Web Server

See the new page here.

Nginx

As some instructions use nginx instead of Apache, here are some related arcticles.

Nginx is supposedly using less resources, making it a more convenient candidate for the web server.

Components

• nginx
  • libnginx-mod-http-dav-ext
  • php7.0-fpm

The PHP 7.0 FPM package is required for PHP support.

Configuration

Nginx is configured per site. The configurations are in "/etc/nginx/sites-available/". It is recommended to create symlinks in .../sites-enabled to point to a site in .../sites-available so that the configuration happens in one file only and it is easy to enable/disable a site.

sudo nano /etc/nginx/sites-enabled/nextcloud

Restart the service with

sudo service nginx restart

Logs

Nginx logs are located at /var/log/nginx/ and include access.log and error.log files.

Articles

• Raspberry Pi NGINX: Build your own Web Server
• How To Migrate from an Apache Web Server to Nginx on an Ubuntu VPS

SSL Certificates

Secure HTTP connections using LetsEncrypt certificates. Set up SSL Certificate with Let's Encrypt. It is a fairly simple process. The (free) certificates expire every 3 months and it is recommended to automate renewal to happen every month.

Install "certbot" and "python-certbot-nginx" packages.

Renewal

Test the certificate renewal with:

sudo certbot renew --nginx --dry-run

Renew the certificate with sudo certbot renew or sudo letsencrypt renew. Should there be any issues, add the --nginx parameter:

sudo certbot renew --nginx

After the above is confirmed to work, schedule a regular automatic renewal. The command runs only when a certificate is due for renewal so won't generate unneccessary traffic. Add a line to crontab with "-q" (quiet) and "-n" (non-interactive) parameters.

After the certificate is renewed, the nginx server needs to be restarted. This can be done using renewal hooks. Using

--deploy-hook "service nginx restart"

will execute the hook only on successful renewal.

Add a line to crontab:

sudo certbot renew --nginx --post-hook "service nginx restart"

Links

• nginx SSL module documentation (link)
• Raspberry Pi SSL Certificates using Let’s Encrypt (link)
• How to secure Nginx... (link)
• Certbot on Nginx on Debian 9 (stretch) (link)
• certbot, renewing certificates (link)

Dynamic DNS

Here I'll cover establishing a permanent internet name for a dynamic server IP address.

There are also various services that provide the current IP address information as an API. This value can be cached before issuing the network request to update the DNS record. This information can also be retrieved from the interface IP address if connecting via 3G USB modem (ppp).

• ifconfig.me or ipconfig.me (link)
• ipify

FreeDNS

FreeDNS (link) offers dynamic DNS service which can be refreshed from a cron job. This is extremely convenient and easy to maintain.

It takes a while to propagate the change, though.

ClouDNS

ClouDNS also provides this service.

• (link)

Freenom

It is also possible to dynamically update Freenom's DNS via script.

• Script 1 (link), and a newer version (link)

No-IP

Install the client. Run "make", "make install". The second step is also the configuration. It will save the config to "/usr/local/etc/no-ip2.conf".

The uninstall option is not provided in Makefile. Fortunately, it is easy to create it or manually remove the files. Add the following to Make file and then run "sudo make uninstall":

uninstall: ${TGT}

        rm ${BINDIR}/${TGT}

        rm ${CONFDIR}/no-ip2.conf

Links

• How to Install the No-IP DUC on Raspberry Pi (link)