Setting up an Arch linux server on the Raspberry Pi. The sever uses a combination of Nginx and php

Arch Linux Ngnix|PHP Server.md

Burn the SD card

1. Check the downloaded img is ok by comparing checksum: $ sha1sum archlinux-hf-2013-07-22.img.zip
2. Burn the image to a new SD card: $ cd Downloads $ sudo umount /dev/mmcblk0* $ sudo dcfldd bs=4M if=archlinux-hf-2013-07-22.img of=/dev/mmcblk0
3. Plug your Rpi into an ethernet network.
4. Find its IP address with: $ sudo nmap -sP 192.168.1.0/24
5. ssh into your Rpi: $ ssh root@192.168.1.81

On to basic setup

1. change root password: $ passwd root
2. Update the install: pacman -Syu
3. Install vim: $ pacman -S vim
4. Set hostname: $ vim /etc/hostname
5. Also set hostname in: $ /etc/hosts
6. Install sudo: $ pacman -S sudo
7. Give regular users permission to use sudo: $ EDITOR=vim visudo a. Uncomment "# %wheel ALL=(ALL) ALL" b. Save and exit.
8. Install the adduser package: $ pacman -S adduser
9. Add a user: a. $ useradd -m -g users -s /bin/bash usernamehere b. $ ensure they can use sudo: gpasswd -a tom wheel c. Now logout: $ exit d. And login again as the new user.
10. Prevent root login: a. $ sudo vim /etc/ssh/sshd_config b. Change "PermitRootLogin yes" to "PermitRootLogin no" c. And restart the ssh daemon "systemctl restart sshd"

Setup a Nginx webserver

See https://wiki.archlinux.org/index.php/Nginx for reference.

1. Install wget: $ pacman -S wget

2. Install Nginx: $ pacman -S nginx

3. Download and run the Nginx perl install script "jail.pl" found on arch wiki

4. Add use the following service text in "/etc/systemd/system/nginx.service": [Unit] Description=A high performance web server and a reverse proxy server in chroot jail After=syslog.target network.target

   [Service] Type=forking PIDFile=/srv/http/run/nginx.pid ExecStartPre=/usr/bin/chroot --userspec=http:http /srv/http /usr/sbin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;' ExecStart=/usr/bin/chroot --userspec=http:http /srv/http /usr/sbin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' ExecReload=/usr/bin/chroot --userspec=http:http /srv/http /usr/sbin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload ExecStop=/usr/bin/chroot --userspec=http:http /srv/http /usr/sbin/nginx -g 'pid /run/nginx.pid;' -s quit

   [Install] WantedBy=multi-user.target

5. Enable at startup: $ sudo systemctl enable nginx

6. Then add the following lines to "/etc/fstab" so that the filesystem mounts at startup: tmpfs /srv/http/run tmpfs rw,noexec,relatime,size=1024k 0 0 tmpfs /srv/http/tmp tmpfs rw,noexec,relatime,size=102400k 0 0

7. Start nginx: $ sudo systemctl start nginx

8. Default index.html page: $ sudo vim /srv/http/usr/share/nginx/html/index.html

Setup PHP

1. Install fast-cgi with php: $ sudo pacman -S php-fpm

2. ##CHECK##Check "open_basedir" in /etc/php/php.ini lists the base directory "/srv/http/", which it should by default.

3. To enble PHP to be used with a host add the following to "/srv/http/etc/nginx/php.conf": location ~ .php$ { try_files $uri = 404; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; include fastcgi.conf; }

4. The above php configeration can then be easily added to nginx hosts using an include.

5. Make a backup of the nginx configeration file "$ cp /srv/http/etc/nginx/nginx.conf /srv/http/etc/nginx/nginx.confCOPY"

6. And the create a simple host example by writing the following (delete everything else) to "/srv/http/etc/nginx/nginx.conf":

7. Enable the php-fpm service: $ sudo systemctl enable php-fpm.service

8. Start the php-fpm service: $ sudo systemctl start php-fpm.service

TODO:

• Add fail2ban or sshguard to prevent brute force attacks.
• Install SD card saver.