diff options
Diffstat (limited to 'articles')
| -rwxr-xr-x | articles/RpiRockyLinuxServer/index.html | 65 | ||||
| -rw-r--r-- | articles/index.html | 3 |
2 files changed, 33 insertions, 35 deletions
diff --git a/articles/RpiRockyLinuxServer/index.html b/articles/RpiRockyLinuxServer/index.html index 29cdb54..fe058e6 100755 --- a/articles/RpiRockyLinuxServer/index.html +++ b/articles/RpiRockyLinuxServer/index.html @@ -1,5 +1,5 @@ <!DOCTYPE html> -<html> +<html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> @@ -13,7 +13,6 @@ <body> <ul class="topBar"> <li class="topLink"><a href="https://jacobmcdonnell.com/">home</a></li> - <li class="topLink"><a href="https://github.com/JacobMcDonnell">github</a></li> <li class="topLink"><a href="https://jacobmcdonnell.com/articles">articles</a></li> <li class="toplink"><a href="https://jacobmcdonnell.com/articles/rss.xml">rss feed</a></li> </ul> @@ -25,20 +24,20 @@ <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.15.13 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.15.13 PM"></center> <p>Next you want to burn this image to the sd card that you are going to use. Now start up the Raspberry Pi and login with the default user <code>rocky</code> and the password is <code>rockylinux</code>. </p> <p>To make the image take up the whole drive, run:</p> - <pre><code class='language-shell' lang='shell'>sudo rootfs-expand + <pre><code class='language-shell'>sudo rootfs-expand </code></pre> <p>Now, you should create a new user:</p> - <pre><code class='language-shell' lang='shell'>sudo useradd -m -g users -G wheel userName + <pre><code class='language-shell'>sudo useradd -m -g users -G wheel userName sudo passwd username </code></pre> <p>Next, we should delete the default user so logout and login to your new user:</p> - <pre><code class='language-shell' lang='shell'>sudo userdel rocky + <pre><code class='language-shell'>sudo userdel rocky </code></pre> <p> </p> <hr /> <h2 id='setting-a-static-ip-address'>Setting a static IP address </h2> <p>The easiest way is to run:</p> - <pre><code class='language-shell' lang='shell'>sudo nmtui + <pre><code class='language-shell'>sudo nmtui </code></pre> <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.18.39 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.18.39 PM"></center> <p>Select <strong>Edit</strong> a connection and select your network interface. </p> @@ -47,36 +46,36 @@ sudo passwd username <h2 id='securing-the-pi'>Securing the PI</h2> <h3 id='ssh-key-authorization'>SSH Key Authorization</h3> <p>The best way to secure the pi is to use an SSH key to login instead of a password. First you want to generate an SSH key by running on your computer:</p> - <pre><code class='language-shell' lang='shell'>ssh-keygen -t rsa + <pre><code class='language-shell'>ssh-keygen -t rsa </code></pre> <p>Next, to copy your SSH key to your server, run:</p> - <pre><code class='language-shell' lang='shell'>ssh-copy-id -i ~/.ssh/mykey user@host + <pre><code class='language-shell'>ssh-copy-id -i ~/.ssh/mykey user@host </code></pre> <p>To test that it works, run:</p> - <pre><code class='language-shell' lang='shell'>ssh -i ~/.ssh/mykey user@host + <pre><code class='language-shell'>ssh -i ~/.ssh/mykey user@host </code></pre> <p>If it worked, you should be able to connect without needing a password.</p> <p>To force an SSH key to login, edit <code>/etc/ssh/sshd_config</code> using nano or vim.</p> <p>Change <code>PermitRootLogin yes</code> to <code>PermitRootLogin no</code> and <code>PasswordAuthentication yes</code> to <code>PasswordAuthentication no</code>.</p> <h3 id='setting-up-fail2ban'>Setting up fail2ban</h3> <p>First start and enable firewalld to run at boot:</p> - <pre><code class='language-shell' lang='shell'>sudo systemctl start firewalld + <pre><code class='language-shell'>sudo systemctl start firewalld sudo systemctl enable firewalld </code></pre> <p>Now, enable the EPEL repository for Rocky Linux and install fail2ban:</p> - <pre><code class='language-shell' lang='shell'>sudo dnf install epel-release -y + <pre><code class='language-shell'>sudo dnf install epel-release -y sudo dnf install fail2ban fail2ban-firewalld -y </code></pre> <p>Start and enable fail2ban to run at boot:</p> - <pre><code class='language-shell' lang='shell'>sudo systemctl start fail2ban + <pre><code class='language-shell'>sudo systemctl start fail2ban sudo systemctl enable fail2ban </code></pre> <p>Now, we have to make fail2ban work with firewalld, run:</p> - <pre><code class='language-shell' lang='shell'>sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local + <pre><code class='language-shell'>sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local sudo systemctl restart fail2ban </code></pre> <p>To create an SSH jail, edit the ssh config file with vim or nano:</p> - <pre><code class='language-shell' lang='shell'>sudo nano /etc/fail2ban/jail.d/sshd.local + <pre><code class='language-shell'>sudo nano /etc/fail2ban/jail.d/sshd.local </code></pre> <p>Paste the following into the file and change the values as you see fit:</p> <pre><code>[sshd] @@ -85,7 +84,7 @@ bantime = 1d maxretry = 3 </code></pre> <p>Save and close the file and restart fail2ban:</p> - <pre><code class='language-shell' lang='shell'>sudo systemctl restart fail2ban + <pre><code class='language-shell'>sudo systemctl restart fail2ban </code></pre> <h2 id='setting-up-dynamic-dns-with-google-domains'>Setting up Dynamic DNS with Google Domains</h2> <h3 id='configuring-google-domains'>Configuring Google Domains</h3> @@ -93,17 +92,17 @@ maxretry = 3 <h3 id='installing-ddclient'>Installing ddclient</h3> <p>To install ddclient you need to enable the PowerTools Repo for the perl dependency.</p> <p>First, install <code>dnf-plugins-core</code>:</p> - <pre><code class='language-shell' lang='shell'>sudo dnf -y install dnf-plugins-core + <pre><code class='language-shell'>sudo dnf -y install dnf-plugins-core sudo dnf upgrade </code></pre> <p>Next, enable PowerTools:</p> - <pre><code class='language-shell' lang='shell'>sudo dnf config-manager --set-enabled powertools + <pre><code class='language-shell'>sudo dnf config-manager --set-enabled powertools </code></pre> <p>Then, you can install ddclient:</p> - <pre><code class='language-shell' lang='shell'>sudo dnf install ddclient + <pre><code class='language-shell'>sudo dnf install ddclient </code></pre> <p>Now, we want to edit the config file for ddclient:</p> - <pre><code class='language-shell' lang='shell'>sudo nano /etc/ddclient.conf + <pre><code class='language-shell'>sudo nano /etc/ddclient.conf </code></pre> <p>You'll want to look for where it says <code>protocol=dyndns2</code>, and enter your information:</p> <pre><code>## @@ -120,18 +119,18 @@ domain.tld <h2 id='setting-up-nginx-and-lets-encrypt'>Setting up NGINX and Let's Encrypt</h2> <h3 id='installing-nginx'>Installing NGINX</h3> <p>First, install nginx Webserver:</p> - <pre><code class='language-shell' lang='shell'>sudo dnf install nginx + <pre><code class='language-shell'>sudo dnf install nginx </code></pre> <p>Next, start and enable nginx to run at boot:</p> - <pre><code class='language-shell' lang='shell'>sudo systemctl start nginx + <pre><code class='language-shell'>sudo systemctl start nginx sudo systemctl enable nginx </code></pre> <p>Then, check the status to see if it is running:</p> - <pre><code class='language-shell' lang='shell'>sudo systemctl status nginx + <pre><code class='language-shell'>sudo systemctl status nginx </code></pre> <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.56.21 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.56.21 PM"></center> <p>Now, we have to allow HTTP traffic through the firewall:</p> - <pre><code class='language-shell' lang='shell'>sudo firewall-cmd --add-service=http --permanent + <pre><code class='language-shell'>sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --add-service=https --permanent sudo firewall-cmd --reload </code></pre> @@ -139,14 +138,14 @@ sudo firewall-cmd --reload <center><img class="imgs" src="img/Screen Shot 2022-02-19 at 2.58.29 PM.png" referrerpolicy="no-referrer" alt="Screen Shot 2022-02-19 at 2.58.29 PM"></center> <h3 id='configuring-nginx'>Configuring NGINX</h3> <p>First, make your folder for the website, this is where your website will live:</p> - <pre><code class='language-shell' lang='shell'>sudo mkdir -p /var/www/websiteName + <pre><code class='language-shell'>sudo mkdir -p /var/www/websiteName </code></pre> <p>Next, we need to set the proper permissions to make sure everything works:</p> - <pre><code class='language-shell' lang='shell'>sudo chown -R nginx /var/www/websiteName + <pre><code class='language-shell'>sudo chown -R nginx /var/www/websiteName sudo chmod -R 755 /var/www/websiteName </code></pre> <p>Now, we will create the config file for website:</p> - <pre><code class='language-shell' lang='shell'>sudo nano /etc/nginx/conf.d/websiteName.conf + <pre><code class='language-shell'>sudo nano /etc/nginx/conf.d/websiteName.conf </code></pre> <p>and paste the following into the file:</p> <pre><code>server { @@ -159,29 +158,29 @@ sudo chmod -R 755 /var/www/websiteName } </code></pre> <p>Now, confirm that the nginx configuration is ok:</p> - <pre><code class='language-shell' lang='shell'>sudo nginx -t + <pre><code class='language-shell'>sudo nginx -t </code></pre> <p>Restart nginx:</p> - <pre><code class='language-shell' lang='shell'>sudo systemctl restart nginx + <pre><code class='language-shell'>sudo systemctl restart nginx sudo systemctl status nginx </code></pre> <p>Next, set SELinux to permissive mode:</p> - <pre><code class='language-shell' lang='shell'>sudo setenforce permissive + <pre><code class='language-shell'>sudo setenforce permissive sudo getenforce </code></pre> <p>Now, we will need to set SELinux to permissive mode permanently:</p> - <pre><code class='language-shell' lang='shell'>sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux + <pre><code class='language-shell'>sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux </code></pre> <h3 id='installing-and-running-certbot'>Installing and Running Certbot</h3> <p>To install Certbot run:</p> - <pre><code class='language-shell' lang='shell'>sudo dnf install certbot python3-certbot-nginx + <pre><code class='language-shell'>sudo dnf install certbot python3-certbot-nginx </code></pre> <p>To get SSL certificates for your websites run:</p> - <pre><code class='language-shell' lang='shell'>sudo certbot --nginx + <pre><code class='language-shell'>sudo certbot --nginx </code></pre> <p>Answer the prompts that show up on screen as you wish.</p> <p>To configure auto renewal of the SSL certificate run:</p> - <pre><code class='language-shell' lang='shell'>crontab -e + <pre><code class='language-shell'>crontab -e </code></pre> <p>and add the following line:</p> <pre><code>0 12 * * * /usr/bin/certbot renew --quiet diff --git a/articles/index.html b/articles/index.html index 7f97bd9..977aefe 100644 --- a/articles/index.html +++ b/articles/index.html @@ -1,5 +1,5 @@ <!DOCTYPE html> -<html> +<html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> @@ -11,7 +11,6 @@ <body> <ul class="topBar"> <li class="topLink"><a href="https://jacobmcdonnell.com/">home</a></li> - <li class="topLink"><a href="https://github.com/JacobMcDonnell">github</a></li> <li class="topLink"><a href="https://jacobmcdonnell.com/articles">articles</a></li> <li class="toplink"><a href="https://jacobmcdonnell.com/articles/rss.xml">rss feed</a></li> </ul> |