This page is a WIP!
I use Arch Linux ARM, as the distro has a rolling update system, that doesn't force me to format my SDCard after a while to install a more updated version; Arch Linux also has possibly the greatest wiki a distro has seen!
I'm using a Raspberry Pi 3 B+, with an SDCard of 4GB! Plugged to Ethernet
Setting up Arch Linux ARM:
There's versions for RPi 2, 4, and Zero 2 too, I'm using the one for RPi 3 from here:
It requires Linux to use the instalation instructions there: I've download a Linux Mint ISO, and live booted it from a flash USB drive; I used Rufus to make the USB bootable with the ISO, transfering it in DD mode
Once installed, put the SDCard on the RPi, it will reboot, and you can connect to your RPi by SSH using the hostname called alarm (Or check your router's local network map to see the local IP assigned to alarm)
From Windows, I use the SSH client from MSYS64; both it and Arch Linux use pacman as the package manager; it can be installed with:
sudo pacman -Syy openssh
From Linux Mint one can do it with
sudo apt install ssh
One then can login with:
ssh alarm@alarm
To change the default Arch Linux ARM user, alarm, you can:
su
(Type root as password)
(Change all instances of "alarm" to the desired username, in the next files; can only start with lowercase letter and have only lowercase letters, digits, underscores, hyphens, and periods, and optionally a dollar sign at the end:)
nano /etc/passwd
nano /etc/shadow
nano /etc/gshadow
nano /etc/group
Then change the name of the user's home directory to the one of your username:
cd ..
mv alarm <the new username>
Change root user password:
passwd
Change new user password:
passwd <The new username>
Install webserver and management programs (libxml2 and icu were needed for me to be installed so starting php-fpm wouldn't throw an error, dnstools and wget for dynamic IP updates to personal URL, base-devel and git for building certbot to have our site as HTTPS, cronie because its simple and historically used way to execute a command every set amount of time, it being updating our subdomain with our dynamic IP):
pacman -Syy apache php php-fpm libxml2 icu mariadb sudo base-devel git dnstools wget cronie
Add your user to sudoers, so it can use root commands with sudo:
visudo
sLook for the line that says "root ALL=(ALL:ALL) ALL", and make a line above of below it with the same, but replace "root" with the user name you created:
<The new username> ALL=(ALL:ALL) ALL
Save with Ctrl+O, close wit Ctrl+W
Make a static IP, using the default network manager of Arch Linux ARM; check the Ethernet network interface name:
ifconfig
In mine, it says "enu1u1u1", another popular possible Ethernet interface name is "eth0", to make the IP static, if the interface name starts with "en":
nano /etc/systemd/network/en.network
If the inteface name starts with "eth":
nano /etc/systemd/network/eth.network
Have the [Network] section look like this, for example; use the values that suits your setup; the /16 after the IP in Address, is the mask: In Windows, equivalent to 255.255.0.0; /24 there is equivalent to 255.255.255.0
[Network]
DHCP=no
Address=192.168.1.100/16
Gateway=192.168.1.1
DNS=192.168.1.1
DNS=1.1.1.1
DNS=1.0.0.1
DNSSEC=no
Change the RPi hostname; only letters and numbers and hyphens are allowed; hostname must not start with a hyphen:
hostnamectl set-hostname <new hostname>
Apply changes by resetting the network manager service; if you connected by IP, your connetion will drop, and you must login again:
systemctl restart systemd-networkd
If you weren't logged out by the previous command, log out using this command twice:
exit
Log in again with:
ssh <username>@<hostname>
Setup PHP with php-fpm by uncommenting (Removing the #) the next two lines in /etc/httpd/conf/httpd.conf
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
And adding this line to the end of the same httpd file:
Include conf/extra/php-fpm.conf
Create the file /etc/httpd/conf/extra/php-fpm.conf and add it the next 4 lines:
DirectoryIndex index.php index.html
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/"
</FilesMatch>
Execute the next four commands to start and enable both php and your webserver
sudo systemctl start php-fpm
sudo systemctl enable php-fpm
sudo systemctl start httpd
sudo systemctl enable httpd
If you are having dynamic IP, create a subdomain here that will point to your RPi server https://freedns.afraid.org/ by creating an account and going to Registry in the left menu
Search and select a domain of preference, and create a submdomain for it
Once your subdomain is created, create a file, that you may name /usr/local/bin/updatefreedns , with this content:
#!/bin/sh
#FreeDNS updater script
UPDATEURL="<Update key URL>"
DOMAIN="<Subdomain URL>"
registered=$(nslookup ns1.afraid.org $DOMAIN|head -n2|tail -n1|grep A|sed s/[^0-9.#]//g|cut -d "#" -f1)
current=$(wget -q -O - http://checkip.dyndns.org|sed s/[^0-9.]//g)
[ "$current" != "$registered" ] && {
wget -q --read-timeout=0.0 --waitretry=5 --tries=400 --background -O /dev/null $UPDATEURL
echo $UPDATEURL
echo $DOMAIN
echo $registered
echo $current
echo "DNS updated on:"; date
}
Go to "Dynamic DNS" on the left menu, go down to the page, right click "Direct URL" to the right of your created subdomain, copy it, and paste it on the UPDATEURL variable in the file, and paste your subdomain in the variable named DOMAIN
Create a cron job for that script to execute every 5 minutes:
crontab -e
Add this to a new line at on the crontab:
*/5 * * * * /usr/local/bin/updatefreedns
Start and enable the cron jobs
sudo systemctl start cronie
sudo systemctl enable cronie
Create a ssh key to use to connect to your server from a external network, save it to the default location, lock it with password:
ssh-keygen -m PEM -t rsa -b 4096
Copy that public key pair to ~/.ssh/authorized_keys and change its permission to 600:
cd .ssh
cat id_rsa.pub >> authorized_keys
chmod 600 authorized_keys
cd
Download the key at ~/.ssh/id_rsa using sftp, WinSCP in Windows (Double click in the lower right part of the window that says hidden, to show hidden files in the folder; files and folders starting with a . are hidden) or other method, so you can login again and not get locked out!
Edit sshd_config to prevent login by password, and log in using the id_rsa key with its password instead:
sudo nano /etc/ssh/sshd_config
Uncomment the next line (Remove the # from its beginning) and change yes to no at the end:
# PasswordAuthentication yes
To:
PasswordAuthentication no
Reset the sshd daemon to apply changes:
sudo systemctl restard sshd
To connect from a remote network to your server, you can go to your router configuration interface (usually can access to it from 192.168.1.1 on a web browser), and create a port configuration like this:
IP: <your server static local IP>
You can now login with this: ssh -i <id_rsa file location> <server username>@<server address> -p <server external (WAN) port> To have HTTPS on the server, uncomment this line in httpd.conf #LoadModule ssl_module modules/mod_ssl.so If you need space to install it, you can delete cache from previously installed packages from pacman: sudo rm /var/cache/pacman/pkg/* And follow the instructions here; if you are installing certbot using snap can also delete the snapd folder in home directory to make over 200MB of space https://certbot.eff.org/instructions?ws=apache&os=arch Edit virtual host, first uncomment the include line in httpd.conf # Virtual hosts (WIP!) Something about this: <Directory "/srv/http/unknown"> /!\ Dragon working!
Protocol: TCP
External port (WAN): <Any other than the default 22>
Internal port (LAN): 22
#Include conf/extra/httpd-vhosts.conf
Require all granted
</Directory>