Installation of RADIUSdesk on Ubuntu 24.04 with Nginx
Skills required for the installation
To install RADIUSdesk, you need sufficient knowledge and experience with Linux:
- Installing the Linux operating system.
- Editing text files via the terminal with a text editor such as Vi or Nano.
- Installing packages from a repository.
- You must be familiar with how TCP/IP networks work.
Background
- Nginx is a web server that seems to have overtaken Apache in terms of popularity and number of active websites on the Internet.
- It is new, lightweight, fast, highly scalable and capable of handling a large load without overloading your system.
- Nginx is the new Apache so to speak.
- This section describes the steps you need to take to get RADIUSdesk up and running with a LEMP stack on Ubuntu 24.04
- A LEMP stack is one of those acronyms you can use to impress your friends. It stands for Linux NginX MySQL and PHP.
What we need
- A standard Nginx installation on Ubuntu is actually very simple.
- The more complicated part is customizing Nginx for the following tasks:
Requirement | Comment |
---|---|
Interpreting PHP scripts | We want the web server to call the PHP interpreter when a page with the .php extension is requested. |
Accessing MySQL functions from PHP | Since we are setting up a LEMP server, we need to install a MySQL server and access it from PHP. We will install MariaDB, which is a direct replacement for MySQL. |
Change the expiration date of the HTTP headers to encourage caching. | We want files that do not change (e.g. CSS or images) to be cached on the client side to make the experience more pleasant for the client |
Compress the text before it is sent to the client. | We can compress the text that flows between the client and the server and in this way reduce the number of bytes transmitted over the wire, which in turn should provide a more pleasant experience for the client |
Enable rewrite rules in CakePHP for pretty URLs | CakePHP uses the .htaccess files in Apache to enable pretty URLs. Since Nginx does not support .htaccess files, we need to modify Nginx to behave the same way. |
HOWTO
- Please note that the behavior of the shell has changed in Ubuntu 24.04.
- It seems that it does NOT execute the multi-line insertion of commands.
- So unfortunately you have to copy these commands line by line.
Adding a sudo user
- We assume that you have a clean installation of Ubuntu 24.04 WITHOUT Apache installed.
- If you have not yet added a sudo user add one now.
# Add the system user sudo adduser system sudo usermod -aG sudo system # Update the system to the latest sudo apt-get upgrade
Introduction to network technology under Ubuntu 24.04
- If you do not yet have a working network configuration on the server on which you want to perform the installation, use this section as a reference, otherwise simply continue with the next section.
- Since there is a big difference between Ubuntu 16.04 and Ubuntu 24.04, we believe this section will help those who need to get used to the new way of working.
- We assume that you have a bare VM (like the one from https://www.osboxes.org/ubuntu-server/ )
- We also assume that you have used it to create a VM in Virtualbox and now only see the local loopback interface (127.0.0.1) when you enter the ip a command.
- To see which interfaces are available (even if some are not yet configured)
ip a
- On my system, three interfaces are shown as I plan to use the VM as a router as well, with Coova Chili running on the one interface. So we have lo, enp0s3 and enp0s8.
- At the moment I will only configure these two interfaces as DHCP clients.
sudo vi /etc/netplan/50-cloud-init.yaml
- We edit the file so that it looks like this (adapt it to the interfaces of your system)
# This file is generated from the information provided by # the data source. Changes to it do not persist across an instance. # To disable the network configuration functions of cloud-init, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following content: # network: {config: disabled} network: version: 2 ethernets: enp0s3: addresses: [] dhcp4: true optional: true enp0s8: addresses: [] dhcp4: true optional: true
- Apply the network configuration with the command:
sudo netplan --debug apply
- If everything went well, our VM now has an IP address (via DHCP) that we can use.
ip addr #Feedback contains 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 08:00:27:fe:57:09 brd ff:ff:ff:ff:ff:ff inet 192.168.1.111/24 brd 192.168.1.255 scope global dynamic enp0s3 valid_lft 255675sec preferred_lft 255675sec inet6 fe80::a00:27ff:fefe:5709/64 scope link valid_lft forever preferred_lft forever 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 08:00:27:8c:d3:32 brd ff:ff:ff:ff:ff:ff inet6 fe80::a00:27ff:fe8c:d332/64 scope link valid_lft forever preferred_lft forever
- Now that we have set up a working network on our computer, we can continue.
Install Nginx
- We assume that you have installed a clean installation of Ubuntu 24.04 WITHOUT Apache.
- To remove Apache
sudo systemctl stop apache2.service sudo apt-get -y remove apache2
- Make sure that it is up to date.
# Get the latest package lists sudo apt-get update # Update the system to the latest sudo apt-get upgrade
- Make sure that the English language pack is installed
sudo apt-get -y install language-pack-en-base
- Install Nginx
sudo apt-get -y install nginx
- Make sure that the web server is started and running
sudo systemctl stop nginx.service sudo systemctl start nginx.service
- Using a browser, navigate to the IP address of the server on which you have installed Nginx to ensure that Nginx is providing content, e.g. http://127.0.0.1
Configure Nginx to interpret .php files
php-fpm
- The default installation of Nginx does not support serving .php files.
- We will install a program (actually a service) called php-fpm.
- This service waits for requests for interpretation.
- Install the php-fpm service by installing the default version 8.3 of the packages
sudo apt-get -y install php-fpm sudo systemctl enable php8.3-fpm sudo systemctl start php8.3-fpm
Change Nginx
- Now that the php-fpm service is installed, we need to modify the default Nginx server to use it.
- Edit the default server file:
sudo vi /etc/nginx/sites-enabled/default
- Add index.php to this line:
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
- Enable PHP processing by leaving this section uncommented. Note that we are using the UNIX socket and that we are using 8.3 and not 7.4, which was originally specified in the configuration file.
# Pass PHP scripts to FastCGI server # location ~ \.php$ { include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; }
- Activate the hiding of .htaccess files.
# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; }
- Reload the configuration of the Nginx web server
sudo systemctl reload nginx.service
- Create a test .php file to confirm that it works.
sudo vi /var/www/html/test.php
- Content:
<?php phpinfo(); ?>
- Navigate to http://127.0.0.1/test.php and check that the page displays the PHP information.
Install MariaDB
Why MariaDB?
- We have found that the version of MySQL that is comes by default with Ubuntu 24.04 causes problems with RADIUSdesk.
- For this reason, we have installed MariaDB as an alternative.
- MariaDB is an open-source relational database management system that is often used as an alternative to MySQL as the database part of the popular LAMP stack (Linux, Apache, MySQL, PHP/Python/Perl).
- It is intended as an immediate replacement for MySQL.
- Be sure to provide a root password for the MariaDB database when prompted if you are security conscious, otherwise just hit the ESC key.
sudo apt-get -y install mariadb-server php8.3-mysql sudo systemctl enable mariadb sudo systemctl restart mariadb sudo systemctl status mariadb
Deactivate strict mode
- On Ubuntu 24.04, the bundled version of MariaDB is on version 10.3, which has introduced some strict modes that have some issues with the RADIUSdesk database implementation.
- We will disable the strict SQL mode in MariaDB by creating a new file /etc/mysql/conf.d/disable_strict_mode.cnf
sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf
- Enter these two lines:
[mysqld] sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
- Save the file.
Enable the Event Scheduler
- MariaDB and MySQL has a built in Event Scheduler (like CRON for a database) which is disabled by default.
- We make use of this feature to automatically optimize some of the database tables.
- We will enable the Event Scheduler in MariaDB by creating a new file /etc/mysql/conf.d/enable_event_scheduler.cnf
sudo vi /etc/mysql/conf.d/enable_event_scheduler.cnf
- Enter these two lines:
[mysqld] event_scheduler=on
- Save the file.
- Restart the MySQL server
sudo systemctl restart mariadb
- You can confirm that it is now enabled by checking the following from the SQL terminal:
sudo mysql -u root MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE 'event_scheduler'; +-----------------+-------+ | Variable_name | Value | +-----------------+-------+ | event_scheduler | ON | +-----------------+-------+ 1 row in set (0.001 sec)
Performance tuning for Nginx
Change the expiry date for certain files
- Edit the file /etc/nginx/sites-available/default file:
sudo vi /etc/nginx/sites-available/default
- Add the following within the server section:
location ~ ^/cake4/.+\.(jpg|jpeg|gif|png|ico|js|css)$ { rewrite ^/cake4/rd_cake/webroot/(.*)$ /cake4/rd_cake/webroot/$1 break; rewrite ^/cake4/rd_cake/(.*)$ /cake4/rd_cake/webroot/$1 break; access_log off; expires max; add_header Cache-Control public; }
- Reload Nginx:
sudo systemctl reload nginx.service
Install RADIUSdesk
- In the first part, everything was prepared for the installation of RADIUSdesk.
- This part explains the steps for installing the latest RADIUSdesk.
- RADIUSdesk consists of three components.
- rd directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer.
- cake4 is a CakePHPv4 application and can be considered the engine room. This is where the data is processed before it is displayed by the presentation layer.
- login is a directory with various login pages that are managed centrally via the RADIUSdesk Dynamic Login Pages applet.
- Later we will create various symbolic links from locations within the rdcore directory to locations within the document root directory of the web server.
Required packages
- Make sure that the following packages are installed.
sudo apt-get -y install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl php-sqlite3 git wget sudo systemctl restart php8.3-fpm
- Check out the rdcore git repository.
cd /var/www sudo git clone https://github.com/RADIUSdesk/rdcore.git
- This will create an rdcore directory containing some subfolders.
- It is recommended that you also include the RD Mobile UI.
- Check out the rd_mobile git repository.
cd /var/www sudo git clone https://github.com/RADIUSdesk/rd_mobile.git
Create soft links
- We will create softlinks in the directory where Nginx provides the RADIUSdesk content.
cd /var/www/html sudo ln -s ../rdcore/rd ./rd sudo ln -s ../rdcore/cake4 ./cake4 sudo ln -s ../rdcore/login ./login sudo ln -s ../rdcore/AmpConf/build/production/AmpConf ./conf_dev sudo ln -s ../rdcore/cake4/rd_cake/setup/scripts/reporting ./reporting #For the RD Mobile UI sudo ln -s ../rd_mobile/build/production/RdMobile ./rd_mobile
Change ownership
- Change the ownership of the following files to www-data so that Nginx can make changes to the files/directories
sudo mkdir -p /var/www/html/cake4/rd_cake/logs sudo mkdir -p /var/www/html/cake4/rd_cake/webroot/files/imagecache sudo mkdir -p /var/www/html/cake4/rd_cake/tmp sudo chown -R www-data:www-data /var/www/html/cake4/rd_cake/tmp sudo chown -R www-data:www-data /var/www/html/cake4/rd_cake/logs sudo chown -R www-data:www-data /var/www/html/cake4/rd_cake/webroot/img/realms sudo chown -R www-data:www-data /var/www/html/cake4/rd_cake/webroot/img/dynamic_details sudo chown -R www-data:www-data /var/www/html/cake4/rd_cake/webroot/img/dynamic_photos sudo chown -R www-data:www-data /var/www/html/cake4/rd_cake/webroot/img/access_providers sudo chown -R www-data:www-data /var/www/html/cake4/rd_cake/webroot/img/hardwares sudo chown -R www-data:www-data /var/www/html/cake4/rd_cake/webroot/files/imagecache
The database
- Make sure that the time zone on the server is set to UTC
- Fill the time zone data in the DB
#NOTE FAILING TO DO THIS STEP will break the RADIUS graphs #Some error messages may appear in the output, which is not a problem - no need to worry sudo su mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql
- Create an empty database called rd
sudo su mysql -u root create database rd; GRANT ALL PRIVILEGES ON rd.* to 'rd'@'127.0.0.1' IDENTIFIED BY 'rd'; GRANT ALL PRIVILEGES ON rd.* to 'rd'@'localhost' IDENTIFIED BY 'rd'; exit;
- Populate the database:
sudo mysql -u root rd < /var/www/html/cake4/rd_cake/setup/db/rd.sql
- RADIUSdesk is under active development and sometimes we add SQL patches.
- The SQL patches are located under /var/www/html/cake4/rd_cake/setup/db/.
- These patches are non-destructive and you can run them against the database
- See the example below
sudo mysql -u root rd < /var/www/rdcore/cake4/rd_cake/setup/db/8.068_add_email_sms_histories.sql
* Some of these patches may add new columns to existing database tables. In this case, it is recommended to clear the CakePHP models (tables) cache to ensure that the latest changes are also applied there:
sudo su cd /var/www/rdcore/cake4/rd_cake/tmp/cache/models rm * exit
Configure Nginx
- Configure Nginx to rewrite some RdCore URLs that start with /cake4/rd_cake.
- Edit /etc/nginx/sites-enabled/default
sudo vi /etc/nginx/sites-enabled/default
- Insert this section directly under the server_name entry. (This is so that this rule is hit first for the reporting side. Due to performance issues, we no longer use CakePHP for reporting.
server_name _; location /cake4/rd_cake/node-reports/submit_report.json { try_files $uri $uri/ /reporting/reporting.php; }
- Insert the following configuration block into the server section (you can add this towards the end):
location /cake4/rd_cake { rewrite ^/cake4/rd_cake(.+)$ /cake4/rd_cake/webroot$1 break; try_files $uri $uri/ /cake4/rd_cake/index.php$is_args$args; }
- Reload the Nginx:
sudo systemctl reload nginx
Important URLs
- The following URLs are important to reach the user interface
- To load the optimized user interface, go to http://127.0.0.1/rd/build/production/Rd/
- If you want to deliver the content directly from the webroot, proceed as follows:
sudo cp -R /var/www/html/rd/build/production/Rd/* /var/www/html/
- To load the RD Mobile UI, go to http://127.0.0.1/rd_mobile
Login credentials
- By default you can log in with the following credentials
Username: root Password: admin
Cron scripts
- RADIUSdesk requires some scripts that are executed at regular intervals to maintain a healthy and functioning system.
- To activate the cron scripts, execute the following command, which adds the RADIUSdesk cron scripts to the cron system
sudo cp /var/www/html/cake4/rd_cake/setup/cron/cron4 /etc/cron.d/
- If you want to change the default intervals at which the scripts are executed, simply edit the file /etc/cron.d/cron3.
Add LETSENCRYPT certificate
Since Ubuntu 24.04 has not yet been released, we will use the instructions for 22.04, which should work just as well
- Instead of repeating the existing documentation, we simply add a URL with the corresponding instructions
- Before you follow the instructions in the URL, you should first do the following
sudo apt-get update sudo apt-get -y install software-properties-common
Next steps
- Make sure that you also install FreeRADIUS.