diff options
| -rwxr-xr-x | articles/RpiRockyLinuxServer/index.html | 1 | ||||
| -rw-r--r-- | articles/index.html | 1 | ||||
| -rw-r--r-- | articles/rss.xml | 204 | ||||
| -rwxr-xr-x | index.html | 7 |
4 files changed, 210 insertions, 3 deletions
diff --git a/articles/RpiRockyLinuxServer/index.html b/articles/RpiRockyLinuxServer/index.html index d4b0f97..c557780 100755 --- a/articles/RpiRockyLinuxServer/index.html +++ b/articles/RpiRockyLinuxServer/index.html @@ -12,6 +12,7 @@ <li class="topLink"><a href="https://jacobmcdonnell.com/">home</a></li> <li class="topLink"><a href="https://github.com/JacobMcDonnell">github</a></li> <li class="topLink"><a href="https://jacobmcdonnell.com/articles">articles</a></li> + <li class="toplink"><a href="https://jacobmcdonnell.com/articles/rss.xml/">rss feed</a></li> </ul> <div class="main"> <p> </p> diff --git a/articles/index.html b/articles/index.html index 6ec1a4a..25d2a1a 100644 --- a/articles/index.html +++ b/articles/index.html @@ -9,6 +9,7 @@ <li class="topLink"><a href="https://jacobmcdonnell.com/">home</a></li> <li class="topLink"><a href="https://github.com/JacobMcDonnell">github</a></li> <li class="topLink"><a href="https://jacobmcdonnell.com/articles">articles</a></li> + <li class="toplink"><a href="https://jacobmcdonnell.com/articles/rss.xml/">rss feed</a></li> </ul> <div class="main"> <div class="article"> diff --git a/articles/rss.xml b/articles/rss.xml new file mode 100644 index 0000000..5d6e657 --- /dev/null +++ b/articles/rss.xml @@ -0,0 +1,204 @@ +<?xml version="1.0" encoding="utf-8"?> +<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> + +<channel> +<title>Jacob McDonnell</title> +<description>Articles from Jacob McDonnell.</description> +<language>en-us</language> +<link>https://jacobmcdonnell.com/rss.xml</link> +<atom:link href="https://jacobmcdonnell.com/rss.xml" rel="self" type="application/rss+xml" /> +<image> +<title>Jacob McDonnell</title> +<url>https://jacobmcdonnell.com/favicon.ico</url> +<link>https://jacobmcdonnell.com/rss.xml</link> +</image> + +<!-- LB --> + + + + + + + +<item> +<title>Hosting a Website on the Raspberry Pi with Rocky Linux</title> +<guid>https://jacobmcdonnell.com/articles/RpiRockyLinuxServer/</guid> +<link>https://jacobmcdonnell.com/articles/RpiRockyLinuxServer/</link> +<pubDate>Sun, 19 Feb 2022 15:00:00 -0400</pubDate> +<description><![CDATA[ + <p>First Download Rocky Linux for the Raspberry Pi 3 & 4 from <a href='https://rockylinux.org/alternative-images'>their website</a>.</p> + <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.15.13 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.15.13 PM"></center> + <p>Next you want to burn this image to the sd card that you are going to use. Now start up the Raspberry Pi and login with the default user <code>rocky</code> and the password is <code>rockylinux</code>. </p> + <p>To make the image take up the whole drive, run:</p> + <pre><code class='language-shell' lang='shell'>sudo rootfs-expand + </code></pre> + <p>Now, you should create a new user:</p> + <pre><code class='language-shell' lang='shell'>sudo useradd -m -g users -G wheel userName +sudo passwd username + </code></pre> + <p>Next, we should delete the default user so logout and login to your new user:</p> + <pre><code class='language-shell' lang='shell'>sudo userdel rocky + </code></pre> + <p> </p> + <hr /> + <h2 id='setting-a-static-ip-address'>Setting a static IP address </h2> + <p>The easiest way is to run:</p> + <pre><code class='language-shell' lang='shell'>sudo nmtui + </code></pre> + <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.18.39 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.18.39 PM"></center> + <p>Select <strong>Edit</strong> a connection and select your network interface. </p> + <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.23.20 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.23.20 PM"></center> + <p>Select <strong>Show</strong> for <strong>IPv4 CONFIGURATION</strong> and enter the IP you want to set. Then select <strong>OK</strong> at the bottom, and quit the program.</p> + <h2 id='securing-the-pi'>Securing the PI</h2> + <h3 id='ssh-key-authorization'>SSH Key Authorization</h3> + <p>The best way to secure the pi is to use an SSH key to login instead of a password. First you want to generate an SSH key by running on your computer:</p> + <pre><code class='language-shell' lang='shell'>ssh-keygen -t rsa + </code></pre> + <p>Next, to copy your SSH key to your server, run:</p> + <pre><code class='language-shell' lang='shell'>ssh-copy-id -i ~/.ssh/mykey user@host + </code></pre> + <p>To test that it works, run:</p> + <pre><code class='language-shell' lang='shell'>ssh -i ~/.ssh/mykey user@host + </code></pre> + <p>If it worked, you should be able to connect without needing a password.</p> + <p>To force an SSH key to login, edit <code>/etc/ssh/sshd_config</code> using nano or vim.</p> + <p>Change <code>PermitRootLogin yes</code> to <code>PermitRootLogin no</code> and <code>PasswordAuthentication yes</code> to <code>PasswordAuthentication no</code>.</p> + <h3 id='setting-up-fail2ban'>Setting up fail2ban</h3> + <p>First start and enable firewalld to run at boot:</p> + <pre><code class='language-shell' lang='shell'>sudo systemctl start firewalld +sudo systemctl enable firewalld + </code></pre> + <p>Now, enable the EPEL repository for Rocky Linux and install fail2ban:</p> + <pre><code class='language-shell' lang='shell'>sudo dnf install epel-release -y +sudo dnf install fail2ban fail2ban-firewalld -y + </code></pre> + <p>Start and enable fail2ban to run at boot:</p> + <pre><code class='language-shell' lang='shell'>sudo systemctl start fail2ban +sudo systemctl enable fail2ban + </code></pre> + <p>Now, we have to make fail2ban work with firewalld, run:</p> + <pre><code class='language-shell' lang='shell'>sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local +sudo systemctl restart fail2ban + </code></pre> + <p>To create an SSH jail, edit the ssh config file with vim or nano:</p> + <pre><code class='language-shell' lang='shell'>sudo nano /etc/fail2ban/jail.d/sshd.local + </code></pre> + <p>Paste the following into the file and change the values as you see fit:</p> + <pre><code>[sshd] +enabled = true +bantime = 1d +maxretry = 3 + </code></pre> + <p>Save and close the file and restart fail2ban:</p> + <pre><code class='language-shell' lang='shell'>sudo systemctl restart fail2ban + </code></pre> + <h2 id='setting-up-dynamic-dns-with-google-domains'>Setting up Dynamic DNS with Google Domains</h2> + <h3 id='configuring-google-domains'>Configuring Google Domains</h3> + <p>First, on <a href='https://domains.google.com/'>Domains.google.com</a> go the DNS page for your domain. Scroll down and click on <strong>Show advanced settings</strong>, Click <strong>Manage dynamic DNS</strong>, and then click <strong>Create new record</strong>. Enter your subdomain or leave it black for the domain itself. Finally, click Save.</p> + <h3 id='installing-ddclient'>Installing ddclient</h3> + <p>To install ddclient you need to enable the PowerTools Repo for the perl dependency.</p> + <p>First, install <code>dnf-plugins-core</code>:</p> + <pre><code class='language-shell' lang='shell'>sudo dnf -y install dnf-plugins-core +sudo dnf upgrade + </code></pre> + <p>Next, enable PowerTools:</p> + <pre><code class='language-shell' lang='shell'>sudo dnf config-manager --set-enabled powertools + </code></pre> + <p>Then, you can install ddclient:</p> + <pre><code class='language-shell' lang='shell'>sudo dnf install ddclient + </code></pre> + <p>Now, we want to edit the config file for ddclient:</p> + <pre><code class='language-shell' lang='shell'>sudo nano /etc/ddclient.conf + </code></pre> + <p>You'll want to look for where it says <code>protocol=dyndns2</code>, and enter your information:</p> + <pre><code>## +## nsupdate.info IPV4(https://www.nsupdate.info) +## +protocol=dyndns2 +use=web, web=http://ipv4.nsupdate.info/myip +server=domains.google.com +login=username +password=password +domain.tld + </code></pre> + <p>Wait about 5 minutes and on the Google Domains website, under Dynamic DNS you should see your IP address under <strong>Data</strong>.</p> + <h2 id='setting-up-nginx-and-lets-encrypt'>Setting up NGINX and Let's Encrypt</h2> + <h3 id='installing-nginx'>Installing NGINX</h3> + <p>First, install nginx Webserver:</p> + <pre><code class='language-shell' lang='shell'>sudo dnf install nginx + </code></pre> + <p>Next, start and enable nginx to run at boot:</p> + <pre><code class='language-shell' lang='shell'>sudo systemctl start nginx +sudo systemctl enable nginx + </code></pre> + <p>Then, check the status to see if it is running:</p> + <pre><code class='language-shell' lang='shell'>sudo systemctl status nginx + </code></pre> + <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.56.21 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.56.21 PM"></center> + <p>Now, we have to allow HTTP traffic through the firewall:</p> + <pre><code class='language-shell' lang='shell'>sudo firewall-cmd --add-service=http --permanent +sudo firewall-cmd --add-service=https --permanent +sudo firewall-cmd --reload + </code></pre> + <p>In a web browser, go to the local ip of the server and you should see the nginx welcome page.</p> + <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.58.29 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.58.29 PM"></center> + <h3 id='configuring-nginx'>Configuring NGINX</h3> + <p>First, make your folder for the website, this is where your website will live:</p> + <pre><code class='language-shell' lang='shell'>sudo mkdir -p /var/www/websiteName + </code></pre> + <p>Next, we need to set the proper permissions to make sure everything works:</p> + <pre><code class='language-shell' lang='shell'>sudo chown -R nginx /var/www/websiteName +sudo chmod -R 755 /var/www/websiteName + </code></pre> + <p>Now, we will create the config file for website:</p> + <pre><code class='language-shell' lang='shell'>sudo nano /etc/nginx/conf.d/websiteName.conf + </code></pre> + <p>and paste the following into the file:</p> + <pre><code>server { + listen 80; + server_name domain.tld www.domain.tld; + root /var/www/websiteName; + index index.php index.html index.htm; + access_log /var/log/nginx/websiteName.access.log; + error_log /var/log/nginx/websiteName.error.log; +} + </code></pre> + <p>Now, confirm that the nginx configuration is ok:</p> + <pre><code class='language-shell' lang='shell'>sudo nginx -t + </code></pre> + <p>Restart nginx:</p> + <pre><code class='language-shell' lang='shell'>sudo systemctl restart nginx +sudo systemctl status nginx + </code></pre> + <p>Next, set SELinux to permissive mode:</p> + <pre><code class='language-shell' lang='shell'>sudo setenforce permissive +sudo getenforce + </code></pre> + <p>Now, we will need to set SELinux to permissive mode permanently:</p> + <pre><code class='language-shell' lang='shell'>sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux + </code></pre> + <h3 id='installing-and-running-certbot'>Installing and Running Certbot</h3> + <p>To install Certbot run:</p> + <pre><code class='language-shell' lang='shell'>sudo dnf install certbot python3-certbot-nginx + </code></pre> + <p>To get SSL certificates for your websites run:</p> + <pre><code class='language-shell' lang='shell'>sudo certbot --nginx + </code></pre> + <p>Answer the prompts that show up on screen as you wish.</p> + <p>To configure auto renewal of the SSL certificate run:</p> + <pre><code class='language-shell' lang='shell'>crontab -e + </code></pre> + <p>and add the following line:</p> + <pre><code>0 12 * * * /usr/bin/certbot renew --quiet + </code></pre> + <p>This will check everyday at noon to see if the certificate will expire in the next month, if so it will renew the certificate.</p> + <p>Now your website should be operational. </p><br> +]]></description> +</item> + + + +</channel> + +</rss> @@ -1,7 +1,8 @@ <html> <head> <title>Jacob McDonnell</title> - <meta name="description" content="This is the personal website for the real Jacob McDonnell. Feel free to look around, you might find something interesting."/> + <meta name="description" content="This is the personal website for the real Jacob McDonnell. + Feel free to look around, you might find something interesting."/> <meta name="author" content="Jacob McDonnell"/> <meta name="keywords" content="Jacob,McDonnell,Jacob McDonnell,jacob,mcdonnell,jacob mcdonnell"/> <link href="CSS/main.css" rel="stylesheet" type="text/css"> @@ -18,7 +19,6 @@ <p><a href="https://github.com/JacobMcDonnell/jed">jed</a> is my own version of ed, currently written in java.</p> <p><a href="https://github.com/JacobMcDonnell/ticalcprograms">ticalcprograms</a> are a set of small programs written in C for the TI-84 Plus CE graphing calculator.</p> - <p><a href="https://github.com/JacobMcDonnell/TextEditor">TextEditor</a> is a simple text editor that I wrote because I didn't like the macOS TextEdit app.</p> <h2><a>About</a></h2> <p>I'm Jacob McDonnell. I have been interested in computers since I was young. My father has been in the technology field since before I was born, so I guess that interest came from him. @@ -26,7 +26,8 @@ I know how to program in Java thanks to a high school course, and I like the language for somethings. Currently I am learning the C programming language with the hopes to write my own operating system one day. In my free time I like to play basketball, row, practice German and Russian, and play guitar. <br><br> - I do not know what I will do with this website just yet, maybe I will write articles about projects that I am working on.</p> + I do not know what I will do with this website just yet, maybe I will write articles about projects that I am + working on.</p> </div> </body> </html> |