Skip to content

Instantly share code, notes, and snippets.

@jpawlowski
Last active November 18, 2023 13:17
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save jpawlowski/cd2827d46dd0c10f58c3b299ccdf8dd0 to your computer and use it in GitHub Desktop.
Save jpawlowski/cd2827d46dd0c10f58c3b299ccdf8dd0 to your computer and use it in GitHub Desktop.
Install and configure CUPS 2.1.2 on CentOS 7 (LXC running on Proxmox VE) host including AirPrint

Basic setup, e.g. enable ssh

yum -y install epel-release
yum -y upgrade
yum -y install openssh-server net-tools iputils psmisc less which man mc bash-completion bash-completion-extras bash-argsparse bind-utils traceroute htop mtr
echo "export HISTTIMEFORMAT='%F %T  '" > /etc/profile.d/history.sh
echo "export HISTIGNORE='ls -l:pwd:date:'" >> /etc/profile.d/history.sh
echo "export HISTCONTROL=ignoredups" >> /etc/profile.d/history.sh
systemctl enable sshd
systemctl start sshd

Build and install CUPS from source

yum -y install gcc gcc-c++ make rpm-build wget tar bzip2 gnutls-devel pam-devel dbus-devel avahi-devel systemd-devel system-config-printer-libs pygobject2 python-cups python-lxml foomatic-db-ppds ghostscript-cups cups-filesystem cups-filters cups-filters-libs cups-filters-libs cups-pdf cups-bjnp
wget https://github.com/apple/cups/releases/download/release-2.1.3/cups-2.1.3-source.tar.bz2
rpmbuild -ta --without libusb1 cups-2.1.3-source.tar.bz2
yum -y install rpmbuild/RPMS/x86_64/cups-2.1.3-1.x86_64.rpm rpmbuild/RPMS/x86_64/cups-libs-2.1.3-1.x86_64.rpm rpmbuild/RPMS/x86_64/cups-devel-2.1.3-1.x86_64.rpm rpmbuild/RPMS/x86_64/cups-lpd-2.1.3-1.x86_64.rpm
rm -rf rpmbuild

Configure CUPS

/etc/xinetd.d/cups-lpd

echo "service printer" > /etc/xinetd.d/cups-lpd
echo "{" >> /etc/xinetd.d/cups-lpd
echo "        socket_type = stream" >> /etc/xinetd.d/cups-lpd
echo "        protocol = tcp" >> /etc/xinetd.d/cups-lpd
echo "        wait = no" >> /etc/xinetd.d/cups-lpd
echo "        user = lp" >> /etc/xinetd.d/cups-lpd
echo "        group = sys" >> /etc/xinetd.d/cups-lpd
echo "        passenv =" >> /etc/xinetd.d/cups-lpd
echo "        server = /usr/lib/cups/daemon/cups-lpd" >> /etc/xinetd.d/cups-lpd
echo "        server_args = -o document-format=application/octet-stream" >> /etc/xinetd.d/cups-lpd
echo "}" >> /etc/xinetd.d/cups-lpd

/etc/cups/cupsd.conf

cat /etc/cups/cupsd.conf.default | grep -v "Listen" > /etc/cups/cupsd.conf
echo "
Port 631
SSLPort 443
AutoPurgeJobs Yes
BrowseWebIF Off
DefaultPaperSize A4
DefaultShared Yes
ErrorPolicy retry-job
ServerAdmin hostmaster@example.com
ServerAlias demucvclp01prn.prd.loc.example.com cups.loc.example.com cups.example.com
ServerTokens ProductOnly
" >> /etc/cups/cupsd.conf

sed -i "s/<\/Location>/  Allow @LOCAL\n<\/Location>/g" /etc/cups/cupsd.conf
sed -i "s/<Location \/admin>/<Location \/admin>\n  Encryption Required\n  AuthType Default\n  Require user @SYSTEM/" /etc/cups/cupsd.conf
sed -i "s/<Location \/admin\/conf>/<Location \/admin\/conf>\n  Encryption Required/g" /etc/cups/cupsd.conf
sed -i "s/<Location \/admin\/log>/<Location \/admin\/log>\n  Encryption Required/g" /etc/cups/cupsd.conf
sed -i "s/^BrowseLocalProtocols.*/BrowseProtocols all/" /etc/cups/cupsd.conf
sed -i "s/^Browsing.*/Browsing On/" /etc/cups/cupsd.conf
sed -i "s/^WebInterface.*/WebInterface Yes/" /etc/cups/cupsd.conf

/etc/pam.d/cups (fix for pam_unknown.so)

echo "auth    required        pam_unix.so nodelay" > /etc/pam.d/cups
echo "account required        pam_unix.so" >> /etc/pam.d/cups
chmod 644 /etc/pam.d/cups

Install lighttpd to redirect port 80 to 443

yum -y install lighttpd
sed -i "s/^#  \"mod_redirect\",.*/  \"mod_redirect\",/g" /etc/lighttpd/modules.conf
echo "$SERVER["socket"] == ":80" {" >> /etc/lighttpd/lighttpd.conf
echo "  $HTTP["host"] =~ ".*" {" >> /etc/lighttpd/lighttpd.conf
echo "    url.redirect = (".*" => "https://%0$0")" >> /etc/lighttpd/lighttpd.conf
echo "  }" >> /etc/lighttpd/lighttpd.conf
echo "}" >> /etc/lighttpd/lighttpd.conf

AirPrint

Note: rm -rf /etc/avahi/services && /usr/local/bin/airprint-generate.py --cups -d /etc/avahi/services needs to be re-run every time after printers were installed (or significantly changed, e.g. name).

wget -O /usr/share/cups/mime/apple.convs --no-check-certificate https://raw.github.com/jpawlowski/airprint-generate/master/apple.convs
wget -O /usr/local/bin/airprint-generate.py --no-check-certificate https://raw.github.com/jpawlowski/airprint-generate/master/airprint-generate.py
wget -O /usr/local/bin/avahisearch.py --no-check-certificate https://raw.github.com/jpawlowski/airprint-generate/master/avahisearch.py
chmod 755 /usr/local/bin/airprint-generate.py /usr/local/bin/avahisearch.py
rm -rf /etc/avahi/services && /usr/local/bin/airprint-generate.py --cups -d /etc/avahi/services

Enable and start systemd services

systemctl enable org.cups.cupsd.service
systemctl start org.cups.cupsd.service
systemctl disable xinetd
systemctl stop xinetd
systemctl enable avahi-daemon
systemctl start avahi-daemon
systemctl enable lighttpd
systemctl start lighttpd

Optional for my personal setup

Install Canon UFRII Linux drivers

Download Linux_UFRII_PrinterDriver_V320_us_EN.tar.gz and put it to /usr/local/src. Extract and cd to Linux_UFRII_PrinterDriver*

yum -y install beecrypt
bash install.sh
@adrianzhang
Copy link

Really good document. I followed the instructions and successfully upgraded CUPS on CentOS7, than you guy!

@ColinOppenheim
Copy link

ColinOppenheim commented Apr 27, 2021

I'm curious does this container need to be privileged or in Proxmox's terms NOT unprivileged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment