Differences

This shows you the differences between two versions of the page.

--- rpi_nimbus [2019/07/18 20:19] – [Specification] Júne Park
+++ rpi_nimbus [2024/03/15 23:47] – [Specification] Júne Park
@@ Line 1: / Line 1: @@
 <nav>
   * {{fa>server?color=#8B0000}} Linux
-    * [[:rpi_common|General Things on Raspbian]]
+    * [[:rpi_common|■ General Things on Raspbian]]
     * [[:rpi_autism|Media Ditorium ─ AUTiSM Rainbow]]
     * [[:rpi_epigen|Private Cellarium ─ EPiGEN Crystal]]
     * [[:rpi_nimbus|Webius Officium ─ NiMBUS deBlanc]]
-    * [[:debian_common|General info on Debian Linux]]
+    * [[:debian_common|■ General info on Debian Linux]]
     * [[:deb_mutism|Opus Imperium ─ MUTiSM Magnum]]
+    * [[:deb_gilead|Actu Periculum ─ GiLEAD Argenta]]
+    * [[:deb_debris|Finca LaDichium ─ DEBRiS Chrome]]
   * {{fa>windows?color=#0000A0}} Windows
-    * [[:pc_common|Common Works on Windows]]
+    * [[:pc_common|■ Common Works on Windows]]
     * [[:pc_mesonism|Primus Workstation ─ MESONiSM]]
     * [[:pc_mesonium|Manibus Tablet ─ MESONiUM]]
@@ Line 14: / Line 16: @@
     * [[:pc_mesonity|Praevus Station ─ MESONiTY]]
   * {{fa>android?color=#006400}} Android
-    * [[:cell_common|Common Stuffs on Androids]]
+    * [[:cell_common|■ Common Stuffs on Androids]]
     * [[:cell_epiaux|Júne's Primus ─ EPiAUX 5X]]
     * [[:cell_epihex|Júne's Extentus ─ EPiHEX 6]]
+    * [[:cell_epimer|Júne's Maximus ─ EPiMER 5P]]
     * [[:cell_epinex|Júne's Secondus ─ EPiNEX 5]]
     * [[:cell_epitab|Júne's Laminus - EPiTAB 7]]
@@ Line 22: / Line 25: @@
 </nav>
-===== Webius Officium ─ NiMBUS deBlanc =====
+====== Webius Officium ─ NiMBUS deBlanc ======
 {{:rpi_nimbus.jpg?nolink&250|}}
-Name: {{material>assignment_turned_in}} NiMBUS deBlanc (official) | {{material>create}} ''구운몽'' (korean)
+Name: {{mdi>cards?28&color=#9000B3}} ''**NiMBUS** deBlanc'' (official) | {{mdi>creation?28&color=#9000B3}} ''구운몽'' (korean)
 ----
 ==== Specification ====
-{{material>developer_board?32&color=#14281D}} Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]]
+{{mdi>raspberry-pi?32&color=#9000B3}} Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]]
-{{material>sd_storage?32&color=#355834}} {{fa>database}} 240G on ''/var/www'' & {{fa>database}} 500G on ''~/storage'' --- {{fa>plug}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{fa>lock}}
+{{mdi>database-plus?32&color=#9000B3}} Storages --- {{mdi>harddisk}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{mdi>lock}}
+  * {{mdi>database}} ''**240G**'' --- ''/var/www'' partition {{fa>usb?14&color=#005eb8}}
+  * {{mdi>database}} ''**500G**'' --- ''~/storage'' partition {{fa>usb?14&color=#005eb8}}
 === Live status of storages ===
 <code ini>
-Mounted on          Type  Size  Used Avail Use%
+Mounted on     Type  Size  Used Avail Use%
-/home/meson/storage ext4  458G   44G  391G  11%
+/              ext4   15G  2.3G   12G  17%
-/var/www            ext4  220G   18G  191G   9%
+/var/www       ext4  220G  451M  208G   1%
+/home/www-data ext4  458G  307G  128G  71%
 </code>
-{{material>network_wifi?32&color=#6E633D}} {{fa>wifi}} Wireless (''wlan0''), Wired (''eth0'') & Wired {{fa>usb?color=#000000}} (''eth1'')  --- {{fa>wifi}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Júne's home network]] {{fa>lock}}
+{{mdi>server-network?32&color=#9000B3}} --- {{mdi>wifi-strength-3-lock}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Júne's home network]] {{mdi>lock}}
+  * {{mdi>lan?color=#9000B3}} Wired (''NiMBUS-enx001'')
+  * {{mdi>wifi?color=#9000B3}} Wireless Connection (''NiMBUS-wlx001'')
+  * {{mdi>lan?color=#9000B3}} Wired {{fa>usb?14&color=#000000}} (''NiMBUS-wlx002'')
-{{material>https?32&color=#C2A878}}  Web service and web resources including [[wp>WebDAV]]
+{{mdi>web?32&color=#9000B3}}  Web publishing and web resources including [[wp>WebDAV]]
 ----
@@ Line 51: / Line 60: @@
 ==== Hosting Services ====
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_pion_gateway|admin]]</button> **''[[https://pi.meson.one/|Júne's PiON Gateway]]''**  --- WebDAV and Documents Archives
+<button type="primary" size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_pion_gateway|admin]]</button> **''[[https://pi.meson.one/|Júne's PiON Gateway]]''**  --- WebDAV and Documents Archives
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_cloud_platform|admin]]</button> **''[[https://cloud.meson.in|Júne's Cloud Platform]]''**  --- Gateway for all cloud services
+<button type="primary"  size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_cloud_platform|admin]]</button> **''[[https://cloud.meson.in|Júne's Cloud Platform]]''**  --- Gateway for all cloud services
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_wiki|admin]]</button> **''[[https://wiki.meson.in|Júne's Wiki]]''**  --- What I Know Is ... Here
-{{fa>sliders?color=#d20962&2x}} Live [[:secured:nginx_config#nimbus_debalanc|Nginx Configuration]] for ''**NiMBUS**'' {{fa>lock?color=#808080}}
+<button type="primary"  size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_wiki|admin]]</button> **''[[https://wiki.meson.in|Júne's Wiki]]''**  --- What I Know Is ... Here
+<button type="danger" size="sm" icon="fa fa-sliders">[[https://wiki.meson.one/doku.php?id=secured:nginx_config#nimbus_debalanc|Nginx Configuration]]</button> Showing lively on OWL {{fa>opera?14&color=#cc0f16}} for ''**NiMBUS** deBlanc'' {{fa>lock?color=#808080}}
 ----
 ==== ＋Work logs ====
-  * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub>  --- Updated on //2019/05/23 01:57// </sub>
+  * ''adjust & optimize'' value of ''php-fpm'' -- ''/etc/php/7.x/fpm/pool.d/www.conf'' <sub>  --- Updated on //2020/07/25 21:40// </sub>
+  * ''proxy_pass'' for ''transmission web'' with ''bit.meson.in'', ''tor.meson.in'' & ''gen.meson.in'' <sub>  --- Updated on //2020/07/25 04:15// </sub>
+  * **''Fresh installation''** <sub>  --- Updated on //2020/07/25 04:13// </sub>
+  * Change ''backup rsync'' to another partition <sub>  --- Updated on //2020/06/27 04:01// </sub>
+  * Change ''web root'' of ''eigen.ml'', ''dav.meson.in'' & ''pdf.meson.in'' <sub>  --- Updated on //2020/06/27 04:00// </sub>
+  * Plugin Wireless LAN {{mdi>usb}} & Wired Giga LAN {{fa>usb}} <sub>  --- Updated on //2020/02/22 03:32// </sub>
+  * **''Fresh installation''** <sub>  --- Updated on //2020/02/11 02:16// </sub>
   * ''configure'' access.log and error.log separately  <sub> --- Updated on //2018/09/20 11:12//</sub>
-  * {{fa>folder-open}} ''create'' server block for  [ ''dav.meson.in'' ]  <sub> --- Updated on //2018/08/14 15:35//</sub>
+  * {{mdi>sitemap}} ''create'' server block for  [ ''dav.meson.in'' ]  <sub> --- Updated on //2018/08/14 15:35//</sub>
   * ''Optimize'' Nginx configuration for **''Dokuwiki''** [[https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|reference content]]
-  * {{fa>book}} ''create'' server block for  [ ''lib.meson.one'' ] library project <sub>  --- Updated on //2018/04/11 18:22//</sub>
+  * {{mdi>book-open-page-variant}} ''create'' server block for  [ ''lib.meson.one'' ] library project <sub>  --- Updated on //2018/04/11 18:22//</sub>
   * Activate gzip module in Nginx <sub>  --- Updated on //2018/02/27 06:10//</sub>
   * Configured HTTP/2 for all sites <sub>  --- Updated on //2018/02/15 19:45//</sub>
@@ Line 79: / Line 91: @@
 <hidden>
 ■ For archived history of SSL renewal
+  * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub>  --- Updated on //2019/08/01 18:48// </sub>
+  * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub>  --- Updated on //2019/05/23 01:57// </sub>
   * ''Renew SSL certificates'' (Let's Encrypt) done   <sub> --- Updated on //2019/03/13 20:08//</sub>
   * ''Renew SSL certificates'' (Let's Encrypt) done   --- <sub>Updated on</sub> //2018/10/21 00:29//
@@ Line 89: / Line 103: @@
 === ＋Que to do ===
-  * {{fa>server?color=#AA0000}} reverse proxy configuration
   * rsync with cloud service such as Box or Dropbox
@@ Line 101: / Line 113: @@
 ----
+==== Disable Build-in Radios ====
+Edit ''/boot/config.txt''
+<code ini>
+dtoverlay=disable-wifi
+dtoverlay=disable-bt
+</code>
+Or add configuration string in ''config.txt''
+<code bash>
+echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt
+echo "dtoverlay=pi3-disable-bt" | sudo tee -a /boot/config.txt
+</code>
+Disable systemd service that initializez Bluetooth Modems connected by UART.
+<code bash>
+sudo systemctl disable hciuart.service
+</code>
+----
+==== Setup different SSIDs ====
+Default (initial) configuration for Wireless is stored in ''/etc/wpa_supplicant/wpa_supplicant.conf''
+If another wireless device is ''wlan1'' then copy as ''wpa_supplicant-**wlan1**.conf'' and edit
+<code ini>
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+    ssid="example"
+    scan_ssid=1
+    key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+    pairwise=CCMP TKIP
+    group=CCMP TKIP WEP104 WEP40
+    psk="very secret passphrase"
+    eap=TTLS PEAP TLS
+    identity="user@example.com"
+    password="foobar"
+    ca_cert="/etc/cert/ca.pem"
+    client_cert="/etc/cert/user.pem"
+    private_key="/etc/cert/user.prv"
+    private_key_passwd="password"
+    phase1="peaplabel=0"
+    ca_cert2="/etc/cert/ca2.pem"
+    client_cert2="/etc/cer/user.pem"
+    private_key2="/etc/cer/user.prv"
+    private_key2_passwd="password"
+}
+</code>
 ==== Enable your Server Blocks ====
@@ Line 153: / Line 216: @@
 ./certbot-auto delete
 </code>
+----
+==== Let's Encrypt via repository ====
+<code bash>
+ sudo apt update
+ sudo apt install certbot python-certbot-nginx
+</code>
+command is same as ''certbot-auto'' by ''root'' privilege.
+=== Create certificate(s) ===
+<code bash>
+ certbot certonly --webroot -w /var/www/mydomain -d www.mydomain.com
+</code>
+=== Renew certificate(s) ===
+<code bash>
+ certbot renew
+</code>
+=== Delete certificate(s) ===
+<code bash>
+ certbot delete --cert-name delete.mydomain.com
+</code>
+=== Renew certificate(s) using systemd ===
+Check renewal executes without error,
+<code bash>
+ sudo certbot renew --dry-run
+</code>
+== Service unit file ==
+If no error, edit **service unit file** typically stored in ''/etc/systemd/system/''. Edit ''/etc/systemd/system/certbot-renewal.service''
+<code ini>
+[Unit]
+Description=Certbot Renewal
+[Service]
+ExecStart=/usr/bin/certbot renew --post-hook "systemctl restart nginx.service"
+</code>
+Which restarts web service after renewing certificate(s).
+== Timer unit file ==
+Modify ''/etc/systemd/system/certbot-renewal.timer'' to adjust timer for certbot renewal.
+<code ini>
+[Unit]
+Description=Timer for Certbot Renewal
+[Timer]
+OnBootSec=300
+OnUnitActiveSec=2w
+[Install]
+WantedBy=multi-user.target
+</code>
+The configuration below will activate the service biweekly, and 300 seconds after boot-up.
+== Using systemctl and journalctl ==
+To start the timer
+<code bash>
+  sudo systemctl start certbot-renewal.timer
+</code>
+To enable the timer to be started on boot-up
+<code bash>
+  sudo systemctl enable certbot-renewal.timer
+</code>
+To show status information for the timer
+<code bash>
+  systemctl status certbot-renewal.timer
+</code>
+To show journal entries for the timer
+<code bash>
+  journalctl -u certbot-renewal.service
+</code>
 ----
@@ Line 215: / Line 370: @@
 ----
 ==== Create WebDAV directory on Nginx ====
-**WebDAV** is web protocol based service to open directory and web resources via various ways. To enable WebDAB or Open directory in Nginx. Append the following code inside ''Server {  ...}'' line.
+**WebDAV** is web protocol based service to open directory and web resources via various ways. To enable WebDAV or Open directory in Nginx. Append the following code inside ''Server {  ...}'' line.
 <accordion>
@@ Line 280: / Line 435: @@
 ''Fancyindex'' is an optional part if you have installed ''nginx-extra'' or ''nginx-full''.
-{{fa>warning?color=#000000}} After ''Stretch'' Rapbian upgrade, ''Fancyindex'' feature could not work.
+{{fa>warning?color=#000000}} When ''fancyindex'' is on, comment out ''autoindex'' directive.
 <code nginx>
+#  autoindex on;
    fancyindex on;
    fancyindex_exact_size off;
@@ Line 541: / Line 698: @@
 ----
+===== Installing DokuWiki =====
-==== Disable build-in bluetooth ====
+==== Post installation ====
-Add configuration string in ''config.txt''
+=== Setup permissions of directories ===
-<code bash>
+''data'' directory
-echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt
-echo "dtoverlay=pi3-disable-bt" | sudo tee -a /boot/config.txt
+<code bash>
-</code>
+wiki/to/path$ sudo chmod -R g=rwX,u=rwX,o=rX data/
+wiki/to/path$ sudo chown -R www-data:www-data data/
+</code>
-Disable systemd service that initializez Bluetooth Modems connected by UART.
+everything ''below the data'' directory
 <code bash>
-sudo systemctl disable hciuart
+wiki/to/path/data$ sudo chmod 2775 {attic,cache,index,locks,media,meta,pages,tmp}
+wiki/to/path/data$ sudo chown www-data:www-data {attic,cache,index,locks,media,meta,pages,tmp}
 </code>
+For newly created directories, it might require ''setgid'' bit in order to fully retain correct permissions after setting up the existing ones.
 ----
-==== Solved Problems ====
-=== symbol lookup error ===
+===== Solved problems =====
+==== symbol lookup error ====
 <text type="warning">{{fa>exclamation}} **Problem**</text>: Error during ''sudo apt update''
@@ Line 580: / Line 744: @@
 ----
-==== Known Problems ====
+===== Known problems =====
-=== upstream timed out(110: Connection timed out) ===
+==== upstream timed out(110: Connection timed out) ====
 <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/nginx/xxx_error.log'',
@@ Line 594: / Line 758: @@
 ----
-=== Under-voltage detected! (0x00050005) ===
+==== Under-voltage detected! (0x00050005) ====
 <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/kern.log'',