rpi_nimbus

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rpi_nimbus [2019/04/14 14:22] – [Activate gzip module] Júne Parkrpi_nimbus [2024/03/15 23:47] (current) – [Specification] Júne Park
Line 1: Line 1:
 <nav>  <nav> 
   * {{fa>server?color=#8B0000}} Linux   * {{fa>server?color=#8B0000}} Linux
-    * [[:rpi_common|General Things on Raspbian]]+    * [[:rpi_common|■ General Things on Raspbian]]
     * [[:rpi_autism|Media Ditorium ─ AUTiSM Rainbow]]     * [[:rpi_autism|Media Ditorium ─ AUTiSM Rainbow]]
     * [[:rpi_epigen|Private Cellarium ─ EPiGEN Crystal]]     * [[:rpi_epigen|Private Cellarium ─ EPiGEN Crystal]]
     * [[:rpi_nimbus|Webius Officium ─ NiMBUS deBlanc]]     * [[:rpi_nimbus|Webius Officium ─ NiMBUS deBlanc]]
-    * [[:debian_common|General info on Debian Linux]]+    * [[:debian_common|■ General info on Debian Linux]]
     * [[:deb_mutism|Opus Imperium ─ MUTiSM Magnum]]     * [[:deb_mutism|Opus Imperium ─ MUTiSM Magnum]]
 +    * [[:deb_gilead|Actu Periculum ─ GiLEAD Argenta]]
 +    * [[:deb_debris|Finca LaDichium ─ DEBRiS Chrome]]
   * {{fa>windows?color=#0000A0}} Windows   * {{fa>windows?color=#0000A0}} Windows
-    * [[:pc_common|Common Works on Windows]]+    * [[:pc_common|■ Common Works on Windows]]
     * [[:pc_mesonism|Primus Workstation ─ MESONiSM]]     * [[:pc_mesonism|Primus Workstation ─ MESONiSM]]
     * [[:pc_mesonium|Manibus Tablet ─ MESONiUM]]     * [[:pc_mesonium|Manibus Tablet ─ MESONiUM]]
Line 14: Line 16:
     * [[:pc_mesonity|Praevus Station ─ MESONiTY]]     * [[:pc_mesonity|Praevus Station ─ MESONiTY]]
   * {{fa>android?color=#006400}} Android   * {{fa>android?color=#006400}} Android
-    * [[:cell_common|Common Stuffs on Androids]]+    * [[:cell_common|■ Common Stuffs on Androids]]
     * [[:cell_epiaux|Júne's Primus ─ EPiAUX 5X]]     * [[:cell_epiaux|Júne's Primus ─ EPiAUX 5X]]
     * [[:cell_epihex|Júne's Extentus ─ EPiHEX 6]]     * [[:cell_epihex|Júne's Extentus ─ EPiHEX 6]]
 +    * [[:cell_epimer|Júne's Maximus ─ EPiMER 5P]]
     * [[:cell_epinex|Júne's Secondus ─ EPiNEX 5]]     * [[:cell_epinex|Júne's Secondus ─ EPiNEX 5]]
     * [[:cell_epitab|Júne's Laminus - EPiTAB 7]]     * [[:cell_epitab|Júne's Laminus - EPiTAB 7]]
Line 22: Line 25:
 </nav> </nav>
  
-===== Webius Officium ─ NiMBUS deBlanc =====+====== Webius Officium ─ NiMBUS deBlanc ======
  
 {{:rpi_nimbus.jpg?nolink&250|}} {{:rpi_nimbus.jpg?nolink&250|}}
  
-  * Name: {{material>assignment_turned_in}} NiMBUS deBlanc (official) | {{material>create}} 구운몽 (korean)+Name: {{mdi>cards?28&color=#9000B3}} ''**NiMBUS** deBlanc'' (official) | {{mdi>creation?28&color=#9000B3}} ''구운몽'' (korean)
  
 ---- ----
 ==== Specification ====  ==== Specification ==== 
  
-  * Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]] +{{mdi>raspberry-pi?32&color=#9000B3}} Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]]
-  * {{fa>database?color=#522B47}}: 240G on ''/var/www'' & 500G on ''~/storage'' - {{fa>plug}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{fa>lock}} +
-  * {{fa>wifi?color=#7B0828}}: Wireless (''wlan0'') & Wired (''eth0'') - {{fa>wifi}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Júne's home network]] {{fa>lock}} +
-  * {{fa>globe?color=#0F0E0E}} Web service and web resources including [[wp>WebDAV]]+
  
-----+{{mdi>database-plus?32&color=#9000B3}} Storages --- {{mdi>harddisk}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{mdi>lock}} 
 +  * {{mdi>database}} ''**240G**'' --- ''/var/www'' partition {{fa>usb?14&color=#005eb8}} 
 +  * {{mdi>database}} ''**500G**'' --- ''~/storage'' partition {{fa>usb?14&color=#005eb8}}
  
-==== Hosting Services ==== +=== Live status of storages ===
  
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_pion_gateway|admin]]</button> **''[[https://pi.meson.one/|Júne's PiON Gateway]]''**  --- WebDAV and Documents Archives +<code ini> 
 +Mounted on     Type  Size  Used Avail Use% 
 +             ext4   15G  2.3G   12G  17% 
 +/var/www       ext4  220G  451M  208G   1% 
 +/home/www-data ext4  458G  307G  128G  71% 
 +</code>
  
 +{{mdi>server-network?32&color=#9000B3}} --- {{mdi>wifi-strength-3-lock}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Júne's home network]] {{mdi>lock}}
 +  * {{mdi>lan?color=#9000B3}} Wired (''NiMBUS-enx001''
 +  * {{mdi>wifi?color=#9000B3}} Wireless Connection (''NiMBUS-wlx001''
 +  * {{mdi>lan?color=#9000B3}} Wired {{fa>usb?14&color=#000000}} (''NiMBUS-wlx002'')  
  
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_cloud_platform|admin]]</button**''[[https://cloud.meson.in|Júne's Cloud Platform]]''**  --- Gateway for all cloud services +{{mdi>web?32&color=#9000B3}}  Web publishing and web resources including [[wp>WebDAV]]
  
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_wiki|admin]]</button> **''[[https://wiki.meson.in|Júne's Wiki]]''**  --- What I Know Is ... Here +----
  
 +==== Hosting Services ==== 
  
-{{fa>sliders?color=#d20962&2x}} Live [[:secured:nginx_config#nimbus_debalanc|Nginx Configuration]] for ''**NiMBUS**'' {{fa>lock?color=#808080}} +<button type="primary" size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_pion_gateway|admin]]</button> **''[[https://pi.meson.one/|Júne's PiON Gateway]]''**  --- WebDAV and Documents Archives 
  
  
 +<button type="primary"  size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_cloud_platform|admin]]</button> **''[[https://cloud.meson.in|Júne's Cloud Platform]]''**  --- Gateway for all cloud services 
 +
 +<button type="primary"  size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_wiki|admin]]</button> **''[[https://wiki.meson.in|Júne's Wiki]]''**  --- What I Know Is ... Here 
 +
 +<button type="danger" size="sm" icon="fa fa-sliders">[[https://wiki.meson.one/doku.php?id=secured:nginx_config#nimbus_debalanc|Nginx Configuration]]</button> Showing lively on OWL {{fa>opera?14&color=#cc0f16}} for ''**NiMBUS** deBlanc'' {{fa>lock?color=#808080}} 
  
 ---- ----
 ==== +Work logs ====  ==== +Work logs ==== 
  
-  * ''Renew SSL certificates'' (Let's Encrypt) done   <sub> --- Updated on //2019/03/13 20:08//</sub>+  * ''adjust & optimize'' value of ''php-fpm'' -- ''/etc/php/7.x/fpm/pool.d/www.conf'' <sub>  --- Updated on //2020/07/25 21:40// </sub> 
 +  * ''proxy_pass'' for ''transmission web'' with ''bit.meson.in'', ''tor.meson.in'' & ''gen.meson.in'' <sub>  --- Updated on //2020/07/25 04:15// </sub> 
 +  * **''Fresh installation''** <sub>  --- Updated on //2020/07/25 04:13// </sub> 
 +  * Change ''backup rsync'' to another partition <sub>  --- Updated on //2020/06/27 04:01// </sub> 
 +  * Change ''web root'' of ''eigen.ml'', ''dav.meson.in'' & ''pdf.meson.in'' <sub>  --- Updated on //2020/06/27 04:00// </sub> 
 +  * Plugin Wireless LAN {{mdi>usb}} & Wired Giga LAN {{fa>usb}} <sub>  --- Updated on //2020/02/22 03:32// </sub> 
 +  * **''Fresh installation''** <sub>  --- Updated on //2020/02/11 02:16// </sub>
   * ''configure'' access.log and error.log separately  <sub> --- Updated on //2018/09/20 11:12//</sub>   * ''configure'' access.log and error.log separately  <sub> --- Updated on //2018/09/20 11:12//</sub>
-  * ''create'' server block for {{fa>folder-open}} [ ''dav.meson.in'' ]  <sub> --- Updated on //2018/08/14 15:35//</sub> +  * {{mdi>sitemap}} ''create'' server block for  [ ''dav.meson.in'' ]  <sub> --- Updated on //2018/08/14 15:35//</sub> 
   * ''Optimize'' Nginx configuration for **''Dokuwiki''** [[https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|reference content]]   * ''Optimize'' Nginx configuration for **''Dokuwiki''** [[https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|reference content]]
-  * ''create'' server block for {{fa>book}} [ ''lib.meson.one'' ] library project <sub>  --- Updated on //2018/04/11 18:22//</sub> +  * {{mdi>book-open-page-variant}} ''create'' server block for  [ ''lib.meson.one'' ] library project <sub>  --- Updated on //2018/04/11 18:22//</sub> 
   * Activate gzip module in Nginx <sub>  --- Updated on //2018/02/27 06:10//</sub>    * Activate gzip module in Nginx <sub>  --- Updated on //2018/02/27 06:10//</sub> 
   * Configured HTTP/2 for all sites <sub>  --- Updated on //2018/02/15 19:45//</sub>    * Configured HTTP/2 for all sites <sub>  --- Updated on //2018/02/15 19:45//</sub> 
Line 68: Line 91:
 <hidden> <hidden>
 ■ For archived history of SSL renewal  ■ For archived history of SSL renewal 
 +  * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub>  --- Updated on //2019/08/01 18:48// </sub>
 +  * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub>  --- Updated on //2019/05/23 01:57// </sub>
 +  * ''Renew SSL certificates'' (Let's Encrypt) done   <sub> --- Updated on //2019/03/13 20:08//</sub>
   * ''Renew SSL certificates'' (Let's Encrypt) done   --- <sub>Updated on</sub> //2018/10/21 00:29//   * ''Renew SSL certificates'' (Let's Encrypt) done   --- <sub>Updated on</sub> //2018/10/21 00:29//
   * ''Renew SSL certificates'' (Let's Encrypt) done  --- Updated on //2018/08/13 21:11//   * ''Renew SSL certificates'' (Let's Encrypt) done  --- Updated on //2018/08/13 21:11//
Line 77: Line 103:
  
 === +Que to do ===  === +Que to do === 
- 
-  * {{fa>server?color=#AA0000}} reverse proxy configuration 
  
   * rsync with cloud service such as Box or Dropbox   * rsync with cloud service such as Box or Dropbox
Line 89: Line 113:
  
 ---- ----
 +==== Disable Build-in Radios ==== 
  
 +Edit ''/boot/config.txt'' 
 +
 +<code ini> 
 +dtoverlay=disable-wifi
 +dtoverlay=disable-bt
 +</code> 
 +
 +Or add configuration string in ''config.txt'' 
 +
 +<code bash> 
 +echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt
 +echo "dtoverlay=pi3-disable-bt" | sudo tee -a /boot/config.txt
 +</code> 
 +
 +Disable systemd service that initializez Bluetooth Modems connected by UART. 
 +
 +<code bash> 
 +sudo systemctl disable hciuart.service
 +</code>
 +
 +----
 +==== Setup different SSIDs ==== 
 +
 +Default (initial) configuration for Wireless is stored in ''/etc/wpa_supplicant/wpa_supplicant.conf'' 
 +
 +If another wireless device is ''wlan1'' then copy as ''wpa_supplicant-**wlan1**.conf'' and edit 
 +
 +<code ini> 
 +ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
 +network={
 +    ssid="example"
 +    scan_ssid=1
 +    key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
 +    pairwise=CCMP TKIP
 +    group=CCMP TKIP WEP104 WEP40
 +    psk="very secret passphrase"
 +    eap=TTLS PEAP TLS
 +    identity="user@example.com"
 +    password="foobar"
 +    ca_cert="/etc/cert/ca.pem"
 +    client_cert="/etc/cert/user.pem"
 +    private_key="/etc/cert/user.prv"
 +    private_key_passwd="password"
 +    phase1="peaplabel=0"
 +    ca_cert2="/etc/cert/ca2.pem"
 +    client_cert2="/etc/cer/user.pem"
 +    private_key2="/etc/cer/user.prv"
 +    private_key2_passwd="password"
 +}
 +</code>
 ==== Enable your Server Blocks ====  ==== Enable your Server Blocks ==== 
  
Line 141: Line 216:
 ./certbot-auto delete ./certbot-auto delete
 </code>  </code> 
 +
 +----
 +
 +==== Let's Encrypt via repository ==== 
 +
 +<code bash> 
 + sudo apt update 
 + sudo apt install certbot python-certbot-nginx 
 +</code> 
 +
 +command is same as ''certbot-auto'' by ''root'' privilege. 
 +
 +=== Create certificate(s) === 
 +
 +<code bash> 
 + certbot certonly --webroot -w /var/www/mydomain -d www.mydomain.com 
 +</code> 
 +
 +=== Renew certificate(s) === 
 +
 +<code bash> 
 + certbot renew
 +</code> 
 +
 +=== Delete certificate(s) === 
 +
 +<code bash>
 + certbot delete --cert-name delete.mydomain.com 
 +</code> 
 +
 + 
 +=== Renew certificate(s) using systemd === 
 +
 +Check renewal executes without error, 
 +
 +<code bash> 
 + sudo certbot renew --dry-run 
 +</code> 
 +
 +== Service unit file == 
 +
 +If no error, edit **service unit file** typically stored in ''/etc/systemd/system/''. Edit ''/etc/systemd/system/certbot-renewal.service'' 
 +
 +<code ini> 
 +[Unit]
 +Description=Certbot Renewal
 +
 +[Service]
 +ExecStart=/usr/bin/certbot renew --post-hook "systemctl restart nginx.service"
 +</code> 
 +
 +Which restarts web service after renewing certificate(s).  
 +
 +== Timer unit file == 
 +
 +Modify ''/etc/systemd/system/certbot-renewal.timer'' to adjust timer for certbot renewal. 
 +
 +<code ini> 
 +[Unit]
 +Description=Timer for Certbot Renewal
 +
 +[Timer]
 +OnBootSec=300
 +OnUnitActiveSec=2w
 +
 +[Install]
 +WantedBy=multi-user.target
 +</code> 
 +
 +The configuration below will activate the service biweekly, and 300 seconds after boot-up.
 +
 +== Using systemctl and journalctl == 
 +
 +To start the timer
 +<code bash> 
 +  sudo systemctl start certbot-renewal.timer
 +</code> 
 +
 +To enable the timer to be started on boot-up
 +<code bash> 
 +  sudo systemctl enable certbot-renewal.timer
 +</code> 
 +
 +To show status information for the timer
 +<code bash> 
 +  systemctl status certbot-renewal.timer
 +</code> 
 +
 +To show journal entries for the timer
 +<code bash> 
 +  journalctl -u certbot-renewal.service
 +</code>
  
 ---- ----
Line 203: Line 370:
 ---- ----
 ==== Create WebDAV directory on Nginx ====  ==== Create WebDAV directory on Nginx ==== 
-**WebDAV** is web protocol based service to open directory and web resources via various ways. To enable WebDAB or Open directory in Nginx. Append the following code inside ''Server {  ...}'' line. +**WebDAV** is web protocol based service to open directory and web resources via various ways. To enable WebDAV or Open directory in Nginx. Append the following code inside ''Server {  ...}'' line. 
  
 <accordion> <accordion>
Line 268: Line 435:
 ''Fancyindex'' is an optional part if you have installed ''nginx-extra'' or ''nginx-full'' ''Fancyindex'' is an optional part if you have installed ''nginx-extra'' or ''nginx-full''
  
-{{fa>warning?color=#000000}} After ''Stretch'' Rapbian upgrade, ''Fancyindex'' feature could not work+{{fa>warning?color=#000000}} When ''fancyindex'' is oncomment out ''autoindex'' directive
  
 <code nginx>  <code nginx> 
 +#  autoindex on;
 +
    fancyindex on;     fancyindex on; 
    fancyindex_exact_size off;     fancyindex_exact_size off; 
Line 304: Line 473:
  
 ---- ----
-==== Backup & archive veb resources ====+==== Backup & archive web resources ====
    
 Using ''rsync'', backup and archive web resource into another location.  Using ''rsync'', backup and archive web resource into another location. 
Line 529: Line 698:
  
 ---- ----
-==== Exclude logging ==== +===== Installing DokuWiki ===== 
  
-Add ''map'' in Nginx configuration files, +==== Post installation ==== 
  
-Exclude logging from specific IP  +=== Setup permissions of directories === 
-  +
-<code nginx>  +
-map $remote_addr $log_ip { +
-     +
-    "127.0.0.1" 0; +
-    "10.0.0.2" 0; +
-    "10.0.0.3" 0;+
  
-    default 1;+''data'' directory
  
-}+<code bash> 
 +wiki/to/path$ sudo chmod -R g=rwX,u=rwX,o=rX data/ 
 +wiki/to/path$ sudo chown -R www-data:www-data data/
 </code> </code>
  
-Exclude logging from specific User-Agent   +everything ''below the data'' directory
-  +
-<code nginx>  +
-map $http_user_agent $log_ua {+
  
-    ~Pingdom 0; +<code bash> 
-    ~Googlebot 0; +wiki/to/path/data$ sudo chmod 2775 {attic,cache,index,locks,media,meta,pages,tmp} 
-    ~Baiduspider 0;+wiki/to/path/data$ sudo chown www-data:www-data {attic,cache,index,locks,media,meta,pages,tmp} 
 +</code>
  
-    default 1; +For newly created directories, it might require ''setgid'' bit in order to fully retain correct permissions after setting up the existing ones.  
-}+ 
 +---- 
 + 
 + 
 +===== Solved problems ===== 
 + 
 +==== symbol lookup error ====  
 + 
 +<text type="warning">{{fa>exclamation}} **Problem**</text>: Error during ''sudo apt update'' 
 + 
 +<text type="danger">{{fa>bug}} **Symptom**</text> 
 +<code text>  
 +apt-get: symbol lookup error: /usr/lib/arm-linux-gnueabihf/libapt-pkg.so.4.12: undefined symbol:  
 +</code> 
 + 
 +<text type="info">{{fa>lightbulb-o}} **Solution**</text>: reinstall package  
 +<code bash>  
 +# Download the current version of libapt-pkg4.12 
 +wget http://mirrordirector.raspbian.org/raspbian/pool/main/a/apt/libapt-pkg4.12_0.9.7.9+rpi1+deb7u7_armhf.deb 
 + 
 +# Install it 
 +sudo dpkg -i libapt-pkg4.12_0.9.7.9+rpi1+deb7u7_armhf.deb
 </code> </code>
  
 ---- ----
-==== Known Problems ==== +===== Known problems ===== 
  
-=== upstream timed out(110: Connection timed out) ===+==== upstream timed out(110: Connection timed out) ====
 <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/nginx/xxx_error.log'',  <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/nginx/xxx_error.log'', 
  
Line 572: Line 755:
 <text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log.  <text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log. 
  
-<text type="info">{{fa>lightbulb-o}} **Solution**</text>:  +<text type="info">{{fa>lightbulb-o}} **Solution**</text>:  [[https://www.digitalocean.com/community/questions/nginx-error-111-connection-refused|Solution #1]]
  
 ---- ----
-=== Under-voltage detected! (0x00050005) ===+==== Under-voltage detected! (0x00050005) ====
 <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/kern.log'',  <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/kern.log'', 
  
Line 584: Line 767:
 <text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log.  <text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log. 
  
-<text type="info">{{fa>lightbulb-o}} **Solution**</text>:  +<text type="info">{{fa>lightbulb-o}} **Solution**</text>:  
 + 
  
  • rpi_nimbus.1555251729
  • Last modified: 2019/04/14 14:22
  • by Júne Park