Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Install Nginx ====== ===== Prep ===== * This guide is for Raspberry Pi OS based on Debian version 12 (Bookworm). * You can run the command **cat /etc/issue.net** to confirm the version. **Debian GNU/Linux 12** should be displayed. * Make sure it is up to date. <code bash> # Get the latest package lists sudo apt-get update # Update the system to the latest sudo apt-get upgrade </code> * Install Nginx <code bash> sudo apt-get -y install nginx </code> * Make sure that the web server is started and running <code bash> sudo systemctl stop nginx.service sudo systemctl start nginx.service </code> * Using a browser, navigate to the IP address of the server on which you have installed Nginx to ensure that Nginx is serving content, e.g. http://127.0.0.1 ===== Configure Nginx to interpret .php files ===== * The default installation of Nginx does not support serving .php files. * We will install a program (actually a service) called **php-fpm**. * This service will listen for requests to interpret. * Install the php-fpm service by installing the default version 8.2 of the packages <code bash> sudo apt-get -y install php-fpm sudo systemctl enable php8.2-fpm sudo systemctl start php8.2-fpm </code> ===== Modify Nginx ===== * Now that the php-fpm service is installed, let us change the default nginx server to use it. * Edit the default server file: <code bash> sudo vi /etc/nginx/sites-enabled/default </code> * Add //index.php// to this line: <code> # Add index.php to the list if you are using PHP index index.php index.html index.htm index.nginx-debian.html; </code> * Enable PHP processing by leaving this section uncommented. Note that we are using the UNIX socket and that we are using 8.2 and not 7.4 as originally specified in the configuration file. <code bash> # pass PHP scripts to FastCGI server # location ~ \.php$ { include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; } </code> * Activate the hiding of .htaccess files <code bash> # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } </code> * Reload the configuration of the Nginx web server <code bash> sudo systemctl reload nginx.service </code> * Create a test //.php// file to confirm that it does work <code bash> sudo vi /var/www/html/test.php </code> * Contents <code php> <?php phpinfo(); ?> </code> * Navigate to http://127.0.0.1/test.php and check that the page displays the PHP information. ===== Install MariaDB ===== ==== Why MariaDB? ==== * We have found that the version of MySQL that comes with Debian 12 (bookworm) by default causes problems with RADIUSdesk. * For this reason, we have installed MariaDB as an alternative. * MariaDB is an open-source relational database management system that is often used as an alternative to MySQL as the database part of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack. * It is intended as an immediate replacement for MySQL. * Be sure to provide a root password for the MariaDB database when prompted if you are security conscious, otherwise just hit the ESC key. <code bash> sudo apt-get -y install mariadb-server php8.2-mysql sudo systemctl enable mariadb sudo systemctl restart mariadb sudo systemctl status mariadb </code> ==== Disable strict mode ==== * With Debian 12 (Bookworm), the bundled version of MariaDB is on version 15.1, which has introduced some strict modes that have some issues with the RADIUSdesk database implementation. * We will disable the Strict SQL mode in MariaDB by creating a new file /etc/mysql/conf.d/disable_strict_mode.cnf <code bash> sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf </code> * Enter these two lines: <code bash> [mysqld] sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION </code> * Save the file and restart the MySQL server <code bash> sudo systemctl restart mariadb </code> ===== Performance tune Nginx ===== ==== Modify expiry date for certain files ==== * Edit the ///etc/nginx/sites-available/default// file: <code bash> sudo vi /etc/nginx/sites-available/default </code> * Add the following inside the server section: <code bash> location ~ ^/cake4/.+\.(jpg|jpeg|gif|png|ico|js|css)$ { rewrite ^/cake4/rd_cake/webroot/(.*)$ /cake4/rd_cake/webroot/$1 break; rewrite ^/cake4/rd_cake/(.*)$ /cake4/rd_cake/webroot/$1 break; access_log off; expires max; add_header Cache-Control public; } </code> * Add below only if you require backward compatibility (MESHdesk and APdesk). <code bash> location ~ ^/cake3/.+\.(jpg|jpeg|gif|png|ico|js|css)$ { rewrite ^/cake3/rd_cake/webroot/(.*)$ /cake3/rd_cake/webroot/$1 break; rewrite ^/cake3/rd_cake/(.*)$ /cake3/rd_cake/webroot/$1 break; access_log off; expires max; add_header Cache-Control public; } </code> * Reload Nginx: <code bash> sudo systemctl reload nginx.service </code> ===== Install RADIUSdesk ===== * The first part prepared everything to install **RADIUSdesk**. * This part will go through the steps to install the latest **RADIUSdesk**. * RADIUSdesk consists of three components. * **rd** directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer. * **cake4** is a CakePHPv4 application and can be considered the engine room. Here the data is processed before being presented by the presentation layer. * **login** is a directory with various login pages which are centrally managed through the RADIUSdesk **Dynamic Login Pages** applet. * Later we will create various symbolic links from locations inside the rdcore directory to locations inside the web server's document root directory. ==== Required packages ==== * Make sure the following packages are installed. <code bash> sudo apt-get -y install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl php-sqlite3 git wget sudo systemctl restart php8.2-fpm </code> * Check out the rdcore git repository. <code bash> cd /var/www sudo git clone https://github.com/RADIUSdesk/rdcore.git </code> * This will create an rdcore directory containing some sub-folders. * It is recommended that you also include the RD Mobile UI. * Check out the rd_mobile git repository. <code bash> cd /var/www sudo git clone https://github.com/RADIUSdesk/rd_mobile.git </code> ==== Create soft links ==== * We will create soft links in the directory where Nginx will serve the RADIUSdesk contents. <code bash> cd /var/www/html sudo ln -s ../rdcore/rd ./rd sudo ln -s ../rdcore/cake4 ./cake4 #If backward compatibility is required for older firmware of MESHdesk sudo ln -s ../rdcore/cake4 ./cake3 sudo ln -s ../rdcore/login ./login sudo ln -s ../rdcore/AmpConf/build/production/AmpConf ./conf_dev sudo ln -s ../rdcore/cake4/rd_cake/setup/scripts/reporting ./reporting #For the RD Mobile UI sudo ln -s ../rd_mobile/build/production/RdMobile ./rd_mobile </code> ==== Change Ownerships ==== * Change the ownership of the following files to www-data so Nginx can make changes to the files/directories <code bash> sudo mkdir -p /var/www/html/cake4/rd_cake/logs sudo mkdir -p /var/www/html/cake4/rd_cake/webroot/files/imagecache sudo mkdir -p /var/www/html/cake4/rd_cake/tmp sudo chown -R www-data: /var/www/html/cake4/rd_cake/tmp sudo chown -R www-data: /var/www/html/cake4/rd_cake/logs sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/realms sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_details sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_photos sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/access_providers sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/hardwares sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/files/imagecache </code> ==== The Database ==== * Make sure the timezone on the server is set to UTC (You can use **sudo raspi-config**) * Populate the timezone data on the DB <code bash> #NOTE FAILING THIS STEP will break the RADIUS graphs #There might be some error messages in the output which is fine - no need to be alarmed sudo su mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql </code> * Create an empty database called rd <code bash> sudo su mysql -u root create database rd; GRANT ALL PRIVILEGES ON rd.* to 'rd'@'127.0.0.1' IDENTIFIED BY 'rd'; GRANT ALL PRIVILEGES ON rd.* to 'rd'@'localhost' IDENTIFIED BY 'rd'; exit; </code> * Populate the database: <code bash> sudo mysql -u root rd < /var/www/html/cake4/rd_cake/setup/db/rd.sql </code> <alert type="info"> * RADIUSdesk is under active development and sometimes we add SQL patches. * The SQL Patches are located under **/var/www/html/cake4/rd_cake/setup/db/** * These patches are non-destructive and you can run them against the database * See the pattern below <code bash> sudo mysql -u root rd < /var/www/rdcore/cake4/rd_cake/setup/db/8.068_add_email_sms_histories.sql </code> </alert> ==== Configure Nginx ==== * Configure Nginx to rewrite some RdCore URLs starting with ///cake4/rd_cake//. * Edit ///etc/nginx/sites-enabled/default// <code bash> sudo vi /etc/nginx/sites-enabled/default </code> * Add this once section directly below **server_name** item. (This is so that this rule is hit first for the reporting side. We do not use CakePHP for the reporting anymore due to performance issues. <code bash> server_name _; location /cake4/rd_cake/node-reports/submit_report.json { try_files $uri $uri/ /reporting/reporting.php; } </code> * If you need backward compatibility support (MESHdesk and APdesk) also add this section: <code bash> location /cake3/rd_cake/node-reports/submit_report.json { try_files $uri $uri/ /reporting/reporting.php; } </code> * Add the following configuration block inside the server section (This you can add towards the end): <code bash> location /cake4/rd_cake { rewrite ^/cake4/rd_cake(.+)$ /cake4/rd_cake/webroot$1 break; try_files $uri $uri/ /cake4/rd_cake/index.php$is_args$args; } </code> * If you need backward compatibility support (MESHdesk and APdesk) also add this section: <code bash> location /cake3/rd_cake { rewrite ^/cake3/rd_cake(.+)$ /cake3/rd_cake/webroot$1 break; try_files $uri $uri/ /cake3/rd_cake/index.php$is_args$args; } </code> * Reload the Nginx: <code bash> sudo systemctl reload nginx </code> ==== Important URLs ==== * The following URLs are important to reach the UI * To load the optimized UI, go to http://127.0.0.1/rd/build/production/Rd/ * If you want to serve the content directly out of the webroot, do the following: <code bash> sudo cp -R /var/www/html/rd/build/production/Rd/* /var/www/html/ </code> * To load the RD Mobile UI, go to http://127.0.0.1/rd_mobile === Login Credentials === * By default you can log in with the following credentials Username: **root** Password: **admin** ===== Cron Scripts ===== * RADIUSdesk requires a few scripts to run periodically in order to maintain a healthy and working system. * To activate the cron scripts execute the following command, which will add RADIUSdesk's crons scripts to the Cron system <code bash> sudo cp /var/www/html/cake4/rd_cake/setup/cron/cron4 /etc/cron.d/ </code> * If you want to change the default intervals at which the scripts get executed, just edit the /etc/cron.d/cron4 file. ===== Add LETSENCRYPT certificate ===== * Rather than repeating existing documentation we will just add a URL with the instructions to do it. * You might want to run the following first before going to the instructions in the URL <code bash> sudo apt-get update sudo apt-get -y install software-properties-common </code> * https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-11 ===== Next steps ===== * Be sure to also install FreeRADIUS install_rasberry.txt Last modified: 2024/02/08 19:07by system