====== Install Nginx ====== ===== Prep ===== * These instructions are for Raspberry Pi OS based on Debian version 12 (bookworm). * You can issue the command **cat /etc/issue.net** to confirm the version. It should say **Debian GNU/Linux 12 **. * Make sure it is up to date. # Get the latest package lists sudo apt-get update # Update the system to the latest sudo apt-get upgrade * Install Nginx sudo apt-get -y install nginx * Ensure the web server starts up and is running sudo systemctl stop nginx.service sudo systemctl start nginx.service * Navigate to the IP Address of the server where you installed **Nginx** using a browser to ensure Nginx serves content e.g. http://127.0.0.1 ===== Configure Nginx to interpret .php files ===== * The default install of **Nginx** does not support the serving of **.php** files. * We will install a program (actually a service) called **php-fpm**. * This service will listen for requests to interpret. * Install the php-fpm service by installing the default version 8.2 of the packages sudo apt-get -y install php-fpm sudo systemctl enable php8.2-fpm sudo systemctl start php8.2-fpm ===== Modify Nginx ===== * Now that the php-fpm service is installed we should change the default **Nginx** server to make use of it. * Edit the default server file: sudo vi /etc/nginx/sites-enabled/default * Add //index.php// to this line: # Add index.php to the list if you are using PHP index index.php index.html index.htm index.nginx-debian.html; * Activate PHP processing by un-commenting this this section. Note that we use the UNIX socket and we are using **8.2** and not **7.4** which is specified originally in the config file. # pass PHP scripts to FastCGI server # location ~ \.php$ { include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; } * Enable the hiding of .htaccess files # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } * Reload the **Nginx** web server's configuration sudo systemctl reload nginx.service * Create a test //.php// file to confirm that it does work sudo vi /var/www/html/test.php * Contents * Navigate to http://127.0.0.1/test.php and see if the page display the PHP info. ===== Install MariaDB ===== ==== Why MariaDB? ==== * We discovered that the version of MySQL that comes bundled by default with Debian 12 (bookworm) are breaking things on RADIUSdesk. * For this reason we install MariaDB as an alternative. * MariaDB is an open-source relational database management system, commonly used as an alternative for MySQL as the database portion of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack. * It is intended to be a drop-in replacement for MySQL. * Be sure to supply a root password for the MariaDB database when asked for it if you are security conscious else simply hit the ESC key. sudo apt-get -y install mariadb-server php8.2-mysql sudo systemctl enable mariadb sudo systemctl restart mariadb sudo systemctl status mariadb ==== Disable strict mode ==== * With Debian 12 (bookworm), the bundled release of MariaDB is at version 15.1 which introduced a few Strict modes which have some problems with RADIUSdesk database implementation. * We will disable Strict SQL Mode in MariaDB by creating a new file /etc/mysql/conf.d/disable_strict_mode.cnf sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf * Enter these two lines: [mysqld] sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION * Save the file and restart the MySQL Server sudo systemctl restart mariadb ===== Performance tune Nginx ===== ==== Modify expiry date for certain files ==== * Edit the ///etc/nginx/sites-available/default// file: sudo vi /etc/nginx/sites-available/default * Add the following inside the server section: location ~ ^/cake4/.+\.(jpg|jpeg|gif|png|ico|js|css)$ { rewrite ^/cake4/rd_cake/webroot/(.*)$ /cake4/rd_cake/webroot/$1 break; rewrite ^/cake4/rd_cake/(.*)$ /cake4/rd_cake/webroot/$1 break; access_log off; expires max; add_header Cache-Control public; } * Add below only if you require backward compatibility (MESHdesk and APdesk). location ~ ^/cake3/.+\.(jpg|jpeg|gif|png|ico|js|css)$ { rewrite ^/cake3/rd_cake/webroot/(.*)$ /cake3/rd_cake/webroot/$1 break; rewrite ^/cake3/rd_cake/(.*)$ /cake3/rd_cake/webroot/$1 break; access_log off; expires max; add_header Cache-Control public; } * Reload Nginx: sudo systemctl reload nginx.service ===== Install RADIUSdesk ===== * The first part prepared everything to install **RADIUSdesk**. * This part will go through the steps to install the latest **RADIUSdesk**. * RADIUSdesk consists of three components. * **rd** directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer. * **cake4** is a CakePHPv4 application and can be considered the engine room. Here the data is processed before being presented by the presentation layer. * **login** is a directory with various login pages which are centrally managed through the RADIUSdesk **Dynamic Login Pages** applet. * Later we will create various symbolic links from locations inside the rdcore directory to locations inside the web server's document root directory. ==== Required packages ==== * Make sure the following packages are installed. sudo apt-get -y install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl php-sqlite3 git wget sudo systemctl restart php8.2-fpm * Check out the rdcore git repository. cd /var/www sudo git clone https://github.com/RADIUSdesk/rdcore.git * This will create an rdcore directory containing some sub-folders. * It is recommended that you also include the RD Mobile UI. * Check out the rd_mobile git repository. cd /var/www sudo git clone https://github.com/RADIUSdesk/rd_mobile.git ==== Create soft links ==== * We will create soft links in the directory where Nginx will serve the RADIUSdesk contents. cd /var/www/html sudo ln -s ../rdcore/rd ./rd sudo ln -s ../rdcore/cake4 ./cake4 #If backward compatibility is required for older firmware of MESHdesk sudo ln -s ../rdcore/cake4 ./cake3 sudo ln -s ../rdcore/login ./login sudo ln -s ../rdcore/AmpConf/build/production/AmpConf ./conf_dev sudo ln -s ../rdcore/cake4/rd_cake/setup/scripts/reporting ./reporting #For the RD Mobile UI sudo ln -s ../rd_mobile/build/production/RdMobile ./rd_mobile ==== Change Ownerships ==== * Change the ownership of the following files to www-data so Nginx can make changes to the files/directories sudo mkdir -p /var/www/html/cake4/rd_cake/logs sudo mkdir -p /var/www/html/cake4/rd_cake/webroot/files/imagecache sudo mkdir -p /var/www/html/cake4/rd_cake/tmp sudo chown -R www-data: /var/www/html/cake4/rd_cake/tmp sudo chown -R www-data: /var/www/html/cake4/rd_cake/logs sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/realms sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_details sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_photos sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/access_providers sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/hardwares sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/files/imagecache ==== The Database ==== * Make sure the timezone on the server is set to UTC (You can use **sudo raspi-config**) * Populate the timezone data on the DB #NOTE FAILING THIS STEP will break the RADIUS graphs #There might be some error messages in the output which is fine - no need to be alarmed sudo su mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql * Create an empty database called rd sudo su mysql -u root create database rd; GRANT ALL PRIVILEGES ON rd.* to 'rd'@'127.0.0.1' IDENTIFIED BY 'rd'; GRANT ALL PRIVILEGES ON rd.* to 'rd'@'localhost' IDENTIFIED BY 'rd'; exit; * Populate the database: sudo mysql -u root rd < /var/www/html/cake4/rd_cake/setup/db/rd.sql * RADIUSdesk is under active development and sometimes we add SQL patches. * The SQL Patches are located under **/var/www/html/cake4/rd_cake/setup/db/** * These patches are non-destructive and you can run them against the database * See the pattern below sudo mysql -u root rd < /var/www/rdcore/cake4/rd_cake/setup/db/8.068_add_email_sms_histories.sql ==== Configure Nginx ==== * Configure Nginx to rewrite some RdCore URLs starting with ///cake4/rd_cake//. * Edit ///etc/nginx/sites-enabled/default// sudo vi /etc/nginx/sites-enabled/default * Add this once section directly below **server_name** item. (This is so that this rule is hit first for the reporting side. We do not use CakePHP for the reporting anymore due to performance issues. server_name _; location /cake4/rd_cake/node-reports/submit_report.json { try_files $uri $uri/ /reporting/reporting.php; } * If you need backward compatibility support (MESHdesk and APdesk) also add this section: location /cake3/rd_cake/node-reports/submit_report.json { try_files $uri $uri/ /reporting/reporting.php; } * Add the following configuration block inside the server section (This you can add towards the end): location /cake4/rd_cake { rewrite ^/cake4/rd_cake(.+)$ /cake4/rd_cake/webroot$1 break; try_files $uri $uri/ /cake4/rd_cake/index.php$is_args$args; } * If you need backward compatibility support (MESHdesk and APdesk) also add this section: location /cake3/rd_cake { rewrite ^/cake3/rd_cake(.+)$ /cake3/rd_cake/webroot$1 break; try_files $uri $uri/ /cake3/rd_cake/index.php$is_args$args; } * Reload the Nginx: sudo systemctl reload nginx ==== Important URLs ==== * The following URLs are important to reach the UI * To load the optimized UI, go to http://127.0.0.1/rd/build/production/Rd/ * If you want to serve the content directly out of the webroot, do the following: sudo cp -R /var/www/html/rd/build/production/Rd/* /var/www/html/ * To load the RD Mobile UI, go to http://127.0.0.1/rd_mobile === Login Credentials === * By default you can log in with the following credentials Username: **root** Password: **admin** ===== Cron Scripts ===== * RADIUSdesk requires a few scripts to run periodically in order to maintain a healthy and working system. * To activate the cron scripts execute the following command, which will add RADIUSdesk's crons scripts to the Cron system sudo cp /var/www/html/cake4/rd_cake/setup/cron/cron4 /etc/cron.d/ * If you want to change the default intervals at which the scripts get executed, just edit the /etc/cron.d/cron4 file. ===== Add LETSENCRYPT certificate ===== * Rather than repeating existing documentation we will just add a URL with the instructions to do it. * You might want to run the following first before going to the instructions in the URL sudo apt-get update sudo apt-get -y install software-properties-common * https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-11 ===== Next steps ===== * Be sure to also install FreeRADIUS