Actions

Turn Raspberry Pi in to a LAMP server

From /oooooooooo.io/

This recipe will take you through the steps of creating a LAMP on a Raspberry Pi to host a Mediawiki, which you can run from home and yet access it through from any location with an internet connection.

Steps will be described for the GNU/Linux Debian distribution.

Get the Raspberry Pi up and running

Download the Raspbian Buster Lite image from https://www.raspberrypi.org/downloads/raspbian/

Clone it to SD card

dd if=2020-02-13-raspbian-buster-lite.img of=/dev/sda status=progress
  • as root
  • of= is the location of the sd card if you are not sure run lsblk to find out

Once cloning is finished:

Enable ssh: mount the sd card to you computer and add to the boot partition (the smallest one) an empty file called ssh

Unmount it and place it on the Pi: Note: Pi must be off. Never ever do move the SD card in or out when the Pi is running. Changes are you end up with corrupted SD card

Connect the Pi with a network cable to your home router and power it.

Connect to the Pi

Find the Pi's IP address by going to your home router web interface and look for the Pi IP address in the Local Area Network.

SSH to the Pi:

ssh pi@PI.IP.ADDRSS
  • default user: Pi
  • default password: raspberry

Basic System Operations

Expand file system

Currently Raspbian is not occupying the entirety of the SD card space. So we must expand the file system by:

  • running
sudo raspi-config 
  • Select section: 7 Advanced Options
  • Select: A1 Expand Filesystem

Once done the system will reboot and you will need to ssh again

Apt

Update the packages references

apt update

Once update you might see a message indicating that there packages that can be upgraded

 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
26 packages can be upgraded. Run 'apt list --upgradable' to see them.

Go ahead and upgrade the packages

apt upgrade

It might be a good moment to install some essential packages: sudo, tmux, git

apt install sudo tmux git 

Users & passwords

Once logged back in it is a good idea to

  • change the root password to something strong
  • delete the Pi user
  • create a new users for your self and other users

Start by becoming root

sudo su -

Change the root password to something strong

passwd

Delete Pi user:

deluser pi

Add your regular user

adduser yourusername

You might want your (and other) user to have super user previleges, hence:

  • install sudo
apt install sudo
  • add your user to sudo group
adduser yourusername sudo 

Now if you log out and log back in again and type:

groups

You will notice you are part of the sudo group - now you can really duck up the system with the wrong commands!! yeahh!

SSH security

Because our Pi will accessible from the outside world is a good idea to:

  • disable ssh with password
  • disable ssh for root

Before we perform this changes it is important the that user's public ssh key placed in those users ~/.ssh/authorized_keys so that the ssh key pair authentication can work.


Install Install Install

So we got to the point where we must start installing all the necessary software to run Mediawiki.

To ease this and other necessary task I have created a Make file to automate the steps required to a Mediawiki installation. We'll use that make file in this process.

As the regular user in the Pi, git clone the mediawiki_make repository: cd ~/ git https://gitlab.com/Castro0o/mediawiki_make cd mediawiki_make


The first command we'll run will install dependencies and configure Mariadb [1]

sudo make dependencies

In MariaDB setting I gave the following answers:

                                                                                                                                                                                                                  
Change the root password? [Y/n] y                                                                                                                                                                                  
New password:                                                                                                                                                                                                      
Re-enter new password:                                                                                                                                                                                             
Password updated successfully!                                                                                                                                                                                     
Reloading privilege tables..                                                                                                                                                                                       
 ... Success!                                                                                                                                                                                                      
                                                                                                                                                                                                                   
Remove anonymous users? [Y/n] y                                                                                                                                                                                    
 ... Success!                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                                                                                                      
Disallow root login remotely? [Y/n] y                                                                                                                                                                              
 ... Success!                                                                                                                                                                                                      
                                                                                                                                                                                                                  
Remove test database and access to it? [Y/n] y                                                                                                                                                                     
 - Dropping test database...                                                                                                                                                                                       
 ... Success!                                                                                                                                                                                                      
 - Removing privileges on test database...                                                                                                                                                                         
 ... Success!                                                                                                                                                                                                      
                                                                                                                                                                                                                   
Reloading the privilege tables will ensure that all changes made so far                                                                                                                                            
will take effect immediately.                                                                                                                                                                                      
                                                                                                                                                                                                                   
Reload privilege tables now? [Y/n] y                                                                                                                                                                               
 ... Success!                        


When everything it is install is good to test things:

Mariadb by login it to it as root: sudo mariadb -h localhost -u root -p

Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 56
Server version: 10.3.22-MariaDB-0+deb10u1 Raspbian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.001 sec)

MariaDB [(none)]> exit;
Bye

Apache webserver: by visiting the Pi's IP address in the browser, which should show the default Apache page

PHP: by creating the /var/www/html/info.php writing inside it: sudo vi /var/www/html/info.php

<?php
phpinfo();
?>

And visiting it at http://pi.ip.addre.ss/info.php


USB disk as backup/image storage (optional)

In order to ensure that we have automated backups of the important files/dbs we will format a USB stick with 2 partitions:

  1. to store wiki images
  2. backup important files and images

We'll use gparted and format the partitions as NTFS so that we can mount in Linux/Mac/Windows as EXT format is only mountable in Linux machines.

Is the result after the formatting

Disk.png


fdisk -l
Disk /dev/sdb: 233.3 GiB, 250450280448 bytes, 489160704 sectors
Disk model: Ultra           
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xd1fce3fe

Device     Boot     Start       End   Sectors  Size Id Type
/dev/sdb1            2048 182947839 182945792 87.2G  7 HPFS/NTFS/exFAT
/dev/sdb2       182947840 489160703 306212864  146G  7 HPFS/NTFS/exFAT


/etc/fstab automatic mounts


Sandbox disk:

/etc/fstab
UUID=0733744D50775536 /var/www/html/itchwiki/images      ntfs-3g   defaults,nls=utf8,rw,exec,auto,uid=www-data,gid=www-data 0 0


Disk /dev/sda: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Disk model: EVDS-63N5B1     
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x000ae312

Device     Boot Start        End    Sectors   Size Id Type
/dev/sda1        2048 1953523711 1953521664 931.5G  7 HPFS/NTFS/exFAT



Tinc

Reverse Proxy on Public Server

As described in https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension Enable the necessary apache2 modules with:

a2enmod

And then:

proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html

Restart apache:

 systemctl restart apache2


Write the following entry:

<VirtualHost *:80>
    ServerName subomain.domain.org
    ProxyRequests Off

    <Directory "/*">
    DirectoryIndex index.html index.php
    </Directory>

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyPass / http://10.0.20.100:80/
    ProxyPassReverse / http://10.0.20.100:80/

    <Location />
         Order allow,deny
         Allow from all
    </Location>
</VirtualHost>

Replacing:

Save it and disable and re enable apache

a2dissite artserver; systemctl reload apache2; a2ensite artserver; systemctl reload apache2

  1. Note: we will be using Apache webserver and Mariadb as database. However you can choose to install Nginx webserver and use a Postgres db or even SQLlite