====== Install Nginx ======
===== Prep =====
* These instructions are for Raspberry Pi OS based on Debian version 12 (bookworm).
* You can issue the command **cat /etc/issue.net** to confirm the version. It should say **Debian GNU/Linux 12
**.
* Make sure it is up to date.
# Get the latest package lists
sudo apt-get update
# Update the system to the latest
sudo apt-get upgrade
* Install Nginx
sudo apt-get -y install nginx
* Ensure the web server starts up and is running
sudo systemctl stop nginx.service
sudo systemctl start nginx.service
* Navigate to the IP Address of the server where you installed **Nginx** using a browser to ensure Nginx serves content e.g. http://127.0.0.1
===== Configure Nginx to interpret .php files =====
* The default install of **Nginx** does not support the serving of **.php** files.
* We will install a program (actually a service) called **php-fpm**.
* This service will listen for requests to interpret.
* Install the php-fpm service by installing the default version 8.2 of the packages
sudo apt-get -y install php-fpm
sudo systemctl enable php8.2-fpm
sudo systemctl start php8.2-fpm
===== Modify Nginx =====
* Now that the php-fpm service is installed we should change the default **Nginx** server to make use of it.
* Edit the default server file:
sudo vi /etc/nginx/sites-enabled/default
* Add //index.php// to this line:
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
* Activate PHP processing by un-commenting this this section. Note that we use the UNIX socket and we are using **8.2** and not **7.4** which is specified originally in the config file.
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
* Enable the hiding of .htaccess files
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
* Reload the **Nginx** web server's configuration
sudo systemctl reload nginx.service
* Create a test //.php// file to confirm that it does work
sudo vi /var/www/html/test.php
* Contents
* Navigate to http://127.0.0.1/test.php and see if the page display the PHP info.
===== Install MariaDB =====
==== Why MariaDB? ====
* We discovered that the version of MySQL that comes bundled by default with Debian 12 (bookworm) are breaking things on RADIUSdesk.
* For this reason we install MariaDB as an alternative.
* MariaDB is an open-source relational database management system, commonly used as an alternative for MySQL as the database portion of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack.
* It is intended to be a drop-in replacement for MySQL.
* Be sure to supply a root password for the MariaDB database when asked for it if you are security conscious else simply hit the ESC key.
sudo apt-get -y install mariadb-server php8.2-mysql
sudo systemctl enable mariadb
sudo systemctl restart mariadb
sudo systemctl status mariadb
==== Disable strict mode ====
* With Debian 12 (bookworm), the bundled release of MariaDB is at version 15.1 which introduced a few Strict modes which have some problems with RADIUSdesk database implementation.
* We will disable Strict SQL Mode in MariaDB by creating a new file /etc/mysql/conf.d/disable_strict_mode.cnf
sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf
* Enter these two lines:
[mysqld]
sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
* Save the file and restart the MySQL Server
sudo systemctl restart mariadb
===== Performance tune Nginx =====
==== Modify expiry date for certain files ====
* Edit the ///etc/nginx/sites-available/default// file:
sudo vi /etc/nginx/sites-available/default
* Add the following inside the server section:
location ~ ^/cake4/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
rewrite ^/cake4/rd_cake/webroot/(.*)$ /cake4/rd_cake/webroot/$1 break;
rewrite ^/cake4/rd_cake/(.*)$ /cake4/rd_cake/webroot/$1 break;
access_log off;
expires max;
add_header Cache-Control public;
}
* Add below only if you require backward compatibility (MESHdesk and APdesk).
location ~ ^/cake3/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
rewrite ^/cake3/rd_cake/webroot/(.*)$ /cake3/rd_cake/webroot/$1 break;
rewrite ^/cake3/rd_cake/(.*)$ /cake3/rd_cake/webroot/$1 break;
access_log off;
expires max;
add_header Cache-Control public;
}
* Reload Nginx:
sudo systemctl reload nginx.service
===== Install RADIUSdesk =====
* The first part prepared everything to install **RADIUSdesk**.
* This part will go through the steps to install the latest **RADIUSdesk**.
* RADIUSdesk consists of three components.
* **rd** directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer.
* **cake4** is a CakePHPv4 application and can be considered the engine room. Here the data is processed before being presented by the presentation layer.
* **login** is a directory with various login pages which are centrally managed through the RADIUSdesk **Dynamic Login Pages** applet.
* Later we will create various symbolic links from locations inside the rdcore directory to locations inside the web server's document root directory.
==== Required packages ====
* Make sure the following packages are installed.
sudo apt-get -y install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl php-sqlite3 git wget
sudo systemctl restart php8.2-fpm
* Check out the rdcore git repository.
cd /var/www
sudo git clone https://github.com/RADIUSdesk/rdcore.git
* This will create an rdcore directory containing some sub-folders.
* It is recommended that you also include the RD Mobile UI.
* Check out the rd_mobile git repository.
cd /var/www
sudo git clone https://github.com/RADIUSdesk/rd_mobile.git
==== Create soft links ====
* We will create soft links in the directory where Nginx will serve the RADIUSdesk contents.
cd /var/www/html
sudo ln -s ../rdcore/rd ./rd
sudo ln -s ../rdcore/cake4 ./cake4
#If backward compatibility is required for older firmware of MESHdesk
sudo ln -s ../rdcore/cake4 ./cake3
sudo ln -s ../rdcore/login ./login
sudo ln -s ../rdcore/AmpConf/build/production/AmpConf ./conf_dev
sudo ln -s ../rdcore/cake4/rd_cake/setup/scripts/reporting ./reporting
#For the RD Mobile UI
sudo ln -s ../rd_mobile/build/production/RdMobile ./rd_mobile
==== Change Ownerships ====
* Change the ownership of the following files to www-data so Nginx can make changes to the files/directories
sudo mkdir -p /var/www/html/cake4/rd_cake/logs
sudo mkdir -p /var/www/html/cake4/rd_cake/webroot/files/imagecache
sudo mkdir -p /var/www/html/cake4/rd_cake/tmp
sudo chown -R www-data: /var/www/html/cake4/rd_cake/tmp
sudo chown -R www-data: /var/www/html/cake4/rd_cake/logs
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/realms
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_details
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_photos
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/access_providers
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/hardwares
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/files/imagecache
==== The Database ====
* Make sure the timezone on the server is set to UTC (You can use **sudo raspi-config**)
* Populate the timezone data on the DB
#NOTE FAILING THIS STEP will break the RADIUS graphs
#There might be some error messages in the output which is fine - no need to be alarmed
sudo su
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql
* Create an empty database called rd
sudo su
mysql -u root
create database rd;
GRANT ALL PRIVILEGES ON rd.* to 'rd'@'127.0.0.1' IDENTIFIED BY 'rd';
GRANT ALL PRIVILEGES ON rd.* to 'rd'@'localhost' IDENTIFIED BY 'rd';
exit;
* Populate the database:
sudo mysql -u root rd < /var/www/html/cake4/rd_cake/setup/db/rd.sql
* RADIUSdesk is under active development and sometimes we add SQL patches.
* The SQL Patches are located under **/var/www/html/cake4/rd_cake/setup/db/**
* These patches are non-destructive and you can run them against the database
* See the pattern below
sudo mysql -u root rd < /var/www/rdcore/cake4/rd_cake/setup/db/8.068_add_email_sms_histories.sql
==== Configure Nginx ====
* Configure Nginx to rewrite some RdCore URLs starting with ///cake4/rd_cake//.
* Edit ///etc/nginx/sites-enabled/default//
sudo vi /etc/nginx/sites-enabled/default
* Add this once section directly below **server_name** item. (This is so that this rule is hit first for the reporting side. We do not use CakePHP for the reporting anymore due to performance issues.
server_name _;
location /cake4/rd_cake/node-reports/submit_report.json {
try_files $uri $uri/ /reporting/reporting.php;
}
* If you need backward compatibility support (MESHdesk and APdesk) also add this section:
location /cake3/rd_cake/node-reports/submit_report.json {
try_files $uri $uri/ /reporting/reporting.php;
}
* Add the following configuration block inside the server section (This you can add towards the end):
location /cake4/rd_cake {
rewrite ^/cake4/rd_cake(.+)$ /cake4/rd_cake/webroot$1 break;
try_files $uri $uri/ /cake4/rd_cake/index.php$is_args$args;
}
* If you need backward compatibility support (MESHdesk and APdesk) also add this section:
location /cake3/rd_cake {
rewrite ^/cake3/rd_cake(.+)$ /cake3/rd_cake/webroot$1 break;
try_files $uri $uri/ /cake3/rd_cake/index.php$is_args$args;
}
* Reload the Nginx:
sudo systemctl reload nginx
==== Important URLs ====
* The following URLs are important to reach the UI
* To load the optimized UI, go to http://127.0.0.1/rd/build/production/Rd/
* If you want to serve the content directly out of the webroot, do the following:
sudo cp -R /var/www/html/rd/build/production/Rd/* /var/www/html/
* To load the RD Mobile UI, go to http://127.0.0.1/rd_mobile
=== Login Credentials ===
* By default you can log in with the following credentials
Username: **root** Password: **admin**
===== Cron Scripts =====
* RADIUSdesk requires a few scripts to run periodically in order to maintain a healthy and working system.
* To activate the cron scripts execute the following command, which will add RADIUSdesk's crons scripts to the Cron system
sudo cp /var/www/html/cake4/rd_cake/setup/cron/cron4 /etc/cron.d/
* If you want to change the default intervals at which the scripts get executed, just edit the /etc/cron.d/cron4 file.
===== Add LETSENCRYPT certificate =====
* Rather than repeating existing documentation we will just add a URL with the instructions to do it.
* You might want to run the following first before going to the instructions in the URL
sudo apt-get update
sudo apt-get -y install software-properties-common
* https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-11
===== Next steps =====
* Be sure to also install FreeRADIUS