De Raspberry Pi (RPi) is een zeer kleine en zuinige (3,5 watt) mini Linux-computer op basis van een ARM-processor. Oorspronkelijk werd de single board computer ontwikkeld voor educatieve doeleinden. De verwachting om in het 1e jaar 10.000 apparaten te verkopen was niet gegrond: ze verkochten 1 miljoen! Waarschijnlijk door zijn veelzijdigheid en lage prijs ($ 35) is de RPi uitgegroeid tot een enorm succes...
Aangesloten op een moderne televisie functioneert de Raspberry Pi als een mini-computer, en op een netwerk als een (web)server. En dat is waar je Joomla kunt inzetten...
In deze presentatie, gegeven op zaterdag 23 november 2013 op de landelijke bijeenkomst van de Nederlandse Linux Gebruikers Groep (NLLGG), laat Peter zien hoe je de RPi als webserver voor Joomla inzet. Hoe je de via de command-line installeert: Raspbian (Debian Linux geoptimaliseerd voor RPi), Nginx (= zeer snel alternatief voor een Apache webserver), PHP, MySQL, phpMyAdmin en, natuurlijk, Joomla.
Tenslotte toont Peter hoe je voor dergelijke websites de security & prestaties kunt verbeteren. En tenslotte hoe je Wifi & Webcam kunt aansluiten & GPIO kunt gebruiken voor aansturing van LEDs.
Boost Fertility New Invention Ups Success Rates.pdf
Joomla on Raspberry Pi using Nginx - Nederlandse Linux Gebruikers Group november 2013
1. Joomla on Raspberry Pi
using Nginx
Peter Martin, twitter: @pe7er
NLLGG Landelijke Bijeenkomst 23 november 2013
2. Peter Martin
●
●
Joomla website specialist
Marketing + Communicatie
achtergrond & technische
affiniteit
●
Interesses:
●
●
Vrijwilliger Joomla:
●
●
Global Moderator
Community Leadership
Team
●
Open Coffee Nijmegen
●
Nijmegen, vrouw, dochter 6,
zoon 1,5
Open Source Software
Linux sinds 2007
(Ubuntu → Debian → Arch
Linux → Debian)
●
Raspberry Pi
●
Muziek (Vinyl)
●
Filmhuisfilms
Linux User Group Nijmegen
Website: www.db8.nl – e-mail: peter@db8.nl
LinkedIn: http://www.linkedin.com/in/pe7er – Twitter: @pe7er
16. Ehm, vertelde jij
me laatst niet...
...dat je Joomla
kunt installeren...
… op elke
computer?
17. 1. Raspberry Pi – Benefits
●
●
small
Dirt cheap: $ 35 → 38
Euro
●
Low power (3.5 Watt)
●
No moving parts → Silent
●
“De facto” standard (2
types)
–
–
–
Much additional hardware
Many software
Much documentation
18. 1. Raspberry Pi – Benefits
●
Community
●
Use
●
Software
●
Hardware
●
Case
Lego Raspberry Pi Enclosure
by Biz (age 12) from UK
28. 2b. Raspbian – Connect via SSH
●
RPi has SSH Server
●
Determine IP address
–
–
–
–
●
Raspberry Pi + monitor: sudo ifconfig
Smart Phone: Overlook Fing
PC: nmap -sP 192.168.0/24
Router: check connected devices
Connect via SSH
–
–
–
Linux: Command Line
Mac OSX: Terminal
Windows: “PuTTY”
29. 2b. Raspbian – Connect via SSH
{connect from PC via SSH to RPi}
peter@db8HQ:~ $ ssh pi@192.168.0.12
{configuration menu}
pi@raspberrypi ~ $ sudo raspiconfig
30.
31. 2c. Raspbian – Configure your RPi
●
Change User Password
●
Advanced Options
●
Hostname
–
●
Expand_rootfs
–
●
raspberrypi -> rpi
Expand 2GB image to full 8GB capacity
Memory_split
–
Free RAM from memory for GUI (64MB → 16MB)
33. 2d. Internet Access to RPi
Internet
petermartin.nl:
DNS reference to
IP address router
Router:
Portforwarding to
IP address RPi
RPi:
Fixed IP address?
44. 4. Nginx – Configuration
pi@rpi ~ $ sudo nano /etc/nginx/nginx.conf
user wwwdata;
worker_processes 1; # same as number of CPU
pid /var/run/nginx.pid;
pi@rpi ~ $ sudo /etc/init.d/nginx start
45. 4. Nginx – Testing...
●
Browse to URL: http://192.168.0.12/
Welcome to nginx!
46. 4. Nginx – Virtual domains
For every virtual domain:
a)Create folder + index file
/var/www/domain/ + index.html file
b)Create configuration file
c)Enable site via symbolic link
d)Reload Nginx config file(s)
52. 5. MySQL
●
Install MySQL
$ sudo apt-get install mysql-server
●
Secure MySQL
$ sudo mysql_secure_installation
●
Create database for Joomla site
53. 5. MySQL – Create database
pi@rpi ~ $ mysql u root p
Enter password:
Welcome to the MySQL monitor. Commands end with ;
or g.
Your MySQL connection id is 48
Server version: 5.5.310+wheezy1 (Debian)
mysql> create database petermartin;
Query OK, 1 row affected (0.00 sec)
mysql> q
Bye
pi@rpi ~ $
61. 7. phpMyAdmin – Installation
pi@rpi ~ $ sudo aptget install phpmyadmin
Web server to reconfigure automatically: none
Configure database for phpmyadmin with
dbconfigcommon? N
pi@rpi ~ $
78. 9. Performance – What worked?
●
Nginx + PHP-FPM
–
Socket vs Port?
fastcgi_pass
unix:/var/run/php5-fpm.sock;
fastcgi_pass
127.0.0.1:9000;
“socket connections are around 10-15% faster than TCP/IP
connections because it saves the passing the data over the
different layers of TCP/IP stack”
●
Joomla cache
–
–
●
System > Global Configuration > [System] → Cache
Conservative / Progressive / Cache Plugin
Alternative PHP Cache (APC)
84. 9. Performance – Overclocking
$ sudo raspi-config
Be aware that overclocking may reduce the lifetime of your
Raspberry Pi. If overclocking at a certain level causes
system instability, try a more modest overclock. Hold down
shift during boot to temporarily disable overclock.
See http://elinux.org/RPi_Overclocking for more information.
86. 9. Performance – Cryogenics
●
Superconducting computers
●
●
Superconductivity in certain materials when cooled
below a characteristic critical temperature
Cool down Raspberry Pi ?!?
●
Fridge
90. 10. Security – ssh logfiles
●
/var/log/auth.log
Apr 8 22:49:01 rpi sshd[10812]: reverse mapping checking getaddrinfo for
95.148.175.59.broad.wh.hb.dynamic.163data.com.cn [59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:01 rpi sshd[10812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.175.148.95 user=root
Apr 8 22:49:04 rpi sshd[10812]: Failed password for root from 59.175.148.95 port 43066 ssh2
Apr 8 22:49:04 rpi sshd[10812]: Received disconnect from 59.175.148.95: 11: Bye Bye [preauth]
Apr 8 22:49:07 rpi sshd[10816]: reverse mapping checking getaddrinfo for
95.148.175.59.broad.wh.hb.dynamic.163data.com.cn [59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:07 rpi sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.175.148.95 user=root
Apr 8 22:49:09 rpi sshd[10816]: Failed password for root from 59.175.148.95 port 44636 ssh2
Apr 8 22:49:10 rpi sshd[10816]: Received disconnect from 59.175.148.95: 11: Bye Bye [preauth]
Apr 8 22:49:13 rpi sshd[10820]: reverse mapping checking getaddrinfo for
95.148.175.59.broad.wh.hb.dynamic.163data.com.cn [59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:13 rpi sshd[10820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.175.148.95 user=root
Apr 8 22:49:15 rpi sshd[10820]: Failed password for root from 59.175.148.95 port 46051 ssh2
Apr 8 22:49:16 rpi sshd[10820]: Received disconnect from 59.175.148.95: 11: Bye Bye [preauth]
Apr 8 22:49:19 rpi sshd[10824]: reverse mapping checking getaddrinfo for
95.148.175.59.broad.wh.hb.dynamic.163data.com.cn [59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:19 rpi sshd[10824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.175.148.95 user=root
91. 10. Security – Firewall
Firewall: “IPTables”
●
Create file with firewall rules
●
●
●
Drop traffic on certain ports
Allow traffic on certain ports
Load rule set into IPTables
●
Add new rules to IPTables
●
●
Block IP addresses
Reboot RPi? → IPTables empty
●
●
Create ssh script to load firewall rules on start
93. 10. Security – Configure Firewall 1/2
{filter}
# Allow all loopback (lo0) traffic and drop all traffic to
127/8 that doesn't use lo0
A INPUT i lo j ACCEPT
A INPUT d 127.0.0.0/8 j REJECT
# Accept all established inbound connections
A INPUT m state state ESTABLISHED,RELATED j ACCEPT
# Allow all outbound traffic you can modify this to only
allow certain traffic
A OUTPUT j ACCEPT
# Allow HTTP and HTTPS connections from anywhere (the normal
ports for websites and SSL).
A INPUT p tcp dport 80 j ACCEPT
A INPUT p tcp dport 443 j ACCEPT
94. 10. Security – Configure Firewall 2/2
# Allow SSH connections
# The dport number should be the same port number you set in
sshd_config
A INPUT p tcp m state state NEW dport 22 j ACCEPT
# Allow ping
A INPUT p icmp j ACCEPT
# Log iptables denied calls
A INPUT m limit limit 5/min j LOG logprefix "iptables
denied: " loglevel 7
# Drop all other inbound default deny unless explicitly
allowed policy
A INPUT j DROP
A FORWARD j DROP
COMMIT
104. 11. Wifi
USB Wifi dongle
→ use USB power!
Compatible:
http://elinux.org/RPi_USB
_Wi-Fi_Adapters
Internet
105. 11. Wifi
●
Ethernet → connect RPi to internet
●
Wifi → connect wifi devices to RPi
●
hostapd
–
●
user space daemon for wireless access point and
authentication servers
udhcpd
–
DHCP daemon
●
●
Dynamic Host Configuration Protocol = IP networking protocol
that dynamically configures IP addresses
Installation: http://elinux.org/RPI-Wireless-Hotspot
107. 12. Webcam
Raspberry Pi
Camera Board
(5MP, 1080p)
GBP 20,-
USB Webcam
compatible:
http://elinux.org/RPi_
VerifiedPeripherals#U
SB_Webcams
108. 12. Webcam
Connect webcam to USB
dmesg:
[37.627415] usb 1-1.3: new high-speed USB device number 5 using dwc_otg
[37.771212] usb 1-1.3: New USB device found, idVendor=0c45, idProduct=62f1
[37.771244] usb 1-1.3: New USB device strings: Mfr=2, Product=1, SerialNumber=0
[37.771261] usb 1-1.3: Product: USB 2.0 Camera
[37.771279] usb 1-1.3: Manufacturer: Sonix Technology Co., Ltd.
[37.915066] Linux media interface: v0.10
[37.960576] Linux video capture interface: v2.00
[38.003927] uvcvideo: Found UVC 1.00 device USB 2.0 Camera (0c45:62f1)
[38.015192] input: USB 2.0 Camera as /devices/platform/bcm2708_usb/usb1/1-1/11.3/1-1.3:1.0/input/input0
[38.016111] usbcore: registered new interface driver uvcvideo
[38.016132] USB Video Class driver (1.1.1)
[38.184050] 5:3:1: cannot get freq at ep 0x84
[38.188004] usbcore: registered new interface driver snd-usb-audio
Problems? Search for 0c45:62f1
120. Joomla & GPIO?
●
Joomla Component for my Pi to manage LED:
com_piled
●
Run python script from PHP:
<?php exec('sudo python leds/green_on.py');?>
●
Problems:
–
–
Add user “www-data” to gpio group
Give user “www-data” access to python
#includedir /etc/sudoers.d
www-data ALL=(ALL) NOPASSWD: /usr/bin/python
121. Ok, dan...
koop jij maar
zo'n Raspberry dinges...
...dan koop ik
... nieuwe [schoenen
/ handtasje / boek /
...vul maar in...]
122. Raspberry Pi gebruik
1.Mediacenter
●
OpenELEC
2.PHP Website Scraper
4.Joomla website
5.Experimenteren met
Linux Command Line
●
Nginx + PHP + MySQL
●
PHP Scraping Script
Nog Doen:
●
Crontab + php-cli
Proxy Server →
3.Jukebox
●
MPD, Music Player
Daemon
●
MPD Client:
laptop/mobile
Open WiFi?
HTTP verbinding:
via HTTPS naar RPi thuis, en
dan als HTTP naar website(s)
125. Used Photos
●
●
●
●
Raspberry Pi – Switched On Tech Design
http://www.sotechdesign.com.au/raspberry-pi-has-arrived/
BBC Micro - Stuart Brady
http://en.wikipedia.org/wiki/File:BBC_Micro_Front_Restored.jpg
ZX Spectrum - Bill Bertram http://en.wikipedia.org/wiki/File:ZXSpectrum48k.jpg
Commodore 64 - Evan-Amos http://en.wikipedia.org/wiki/File:Commodore-64Computer.png
●
Raspberry Pi Ideas – http://hackaday.com/
●
Kano: A computer anyone can make – www.kickstarter.com
●
Joomla + Stroopwafels – Paul Orwig
●
Bricks - Sharlene Jackson http://www.sxc.hu/photo/759981
●
Hotrod Dash - Peter Mazurek http://www.sxc.hu/photo/1341923
●
Greased Lightnin' - Donald Cook http://www.sxc.hu/photo/690214
●
File Overload - Bob Smith http://www.sxc.hu/photo/367985
●
Rusted Gears - Angelo Rosa http://www.sxc.hu/photo/1365696
●
Man Made - "csremedy" http://www.sxc.hu/photo/1267108
126. Used Photos
●
digital world - ilker http://www.sxc.hu/photo/1206711
●
Crazy Man in Shower - scott adams http://www.sxc.hu/photo/760765
●
laptop 2 - emre nacigil http://www.sxc.hu/photo/810741
●
Speedometer – Abdulhamid AlFadhly http://www.sxc.hu/photo/1390189
●
fridge - David Readman http://www.sxc.hu/photo/352383
●
Liquid nitrogen - Cory Doctorow http://en.wikipedia.org/wiki/Cryogenics
●
Secure - Frank Köhne http://www.sxc.hu/photo/962334
●
ICU - Chris Chidsey http://www.sxc.hu/photo/1384549
●
Wireless - Stephan Hempelmann http://www.sxc.hu/photo/437031
●
LED - "linusb4" http://www.sxc.hu/photo/883983
LED, 5mm, green (unlabelled) - Inductiveload
http://commons.wikimedia.org/wiki/File:LED,_5mm,_green_(unlabelled).svg
●
Playing with LEDs – Peter Martin
●
Professor Tiger - Gabriel Doyle http://www.sxc.hu/photo/526749