Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision |
rpi_nimbus [2019/03/29 12:53] โ Jรบne Park | rpi_nimbus [2024/05/05 12:51] โ [Specification] Jรบne Park |
---|
<nav> | <nav> |
* {{fa>server?color=#8B0000}} Linux | * {{fa>server?color=#8B0000}} Linux |
* [[:rpi_common|General Things on Raspbian]]ย | * [[rpi_common|โ General Things on Raspbian]]ย |
* [[:rpi_autism|Media Ditorium โ AUTiSM Rainbow]]ย | * [[debian_common|โ General info on Debian Linux]]ย |
* [[:rpi_epigen|Private Cellarium โ EPiGEN Crystal]]ย | * [[deb_cicada|๐๐ข๐๐๐๐ ๐๐๐ฉ๐ ๐ฅ๐ฆ๐]]ย |
* [[:rpi_nimbus|Webius Officium โ NiMBUS deBlanc]]ย | * [[deb_mutism|๐๐๐๐ข๐๐ ๐๐๐๐๐ฆ๐]] ย |
* [[:debian_common|General info on Debian Linux]]ย | * [[deb_gilead|๐๐ข๐๐๐๐ ๐ธ๐ฃ๐๐๐๐ฅ๐]] ย |
* [[:deb_mutism|Opus Imperium โ MUTiSM Magnum]] | * [[deb_symbio|๐๐๐๐๐ข๐ โ๐ ๐๐๐ฅ๐ฆ๐ค]]ย |
| * [[deb_tardis|๐๐๐๐๐ข๐ ๐๐ก๐๐ฅ๐๐ฆ๐]] ย |
| * [[deb_debris|๐๐๐๐๐ข๐ โ๐๐ฃ๐ ๐๐]] |
* {{fa>windows?color=#0000A0}} Windows | * {{fa>windows?color=#0000A0}} Windows |
* [[:pc_common|Common Works on Windows]]ย | * [[:pc_common|โ Common Works on Windows]]ย |
* [[:pc_mesonism|Primus Workstation โ MESONiSM]]ย | * [[PC_MESONiSM|๐๐๐๐๐๐ข๐๐]] ย |
* [[:pc_mesonium|Manibus Tablet โ MESONiUM]]ย | * [[PC_MESONiST|๐๐๐๐๐๐ข๐๐]] |
* [[:pc_mesonist|Domumus Workstage โ MESONiST]]ย | |
* [[:pc_mesonity|Praevus Station โ MESONiTY]] | |
* {{fa>android?color=#006400}} Android | * {{fa>android?color=#006400}} Android |
* [[:cell_common|Common Stuffs on Androids]]ย | * [[:cell_common|โ Common Stuffs on Androids]]ย |
* [[:cell_epiaux|Jรบne's Primus โ EPiAUX 5X]]ย | * [[CELL_EPiCON|๐๐๐ข๐๐๐ ๐ฝ๐]] ย |
* [[:cell_epihex|Jรบne's Extentus โ EPiHEX 6]]ย | * [[CELL_EPiMER|๐๐๐ข๐๐๐ ๐ก]] ย |
* [[:cell_epinex|Jรบne's Secondus โ EPiNEX 5]]ย | * [[CELL_EPiLUX|๐๐๐ข๐๐๐ ๐]] ย |
* [[:cell_epitab|Jรบne's Laminus - EPiTAB 7]]ย | * [[CELL_EPiTAP|๐๐๐ข๐๐๐ ๐๐]] ย |
* [[:cell_epixus|Jรบne's Tertius โ EPiXUS 4]] | * [[CELL_EPiETA|๐๐๐ข๐๐๐ ๐]] |
</nav> | </nav> |
| |
===== Webius Officium โ NiMBUS deBlanc ===== | ====== Webius Officium โ NiMBUS deBlanc ====== |
| |
{{:rpi_nimbus.jpg?nolink&250|}} | {{:rpi_nimbus.jpg?nolink&250|}} |
| |
* Name: {{material>assignment_turned_in}} NiMBUS deBlanc (official) | {{material>create}} ๊ตฌ์ด๋ชฝ (korean) | Name: {{mdi>cards?28&color=#BC5D2E}} ''**NiMBUS** deBlanc'' (official) | {{mdi>creation?28&color=#BC5D2E}} ''๊ตฌ์ด๋ชฝ'' (korean) |
| |
---- | ---- |
==== Specification ==== | ==== Specification ==== |
| |
* Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]]ย | {{mdi>raspberry-pi?32&color=#BC5D2E}} Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]] |
* {{fa>database?color=#522B47}}: 240G on ''/var/www'' & 500G on ''~/storage'' - {{fa>plug}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{fa>lock}}ย | |
* {{fa>wifi?color=#7B0828}}: Wireless (''wlan0'') & Wired (''eth0'') - {{fa>wifi}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Jรบne's home network]] {{fa>lock}}ย | |
* {{fa>globe?color=#0F0E0E}} Web service and web resources including [[wp>WebDAV]] | |
| |
---- | {{mdi>database-plus?32&color=#BC5D2E}} Storages --- {{mdi>harddisk}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{mdi>lock}}ย |
| * {{mdi>database}} ''**240G**'' --- ''/var/www'' partition {{fa>usb?14&color=#005eb8}}ย |
| * {{mdi>database}} ''**500G**'' --- ''~/storage'' partition {{fa>usb?14&color=#005eb8}} |
| |
==== Hosting Services ==== | === Live status of storages === |
| |
<button type="info" icon="fa fa-lock">[[[[secured:web_admin#june_s_pion_gateway|admin]]</button> **''[[https://pi.meson.one/|Jรบne's PiON Gateway]]''** --- WebDAV and Documents Archives | <code ini>ย |
| Mounted on Type Size Used Avail Use%ย |
| / ext4 15G 2.0G 12G 15%ย |
| /var/www ext4 220G 474M 208G 1%ย |
| /home/www-data ext4 458G 313G 122G 72%ย |
| </code> |
| |
| {{mdi>server-network?32&color=#BC5D2E}} --- {{mdi>wifi-strength-3-lock}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Jรบne's home network]] {{mdi>lock}} |
| * {{mdi>lan?color=#9000B3}} Wired (''NiMBUS-enx001'') |
| * {{mdi>wifi?color=#9000B3}} Wireless Connection (''NiMBUS-wlx001'') |
| * {{mdi>lan?color=#9000B3}} Wired {{fa>usb?14&color=#000000}} (''NiMBUS-wlx002'') |
| |
<button type="info" icon="fa fa-lock">[[[[secured:web_admin#june_s_cloud_platform|admin]]</button> **''[[https://cloud.meson.in|Jรบne's Cloud Platform]]''** --- Gateway for all cloud services | {{mdi>web?32&color=#BC5D2E}} Web publishing and web resources including [[wp>WebDAV]] |
| |
<button type="info" icon="fa fa-lock">[[[[secured:web_admin#june_s_wiki|admin]]</button> **''[[https://wiki.meson.in|Jรบne's Wiki]]''** --- What I Know Is ... Here | ---- |
| |
| ==== Hosting Services ==== |
| |
{{fa>sliders?color=#d20962&2x}} Live [[:secured:nginx_config#nimbus_debalanc|Nginx Configuration]] for ''**NiMBUS**'' {{fa>lock?color=#808080}} | <button type="primary" size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_pion_gateway|admin]]</button> **''[[https://pi.meson.one/|Jรบne's PiON Gateway]]''** --- WebDAV and Documents Archives |
| |
| |
| <button type="primary" size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_cloud_platform|admin]]</button> **''[[https://cloud.meson.in|Jรบne's Cloud Platform]]''** --- Gateway for all cloud services |
| |
| <button type="primary" size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_wiki|admin]]</button> **''[[https://wiki.meson.in|Jรบne's Wiki]]''** --- What I Know Is ... Here |
| |
| <button type="danger" size="sm" icon="fa fa-sliders">[[https://wiki.meson.one/doku.php?id=secured:nginx_config#nimbus_debalanc|Nginx Configuration]]</button> Showing lively on OWL {{fa>opera?14&color=#cc0f16}} for ''**NiMBUS** deBlanc'' {{fa>lock?color=#808080}} |
| |
---- | ---- |
==== ๏ผWork logs ==== | ==== ๏ผWork logs ==== |
| |
* ''Renew SSL certificates'' (Let's Encrypt) done --- <sub>Updated on</sub> //2019/03/13 20:08//ย | * ''adjust & optimize'' value of ''php-fpm'' -- ''/etc/php/7.x/fpm/pool.d/www.conf'' <sub> --- Updated on //2020/07/25 21:40// </sub>ย |
* ''configure'' access.log and error.log separately --- <sub>Updated on</sub> //2018/09/20 11:12//ย | * ''proxy_pass'' for ''transmission web'' with ''bit.meson.in'', ''tor.meson.in'' & ''gen.meson.in'' <sub> --- Updated on //2020/07/25 04:15// </sub>ย |
* ''create'' server block for {{fa>folder-open}} [ ''dav.meson.in'' ] --- Updated on //2018/08/14 15:35// | * **''Fresh installation''** <sub> --- Updated on //2020/07/25 04:13// </sub>ย |
| * Change ''backup rsync'' to another partition <sub> --- Updated on //2020/06/27 04:01// </sub>ย |
| * Change ''web root'' of ''eigen.ml'', ''dav.meson.in'' & ''pdf.meson.in'' <sub> --- Updated on //2020/06/27 04:00// </sub>ย |
| * Plugin Wireless LAN {{mdi>usb}} & Wired Giga LAN {{fa>usb}} <sub> --- Updated on //2020/02/22 03:32// </sub>ย |
| * **''Fresh installation''** <sub> --- Updated on //2020/02/11 02:16// </sub>ย |
| * ''configure'' access.log and error.log separately <sub> --- Updated on //2018/09/20 11:12//</sub>ย |
| * {{mdi>sitemap}} ''create'' server block for [ ''dav.meson.in'' ] <sub> --- Updated on //2018/08/14 15:35//</sub> |
* ''Optimize'' Nginx configuration for **''Dokuwiki''** [[https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|reference content]] | * ''Optimize'' Nginx configuration for **''Dokuwiki''** [[https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|reference content]] |
* ''create'' server block for {{fa>book}} [ ''lib.meson.one'' ] library project --- Updated on //2018/04/11 18:22//ย | * {{mdi>book-open-page-variant}} ''create'' server block for [ ''lib.meson.one'' ] library project <sub> --- Updated on //2018/04/11 18:22//</sub> ย |
* Activate gzip module in Nginx --- Updated on //2018/02/27 06:10//ย | * Activate gzip module in Nginx <sub> --- Updated on //2018/02/27 06:10//</sub> ย |
* Configured HTTP/2 for all sites --- Updated on //2018/02/15 19:45// | * Configured HTTP/2 for all sites <sub> --- Updated on //2018/02/15 19:45//</sub> |
* Finished to publish front page of ''pi.meson.one'' and ''cloud.meson.in'' | * Finished to publish front page of ''pi.meson.one'' and ''cloud.meson.in'' |
* ''Add USB Wireless (802.11n)'' and assigned --- Updated on //2018/01/31 19:47// | * ''Add USB Wireless (802.11n)'' and assigned <sub> --- Updated on //2018/01/31 19:47//</sub> |
| |
| |
<hidden> | <hidden> |
โ For archived history of SSL renewal | โ For archived history of SSL renewal |
| * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub> --- Updated on //2019/08/01 18:48// </sub> |
| * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub> --- Updated on //2019/05/23 01:57// </sub> |
| * ''Renew SSL certificates'' (Let's Encrypt) done <sub> --- Updated on //2019/03/13 20:08//</sub> |
* ''Renew SSL certificates'' (Let's Encrypt) done --- <sub>Updated on</sub> //2018/10/21 00:29// | * ''Renew SSL certificates'' (Let's Encrypt) done --- <sub>Updated on</sub> //2018/10/21 00:29// |
* ''Renew SSL certificates'' (Let's Encrypt) done --- Updated on //2018/08/13 21:11// | * ''Renew SSL certificates'' (Let's Encrypt) done --- Updated on //2018/08/13 21:11// |
| |
=== ๏ผQue to do === | === ๏ผQue to do === |
| |
* {{fa>server?color=#AA0000}} reverse proxy configuration | |
| |
* rsync with cloud service such as Box or Dropbox | * rsync with cloud service such as Box or Dropbox |
* Organize front page of ''pi.meson.one'' and ''cloud.meson.in'' | * Organize front page of ''pi.meson.one'' and ''cloud.meson.in'' |
</hidden> | </hidden> |
| |
| ---- |
| ==== Disable Build-in Radios ==== |
| |
| Edit ''/boot/config.txt'' |
| |
| <code ini> |
| dtoverlay=disable-wifi |
| dtoverlay=disable-bt |
| </code> |
| |
| Or add configuration string in ''config.txt'' |
| |
| <code bash> |
| echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt |
| echo "dtoverlay=pi3-disable-bt" | sudo tee -a /boot/config.txt |
| </code> |
| |
| Disable systemd service that initializez Bluetooth Modems connected by UART. |
| |
| <code bash> |
| sudo systemctl disable hciuart.service |
| </code> |
| |
| ---- |
| ==== Setup different SSIDs ==== |
| |
| Default (initial) configuration for Wireless is stored in ''/etc/wpa_supplicant/wpa_supplicant.conf'' |
| |
| If another wireless device is ''wlan1'' then copy as ''wpa_supplicant-**wlan1**.conf'' and edit |
| |
| <code ini> |
| ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel |
| network={ |
| ssid="example" |
| scan_ssid=1 |
| key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE |
| pairwise=CCMP TKIP |
| group=CCMP TKIP WEP104 WEP40 |
| psk="very secret passphrase" |
| eap=TTLS PEAP TLS |
| identity="user@example.com" |
| password="foobar" |
| ca_cert="/etc/cert/ca.pem" |
| client_cert="/etc/cert/user.pem" |
| private_key="/etc/cert/user.prv" |
| private_key_passwd="password" |
| phase1="peaplabel=0" |
| ca_cert2="/etc/cert/ca2.pem" |
| client_cert2="/etc/cer/user.pem" |
| private_key2="/etc/cer/user.prv" |
| private_key2_passwd="password" |
| } |
| </code> |
| ==== Enable your Server Blocks ==== |
| |
| <code bash> |
| sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/ |
| </code> |
| |
---- | ---- |
=== Renew Let's Encrypt certificates === | === Renew Let's Encrypt certificates === |
| |
For renewal certificates, run ''letsencrypt-auto'' and follow the proceeds. | For renewal certificates, run ''certbot-auto'' and follow the proceeds. |
| |
<code bash> | <code bash> |
./letsencrypt-auto --domains YOUR.DOMAIN.COM | ./certbot-auto --domains YOUR.DOMAIN.COM |
</code> | </code> |
| |
| |
<code bash> | <code bash> |
./letsencrypt-auto renew | ./certbot-auto renew |
</code> | </code> |
| |
| === Delete certificate(s) === |
| |
| Delete certificates from Let's Encrypt, run |
| |
| <code bash> |
| ./certbot-auto delete |
| </code> |
| |
| ---- |
| |
| ==== Let's Encrypt via repository ==== |
| |
| <code bash> |
| sudo apt update |
| sudo apt install certbot python-certbot-nginx |
| </code> |
| |
| command is same as ''certbot-auto'' by ''root'' privilege. |
| |
| === Create certificate(s) === |
| |
| <code bash> |
| certbot certonly --webroot -w /var/www/mydomain -d www.mydomain.com |
| </code> |
| |
| === Renew certificate(s) === |
| |
| <code bash> |
| certbot renew |
| </code> |
| |
| === Delete certificate(s) === |
| |
| <code bash> |
| certbot delete --cert-name delete.mydomain.com |
| </code> |
| |
| |
| === Renew certificate(s) using systemd === |
| |
| Check renewal executes without error, |
| |
| <code bash> |
| sudo certbot renew --dry-run |
| </code> |
| |
| == Service unit file == |
| |
| If no error, edit **service unit file** typically stored in ''/etc/systemd/system/''. Edit ''/etc/systemd/system/certbot-renewal.service'' |
| |
| <code ini> |
| [Unit] |
| Description=Certbot Renewal |
| |
| [Service] |
| ExecStart=/usr/bin/certbot renew --post-hook "systemctl restart nginx.service" |
| </code> |
| |
| Which restarts web service after renewing certificate(s). |
| |
| == Timer unit file == |
| |
| Modify ''/etc/systemd/system/certbot-renewal.timer'' to adjust timer for certbot renewal. |
| |
| <code ini> |
| [Unit] |
| Description=Timer for Certbot Renewal |
| |
| [Timer] |
| OnBootSec=300 |
| OnUnitActiveSec=2w |
| |
| [Install] |
| WantedBy=multi-user.target |
| </code> |
| |
| The configuration below will activate the service biweekly, and 300 seconds after boot-up. |
| |
| == Using systemctl and journalctl == |
| |
| To start the timer |
| <code bash> |
| sudo systemctl start certbot-renewal.timer |
| </code> |
| |
| To enable the timer to be started on boot-up |
| <code bash> |
| sudo systemctl enable certbot-renewal.timer |
| </code> |
| |
| To show status information for the timer |
| <code bash> |
| systemctl status certbot-renewal.timer |
| </code> |
| |
| To show journal entries for the timer |
| <code bash> |
| journalctl -u certbot-renewal.service |
| </code> |
| |
---- | ---- |
---- | ---- |
==== Create WebDAV directory on Nginx ==== | ==== Create WebDAV directory on Nginx ==== |
**WebDAV** is web protocol based service to open directory and web resources via various ways. To enable WebDAB or Open directory in Nginx. Append the following code inside ''Server { ...}'' line. | **WebDAV** is web protocol based service to open directory and web resources via various ways. To enable WebDAV or Open directory in Nginx. Append the following code inside ''Server { ...}'' line. |
| |
<accordion> | <accordion> |
''Fancyindex'' is an optional part if you have installed ''nginx-extra'' or ''nginx-full''. | ''Fancyindex'' is an optional part if you have installed ''nginx-extra'' or ''nginx-full''. |
| |
{{fa>warning?color=#000000}} After ''Stretch'' Rapbian upgrade, ''Fancyindex'' feature could not work. | {{fa>warning?color=#000000}} When ''fancyindex'' is on, comment out ''autoindex'' directive. |
| |
<code nginx> | <code nginx> |
| # autoindex on; |
| |
fancyindex on; | fancyindex on; |
fancyindex_exact_size off; | fancyindex_exact_size off; |
| |
---- | ---- |
==== Backup & archive veb resources ==== | ==== Backup & archive web resources ==== |
| |
Using ''rsync'', backup and archive web resource into another location. | Using ''rsync'', backup and archive web resource into another location. |
| |
---- | ---- |
| ===== Installing DokuWiki ===== |
| |
| ==== Post installation ==== |
| |
| === Setup permissions of directories === |
| |
| ''data'' directory |
| |
| <code bash> |
| wiki/to/path$ sudo chmod -R g=rwX,u=rwX,o=rX data/ |
| wiki/to/path$ sudo chown -R www-data:www-data data/ |
| </code> |
| |
| everything ''below the data'' directory |
| |
| <code bash> |
| wiki/to/path/data$ sudo chmod 2775 {attic,cache,index,locks,media,meta,pages,tmp} |
| wiki/to/path/data$ sudo chown www-data:www-data {attic,cache,index,locks,media,meta,pages,tmp} |
| </code> |
| |
| For newly created directories, it might require ''setgid'' bit in order to fully retain correct permissions after setting up the existing ones. |
| |
| ---- |
| |
| |
| ===== Solved problems ===== |
| |
| ==== symbol lookup error ==== |
| |
| <text type="warning">{{fa>exclamation}} **Problem**</text>: Error during ''sudo apt update'' |
| |
| <text type="danger">{{fa>bug}} **Symptom**</text> |
| <code text> |
| apt-get: symbol lookup error: /usr/lib/arm-linux-gnueabihf/libapt-pkg.so.4.12: undefined symbol: |
| </code> |
| |
| <text type="info">{{fa>lightbulb-o}} **Solution**</text>: reinstall package |
| <code bash> |
| # Download the current version of libapt-pkg4.12 |
| wget http://mirrordirector.raspbian.org/raspbian/pool/main/a/apt/libapt-pkg4.12_0.9.7.9+rpi1+deb7u7_armhf.deb |
| |
| # Install it |
| sudo dpkg -i libapt-pkg4.12_0.9.7.9+rpi1+deb7u7_armhf.deb |
| </code> |
| |
| ---- |
| ===== Known problems ===== |
| |
| ==== upstream timed out(110: Connection timed out) ==== |
| <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/nginx/xxx_error.log'', |
| |
| <code logtalk> |
| upstream timed out (110: Connection timed out) while reading response header from upstream |
| </code> |
| |
| <text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log. |
| |
| <text type="info">{{fa>lightbulb-o}} **Solution**</text>: [[https://www.digitalocean.com/community/questions/nginx-error-111-connection-refused|Solution #1]] |
| |
| ---- |
| ==== Under-voltage detected! (0x00050005) ==== |
| <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/kern.log'', |
| |
| <code logtalk> |
| Under-voltage detected! (0x00050005) |
| </code> |
| |
| <text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log. |
| |
| <text type="info">{{fa>lightbulb-o}} **Solution**</text>: |
| |
| |
| |