Free Radiant Bunny Documentation Project home

How to install freeradiantbunny.

      version 3 (2019-12-29)
      version 4 (2021-06-16)
      version 5 (2022-01-28)
      version 6 (2022-07-11)

Note: the whole process is based up the Digital Ocean instructions: The droplet creation instructions: https://cloud.digitalocean.com/droplets/74396269/graphs?i=919397

Note: Have ready the [domain-name] and three-letter identifier [domain-tli] representing the domain.Also, have ready the username to be created on the new server.

Part 1. Create the droplet.

Here we create a virtual server using the on-demand services of a hosting provider. A droplet is a linux server for the purposes of our webserver.

      Go to digitalocean.com website and login. You may need your phone for authentication.
      
      Click on "Create" button and (from the dropdown menu) select "Droplets".
      
      Then on the webpage select the details of the droplet, using the following to guide your choices.
      YMMV. In general, select:
      * select Ubuntu 20.04 (LTS) x64
      * select plan: Basic (AMD)
      * select 1 GB size / 1 cpu / 25 GB NVMe SSDs / 1000 GB transfer
      * select datacenter New York 3
      * VPC network (default-nyc3 DEFAULT)
      * Authentication select "SSH Keys" and do checkboxs (or upload a new SSH key)
      * Enable backups (system-level once-a-week)
      * Monitoring
      * choose a hostname: example: "[domain-tli]drop"
      * add a tag: example: "droplet"
      * select Project
      
      Then when the selections are done, click "Create droplet" button.

Application: linux

Note: Assumes knowledge of the Linux operating system. The virtual machine manages so much of the complexity, but it is good to know and study.

Application: Ubuntu

Note: Assumes knowledge of the Ubuntu distribution of Linux. Consider security and compliance here, too.

Application: SSH keys

Note: if this is your first droplet, you probably will have to create an SSH Key and upload the public key to your Digital Ocean droplet. Here are my notes from that process: (a) Add SSH Keys Using PuttyGen (b) click on "new ssh key".

Part 2. Login to droplet using ssh.

      After the droplet is created, navigate on the Digital Ocean webpage that lists your droplets
      and copy the [ip-address] of the droplet you just created.
      
      Use ssh to login into the website. Open a Terminal and ssh to root@[ip-address] using
      command below:

      $ssh root@[ip-address]

      At this point you should have a connection via ssh to your new droplet.

Application: Terminal (bash)

Note: use a terminal shell to access command-line capabilities.

Part 3. Set up the [user-name] that will run the webserver.

The webserver needs a webmaster account. This implies a security system for the sysadmin. The [username] string serves as the name of the webmaster's account on the virtual server.

This will be the one and only time that the root account is directly accessed via the login. From now on, the server that will host the webserver should be accessed by this user account being created.

Use the following sysadmin commands.

      Next, you will use the root user to create a new user that will be the user account
      used for the droplet. (And the root user will be disabled.) Create the user with the
      following set of commands:
      
      #adduser [username]
      
      Next, check to see if the new user account is exists:
      
      $id [username]
      
      Next, add to sudo group (so the new user has access to sudo command):
      
      #usermod -aG sudo [username]

      Next, check that the user is a member of the sudo group:
      
      #id [username]

      Next, login to the user account to test it:

      #su - [username]

      Next, confirm that you are logged in a user:

      $whoami

      Next, set up ssh (secure shell) so that you can login into the droplet without a password.

      First, create a directory with correct permissions:
      
      $mkdir .ssh
      $chmod 700 .ssh

      Then: use sudo command to cp (copy) root's .ssh/authorized_keys to the new
      user's .ssh/authoried_keys. Afterward, you may have to change the owner and
      group of the file with chown command. Finally, fix the permissions.

      Do the command:

      $sudo cp /root/.ssh/authorized_keys /home/[username]/.ssh/
      $sudo chown [username].[username] .ssh/authorized_keys
      $chmod 600 .ssh/authorized_keys

      Next, restart the ssh service to enable changes:

      $sudo service ssh restart

      Next, everything should be set up for how, so exit the username and then exit the root account
      (effectively logging out of the droplet system).
      
      $exit
      #exit

      Now, test that you can ssh into the new account on the droplet (virtual server).
      
      $ssh [username]@[ip-address]

Application: sysadmin functions on Ubuntu distribution of the Linux operating system

Be able to sysadmin to manage users, ssh certificates, and file permissions.

Part 4. Update the system software.

      Login to the droplet, to prepare to update and upgrade the system software.
      
      $ssh [username]@[ip-address]
      
      Use the apt-get package manager to install software on the droplet Linux system.

      $sudo apt-get update
      $sudo apt-get upgrade

Application: apt-get (APT package handling utility)

Judge your OS based upon its ability to do softare change management. The system should be up-to-date. Furthermore, several additional applications need to be installed. The apt-get command is favored here.

Part 5. Install text editor.

      Install a text editor.

      $sudo apt-get install emacs

Application: emacs

Assume use of emacs to edit files. Or, use nano, or install the editor that you prefer.

If you have a custom emacs configuration file, now is a good time to install it.

Part 6. Install the static website.

Next, add public_[domain-tli] files. These are the files that are the static webpages of the site.

Note, hopefully there is a backup of the file. In this example the directory was named public_[domain-tli]. If this is a new website, a public_[domain-tli] site will have to be created with html, css, and images.

      Next, change the ownerships so that the nginx has permission to access
      the directory. Use the following command:
      
      $ls public_[domain-tli]

Part 7. Set up the nginx reverse proxy.

      $sudo apt-get install nginx

      The read-out describes the packages being installed. Nginx has several packages
      that are necessary.

      Here is the read-out:
      
	# Suggested packages:
	fcgiwrap nginx-doc ssl-cert
	# The following NEW packages will be installed:
	libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream nginx
        nginx-common nginx-core

      Not sure about these. Skipping these commands for now. But they might be of interest. 
      
      ?? $sudo apt-get install nginx-full
      ?? $sudo apt-get install nginx-extras
      
      Here are some helpful nginx commands. The first set sets up a new nginx config file. Or, you might
      have a backup nginx config file that you want to install (which is not described here).

      Create a new nginx config file.

      $sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/[domain-name]

      Modifiy the newly created config file. Edit the file and specify the root directive to the path
      to the static website in the [user-name] account. For example, /home/[user-name]/public_[domain-tli].

      $sudo emacs /etc/nginx/sites-avilable/[domain-name]

      Linking the config file.

      $cd /etc/nginx/sites-enabled
      $sudo ln -s ../site-available/[domain-name] [domain-name]
      $sudo rm /etc/nginx/sites-enabled/default

      Test the config file.
      
      $sudo nginx -t

      Load the updated config file into the running nginx system.

      $sudo systemctl reload nginx

      Set-up the system so that it starts the nginx system at boot.
      
      $sudo systemctl enable nginx
      
      Other commands to manage the nginx system process.
      
      $sudo systemctl stop nginx
      $sudo systemctl start nginx
      $sudo systemctl restart nginx
      $sudo systemctl status nginx

      The log files for nginx may be useful.

      tail /var/log/nginx/access.log
      tail /var/log/nginx/error.log

      Install a static website as a default website for the nginx to serve up upon requests.

      You can add public_[domain-tli] directory with a simple HTML file to test the system.
      Open a browserr and input th e [ip-address} and see if y ou can see nginx serve up a file.
      
      Often you will have a backup already-built website. Here are instructions on how to
      upload virtualization tgz here. [add here]

Application: nginx

Super HTTP server! It will be easily configured with a SSL certificate and a reverse proxy to freeradiantbunny.

Application: browser [chrome]

The browser is the revolution.

Application: systemctl

This is a utilty for controlling the systemctl system and service manager.

Part 8. Set up the firewall using ufw.

      $sudo ufw allow OpenSSH
      $sudo ufw allow http
      $sudo ufw allow https
      $sudo ufw enable
      $sudo ufw status

Application: ufw

The firewall is design to control access to the webserver.

Part 9. Edit DNS records.

On the control panel of the droplet (digitalocean.com in this case), locate the DNS records for [domain-name] and edit them so that the DNS system resolves the [domain-name] to point to the [ip-address] of the droplet.

Describe all the lines.

      Use the browser to see if the http://[domain-name] will find the webserver.

      Go to digitalocean.com control panel. Navigate to the "Networking" webpage.

      Click on the given droplet and then under DNS records find the "A" record and
      use the "More" dropdown menu to select "Edit record".

      Then, on the DNS records page, change "A" records value to the the droplet.

      [If there are no DNS records, the records will have to be creatd.
      See page that shows the working DNS stuff for digital ocean.]

      Next, make sure the digitalocean DNS records for this domain have an
      A record that points to the correct IP Address.

Application: DNS

Use the DNS tools.

Part 10. Set up the domain's nameservers.

Deal with the registrar of the [domain-name] and make sure the domain's nameservers point to the nameservers of the droplet.

Note: There may be situations where you need to go to the registrar of the domain_name and change where the nameservers point and make sure that the nameservers point to digital ocean nameservers.

Part 11. Install the SSL Certification so that the website has https.

This is a new easy way to create and install SSL Certificate:

Go to letsencrypt and find the certbot. See: https://certbot.eff.org/.

Select server and system in dropdowns and use the following instructions:

      Select from dropdowns about webserver (nginx) and system (Ubuntu 20).

      This document assumes that snapd is already installed.

      $sudo snap install core;
      $sudo snap refresh core;
      $sudo snap install --classic certbot

      Prepare certbot command:

      $sudo ln -s /snap/bin/certbot /usr/bin/certbot

      Get certificate and edit nginx config:

      $sudo certbot --nginx

      Now, configure system to automatically renew certificate:

      $sudo certbot renew --dry-run

      Use a browser and confirm that it worked by identifying the ssl certification
      padlock and display.

Application: snap

This is a program that makes it easier to install and run other programs.

Application: certbot

This the certificate technology that enables privacy.

Use the following website to confirm that the above worked: www.ssllabs.com/ssltest.

Part 12. Install Node.js.

Note: Use a browser and surf to nodejs.org. At this site, find the downloads. Then find the link to a webpage about installing from a "package manager". On the package manager page, scroll until you find the Ubuntu / Debian section listing some command-line commands.

Here is an example of the url where the I found this info:

https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions

Note: It appears that you also get to decide on which version of node to use. n this example, I am using version "Ubuntu 18.04 LTS (Bionic Beaver)".

Also, select the version of node.js (v13.0).

So, from the nodejs.org webpage copy the following lines and paste then in a terminal and execute them. They download the node code so that it can be added to the system as a apt-get package.

This is where it led me:

https://github.com/nodesource/distributions/blob/master/README.md

Here are the commands from the above that were used to install Node.js Current (v17.x):

      Tell the system about the nodejs code from repository.

      $curl -fsSL https://deb.nodesource.com/setup_current.x | sudo -E bash -
      Now, install nodejs.

      $sudo apt-get install -y nodejs
    
      Check that you have node.js on your droplet. Test this by using the following command:

      $node -v
      $npm -v
      
      One one machine, I had debian and I needed to run the following to get the above to work.

      $sudo apt-get install nodejs-legacy/.

Application: nodejs

This is the wonderful node.js application.

Part 13. Install pm2 to run the server.js as a process.

      $sudo npm install pm2 -g

      $pm2 update

Application: pm2

Manage the nodejs application which be a file named server.js. This will run webserver as a service.

Part 14. Install postgresql database management server.

Install postgresql database management system.

      Create a database on the postgresql database management system.

      $sudo apt-get install postgresql
      
	Suggested packages:
	lm-sensors postgresql-doc postgresql-doc-12 libjson-perl openssl-blacklist isag
	The following NEW packages will be installed:
	libllvm10 libpq5 libsensors-config libsensors5 postgresql postgresql-12 postgresql-client-12
	postgresql-client-common postgresql-common ssl-cert sysstat

Create a user on the database management system. To manage the db system intially, the postgres database [user-name] will be used. In this example, the [user-name] is [db-user-name].

      Here are the two commands that I use. The name of the database is [db-name].

      $sudo su postgres
      
      It is hard to see what happens, so the user currently are:
      
      postgres$whoami
      
      OUTPUT:
      postgres
      
      postgres$createuser [db-user-name]

Application: postgresql

Learn this open source database management system.

      $psql

      Note that the command-line prompt changes to "postgres". Enter psql commands.
    
      postgres#CREATE DATABASE [db-name];
    
      OUTPUT:
      CREATE DATABASE

      postgres#GRANT ALL PRIVILEGES ON DATABASE [db-name] TO [db-user-name];

      OUTPUT:
      GRANT

      The psql app still will not work because the password has not been set. So set the password of the [db-user-name]/
      
      Using psql

      psql>ALTER ROLE [db-user-name] WITH PASSWORD '[db-password]'

      OUTPUT:
      ALTER ROLE
      
      Now, check that the database exists by listing the databases.

      postgres#\list
    
      Also, test by connecting to the database and listing the tables.

      postgres#\connect [db-name]

      OUTPUT:
      You are now connected to database "[db-name]" as user "postgres".

      frb_stable#\d
      
      OUTPUT:
      Did not find any relations.

      No tables! So, let's install the database schema and create some tables in our database.

      This is OK for now, exit psql.

      frb_stable#\q
      
      Exit postgres user account.
      
      postgres$exit

Application: psql

Use the interactive terminal that enables access to a postgresql database management system.

Part 15. Insert freeradiantbunny tables into the database.

      Create a directory for database files.

      $mkdir ~/db
      $mkdir ~/db/[domain-tli]_db
      $mkdir ~/db/[domain-tli]_db/backups
    
      Edit the sql file so that it knows your database user.

      Assumes a database schema: db_schema.sql

Note: In the db_schema.sql file, replace the string "YOUR_USERNAME_HERE" with your [db-user-name]..

Install the schema into the [db-name] database as follows:

      $psql [db-name] -U [db-user-name] < db_schema.sql 2> errors.txt

      When the process is completed, you can read the errors.txt file for any problems that may need to be corrected.

      $cat errors.txt
      
      OUTPUT:
      sql: error: FATAL:  Peer authentication failed for user "freerad2_special"

To fix the "peer authentication" error, edit the postgresql config file and change the authentication protocol.

      sudo emacs /etc/postgresql/12/main/pg_hba.conf

      On the given line below, change from 'peer' to 'md5'

      # old
      #local   all             all                                     peer
      # new
      local    all             all                                     md5

      Now, restart the server so that the changes are used.

      sudo systemctl restart postgresql
      
      Add the following dot file to the home directory in order
      to automate the postgresql password.
      
      install ~/.pgpass
      
      chmod 600 ~/.pgpass

      Now, there should be tables to list.

      $psql [db-name] -U [db-user-name]

      List the relations (tables) in the database.

      [db-name]#\dt

      OUTPUT:
      (A list of tables.)

      For now, exit psql.

      [db-name]#\q

Part 16. Install freeradiantbunny.node.

Install the node.js webserver. First we install the container known as freeradiantbunny.node.

      Install from github.

      $git clone https://github.com/lplinden/freeradiantbunny.node.git

      The git app returns:
      Cloning into 'freeradiantbunny.node'...
      remote: Enumerating objects: 14, done.
      remote: Counting objects: 100% (14/14), done.
      remote: Compressing objects: 100% (10/10), done.
      remote: Total 14 (delta 3), reused 7 (delta 3), pack-reused 0
	Unpacking objects: 100% (14/14), 43.46 KiB | 2.72 MiB/s, done.

      Inspect the file system and notice that there is a new directory.

      $ls freeradiantbunny.node
      $cd freeradiantbunny.node

      $git status
    
      Shows that the code is on the master branch.

      Update the node modules that are dependencies.

      $npm update
      $npm audit fix --force

      Notice that the code of the freeradiantbunny npm has been installed.

      $ls node_modules/freeradiantbunny/

Part 17. Add configuration file for freeradiantbunny npm.

Note, the options are to take a file from freerdiantbunny code, copy it over, and modify it.

The freeradiantbunny npm needs a configuration file. See:

      ls ~/.freeradiantbunny/config.js 

      $mkdir ~/.freeradiantbunny
      
      install ~/.freeradiantbunny/config.js

      edit [ip-address] in the file

Part 18. Configure nginx so that it knows freeradiantbunny.node.

      $emacs /etc/nginx/sites-available/[domain-name]

      Here is what the code looks like:
      
      # add lines for proxy
      proxy_set_header Host   $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      
      location / {
          # First attempt to serve request as file, then
          # as directory, then fall back to displaying a 404.
          # comment out the default fline of code
          #try_files $uri $uri/ =404;
          # add proxy url
          proxy_pass http://localhost:5001;
      }

Reload the configuration of the nginx server.

      $sudo systemctl reload nginx

      $cd ~/freeradiantbunny.node
      $pm2 start server.js
      $pm2 list
      use sudo?
      $sudo pm2 list
      $sudo pm2 log --lines=1000
      $sudo pm2 stop server.js
      
      To test, open a browser and visit a URL that will engage the freeradiantbunny.org npm.
      
      https://[domain-name]/classes
      https://[domain-name]/usernames
      
      There may be a 404 File Not Found response, because the class_name is not known or
      because the database is not yet installed.

When testing, also use the curl command-line browser.

Application: curl

Node: need to add a rule using commandline, such that the firewall knows of an open port 5001.

    $ sudo ufw from 127.0.0.1 to any port 5001 
    

Part 19. Configure pm2 to start on boot.

Enable server start on system reboot. The way this works, is that you run a command that will generate a shell script line of code that can then be run to install the startup command into the system.

      $pm2 startup

Note: follow the instructions, you will have to copy the output and paste it on the command line and then run it.

      Here is what the generated line of shell code looked like:
      
      sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u [user-name] --hp /home/[user-name]

      Then the next command tells the startup what servers to run upon startup.
      
      $pm2 save

Part 20. Set up daily database backup.

Now, set up the system so that the database data is saved to a backup. Do this by installing a perl script that creates database backups.

      backup_db.pl

Application: perl

Use a perl script to backup the database.

Application: cron

Use a cron script to execute the backup database perl script once a day.

Part 21. Set up a cron job so that the database is dumped once a day.

      $crontab -e

Note: see below for the text to add to the crontab:

      0 2 * * * /home/[user-name]/[domain-tli]_db/backup_db.pl >> /home/[user-name]/[domain-tli]db/backup_db.log

Next: Find the file ~/[domain-tli]_db/backup_db.pl and upload it.

Next: Create this file with command: touch [domain-tli]_db/backup_db.log.

Next: so that the system when using cron is allowed to use a psql command add the following file.

      On local system, update the names contained within:

      $emacs ~/.pgpass
    
      On local system, upload the file:

      $scp .pgpass [user-name]@[ip-address]:

Part 22. Upload .bash_aliases file.

Find the bash_aliases on local machine (or backup) and upload.

Part 23. Set up rotating logs for pm2.

      pm2 install pm2-logrotate

Part 24. Reboot

When testing the system in the browser, remember that you may have to reboot the system. And if you reboot the system you may need to run pm2 start server.js again.


[end of install-droplet process]


last edited 2022-01-28.

[to docs home]