RADIUSdesk

logo
Trace: 12_install_pi_nginx

This is an old revision of the document!

Install Nginx

Table of Contents

Prep

  • These instructions are for Raspberry Pi OS based on Debian version 12 (bookworm).
  • You can issue the command cat /etc/issue.net to confirm the version. It should say Debian GNU/Linux 12 .
  • Make sure it is up to date.
# Get the latest package lists
sudo apt-get update
# Update the system to the latest
sudo apt-get upgrade
  • Install Nginx
sudo apt-get -y install nginx
  • Ensure the web server starts up and is running
sudo systemctl stop nginx.service
sudo systemctl start nginx.service
  • Navigate to the IP Address of the server where you installed Nginx using a browser to ensure Nginx serves content e.g. http://127.0.0.1

Configure Nginx to interpret .php files

  • The default install of Nginx does not support the serving of .php files.
  • We will install a program (actually a service) called php-fpm.
  • This service will listen for requests to interpret.
  • Install the php-fpm service by installing the default version 8.2 of the packages
sudo apt-get -y install php-fpm
sudo systemctl enable php8.2-fpm
sudo systemctl start php8.2-fpm

Modify Nginx

  • Now that the php-fpm service is installed we should change the default Nginx server to make use of it.
  • Edit the default server file:
sudo vi /etc/nginx/sites-enabled/default
  • Add index.php to this line:
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
  • Activate PHP processing by un-commenting this this section. Note that we use the UNIX socket and we are using 8.2 and not 7.4 which is specified originally in the config file.
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    #
    #       # With php-fpm (or other unix sockets):
    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    #       # With php-cgi (or other tcp sockets):
    #       fastcgi_pass 127.0.0.1:9000;
}
  • Enable the hiding of .htaccess files
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
    deny all;
}
  • Reload the Nginx web server's configuration
sudo systemctl reload nginx.service
  • Create a test .php file to confirm that it does work
sudo vi /var/www/html/test.php
  • Contents
<?php
    phpinfo();
?>

Install MariaDB

Why MariaDB?

  • We discovered that the version of MySQL that comes bundled by default with Debian 12 (bookworm) are breaking things on RADIUSdesk.
  • For this reason we install MariaDB as an alternative.
  • MariaDB is an open-source relational database management system, commonly used as an alternative for MySQL as the database portion of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack.
  • It is intended to be a drop-in replacement for MySQL.
  • Be sure to supply a root password for the MariaDB database when asked for it if you are security conscious else simply hit the ESC key.
sudo apt-get -y install mariadb-server php8.2-mysql
sudo systemctl enable mariadb
sudo systemctl restart mariadb
sudo systemctl status mariadb

Disable strict mode

  • With Debian 12 (bookworm), the bundled release of MariaDB is at version 15.1 which introduced a few Strict modes which have some problems with RADIUSdesk database implementation.
  • We will disable Strict SQL Mode in MariaDB by creating a new file /etc/mysql/conf.d/disable_strict_mode.cnf
sudo vi /etc/mysql/conf.d/disable_strict_mode.cnf
  • Enter these two lines:
[mysqld]
sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
  • Save the file and restart the MySQL Server
sudo systemctl restart mariadb

Performance tune Nginx

Modify expiry date for certain files

  • Edit the /etc/nginx/sites-available/default file:
sudo vi /etc/nginx/sites-available/default
  • Add the following inside the server section:
location ~ ^/cake4/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
    rewrite ^/cake4/rd_cake/webroot/(.*)$ /cake4/rd_cake/webroot/$1 break;
    rewrite ^/cake4/rd_cake/(.*)$ /cake4/rd_cake/webroot/$1 break;
    access_log off;
    expires max;
    add_header Cache-Control public;
}
  • Add below only if you require backward compatibility (MESHdesk and APdesk).
location ~ ^/cake3/.+\.(jpg|jpeg|gif|png|ico|js|css)$ {
    rewrite ^/cake3/rd_cake/webroot/(.*)$ /cake3/rd_cake/webroot/$1 break;
    rewrite ^/cake3/rd_cake/(.*)$ /cake3/rd_cake/webroot/$1 break;
    access_log off;
    expires max;
    add_header Cache-Control public;
}
  • Reload Nginx:
sudo systemctl reload nginx.service

Install RADIUSdesk

  • The first part prepared everything to install RADIUSdesk.
  • This part will go through the steps to install the latest RADIUSdesk.
  • RADIUSdesk consists of three components.
    • rd directory with its contents contains all the HTML and JavaScript code and is used as the presentation layer.
    • cake4 is a CakePHPv4 application and can be considered the engine room. Here the data is processed before being presented by the presentation layer.
    • login is a directory with various login pages which are centrally managed through the RADIUSdesk Dynamic Login Pages applet.
  • Later we will create various symbolic links from locations inside the rdcore directory to locations inside the web server's document root directory.

Required packages

  • Make sure the following packages are installed.
sudo apt-get -y install php-cli php-mysql php-gd php-curl php-xml php-mbstring php-intl php-sqlite3 git wget
sudo systemctl restart php8.2-fpm
  • Check out the rdcore git repository.
cd /var/www
sudo git clone https://github.com/RADIUSdesk/rdcore.git
  • This will create an rdcore directory containing some sub-folders.
  • It is recommended that you also include the RD Mobile UI.
  • Check out the rd_mobile git repository.
cd /var/www
sudo git clone https://github.com/RADIUSdesk/rd_mobile.git
  • We will create soft links in the directory where Nginx will serve the RADIUSdesk contents.
cd /var/www/html
sudo ln -s ../rdcore/rd ./rd
sudo ln -s ../rdcore/cake4 ./cake4
#If backward compatibility is required for older firmware of MESHdesk
sudo ln -s ../rdcore/cake4 ./cake3
sudo ln -s ../rdcore/login ./login
sudo ln -s ../rdcore/AmpConf/build/production/AmpConf ./conf_dev
sudo ln -s ../rdcore/cake4/rd_cake/setup/scripts/reporting ./reporting
#For the RD Mobile UI
sudo ln -s ../rd_mobile/build/production/RdMobile ./rd_mobile

Change Ownerships

  • Change the ownership of the following files to www-data so Nginx can make changes to the files/directories
sudo mkdir -p  /var/www/html/cake4/rd_cake/logs
sudo mkdir -p /var/www/html/cake4/rd_cake/webroot/files/imagecache
sudo mkdir -p /var/www/html/cake4/rd_cake/tmp
sudo chown -R www-data: /var/www/html/cake4/rd_cake/tmp
sudo chown -R www-data: /var/www/html/cake4/rd_cake/logs
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/realms
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_details
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/dynamic_photos
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/access_providers
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/img/hardwares
sudo chown -R www-data: /var/www/html/cake4/rd_cake/webroot/files/imagecache
Last modified: 2023/11/02 21:58