How to install freeradiantbunny.
version 3 (2019-12-29) version 4 (2021-06-16) version 5 (2022-01-28) version 6 (2022-07-11)
Note: the whole process is based up the Digital Ocean instructions: The droplet creation instructions: https://cloud.digitalocean.com/droplets/74396269/graphs?i=919397
Note: Have ready the [domain-name] and three-letter identifier [domain-tli] representing the domain.Also, have ready the username to be created on the new server.
Part 1. Create the droplet.
Here we create a virtual server using the on-demand services of a hosting provider. A droplet is a linux server for the purposes of our webserver.
Go to digitalocean.com website and login. You may need your phone for authentication. Click on "Create" button and (from the dropdown menu) select "Droplets". Then on the webpage select the details of the droplet, using the following to guide your choices. YMMV. In general, select: * select Ubuntu 20.04 (LTS) x64 * select plan: Basic (AMD) * select 1 GB size / 1 cpu / 25 GB NVMe SSDs / 1000 GB transfer * select datacenter New York 3 * VPC network (default-nyc3 DEFAULT) * Authentication select "SSH Keys" and do checkboxs (or upload a new SSH key) * Enable backups (system-level once-a-week) * Monitoring * choose a hostname: example: "[domain-tli]drop" * add a tag: example: "droplet" * select Project Then when the selections are done, click "Create droplet" button.
Application: linux
Note: Assumes knowledge of the Linux operating system. The virtual machine manages so much of the complexity, but it is good to know and study.
Application: Ubuntu
Note: Assumes knowledge of the Ubuntu distribution of Linux. Consider security and compliance here, too.
Application: SSH keys
Note: if this is your first droplet, you probably will have to create an SSH Key and upload the public key to your Digital Ocean droplet. Here are my notes from that process: (a) Add SSH Keys Using PuttyGen (b) click on "new ssh key".
Part 2. Login to droplet using ssh.
After the droplet is created, navigate on the Digital Ocean webpage that lists your droplets
and copy the [ip-address] of the droplet you just created.
Use ssh to login into the website. Open a Terminal and ssh to root@[ip-address] using
command below:
$ssh root@[ip-address]
At this point you should have a connection via ssh to your new droplet.
Application: Terminal (bash)
Note: use a terminal shell to access command-line capabilities.
Part 3. Set up the [user-name] that will run the webserver.
The webserver needs a webmaster account. This implies a security system for the sysadmin. The [username] string serves as the name of the webmaster's account on the virtual server.
This will be the one and only time that the root account is directly accessed via the login. From now on, the server that will host the webserver should be accessed by this user account being created.
Use the following sysadmin commands.
Next, you will use the root user to create a new user that will be the user account used for the droplet. (And the root user will be disabled.) Create the user with the following set of commands: #adduser [username] Next, check to see if the new user account is exists: $id [username] Next, add to sudo group (so the new user has access to sudo command): #usermod -aG sudo [username] Next, check that the user is a member of the sudo group: #id [username] Next, login to the user account to test it: #su - [username] Next, confirm that you are logged in a user: $whoami Next, set up ssh (secure shell) so that you can login into the droplet without a password. First, create a directory with correct permissions: $mkdir .ssh $chmod 700 .ssh Then: use sudo command to cp (copy) root's .ssh/authorized_keys to the new user's .ssh/authoried_keys. Afterward, you may have to change the owner and group of the file with chown command. Finally, fix the permissions. Do the command: $sudo cp /root/.ssh/authorized_keys /home/[username]/.ssh/ $sudo chown [username].[username] .ssh/authorized_keys $chmod 600 .ssh/authorized_keys Next, restart the ssh service to enable changes: $sudo service ssh restart Next, everything should be set up for how, so exit the username and then exit the root account (effectively logging out of the droplet system). $exit #exit Now, test that you can ssh into the new account on the droplet (virtual server). $ssh [username]@[ip-address]
Application: sysadmin functions on Ubuntu distribution of the Linux operating system
Be able to sysadmin to manage users, ssh certificates, and file permissions.
Part 4. Update the system software.
Login to the droplet, to prepare to update and upgrade the system software. $ssh [username]@[ip-address] Use the apt-get package manager to install software on the droplet Linux system. $sudo apt-get update $sudo apt-get upgrade
Application: apt-get (APT package handling utility)
Judge your OS based upon its ability to do softare change management. The system should be up-to-date. Furthermore, several additional applications need to be installed. The apt-get command is favored here.
Part 5. Install text editor.
Install a text editor.
$sudo apt-get install emacs
Application: emacs
Assume use of emacs to edit files. Or, use nano, or install the editor that you prefer.
If you have a custom emacs configuration file, now is a good time to install it.
Part 6. Install the static website.
Next, add public_[domain-tli] files. These are the files that are the static webpages of the site.
Note, hopefully there is a backup of the file. In this example the directory was named public_[domain-tli]. If this is a new website, a public_[domain-tli] site will have to be created with html, css, and images.
Next, change the ownerships so that the nginx has permission to access
the directory. Use the following command:
$ls public_[domain-tli]
Part 7. Set up the nginx reverse proxy.
$sudo apt-get install nginx The read-out describes the packages being installed. Nginx has several packages that are necessary. Here is the read-out: # Suggested packages: fcgiwrap nginx-doc ssl-cert # The following NEW packages will be installed: libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream nginx nginx-common nginx-core Not sure about these. Skipping these commands for now. But they might be of interest. ?? $sudo apt-get install nginx-full ?? $sudo apt-get install nginx-extras Here are some helpful nginx commands. The first set sets up a new nginx config file. Or, you might have a backup nginx config file that you want to install (which is not described here). Create a new nginx config file. $sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/[domain-name] Modifiy the newly created config file. Edit the file and specify the root directive to the path to the static website in the [user-name] account. For example, /home/[user-name]/public_[domain-tli]. $sudo emacs /etc/nginx/sites-avilable/[domain-name] Linking the config file. $cd /etc/nginx/sites-enabled $sudo ln -s ../site-available/[domain-name] [domain-name] $sudo rm /etc/nginx/sites-enabled/default Test the config file. $sudo nginx -t Load the updated config file into the running nginx system. $sudo systemctl reload nginx Set-up the system so that it starts the nginx system at boot. $sudo systemctl enable nginx Other commands to manage the nginx system process. $sudo systemctl stop nginx $sudo systemctl start nginx $sudo systemctl restart nginx $sudo systemctl status nginx The log files for nginx may be useful. tail /var/log/nginx/access.log tail /var/log/nginx/error.log Install a static website as a default website for the nginx to serve up upon requests. You can add public_[domain-tli] directory with a simple HTML file to test the system. Open a browserr and input th e [ip-address} and see if y ou can see nginx serve up a file. Often you will have a backup already-built website. Here are instructions on how to upload virtualization tgz here. [add here]
Application: nginx
Super HTTP server! It will be easily configured with a SSL certificate and a reverse proxy to freeradiantbunny.
Application: browser [chrome]
The browser is the revolution.
Application: systemctl
This is a utilty for controlling the systemctl system and service manager.
Part 8. Set up the firewall using ufw.
$sudo ufw allow OpenSSH $sudo ufw allow http $sudo ufw allow https $sudo ufw enable $sudo ufw status
Application: ufw
The firewall is design to control access to the webserver.
Part 9. Edit DNS records.
On the control panel of the droplet (digitalocean.com in this case), locate the DNS records for [domain-name] and edit them so that the DNS system resolves the [domain-name] to point to the [ip-address] of the droplet.
Describe all the lines.
Use the browser to see if the http://[domain-name] will find the webserver. Go to digitalocean.com control panel. Navigate to the "Networking" webpage. Click on the given droplet and then under DNS records find the "A" record and use the "More" dropdown menu to select "Edit record". Then, on the DNS records page, change "A" records value to the the droplet. [If there are no DNS records, the records will have to be creatd. See page that shows the working DNS stuff for digital ocean.] Next, make sure the digitalocean DNS records for this domain have an A record that points to the correct IP Address.
Application: DNS
Use the DNS tools.
Part 10. Set up the domain's nameservers.
Deal with the registrar of the [domain-name] and make sure the domain's nameservers point to the nameservers of the droplet.
Note: There may be situations where you need to go to the registrar of the domain_name and change where the nameservers point and make sure that the nameservers point to digital ocean nameservers.
Part 11. Install the SSL Certification so that the website has https.
This is a new easy way to create and install SSL Certificate:
Go to letsencrypt and find the certbot. See: https://certbot.eff.org/.
Select server and system in dropdowns and use the following instructions:
Select from dropdowns about webserver (nginx) and system (Ubuntu 20). This document assumes that snapd is already installed. $sudo snap install core; $sudo snap refresh core; $sudo snap install --classic certbot Prepare certbot command: $sudo ln -s /snap/bin/certbot /usr/bin/certbot Get certificate and edit nginx config: $sudo certbot --nginx Now, configure system to automatically renew certificate: $sudo certbot renew --dry-run Use a browser and confirm that it worked by identifying the ssl certification padlock and display.
Application: snap
This is a program that makes it easier to install and run other programs.
Application: certbot
This the certificate technology that enables privacy.
Use the following website to confirm that the above worked: www.ssllabs.com/ssltest.
Part 12. Install Node.js.
Note: Use a browser and surf to nodejs.org. At this site, find the downloads. Then find the link to a webpage about installing from a "package manager". On the package manager page, scroll until you find the Ubuntu / Debian section listing some command-line commands.
Here is an example of the url where the I found this info:
https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions
Note: It appears that you also get to decide on which version of node to use. n this example, I am using version "Ubuntu 18.04 LTS (Bionic Beaver)".
Also, select the version of node.js (v13.0).
So, from the nodejs.org webpage copy the following lines and paste then in a terminal and execute them. They download the node code so that it can be added to the system as a apt-get package.
This is where it led me:
https://github.com/nodesource/distributions/blob/master/README.md
Here are the commands from the above that were used to install Node.js Current (v17.x):
Tell the system about the nodejs code from repository.
$curl -fsSL https://deb.nodesource.com/setup_current.x | sudo -E bash -
Now, install nodejs. $sudo apt-get install -y nodejs Check that you have node.js on your droplet. Test this by using the following command: $node -v $npm -v One one machine, I had debian and I needed to run the following to get the above to work. $sudo apt-get install nodejs-legacy/.
Application: nodejs
This is the wonderful node.js application.
Part 13. Install pm2 to run the server.js as a process.
$sudo npm install pm2 -g $pm2 update
Application: pm2
Manage the nodejs application which be a file named server.js. This will run webserver as a service.
Part 14. Install postgresql database management server.
Install postgresql database management system.
Create a database on the postgresql database management system. $sudo apt-get install postgresql Suggested packages: lm-sensors postgresql-doc postgresql-doc-12 libjson-perl openssl-blacklist isag The following NEW packages will be installed: libllvm10 libpq5 libsensors-config libsensors5 postgresql postgresql-12 postgresql-client-12 postgresql-client-common postgresql-common ssl-cert sysstat
Create a user on the database management system. To manage the db system intially, the postgres database [user-name] will be used. In this example, the [user-name] is [db-user-name].
Here are the two commands that I use. The name of the database is [db-name]. $sudo su postgres It is hard to see what happens, so the user currently are: postgres$whoami OUTPUT: postgres postgres$createuser [db-user-name]
Application: postgresql
Learn this open source database management system.
$psql Note that the command-line prompt changes to "postgres". Enter psql commands. postgres#CREATE DATABASE [db-name]; OUTPUT: CREATE DATABASE postgres#GRANT ALL PRIVILEGES ON DATABASE [db-name] TO [db-user-name]; OUTPUT: GRANT The psql app still will not work because the password has not been set. So set the password of the [db-user-name]/ Using psql psql>ALTER ROLE [db-user-name] WITH PASSWORD '[db-password]' OUTPUT: ALTER ROLE Now, check that the database exists by listing the databases. postgres#\list Also, test by connecting to the database and listing the tables. postgres#\connect [db-name] OUTPUT: You are now connected to database "[db-name]" as user "postgres". frb_stable#\d OUTPUT: Did not find any relations. No tables! So, let's install the database schema and create some tables in our database. This is OK for now, exit psql. frb_stable#\q Exit postgres user account. postgres$exit
Application: psql
Use the interactive terminal that enables access to a postgresql database management system.
Part 15. Insert freeradiantbunny tables into the database.
Create a directory for database files. $mkdir ~/db $mkdir ~/db/[domain-tli]_db $mkdir ~/db/[domain-tli]_db/backups Edit the sql file so that it knows your database user. Assumes a database schema: db_schema.sql
Note: In the db_schema.sql file, replace the string "YOUR_USERNAME_HERE" with your [db-user-name]..
Install the schema into the [db-name] database as follows:
$psql [db-name] -U [db-user-name] < db_schema.sql 2> errors.txt When the process is completed, you can read the errors.txt file for any problems that may need to be corrected. $cat errors.txt OUTPUT: sql: error: FATAL: Peer authentication failed for user "freerad2_special"
To fix the "peer authentication" error, edit the postgresql config file and change the authentication protocol.
sudo emacs /etc/postgresql/12/main/pg_hba.conf On the given line below, change from 'peer' to 'md5' # old #local all all peer # new local all all md5 Now, restart the server so that the changes are used. sudo systemctl restart postgresql Add the following dot file to the home directory in order to automate the postgresql password. install ~/.pgpass chmod 600 ~/.pgpass Now, there should be tables to list. $psql [db-name] -U [db-user-name] List the relations (tables) in the database. [db-name]#\dt OUTPUT: (A list of tables.) For now, exit psql. [db-name]#\q
Part 16. Install freeradiantbunny.node.
Install the node.js webserver. First we install the container known as freeradiantbunny.node.
Install from github. $git clone https://github.com/lplinden/freeradiantbunny.node.git The git app returns: Cloning into 'freeradiantbunny.node'... remote: Enumerating objects: 14, done. remote: Counting objects: 100% (14/14), done. remote: Compressing objects: 100% (10/10), done. remote: Total 14 (delta 3), reused 7 (delta 3), pack-reused 0 Unpacking objects: 100% (14/14), 43.46 KiB | 2.72 MiB/s, done. Inspect the file system and notice that there is a new directory. $ls freeradiantbunny.node $cd freeradiantbunny.node $git status Shows that the code is on the master branch. Update the node modules that are dependencies. $npm update $npm audit fix --force Notice that the code of the freeradiantbunny npm has been installed. $ls node_modules/freeradiantbunny/
Part 17. Add configuration file for freeradiantbunny npm.
Note, the options are to take a file from freerdiantbunny code, copy it over, and modify it.
The freeradiantbunny npm needs a configuration file. See:
ls ~/.freeradiantbunny/config.js $mkdir ~/.freeradiantbunny install ~/.freeradiantbunny/config.js edit [ip-address] in the file
Part 18. Configure nginx so that it knows freeradiantbunny.node.
$emacs /etc/nginx/sites-available/[domain-name]
Here is what the code looks like:
# add lines for proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# comment out the default fline of code
#try_files $uri $uri/ =404;
# add proxy url
proxy_pass http://localhost:5001;
}
Reload the configuration of the nginx server.
$sudo systemctl reload nginx $cd ~/freeradiantbunny.node $pm2 start server.js $pm2 list use sudo? $sudo pm2 list $sudo pm2 log --lines=1000 $sudo pm2 stop server.js To test, open a browser and visit a URL that will engage the freeradiantbunny.org npm. https://[domain-name]/classes https://[domain-name]/usernames There may be a 404 File Not Found response, because the class_name is not known or because the database is not yet installed.
When testing, also use the curl command-line browser.
Application: curl
Node: need to add a rule using commandline, such that the firewall knows of an open port 5001.
$ sudo ufw from 127.0.0.1 to any port 5001
Part 19. Configure pm2 to start on boot.
Enable server start on system reboot. The way this works, is that you run a command that will generate a shell script line of code that can then be run to install the startup command into the system.
$pm2 startup
Note: follow the instructions, you will have to copy the output and paste it on the command line and then run it.
Here is what the generated line of shell code looked like: sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u [user-name] --hp /home/[user-name] Then the next command tells the startup what servers to run upon startup. $pm2 save
Part 20. Set up daily database backup.
Now, set up the system so that the database data is saved to a backup. Do this by installing a perl script that creates database backups.
backup_db.pl
Application: perl
Use a perl script to backup the database.
Application: cron
Use a cron script to execute the backup database perl script once a day.
Part 21. Set up a cron job so that the database is dumped once a day.
$crontab -e
Note: see below for the text to add to the crontab:
0 2 * * * /home/[user-name]/[domain-tli]_db/backup_db.pl >> /home/[user-name]/[domain-tli]db/backup_db.log
Next: Find the file ~/[domain-tli]_db/backup_db.pl and upload it.
Next: Create this file with command: touch [domain-tli]_db/backup_db.log.
Next: so that the system when using cron is allowed to use a psql command add the following file.
On local system, update the names contained within: $emacs ~/.pgpass On local system, upload the file: $scp .pgpass [user-name]@[ip-address]:
Part 22. Upload .bash_aliases file.
Find the bash_aliases on local machine (or backup) and upload.
Part 23. Set up rotating logs for pm2.
pm2 install pm2-logrotate
Part 24. Reboot
When testing the system in the browser, remember that you may have to reboot the system. And if you reboot the system you may need to run pm2 start server.js again.
[end of install-droplet process]
last edited 2022-01-28.
[to docs home]