Raspberry Pi 树莓派搭LAMP服务器
目录:
为什么要用树莓派?
Debian Linux
安全性
操作系统性能优化
配置网络
开启ssh
Making the server available on the Internet
DNS
安装apache
安全mysql
安装PHP
配置完成
本文将会介绍如何把树莓派配置为一台LAMP服务器. 这和把XUbuntu配成LAMP服务器有些相似, 但是针对树莓派有些需要特殊处理的地方.
下面是LAMP服务器的最通用配置:
Linux – 操作系统
Apache – http服务器
Mysql – 数据库
PHP/Perl – 编程语音
本文介绍的配置对于树莓派来说可能不是最佳的, 只是为了更多的用户能够更好的了解如何去配置一个WEB服务器. 我以后也许会推出些轻量级的配置.
所有的配置工作都通过命令行完成. 这也许不像点点鼠标那么容易, 但是有非常多的好处, 比如能远程管理和安装服务. 这也意味着树莓派无需使用处理器去耗费时间绘制GUI, 而是更专注于处理网页.
为什么要用树莓派?
一个极客会回答你"因为我能", 但我认为这样做的好处有以下几点:
学习Linux 可以学习Linux技巧. 实际操作是最佳的学习方式.
学习网络编程 学习编写网络应用是你应该学习的有用技术. 先学桌面应用编程还是先学网络编程, 这值得商榷, 不过毫无疑问的是这是一门十分有用的技术.
作为接口 树莓派可以从各种传感器收集数据. 通过网站查看这些信息是不错的方式.
专用网络设备 你可以把它放在家里作为专用的网络设备. 可以是影音流媒体站点之类的 .
作为测试或开发服务器 当你创建了个网页应用, 有个专用的服务器来测试不是很好吗. 理想情况下, 应该用与生产环境同样的软硬件, 如果你没有条件, 树莓派会是很好的廉价替代方案.
作为实际应用的WEB服务器 起初我觉得作为产品服务器也许是个蠢想法. 然后我回想到2007年我搭个人博客时用的服务器, 其实并不比树莓派好. 虽然内存是多了些, 但它需要跑起整个WordPress站和一些CGI脚本. 那时的网站往往包含更多的动态内容和大文件, 但如果你只需要一个个人网站, 树莓派绝对足够了.
Debian Linux
This is based on the Debian Raspberry Pi image from Raspberry Pi download page.
To follow this then the Raspberry Pi will need to have an Internet connection. These instructions assume that it is physically connected to a home router.
安全性
The first priority is to make the Raspberry Pi a little more secure. The image includes a default username and password, which once connected to the Internet would allow anyone to login and have free roam of the device.
To change the password for the pi user after logging in issue
passwd
and follow the prompts for changing the password.
You may also want to add your own username. I have used user1 as the username, but typically this will be a persons name. You can skip this and go straight to the performance / networking steps if this is not required.
This will add a new user and change their password.
sudo useradd -m user1 sudo passwd user1
Here you will see the first use of the sudo command which we will be using a lot in this. As used above the sudo command allows the user to issue a command as the superuser. Without using the sudo command this would fail as regular users are not allowed to create other users. This is a security feature that protects the system from other users, but also limits the amount of damage that a user can do by mistake (although if prefixed with the sudo command it will not help against accidents).
The new user will need to be added to certain groups to allow the same privileges that the pi user had.
You can add the new user to the groups using the usermod command or you can edit the file directly. I’ve done the following by editing the file so that you can see the file (it’s also arguably a little quicker as you can make multiple changes whilst editing the file). Please be aware that when editing files like these a mistake can result in not being able to login.
There are two command line text editors. The nano editor is the easiest for new users (so that’s what I’ve referred to below), but I do recommend learning the vi text editor as it is useful tool that is installed on all linux systems. If you are familiar with vi then replace nano with vi for the rest of this guide.
sudo nano /etc/group
Go through the file adding ,user1 to the end of all of the groups that pi is in.
eg
adm:x:4:pi,user1
Use CTRL-O to save and CTRL-X to quit after editing the file.
The most important is the admin entry as without that the user will not be able to run sudo and hence perform any system administration. Of course if you want to add a different user and don’t want to give them admin access then you don’t need to make any updates to the /etc/group file.
type
exit
to logout and now login under the new username to check that it is working correctly.
By default the shell for the new user is the bourne shell. The bash shell is an improvement on that allowing the user of the arrow keys on the command line and autocompletion.
To set the default shell for you new account (when logged in under that account) use:
chsh -s /bin/bash
You could now remove the pi username if it is no longer required.
userdel pi
Although at the time of writing the current image had an error in the passwd file – which will need to be fixed using the pwck command first.
This is just the initial stages in making the Pi more secure. There are other aspects to Linux security including making sure that appropriate security fixes are applied as they become available (eg. apt-get update).
操作系统性能优化
Performance tuning is something that you would normally leave until later, but in the case of the Raspberry Pi there is an single option that can be done to improve performance for servers. By configuring it here we can let it get picked up by the reboot later saving us from having to reboot the server.
The Raspberry Pi has 256Mb (or 512Mb for later versions) of RAM. This RAM is however shared between the graphics and main system memory. By default 64Mb is allocated to graphics. This is overkill if you don’t plan to run the graphical interface (or rarely) as in the case of a server. To reduce the amount of memory available for graphics to 32MB enter the following command.
sudo cp /boot/arm224_start.elf /boot/start.elf, or use sudo raspi-config to do this using the config menu
(you can restore the previous configuration sudo cp /boot/arm192_start.elf /boot/start.elf )
This requires a reboot to take effect, but we will be rebooting later, so there is no need to reboot at this point.
配置网络
The next step is to give the Raspberry Pi an static IP address. This is a little more complex as it depends upon your own setup and what router you have on how to achieve this.
By default the Raspberry Pi will request a dynamic IP address which is issued by your router as required. This however may change in future which would make it hard to connect to the webserver. Instead we provide it with an address that doesn’t change such as 192.168.1.4.
Note that this address can be used on the local network, but not on the Internet – later we’ll look at providing access through your router / firewall from the Internet.
First find out what DHCP address has been allocated by using the ifconfig command – see the extract below
... eth0 Link encap:Ethernet HWaddr b8:27:eb:8a:71:a0 inet addr:192.168.1.110 Bcast:192.168.1.255 Mask:255.255.255.0 ...
This is saying that the ethernet port 0 – has an IP address of 192.168.1.110
You will also need to find out what address your router is, using the route command
$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
This shows that the router IP address (Gateway) is 192.168.1.1 and all traffic is sent via that router.
At this point you will also need to check on what address range is being issued by the router. This depends upon the individual router. In my case I have a Belkin Wireless Routerwhich can be reached by pointing a web browser to the IP address of the router 192.168.1.1
The LAN settings are shown below:
In this case the local network has valid addresses from 192.168.1.1 to 192.168.1.254. The router is at address 192.168.1.1 and any DHCP requests will be given entries between 192.168.1.100 and 192.168.1.150 (you can change the range of the DHCP addresses if required). I have used 192.168.1.4 for this server.
To change to static IP address
cd /etc/network sudo nano interfaces
replace the line “iface eth0 inet dhcp” with
iface eth0 inet static address 192.168.1.4 netmask 255.255.255.0 gateway 192.168.1.1
You should also take a look at the file /etc/resolv.conf
and check it has a nameserver entry (probably pointing at your default gateway)
nameserver 192.168.1.1
Alternatively you could point directly at your ISPs DNS servers rather.
Whilst you can dynamically reload the network interface I suggest a reboot at this stage to make sure that the configuration is correct.
sudo reboot
After logging in check using ifconfig to confirm that we have a static ip address
... eth0 Link encap:Ethernet HWaddr b8:27:eb:8a:71:a0 inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0 ...
开启ssh
SSH (Secure Shell) is a network protocol that allows you to login and control the computer through the command line remotely. As the name suggests it is secure as it encrypts communication across the network (so that others cannot see your password etc). It also has some great features such as tunnelling, which we won’t go into here.
The ssh server is installed on the default image and is started by default. You can enable/disable the ssh server using sudo raspi-config.
You can now connect to the Raspberry pi remotely (on the same network) via ssh.
If you have another linux computer on the network then from a terminal run
ssh 192.168.1.4
which will login with the same username. If you want to use a different username then prefix that before the ip address with an @ sign.
eg
ssh [email protected]
I believe that ssh is also installed on a MAC so you can use the same commands as above.
If you want to connect from Windows then there are several options, but I suggest the open source software Putty.
Making the server available on the Internet
Next we are going to configure the router to allow ssh logins and web traffics through its firewall to the Raspberry Pi.
You did remember to change the default password for the pi username didn’t you! If you haven’t already changed the default password then do it now otherwise anyone will be able to login to your Raspberry Pi.
As a home user the ip address used on your local network is a private address range that will not work over the Internet. Instead your ISP will provide a single dynamic IP address which is used by the router. To allow traffic to flow from the Internet to your Raspberry Pi needs the IP address of the Pi to be made to look as though it is from the router. This is a process called Network Address Translation (NAT).
The ports that need to be allowed through are port 80 (http) and if you would like to be able to login to the computer from the Internet then port 22 (ssh).
To do this you will need to consult the instructions on your router. In the case of my Belkin router this is through the Firewall > Virtual servers settings (see below), but Netgear this is Advanced > Security > IP Forwarding.
DNS
The final stage is to have a DNS entry point at your router’s IP address. In my case I have cable Internet through Virgin Media. Although it does have a dynamic IP address the address does not normally change. I have a static DNS entry on a Internet DNS server. The entry only needs to be changed about once every year or when Virgin Media perform significance maintenance on the Internet connection.
If you have a dynamic IP address that changes on a more recent basis then you will need to register for a dynamic dns service.
安装apache
The Apache webserver is available to download from the Debian repositories. This can be done through the apt tools.
First have you refreshed the software repositories? If not run sudo apt-get update to make sure that it knows about any new packages / versions available.
Apache is installed by entering the following
sudo apt-get install apache2
安全mysql
The mysql database server is also available through the Debian repositories and installed as
sudo apt-get install mysql-server
During the install there is a prompt request for a password.
The password is for the mysql root user.
安装PHP
Perl is installed as part of the operating system so I will just be adding PHP.
The following commands will install PHP version 5 and the mysql libraries to allow PHP to access the mysql database.
sudo apt-get install php5 sudo apt-get install php5-mysql
配置完成
Once the setup is complete you can access the web page by pointing your browser to the router IP address or DNS entry.
You should get a page back stating that it works, but that there is no content loaded.
To test that the webserver and PHP are working correctly then delete the file /var/www/index.html and create a file /var/www/index.php with the contents of this page.
Note that the filename of the link ends in .txt to prevent my webserver from running this, you should have the file ending with .php so that the file is run as a PHP script.