Joomla on Raspberry Pi
using Nginx
Peter Martin, twitter: @pe7er
NLLGG Landelijke Bijeenkomst 23 november 2013
Peter Martin
Joomla website specialistMarketing + Communicatie achtergrond & technische affiniteit
Vrijwilliger Joomla:Global Moderator
Community Leadership Team
Open Coffee Nijmegen
Linux User Group Nijmegen
Nijmegen, vrouw, dochter 6, zoon 1,5Interesses:
Open Source Software
Linux sinds 2007
(Ubuntu Debian Arch Linux Debian)
Raspberry Pi
Muziek (Vinyl)
Filmhuisfilms
Website: www.db8.nl e-mail: [email protected]
LinkedIn: http://www.linkedin.com/in/pe7er Twitter: @pe7er
Overview Presentation
Introduction
LAMP LEMP Stack:
Raspbian
Fun with SSH
Nginx
MySQL
PHP
phpMyAdmin
Joomla
Performance
Security
WIFI
CAM
Live and LED die
1. Introduction Raspberry Pi
Today's engineers: home computers in 1980s
Today's youth:
computer classes = operate software,
click menus
and swipe yourself to death...
Goal RPi: education on inexpensive device
1. Raspberry Pi Hardware
Single-board computer, 700 Mhz
RAM 512 Mbyte (1st ver.256 Mbyte)
Graphics: Broadcom VideoCore IV
Connections:SD Card
Micro USB powerplug
(5v 1A 3,5 Watt)
Ethernet
HDMI & RCA Video
Audio
2x USB
General-purpose input/output (GPIO)
Een Raspberry wat?Waarom wil je
die kopen? Heb je nog niet
genoeg computers?
Smallest Mac
C64
Grid super computer
Weather Station
Pi in the sky
BrewPi
Kano
Kano: A computer anyone can make
www.kickstarter.com
Op 23 nov:
4,689 backers$525,305 pledged of $100,000 goal26 days to go
Joomla
Ehm, vertelde jij
me laatst niet......dat je Joomla
kunt installeren... op elke
computer?
1. Raspberry Pi Benefits
small
Dirt cheap: $ 35 38 Euro
Low power (3.5 Watt)
No moving parts Silent
De facto standard (2 types)Much additional hardware
Many software
Much documentation
1. Raspberry Pi Benefits
CommunityUse
Software
Hardware
Case
Lego Raspberry Pi Enclosure
by Biz (age 12) from UK
LEMP Stack
LAMP LEMP Stack
LLinux Raspbian (Debian for RPi)EApache Nginx [engine x]MMySQLPPHP
2. Raspbian
2. Raspbian
Installation
Connect to Network
Configuration
Internet Access
2a. Raspbian Installation SD Card
Download Raspbian Image: http://www.raspberrypi.org/downloads
Write to SD Card:
SD Card: http://elinux.org/RPi_Easy_SD_Card_Setup
Location SD Card: dmesg
Write, dd (dump disk, +- 5 minutes)
CAREFUL: data destroyer !Linux:
sudo dd bs=1M if=~/rpi/2013-09-25-wheezy-raspbian.img
of=/dev/mmcblk0
Mac OSX:
sudo dd bs=1M if=~/rpi/2013-09-25-wheezy-raspbian.img
of=/dev/disk1s1
Windows:
dd bs=1M if=c:\temp\2013-09-25-wheezy-raspbian.img od=e
2b. Raspbian Connect your RPi
Pappa? Mag ik TV kijken?Klokhuis is nu!
2b. Raspbian Connect via SSH
RPi has SSH Server
Determine IP addressRaspberry Pi + monitor: sudo ifconfig
Smart Phone: Overlook Fing
PC: nmap -sP 192.168.0/24
Router: check connected devices
Connect via SSHLinux: Command Line
Mac OSX: Terminal
Windows: PuTTY
2b. Raspbian Connect via SSH
{connect from PC via SSH to RPi}
peter@db8HQ:~ $ ssh [email protected]
{configuration menu}
pi@raspberrypi ~ $ sudo raspi-config
2c. Raspbian Configure your RPi
Change User Password
Advanced OptionsHostnameraspberrypi -> rpi
Expand_rootfsExpand 2GB image to full 8GB capacity
Memory_splitFree RAM from memory for GUI (64MB 16MB)
2c. Raspbian Update!
{update Repository information}
pi@rpi ~ $ sudo apt-get update
{takes 30 seconds}
{upgrade Raspbian OS}
pi@rpi ~ $ sudo apt-get upgrade
{takes 22 minutes}
2d. Internet Access to RPi
Internet
petermartin.nl:
DNS reference to
IP address router
Router:
Portforwarding to
IP address RPi
RPi:
Fixed IP address?
2d. Internet Access Static IP Address
pi@rpi ~ $ routeKernel IP routing tableDestination Gateway Genmask
Flags Metric Ref Use Ifacedefault 192.168.0.1 0.0.0.0 UG 0 0 0
eth0192.168.0.0 * 255.255.255.0 U 0 0 0 eth0pi@rpi ~ $ sudo nano
/etc/network/interfaces{change:}iface eth0 inet dhcp{to:}iface eth0
inet static
address 192.168.0.9
netmask 255.255.255.0
gateway 192.168.0.1
Wake up Neo...The Matrix has you...Follow the white rabbit.Knock,
knock, Neo.
3. SSH Secure Shell
3.Fun with SSH
apple:~ peter$ ssh [email protected]
[email protected]'s password: ****
Linux rpi 3.6.11+ #538 PREEMPT Fri Aug 30 20:42:08 BST 2013
armv6l
The programs included with the Debian GNU/Linux system are free
software; the exact distribution terms for each program are
described in the individual files in
/usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Oct 29 21:04:31 2013 from 192.168.0.15
pi@raspberrypi ~ $
3.Fun with SSH
pi@rpi ~ $ ssh [email protected]
[email protected]'s password: ****
Linux db8HQ 2.6.32-5-686 #1 SMP Mon Sep 23 23:00:18 UTC 2013
i686
The programs included with the Debian GNU/Linux system are free
software; the exact distribution terms for each program are
described in the individual files in
/usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the
extent
permitted by applicable law.
You have new mail.
Last login: Wed Oct 30 17:35:55 2013 from 192.168.0.12
peter@db8HQ:~$
3.Fun with SSH
peter@db8HQ:~$ ssh [email protected]
[email protected]'s password: ****
Linux thinkpad 3.2.0-4-686-pae #1 SMP Debian 3.2.46-1+deb7u1
i686The programs included with the Debian GNU/Linux system are free
software; the exact distribution terms for each program are
described in the individual files in
/usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.Last login: Wed Oct 30 17:41:15 2013
from db8hq.local
peter@thinkpad:~$
Ja?En??!?
4. Nginx webserver
4. Nginx
Nginx [engine ex]High performance: Dynamic pages = FAST
Static = very FAST!
Low memory usage (useful on Rpi!)
Easy configuration + automatic configuration test
Nginx Popularity (netcraft.com Nov 2013):Nginx on 110 million sites (14% all sites, Apache 44%, IIS 24%)
Top million busiest websites:1. Apache 56 %
2. Nginx 15 %
3. Microsoft 12 %
4. Nginx Popularity
4. Nginx Installation
pi@rpi ~ $ sudo apt-get install nginx
[..]
Setting up nginx (1.2.1-2.2+wheezy1) ...pi@rpi ~ $
4. Nginx Configuration
pi@rpi ~ $ sudo nano /etc/nginx/nginx.conf
user www-data;
worker_processes 1; # same as number of CPU
pid /var/run/nginx.pid;
pi@rpi ~ $ sudo /etc/init.d/nginx start
4. Nginx Testing...
Browse to URL: http://192.168.0.12/
Welcome to nginx!
4. Nginx Virtual domains
For every virtual domain:
Create folder + index file /var/www/domain/ + index.html file
Create configuration file
Enable site via symbolic link
Reload Nginx config file(s)
4. Nginx a)Virtual domain
pi@rpi ~ $ sudo mkdir /var/www/petermartin.nlpi@rpi ~ $ sudo nano
/var/www/petermartin.nl/index.php
Joomla op Raspberry
Welkom bij NLLGG!
4. Nginx b) configuration file
pi@rpi ~ $ sudo nano
/etc/nginx/sites-available/petermartin.nl
server {
listen 80;
server_name www.petermartin.nl;
root /var/www/petermartin.nl;
access_log /var/log/nginx/petermartin.nl.access_log;
error_log /var/log/nginx/petermartin.nl.error_log info;
location / {
index index.php index.html index.htm;
}}
4. Nginx c) symlink + d) reload
{create symbolic link}
pi@rpi ~ $ sudo ln -s
/etc/nginx/sites-available/petermartin.nl
/etc/nginx/sites-enabled/petermartin.nl
{reload Nginx configuration}
pi@rpi ~ $ sudo /etc/init.d/nginx reload
Reloading nginx configuration: nginx.
4. Nginx Testing...
Browse to URL: http://192.168.0.12/
Welkom bij NLLGG!
Error?404 Not Found
nginx/1.2.1
Check error log file:
$ cat /var/log/nginx/petermartin.nl.error_log
5. MySQL Database Server
5. MySQL
Install MySQL$ sudo apt-get install mysql-server
Secure MySQL$ sudo mysql_secure_installation
Create database for Joomla site
5. MySQL Create database
pi@rpi ~ $ mysql -u root -pEnter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 48
Server version: 5.5.31-0+wheezy1 (Debian)
mysql> create database petermartin;
Query OK, 1 row affected (0.00 sec)mysql> \q
Byepi@rpi ~ $
6. PHP
6. PHP Installation
Install (necessary):
php5-fpm (FastCGI Process Manager)
php5-mysql (Connect to MySQL)
php5-cli (command-line interpreter)
php5-curl (download from FTP & HTTP server)
Configure Nginx virtual domain
Reload Nginx
6. PHP Installation
pi@rpi ~ $ sudo apt-get install
php5-fpm php5-mysql
Setting up php5 (5.4.4-14+deb7u5) ...
Processing triggers for php5-fpm ...
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.
pi@rpi ~ $
6. PHP configuration petermartin.nl
pi@rpi ~ $ sudo nano
/etc/nginx/sites-available/petermartin.nl
add:
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
pi@rpi ~ $ sudo /etc/init.d/nginx reload
6. PHP Testing...
Browse to URL: http://192.168.0.12/
7. phpMyAdmin
7. phpMyAdmin
Database GUI
http://192.168.0.12/phpmyadmin/
Installation
ConfigurationSecure: Add to one virtual domain only
limit to 1 IP address
7. phpMyAdmin Installation
pi@rpi ~ $ sudo apt-get install phpmyadmin
Web server to reconfigure automatically: noneConfigure database
for phpmyadmin with
dbconfig-common? N
pi@rpi ~ $
7. phpMyAdmin Configuration
pi@rpi ~ $ sudo nano
/etc/nginx/sites-available/petermartin.nl
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|
css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
8. Joomla
8. Joomla Download
Downloadwww.joomla.org/download.html
Latest Joomla 3.2
from joomla.org using wget
sudo wget
http://joomlacode.org/gf/download/frsrelease/18838/86936/Joomla_3.2.0-Stable-Full_Package.zip
Latest testing from github.com using git
sudo git clone git://github.com/joomla/joomla-cms.git
Install via Joomla's webinstaller
8. Joomla Download (wget)
pi@rpi ~ $ cd /var/www/petermartin.nl
pi@rpi ~ $ sudo wget
http://joomlacode.org/gf/download/frsrelease/18838/86936/Joomla_3.2.0-Stable-Full_Package.zip
--2013-11-23 01:22:26--
http://joomlacode.org/gf/download/frsrelease/18838/86936/Joomla_3.2.0-Stable-Full_Package.zip
Resolving joomlacode.org... 206.123.111.164
Connecting to joomlacode.org|206.123.111.164|:80...
connected.
HTTP request sent, awaiting response... 302 Found
Location:
http://downloads.joomlacode.org/frsrelease/8/6/9/86936/Joomla_3.2.0-Stable-Full_Package.zip
[following]
--2013-11-23 01:22:26-
http://downloads.joomlacode.org/frsrelease/8/6/9/86936/Joomla_3.2.0-Stable-Full_Package.zip
Resolving downloads.joomlacode.org... 206.123.111.167
Connecting to downloads.joomlacode.org|206.123.111.167|:80...
connected.
HTTP request sent, awaiting response... 200 OK
Length: 9471749 (9.0M) [application/zip]
Saving to: `Joomla_3.2.0-Stable-Full_Package.zip'
100%[==========================================>] 9,471,749
2.15M/s in 7.8s
2013-11-23 01:22:34 (1.16 MB/s) -
`Joomla_3.2.0-Stable-Full_Package.zip' saved
[9471749/9471749]pi@rpi ~ $ sudo unzip
Joomla_3.2.0-Stable-Full_Package.zip
8. Joomla Download (git)
pi@rpi ~ $ sudo git clone
git://github.com/joomla/joomla-cms.git
Cloning into joomla-cms...
remote: Counting objects: 385836, done.
remote: Compressing objects: 100% (131365/131365), done.
remote: Total 385836 (delta 275767), reused 359279 (delta
251064)
Receiving objects: 100% (385836/385836), 96.31 MiB | 6.45 MiB/s,
done.
Resolving deltas: 100% (275767/275767), done.
8. Joomla Change ownership
pi@rpi ~ $ sudo chown -R www-data:www-data
/var/www/petermartin.nl/
8. Joomla SEF Links
Apachemod_rewrite .htaccess
Every file/folder checked for .htaccess
Nginx.htaccess virtual domain configuration:
location / {index index.php index.html index.htm;try_files $uri
$uri/ /index.php?q=$request_uri;
}
9. Performance
9. Performance Testing, 1,2,3
The need for speed Visitors + Google indexing
Different configurations (Server settings, Joomla settings, Joomla Extensions (Templates + Plugins)
Debug Mode: System > Global Configuration >
System > Debug System: YES
Joomla! Debug Console > Profile Information
Browser plugins, e.g. Yslow
9. Performance
Test: Refresh (3x) new setting > Refresh (3x) &
compare
9. Performance What worked?
Nginx + PHP-FPMSocket vs
Port?fastcgi_passunix:/var/run/php5-fpm.sock;
fastcgi_pass127.0.0.1:9000;socket connections are around 10-15%
faster than TCP/IP connections because it saves the passing the
data over the different layers of TCP/IP stack
Joomla cacheSystem > Global Configuration > [System] Cache
Conservative / Progressive / Cache Plugin
Alternative PHP Cache (APC)
9. Performance Joomla cache
9. Performance Alternative PHP Cache
{Install APC + pear}
pi@rpi ~ $ sudo apt-get install php-apc php-pear php5-dev
libpcre3-dev
{Put settings in PHP.ini}
pi@rpi ~ $ sudo pear config-set php_ini /etc/php5/fpm/php_ini
pi@rpi ~ $ sudo pecl config-set php_ini /etc/php5/fpm/php_ini
9. Performance Alternative PHP Cache
{Download/compile/install APC}
pi@rpi ~ $ sudo pecl install apc
{Choose all default options}
{add "extension=apc.so" to /etc/php5/fpm/php.ini}
{After install APC restart nginx}
pi@rpi ~ $ sudo /etc/init.d/nginx restart
{AND restart php-fpm!!!}
pi@rpi ~ $ sudo /etc/init.d/php5-fpm reload
9. Performance APC
9. Performance Did not work...
Joomla gzip
Nginx cache
Optimization Plugins (JCH Optimize / jbetolo)
Memcached
Overclocking Rpi
Cryogenics
9. Performance Overclocking
$ sudo raspi-config
Be aware that overclocking may reduce the lifetime of your
Raspberry Pi. If overclocking at a certain level causes
system instability, try a more modest overclock. Hold down
shift during boot to temporarily disable overclock.
See http://elinux.org/RPi_Overclocking for more information.
9. Performance Overclocking
9. Performance Cryogenics
Superconducting computersSuperconductivity in certain materials
when cooled below a characteristic critical temperature
Cool down Raspberry Pi ?!?Fridge
Peter!!!!Waarom komen
er allemaal... ...draden uit
de koelkast?!?@#!$%@!?
9. Performance Cryogenics
FridgeNot cool enough... < 123 K ( = 150 C, 238 F)
Liquid nitrogen
or liquid helium?Couldn't decide which...
performance gain
when cooling down: N/A
10. Security
10. Security ssh logfiles
/var/log/auth.logApr 8 22:49:01 rpi sshd[10812]: reverse mapping
checking getaddrinfo for
95.148.175.59.broad.wh.hb.dynamic.163data.com.cn [59.175.148.95]
failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:01 rpi sshd[10812]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.175.148.95
user=root
Apr 8 22:49:04 rpi sshd[10812]: Failed password for root from
59.175.148.95 port 43066 ssh2
Apr 8 22:49:04 rpi sshd[10812]: Received disconnect from
59.175.148.95: 11: Bye Bye [preauth]
Apr 8 22:49:07 rpi sshd[10816]: reverse mapping checking
getaddrinfo for 95.148.175.59.broad.wh.hb.dynamic.163data.com.cn
[59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:07 rpi sshd[10816]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.175.148.95
user=root
Apr 8 22:49:09 rpi sshd[10816]: Failed password for root from
59.175.148.95 port 44636 ssh2
Apr 8 22:49:10 rpi sshd[10816]: Received disconnect from
59.175.148.95: 11: Bye Bye [preauth]
Apr 8 22:49:13 rpi sshd[10820]: reverse mapping checking
getaddrinfo for 95.148.175.59.broad.wh.hb.dynamic.163data.com.cn
[59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:13 rpi sshd[10820]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.175.148.95
user=root
Apr 8 22:49:15 rpi sshd[10820]: Failed password for root from
59.175.148.95 port 46051 ssh2
Apr 8 22:49:16 rpi sshd[10820]: Received disconnect from
59.175.148.95: 11: Bye Bye [preauth]
Apr 8 22:49:19 rpi sshd[10824]: reverse mapping checking
getaddrinfo for 95.148.175.59.broad.wh.hb.dynamic.163data.com.cn
[59.175.148.95] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 8 22:49:19 rpi sshd[10824]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.175.148.95
user=root
10. Security Firewall
Firewall: IPTables
Create file with firewall rulesDrop traffic on certain ports
Allow traffic on certain ports
Load rule set into IPTables
Add new rules to IPTables
Block IP addresses
Reboot RPi? IPTables emptyCreate ssh script to load firewall rules on start
10. Security Firewall
{check Firewall}
pi@rpi ~$ sudo iptables -LChain INPUT (policy ACCEPT)
targetprot opt sourcedestinationChain FORWARD (policy ACCEPT)
targetprot opt sourcedestinationChain OUTPUT (policy ACCEPT)
targetprot opt sourcedestination
{create rules for Firewall}pi@rpi ~$ sudo nano
/etc/iptables.firewall.rules
10. Security Configure Firewall 1/2
{filter}# Allow all loopback (lo0) traffic and drop all traffic to
127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT
# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all outbound traffic - you can modify this to only allow
certain traffic
-A OUTPUT -j ACCEPT
# Allow HTTP and HTTPS connections from anywhere (the normal ports
for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
10. Security Configure Firewall 2/2
# Allow SSH connections
# The -dport number should be the same port number you set in
sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping
-A INPUT -p icmp -j ACCEPT
# Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables
denied: " --log-level 7
# Drop all other inbound - default deny unless explicitly allowed
policy
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
10. Security Activate Firewall 1/2
{activate Firewall}
pi@rpi ~$ sudo iptables-restore <
/etc/iptables.firewall.rules
{check Firewall}
pi@rpi ~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
targetprot opt sourcedestination
ACCEPTall --anywhereanywhere
REJECTall --anywhereloopback/8reject-with
icmp-port-unreachable
ACCEPTall --anywhereanywherestate RELATED, ESTABLISHED
ACCEPTtcp --anywhereanywheretcp dpt:http
LOGall --anywhereanywherelimit: avg 5/min burst 5 LOG level debug
prefix "iptables denied: "
DROPall --anywhereanywhere
[..]
10. Security Activate Firewall 2/2
{script: activate Firewall at reboot}
pi@rpi ~$ sudo nano /etc/network/if-pre-up.d/firewall
{put in /etc/network/if-pre-up.d/firewall}
#!/bin/sh/sbin/iptables-restore <
/etc/iptables.firewall.rules
{set script permissions}
pi@rpi ~$ sudo chmod +x /etc/network/if-pre-up.d/firewall
10. Security Webserver logfiles
/var/log/nginx/petermartin.nl.access_log198.7.57.74 - -
[30/Mar/2013:16:47:49 +0100] "GET /w00tw00t.at.blackhats.anti-sec:)
HTTP/1.1" 404 1565 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET
/phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET
/pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET
/myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET
/MyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET
/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:54 +0100] "GET
/typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-"
"ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET
/phpadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET
/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET
/phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET
/phpmyadmin1/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET
/phpmyadmin2/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET
/pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET
/web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET
/xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-"
"ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET
/web/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET
/php-my-admin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET
/websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET
/sqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET
/mysqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET
/phpmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET
/php-myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET
/sqlweb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET
/webdb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET
/websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
10. Security Fail2Ban
Automated blocking: Fail2BanScan logfiles & take action automatically
Jail configurationif in entry in logfile matches filter
n times
put IP on blocklist for x minutes
Filters/etc/fail2ban/filter.d/
Regex ROOT LOGIN REFUSED, POSSIBLE BREAK-IN ATTEMPT!, Failed password etc...
10. Security Fail2Ban
{install Fail2Ban}
pi@rpi ~$ sudo apt-get install fail2ban
10. Security Fail2Ban Filter
{No w00tw00t for you ;-)}
pi@rpi ~$ sudo nano
/etc/fail2ban/filter.d/nginx-w00tw00t.conf
# Fail2Ban configuration file
# Author: Peter Martin
[Definition]
# Option: failregex
failregex = ^ -.*GET.*(w00tw00t|
\setup.php|\wp-login.php)
10. Security Fail2Ban configuration
{activate nginx-w00tw00t filter}
pi@rpi ~$ sudo nano /etc/fail2ban/jail.local
[nginx-w00tw00t]
enabled = true
port = http,https
filter = nginx-w00tw00t
logpath = /var/log/nginx/*access_log
maxretry = 0
bantime = 600
{restart Fail2Ban}
pi@rpi ~$ sudo /etc/init.d/fail2ban restart
10. Security
Backup !!!
Change default username pi & password
Block root login
Firewall IPTables
Automatic blocking Fail2Ban
Analyze logfiles
Logwatch needs Mail Transfer Agent, e.g. Exim MTA
11. Wifi
USB Wifi dongle use USB power!Compatible:
http://elinux.org/RPi_USB_Wi-Fi_Adapters
11. Wifi
Internet
Ethernet connect RPi to internet
Wifi connect wifi devices to RPihostapduser space daemon for wireless access point and authentication servers
udhcpdDHCP daemonDynamic Host Configuration Protocol = IP
networking protocol that dynamically configures IP
addresses
Installation: http://elinux.org/RPI-Wireless-Hotspot
11. Wifi
12. Webcam
Raspberry Pi Camera Board
(5MP, 1080p)
GBP 20,-
USB Webcam compatible:
http://elinux.org/RPi_VerifiedPeripherals#USB_Webcams
12. Webcam
Connect webcam to USBdmesg:[37.627415] usb 1-1.3: new high-speed
USB device number 5 using dwc_otg
[37.771212] usb 1-1.3: New USB device found, idVendor=0c45,
idProduct=62f1
[37.771244] usb 1-1.3: New USB device strings: Mfr=2, Product=1,
SerialNumber=0
[37.771261] usb 1-1.3: Product: USB 2.0 Camera
[37.771279] usb 1-1.3: Manufacturer: Sonix Technology Co.,
Ltd.
[37.915066] Linux media interface: v0.10
[37.960576] Linux video capture interface: v2.00
[38.003927] uvcvideo: Found UVC 1.00 device USB 2.0 Camera
(0c45:62f1)
[38.015192] input: USB 2.0 Camera as
/devices/platform/bcm2708_usb/usb1/1-1/1-1.3/1-1.3:1.0/input/input0
[38.016111] usbcore: registered new interface driver uvcvideo
[38.016132] USB Video Class driver (1.1.1)
[38.184050] 5:3:1: cannot get freq at ep 0x84
[38.188004] usbcore: registered new interface driver
snd-usb-audio
Problems? Search for 0c45:62f1
12. Webcam
12. Webcam
Webcam in JoomlaMotionsoftware motion detector.
Iframe
12. Webcam Install
{install Motion}
pi@rpi ~$ sudo apt-get install motion
{config}
pi@rpi ~$ sudo nano/etc/motion/motion.conf
change
Daemon = OFF to ON
webcam_localhost = ON to OFF
pi@rpi ~$ sudo nano /etc/default/motion
chang start_motion_daemon=no to yes
12. Webcam Install
{restart}
pi@rpi ~$ sudo /etc/init.d/motion restart
{browser: http://192.168.0.18:8081 }
{poort 8081 in firewall}
pi@rpi ~$ sudo iptables -I INPUT -p tcp --dport 8081 -j ACCEPT
Maar dat kun je toch
ook allemaal ... ...met een normale
computer?!?Waarom dan
een Raspberry Pi?
13. Live and LED die
GPIO
General-purpose input/output (GPIO)= Control input or output via software
LEDs + some time
+ more time
+ a lot more time
even more time + Python GPIO
Hello World
Necessary:python-dev
python-rpi.gpio
green_on.py
import RPi.GPIO as GPIO
GPIO.setwarnings(False)
GPIO.setmode(GPIO.BOARD)
GPIO.setup(11, GPIO.OUT)
GPIO.output(11,True)
green_off.py
[..]
GPIO.output(11,False)
Run script:
sudo python green_on.py
13. GPIO Install
{install python library}
pi@rpi ~$ sudo apt-get python-dev python-rpi.gpio
Joomla & GPIO?
Joomla Component for my Pi to manage LED:
com_piledRun python script from PHP:
Problems:Add user www-data to gpio group
Give user www-data access to python
#includedir /etc/sudoers.d
www-data ALL=(ALL) NOPASSWD: /usr/bin/python
Ok, dan...
koop jij maar
zo'n Raspberry dinges......dan koop ik ... nieuwe [schoenen
/ handtasje / boek /
...vul maar in...]
Raspberry Pi gebruik
Mediacenter
OpenELEC
PHP Website Scraper
Nginx + PHP + MySQL
PHP Scraping Script
Crontab + php-cli
Jukebox
MPD, Music Player Daemon
MPD Client: laptop/mobile
Joomla website
Experimenteren met Linux Command Line
Nog Doen:
Proxy Server Open WiFi?
HTTP verbinding:
via HTTPS naar RPi thuis, en dan als HTTP naar website(s)
the end...
Joomla + Raspberry Pi
= hours of fun
Questions?
Presentation available via www.db8.nl
Peter MartinEmail: info at db8.nlWebsite: www.db8.nlTwitter: @pe7er
Used Photos
Raspberry Pi Switched On Tech Design http://www.sotechdesign.com.au/raspberry-pi-has-arrived/
BBC Micro - Stuart Brady http://en.wikipedia.org/wiki/File:BBC_Micro_Front_Restored.jpg
ZX Spectrum - Bill Bertram http://en.wikipedia.org/wiki/File:ZXSpectrum48k.jpg
Commodore 64 - Evan-Amos http://en.wikipedia.org/wiki/File:Commodore-64-Computer.png
Raspberry Pi Ideas http://hackaday.com/
Kano: A computer anyone can make www.kickstarter.com
Joomla + Stroopwafels Paul Orwig
Bricks - Sharlene Jackson http://www.sxc.hu/photo/759981
Hotrod Dash - Peter Mazurek http://www.sxc.hu/photo/1341923
Greased Lightnin' - Donald Cook http://www.sxc.hu/photo/690214
File Overload - Bob Smith http://www.sxc.hu/photo/367985
Rusted Gears - Angelo Rosa http://www.sxc.hu/photo/1365696
Man Made - "csremedy" http://www.sxc.hu/photo/1267108
Used Photos
digital world - ilker http://www.sxc.hu/photo/1206711
Crazy Man in Shower - scott adams http://www.sxc.hu/photo/760765
laptop 2 - emre nacigil http://www.sxc.hu/photo/810741
Speedometer Abdulhamid AlFadhly http://www.sxc.hu/photo/1390189
fridge - David Readman http://www.sxc.hu/photo/352383
Liquid nitrogen - Cory Doctorow http://en.wikipedia.org/wiki/Cryogenics
Secure - Frank Khne http://www.sxc.hu/photo/962334
ICU - Chris Chidsey http://www.sxc.hu/photo/1384549
Wireless - Stephan Hempelmann http://www.sxc.hu/photo/437031
LED - "linusb4" http://www.sxc.hu/photo/883983
LED, 5mm, green (unlabelled) - Inductiveload
http://commons.wikimedia.org/wiki/File:LED,_5mm,_green_(unlabelled).svg
Playing with LEDs Peter Martin
Professor Tiger - Gabriel Doyle http://www.sxc.hu/photo/526749
Cache OFFTime (ms)Memory (MB)DB Queries (ms)1st2891.04.24332.52nd2141.84.24106.03rd1772.34.2489.14th1808.54.2491.0Cache ON1st1866.44.25112.22nd1313.83.5438.23rd1308.43.5441.44th1327.43.5336.1
???Page ??? (???)04-11-2013, 03:34:58Page / Cache,no APCTime (ms)Memory (MB)DB Queries (ms)1st1866.44.25112.22nd1313.83.5438.23rd1308.43.5441.44th1327.43.5336.1Cache ON + APC1st1231.52.7191.62nd485.21.4034.93rd445.71.4034.04th443.31.4038.1
???Page ??? (???)04-11-2013, 03:34:58Page / 700Mhz (cache+APC)Time (ms)Memory (MB)DB Queries (ms)1st1231.52.7191.62nd485.21.4034.93rd445.71.4034.04th443.31.4038.11000Mhz (cache+APC)1st1917.14.1953.42nd461.61.4144.23rd454.21.4033.34th358.31.4124.2
???Page ??? (???)04-11-2013, 03:34:58Page /
Top Related