Professional Documents
Culture Documents
Overview Presentation
1. Introduction LAMP Stack: 2. Raspbian 3. Nginx 4. MySQL 5. PHP 6. phpMyAdmin
>>>Sheetsat:www.db8.nl<<<
1. Introduction Raspberry Pi
Goal education Today's engineers: computer experience on home computers youth of today: computer classes = operate software, click menus and swipe yourself to death ...
1. Introduction Raspberry Pi
Benefits
Rpi
small
Dirt cheap: $ 35 38 Euro Low power (3.5 Watt) No moving parts Silent De facto standard (2 types)
Much
documentation (Linux & RPi) Many documented applications Much additional hardware Many software
1. Introduction Raspberry Pi
Hardware
Single-board computer, 700 Mhz RAM 512 Mbyte (1st version: 256 Mbyte) Graphics: Broadcom VideoCore IV Connections:
SD
Card Micro USB powerplug (5v 1A 3,5 Watt) Ethernet HDMI & RCA Video Audio 2x USB GPIO
1. Introduction Raspberry Pi
Community
LAMP Stack
(phpMyAdmin)
2. Raspbian
a)Installation b)Connect to Network c) Update OS d)Backup e)Configuration f) Internet Access
2a. Raspbian
Download
2013-07-26-wheezy-raspbian.zip Unzip
location: dmesg
sudo dd bs=1M if=~/rpi/2013-07-26-wheezyraspbian.img of=/dev/mmcblk0 OSX: sudo dd bs=1M if=~/rpi/2013-07-26-wheezyraspbian.img of=/dev/disk1s1 dd bs=1M if=c:\temp\2013-07-26-wheezyraspbian.img od=e
Joomladay 2013 Germany 14
Mac
Windows:
Remove Backup:
SSH traffic = IP 192.168.0.9, port 22 Web traffic = IP 192.168.0.9, port 80 Https traffic= IP 192.168.0.9, port 443
Raspberry
Pi Static IP
3. Nginx webserver
3. Nginx
High performance:
Dynamic pages = FAST & Static = very FAST!
Low memory usage (useful on Rpi!) Easy configuration Automatic configuration test after changes Reverse proxy capabilities
> 100 million sites 15 % of all sites (Apache 46%, IIS 21%) Top million busiest websites:
1. Apache 56.9% 2. Nginx 14.6% 3. Microsoft 13.1%
3. Nginx Popularity
3. Nginx Installation
peter@rpi~$sudoaptgetinstallnginx Readingpackagelists...Done [..] Needtoget2,132kBofarchives. Afterthisoperation,6,200kBofadditional diskspacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Settingupnginx(1.2.12.2)... peter@rpi~$
3. Nginx Configuration
peter@rpi~$sudonano/etc/nginx/nginx.conf userwwwdata; worker_processes1; pid/var/run/nginx.pid; peter@rpi~$sudo/etc/init.d/nginxstart
3. Nginx Websites
Browse URL http://192.168.0.9/ or http://petermartin.nl Result:
Welcome to nginx!
/index.html
petermartin.nl
3. Activate with symbolic link to config file /etc/nginx/sites-enabled/ petermartin.nl 4. Nginx load new config file: $ sudo /etc/init.d/nginx reload
Joomladay 2013 Germany 38
peter@rpi~$sudo/etc/init.d/nginxreload Reloadingnginxconfiguration:nginx.
http://192.168.0.9/petermartin.nl
Error?
404 Not Found nginx/1.2.1 Check error log file: $ cat /var/log/nginx/petermartin.nl.error_log
Peter Martin joomladagen.nl 20+21 april 2013
4. MySQL
Joomla
Configuration
during installation:
Secure
4. MySQL Installation
peter@rpi~$sudoaptgetinstallmysql server Readingpackagelists...Done [..] Needtoget9,603kBofarchives. Afterthisoperation,91.1MBofadditional diskspacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Settingupmysqlserver(5.5.30+dfsg1)... Processingtriggersformenu... peter@rpi~$sudomysql_secure_installation
5. PHP
php5-fpm
FastCGI Process Manager interpreter that runs as a daemon and receives Fast/CGI requests modules for MySQL database connections directly from PHP scripts
php5-mysql
php5-cli
command-line interpreter library for getting files from FTP & HTTP server
Joomladay 2013 Germany 47
php5-curl
5. PHP Installation
peter@rpi~$sudoaptgetinstall php5fpmphp5mysql Readingpackagelists...Done [..] Settingupphp5(5.4.414)... Processingtriggersforphp5fpm... [ok]RestartingPHP5FastCGIProcess Manager:php5fpm. peter@rpi~$
5. PHP Result
Test
with phpinfo();
6. phpMyAdmin
6. phpMyAdmin
Database
GUI
http://192.168.0.9/phpmyadmin/
Secure:
6. phpMyAdmin Installation
peter@rpi~$sudoaptgetinstallphpmyadmin Readingpackagelists...Done [..] Needtoget6,092kBofarchives. Afterthisoperation,16.6MBofadditionaldisk spacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Webservertoreconfigureautomatically:none Configuredatabaseforphpmyadminwithdbconfig common?N Creatingconfigfile/etc/phpmyadmin/configdb.php withnewversion peter@rpi~$
Peter Martin joomladagen.nl 20+21 april 2013
54
7. Joomla
7. Joomla
Download
Joomla to RPi using wget database, e.g. use phpMyAdmin http://192.168.0.9/phpmyadmin/ database: petermartin browser to start Joomla's web installer
Create
Use
http://192.168.0.9/petermartin.nl/
SEF
8. Performance
8. Performance
The need for speed Visitors + Google indexing Test different configurations Server settings, Joomla settings, Joomla Extensions (Templates + Plugins) Testing, testing, one, two Joomla! Debug Console > Profile Information
8. Performance
Test: Refresh (3x) new setting > Refresh (3x) & compare
8. Performance Overclocking
$ sudo raspi-config
8. Performance Cryogenics
Superconducting
computers
Cool
down RPi?
Fridge: RPi = small, but not enough room for beer :-( Not cool enough... < 123 K ( = 150 C, 238 F)
8. Performance Overclocking
Before
Application 0.678 seconds (+0.210); 2.00 MB (+0.151) - afterRender Application 0.649 seconds (+0.171); 2.05 MB (+0.153) - afterRender Application 0.579 seconds (+0.169); 2.00 MB (+0.151) - afterRender Application 0.596 seconds (+0.167); 2.00 MB (+0.151) - afterRender Application 0.620 seconds (+0.167); 2.00 MB (+0.151) - afterRender Application 0.583 seconds (+0.167); 2.00 MB (+0.151) - afterRender
After
Socket vs Port?
fastcgi_pass
socket connections are around 10-15% faster than TCP/IP connections because it saves the passing the data over the different layers of TCP/IP stack
After
1. Application 2.718 seconds (+0.051); 4.69 MB (0.027) - afterRender 2. Application 1.543 seconds (+0.114); 4.02 MB (+0.051) - afterRender 3. Application 1.426 seconds (+0.265); 3.95 MB (+0.334) - afterRender
Joomladay 2013 Germany 70
After
$ sudo /etc/init.d/nginx restart $ sudo /etc/init.d/php5-fpm reload 1. Application 1.813 seconds (+0.311); 4.52 MB (+0.403) - afterRender 2. Application 0.696 seconds (+0.198); 2.00 MB (+0.148) - afterRender 3. Application 0.727 seconds (+0.221); 2.00 MB (+0.148) - afterRender
Joomladay 2013 Germany 74
9. Security
9. Security 10 Aspects
1. Change default username pi & password 2. Backup !!! 3. Study logfiles (e.g. with Logwatch) 4. Block ssh root login ! 5. Block portscans Firewall, IPTables 6. Block scriptkiddies IP2Ban 7. SSL certificate for /administrator/ 8. Block phpmyadmin (allow 1 specified IP) 9. Backup !!! 10.Passwordless login? SSH shared keys
Peter Martin joomladagen.nl 20+21 april 2013
9. Security Firewall
{checkFirewall} peter@rpi~$sudoiptablesL ChainINPUT(policyACCEPT) target protoptsource ChainFORWARD(policyACCEPT) target protoptsource ChainOUTPUT(policyACCEPT) target protoptsource {createrulesforFirewall} peter@rpi~$sudonano /etc/iptables.firewall.rules
9. Security Fail2Ban
Scan
Filters
/etc/fail2ban/filter.d/
Regex ROOT LOGIN REFUSED, POSSIBLE BREAK-IN ATTEMPT!, Failed password etc...
Joomladay 2013 Germany 85
9. Security Fail2Ban
{installFail2Ban} peter@rpi~$sudoaptgetinstallfail2ban Readingpackagelists...Done 0upgraded,6newlyinstalled,0toremoveand0not upgraded. Needtoget340kBofarchives. {checkfailedloginattempts} peter@rpi~$catfail2ban.log
2013040916:45:59,000fail2ban.actions:WARNING[ssh]Ban9.8.7.6
{checkFirewall} peter@rpi~$sudoiptablesL Chainfail2banssh(1references) target protoptsource DROP alltest123.example.com RETURN allanywhere destination anywhere anywhere Joomladay 2013 Germany 86
/var/log/nginx/petermartin.nl.access_log
198.7.57.74 - - [30/Mar/2013:16:47:49 +0100] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 1565 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET /scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:54 +0100] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /web/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /webdb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
The
Questions?
Questions?
Presentation
is available at www.db8.nl
Used photos
Chinese Raspberry Pie nr.1 1 - Koen Mol http://www.sxc.hu/photo/346723 Switched On Tech Design - www.sotechdesign.com.au Bricks - Sharlene Jackson http://www.sxc.hu/photo/759981 Hotrod Dash - Peter Mazurek http://www.sxc.hu/photo/1341923 Greased Lightnin' - Donald Cook http://www.sxc.hu/photo/690214 File Overload - Bob Smith http://www.sxc.hu/photo/367985 Rusted Gears - Angelo Rosa http://www.sxc.hu/photo/1365696 Man Made - "csremedy" http://www.sxc.hu/photo/1267108 digital world - ilker http://www.sxc.hu/photo/1206711 Crazy Man in Shower - scott adams http://www.sxc.hu/photo/760765 laptop 2 - emre nacigil http://www.sxc.hu/photo/810741 Speedometer Abdulhamid AlFadhly http://www.sxc.hu/photo/1390189 Secure - Frank Khne http://www.sxc.hu/photo/962334 Professor Tiger - Gabriel Doyle http://www.sxc.hu/photo/526749 signs signs - Jason Antony, http://www.sxc.hu/photo/751034 Face - Questions - Bob Smith, http://www.sxc.hu/photo/418215