From c0001805d874f99454bb4aba70dda478eacd4c63 Mon Sep 17 00:00:00 2001 From: Jacob McDonnell Date: Sun, 10 Jul 2022 22:50:28 -0400 Subject: improvements to accessibility --- articles/RpiRockyLinuxServer/index.html | 65 ++++++++++++++++----------------- 1 file changed, 32 insertions(+), 33 deletions(-) (limited to 'articles/RpiRockyLinuxServer/index.html') diff --git a/articles/RpiRockyLinuxServer/index.html b/articles/RpiRockyLinuxServer/index.html index 29cdb54..fe058e6 100755 --- a/articles/RpiRockyLinuxServer/index.html +++ b/articles/RpiRockyLinuxServer/index.html @@ -1,5 +1,5 @@ - + @@ -13,7 +13,6 @@ @@ -25,20 +24,20 @@
Screen Shot 2022-02-19 at 2.15.13 PM

Next you want to burn this image to the sd card that you are going to use. Now start up the Raspberry Pi and login with the default user rocky and the password is rockylinux.

To make the image take up the whole drive, run:

- 
sudo rootfs-expand
+			
sudo rootfs-expand
 			

 			
Now, you should create a new user:

-			
sudo useradd -m -g users -G wheel userName
+			
sudo useradd -m -g users -G wheel userName
 sudo passwd username
 			

 			
Next, we should delete the default user so logout and login to your new user:

-			
sudo userdel rocky
+			
sudo userdel rocky
 			

 			
 

 			

 			
Setting a static IP address 

 			
The easiest way is to run:

-			
sudo nmtui
+			
sudo nmtui
 			

 			
Screen Shot 2022-02-19 at 2.18.39 PM

 			
Select Edit a connection and select your network interface. 

@@ -47,36 +46,36 @@ sudo passwd username
 			
Securing the PI

 			
SSH Key Authorization

 			
The best way to secure the pi is to use an SSH key to login instead of a password. First you want to generate an SSH key by running on your computer:

-			
ssh-keygen -t rsa
+			
ssh-keygen -t rsa
 			

 			
Next, to copy your SSH key to your server, run:

-			
ssh-copy-id -i ~/.ssh/mykey user@host
+			
ssh-copy-id -i ~/.ssh/mykey user@host
 			

 			
To test that it works, run:

-			
ssh -i ~/.ssh/mykey user@host
+			
ssh -i ~/.ssh/mykey user@host
 			

 			
If it worked, you should be able to connect without needing a password.

 			
To force an SSH key to login, edit /etc/ssh/sshd_config using nano or vim.

 			
Change PermitRootLogin yes to PermitRootLogin no and PasswordAuthentication yes to PasswordAuthentication no.

 			
Setting up fail2ban

 			
First start and enable firewalld to run at boot:

-			
sudo systemctl start firewalld
+			
sudo systemctl start firewalld
 sudo systemctl enable firewalld
 			

 			
Now, enable the EPEL repository for Rocky Linux and install fail2ban:

-			
sudo dnf install epel-release -y
+			
sudo dnf install epel-release -y
 sudo dnf install fail2ban fail2ban-firewalld -y
 			

 			
Start and enable fail2ban to run at boot:

-			
sudo systemctl start fail2ban
+			
sudo systemctl start fail2ban
 sudo systemctl enable fail2ban
 			

 			
Now, we have to make fail2ban work with firewalld, run:

-			
sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local
+			
sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local
 sudo systemctl restart fail2ban
 			

 			
To create an SSH jail, edit the ssh config file with vim or nano:

-			
sudo nano /etc/fail2ban/jail.d/sshd.local
+			
sudo nano /etc/fail2ban/jail.d/sshd.local
 			

 			
Paste the following into the file and change the values as you see fit:

 			
[sshd]
@@ -85,7 +84,7 @@ bantime = 1d
 maxretry = 3
 			

 			
Save and close the file and restart fail2ban:

-			
sudo systemctl restart fail2ban
+			
sudo systemctl restart fail2ban
 			

 			
Setting up Dynamic DNS with Google Domains

 			
Configuring Google Domains

@@ -93,17 +92,17 @@ maxretry = 3
 			
Installing ddclient

 			
To install ddclient you need to enable the PowerTools Repo for the perl dependency.

 			
First, install dnf-plugins-core:

-			
sudo dnf -y install dnf-plugins-core
+			
sudo dnf -y install dnf-plugins-core
 sudo dnf upgrade
 			

 			
Next, enable PowerTools:

-			
sudo dnf config-manager --set-enabled powertools
+			
sudo dnf config-manager --set-enabled powertools
 			

 			
Then, you can install ddclient:

-			
sudo dnf install ddclient
+			
sudo dnf install ddclient
 			

 			
Now, we want to edit the config file for ddclient:

-			
sudo nano /etc/ddclient.conf
+			
sudo nano /etc/ddclient.conf
 			

 			
You'll want to look for where it says protocol=dyndns2, and enter your information:

 			
##
@@ -120,18 +119,18 @@ domain.tld
 			
Setting up NGINX and Let's Encrypt

 			
Installing NGINX

 			
First, install nginx Webserver:

-			
sudo dnf install nginx
+			
sudo dnf install nginx
 			

 			
Next, start and enable nginx to run at boot:

-			
sudo systemctl start nginx
+			
sudo systemctl start nginx
 sudo systemctl enable nginx
 			

 			
Then, check the status to see if it is running:

-			
sudo systemctl status nginx
+			
sudo systemctl status nginx
 			

 			
Screen Shot 2022-02-19 at 2.56.21 PM

 			
Now, we have to allow HTTP traffic through the firewall:

-			
sudo firewall-cmd --add-service=http --permanent
+			
sudo firewall-cmd --add-service=http --permanent
 sudo firewall-cmd --add-service=https --permanent
 sudo firewall-cmd --reload
 			

@@ -139,14 +138,14 @@ sudo firewall-cmd --reload
 			
Screen Shot 2022-02-19 at 2.58.29 PM

 			
Configuring NGINX

 			
First, make your folder for the website, this is where your website will live:

-			
sudo mkdir -p /var/www/websiteName
+			
sudo mkdir -p /var/www/websiteName
 			

 			
Next, we need to set the proper permissions to make sure everything works:

-			
sudo chown -R nginx /var/www/websiteName
+			
sudo chown -R nginx /var/www/websiteName
 sudo chmod -R 755 /var/www/websiteName
 			

 			
Now, we will create the config file for website:

-			
sudo nano /etc/nginx/conf.d/websiteName.conf
+			
sudo nano /etc/nginx/conf.d/websiteName.conf
 			

 			
and paste the following into the file:

 			
server {
@@ -159,29 +158,29 @@ sudo chmod -R 755 /var/www/websiteName
 }
 			

 			
Now, confirm that the nginx configuration is ok:

-			
sudo nginx -t
+			
sudo nginx -t
 			

 			
Restart nginx:

-			
sudo systemctl restart nginx
+			
sudo systemctl restart nginx
 sudo systemctl status nginx
 			

 			
Next, set SELinux to permissive mode:

-			
sudo setenforce permissive
+			
sudo setenforce permissive
 sudo getenforce
 			

 			
Now, we will need to set SELinux to permissive mode permanently:

-			
sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
+			
sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
 			

 			
Installing and Running Certbot

 			
To install Certbot run:

-			
sudo dnf install certbot python3-certbot-nginx
+			
sudo dnf install certbot python3-certbot-nginx
 			

 			
To get SSL certificates for your websites run:

-			
sudo certbot --nginx
+			
sudo certbot --nginx
 			

 			
Answer the prompts that show up on screen as you wish.

 			
To configure auto renewal of the SSL certificate run:

-			
crontab -e
+			
crontab -e
 			

 			
and add the following line:

 			
0 12 * * * /usr/bin/certbot renew --quiet
-- 
cgit v1.2.3