====== Debian 11 Server Setup ======
This is a summary of steps to install the services on this Debian 11 server.
* Firewalld
* Webmin
* Mumble
* NTP client
* Squid
* Apache
* TWG
* DocuWiki
* Nagios (Installed but some CGI not working yet)
* MariaDB
* PhpMyAdmin
* Open-Web-Analytics (Not installed yet)
* HumoGen
* WeeWX
* UniFi (DOES NOT WORK WITH DEBIAN 11 & MONGODB > 4)
==== Initial Configuration ====
* Enable Gnome desktop
* Enable SSH Server
* Login as su
# /usr/sbin/usermod -aG sudo username
# exit
* Reboot
> sudo nano /etc/ssh/sshd_config
change "PermitRootLogin without-password" to "PermitRootLogin yes"
> sudo apt update
> sudo apt upgrade
> sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
If unable to update, edit the following:
> sudo nano /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main
deb http://deb.debian.org/debian-security/ bullseye-security main
deb-src http://deb.debian.org/debian-security/ bullseye-security main
deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main
==== Update Banner ====
> sudo nano /etc/issue.net
Enter banner text
> sudo nano /etc/ssh/sshd_config
Add "Banner /etc/issue.net"
==== firewalld ====
> sudo apt-get install firewalld
> sudo firewall-cmd --permanent --add-service=http
> sudo firewall-cmd --permanent --add-service=https
> sudo firewall-cmd --permanent --add-service=squid
> sudo nano /etc/firewalld/services/webmin.xml
Webmin
Webmin
> sudo chmod 640 /etc/firewalld/services/webmin.xml
> sudo firewall-cmd --permanent --add-service=webmin
> sudo nano /etc/firewalld/services/mumble.xml
Mumble
Mumble
> sudo chmod 640 /etc/firewalld/services/mumble.xml
> sudo firewall-cmd --permanent --add-service=mumble
> sudo nano /etc/firewalld/services/opc.xml
OPC
OPC
> sudo chmod 640 /etc/firewalld/services/opc.xml
> sudo firewall-cmd --permanent --add-service=opc
> sudo nano /etc/firewalld/services/weewx.xml
weewx
weewx
> sudo chmod 640 /etc/firewalld/services/weewx.xml
> sudo firewall-cmd --permanent --add-service=weewx
==== WebMin ====
> sudo nano /etc/apt/sources.list
Add the line: "deb http://download.webmin.com/download/repository sarge contrib"
> su
# cd /root
# wget https://download.webmin.com/jcameron-key.asc
# cat jcameron-key.asc | gpg --dearmor >/etc/apt/trusted.gpg.d/jcameron-key.gpg
# exit
> sudo apt update
> sudo apt install apt-transport-https
> sudo apt install webmin
==== Mumble Server ====
> sudo apt install mumble-server
> sudo dpkg-reconfigure mumble-server
> sudo nano /etc/mumble-server.ini
bandwidth=128000
users=100
welcometext="
Welcome to the CTSD Murmur server.
By accessing and using this information system, you acknowledge and consent to the following:
You are accessing a U.S. Government information system, which includes:
(1) this computer
(2) this computer network
(3) all computers connected to this network including end user systems
(4) all devices and storage media attached to this network or to any computer on this network
(5) cloud and remote information services.
This information system is provided for U.S. Government-authorized use only.
You have no reasonable expectation of privacy regarding any communication transmitted through or data stored on this information system.
At any time, and for any lawful purpose, the U.S. Government may monitor, intercept, search, and seize any communication or data transiting, stored on, or traveling to or from this information system.
You are NOT authorized to process classified information on this information system.
Unauthorized or improper use of this system may result in suspension or loss of access privileges, disciplinary action, and civil and/or criminal penalties.
"
==== NTP client ====
> sudo apt install ntp
> sudo nano /etc/ntp.conf
server 192.168.10.110 prefer
==== Squid ====
> sudo apt install squid
> sudo systemctl enable squid
> sudo cp /etc/squid/squid.conf /etc/squid/squidoriginal.conf.bak
> sudo nano /etc/squid/squid.conf
Remove "#" from "#http_access allow localnet"
Remove "#" from: "#acl localnet src" and edit the IP range 192.168.10.0/24
Change "#dns_v4_first off" to "dns_v4_first on"
Remove "#" from: "#Cache_mem 256 MB"
Change "#maximum_object_size 4 MB" to "Maximum_object_size 4096 MB"
Change "#maximum_object_size_in_memory 512 KB" to "Maximum_object_size_in_memory 8192 KB"
Change "#cache_dir ufs /var/spool/squid 100 16 256" to "cache_dir ufs /var/spool/squid 8192 16 256"
> sudo service squid restart
==== Apache ====
> sudo apt install apache2
> sudo apt install php libapache2-mod-php -y
> sudo rm /var/www/html/index.html
> sudo nano /var/www/html/index.php
> openssl req -new -nodes -keyout myserver.key -out server.csr
=== Apache SSL ===
[[https://my.noip.com/my-services/ssl-certificates|Create a CSR, request a new key]]
Create a CSR:
> openssl req -new -nodes -keyout myserver.key -out server.csr
Place the private key in /etc/ssl/private/myserver.key
Request a new key from your provider using the CSR & download the new key in pem format
If you need to convert a pkcs7 key to pem format:
> sudo openssl pkcs7 -print_certs -in /etc/ssl/certs/myserver.pkcs7 -out /etc/ssl/certs/myserver.pem
Place the public key in /etc/ssl/certs/myserver.pem
> sudo nano /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/ssl/certs/myserver.pem
SSLCertificateKeyFile /etc/ssl/private/myserver.key
> sudo service apache2 restart
=== Nagios ===
> su
# apt install nagios4
# apt install libgd-tools
# getent passwd nagios
# getent group nagios
# systemctl status nagios4
# systemctl enable nagios4
# a2enmod rewrite cgi
# htdigest -c /etc/nagios4/htdigest.users "Restricted Nagios4 Access" nagiosadmin
> sudo usermod -a -G nagios www-data
=== DokuWiki ===
> sudo apt install php libapache2-mod-php php-xml
> sudo service apache2 restart
> wget https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz
> tar xzvf dokuwiki-stable.tgz
> sudo mv dokuwiki-yyyy-mm-dd /var/www/html/dokuwiki
> sudo chown -R www-data:www-data /var/www/html/dokuwiki
Add this to /etc/apache2/apache2.conf (THIS BREAKS phpMyAdmin and may not be needed!)
Order allow,deny
Deny from all
Satisfy All
=== MariaDB ===
> sudo apt install php php-cgi php-mysqli php-pear php-mbstring libapache2-mod-php php-common php-phpseclib php-mysql
> sudo apt install mariadb-server mariadb-client
> sudo mysql_secure_installation (Answers N,Y,Y,Y,Y,Y)
> sudo mysql -u root
MariaDB> CREATE DATABASE DATABASENAME;
MariaDB> SHOW DATABASES;
MariaDB> CREATE USER 'USERNAME'@localhost IDENTIFIED BY 'PASSWORD';
MariaDB> SELECT User FROM mysql.user;
MariaDB> GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'@localhost IDENTIFIED BY 'PASSWORD';
MariaDB> FLUSH PRIVILEGES;
MariaDB> SHOW GRANTS FOR 'USERNAME'@localhost;
> exit
=== phpMyAdmin ===
> wget -P Downloads https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz
> wget -P Downloads https://files.phpmyadmin.net/phpmyadmin.keyring
> cd Downloads
> gpg --import phpmyadmin.keyring
> wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz.asc
> gpg --verify phpMyAdmin-latest-all-languages.tar.gz.asc
> sudo mkdir /var/www/html/phpMyAdmin
> sudo tar xvf phpMyAdmin-latest-all-languages.tar.gz --strip-components=1 -C /var/www/html/phpMyAdmin
> sudo cp /var/www/html/phpMyAdmin/config.sample.inc.php /var/www/html/phpMyAdmin/config.inc.php
> sudo nano /var/www/html/phpMyAdmin/config.inc.php
Update entry: $cfg['blowfish_secret'] = 'ENTERASECRETPASSWORDHERE';
> sudo chmod 660 /var/www/html/phpMyAdmin/config.inc.php
> sudo chown -R www-data:www-data /var/www/html/phpMyAdmin
> sudo apt-get install php-curl (needed later for Humo-gen admin page to work)
> sudo systemctl restart apache2
=== Open-Web-Analytics ===
>
=== HuMo-gen ===
* Download the latest release: [[http://sourceforge.net/projects/humo-gen/|HuMo-gen]]
* Unzip & copy to /var/www/html/FOLDERNAME
* Browse to localhost/FOLDERNAME then create a new database
* Use phpMyAdmin to delete all tables from humo-gen database
* Use phpMyAdmin to import your old database
* Copy images to /var/www/html/FOLDERNAME/media
=== WeeWX ===
(WeatherFlow Tempest Configuration)
> wget -qO - https://weewx.com/keys.html | sudo gpg --dearmor --output /etc/apt/trusted.gpg.d/weewx.gpg
> wget -qO - https://weewx.com/apt/weewx-python3.list | sudo tee /etc/apt/sources.list.d/weewx.list
> sudo apt-get update
> sudo apt-get install weewx
During the install select 'Simulator'
> wget -O weewx-mqtt.zip https://github.com/matthewwall/weewx-mqtt/archive/master.zip
> sudo wee_extension --install weewx-mqtt.zip
Go to https://github.com/captain-coredump/weatherflow-udp and get weatherflow-udp-master.zip
Unzip and copy weatherflowudp.py to /usr/share/weewx/user/weatherflowudp.py
> sudo nano /etc/weewx/weewx.conf
Replace "station_type = Simulator" with "station_type = WeatherFlowUDP"
Replace the "[Simulator]" section with :
[WeatherFlowUDP]
driver = user.weatherflowudp
log_raw_packets = False
udp_address =
# udp_address = 192.168.10.241
# udp_address = 255.255.255.255
udp_port = 50222
udp_timeout = 90
share_socket = False
# This section is for the TEMPEST WeatherFlow Bridge packets, via UDP broadcast on local subnet
[[sensor_map]]
outTemp = air_temperature.ST-00050585.obs_st
outHumidity = relative_humidity.ST-00050585.obs_st
pressure = station_pressure.ST-00050585.obs_st
#lightning_strikes = lightning_strike_count.ST-00050585.obs_st
#avg_distance = lightning_strike_avg_distance.ST-00050585.obs_st
outTempBatteryStatus = battery.ST-00050585.obs_st
windSpeed = wind_speed.ST-00050585.rapid_wind
windDir = wind_direction.ST-00050585.rapid_wind
#luxXXX = illuminance.ST-00050585.obs_st
UV = uv.ST-00050585.obs_st
rain = rain_accumulated.ST-00050585.obs_st
windBatteryStatus = battery.ST-00050585.obs_st
radiation = solar_radiation.ST-00050585.obs_st
lightningXXX = distance.ST-00050585.evt_strike
lightningYYY = energy.ST-00050585.evt_strike
[[CWOP]] This section is to upload Weather data to CWOP for display on APRS
enable = True
station = W5GED (Your station ID goes here)
passcode = PASSCODE
[[MQTT]]
server_url = mqtt://USERNAME:PASSWORD@IPADDRESS:1883
retain = True
topic = homeassistant/weather
> sudo tail -f /var/log/syslog (to check status)
> sudo nano /etc/weewx/skins/Seasons/skin.conf
show_rss = False
observations_current = outTemp, heatindex, windchill, dewpoint, outHumidity, barometer, windSpeed, rain, rainRate, UV, radiation, lightning_strike_count
observations_stats = outTemp, heatindex, windchill, dewpoint, outHumidity, barometer, windSpeed, rain, rainRate, hail, hailRate, snow, UV, radiation
sensor_connections =
sensor_batteries = outTempBatteryStatus
sensor_voltages =
plot_groups = barometer, tempdew, tempfeel, hum, wind, winddir, windvec, rain, UV, radiation, lightning, tempext, humext
*** SAVE YOUR SETTINGS! These files will get wiped every time WeeWx updates!
==== UniFi Network Controller ====
> sudo apt install ca-certificates apt-transport-https
> sudo apt install gnupg2 wget
> wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
> echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
> sudo apt update
> sudo apt install mongodb-org
> sudo systemctl enable --now mongod
> echo 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
> sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg
> sudo apt install unifi