Differences

This shows you the differences between two versions of the page.

--- getting_started:12_install_pi_nginx [2023/11/02 21:35]
admin [php-fpm]
+++ getting_started:12_install_pi_nginx [2023/11/03 00:34] (current)
admin [The Database]
@@ Line 81: / Line 81: @@
 </code>
   * Navigate to http://127.0.0.1/test.php and see if the page display the PHP info.
+===== Install MariaDB =====
+==== Why MariaDB? ====
+  * We discovered that the version of MySQL that comes bundled by default with Debian 12 (bookworm) are breaking things on RADIUSdesk.
+  * For this reason we install MariaDB as an alternative.
+  * MariaDB is an open-source relational database management system, commonly used as an alternative for MySQL as the database portion of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack.
+  * It is intended to be a drop-in replacement for MySQL.
+  * Be sure to supply a root password for the MariaDB database when asked for it if you are security conscious else simply hit the ESC key.
+<code bash>
+sudo apt-get -y install mariadb-server php8.2-mysql
+sudo systemctl enable mariadb
+sudo systemctl restart mariadb
+sudo systemctl status mariadb
+</code>
+==== Disable strict mode ====
+  * With Debian 12 (bookworm), the bundled release of MariaDB is at version 15.1 which introduced a few Strict modes which have some problems with RADIUSdesk database implementation.
+  * We will disable Strict SQL Mode in MariaDB by creating a new file /etc/mysql/conf.d/disable_strict_mode.cnf
+<code bash>
+sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf
+</code>
+  * Enter these two lines:
+<code bash>
+[mysqld]
+sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
+</code>
+  * Save the file and restart the MySQL Server
+<code bash>
+sudo systemctl restart mariadb
+</code>
+===== Performance tune Nginx =====
+==== Modify expiry date for certain files ====
+  * Edit the ///etc/nginx/sites-available/default// file:
+<code bash>
+sudo vi /etc/nginx/sites-available/default
+</code>
+  * Add the following inside the server section:
+<code bash>
+location ~ ^/cake4/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
+    rewrite ^/cake4/rd_cake/webroot/(.*)$ /cake4/rd_cake/webroot/$1 break;
+    rewrite ^/cake4/rd_cake/(.*)$ /cake4/rd_cake/webroot/$1 break;
+    access_log off;
+    expires max;
+    add_header Cache-Control public;
+}
+</code>
+  * Add below only if you require backward compatibility (MESHdesk and APdesk).
+<code bash>
+location ~ ^/cake3/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
+    rewrite ^/cake3/rd_cake/webroot/(.*)$ /cake3/rd_cake/webroot/$1 break;
+    rewrite ^/cake3/rd_cake/(.*)$ /cake3/rd_cake/webroot/$1 break;
+    access_log off;
+    expires max;
+    add_header Cache-Control public;
+}
+</code>
+  * Reload Nginx:
+<code bash>
+sudo systemctl reload nginx.service
+</code>
+===== Install RADIUSdesk =====
+  * The first part prepared everything to install **RADIUSdesk**.
+  * This part will go through the steps to install the latest **RADIUSdesk**.
+  * RADIUSdesk consists of three components.
+        * **rd** directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer.
+        * **cake4** is a CakePHPv4 application and can be considered the engine room. Here the data is processed before being presented by the presentation layer.
+        * **login** is a directory with various login pages which are centrally managed through the RADIUSdesk **Dynamic Login Pages** applet.
+  * Later we will create various symbolic links from locations inside the rdcore directory to locations inside the web server's document root directory.
+==== Required packages ====
+  * Make sure the following packages are installed.
+<code bash>
+sudo apt-get -y install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl php-sqlite3 git wget
+sudo systemctl restart php8.2-fpm
+</code>
+  * Check out the rdcore git repository.
+<code bash>
+cd /var/www
+sudo git clone https://github.com/RADIUSdesk/rdcore.git
+</code>
+  * This will create an rdcore directory containing some sub-folders.
+  * It is recommended that you also include the RD Mobile UI.
+  * Check out the rd_mobile git repository.
+<code bash>
+cd /var/www
+sudo git clone https://github.com/RADIUSdesk/rd_mobile.git
+</code>
+==== Create soft links ====
+  * We will create soft links in the directory where Nginx will serve the RADIUSdesk contents.
+<code bash>
+cd /var/www/html
+sudo ln -s ../rdcore/rd ./rd
+sudo ln -s ../rdcore/cake4 ./cake4
+#If backward compatibility is required for older firmware of MESHdesk
+sudo ln -s ../rdcore/cake4 ./cake3
+sudo ln -s ../rdcore/login ./login
+sudo ln -s ../rdcore/AmpConf/build/production/AmpConf ./conf_dev
+sudo ln -s ../rdcore/cake4/rd_cake/setup/scripts/reporting ./reporting
+#For the RD Mobile UI
+sudo ln -s ../rd_mobile/build/production/RdMobile ./rd_mobile
+</code>
+==== Change Ownerships ====
+  * Change the ownership of the following files to www-data so Nginx can make changes to the files/directories
+<code bash>
+sudo mkdir -p  /var/www/html/cake4/rd_cake/logs
+sudo mkdir -p /var/www/html/cake4/rd_cake/webroot/files/imagecache
+sudo mkdir -p /var/www/html/cake4/rd_cake/tmp
+sudo chown -R www-data: /var/www/html/cake4/rd_cake/tmp
+sudo chown -R www-data: /var/www/html/cake4/rd_cake/logs
+sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/realms
+sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_details
+sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_photos
+sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/access_providers
+sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/hardwares
+sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/files/imagecache
+</code>
+==== The Database ====
+  * Make sure the timezone on the server is set to UTC (You can use **sudo raspi-config**)
+  * Populate the timezone data on the DB
+<code bash>
+#NOTE FAILING THIS STEP will break the RADIUS graphs
+#There might be some error messages in the output which is fine - no need to be alarmed
+sudo su
+mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root  mysql
+</code>
+  * Create an empty database called rd
+<code bash>
+sudo su
+mysql -u root
+create database rd;
+GRANT ALL PRIVILEGES ON rd.* to 'rd'@'127.0.0.1' IDENTIFIED BY 'rd';
+GRANT ALL PRIVILEGES ON rd.* to 'rd'@'localhost' IDENTIFIED BY 'rd';
+exit;
+</code>
+  * Populate the database:
+<code bash>
+sudo mysql -u root rd < /var/www/html/cake4/rd_cake/setup/db/rd.sql
+</code>
+<WRAP center round tip 90%>
+  * RADIUSdesk is under active development and sometimes we add SQL patches.
+  * The SQL Patches are located under **/var/www/html/cake4/rd_cake/setup/db/**
+  * These patches are non-destructive and you can run them against the database
+  * See the pattern below
+<code bash>
+sudo mysql -u root rd < /var/www/rdcore/cake4/rd_cake/setup/db/8.068_add_email_sms_histories.sql
+</code>
+</WRAP>
+==== Configure Nginx ====
+  * Configure Nginx to rewrite some RdCore URLs starting with ///cake4/rd_cake//.
+  * Edit ///etc/nginx/sites-enabled/default//
+<code bash>
+sudo vi /etc/nginx/sites-enabled/default
+</code>
+  * Add this once section directly below **server_name** item. (This is so that this rule is hit first for the reporting side. We do not use CakePHP for the reporting anymore due to performance issues.
+<code bash>
+server_name _;
+location /cake4/rd_cake/node-reports/submit_report.json {
+    try_files $uri $uri/ /reporting/reporting.php;
+}
+</code>
+  * If you need backward compatibility support (MESHdesk and APdesk) also add this section:
+<code bash>
+location /cake3/rd_cake/node-reports/submit_report.json {
+    try_files $uri $uri/ /reporting/reporting.php;
+}
+</code>
+  * Add the following configuration block inside the server section (This you can add towards the end):
+<code bash>
+location /cake4/rd_cake {
+   rewrite ^/cake4/rd_cake(.+)$ /cake4/rd_cake/webroot$1 break;
+   try_files $uri $uri/ /cake4/rd_cake/index.php$is_args$args;
+}
+</code>
+  * If you need backward compatibility support (MESHdesk and APdesk) also add this section:
+<code bash>
+location /cake3/rd_cake {
+   rewrite ^/cake3/rd_cake(.+)$ /cake3/rd_cake/webroot$1 break;
+   try_files $uri $uri/ /cake3/rd_cake/index.php$is_args$args;
+}
+</code>
+  * Reload the Nginx:
+<code bash>
+sudo systemctl reload nginx
+</code>
+==== Important URLs ====
+  * The following URLs are important to reach the UI
+  * To load the optimized UI, go to http://127.0.0.1/rd/build/production/Rd/
+  * If you want to serve the content directly out of the webroot, do the following:
+<code bash>
+sudo cp -R /var/www/html/rd/build/production/Rd/* /var/www/html/
+</code>
+  * To load the RD Mobile UI, go to http://127.0.0.1/rd_mobile
+=== Login Credentials ===
+  * By default you can log in with the following credentials
+Username: **root** Password: **admin**
+===== Cron Scripts =====
+  * RADIUSdesk requires a few scripts to run periodically in order to maintain a healthy and working system.
+  * To activate the cron scripts execute the following command, which will add RADIUSdesk's crons scripts to the Cron system
+<code bash>
+sudo cp /var/www/html/cake4/rd_cake/setup/cron/cron4 /etc/cron.d/
+</code>
+  * If you want to change the default intervals at which the scripts get executed, just edit the /etc/cron.d/cron4 file.
+===== Add LETSENCRYPT certificate =====
+  * Rather than repeating existing documentation we will just add a URL with the instructions to do it.
+  * You might want to run the following first before going to the instructions in the URL
+<code bash>
+sudo apt-get update
+sudo apt-get -y install software-properties-common
+</code>
+  * https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-11
+===== Next steps =====
+  * Be sure to also install FreeRADIUS

RADIUSdesk

Page Tools

Site Tools

User Tools

Differences