RADIUSdesk

logo
Trace: 12_install_pi_nginx

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
getting_started:12_install_pi_nginx [2023/11/02 20:52]
admin created 		getting_started:12_install_pi_nginx [2023/11/03 00:34] (current)
admin [The Database]
Line 1: Line 1:
 ====== Install Nginx ====== ====== Install Nginx ======
 +===== Prep =====
 +
   * These instructions are for Raspberry Pi OS based on Debian version 12 (bookworm).   * These instructions are for Raspberry Pi OS based on Debian version 12 (bookworm).
   * You can issue the command **cat /etc/issue.net** to confirm the version. It should say **Debian GNU/Linux 12   * You can issue the command **cat /etc/issue.net** to confirm the version. It should say **Debian GNU/Linux 12
Line 21: Line 23:
   * Navigate to the IP Address of the server where you installed **Nginx** using a browser to ensure Nginx serves content e.g. http://127.0.0.1   * Navigate to the IP Address of the server where you installed **Nginx** using a browser to ensure Nginx serves content e.g. http://127.0.0.1
  
-====== Configure Nginx to interpret .php files ====== +===== Configure Nginx to interpret .php files =====
-===== php-fpm =====+
   * The default install of **Nginx** does not support the serving of **.php** files.   * The default install of **Nginx** does not support the serving of **.php** files.
   * We will install a program (actually a service) called **php-fpm**.   * We will install a program (actually a service) called **php-fpm**.
Line 32: Line 33:
 sudo systemctl start php8.2-fpm sudo systemctl start php8.2-fpm
 </code> </code>
-====== Modify Nginx ======+===== Modify Nginx =====
   * Now that the php-fpm service is installed we should change the default **Nginx** server to make use of it.   * Now that the php-fpm service is installed we should change the default **Nginx** server to make use of it.
   * Edit the default server file:   * Edit the default server file:
Line 51: Line 52:
     #     #
     #       # With php-fpm (or other unix sockets):     #       # With php-fpm (or other unix sockets):
-    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;+    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
     #       # With php-cgi (or other tcp sockets):     #       # With php-cgi (or other tcp sockets):
     #       fastcgi_pass 127.0.0.1:9000;     #       fastcgi_pass 127.0.0.1:9000;
Line 80: Line 81:
 </code> </code>
   * Navigate to http://127.0.0.1/test.php and see if the page display the PHP info.   * Navigate to http://127.0.0.1/test.php and see if the page display the PHP info.
 +
 +===== Install MariaDB =====
 +==== Why MariaDB? ====
 +  * We discovered that the version of MySQL that comes bundled by default with Debian 12 (bookworm) are breaking things on RADIUSdesk.
 +  * For this reason we install MariaDB as an alternative.
 +  * MariaDB is an open-source relational database management system, commonly used as an alternative for MySQL as the database portion of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack.
 +  * It is intended to be a drop-in replacement for MySQL.
 +  * Be sure to supply a root password for the MariaDB database when asked for it if you are security conscious else simply hit the ESC key.
 +<code bash>
 +sudo apt-get -y install mariadb-server php8.2-mysql
 +sudo systemctl enable mariadb
 +sudo systemctl restart mariadb
 +sudo systemctl status mariadb
 +</code>
 +==== Disable strict mode ====
 +  * With Debian 12 (bookworm), the bundled release of MariaDB is at version 15.1 which introduced a few Strict modes which have some problems with RADIUSdesk database implementation.
 +  * We will disable Strict SQL Mode in MariaDB by creating a new file /etc/mysql/conf.d/disable_strict_mode.cnf
 +<code bash>
 +sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf
 +</code>
 +  * Enter these two lines:
 +<code bash>
 +[mysqld]
 +sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
 +</code>
 +  * Save the file and restart the MySQL Server
 +<code bash>
 +sudo systemctl restart mariadb
 +</code>
 +
 +===== Performance tune Nginx =====
 +==== Modify expiry date for certain files ====
 +  * Edit the ///etc/nginx/sites-available/default// file:
 +<code bash>
 +sudo vi /etc/nginx/sites-available/default
 +</code>
 +  * Add the following inside the server section:
 +<code bash>
 +location ~ ^/cake4/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
 +    rewrite ^/cake4/rd_cake/webroot/(.*)$ /cake4/rd_cake/webroot/$1 break;
 +    rewrite ^/cake4/rd_cake/(.*)$ /cake4/rd_cake/webroot/$1 break;
 +    access_log off;
 +    expires max;
 +    add_header Cache-Control public;
 +}
 +</code>
 +  * Add below only if you require backward compatibility (MESHdesk and APdesk).
 +<code bash>
 +location ~ ^/cake3/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
 +    rewrite ^/cake3/rd_cake/webroot/(.*)$ /cake3/rd_cake/webroot/$1 break;
 +    rewrite ^/cake3/rd_cake/(.*)$ /cake3/rd_cake/webroot/$1 break;
 +    access_log off;
 +    expires max;
 +    add_header Cache-Control public;
 +}
 +</code>
 +  * Reload Nginx:
 +<code bash>
 +sudo systemctl reload nginx.service
 +</code>
 +
 +===== Install RADIUSdesk =====
 +  * The first part prepared everything to install **RADIUSdesk**.
 +  * This part will go through the steps to install the latest **RADIUSdesk**.
 +  * RADIUSdesk consists of three components.
 +        * **rd** directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer.
 +        * **cake4** is a CakePHPv4 application and can be considered the engine room. Here the data is processed before being presented by the presentation layer.
 +        * **login** is a directory with various login pages which are centrally managed through the RADIUSdesk **Dynamic Login Pages** applet.
 +  * Later we will create various symbolic links from locations inside the rdcore directory to locations inside the web server's document root directory.
 +
 +==== Required packages ====
 +  * Make sure the following packages are installed.
 +<code bash>
 +sudo apt-get -y install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl php-sqlite3 git wget
 +sudo systemctl restart php8.2-fpm
 +</code>
 +  * Check out the rdcore git repository.
 +<code bash>
 +cd /var/www
 +sudo git clone https://github.com/RADIUSdesk/rdcore.git
 +</code>
 +  * This will create an rdcore directory containing some sub-folders.
 +  * It is recommended that you also include the RD Mobile UI.
 +  * Check out the rd_mobile git repository.
 +<code bash>
 +cd /var/www
 +sudo git clone https://github.com/RADIUSdesk/rd_mobile.git
 +</code>
 +==== Create soft links ====
 +  * We will create soft links in the directory where Nginx will serve the RADIUSdesk contents.
 +<code bash>
 +cd /var/www/html
 +sudo ln -s ../rdcore/rd ./rd
 +sudo ln -s ../rdcore/cake4 ./cake4
 +#If backward compatibility is required for older firmware of MESHdesk
 +sudo ln -s ../rdcore/cake4 ./cake3
 +sudo ln -s ../rdcore/login ./login
 +sudo ln -s ../rdcore/AmpConf/build/production/AmpConf ./conf_dev
 +sudo ln -s ../rdcore/cake4/rd_cake/setup/scripts/reporting ./reporting
 +#For the RD Mobile UI
 +sudo ln -s ../rd_mobile/build/production/RdMobile ./rd_mobile
 +</code>
 +==== Change Ownerships ====
 +  * Change the ownership of the following files to www-data so Nginx can make changes to the files/directories
 +<code bash>
 +sudo mkdir -p  /var/www/html/cake4/rd_cake/logs
 +sudo mkdir -p /var/www/html/cake4/rd_cake/webroot/files/imagecache
 +sudo mkdir -p /var/www/html/cake4/rd_cake/tmp
 +sudo chown -R www-data: /var/www/html/cake4/rd_cake/tmp
 +sudo chown -R www-data: /var/www/html/cake4/rd_cake/logs
 +sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/realms
 +sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_details
 +sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_photos
 +sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/access_providers
 +sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/hardwares
 +sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/files/imagecache
 +</code>
 +==== The Database ====
 +  * Make sure the timezone on the server is set to UTC (You can use **sudo raspi-config**)
 +  * Populate the timezone data on the DB
 +<code bash>
 +#NOTE FAILING THIS STEP will break the RADIUS graphs
 +#There might be some error messages in the output which is fine - no need to be alarmed
 +sudo su
 +mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root  mysql
 +</code>
 +  * Create an empty database called rd
 +<code bash>
 +sudo su
 +mysql -u root
 +create database rd;
 +GRANT ALL PRIVILEGES ON rd.* to 'rd'@'127.0.0.1' IDENTIFIED BY 'rd';
 +GRANT ALL PRIVILEGES ON rd.* to 'rd'@'localhost' IDENTIFIED BY 'rd';
 +exit;
 +</code>
 +  * Populate the database:
 +<code bash>
 +sudo mysql -u root rd < /var/www/html/cake4/rd_cake/setup/db/rd.sql
 +</code>
 +<WRAP center round tip 90%>
 +  * RADIUSdesk is under active development and sometimes we add SQL patches.
 +  * The SQL Patches are located under **/var/www/html/cake4/rd_cake/setup/db/**
 +  * These patches are non-destructive and you can run them against the database
 +  * See the pattern below
 +<code bash>
 +sudo mysql -u root rd < /var/www/rdcore/cake4/rd_cake/setup/db/8.068_add_email_sms_histories.sql 
 +</code>
 +</WRAP>
 +==== Configure Nginx ====
 +  * Configure Nginx to rewrite some RdCore URLs starting with ///cake4/rd_cake//.
 +  * Edit ///etc/nginx/sites-enabled/default//
 +<code bash>
 +sudo vi /etc/nginx/sites-enabled/default
 +</code>
 +  * Add this once section directly below **server_name** item. (This is so that this rule is hit first for the reporting side. We do not use CakePHP for the reporting anymore due to performance issues.
 +<code bash>
 +server_name _;
 +location /cake4/rd_cake/node-reports/submit_report.json {
 +    try_files $uri $uri/ /reporting/reporting.php;
 +}
 +</code>
 +  * If you need backward compatibility support (MESHdesk and APdesk) also add this section:
 +<code bash>
 +location /cake3/rd_cake/node-reports/submit_report.json {
 +    try_files $uri $uri/ /reporting/reporting.php;
 +}
 +</code>
 +  * Add the following configuration block inside the server section (This you can add towards the end):
 +<code bash>
 +location /cake4/rd_cake {
 +   rewrite ^/cake4/rd_cake(.+)$ /cake4/rd_cake/webroot$1 break;
 +   try_files $uri $uri/ /cake4/rd_cake/index.php$is_args$args;
 +}
 +</code>
 +  * If you need backward compatibility support (MESHdesk and APdesk) also add this section:
 +<code bash>
 +location /cake3/rd_cake {
 +   rewrite ^/cake3/rd_cake(.+)$ /cake3/rd_cake/webroot$1 break;
 +   try_files $uri $uri/ /cake3/rd_cake/index.php$is_args$args;
 +}
 +</code>
 +  * Reload the Nginx:
 +<code bash>
 +sudo systemctl reload nginx
 +</code>
 +==== Important URLs ====
 +  * The following URLs are important to reach the UI
 +  * To load the optimized UI, go to http://127.0.0.1/rd/build/production/Rd/
 +  * If you want to serve the content directly out of the webroot, do the following:
 +<code bash>
 +sudo cp -R /var/www/html/rd/build/production/Rd/* /var/www/html/
 +</code>
 +  * To load the RD Mobile UI, go to http://127.0.0.1/rd_mobile
 +=== Login Credentials ===
 +  * By default you can log in with the following credentials
 +Username: **root** Password: **admin**
 +===== Cron Scripts =====
 +  * RADIUSdesk requires a few scripts to run periodically in order to maintain a healthy and working system.
 +  * To activate the cron scripts execute the following command, which will add RADIUSdesk's crons scripts to the Cron system
 +<code bash>
 +sudo cp /var/www/html/cake4/rd_cake/setup/cron/cron4 /etc/cron.d/
 +</code>
 +  * If you want to change the default intervals at which the scripts get executed, just edit the /etc/cron.d/cron4 file.
 +
 +===== Add LETSENCRYPT certificate =====
 +  * Rather than repeating existing documentation we will just add a URL with the instructions to do it.
 +  * You might want to run the following first before going to the instructions in the URL
 +<code bash>
 +sudo apt-get update
 +sudo apt-get -y install software-properties-common
 +</code>
 +  * https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-11
 +===== Next steps =====
 +  * Be sure to also install FreeRADIUS
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
  
  
  
  
Last modified: 2023/11/02 20:52