Joomla on Raspberry Pi using Nginx - Nederlandse Linux Gebruikers Group november 2013

Joomla on Raspberry Pi
using Nginx

Peter Martin, twitter: @pe7er
NLLGG Landelijke Bijeenkomst 23 november 2013

Peter Martin

Joomla website specialistMarketing + Communicatie achtergrond & technische affiniteit

Vrijwilliger Joomla:Global Moderator

Community Leadership Team

Open Coffee Nijmegen

Linux User Group Nijmegen

Nijmegen, vrouw, dochter 6, zoon 1,5Interesses:

Open Source Software

Linux sinds 2007
(Ubuntu Debian Arch Linux Debian)

Raspberry Pi

Muziek (Vinyl)

Filmhuisfilms

Website: www.db8.nl e-mail: [email protected]
LinkedIn: http://www.linkedin.com/in/pe7er Twitter: @pe7er

Overview Presentation

Introduction
LAMP LEMP Stack:

Raspbian

Fun with SSH

Nginx

MySQL

PHP

phpMyAdmin

Joomla

Performance

Security

WIFI

CAM

Live and LED die

1. Introduction Raspberry Pi

Today's engineers: home computers in 1980s

Today's youth:
computer classes = operate software,
click menus
and swipe yourself to death...

Goal RPi: education on inexpensive device

1. Raspberry Pi Hardware

Single-board computer, 700 Mhz

RAM 512 Mbyte (1st ver.256 Mbyte)

Graphics: Broadcom VideoCore IV

Connections:SD Card

Micro USB powerplug
(5v 1A 3,5 Watt)

Ethernet

HDMI & RCA Video

Audio

2x USB

General-purpose input/output (GPIO)

Een Raspberry wat?Waarom wil je
die kopen? Heb je nog niet
genoeg computers?

Smallest Mac

C64

Grid super computer

Weather Station

Pi in the sky

BrewPi

Kano

Kano: A computer anyone can make

www.kickstarter.com
Op 23 nov:
4,689 backers$525,305 pledged of $100,000 goal26 days to go

Joomla

Ehm, vertelde jij
me laatst niet......dat je Joomla
kunt installeren... op elke
computer?

1. Raspberry Pi Benefits

small

Dirt cheap: $ 35 38 Euro

Low power (3.5 Watt)

No moving parts Silent

De facto standard (2 types)Much additional hardware

Many software

Much documentation

1. Raspberry Pi Benefits

CommunityUse

Software

Hardware

Case

Lego Raspberry Pi Enclosure
by Biz (age 12) from UK

LEMP Stack

LAMP LEMP Stack

LLinux Raspbian (Debian for RPi)EApache Nginx [engine x]MMySQLPPHP

2. Raspbian

2. Raspbian

Installation

Connect to Network

Configuration

Internet Access

2a. Raspbian Installation SD Card

Download Raspbian Image: http://www.raspberrypi.org/downloads

Write to SD Card:

SD Card: http://elinux.org/RPi_Easy_SD_Card_Setup

Location SD Card: dmesg

Write, dd (dump disk, +- 5 minutes)
CAREFUL: data destroyer !Linux:
sudo dd bs=1M if=~/rpi/2013-09-25-wheezy-raspbian.img of=/dev/mmcblk0

Mac OSX:
sudo dd bs=1M if=~/rpi/2013-09-25-wheezy-raspbian.img of=/dev/disk1s1

Windows:
dd bs=1M if=c:\temp\2013-09-25-wheezy-raspbian.img od=e

2b. Raspbian Connect your RPi

Pappa? Mag ik TV kijken?Klokhuis is nu!

2b. Raspbian Connect via SSH

RPi has SSH Server

Determine IP addressRaspberry Pi + monitor: sudo ifconfig

Smart Phone: Overlook Fing

PC: nmap -sP 192.168.0/24

Router: check connected devices

Connect via SSHLinux: Command Line

Mac OSX: Terminal

Windows: PuTTY

2b. Raspbian Connect via SSH

{connect from PC via SSH to RPi}
peter@db8HQ:~ $ ssh [email protected]

{configuration menu}
pi@raspberrypi ~ $ sudo raspi-config

2c. Raspbian Configure your RPi

Change User Password

Advanced OptionsHostnameraspberrypi -> rpi

Expand_rootfsExpand 2GB image to full 8GB capacity

Memory_splitFree RAM from memory for GUI (64MB 16MB)

2c. Raspbian Update!

{update Repository information}
pi@rpi ~ $ sudo apt-get update
{takes 30 seconds}

{upgrade Raspbian OS}
pi@rpi ~ $ sudo apt-get upgrade
{takes 22 minutes}

2d. Internet Access to RPi

Internet

petermartin.nl:
DNS reference to
IP address router

Router:
Portforwarding to
IP address RPi

RPi:
Fixed IP address?

2d. Internet Access Static IP Address

pi@rpi ~ $ routeKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Ifacedefault 192.168.0.1 0.0.0.0 UG 0 0 0 eth0192.168.0.0 * 255.255.255.0 U 0 0 0 eth0pi@rpi ~ $ sudo nano /etc/network/interfaces{change:}iface eth0 inet dhcp{to:}iface eth0 inet static
address 192.168.0.9
netmask 255.255.255.0
gateway 192.168.0.1

Wake up Neo...The Matrix has you...Follow the white rabbit.Knock, knock, Neo.

3. SSH Secure Shell

3.Fun with SSH

apple:~ peter$ ssh [email protected]

[email protected]'s password: ****

Linux rpi 3.6.11+ #538 PREEMPT Fri Aug 30 20:42:08 BST 2013 armv6l

The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Last login: Tue Oct 29 21:04:31 2013 from 192.168.0.15

pi@raspberrypi ~ $

3.Fun with SSH

pi@rpi ~ $ ssh [email protected]


Linux db8HQ 2.6.32-5-686 #1 SMP Mon Sep 23 23:00:18 UTC 2013 i686

The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

You have new mail.

Last login: Wed Oct 30 17:35:55 2013 from 192.168.0.12

peter@db8HQ:~$

3.Fun with SSH

peter@db8HQ:~$ ssh [email protected]


Linux thinkpad 3.2.0-4-686-pae #1 SMP Debian 3.2.46-1+deb7u1 i686The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.Last login: Wed Oct 30 17:41:15 2013 from db8hq.local

peter@thinkpad:~$

Ja?En??!?

4. Nginx webserver

4. Nginx

Nginx [engine ex]High performance: Dynamic pages = FAST

Static = very FAST!

Low memory usage (useful on Rpi!)

Easy configuration + automatic configuration test

Nginx Popularity (netcraft.com Nov 2013):Nginx on 110 million sites (14% all sites, Apache 44%, IIS 24%)

Top million busiest websites:1. Apache 56 %

2. Nginx 15 %

3. Microsoft 12 %

4. Nginx Popularity

4. Nginx Installation

pi@rpi ~ $ sudo apt-get install nginx
[..]

Setting up nginx (1.2.1-2.2+wheezy1) ...pi@rpi ~ $

4. Nginx Configuration

pi@rpi ~ $ sudo nano /etc/nginx/nginx.conf
user www-data;
worker_processes 1; # same as number of CPU
pid /var/run/nginx.pid;

pi@rpi ~ $ sudo /etc/init.d/nginx start

4. Nginx Testing...

Browse to URL: http://192.168.0.12/

Welcome to nginx!

4. Nginx Virtual domains

For every virtual domain:

Create folder + index file /var/www/domain/ + index.html file

Create configuration file

Enable site via symbolic link

Reload Nginx config file(s)

4. Nginx a)Virtual domain

pi@rpi ~ $ sudo mkdir /var/www/petermartin.nlpi@rpi ~ $ sudo nano /var/www/petermartin.nl/index.php

Joomla op Raspberry

Welkom bij NLLGG!

4. Nginx b) configuration file

pi@rpi ~ $ sudo nano /etc/nginx/sites-available/petermartin.nl

server {
listen 80;
server_name www.petermartin.nl;
root /var/www/petermartin.nl;

access_log /var/log/nginx/petermartin.nl.access_log;
error_log /var/log/nginx/petermartin.nl.error_log info;

location / {
index index.php index.html index.htm;
}}

4. Nginx c) symlink + d) reload

{create symbolic link}

pi@rpi ~ $ sudo ln -s
/etc/nginx/sites-available/petermartin.nl
/etc/nginx/sites-enabled/petermartin.nl

{reload Nginx configuration}

pi@rpi ~ $ sudo /etc/init.d/nginx reload
Reloading nginx configuration: nginx.

4. Nginx Testing...


Welkom bij NLLGG!

Error?404 Not Found
nginx/1.2.1

Check error log file:
$ cat /var/log/nginx/petermartin.nl.error_log

5. MySQL Database Server

5. MySQL

Install MySQL$ sudo apt-get install mysql-server

Secure MySQL$ sudo mysql_secure_installation

Create database for Joomla site

5. MySQL Create database

pi@rpi ~ $ mysql -u root -pEnter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 48
Server version: 5.5.31-0+wheezy1 (Debian)

mysql> create database petermartin;
Query OK, 1 row affected (0.00 sec)mysql> \q
Byepi@rpi ~ $

6. PHP

6. PHP Installation

Install (necessary):

php5-fpm (FastCGI Process Manager)

php5-mysql (Connect to MySQL)

php5-cli (command-line interpreter)

php5-curl (download from FTP & HTTP server)

Configure Nginx virtual domain

Reload Nginx

6. PHP Installation

pi@rpi ~ $ sudo apt-get install
php5-fpm php5-mysql
Setting up php5 (5.4.4-14+deb7u5) ...
Processing triggers for php5-fpm ...
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.

pi@rpi ~ $

6. PHP configuration petermartin.nl

add:

location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}

pi@rpi ~ $ sudo /etc/init.d/nginx reload

6. PHP Testing...


7. phpMyAdmin

7. phpMyAdmin

Database GUI
http://192.168.0.12/phpmyadmin/

Installation

ConfigurationSecure: Add to one virtual domain only

limit to 1 IP address

7. phpMyAdmin Installation

pi@rpi ~ $ sudo apt-get install phpmyadmin

Web server to reconfigure automatically: noneConfigure database for phpmyadmin with
dbconfig-common? N

pi@rpi ~ $

7. phpMyAdmin Configuration


location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;

fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|
css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}

8. Joomla

8. Joomla Download

Downloadwww.joomla.org/download.html

Latest Joomla 3.2
from joomla.org using wget
sudo wget
http://joomlacode.org/gf/download/frsrelease/18838/86936/Joomla_3.2.0-Stable-Full_Package.zip

Latest testing from github.com using git
sudo git clone git://github.com/joomla/joomla-cms.git

Install via Joomla's webinstaller

8. Joomla Download (wget)

pi@rpi ~ $ cd /var/www/petermartin.nl
pi@rpi ~ $ sudo wget
http://joomlacode.org/gf/download/frsrelease/18838/86936/Joomla_3.2.0-Stable-Full_Package.zip

--2013-11-23 01:22:26-- http://joomlacode.org/gf/download/frsrelease/18838/86936/Joomla_3.2.0-Stable-Full_Package.zip
Resolving joomlacode.org... 206.123.111.164
Connecting to joomlacode.org|206.123.111.164|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloads.joomlacode.org/frsrelease/8/6/9/86936/Joomla_3.2.0-Stable-Full_Package.zip [following]
--2013-11-23 01:22:26-
http://downloads.joomlacode.org/frsrelease/8/6/9/86936/Joomla_3.2.0-Stable-Full_Package.zip
Resolving downloads.joomlacode.org... 206.123.111.167
Connecting to downloads.joomlacode.org|206.123.111.167|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9471749 (9.0M) [application/zip]
Saving to: `Joomla_3.2.0-Stable-Full_Package.zip'
100%[==========================================>] 9,471,749 2.15M/s in 7.8s
2013-11-23 01:22:34 (1.16 MB/s) - `Joomla_3.2.0-Stable-Full_Package.zip' saved [9471749/9471749]pi@rpi ~ $ sudo unzip Joomla_3.2.0-Stable-Full_Package.zip

8. Joomla Download (git)

pi@rpi ~ $ sudo git clone git://github.com/joomla/joomla-cms.git
Cloning into joomla-cms...
remote: Counting objects: 385836, done.
remote: Compressing objects: 100% (131365/131365), done.
remote: Total 385836 (delta 275767), reused 359279 (delta 251064)
Receiving objects: 100% (385836/385836), 96.31 MiB | 6.45 MiB/s, done.
Resolving deltas: 100% (275767/275767), done.

8. Joomla Change ownership

pi@rpi ~ $ sudo chown -R www-data:www-data /var/www/petermartin.nl/

8. Joomla SEF Links

Apachemod_rewrite .htaccess

Every file/folder checked for .htaccess

Nginx.htaccess virtual domain configuration:
location / {index index.php index.html index.htm;try_files $uri $uri/ /index.php?q=$request_uri;

}

9. Performance

9. Performance Testing, 1,2,3

The need for speed Visitors + Google indexing

Different configurations (Server settings, Joomla settings, Joomla Extensions (Templates + Plugins)

Debug Mode: System > Global Configuration >
System > Debug System: YES

Joomla! Debug Console > Profile Information

Browser plugins, e.g. Yslow

9. Performance

Test: Refresh (3x) new setting > Refresh (3x) & compare

9. Performance What worked?

Nginx + PHP-FPMSocket vs Port?fastcgi_passunix:/var/run/php5-fpm.sock;
fastcgi_pass127.0.0.1:9000;socket connections are around 10-15% faster than TCP/IP connections because it saves the passing the data over the different layers of TCP/IP stack

Joomla cacheSystem > Global Configuration > [System] Cache

Conservative / Progressive / Cache Plugin

Alternative PHP Cache (APC)

9. Performance Joomla cache

9. Performance Alternative PHP Cache

{Install APC + pear}
pi@rpi ~ $ sudo apt-get install php-apc php-pear php5-dev libpcre3-dev

{Put settings in PHP.ini}
pi@rpi ~ $ sudo pear config-set php_ini /etc/php5/fpm/php_ini

pi@rpi ~ $ sudo pecl config-set php_ini /etc/php5/fpm/php_ini

9. Performance Alternative PHP Cache

{Download/compile/install APC}
pi@rpi ~ $ sudo pecl install apc
{Choose all default options}

{add "extension=apc.so" to /etc/php5/fpm/php.ini}

{After install APC restart nginx}
pi@rpi ~ $ sudo /etc/init.d/nginx restart

{AND restart php-fpm!!!}
pi@rpi ~ $ sudo /etc/init.d/php5-fpm reload

9. Performance APC

9. Performance Did not work...

Joomla gzip

Nginx cache

Optimization Plugins (JCH Optimize / jbetolo)

Memcached

Overclocking Rpi

Cryogenics

9. Performance Overclocking

$ sudo raspi-config

Be aware that overclocking may reduce the lifetime of your
Raspberry Pi. If overclocking at a certain level causes
system instability, try a more modest overclock. Hold down
shift during boot to temporarily disable overclock.
See http://elinux.org/RPi_Overclocking for more information.

9. Performance Overclocking

9. Performance Cryogenics

Superconducting computersSuperconductivity in certain materials when cooled below a characteristic critical temperature

Cool down Raspberry Pi ?!?Fridge

Peter!!!!Waarom komen
er allemaal... ...draden uit
de koelkast?!?@#!$%@!?

9. Performance Cryogenics

FridgeNot cool enough... < 123 K ( = 150 C, 238 F)

Liquid nitrogen
or liquid helium?Couldn't decide which...
performance gain
when cooling down: N/A

10. Security

10. Security ssh logfiles

/var/log/auth.logApr 8 22:49:01 rpi sshd[10812]: reverse mapping checking getaddrinfo for 95.148.175.59.broad.wh.hb.dynamic.163data.com.cn [59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:01 rpi sshd[10812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.175.148.95 user=root
Apr 8 22:49:04 rpi sshd[10812]: Failed password for root from 59.175.148.95 port 43066 ssh2
Apr 8 22:49:04 rpi sshd[10812]: Received disconnect from 59.175.148.95: 11: Bye Bye [preauth]
Apr 8 22:49:07 rpi sshd[10816]: reverse mapping checking getaddrinfo for 95.148.175.59.broad.wh.hb.dynamic.163data.com.cn [59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!

10. Security Firewall

Firewall: IPTables

Create file with firewall rulesDrop traffic on certain ports

Allow traffic on certain ports

Load rule set into IPTables

Add new rules to IPTables

Block IP addresses

Reboot RPi? IPTables emptyCreate ssh script to load firewall rules on start

10. Security Firewall

{check Firewall}
pi@rpi ~$ sudo iptables -LChain INPUT (policy ACCEPT)
targetprot opt sourcedestinationChain FORWARD (policy ACCEPT)
targetprot opt sourcedestinationChain OUTPUT (policy ACCEPT)
targetprot opt sourcedestination
{create rules for Firewall}pi@rpi ~$ sudo nano /etc/iptables.firewall.rules

10. Security Configure Firewall 1/2

{filter}# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

10. Security Configure Firewall 2/2

# Allow SSH connections
# The -dport number should be the same port number you set in sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# Allow ping
-A INPUT -p icmp -j ACCEPT

# Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

10. Security Activate Firewall 1/2

{activate Firewall}
pi@rpi ~$ sudo iptables-restore < /etc/iptables.firewall.rules
{check Firewall}
pi@rpi ~$ sudo iptables -L

Chain INPUT (policy ACCEPT)
targetprot opt sourcedestination
ACCEPTall --anywhereanywhere
REJECTall --anywhereloopback/8reject-with icmp-port-unreachable
ACCEPTall --anywhereanywherestate RELATED, ESTABLISHED
ACCEPTtcp --anywhereanywheretcp dpt:http
LOGall --anywhereanywherelimit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROPall --anywhereanywhere
[..]

10. Security Activate Firewall 2/2

{script: activate Firewall at reboot}
pi@rpi ~$ sudo nano /etc/network/if-pre-up.d/firewall

{put in /etc/network/if-pre-up.d/firewall}
#!/bin/sh/sbin/iptables-restore < /etc/iptables.firewall.rules

{set script permissions}
pi@rpi ~$ sudo chmod +x /etc/network/if-pre-up.d/firewall

10. Security Webserver logfiles

/var/log/nginx/petermartin.nl.access_log198.7.57.74 - - [30/Mar/2013:16:47:49 +0100] "GET /w00tw00t.at.blackhats.anti-sec:) HTTP/1.1" 404 1565 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET /scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:54 +0100] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /web/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /webdb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"

10. Security Fail2Ban

Automated blocking: Fail2BanScan logfiles & take action automatically

Jail configurationif in entry in logfile matches filter

n times

put IP on blocklist for x minutes

Filters/etc/fail2ban/filter.d/

Regex ROOT LOGIN REFUSED, POSSIBLE BREAK-IN ATTEMPT!, Failed password etc...

10. Security Fail2Ban

{install Fail2Ban}
pi@rpi ~$ sudo apt-get install fail2ban

10. Security Fail2Ban Filter

{No w00tw00t for you ;-)}

pi@rpi ~$ sudo nano
/etc/fail2ban/filter.d/nginx-w00tw00t.conf

# Fail2Ban configuration file
# Author: Peter Martin

[Definition]
# Option: failregex

failregex = ^ -.*GET.*(w00tw00t|
\setup.php|\wp-login.php)

10. Security Fail2Ban configuration

{activate nginx-w00tw00t filter}
pi@rpi ~$ sudo nano /etc/fail2ban/jail.local

[nginx-w00tw00t]
enabled = true
port = http,https
filter = nginx-w00tw00t
logpath = /var/log/nginx/*access_log
maxretry = 0
bantime = 600

{restart Fail2Ban}
pi@rpi ~$ sudo /etc/init.d/fail2ban restart

10. Security

Backup !!!

Change default username pi & password

Block root login

Firewall IPTables

Automatic blocking Fail2Ban

Analyze logfiles

Logwatch needs Mail Transfer Agent, e.g. Exim MTA

11. Wifi

USB Wifi dongle use USB power!Compatible:
http://elinux.org/RPi_USB_Wi-Fi_Adapters

11. Wifi

Internet

Ethernet connect RPi to internet

Wifi connect wifi devices to RPihostapduser space daemon for wireless access point and authentication servers

udhcpdDHCP daemonDynamic Host Configuration Protocol = IP networking protocol that dynamically configures IP addresses

Installation: http://elinux.org/RPI-Wireless-Hotspot

11. Wifi

12. Webcam

Raspberry Pi Camera Board
(5MP, 1080p)
GBP 20,-

USB Webcam compatible:
http://elinux.org/RPi_VerifiedPeripherals#USB_Webcams

12. Webcam

Connect webcam to USBdmesg:[37.627415] usb 1-1.3: new high-speed USB device number 5 using dwc_otg
[37.771212] usb 1-1.3: New USB device found, idVendor=0c45, idProduct=62f1
[37.771244] usb 1-1.3: New USB device strings: Mfr=2, Product=1, SerialNumber=0
[37.771261] usb 1-1.3: Product: USB 2.0 Camera
[37.771279] usb 1-1.3: Manufacturer: Sonix Technology Co., Ltd.
[37.915066] Linux media interface: v0.10
[37.960576] Linux video capture interface: v2.00
[38.003927] uvcvideo: Found UVC 1.00 device USB 2.0 Camera (0c45:62f1)
[38.015192] input: USB 2.0 Camera as /devices/platform/bcm2708_usb/usb1/1-1/1-1.3/1-1.3:1.0/input/input0
[38.016111] usbcore: registered new interface driver uvcvideo
[38.016132] USB Video Class driver (1.1.1)
[38.184050] 5:3:1: cannot get freq at ep 0x84
[38.188004] usbcore: registered new interface driver snd-usb-audio

Problems? Search for 0c45:62f1

12. Webcam

12. Webcam

Webcam in JoomlaMotionsoftware motion detector.

Iframe

12. Webcam Install

{install Motion}
pi@rpi ~$ sudo apt-get install motion

{config}
pi@rpi ~$ sudo nano/etc/motion/motion.conf
change
Daemon = OFF to ON
webcam_localhost = ON to OFF

pi@rpi ~$ sudo nano /etc/default/motion
chang start_motion_daemon=no to yes

12. Webcam Install

{restart}
pi@rpi ~$ sudo /etc/init.d/motion restart

{browser: http://192.168.0.18:8081 }

{poort 8081 in firewall}
pi@rpi ~$ sudo iptables -I INPUT -p tcp --dport 8081 -j ACCEPT

Maar dat kun je toch
ook allemaal ... ...met een normale
computer?!?Waarom dan
een Raspberry Pi?

13. Live and LED die

GPIO

General-purpose input/output (GPIO)= Control input or output via software

LEDs + some time

+ more time

+ a lot more time

even more time + Python GPIO

Hello World

Necessary:python-dev

python-rpi.gpio

green_on.py
import RPi.GPIO as GPIO
GPIO.setwarnings(False)
GPIO.setmode(GPIO.BOARD)
GPIO.setup(11, GPIO.OUT)
GPIO.output(11,True)

green_off.py
[..]
GPIO.output(11,False)

Run script:
sudo python green_on.py

13. GPIO Install

{install python library}
pi@rpi ~$ sudo apt-get python-dev python-rpi.gpio

Joomla & GPIO?

Joomla Component for my Pi to manage LED:
com_piledRun python script from PHP:

Problems:Add user www-data to gpio group

Give user www-data access to python
#includedir /etc/sudoers.d
www-data ALL=(ALL) NOPASSWD: /usr/bin/python

Ok, dan...
koop jij maar
zo'n Raspberry dinges......dan koop ik ... nieuwe [schoenen
/ handtasje / boek /
...vul maar in...]

Raspberry Pi gebruik

Mediacenter

OpenELEC

PHP Website Scraper

Nginx + PHP + MySQL

PHP Scraping Script

Crontab + php-cli

Jukebox

MPD, Music Player Daemon

MPD Client: laptop/mobile

Joomla website

Experimenteren met Linux Command Line

Nog Doen:

Proxy Server Open WiFi?
HTTP verbinding:
via HTTPS naar RPi thuis, en dan als HTTP naar website(s)

the end...

Joomla + Raspberry Pi

= hours of fun

Questions?

Presentation available via www.db8.nl

Peter MartinEmail: info at db8.nlWebsite: www.db8.nlTwitter: @pe7er

Used Photos

Raspberry Pi Switched On Tech Design http://www.sotechdesign.com.au/raspberry-pi-has-arrived/

BBC Micro - Stuart Brady http://en.wikipedia.org/wiki/File:BBC_Micro_Front_Restored.jpg

ZX Spectrum - Bill Bertram http://en.wikipedia.org/wiki/File:ZXSpectrum48k.jpg

Commodore 64 - Evan-Amos http://en.wikipedia.org/wiki/File:Commodore-64-Computer.png

Raspberry Pi Ideas http://hackaday.com/

Kano: A computer anyone can make www.kickstarter.com

Joomla + Stroopwafels Paul Orwig

Bricks - Sharlene Jackson http://www.sxc.hu/photo/759981

Hotrod Dash - Peter Mazurek http://www.sxc.hu/photo/1341923

Greased Lightnin' - Donald Cook http://www.sxc.hu/photo/690214

File Overload - Bob Smith http://www.sxc.hu/photo/367985

Rusted Gears - Angelo Rosa http://www.sxc.hu/photo/1365696

Man Made - "csremedy" http://www.sxc.hu/photo/1267108

Used Photos

digital world - ilker http://www.sxc.hu/photo/1206711

Crazy Man in Shower - scott adams http://www.sxc.hu/photo/760765

laptop 2 - emre nacigil http://www.sxc.hu/photo/810741

Speedometer Abdulhamid AlFadhly http://www.sxc.hu/photo/1390189

fridge - David Readman http://www.sxc.hu/photo/352383

Liquid nitrogen - Cory Doctorow http://en.wikipedia.org/wiki/Cryogenics

Secure - Frank Khne http://www.sxc.hu/photo/962334

ICU - Chris Chidsey http://www.sxc.hu/photo/1384549

Wireless - Stephan Hempelmann http://www.sxc.hu/photo/437031

LED - "linusb4" http://www.sxc.hu/photo/883983
LED, 5mm, green (unlabelled) - Inductiveload http://commons.wikimedia.org/wiki/File:LED,_5mm,_green_(unlabelled).svg

Playing with LEDs Peter Martin

Professor Tiger - Gabriel Doyle http://www.sxc.hu/photo/526749

Cache OFFTime (ms)Memory (MB)DB Queries (ms)1st2891.04.24332.52nd2141.84.24106.03rd1772.34.2489.14th1808.54.2491.0Cache ON1st1866.44.25112.22nd1313.83.5438.23rd1308.43.5441.44th1327.43.5336.1

???Page ??? (???)04-11-2013, 03:34:58Page / Cache,no APCTime (ms)Memory (MB)DB Queries (ms)1st1866.44.25112.22nd1313.83.5438.23rd1308.43.5441.44th1327.43.5336.1Cache ON + APC1st1231.52.7191.62nd485.21.4034.93rd445.71.4034.04th443.31.4038.1

???Page ??? (???)04-11-2013, 03:34:58Page / 700Mhz (cache+APC)Time (ms)Memory (MB)DB Queries (ms)1st1231.52.7191.62nd485.21.4034.93rd445.71.4034.04th443.31.4038.11000Mhz (cache+APC)1st1917.14.1953.42nd461.61.4144.23rd454.21.4033.34th358.31.4124.2

???Page ??? (???)04-11-2013, 03:34:58Page /

Joomla on Raspberry Pi using Nginx - Nederlandse Linux Gebruikers Group november 2013

Technology

Transcript of Joomla on Raspberry Pi using Nginx - Nederlandse Linux Gebruikers Group november 2013