RADIUSdesk

logo
Trace: 12_install_pi_nginx

Table of Contents

Install Nginx

Prep

  • These instructions are for Raspberry Pi OS based on Debian version 12 (bookworm).
  • You can issue the command cat /etc/issue.net to confirm the version. It should say Debian GNU/Linux 12 .
  • Make sure it is up to date.
# Get the latest package lists
sudo apt-get update
# Update the system to the latest
sudo apt-get upgrade
  • Install Nginx
sudo apt-get -y install nginx
  • Ensure the web server starts up and is running
sudo systemctl stop nginx.service
sudo systemctl start nginx.service
  • Navigate to the IP Address of the server where you installed Nginx using a browser to ensure Nginx serves content e.g. http://127.0.0.1

Configure Nginx to interpret .php files

  • The default install of Nginx does not support the serving of .php files.
  • We will install a program (actually a service) called php-fpm.
  • This service will listen for requests to interpret.
  • Install the php-fpm service by installing the default version 8.2 of the packages
sudo apt-get -y install php-fpm
sudo systemctl enable php8.2-fpm
sudo systemctl start php8.2-fpm

Modify Nginx

  • Now that the php-fpm service is installed we should change the default Nginx server to make use of it.
  • Edit the default server file:
sudo vi /etc/nginx/sites-enabled/default
  • Add index.php to this line:
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
  • Activate PHP processing by un-commenting this this section. Note that we use the UNIX socket and we are using 8.2 and not 7.4 which is specified originally in the config file.
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    #
    #       # With php-fpm (or other unix sockets):
    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    #       # With php-cgi (or other tcp sockets):
    #       fastcgi_pass 127.0.0.1:9000;
}
  • Enable the hiding of .htaccess files
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
    deny all;
}
  • Reload the Nginx web server's configuration
sudo systemctl reload nginx.service
  • Create a test .php file to confirm that it does work
sudo vi /var/www/html/test.php
  • Contents
<?php
    phpinfo();
?>

Install MariaDB

Why MariaDB?

  • We discovered that the version of MySQL that comes bundled by default with Debian 12 (bookworm) are breaking things on RADIUSdesk.
  • For this reason we install MariaDB as an alternative.
  • MariaDB is an open-source relational database management system, commonly used as an alternative for MySQL as the database portion of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack.
  • It is intended to be a drop-in replacement for MySQL.
  • Be sure to supply a root password for the MariaDB database when asked for it if you are security conscious else simply hit the ESC key.
sudo apt-get -y install mariadb-server php8.2-mysql
sudo systemctl enable mariadb
sudo systemctl restart mariadb
sudo systemctl status mariadb

Disable strict mode

  • With Debian 12 (bookworm), the bundled release of MariaDB is at version 15.1 which introduced a few Strict modes which have some problems with RADIUSdesk database implementation.
  • We will disable Strict SQL Mode in MariaDB by creating a new file /etc/mysql/conf.d/disable_strict_mode.cnf
sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf
  • Enter these two lines:
[mysqld]
sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
  • Save the file and restart the MySQL Server
sudo systemctl restart mariadb

Performance tune Nginx

Modify expiry date for certain files

  • Edit the /etc/nginx/sites-available/default file:
sudo vi /etc/nginx/sites-available/default
  • Add the following inside the server section:
location ~ ^/cake4/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
    rewrite ^/cake4/rd_cake/webroot/(.*)$ /cake4/rd_cake/webroot/$1 break;
    rewrite ^/cake4/rd_cake/(.*)$ /cake4/rd_cake/webroot/$1 break;
    access_log off;
    expires max;
    add_header Cache-Control public;
}
  • Add below only if you require backward compatibility (MESHdesk and APdesk).
location ~ ^/cake3/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
    rewrite ^/cake3/rd_cake/webroot/(.*)$ /cake3/rd_cake/webroot/$1 break;
    rewrite ^/cake3/rd_cake/(.*)$ /cake3/rd_cake/webroot/$1 break;
    access_log off;
    expires max;
    add_header Cache-Control public;
}
  • Reload Nginx:
sudo systemctl reload nginx.service

Install RADIUSdesk

  • The first part prepared everything to install RADIUSdesk.
  • This part will go through the steps to install the latest RADIUSdesk.
  • RADIUSdesk consists of three components.
    • rd directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer.
    • cake4 is a CakePHPv4 application and can be considered the engine room. Here the data is processed before being presented by the presentation layer.
    • login is a directory with various login pages which are centrally managed through the RADIUSdesk Dynamic Login Pages applet.
  • Later we will create various symbolic links from locations inside the rdcore directory to locations inside the web server's document root directory.

Required packages

  • Make sure the following packages are installed.
sudo apt-get -y install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl php-sqlite3 git wget
sudo systemctl restart php8.2-fpm
  • Check out the rdcore git repository.
cd /var/www
sudo git clone https://github.com/RADIUSdesk/rdcore.git
  • This will create an rdcore directory containing some sub-folders.
  • It is recommended that you also include the RD Mobile UI.
  • Check out the rd_mobile git repository.
cd /var/www
sudo git clone https://github.com/RADIUSdesk/rd_mobile.git
  • We will create soft links in the directory where Nginx will serve the RADIUSdesk contents.
cd /var/www/html
sudo ln -s ../rdcore/rd ./rd
sudo ln -s ../rdcore/cake4 ./cake4
#If backward compatibility is required for older firmware of MESHdesk
sudo ln -s ../rdcore/cake4 ./cake3
sudo ln -s ../rdcore/login ./login
sudo ln -s ../rdcore/AmpConf/build/production/AmpConf ./conf_dev
sudo ln -s ../rdcore/cake4/rd_cake/setup/scripts/reporting ./reporting
#For the RD Mobile UI
sudo ln -s ../rd_mobile/build/production/RdMobile ./rd_mobile

Change Ownerships

  • Change the ownership of the following files to www-data so Nginx can make changes to the files/directories
sudo mkdir -p  /var/www/html/cake4/rd_cake/logs
sudo mkdir -p /var/www/html/cake4/rd_cake/webroot/files/imagecache
sudo mkdir -p /var/www/html/cake4/rd_cake/tmp
sudo chown -R www-data: /var/www/html/cake4/rd_cake/tmp
sudo chown -R www-data: /var/www/html/cake4/rd_cake/logs
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/realms
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_details
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_photos
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/access_providers
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/hardwares
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/files/imagecache

The Database

  • Make sure the timezone on the server is set to UTC (You can use sudo raspi-config)
  • Populate the timezone data on the DB
#NOTE FAILING THIS STEP will break the RADIUS graphs
#There might be some error messages in the output which is fine - no need to be alarmed
sudo su
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root  mysql
  • Create an empty database called rd
sudo su
mysql -u root
create database rd;
GRANT ALL PRIVILEGES ON rd.* to 'rd'@'127.0.0.1' IDENTIFIED BY 'rd';
GRANT ALL PRIVILEGES ON rd.* to 'rd'@'localhost' IDENTIFIED BY 'rd';
exit;
  • Populate the database:
sudo mysql -u root rd < /var/www/html/cake4/rd_cake/setup/db/rd.sql
  • RADIUSdesk is under active development and sometimes we add SQL patches.
  • The SQL Patches are located under /var/www/html/cake4/rd_cake/setup/db/
  • These patches are non-destructive and you can run them against the database
  • See the pattern below
sudo mysql -u root rd < /var/www/rdcore/cake4/rd_cake/setup/db/8.068_add_email_sms_histories.sql

Configure Nginx

  • Configure Nginx to rewrite some RdCore URLs starting with /cake4/rd_cake.
  • Edit /etc/nginx/sites-enabled/default
sudo vi /etc/nginx/sites-enabled/default
  • Add this once section directly below server_name item. (This is so that this rule is hit first for the reporting side. We do not use CakePHP for the reporting anymore due to performance issues.
server_name _;
location /cake4/rd_cake/node-reports/submit_report.json {
    try_files $uri $uri/ /reporting/reporting.php;
}
  • If you need backward compatibility support (MESHdesk and APdesk) also add this section:
location /cake3/rd_cake/node-reports/submit_report.json {
    try_files $uri $uri/ /reporting/reporting.php;
}
  • Add the following configuration block inside the server section (This you can add towards the end):
location /cake4/rd_cake {
   rewrite ^/cake4/rd_cake(.+)$ /cake4/rd_cake/webroot$1 break;
   try_files $uri $uri/ /cake4/rd_cake/index.php$is_args$args;
}
  • If you need backward compatibility support (MESHdesk and APdesk) also add this section:
location /cake3/rd_cake {
   rewrite ^/cake3/rd_cake(.+)$ /cake3/rd_cake/webroot$1 break;
   try_files $uri $uri/ /cake3/rd_cake/index.php$is_args$args;
}
  • Reload the Nginx:
sudo systemctl reload nginx

Important URLs

  • The following URLs are important to reach the UI
  • To load the optimized UI, go to http://127.0.0.1/rd/build/production/Rd/
  • If you want to serve the content directly out of the webroot, do the following:
sudo cp -R /var/www/html/rd/build/production/Rd/* /var/www/html/

Login Credentials

  • By default you can log in with the following credentials

Username: root Password: admin

Cron Scripts

  • RADIUSdesk requires a few scripts to run periodically in order to maintain a healthy and working system.
  • To activate the cron scripts execute the following command, which will add RADIUSdesk's crons scripts to the Cron system
sudo cp /var/www/html/cake4/rd_cake/setup/cron/cron4 /etc/cron.d/
  • If you want to change the default intervals at which the scripts get executed, just edit the /etc/cron.d/cron4 file.

Add LETSENCRYPT certificate

  • Rather than repeating existing documentation we will just add a URL with the instructions to do it.
  • You might want to run the following first before going to the instructions in the URL
sudo apt-get update
sudo apt-get -y install software-properties-common

Next steps

  • Be sure to also install FreeRADIUS
Last modified: 2023/11/03 00:34