How to install freeradiantbunny.

      version 3 (2019-12-29)
      version 4 (2021-06-16)
      version 5 (2022-01-28)
      version 6 (2022-07-11)
      version 7 (2022-07-20)
      version 8 (2023-11-07)
      version 9 (2024-11-17)

Note 1 of 2: We are building a webserver on a hosted operating system in a datacenter. So, note that the whole process is based up the hosting service (Digital Ocean) and note their "droplet" creation instructions: docs.digitalocean.com/products/droplets/how-to/

Note 2 of 2: Before starting this How-To, have your domain registered and ready. The How-To below will ask you for 5 pieces of information:

  1. a hostname for your droplet ([hostname]) such as "ubuntu-amd-nyc3-01" or "mydroplet"
  2. a domain name ([domain-name]) such as freeradiantbunny.org,
  3. a three-letter identifier ([domain-tli]) as an alias for the domain,
  4. a username ( [username]) to be created on the new server,
  5. a database username ( [database-username]) to be created on the database management system, and
  6. a database name ( [database-name]) to be created on the database management system.
  7. a password for the database name ([database-password]) to be created on the database management system.
  8. a port number ([port-number]) this is the data channel between nginx webserver and the freeradiantbunny application in rust (i.e., the executable file with the file name of freeradiantbunny).

Here we go. This presumes you have logged-in to digitalocean.com and have read the documentation on how to create a droplet. Now, let's create a droplet and install a webserver on it.

Part 1. Create the droplet.

Here we create a virtual server using the on-demand services of the hosting provider digialocean.com. A "droplet" is just a fancy name for a Linux server that will host our webserver.

Go to digitalocean.com website and login. You may need your phone for authentication.
  
Click on "Create" button and (from the dropdown menu) select "Droplets".
Then on the webpage select the details of the droplet, using the following to guide your choices.
YMMV. The technology changes frequment, so choose according to your needs. In general, select:
* select Ubuntu version
* select plan: (such as Basic)
* select the CPU (such as 1 GB size / 1 cpu / 25 GB NVMe SSDs / 1000 GB transfer)
* select datacenter (such as New York 3)
* VPC network will have a default (such as (default-nyc3 DEFAULT)
* select Authentication "SSH Keys" and do checkboxes (or upload a new SSH key)
* optionally select monitoring
* input a hostname: example: "[hostname]"
* add a tag: such as "droplet"
* if necessary, select a project
Then when the selections are done and double-checked, click "Create droplet" button.
Go the "Droplets" section of the digitalocean.com website and wait for you droplet to be created. Once it is completed, you will see the IP address of the newly-created droplet.

Well, Part 1 is completed. Below, are the main information technology topics that were covered in this part. The infotech is listed in light-blue boxes, and will be at the end of each section, for reference and further study.

Application: linux

Note: This part assumes knowledge of the Linux operating system. Sitting right atop the virtual machine on the hardware, the operating systesm manages much of the complexity of working with the computer's CPU. Linux is free software and enables a command-line interface "shell" program which is standard for efficient web development..

Application: Ubuntu

Note: This part Assumes knowledge of the Ubuntu distribution of Linux. One should Consider security and compliance here, too.

Application: SSH keys (ssh-keygen)

Note: This part assumes a working knowledge of SSH. If this was your first droplet install, you probably had to generate a SSH Key and upload the public key to your digitalocean droplet. Here are my notes from that process: (a) Add SSH Keys Using PuttyGen (b) click on "new ssh key".

Part 2. Login to droplet using ssh.

Welcome to Part 2, where we use a command=line interface (a shell, like the Bash Shell) to login and interact with our droplet's Linux server.

After the droplet is created, navigate on the digitalocean.com webpage that lists your droplets and copy the [ip-address] of the droplet you just created.

Use ssh to login into the website. Open a Terminal and ssh to root@[ip-address] using command below: $ssh root@[ip-address] At this point you should have a connection via ssh to your new droplet.

This part may have been quick. Hopefully it was quick.

Application: Terminal (bash)

Note: use a terminal shell to access command-line capabilities.

Application: Secure Shell (ssh)

Note: Study this to be knowable of (a) secure remote access, (b) encrypted communication, (c) data integrity, and (d) authentication..

Part 3. Set up the [username] that will run the webserver.

The webserver needs a user account on the Linux system, so that the person maintaining the server can login and set-up and maintain the webserver. This implies a security system for the sysadmin.

The [username] string serves as the name of the user' account on the server.

This will be the one and only time that the root account is directly accessed via the login. From now on, the server that will host the webserver should be accessed by this user account being created.

Use the following sysadmin commands.

Next, you will use the root user to create a new user that will be the user account used for the droplet. (And the root user will be disabled.)
  
Create the user with the following set of commands:
#adduser [username]
Next, check to see if the new user account is exists:
$id [username]
Next, add to sudo group (so the new user has access to sudo command):
#usermod -aG sudo [username]
Next, check that the user is a member of the sudo group:
#id [username]
Next, login to the user account to test it:
#su - [username]
Next, confirm that you are logged in a user:
$whoami
Next, set up ssh (secure shell) so that you can login into the droplet without a password.
First, create a directory with correct permissions:
$mkdir .ssh
$chmod 700 .ssh
Then: use sudo command to cp (copy) root's .ssh/authorized_keys to the new user's .ssh/authoried_keys. Afterward, you may have to change the owner and group of the file with chown command. Finally, fix the permissions.
Do the following sysadmin-type commands:
$sudo cp /root/.ssh/authorized_keys /home/[username]/.ssh/
$sudo chown [username].[username] .ssh/authorized_keys
$chmod 600 .ssh/authorized_keys
Next, restart the ssh service to enable changes:
$sudo service ssh restart
Next, everything should be set up for how, so exit the username account and then exit the root account, which effectively logging off the virtual server.
$exit
#exit
Now, test that you can ssh into the new account on the droplet (virtual server).
$ssh [username]@[ip-address]

That concludes the steps of Part 3. Here are the subjects of knowledge from this part that are up for to study sessions.

Application: sysadmin functions on Ubuntu distribution of the Linux operating system

Be able to sysadmin to manage users, ssh certificates, and file permissions.

Part 4. Update the system software.

Our Linux system yearns for the most updated software packages, so let's go through the steps of updating the software on our virtual server.

    
Login to the droplet, to prepare to update and upgrade the system software.
  
$ssh [username]@[ip-address]
Use the apt-get package manager to install software on the droplet Linux system.
$sudo apt-get update
$sudo apt-get upgrade

End of Part 4 without much fanfare. But, do not let the wonder of managing the versions of the software on the system with such ease. Perhaps, we choose our Linux distribution according to the merits of the package manager.

Application: apt-get (APT package handling utility)

The apt application is a package manager, originally built for the Debian GNU/Linux distribution. Judge your OS based upon its ability to do software change management. The system should be up-to-date.

Furthermore, this application will be used shortly to download and install several additional applications. The apt-get command is also favored here.

Part 5. Install text editor.

You might skip this lesson. Your favorite text editor may already be installed. I happen to enjoy emacs. Here is an optional next step. If you already have a text editor installed, you can skip this part.

Install a text editor.
  
$sudo apt-get install emacs

End of Part 5. We finish by asking: Do you know your editor shortcuts?

Application: emacs

Assume use of emacs to edit files. Or, use nano, or install the editor that you prefer.

If you have a custom emacs configuration file, now is a good time to install it.

Part 6. Install the static website.

Next, add public_[domain-tli] files. These are the files that are the static webpages of the site.

Note, hopefully there is a backup of the file. In this example the directory was named public_[domain-tli]. If this is a new website, a public_[domain-tli] site will have to be created with html, css, and images.

You may need to change the permissions and enable the group to be www-data so that nginx is able to access the public html files. Check the nginx documentation; the nginx application may run under the user www-data.

$sudo chgrp -R www-data /home/[username]/public_html $sudo chmod -R g+rx /home/[username]/public_html
Next, change the ownerships so that the nginx has permission to access the directory. Use the following command:

$ls public_[domain-tli]
$ls public_[domain-tli]/index.html

Application: HTML5

Hypertext Markup Language (HTML) is one of 3 technologies that are the foundation of of the World Wide Web. (The other 2 web technologies are HTTP and the URI.

Part 7. Set up the nginx webserver for static webpages.

It is time to install the webserver. Use nginx for this example.

$sudo apt-get install nginx

Here are some helpful nginx commands. The first set sets up a new nginx config file. Or, you might have a backup nginx config file that you want to install (which is not described here).

Create a new nginx config file.

$sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/[domain-name]
Modify the newly created config file. Edit the file and specify the root directive to the path to the static website in the [user-name] account. For example, /home/[user-name]/public_[domain-tli].
$sudo emacs /etc/nginx/sites-avilable/[domain-name]
Linking the config file.
$cd /etc/nginx/sites-enabled
$sudo ln -s ../site-available/[domain-name] [domain-name]
$sudo rm /etc/nginx/sites-enabled/default
Test the config file.
$sudo nginx -t
Load the updated config file into the running nginx system.
$sudo systemctl reload nginx
Set-up the system so that it starts the nginx system at boot.
$sudo systemctl enable nginx
$sudo systemctl status nginx
The log files for nginx may be useful.
tail /var/log/nginx/access.log
tail /var/log/nginx/error.log

In Part 6, a static website was installed as the default website for the nginx to serve up upon requests.

Open a browser and input the [ip-address] and see if you can see nginx serve up a file.

Setting up a webserver is good fun. That is Part 7. Set some time aside to study nginx.

Application: nginx

Super HTTP server! It will be easily configured with a SSL certificate and a reverse proxy to freeradiantbunny.

Application: browser [chrome]

The browser is the revolution.

Application: systemctl

This is a utilty for controlling the systemctl system and service manager.

Part 8. Set up the firewall using ufw.

$sudo ufw allow OpenSSH

$sudo ufw allow http
$sudo ufw allow https
$sudo ufw enable
$sudo ufw status

Application: ufw

The firewall is design to control access to the webserver.

Part 9. Edit DNS records.

Back on your account with digitalocean.com, the hosting service being used in this example, find the control panel of the droplet, and navigate your droplet's webpage until you locate the DNS records for [domain-name] and edit your DNS records so that the DNS resolves the [domain-name] to point to the [ip-address] of the droplet.

Here are some more detailed instructions, described in the lines below.

Use the browser to see if the http://[domain-name] will find the webserver.

Go to digitalocean.com control panel. Navigate to the "Networking" webpage.

Click on the given droplet and then under DNS records find the "A" record and use the "More" dropdown menu to select "Edit record".

Then, on the DNS records page, change "A" records value to the the droplet.

[If there are no DNS records, the records will have to be creatd. See page that shows the working DNS stuff for digitalocean.]

Next, make sure the digitalocean DNS records for this domain have an A record that points to the correct IP Address.

Application: DNS

Use and understand the DNS tools. The Domain Name System (DNS) translates domain names to IP addresses for website accessibility.

Part 10. Set up the domain's nameservers.

Deal with the registrar of the [domain-name] and make sure the domain's nameservers point to the nameservers of the droplet.

Note: There may be situations where you need to go to the registrar of the domain_name and change where the nameservers point and make sure that the nameservers point to digitalocean nameservers.

That was the end of Part 10. The World Wide Web and the Internet are modern marvels.

Application: Nameservers

A registrar manages domain registrations and links nameservers to associate the domain name with its corresponding IP address for website access.

Part 11. Install the SSL Certification so that the website has https.

There may not be an easy way to deal with SSL Certificates, but the technology has become standard. This is a new easy way to create and install SSL Certificate.

Go to letsencrypt and find the certbot. See: https://certbot.eff.org/.

Select server and system in dropdowns and use the following instructions:

Select from dropdowns about webserver (nginx) and system (Ubuntu 20).
  
This document assumes that snapd is already installed.
$sudo snap install core;
$sudo snap refresh core;
$sudo snap install --classic certbot
Prepare certbot command:
$sudo ln -s /snap/bin/certbot /usr/bin/certbot
Get certificate and edit nginx config:
$sudo certbot --nginx
Now, configure system to automatically renew certificate:
$sudo certbot renew --dry-run
Use a browser and confirm that it worked by identifying the ssl certification padlock and display.

Use the following website to confirm that the above worked: www.ssllabs.com/ssltest.

Application: snap

This is a program that makes it easier to install and run other programs.

Application: certbot

This is an implementation that provides the service that issues SSL Certificates, technology that enables privacy.

Application: SSL Certificates

This technology encrypts data for secure online communication and data protection.

Part 12. Install postgresql database management server.

Install postgresql database management system.

Create a database on the postgresql database management system.
  
$sudo apt-get install postgresql

Create a user on the database management system. To manage the db system intially, the postgres database [user-name] will be used. In this example, the [user-name] is [database-username].

Here are the two commands that I use. The name of the database is [database-username].
  
$sudo su postgres Note that the command-line prompt changes to "postgres". Enter psql commands.
It is hard to see what happens, so use the following command to see who the user currently are:
postgres$whoami
OUTPUT:
postgres
Enter the psql command:
psql
postgres=#CREATE DATABASE [database-username];
OUTPUT:
CREATE DATABASE
Remember to substitute [database-password] with your actual secret strong password.
CREATE USER [database-username] WITH ENCRYPTED PASSWORD '[database-password]';
OUTPUT:
?
postgres=#GRANT ALL PRIVILEGES ON DATABASE [database-name] TO [database-username];
OUTPUT:
GRANT
Connect to the new database:
postgres=#\c [database-username]
postgres=#GRANT ALL ON SCHEMA public to [database-username];
OUTPUT:
GRANT
Now, check that the database exists by listing the databases.
postgres#\list
Also, test by connecting to the database and listing the tables.
postgres#\connect [database-name]
OUTPUT:
You are now connected to database "[database-name]" as user "postgres".
frb_stable#\d
OUTPUT:
Did not find any relations.
No tables! So, let's install the database schema and create some tables in our database.
This is OK for now, exit psql.
frb_stable#\q
Exit postgres user account.
postgres$exit

Very powerful stuff indeed. Database-backed website rule! Go rational databases!

Application: postgresql

Learn this open source database management system.

Application: psql

Use the interactive terminal that enables access to a postgresql database management system.

Part 13. Insert freeradiantbunny tables into the database.

Now that a database management system is installed, it is time to add a database schema to via SQL statements, effectively adding an instance of a database.

Create a directory for database files.
  
$mkdir ~/db
$mkdir ~/db/[domain-tli]_db
$mkdir ~/db/[domain-tli]_db/backups
Edit the sql file so that it knows your database user.
Assumes a database schema: db_schema.sql

Note: In the db_schema.sql file, replace the string "YOUR_USERNAME_HERE" with your [database-username].

Install the schema into the [database-name] database as follows:

$psql [database-name] -U [database-username] < db_schema.sql 2> errors.txt
  
When the process is completed, you can read the errors.txt file for any problems that may need to be corrected.
$cat errors.txt
OUTPUT:
sql: error: FATAL: Peer authentication failed for user "[database-username]"

To fix the "peer authentication" error, edit the postgresql config file and change the authentication protocol.

Note, the postgresql version may change, so if (n the path below) the "/15" directory does not exist, find out the new postgresql version and try that version.

sudo emacs /etc/postgresql/15/main/pg_hba.conf
  
On the given line below, change from 'peer' to 'md5'
# old #local all all peer
# new local all all md5
Now, restart the server so that the changes are used.
sudo systemctl restart postgresql
Add the following dot file to the home directory in order to automate the postgresql password.
Install ~/.pgpass
chmod 600 ~/.pgpass
Now, there should be tables to list.
$psql [database-name] -U [database-username]
List the relations (tables) in the database.
[database-name]#\dt
OUTPUT:
(A list of tables.)
For now, exit psql.
[database-name]#\q

Part 14. Set up daily database backups using perl scripts and cron scheduler.

Now, set up the system so that the database data is saved to a backup. Do this by installing a perl script that creates database backups.

      db_backup.pl
    

Set up a cron job so that the database is dumped once a day.

      $crontab -e
    

Note: see below for the text to add to the crontab:

0 2 * * * /home/[user-name]/db/[domain-tli]_db/db_backup.pl >> /home/[user-name]/logs/cron_db_backup_log.txt
    

Next: Install the file ~/db/[domain-tli]_db/db_backup.pl.

Next: Create this file with command: touch ~/logs/cron_db_backup_log.txt.

Next: so that the system when using cron is allowed to use a psql command add the following file.

On local system, update the names contained within:
$emacs ~/.pgpass
    

Part 14 helps reduce the risks of losing data, by setting up our system to automatically backup our database.

Application: perl

Use a perl script to backup the database.

Applications: cron and crontab

The cron scheduler automates tasks and the crontab program enables us to configure cron jobs that area scheduled. In our case, we use crontab to schedule regularly scheduled execute of a perl script that backups up the database instance once a day.


Part 22. Upload .bash_aliases file.

Find the bash_aliases on local machine (or backup) and upload.

Application: user configuration on Ubuntu distribution of the Linux operating system

Part 23. Reboot

When testing the system in the browser, it is prudent to test the rebooting of the system. So, reboot the system.


      $sudo poweroff
    

Go to the digitalocean panel for the droplet and power on the server.


Part 24. Test the Stack

Part 24 of the "How To Install freeradiantbunny" process is completed. This is a good time to reflect upon the applications in the stack. Next, is Part 25 where we consider the reverse proxy part of the technology stack.

Part 25: How to Install freeradiantbunny (version in Rust programming language)

Install php_fpm to enable the server to run php pages. Edit the nginx sites-enable config file.

      $sudo apt-get install php8.3-fpm
    



last edited 2024-11-17.

[to docs home]