Turn Raspberry Pi in to a LAMP server
This recipe will take you through the steps of creating a LAMP on a Raspberry Pi to host a Mediawiki, which you can run from home and yet access it through from any location with an internet connection.
Steps will be described for the GNU/Linux Debian distribution.
Get the Raspberry Pi up and running
Download the Raspbian Buster Lite image from https://www.raspberrypi.org/downloads/raspbian/
Clone it to SD card
dd if=2020-02-13-raspbian-buster-lite.img of=/dev/sda status=progress
- as root
of=is the location of the sd card if you are not sure runlsblkto find out
Once cloning is finished:
Enable ssh: mount the sd card to you computer and add to the boot partition (the smallest one) an empty file called ssh
Unmount it and place it on the Pi: Note: Pi must be off. Never ever do move the SD card in or out when the Pi is running. Changes are you end up with corrupted SD card
Connect the Pi with a network cable to your home router and power it.
Connect to the Pi
Find the Pi's IP address by going to your home router web interface and look for the Pi IP address in the Local Area Network.
SSH to the Pi:
ssh pi@PI.IP.ADDRSS
- default user: Pi
- default password: raspberry
Basic System Operations
Expand file system
Currently Raspbian is not occupying the entirety of the SD card space. So we must expand the file system by:
- running
sudo raspi-config
- Select section: 7 Advanced Options
- Select: A1 Expand Filesystem
Once done the system will reboot and you will need to ssh again
Apt
Update the packages references
apt update
Once update you might see a message indicating that there packages that can be upgraded
Reading package lists... Done Building dependency tree Reading state information... Done 26 packages can be upgraded. Run 'apt list --upgradable' to see them.
Go ahead and upgrade the packages
apt upgrade
It might be a good moment to install some essential packages: sudo, tmux, git
apt install sudo tmux git
Users & passwords
Once logged back in it is a good idea to
- change the root password to something strong
- delete the Pi user
- create a new users for your self and other users
Start by becoming root
sudo su -
Change the root password to something strong
passwd
Delete Pi user:
deluser pi
Add your regular user
adduser yourusername
You might want your (and other) user to have super user previleges, hence:
- install sudo
apt install sudo
- add your user to sudo group
adduser yourusername sudo
Now if you log out and log back in again and type:
groups
You will notice you are part of the sudo group - now you can really duck up the system with the wrong commands!! yeahh!
SSH security
Because our Pi will accessible from the outside world is a good idea to:
- disable ssh with password
- disable ssh for root
Before we perform this changes it is important the that user's public ssh key placed in those users ~/.ssh/authorized_keys so that the ssh key pair authentication can work.
Install Install Install
So we got to the point where we must start installing all the necessary software to run Mediawiki.
To ease this and other necessary task I have created a Make file to automate the steps required to a Mediawiki installation. We'll use that make file in this process.
As the regular user in the Pi, git clone the mediawiki_make repository: cd ~/ git https://gitlab.com/Castro0o/mediawiki_make cd mediawiki_make
The first command we'll run will install dependencies and configure Mariadb [1]
sudo make dependencies
In MariaDB setting I gave the following answers:
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
Remove anonymous users? [Y/n] y
... Success!
Disallow root login remotely? [Y/n] y
... Success!
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
When everything it is install is good to test things:
Mariadb by login it to it as root: sudo mariadb -h localhost -u root -p
Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 56 Server version: 10.3.22-MariaDB-0+deb10u1 Raspbian 10 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.001 sec) MariaDB [(none)]> exit; Bye
Apache webserver: by visiting the Pi's IP address in the browser, which should show the default Apache page
PHP: by creating the /var/www/html/info.php writing inside it: sudo vi /var/www/html/info.php
<?php phpinfo(); ?>
And visiting it at http://pi.ip.addre.ss/info.php
USB disk as backup/image storage (optional)
In order to ensure that we have automated backups of the important files/dbs we will format a USB stick with 2 partitions:
- to store wiki images
- backup important files and images
We'll use gparted and format the partitions as NTFS so that we can mount in Linux/Mac/Windows as EXT format is only mountable in Linux machines.
Is the result after the formatting
fdisk -l
Disk /dev/sdb: 233.3 GiB, 250450280448 bytes, 489160704 sectors Disk model: Ultra Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xd1fce3fe Device Boot Start End Sectors Size Id Type /dev/sdb1 2048 182947839 182945792 87.2G 7 HPFS/NTFS/exFAT /dev/sdb2 182947840 489160703 306212864 146G 7 HPFS/NTFS/exFAT
/etc/fstab automatic mounts
Sandbox disk:
/etc/fstab
UUID=0733744D50775536 /var/www/html/itchwiki/images ntfs-3g defaults,nls=utf8,rw,exec,auto,uid=www-data,gid=www-data 0 0
Disk /dev/sda: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors Disk model: EVDS-63N5B1 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x000ae312 Device Boot Start End Sectors Size Id Type /dev/sda1 2048 1953523711 1953521664 931.5G 7 HPFS/NTFS/exFAT
Tinc
Reverse Proxy on Public Server
As described in https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension Enable the necessary apache2 modules with:
a2enmod
And then:
proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html
Restart apache:
systemctl restart apache2
Write the following entry:
<VirtualHost *:80>
ServerName subomain.domain.org
ProxyRequests Off
<Directory "/*">
DirectoryIndex index.html index.php
</Directory>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://10.0.20.100:80/
ProxyPassReverse / http://10.0.20.100:80/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>Replacing:
subomain.domain.orgProxyPass / http://10.0.20.100:80/with the IP of your tinc nodeProxyPassReverse / http://10.0.20.100:80/
Save it and disable and re enable apache
a2dissite artserver; systemctl reload apache2; a2ensite artserver; systemctl reload apache2
- ↑ Note: we will be using Apache webserver and Mariadb as database. However you can choose to install Nginx webserver and use a Postgres db or even SQLlite
