====== Installing RADIUSdesk on Ubuntu 18.04 using Nginx ======
===== Background =====
* **Nginx** is a web server that seems to have overtaken Apache in terms of popularity and number of active sites on the Internet today.
* It is fresh, lightweight, fast, scales well and is able to take a lot of load without overwhelming your system.
* **Nginx** is the new Apache so to speak.
* This section will cover the steps you have to go through to get RADIUSdesk working with a **LEMP** stack on Ubuntu 18.04
* * A LEMP stack is one of those acronyms you can impress your friends with. It stands for Linux NginX MySQL and PHP.
-----------
===== What do we require =====
* A standard **Nginx** install on Ubuntu is actually very simple.
* The part that is more involved is to tweak **Nginx** to do the following:
^ Requirement ^ Comment ^
| Interpret PHP Scripts | We would like the web server to call the PHP interpreter when a page ending with .php is requested. |
| Be able to have access to the MySQL functions of PHP | Since we set up a LEMP server, we need to have a MySQL server installed and accessible from PHP. |
| Modify the expiry date of http headers to encourage caching | We want files that does not change (e.g. css or images) to be cached on the client's side to make the client's experience more pleasant |
| Compress text before they are served to the client | We can compress the text that flows between the client and the server and in this way reduce the //over the line// bytes which in turn should also give the client a more pleasant experience |
| Enable rewrite rules in CakePHP for pretty URL's | CakePHP makes use of the .htaccess files in Apache to enable pretty URLs. Since Nginx does not support .htaccess files, we need to change Nginx to behave in the same way. |
--------
===== HOWTO =====
==== Networking Introduction on Ubuntu 18.04 ====
* If you do not yet have a working network configuration on the server you plan to do the installation on, please use this section as reference, else just proceed to the next section.
* Since there is such a huge difference between the way of doing things in Ubuntu 16.04 and Ubuntu 18.04 we felt that adding this section will help those who are getting used to this newer way of doing things.
* For this we assume you have a bare VM (like the ones from https://www.osboxes.org/ubuntu-server/ )
* We also assume you used this to create a VM in Virtualbox and are now faced with only the local loopback interface (127.0.0.1) when issuing the **ifconfig** command.
* To see which interfaces are available (yet some might just not yet be configured)
ip a
* On my system it lists three since I plan to use the VM also as a router with Coova Chilli running on the one interface. So we have **lo**, **enp0s3** and **enp0s8**.
* For now I will just configure both of those interfaces to be DHCP clients.
sudo vi /etc/netplan/50-cloud-init.yaml
* We edit the file to look like this (adapt to fit your system's interfaces)
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
ethernets:
enp0s3:
addresses: []
dhcp4: true
optional: true
enp0s8:
addresses: []
dhcp4: true
optional: true
* Apply the network configuration using command:
sudo netplan --debug apply
* If all went well our VM will now have an IP Address (via DHCP) which we can use.
ip addr
#Feedback contains
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:fe:57:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.111/24 brd 192.168.1.255 scope global dynamic enp0s3
valid_lft 255675sec preferred_lft 255675sec
inet6 fe80::a00:27ff:fefe:5709/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:8c:d3:32 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe8c:d332/64 scope link
valid_lft forever preferred_lft forever
* Now that we have a working network setup on our machine we can continue.
==== Install Nginx ====
* We assume you have a clean install of Ubuntu 18.04 **WITHOUT** Apache installed.
* To remove Apache
sudo systemctl stop apache2.service
sudo apt-get remove apache2
* Make sure it is up to date.
# Get the latest package lists
sudo apt-get update
# Update the system to the latest
sudo apt-get upgrade
* Ensure the English language pack is installed
sudo apt-get install language-pack-en-base
* Install Nginx
sudo apt-get install nginx
* Ensure the web server starts up and is running
sudo systemctl stop nginx.service
sudo systemctl start nginx.service
* Navigate to the IP Address of the server where you installed **Nginx** using a browser to ensure Nginx serves content e.g. http://127.0.0.1
* The default directory where Nginx serves its content from on Ubuntu is ///var/www/html//.
* Since RADIUSdesk has been developed over a couple of years, it was traditionally served by Nginx from the ///usr/share/nginx/html// directory. (This was on Ubunut 14.04).
* Edit the default server file:
sudo vi /etc/nginx/sites-enabled/default
* Change the value of root:
#root /var/www/html;
root /usr/share/nginx/html;
==== Configure Nginx to interpret .php files ====
=== php-fpm ===
* The default install of **Nginx** does not support the serving of **.php** files.
* We will install a program (actually a service) called **php-fpm**.
* This service will listen for requests to interpret.
* Install the php-fpm service:
sudo apt-get install php-fpm
sudo systemctl enable php7.2-fpm
sudo systemctl start php7.2-fpm
==== Modify Nginx ====
* Now that the php-fpm service is installed we should change the default **Nginx** server to make use of it.
* Edit the default server file:
sudo vi /etc/nginx/sites-enabled/default
* Add //index.php// to this line:
#add index.php
index index.php index.html index.htm;
* Activate PHP precessing by uncommenting this this section. Note that we use the UNIX socket:
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# ===HEADS-UP We use 7.2 and NOT 7.0 as commented out ===
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
* Enable the hiding of .htaccess files
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
* Reload the **Nginx** web server's configuration
sudo systemctl reload nginx.service
* Create a test //.php// file to confirm that it does work
sudo vi /usr/share/nginx/html/test.php
* Contents:
* Navigate to http://127.0.0.1/test.php and see if the page display the PHP info.
-----------
==== Install MySQL ====
* Be sure to supply a root password for the MySQL database when asked for it if you are security conscious else simply hit the ESC key.
sudo apt-get install mysql-server php-mysql
sudo systemctl enable mysql
=== Disable strict mode ===
* With the 18.04 release of MySQL there were some changes to the MySQL configuration which causes problems on the current RADIUSdesk database implementation.
* We will disable Strict SQL Mode in MySQL 5.7.
sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf
* Enter these two lines:
[mysqld]
sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
* Save the file and restart the MySQL service
sudo systemctl restart mysql.service
-----
==== Performance tune Nginx ====
=== Modify expiry date for certain files ===
* Edit the ///etc/nginx/sites-available/default// file:
sudo vi /etc/nginx/sites-available/default
* Add the following inside the server section:
location ~ ^/cake2/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
rewrite ^/cake2/rd_cake/webroot/(.*)$ /cake2/rd_cake/webroot/$1 break;
rewrite ^/cake2/rd_cake/(.*)$ /cake2/rd_cake/webroot/$1 break;
access_log off;
expires max;
add_header Cache-Control public;
}
location ~ ^/cake3/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
rewrite ^/cake3/rd_cake/webroot/(.*)$ /cake3/rd_cake/webroot/$1 break;
rewrite ^/cake3/rd_cake/(.*)$ /cake3/rd_cake/webroot/$1 break;
access_log off;
expires max;
add_header Cache-Control public;
}
* Reload Nginx:
sudo systemctl reload nginx.service
----------
==== Install RADIUSdesk ====
* The first part prepared everything to install **RADIUSdesk**. This part will go through the steps to install the latest RADIUSdesk.
* RADIUSdesk consists of three components.
* **rd** directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer.
* **rd_cake** is a CakePHP application and can be considered the engine room. Here the data is processed before being presented by the presentation layer. **(We currently use one CakePHP v2 and one CakePHP v3 application in order to migrate from CakePHP v2 to CakePHP v3)**
* **login** is a directory with various login pages which are centrally managed through the RADIUSdesk **Dynamic Login Pages** applet. Although this is optional, it is used by most installs.
* We will use SVN (subversion) to check out the latest version (trunk) of RADIUSdesk.
=== Install CakePHP ===
== Required packages ==
* Make sure the following packages are installed:
sudo apt-get install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl
== Install CakePHP v2 ==
* Download the 2.x version of CakePHP (Version 2.10.19 as of this writing). https://github.com/cakephp/cakephp/tags
* There are two formats to choose from when selecting to download, Zip or Tar.gz. Select Tar.gz.
* Copy and extract it inside the directory that Nginx is serving its content from (/usr/share/nginx/html)
sudo cp 2.10.19.tar.gz /usr/share/nginx/html
cd /usr/share/nginx/html
sudo tar -xzvf 2.10.19.tar.gz
sudo ln -s ./cakephp-2.10.19 ./cake2
* Reload php7.2-fpm
sudo systemctl reload php7.2-fpm.service
== Install the RADIUSdesk CakePHP v2 Application ==
* Install subversion in order for you to check out the latest source for RADIUSdesk.
sudo apt-get install subversion
* Check out the rd_cake branch from trunk to /usr/share/nginx/html.
cd /usr/share/nginx/html/cake2
sudo svn checkout svn://dvdwalt@svn.code.sf.net/p/radiusdesk/code/trunk/rd_cake ./rd_cake
* Change the following directories to be writable by www-data:
sudo chown -R www-data. /usr/share/nginx/html/cake2/rd_cake/tmp
sudo chown -R www-data. /usr/share/nginx/html/cake2/rd_cake/Locale
sudo chown -R www-data. /usr/share/nginx/html/cake2/rd_cake/webroot/img/flags
sudo chown -R www-data. /usr/share/nginx/html/cake2/rd_cake/webroot/img/nas
sudo chown -R www-data. /usr/share/nginx/html/cake2/rd_cake/webroot/img/realms
sudo chown -R www-data. /usr/share/nginx/html/cake2/rd_cake/webroot/img/dynamic_details
sudo chown -R www-data. /usr/share/nginx/html/cake2/rd_cake/webroot/img/dynamic_photos
sudo chown -R www-data. /usr/share/nginx/html/cake2/rd_cake/webroot/files/imagecache
== Install the RADIUSdesk CakePHP v3 Application ==
* Check out the cake3 branch from trunk to /usr/share/nginx/html.
cd /usr/share/nginx/html/
sudo svn checkout svn://dvdwalt@svn.code.sf.net/p/radiusdesk/code/trunk/cake3 ./cake3
* Change the following directories to be writable by www-data:
sudo chown -R www-data. /usr/share/nginx/html/cake3/rd_cake/tmp
sudo chown -R www-data. /usr/share/nginx/html/cake3/rd_cake/logs
sudo chown -R www-data. /usr/share/nginx/html/cake3/rd_cake/webroot/img/realms
sudo chown -R www-data. /usr/share/nginx/html/cake3/rd_cake/webroot/img/dynamic_details
sudo chown -R www-data. /usr/share/nginx/html/cake3/rd_cake/webroot/img/dynamic_photos
sudo chown -R www-data. /usr/share/nginx/html/cake3/rd_cake/webroot/img/access_providers
sudo chown -R www-data. /usr/share/nginx/html/cake3/rd_cake/webroot/files/imagecache
=== The Database ===
* Create the following blank database:
sudo su
mysql -u root
create database rd;
GRANT ALL PRIVILEGES ON rd.* to 'rd'@'127.0.0.1' IDENTIFIED BY 'rd';
GRANT ALL PRIVILEGES ON rd.* to 'rd'@'localhost' IDENTIFIED BY 'rd';
exit;
* Populate the database (trunk):
sudo mysql -u root rd < /usr/share/nginx/html/cake3/rd_cake/setup/db/rd.sql
=== Configure Nginx ===
* Since CakePHP uses rewrite rules, we have to configure Nginx in such a way as to allow rewriting of the URL's that starts with /cake2/rd_cake or with /cake3/rd_cake.
* Edit ///etc/nginx/sites-enabled/default//
sudo vi /etc/nginx/sites-enabled/default
* Add the following section inside the server section:
location /cake2/rd_cake {
rewrite ^/cake2/rd_cake/(.*)$ /cake2/rd_cake/webroot/$1 break;
try_files $uri $uri/ /cake2/rd_cake/webroot/index.php?q=$uri&$args;
}
location /cake3/rd_cake {
rewrite ^/cake3/rd_cake(.+)$ /cake3/rd_cake/webroot$1 break;
try_files $uri $uri/ /cake3/rd_cake/index.php$is_args$args;
}
* Reload the Nginx web server:
sudo systemctl reload nginx.service
* Congratulations you are almost there. Next we will install the viewer component
-----
==== Viewer component ====
* Check out the latest code of the viewer component under the /usr/share/nginx/html/ directory:
cd /usr/share/nginx/html/
sudo svn checkout svn://dvdwalt@svn.code.sf.net/p/radiusdesk/code/trunk/rd ./rd
* For the viewer component you need the ExtJS toolkit. We've added version 6.2.0 to the SVN repository for easy download :-)
* Checkout and unzip the GPL version under the /usr/share/nginx/html/rd directory. **NOTE**: This is a single big file which will take some time to download over slow connections.
cd /usr/share/nginx/html/
sudo svn checkout svn://svn.code.sf.net/p/radiusdesk/code/extjs ./
sudo mv ext-6-2-sencha_cmd.tar.gz ./rd
cd /usr/share/nginx/html/rd
sudo tar -xzvf ext-6-2-sencha_cmd.tar.gz
* Now try to log in on the following URL with username **root** and password **admin**: http://127.0.0.1/rd/build/production/Rd/index.html
* Alternatively //(also if you do not have Internet Access on the machine)// use this URL which is a bit slower: http://127.0.0.1/rd/index.html?cache
---------------------------
===== Cron Scripts =====
* **RADIUSdesk** requires a few scripts to run periodically in order to maintain a healthy and working system.
* To activate the cron scripts execute the following command, which will add **RADIUSdesk**'s crons scripts to the Cron system
sudo cp /usr/share/nginx/html/cake2/rd_cake/Setup/Cron/rd /etc/cron.d/
* If you want to change the default intervals at which the scripts get executed, just edit the /etc/cron.d/rd file.
===== Next steps =====
* Be sure to also install **FreeRADIUS** and **Node.js**,
* [[Getting Started:18_install_ubuntu_freeradius_3|Install FreeRADIUS]]
* [[getting_started:18_install_ubuntu_node_js|Install node.js]]