Differences

This shows you the differences between two versions of the page.

--- rpi_nimbus [2019/06/08 02:08] – [Activate gzip module] Júne Park
+++ rpi_nimbus [2024/04/18 08:58] (current) – Júne Park
@@ Line 1: / Line 1: @@
 <nav>
   * {{fa>server?color=#8B0000}} Linux
-    * [[:rpi_common|General Things on Raspbian]]
+    * [[rpi_common|■ General Things on Raspbian]]
-    * [[:rpi_autism|Media Ditorium ─ AUTiSM Rainbow]]
+    * [[debian_common|■ General info on Debian Linux]]
-    * [[:rpi_epigen|Private Cellarium ─ EPiGEN Crystal]]
+    * [[deb_cicada|𝐂𝐢𝐂𝐀𝐃𝐀 𝕊𝕒𝕩𝕠𝕥𝕦𝕞]]
-    * [[:rpi_nimbus|Webius Officium ─ NiMBUS deBlanc]]
+    * [[deb_mutism|𝐌𝐔𝐓𝐢𝐒𝐌 𝕄𝕒𝕘𝕟𝕦𝕞]]
-    * [[:debian_common|General info on Debian Linux]]
+    * [[deb_gilead|𝐆𝐢𝐋𝐄𝐀𝐃 𝔸𝕣𝕘𝕖𝕟𝕥𝕒]]
-    * [[:deb_mutism|Opus Imperium ─ MUTiSM Magnum]]
+    * [[deb_symbio|𝐒𝐘𝐌𝐁𝐢𝐎 ℂ𝕠𝕟𝕒𝕥𝕦𝕤]]
+    * [[deb_tardis|𝐓𝐀𝐑𝐃𝐢𝐒 𝕊𝕡𝕒𝕥𝕚𝕦𝕞]]
+    * [[deb_debris|𝐃𝐄𝐁𝐑𝐢𝐒 ℂ𝕙𝕣𝕠𝕞𝕖]]
   * {{fa>windows?color=#0000A0}} Windows
-    * [[:pc_common|Common Works on Windows]]
+    * [[:pc_common|■ Common Works on Windows]]
-    * [[:pc_mesonism|Primus Workstation ─ MESONiSM]]
+    * [[PC_MESONiSM|𝐌𝐄𝐒𝐎𝐍𝐢𝐒𝐌]]
-    * [[:pc_mesonium|Manibus Tablet ─ MESONiUM]]
+    * [[PC_MESONiST|𝐌𝐄𝐒𝐎𝐍𝐢𝐒𝐓]]
-    * [[:pc_mesonist|Domumus Workstage ─ MESONiST]]
-    * [[:pc_mesonity|Praevus Station ─ MESONiTY]]
   * {{fa>android?color=#006400}} Android
-    * [[:cell_common|Common Stuffs on Androids]]
+    * [[:cell_common|■ Common Stuffs on Androids]]
-    * [[:cell_epiaux|Júne's Primus ─ EPiAUX 5X]]
+    * [[CELL_EPiCON|𝐄𝐏𝐢𝐂𝐎𝐍 𝔽𝟙]]
-    * [[:cell_epihex|Júne's Extentus ─ EPiHEX 6]]
+    * [[CELL_EPiMER|𝐄𝐏𝐢𝐌𝐄𝐑 𝟡]]
-    * [[:cell_epinex|Júne's Secondus ─ EPiNEX 5]]
+    * [[CELL_EPiLUX|𝐄𝐏𝐢𝐋𝐔𝐗 𝟟]]
-    * [[:cell_epitab|Júne's Laminus - EPiTAB 7]]
+    * [[CELL_EPiTAP|𝐄𝐏𝐢𝐓𝐀𝐏 𝟙𝟙]]
-    * [[:cell_epixus|Júne's Tertius ─ EPiXUS 4]]
+    * [[CELL_EPiETA|𝐄𝐏𝐢𝐄𝐓𝐀 𝟜]]
 </nav>
-===== Webius Officium ─ NiMBUS deBlanc =====
+====== Webius Officium ─ NiMBUS deBlanc ======
 {{:rpi_nimbus.jpg?nolink&250|}}
-  * Name: {{material>assignment_turned_in}} NiMBUS deBlanc (official) | {{material>create}} 구운몽 (korean)
+Name: {{mdi>cards?28&color=#9000B3}} ''**NiMBUS** deBlanc'' (official) | {{mdi>creation?28&color=#9000B3}} ''구운몽'' (korean)
 ----
 ==== Specification ====
-  * Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]]
+{{mdi>raspberry-pi?32&color=#9000B3}} Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]]
-  * {{fa>database?color=#522B47}}: 240G on ''/var/www'' & 500G on ''~/storage'' - {{fa>plug}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{fa>lock}}
-  * {{fa>wifi?color=#7B0828}}: Wireless (''wlan0'') & Wired (''eth0'') - {{fa>wifi}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Júne's home network]] {{fa>lock}}
-  * {{fa>globe?color=#0F0E0E}} Web service and web resources including [[wp>WebDAV]]
-----
+{{mdi>database-plus?32&color=#9000B3}} Storages --- {{mdi>harddisk}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{mdi>lock}}
+  * {{mdi>database}} ''**240G**'' --- ''/var/www'' partition {{fa>usb?14&color=#005eb8}}
+  * {{mdi>database}} ''**500G**'' --- ''~/storage'' partition {{fa>usb?14&color=#005eb8}}
-==== Hosting Services ====
+=== Live status of storages ===
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_pion_gateway|admin]]</button> **''[[https://pi.meson.one/|Júne's PiON Gateway]]''**  --- WebDAV and Documents Archives
+<code ini>
+Mounted on     Type  Size  Used Avail Use%
+/              ext4   15G  2.3G   12G  17%
+/var/www       ext4  220G  432M  208G   1%
+/home/www-data ext4  458G  308G  127G  71%
+</code>
+{{mdi>server-network?32&color=#9000B3}} --- {{mdi>wifi-strength-3-lock}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Júne's home network]] {{mdi>lock}}
+  * {{mdi>lan?color=#9000B3}} Wired (''NiMBUS-enx001'')
+  * {{mdi>wifi?color=#9000B3}} Wireless Connection (''NiMBUS-wlx001'')
+  * {{mdi>lan?color=#9000B3}} Wired {{fa>usb?14&color=#000000}} (''NiMBUS-wlx002'')
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_cloud_platform|admin]]</button> **''[[https://cloud.meson.in|Júne's Cloud Platform]]''**  --- Gateway for all cloud services
+{{mdi>web?32&color=#9000B3}}  Web publishing and web resources including [[wp>WebDAV]]
-<button type="info"  icon="fa fa-lock">[[[[secured:web_admin#june_s_wiki|admin]]</button> **''[[https://wiki.meson.in|Júne's Wiki]]''**  --- What I Know Is ... Here
+----
+==== Hosting Services ====
-{{fa>sliders?color=#d20962&2x}} Live [[:secured:nginx_config#nimbus_debalanc|Nginx Configuration]] for ''**NiMBUS**'' {{fa>lock?color=#808080}}
+<button type="primary" size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_pion_gateway|admin]]</button> **''[[https://pi.meson.one/|Júne's PiON Gateway]]''**  --- WebDAV and Documents Archives
+<button type="primary"  size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_cloud_platform|admin]]</button> **''[[https://cloud.meson.in|Júne's Cloud Platform]]''**  --- Gateway for all cloud services
+<button type="primary"  size="sm" icon="fa fa-lock">[[[[secured:web_admin#june_s_wiki|admin]]</button> **''[[https://wiki.meson.in|Júne's Wiki]]''**  --- What I Know Is ... Here
+<button type="danger" size="sm" icon="fa fa-sliders">[[https://wiki.meson.one/doku.php?id=secured:nginx_config#nimbus_debalanc|Nginx Configuration]]</button> Showing lively on OWL {{fa>opera?14&color=#cc0f16}} for ''**NiMBUS** deBlanc'' {{fa>lock?color=#808080}}
 ----
 ==== ＋Work logs ====
-  * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub>  --- Updated on //2019/05/23 01:57// </sub>
+  * ''adjust & optimize'' value of ''php-fpm'' -- ''/etc/php/7.x/fpm/pool.d/www.conf'' <sub>  --- Updated on //2020/07/25 21:40// </sub>
-  * ''Renew SSL certificates'' (Let's Encrypt) done   <sub> --- Updated on //2019/03/13 20:08//</sub>
+  * ''proxy_pass'' for ''transmission web'' with ''bit.meson.in'', ''tor.meson.in'' & ''gen.meson.in'' <sub>  --- Updated on //2020/07/25 04:15// </sub>
+  * **''Fresh installation''** <sub>  --- Updated on //2020/07/25 04:13// </sub>
+  * Change ''backup rsync'' to another partition <sub>  --- Updated on //2020/06/27 04:01// </sub>
+  * Change ''web root'' of ''eigen.ml'', ''dav.meson.in'' & ''pdf.meson.in'' <sub>  --- Updated on //2020/06/27 04:00// </sub>
+  * Plugin Wireless LAN {{mdi>usb}} & Wired Giga LAN {{fa>usb}} <sub>  --- Updated on //2020/02/22 03:32// </sub>
+  * **''Fresh installation''** <sub>  --- Updated on //2020/02/11 02:16// </sub>
   * ''configure'' access.log and error.log separately  <sub> --- Updated on //2018/09/20 11:12//</sub>
-  * {{fa>folder-open}} ''create'' server block for  [ ''dav.meson.in'' ]  <sub> --- Updated on //2018/08/14 15:35//</sub>
+  * {{mdi>sitemap}} ''create'' server block for  [ ''dav.meson.in'' ]  <sub> --- Updated on //2018/08/14 15:35//</sub>
   * ''Optimize'' Nginx configuration for **''Dokuwiki''** [[https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|reference content]]
-  * {{fa>book}} ''create'' server block for  [ ''lib.meson.one'' ] library project <sub>  --- Updated on //2018/04/11 18:22//</sub>
+  * {{mdi>book-open-page-variant}} ''create'' server block for  [ ''lib.meson.one'' ] library project <sub>  --- Updated on //2018/04/11 18:22//</sub>
   * Activate gzip module in Nginx <sub>  --- Updated on //2018/02/27 06:10//</sub>
   * Configured HTTP/2 for all sites <sub>  --- Updated on //2018/02/15 19:45//</sub>
@@ Line 69: / Line 88: @@
 <hidden>
 ■ For archived history of SSL renewal
+  * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub>  --- Updated on //2019/08/01 18:48// </sub>
+  * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub>  --- Updated on //2019/05/23 01:57// </sub>
+  * ''Renew SSL certificates'' (Let's Encrypt) done   <sub> --- Updated on //2019/03/13 20:08//</sub>
   * ''Renew SSL certificates'' (Let's Encrypt) done   --- <sub>Updated on</sub> //2018/10/21 00:29//
   * ''Renew SSL certificates'' (Let's Encrypt) done  --- Updated on //2018/08/13 21:11//
@@ Line 78: / Line 100: @@
 === ＋Que to do ===
-  * {{fa>server?color=#AA0000}} reverse proxy configuration
   * rsync with cloud service such as Box or Dropbox
@@ Line 90: / Line 110: @@
 ----
+==== Disable Build-in Radios ====
+Edit ''/boot/config.txt''
+<code ini>
+dtoverlay=disable-wifi
+dtoverlay=disable-bt
+</code>
+Or add configuration string in ''config.txt''
+<code bash>
+echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt
+echo "dtoverlay=pi3-disable-bt" | sudo tee -a /boot/config.txt
+</code>
+Disable systemd service that initializez Bluetooth Modems connected by UART.
+<code bash>
+sudo systemctl disable hciuart.service
+</code>
+----
+==== Setup different SSIDs ====
+Default (initial) configuration for Wireless is stored in ''/etc/wpa_supplicant/wpa_supplicant.conf''
+If another wireless device is ''wlan1'' then copy as ''wpa_supplicant-**wlan1**.conf'' and edit
+<code ini>
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+    ssid="example"
+    scan_ssid=1
+    key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+    pairwise=CCMP TKIP
+    group=CCMP TKIP WEP104 WEP40
+    psk="very secret passphrase"
+    eap=TTLS PEAP TLS
+    identity="user@example.com"
+    password="foobar"
+    ca_cert="/etc/cert/ca.pem"
+    client_cert="/etc/cert/user.pem"
+    private_key="/etc/cert/user.prv"
+    private_key_passwd="password"
+    phase1="peaplabel=0"
+    ca_cert2="/etc/cert/ca2.pem"
+    client_cert2="/etc/cer/user.pem"
+    private_key2="/etc/cer/user.prv"
+    private_key2_passwd="password"
+}
+</code>
 ==== Enable your Server Blocks ====
@@ Line 142: / Line 213: @@
 ./certbot-auto delete
 </code>
+----
+==== Let's Encrypt via repository ====
+<code bash>
+ sudo apt update
+ sudo apt install certbot python-certbot-nginx
+</code>
+command is same as ''certbot-auto'' by ''root'' privilege.
+=== Create certificate(s) ===
+<code bash>
+ certbot certonly --webroot -w /var/www/mydomain -d www.mydomain.com
+</code>
+=== Renew certificate(s) ===
+<code bash>
+ certbot renew
+</code>
+=== Delete certificate(s) ===
+<code bash>
+ certbot delete --cert-name delete.mydomain.com
+</code>
+=== Renew certificate(s) using systemd ===
+Check renewal executes without error,
+<code bash>
+ sudo certbot renew --dry-run
+</code>
+== Service unit file ==
+If no error, edit **service unit file** typically stored in ''/etc/systemd/system/''. Edit ''/etc/systemd/system/certbot-renewal.service''
+<code ini>
+[Unit]
+Description=Certbot Renewal
+[Service]
+ExecStart=/usr/bin/certbot renew --post-hook "systemctl restart nginx.service"
+</code>
+Which restarts web service after renewing certificate(s).
+== Timer unit file ==
+Modify ''/etc/systemd/system/certbot-renewal.timer'' to adjust timer for certbot renewal.
+<code ini>
+[Unit]
+Description=Timer for Certbot Renewal
+[Timer]
+OnBootSec=300
+OnUnitActiveSec=2w
+[Install]
+WantedBy=multi-user.target
+</code>
+The configuration below will activate the service biweekly, and 300 seconds after boot-up.
+== Using systemctl and journalctl ==
+To start the timer
+<code bash>
+  sudo systemctl start certbot-renewal.timer
+</code>
+To enable the timer to be started on boot-up
+<code bash>
+  sudo systemctl enable certbot-renewal.timer
+</code>
+To show status information for the timer
+<code bash>
+  systemctl status certbot-renewal.timer
+</code>
+To show journal entries for the timer
+<code bash>
+  journalctl -u certbot-renewal.service
+</code>
 ----
@@ Line 204: / Line 367: @@
 ----
 ==== Create WebDAV directory on Nginx ====
-**WebDAV** is web protocol based service to open directory and web resources via various ways. To enable WebDAB or Open directory in Nginx. Append the following code inside ''Server {  ...}'' line.
+**WebDAV** is web protocol based service to open directory and web resources via various ways. To enable WebDAV or Open directory in Nginx. Append the following code inside ''Server {  ...}'' line.
 <accordion>
@@ Line 269: / Line 432: @@
 ''Fancyindex'' is an optional part if you have installed ''nginx-extra'' or ''nginx-full''.
-{{fa>warning?color=#000000}} After ''Stretch'' Rapbian upgrade, ''Fancyindex'' feature could not work.
+{{fa>warning?color=#000000}} When ''fancyindex'' is on, comment out ''autoindex'' directive.
 <code nginx>
+#  autoindex on;
    fancyindex on;
    fancyindex_exact_size off;
@@ Line 305: / Line 470: @@
 ----
-==== Backup & archive veb resources ====
+==== Backup & archive web resources ====
 Using ''rsync'', backup and archive web resource into another location.
@@ Line 530: / Line 695: @@
 ----
+===== Installing DokuWiki =====
-==== Disable build-in bluetooth ====
+==== Post installation ====
-Add configuration string in ''config.txt''
+=== Setup permissions of directories ===
-<code bash>
+''data'' directory
-echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt
-echo "dtoverlay=pi3-disable-bt" | sudo tee -a /boot/config.txt
+<code bash>
-</code>
+wiki/to/path$ sudo chmod -R g=rwX,u=rwX,o=rX data/
+wiki/to/path$ sudo chown -R www-data:www-data data/
+</code>
-Disable systemd service that initializez Bluetooth Modems connected by UART.
+everything ''below the data'' directory
+<code bash>
+wiki/to/path/data$ sudo chmod 2775 {attic,cache,index,locks,media,meta,pages,tmp}
+wiki/to/path/data$ sudo chown www-data:www-data {attic,cache,index,locks,media,meta,pages,tmp}
+</code>
+For newly created directories, it might require ''setgid'' bit in order to fully retain correct permissions after setting up the existing ones.
+----
+===== Solved problems =====
+==== symbol lookup error ====
+<text type="warning">{{fa>exclamation}} **Problem**</text>: Error during ''sudo apt update''
+<text type="danger">{{fa>bug}} **Symptom**</text>
+<code text>
+apt-get: symbol lookup error: /usr/lib/arm-linux-gnueabihf/libapt-pkg.so.4.12: undefined symbol:
+</code>
+<text type="info">{{fa>lightbulb-o}} **Solution**</text>: reinstall package
 <code bash>
-sudo systemctl disable hciuart
+# Download the current version of libapt-pkg4.12
+wget http://mirrordirector.raspbian.org/raspbian/pool/main/a/apt/libapt-pkg4.12_0.9.7.9+rpi1+deb7u7_armhf.deb
+# Install it
+sudo dpkg -i libapt-pkg4.12_0.9.7.9+rpi1+deb7u7_armhf.deb
 </code>
 ----
-==== Known Problems ====
+===== Known problems =====
-=== upstream timed out(110: Connection timed out) ===
+==== upstream timed out(110: Connection timed out) ====
 <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/nginx/xxx_error.log'',
@@ Line 562: / Line 755: @@
 ----
-=== Under-voltage detected! (0x00050005) ===
+==== Under-voltage detected! (0x00050005) ====
 <text type="warning">{{fa>exclamation}} **Problem**</text>: Error found in log ''/var/log/kern.log'',