packages/community/any/glances/
http://www.tecmint.com/screen-command-examples-to-manage-linux-terminals/
http://www.rackaid.com/blog/linux-screen-tutorial-and-how-to/
https://www.raspberrypi.org/forums/viewtopic.php?f=9&t=2961
