Actions

Etherbox : Différence entre versions

De erg

(HEADER.shtml)
(Setup apache to serve the root with custom header + readme's)
 
(48 révisions intermédiaires par 2 utilisateurs non affichées)
Ligne 1 : Ligne 1 :
(Based on a setup used for working sessions at [http://constantvzw.org constant]. MM)
+
== Context ==
 +
The idea of an "etherbox" arose from experiences developing local-server infrastructures for collaboration for working sessions organized by [http://constantvzw.org Constant ASBL]. This (as of 2018) still in development project is documented [http://gitlab.constantvzw.org/aa/etherbox here].
 +
 
  
 
== Copy the starting image ==
 
== Copy the starting image ==
Ligne 64 : Ligne 66 :
 
<pre>sudo apt-get update
 
<pre>sudo apt-get update
 
sudo apt-get upgrade</pre>
 
sudo apt-get upgrade</pre>
 +
 +
== Change hostname from raspberrypi to etherbox ==
 +
 +
In 2 places:
 +
 +
    sudo nano /etc/hostname
 +
 +
    sudo nano /etc/hosts
 +
 +
change to:
 +
 +
<pre>
 +
127.0.0.1      localhost
 +
::1            localhost ip6-localhost ip6-loopback
 +
ff02::1        ip6-allnodes
 +
ff02::2        ip6-allrouters
 +
 +
127.0.1.1      etherbox
 +
</pre>
 +
 +
Best to reboot after this, otherwise it gives warnings all the time.
 +
 +
<pre>sudo reboot</pre>
  
 
== Assign Static Ip Adress to the Pi ==
 
== Assign Static Ip Adress to the Pi ==
Ligne 98 : Ligne 123 :
 
<pre>    ServerAdmin webmaster@localhost
 
<pre>    ServerAdmin webmaster@localhost
 
     # DocumentRoot /var/www/html
 
     # DocumentRoot /var/www/html
     DocumentRoot /home/pi
+
     DocumentRoot /home/pi/www
     <Directory /home/pi>
+
     <Directory /home/pi/www>
 
           Options Indexes FollowSymLinks
 
           Options Indexes FollowSymLinks
 
           AllowOverride none
 
           AllowOverride none
Ligne 113 : Ligne 138 :
  
 
=== droptoupload.cgi ===
 
=== droptoupload.cgi ===
 +
 +
Drop to upload is a CGI python script that allows users to drop files to upload them in the apache directory listings.
 +
 +
First enable the cgi-bin with apache
  
 
<pre>sudo a2enmod cgi
 
<pre>sudo a2enmod cgi
sudo service apache2 restart</pre>
+
sudo systemctl restart apache2</pre>
Placed 'droptoupload.cgi' in /usr/lib/cgi-bin and tried running it with:
+
 
 +
Download the script to the cgi-bin.
 +
 
 +
    cd /usr/lib/cgi-bin
 +
    sudo wget https://gitlab.constantvzw.org/aa/etherbox/raw/master/usr/lib/cgi-bin/droptoupload.cgi
 +
    sudo chmod +x droptoupload.cgi
 +
 
  
 +
You can test running it with...
 
<pre>./droptoupload.cgi</pre>
 
<pre>./droptoupload.cgi</pre>
 +
 
Like this is just outputs an HTML form. Looking at http://etherbox.local/cgi-bin/droptoupload.cgi should also display an upload form.
 
Like this is just outputs an HTML form. Looking at http://etherbox.local/cgi-bin/droptoupload.cgi should also display an upload form.
  
The HEADER.shtml includes a link to this cgi.
+
The HEADER.shtml (next step) includes a link to this cgi.
  
  sudo chmod +x droptoupload.cgi
+
=== /home/pi/include/HEADER.shtml ===
 +
<pre>nano /home/pi/include/HEADER.shtml</pre>
 +
(don't use sudo)
  
=== HEADER.shtml ===
+
<source lang="html">
Sample Header that adds javascript to:
+
<script src="/cgi-bin/droptoupload.cgi"></script>
* Move the README.html to the TOP of the page
+
<style>
 
 
<pre class="html">&lt;script src=&quot;/cgi-bin/droptoupload.cgi&quot;&gt;&lt;/script&gt;
 
&lt;style&gt;
 
 
body {
 
body {
 
background: #38b8e9;
 
background: #38b8e9;
Ligne 142 : Ligne 178 :
 
font-family: monospace;
 
font-family: monospace;
 
}
 
}
&lt;/style&gt;
+
</style>
&lt;div class=&quot;links&quot; style=&quot;margin-bottom: 1em&quot;&gt;LOCAL:
+
<div class="links" style="margin-bottom: 1em">LOCAL:
&lt;a href=&quot;/&quot;&gt;&amp;nbsp;/&amp;nbsp;&lt;/a&gt;
+
<a href="/">home</a>
&lt;a href=&quot;/home/pi/&quot;&gt;home&lt;/a&gt;
+
<a href="/" onclick="javascript:event.target.port=9001">etherpad</a>
&lt;a href=&quot;/home/pi/etherdump/&quot;&gt;etherdump&lt;/a&gt;
+
<a href="/etherdump/index2.html">etherdump</a>
 
PUBLIC:
 
PUBLIC:
&lt;a href=&quot;http://constantvzw.org/site/-The-Technogalactic-Software-Observatory-.html&quot;&gt;constant&lt;/a&gt;
+
<a href="http://erg.be/">erg</a>
&lt;a href=&quot;https://gitlab.constantvzw.org/observatory&quot;&gt;gitlab&lt;/a&gt;
+
<a href="http://erg.activearchives.org/mw/index.php/Etherbox">mode d'emploi</a>
&lt;/div&gt;
+
</div>
&lt;style&gt;
+
<style>
 
.links {
 
.links {
 
font-family: monospace;
 
font-family: monospace;
 
text-transform: uppercase;
 
text-transform: uppercase;
&lt;/style&gt;
+
</style>
&lt;script&gt;
+
<script>
document.addEventListener(&quot;DOMContentLoaded&quot;, function () {
+
document.addEventListener("DOMContentLoaded", function () {
   var p = document.querySelectorAll(&quot;.top&quot;),
+
   var p = document.querySelectorAll(".top"),
       t = document.getElementsByTagName(&quot;table&quot;)[0];
+
       t = document.getElementsByTagName("table")[0];
   for (var i=0, l=p.length; i&lt;l; i++) {
+
   for (var i=0, l=p.length; i<l; i++) {
 
     document.body.insertBefore(p[i], t);
 
     document.body.insertBefore(p[i], t);
 
   }
 
   }
 
});
 
});
&lt;/script&gt;</pre>
+
</script>
 +
</source>
  
 
== Better permissions with facl ==
 
== Better permissions with facl ==
Ligne 170 : Ligne 207 :
 
[http://www.linuxcommand.org/man_pages/setfacl1.html setfacl]
 
[http://www.linuxcommand.org/man_pages/setfacl1.html setfacl]
  
<pre>sudo addgroup pi www-data
+
<pre>sudo apt install acl
 +
sudo addgroup pi www-data
  
 
sudo setfacl -Rm g:www-data:rwX /home/pi
 
sudo setfacl -Rm g:www-data:rwX /home/pi
Ligne 195 : Ligne 233 :
  
 
Les fichiers se trouvent dans opt/etherpad/var sous forme d'un seul fichier "dirtyDB" - > You should use a dedicated database such as "mysql", if you are planning on using etherpad-in a production environment.
 
Les fichiers se trouvent dans opt/etherpad/var sous forme d'un seul fichier "dirtyDB" - > You should use a dedicated database such as "mysql", if you are planning on using etherpad-in a production environment.
<pre>sudo apt-get install mysql-server</pre>
 
  
 
Create your setting file.
 
Create your setting file.
<pre>sudo cp settings.json.template settings.json</pre>
+
<pre>cd etherpad
 +
sudo --user etherpad cp settings.json.template settings.json
 +
 
 +
sudo cp settings.json.template settings.json</pre>
 
then, desactivate the dirty.db file and configure the mysql database
 
then, desactivate the dirty.db file and configure the mysql database
<pre>sudo nano settings.json</pre>
+
<pre>sudo --user etherpad nano settings.json</pre>
  
 
Find and change this part :
 
Find and change this part :
Ligne 242 : Ligne 282 :
 
<pre>create database etherpad;
 
<pre>create database etherpad;
 
grant all on etherpad.* to 'etherpaduser'@'localhost' identified by 'etherpadpass';</pre>
 
grant all on etherpad.* to 'etherpaduser'@'localhost' identified by 'etherpadpass';</pre>
 +
 +
Use Ctrl-D to quit mysql. And exit to quit su.
  
 
Just to test if it works :
 
Just to test if it works :
  
 
<pre>mysql -u etherpaduser -p etherpad</pre>
 
<pre>mysql -u etherpaduser -p etherpad</pre>
 
 
  
 
=== Run etherpad for the first time as the etherpad user...===
 
=== Run etherpad for the first time as the etherpad user...===
Ligne 253 : Ligne 293 :
 
<pre>cd /opt/etherpad
 
<pre>cd /opt/etherpad
 
sudo --user etherpad bin/run.sh</pre>
 
sudo --user etherpad bin/run.sh</pre>
Following the first recipe on this page about [https://github.com/ether/etherpad-lite/wiki/How-to-deploy-Etherpad-Lite-as-a-service deploying etherpad as a systemd service]
+
 
 +
The first time you run the etherpad software it takes a **long** time as it downloads related packages. It may also give quite some warnings, but hopefully no errors.
  
 
=== Setup etherpad to start as a service ===
 
=== Setup etherpad to start as a service ===
Ligne 277 : Ligne 318 :
 
<pre>sudo systemctl start etherpad</pre>
 
<pre>sudo systemctl start etherpad</pre>
  
And to automatically start on boot:
+
Check if it's working with:
 +
 
 +
<pre>sudo systemctl status etherpad</pre>
 +
 
 +
And finally automatically start on boot:
  
 
<pre>sudo systemctl enable etherpad</pre>
 
<pre>sudo systemctl enable etherpad</pre>
 +
 +
Change the welcome text
 +
 +
<pre>sudo --user etherpad nano settings.json</pre>
 +
 +
If you want to keep the pad private, add the __NOPUBLISH__ tag into the body text
  
 
== etherdump ==
 
== etherdump ==
Ligne 291 : Ligne 342 :
 
Install from repo:
 
Install from repo:
  
<pre>git clone http://murtaugh@gitlab.constantvzw.org/aa/etherdump.git
+
<pre>
 +
cd
 +
mkdir Software
 +
cd Software
 +
git clone http://murtaugh@gitlab.constantvzw.org/aa/etherdump.git
 
cd etherdump
 
cd etherdump
 
sudo python3 setup.py install</pre>
 
sudo python3 setup.py install</pre>
  
=== Setup the folder ===
+
=== Init the folder ===
 +
You need the API key. Copy it from:
  
 +
<pre>cat /opt/etherpad/APIKEY.txt</pre>
 +
 +
Then...
 
<pre>cd /home/pi
 
<pre>cd /home/pi
 
mkdir etherdump
 
mkdir etherdump
 
cd etherdump
 
cd etherdump
 
etherdump init</pre>
 
etherdump init</pre>
Type in:
 
 
<pre>http://etherbox.local:9001/</pre>
 
And paste the API key. (Look at: /opt/etherpad/APIKEY.txt)
 
 
=== styles.css + versions.js ===
 
 
scp styles.css versions.js pi@etherbox.local:etherdump/lib
 
 
The URLs of these files are options to the etherdump pull command and should match.
 
 
=== etherdump.sh + cron ===
 
 
Make the script that runs automatically.
 
 
<pre>nano etherdump.sh</pre>
 
<pre>#!/bin/bash
 
# PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games
 
cd /home/pi/etherdump
 
etherdump pull --all --pub /home/pi/etherdump --css lib/styles.css --script lib/versions.js
 
etherdump index *.meta.json &gt; index.html</pre>
 
And set it to run every 5 minutes
 
 
<pre>crontab -e</pre>
 
<pre>PATH=/home/pi/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
# m h  dom mon dow  command
 
*/5 * * * * /home/pi/etherdump.sh &gt; /home/pi/cron.log.txt 2&gt;&amp;1</pre>
 
The PATH is important. It can also be in the etherdump.sh but basically should match what you see when you &quot;echo $PATH&quot; (for the script to run in the same way as for the pi user).
 
 
== Install Pandoc (+ tex -- for PDF generation ... takes a long time) ==
 
 
    sudo apt-get install pandoc texlive-latex-recommended texlive-fonts-recommended
 
 
== Access point ==
 
 
Taken from [https://pzwiki.wdka.nl/mediadesign/The_Ultimate_RPi_Installation_Guide#Access_Point_with_Captive_Portal this &quot;ultimate&quot; guide]
 
 
<pre>apt-get install dnsmasq wireless-tools hostapd
 
 
# the next wasn't necessary for jessie, but for completeness..
 
RPI3 broadcom chip
 
apt-get install firmware-brcm80211
 
rmmod brcmfmac
 
modprobe brcmfmac</pre>
 
Give fixed IP to wlan0 interface, edit /etc/network/interfaces switch off the built in stuff and add (section 2):
 
  
<pre>auto eth0
+
For the URL use: http://192.168.1.5:9001/
allow-hotplug eth0
 
iface etho inet dhcp
 
  
#################################
+
And paste the API key.
# 1. ORIGINAL settings... use wpa_supplicant for client mode
 
#allow-hotplug wlan0
 
#iface wlan0 inet manual
 
#    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
 
#
 
#################################
 
# 2. Fixed IP address (for hotspot / hostapd)
 
auto wlan0
 
iface wlan0 inet static
 
address 10.9.8.7
 
netmask 255.255.255.0
 
#################################</pre>
 
Replace /etc/dnsmasq.conf with:
 
  
<pre>interface=wlan0
+
== Use pandoc to convert pads to HTML ==
dhcp-range=10.9.8.10,50.9.8.254,12h
 
address=/#/10.9.8.7
 
no-resolv</pre>
 
Edit /etc/hostapd/hostapd.conf file (adjust depending on driver/hardware)
 
  
<pre>interface=wlan0
+
Pandoc is used to convert markdown files to HTML.
driver=nl80211
 
ssid=WiFeels
 
hw_mode=g
 
channel=6</pre>
 
Edit /etc/default/hostapd and add
 
 
 
<pre>DAEMON_CONF=&quot;/etc/hostapd/hostapd.conf&quot;</pre>
 
Make hostapd start at boot
 
 
 
<pre>update-rc.d hostapd defaults</pre>
 
Reboot.
 
 
 
= Extra =
 
  
Changed dnsmasq.conf
+
    sudo apt-get install pandoc
  
<pre>interface=wlan0
+
== Create an image gallery with imagemagick ==
dhcp-range=10.9.10.50,10.9.10.254,12h
 
#address=/#/10.9.10.7                                                                                                          # no-resolv</pre>
 
AND added to /etc/hosts
 
  
<pre>10.9.10.7 etherbox.local</pre>
+
Imagemagick to make thumbnails.
and this seems to then work over the direct hotspot connection.
 
  
= Tunnel =
+
    sudo apt-get install imagemagick
  
== Configure ssh to use the tunnel ==
+
== cron.sh ==
  
TODO: THESE INSTRUCTIONS ARE FOR THE WEBSITE BOT/X .. NOT THE ETHERBOX
+
<pre>nano /home/pi/cron.sh</pre>
  
BASED ON: http://activearchives.org/wiki/Making_a_local_server_public_with_pagekite.py
 
 
~/.ssh/config
 
 
    Host erg.activearchives.org
 
    CheckHostIP no
 
    ProxyCommand /usr/bin/corkscrew %h 10107 %h %p
 
 
= cron.sh =
 
 
<source lang="bash">
 
<source lang="bash">
 
# Dump the etherpad to files
 
# Dump the etherpad to files
Ligne 426 : Ligne 395 :
 
</source>
 
</source>
  
 +
Make it executable:
  
 +
<pre>chmod +x /home/pi/cron.sh</pre>
  
= makefile =
+
== makefile ==
 
The makefile defines the "recipe" that turns the pads (when they are named something.md) into HTML.
 
The makefile defines the "recipe" that turns the pads (when they are named something.md) into HTML.
 
The "%.html: %.md" is an "implicit rule" that defines how any ".md" file (right hand side, or pre-requesite, can be turned into a ".html" file (left hand side, or "target" in the language of the makefile. For this kind of rule the [https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html special variables] can be really useful (like $< and $@).
 
The "%.html: %.md" is an "implicit rule" that defines how any ".md" file (right hand side, or pre-requesite, can be turned into a ".html" file (left hand side, or "target" in the language of the makefile. For this kind of rule the [https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html special variables] can be really useful (like $< and $@).
  
 
This makefile uses the pandoc program to convert markdown to html. This program has LOTS of options is quite powerful. Good documenation on the markdown format, and how pandoc supports it is: http://pandoc.org/MANUAL.html#pandocs-markdown
 
This makefile uses the pandoc program to convert markdown to html. This program has LOTS of options is quite powerful. Good documenation on the markdown format, and how pandoc supports it is: http://pandoc.org/MANUAL.html#pandocs-markdown
 +
 +
<pre>nano /home/pi/makefile</pre>
  
 
<source lang="bash">
 
<source lang="bash">
Ligne 450 : Ligne 423 :
 
</source>
 
</source>
  
= include/etherdump.template.html =
+
== include/etherdump.template.html ==
 
<source lang="html">
 
<source lang="html">
 
<!DOCTYPE html>
 
<!DOCTYPE html>
Ligne 505 : Ligne 478 :
  
 
</source>
 
</source>
 +
 +
== Enable the cron job ==
 +
 +
<pre>crontab -e</pre>
 +
 +
The following runs the cron.sh '''every minute'''.
 +
 +
<source lang="bash">
 +
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin$
 +
 +
# For more information see the manual pages of crontab(5) and cro$
 +
#
 +
# m h  dom mon dow  command
 +
* * * * * /home/pi/cron.sh 2> /home/pi/cron.log
 +
</source>
 +
 +
== Access point ==
 +
 +
'''DRAFT --- NOT TESTED'''
 +
 +
Taken from [https://pzwiki.wdka.nl/mediadesign/The_Ultimate_RPi_Installation_Guide#Access_Point_with_Captive_Portal this &quot;ultimate&quot; guide]
 +
 +
<pre>apt-get install dnsmasq wireless-tools hostapd
 +
 +
# the next wasn't necessary for jessie, but for completeness..
 +
RPI3 broadcom chip
 +
apt-get install firmware-brcm80211
 +
rmmod brcmfmac
 +
modprobe brcmfmac</pre>
 +
Give fixed IP to wlan0 interface, edit /etc/network/interfaces switch off the built in stuff and add (section 2):
 +
 +
<pre>auto eth0
 +
allow-hotplug eth0
 +
iface etho inet dhcp
 +
 +
#################################
 +
# 1. ORIGINAL settings... use wpa_supplicant for client mode
 +
#allow-hotplug wlan0
 +
#iface wlan0 inet manual
 +
#    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
 +
#
 +
#################################
 +
# 2. Fixed IP address (for hotspot / hostapd)
 +
auto wlan0
 +
iface wlan0 inet static
 +
address 10.9.8.7
 +
netmask 255.255.255.0
 +
#################################</pre>
 +
Replace /etc/dnsmasq.conf with:
 +
 +
<pre>interface=wlan0
 +
dhcp-range=10.9.8.10,50.9.8.254,12h
 +
address=/#/10.9.8.7
 +
no-resolv</pre>
 +
Edit /etc/hostapd/hostapd.conf file (adjust depending on driver/hardware)
 +
 +
<pre>interface=wlan0
 +
driver=nl80211
 +
ssid=WiFeels
 +
hw_mode=g
 +
channel=6</pre>
 +
Edit /etc/default/hostapd and add
 +
 +
<pre>DAEMON_CONF=&quot;/etc/hostapd/hostapd.conf&quot;</pre>
 +
Make hostapd start at boot
 +
 +
<pre>update-rc.d hostapd defaults</pre>
 +
Reboot.
 +
 +
== Create a pagekite "backend" (pi) ==
 +
 +
<pre>cd /home/pi/Software
 +
wget https://pagekite.net/pk/pagekite.py
 +
chmod +x pagekite.py
 +
</pre>
 +
 +
<pre>sudo nano /etc/systemd/system/pagekite.service</pre>
 +
 +
<source lang="bash">
 +
[Unit]
 +
Description=pagekite
 +
After=syslog.target network.target
 +
 +
[Service]
 +
Type=simple
 +
User=pi
 +
Group=pi
 +
ExecStart=/home/pi/Software/pagekite.py --clean --frontend=erg2.activearchives.org:10108 --service_on=http://erg2.activearchives.org:localhost:80:lartnesenseignepas
 +
 +
[Install]
 +
WantedBy=multi-user.target
 +
</source>
 +
 +
Test:
 +
sudo systemctl start pagekite
 +
sudo systemctl status pagekite
 +
 +
Enable:
 +
sudo systemctl enable pagekite
 +
 +
== Create a pagekite tunnel frontend (on a public server) ==
 +
 +
See: http://activearchives.org/wiki/Making_a_local_server_public_with_pagekite.py
 +
 +
== Configure your laptop's ssh to use the tunnel ==
 +
 +
'''DRAFT'''
 +
 +
~/.ssh/config
 +
 +
    Host erg.activearchives.org
 +
    CheckHostIP no
 +
    ProxyCommand /usr/bin/corkscrew %h 10107 %h %p
 +
 +
== To shutdown the box cleanly ==
 +
 +
<pre>sudo shutdown -h now</pre>
 +
 +
== To ssh to the pi ==
 +
 +
From your laptop's terminal:
 +
 +
<pre>ssh pi@192.168.1.5</pre>
 +
 +
And use the password (standard pi password is 'raspberry').
 +
 +
== Get a LEGO case for the pi ==
 +
 +
See [https://www.amazon.de/Pi-Blox-Case-Raspberry-Model-Camera/dp/B017Z32E80/ref=sr_1_2?ie=UTF8&qid=1517740260&sr=8-2&keywords=pi+blox&dpID=41d%252BLm8rAuL&preST=_SX300_QL70_&dpSrc=srch Pi Blox] case
 +
 +
== Create a reverse proxy for the etherpad ==
 +
 +
Creating a tunnel to give your local server a public address exposes only the (Apache) webserver (aka traffic on port 80). In order to make the etherpad visible and usable publically, it's possible to create a "reverse proxy" that creates access to the etherpad (on port 9001) via the webserver. To do this we create a special "virtual" location (/pad) and tell apache to redirect traffic to etherpad.
 +
 +
This recipe is based on information found [https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy here].
 +
 +
    sudo a2enmod proxy proxy_http headers proxy_wstunnel deflate rewrite
 +
 +
 +
<source lang="bash">
 +
<VirtualHost *:80>
 +
# The ServerName directive sets the request scheme, hostname and port that
 +
# the server uses to identify itself. This is used when creating
 +
# redirection URLs. In the context of virtual hosts, the ServerName
 +
# specifies what hostname must appear in the request's Host: header to
 +
# match this virtual host. For the default virtual host (this file) this
 +
# value is not decisive as it is used as a last resort host regardless.
 +
# However, you must set it for any further virtual host explicitly.
 +
#ServerName www.example.com
 +
 +
ServerAdmin webmaster@localhost
 +
# DocumentRoot /var/www/html
 +
DocumentRoot /home/pi
 +
    <Directory /home/pi>
 +
          Options Indexes FollowSymLinks
 +
          AllowOverride none
 +
          Require all granted
 +
    </Directory>
 +
 +
    HeaderName /include/HEADER.shtml
 +
    ReadmeName README.html
 +
 +
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
 +
# error, crit, alert, emerg.
 +
# It is also possible to configure the loglevel for particular
 +
# modules, e.g.
 +
#LogLevel info ssl:warn
 +
 +
ErrorLog ${APACHE_LOG_DIR}/error.log
 +
CustomLog ${APACHE_LOG_DIR}/access.log combined
 +
 +
# For most configuration files from conf-available/, which are
 +
# enabled or disabled at a global level, it is possible to
 +
# include a line for only one particular virtual host. For example the
 +
# following line enables the CGI configuration for this host only
 +
# after it has been globally disabled with "a2disconf".
 +
#Include conf-available/serve-cgi-bin.conf
 +
 +
    # ETHERPAD PROXY
 +
    ProxyVia On
 +
    ProxyRequests Off
 +
    ProxyPreserveHost on
 +
  <Location /pad/>
 +
        ProxyPass http://localhost:9001/ retry=0 timeout=30
 +
        ProxyPassReverse http://localhost:9001/
 +
    </Location>
 +
    <Location /pad/socket.io>
 +
        # This is needed to handle the websocket transport through the proxy, since
 +
        # etherpad does not use a specific sub-folder, such as /ws/ to handle this kind of traffic.
 +
        # Taken from https://github.com/ether/etherpad-lite/issues/2318#issuecomment-63548542
 +
        # Thanks to beaugunderson for the semantics
 +
        RewriteEngine On
 +
        RewriteCond %{QUERY_STRING} transport=websocket    [NC]
 +
        RewriteRule /(.*) ws://localhost:9001/socket.io/$1 [P,L]
 +
        ProxyPass http://localhost:9001/socket.io retry=0 timeout=30
 +
        ProxyPassReverse http://localhost:9001/socket.io
 +
    </Location>
 +
 +
    <Proxy *>
 +
      Options FollowSymLinks MultiViews
 +
      AllowOverride All
 +
      Order allow,deny
 +
      allow from all
 +
    </Proxy>
 +
 +
</VirtualHost>
 +
 +
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
 +
</source>
 +
 +
== Error messages FAQ ==
 +
 +
=== Failed to restart apache2.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files ===
 +
 +
When you see this you maybe just forgot to sudo, as in:
 +
 +
    sudo systemctl restart apache2

Version actuelle datée du 27 juin 2018 à 20:26

Context

The idea of an "etherbox" arose from experiences developing local-server infrastructures for collaboration for working sessions organized by Constant ASBL. This (as of 2018) still in development project is documented here.


Copy the starting image

Downloaded from https://www.raspberrypi.org/downloads/raspbian/

Based on the "lite" image (zip or torrent). As of 20 Jan 2018, this is Raspian "Stretch" lite.

The **lite** image has no desktop / windows session.

Based on 2017-04-10-raspian-jessie-lite.zip

unzip -p 2017-04-10-raspbian-jessie-lite.zip | pv | sudo dd of=/dev/sdc bs=4M

You could use Etcher.io as well

Enable SSH

SSH is no longer on by default!

Before putting the SD card in the pi, you can enable ssh. Just create a empty file named "ssh" and save it in the /boot partition of the SD Card.

So mount the SD card and

 cd /media/USERNAME/boot
 touch ssh

Otherwise, you can connect with a screen and run:

sudo raspi-config

Then enable ssh under connectivity.

Find the IP address of the pi

Simplest way is to connect on a wired network that has DHCP and plug both the pi and your laptop into a router with ethernet cables, then type:

   ping raspberrypi.local

And you should be able to see the IP address.

Then you can connect with ssh with either:

   ssh pi@raspberrypi.local

or with the IP address in place of "raspberrypi.local" if you are on the wifi.

Login with the default password "raspberry"

Make it easier to login, with an ssh key

Starting from your laptop (open a new Terminal session if you are connected to the pi):

   ssh-keygen

Choose the defaults. This generates an "ssh key" pair.

Use the ssh-copy-id utility to send it to the pi.

   ssh-copy-id pi@raspberrypi.local

Bring the rest of the software up to date

sudo apt-get update
sudo apt-get upgrade

Change hostname from raspberrypi to etherbox

In 2 places:

   sudo nano /etc/hostname
   sudo nano /etc/hosts

change to:

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1       etherbox

Best to reboot after this, otherwise it gives warnings all the time.

sudo reboot

Assign Static Ip Adress to the Pi

For that, you need to modify a file named 'dhcpcd.conf'. But first, you need to backup this file :

cd /etc/
sudo cp dhcpcd.conf ddhcpcd.conf.original

Then modify the 'dhcpcd.conf' :

 sudo nano dhcpcd.conf

Then find this and replace (with your value) :

# Example static IP configuration:
interface eth0
static ip_address=192.168.1.5/24
#static ip6_address=fd51:42f8:caae:d92e::ff/64
static routers=192.168.1.1
static domain_name_servers=192.168.1.1

Where 192.168.1.5/24 is the new Ip address of your Pi.

At last, reboot your Pi :

sudo reboot

Setup apache to serve the root with custom header + readme's

sudo apt-get install apache2
cd /etc/apache2/sites-available
sudo nano 000-default.conf
    ServerAdmin webmaster@localhost
    # DocumentRoot /var/www/html
    DocumentRoot /home/pi/www
    <Directory /home/pi/www>
           Options Indexes FollowSymLinks
           AllowOverride none
           Require all granted
    </Directory>

    HeaderName /include/HEADER.shtml
    ReadmeName README.html

NB: Sets the HeaderName and ReadmeName directives (part of mod_autoindex).

sudo service apache2 reload

droptoupload.cgi

Drop to upload is a CGI python script that allows users to drop files to upload them in the apache directory listings.

First enable the cgi-bin with apache

sudo a2enmod cgi
sudo systemctl restart apache2

Download the script to the cgi-bin.

   cd /usr/lib/cgi-bin
   sudo wget https://gitlab.constantvzw.org/aa/etherbox/raw/master/usr/lib/cgi-bin/droptoupload.cgi
   sudo chmod +x droptoupload.cgi


You can test running it with...

./droptoupload.cgi

Like this is just outputs an HTML form. Looking at http://etherbox.local/cgi-bin/droptoupload.cgi should also display an upload form.

The HEADER.shtml (next step) includes a link to this cgi.

/home/pi/include/HEADER.shtml

nano /home/pi/include/HEADER.shtml

(don't use sudo)

<source lang="html"> <script src="/cgi-bin/droptoupload.cgi"></script> <style> body { background: #38b8e9; color: black; } a { color: white; }

  1. logo {

white-space: pre; font-family: monospace; } </style>

<style> .links { font-family: monospace; text-transform: uppercase; </style> <script> document.addEventListener("DOMContentLoaded", function () {

 var p = document.querySelectorAll(".top"),
     t = document.getElementsByTagName("table")[0];
 for (var i=0, l=p.length; i<l; i++) {
   document.body.insertBefore(p[i], t);
 }

}); </script> </source>

Better permissions with facl

setfacl

sudo apt install acl
sudo addgroup pi www-data

sudo setfacl -Rm g:www-data:rwX /home/pi
sudo setfacl -d -Rm g:www-data:rwX /home/pi

Unfortunately, I had problems then with permissions on the .ssh folder (preventing keys to be used). To remove the fact on just this folder:

sudo chmod g-w /home/pi

Install etherpad

And the version of "nodejs" is now 0.10.29~dfsg-2. So let's try it with etherpad...

sudo apt-get install npm git

sudo ln -s /usr/bin/nodejs /usr/bin/node

cd /opt
sudo git clone https://github.com/ether/etherpad-lite.git
sudo mv etherpad-lite etherpad

# TODO: don't create home folder! ... find option
sudo adduser --system --home=/opt/etherpad --group etherpad
sudo chown -R etherpad:etherpad etherpad

Les fichiers se trouvent dans opt/etherpad/var sous forme d'un seul fichier "dirtyDB" - > You should use a dedicated database such as "mysql", if you are planning on using etherpad-in a production environment.

Create your setting file.

cd etherpad
sudo --user etherpad cp settings.json.template settings.json

sudo cp settings.json.template settings.json

then, desactivate the dirty.db file and configure the mysql database

sudo --user etherpad nano settings.json

Find and change this part :

  //The Type of the database. You can choose between dirty, postgres, sqlite and mysql
  //You shouldn't use "dirty" for for anything else than testing or development
 /* "dbType" : "dirty",
  //the database specific settings
  "dbSettings" : {
                   "filename" : "var/dirty.db"
                 },
*/
  //An Example of MySQL Configuration
   "dbType" : "mysql",
   "dbSettings" : {
                    "user"    : "etherpaduser",
                    "host"    : "localhost",
                    "password": "etherpadpass",
                    "database": "etherpad",
                    "charset" : "utf8mb4"
                  },

Set up Mysql

First thing to do is to install MySQL :

sudo apt-get install mysql-server

Then create the database, for this we need to login with the Root user (super-user) :

sudo su

Run mysql  :

mysql

Then create the database and the user 'etherpaduser' with the password 'etherpadpass' :

create database etherpad;
grant all on etherpad.* to 'etherpaduser'@'localhost' identified by 'etherpadpass';

Use Ctrl-D to quit mysql. And exit to quit su.

Just to test if it works :

mysql -u etherpaduser -p etherpad

Run etherpad for the first time as the etherpad user...

cd /opt/etherpad
sudo --user etherpad bin/run.sh

The first time you run the etherpad software it takes a **long** time as it downloads related packages. It may also give quite some warnings, but hopefully no errors.

Setup etherpad to start as a service

sudo nano /etc/systemd/system/etherpad.service
[Unit]
Description=Etherpad-lite, the collaborative editor.
After=syslog.target network.target

[Service]
Type=simple
User=etherpad
Group=etherpad
WorkingDirectory=/opt/etherpad
ExecStart=/usr/bin/nodejs /opt/etherpad/node_modules/ep_etherpad-lite/node/server.js
Restart=always

[Install]
WantedBy=multi-user.target

After this, to start once...

sudo systemctl start etherpad

Check if it's working with:

sudo systemctl status etherpad

And finally automatically start on boot:

sudo systemctl enable etherpad

Change the welcome text

sudo --user etherpad nano settings.json

If you want to keep the pad private, add the __NOPUBLISH__ tag into the body text

etherdump

Etherdump is a script that dumps all pads to different format text files. It's run periodically by a cron job to create a running archive of the etherpads.

Install deps:

sudo apt install python3-pip
sudo pip3 install python-dateutil jinja2 html5lib

Install from repo:

cd
mkdir Software
cd Software
git clone http://murtaugh@gitlab.constantvzw.org/aa/etherdump.git
cd etherdump
sudo python3 setup.py install

Init the folder

You need the API key. Copy it from:

cat /opt/etherpad/APIKEY.txt

Then...

cd /home/pi
mkdir etherdump
cd etherdump
etherdump init

For the URL use: http://192.168.1.5:9001/

And paste the API key.

Use pandoc to convert pads to HTML

Pandoc is used to convert markdown files to HTML.

   sudo apt-get install pandoc

Create an image gallery with imagemagick

Imagemagick to make thumbnails.

   sudo apt-get install imagemagick

cron.sh

nano /home/pi/cron.sh

<source lang="bash">

  1. Dump the etherpad to files

cd etherdump etherdump pull --meta --text --dhtml --pub . --no-raw-ext etherdump index \

 *.meta.json \
 --templatepath /home/pi/include \
 --template etherdump.template.html \
 --title "Erg etherdump" > index2.html
  1. Run the makefile

cd /home/pi make </source>

Make it executable:

chmod +x /home/pi/cron.sh

makefile

The makefile defines the "recipe" that turns the pads (when they are named something.md) into HTML. The "%.html: %.md" is an "implicit rule" that defines how any ".md" file (right hand side, or pre-requesite, can be turned into a ".html" file (left hand side, or "target" in the language of the makefile. For this kind of rule the special variables can be really useful (like $< and $@).

This makefile uses the pandoc program to convert markdown to html. This program has LOTS of options is quite powerful. Good documenation on the markdown format, and how pandoc supports it is: http://pandoc.org/MANUAL.html#pandocs-markdown

nano /home/pi/makefile

<source lang="bash"> mdsrc=$(shell ls etherdump/*.md) htmldest=$(mdsrc:%.md=%.html)

all: $(htmldest)

  1. $< is the right part input prereq $@ is the target

%.html: %.md pandoc --from markdown \ --standalone \ --section-divs \ --smart \ --css styles.css \ --to html5 \ $< -o $@ </source>

include/etherdump.template.html

<source lang="html"> <!DOCTYPE html> <html lang="Modèle:Language"> <head> <meta charset="utf-8" /> <meta name="google-site-verification" content="Ro8-A1t6QCIzTm_O49iqKED8YbvVnMELgdKDjy1bnqc" /> <title>Modèle:Title</title> <link rel="stylesheet" type="text/css" href="{%block css %}styles.css{%endblock%}"> <link rel="alternate" type="application/rss+xml" href="recentchanges.rss"> {% block scripts %} <script src="jquery-latest.js"></script> <script src="jquery.tablesorter.min.js"></script> {% endblock scripts %} </head> <body>

Modèle:Title

To hide a pad from this listing, use the __NOPUBLISH__ tag.

Last updated Modèle:Timestamp.

<script src="index.js"></script>

<thead> </thead> <tbody> {% for pad in pads %} {% endfor %} </tbody>
name versions last edited revisions authors

<a href="Modèle:Pad.link">Modèle:Pad.padid</a>

{% for v in pad.versions %}<a href="Modèle:V.url">Modèle:V.type</a> {% endfor %} {% if pad.padid.endswith(".md") %}<a href="{{pad.padid.split(".", 1)[0]}}.html">html</a>{% endif %}

Modèle:Pad.lastedited iso Modèle:Pad.revisions Modèle:Pad.author ids

</body> </html>

</source>

Enable the cron job

crontab -e

The following runs the cron.sh every minute.

<source lang="bash"> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin$

  1. For more information see the manual pages of crontab(5) and cro$
  2. m h dom mon dow command
  • * * * * /home/pi/cron.sh 2> /home/pi/cron.log

</source>

Access point

DRAFT --- NOT TESTED

Taken from this "ultimate" guide

apt-get install dnsmasq wireless-tools hostapd

# the next wasn't necessary for jessie, but for completeness..
RPI3 broadcom chip 
apt-get install firmware-brcm80211
rmmod brcmfmac
modprobe brcmfmac

Give fixed IP to wlan0 interface, edit /etc/network/interfaces switch off the built in stuff and add (section 2):

auto eth0
allow-hotplug eth0
iface etho inet dhcp

#################################
# 1. ORIGINAL settings... use wpa_supplicant for client mode
#allow-hotplug wlan0
#iface wlan0 inet manual
#    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
#
#################################
# 2. Fixed IP address (for hotspot / hostapd)
auto wlan0
iface wlan0 inet static
address 10.9.8.7
netmask 255.255.255.0
#################################

Replace /etc/dnsmasq.conf with:

interface=wlan0
dhcp-range=10.9.8.10,50.9.8.254,12h
address=/#/10.9.8.7
no-resolv

Edit /etc/hostapd/hostapd.conf file (adjust depending on driver/hardware)

interface=wlan0
driver=nl80211
ssid=WiFeels
hw_mode=g
channel=6

Edit /etc/default/hostapd and add

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Make hostapd start at boot

update-rc.d hostapd defaults

Reboot.

Create a pagekite "backend" (pi)

cd /home/pi/Software
wget https://pagekite.net/pk/pagekite.py
chmod +x pagekite.py
sudo nano /etc/systemd/system/pagekite.service

<source lang="bash"> [Unit] Description=pagekite After=syslog.target network.target

[Service] Type=simple User=pi Group=pi ExecStart=/home/pi/Software/pagekite.py --clean --frontend=erg2.activearchives.org:10108 --service_on=http://erg2.activearchives.org:localhost:80:lartnesenseignepas

[Install] WantedBy=multi-user.target </source>

Test:

sudo systemctl start pagekite
sudo systemctl status pagekite

Enable:

sudo systemctl enable pagekite

Create a pagekite tunnel frontend (on a public server)

See: http://activearchives.org/wiki/Making_a_local_server_public_with_pagekite.py

Configure your laptop's ssh to use the tunnel

DRAFT

~/.ssh/config

   Host erg.activearchives.org
   CheckHostIP no
   ProxyCommand /usr/bin/corkscrew %h 10107 %h %p

To shutdown the box cleanly

sudo shutdown -h now

To ssh to the pi

From your laptop's terminal:

ssh pi@192.168.1.5

And use the password (standard pi password is 'raspberry').

Get a LEGO case for the pi

See Pi Blox case

Create a reverse proxy for the etherpad

Creating a tunnel to give your local server a public address exposes only the (Apache) webserver (aka traffic on port 80). In order to make the etherpad visible and usable publically, it's possible to create a "reverse proxy" that creates access to the etherpad (on port 9001) via the webserver. To do this we create a special "virtual" location (/pad) and tell apache to redirect traffic to etherpad.

This recipe is based on information found here.

   sudo a2enmod proxy proxy_http headers proxy_wstunnel deflate rewrite


<source lang="bash"> <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com

ServerAdmin webmaster@localhost # DocumentRoot /var/www/html DocumentRoot /home/pi

   	<Directory /home/pi>
          Options Indexes FollowSymLinks
          AllowOverride none
          Require all granted
   	</Directory>
   	HeaderName /include/HEADER.shtml
   	ReadmeName README.html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf

   # ETHERPAD PROXY
   ProxyVia On
   ProxyRequests Off
   ProxyPreserveHost on
  <Location /pad/>
       ProxyPass http://localhost:9001/ retry=0 timeout=30
       ProxyPassReverse http://localhost:9001/
   </Location>
   <Location /pad/socket.io>
       # This is needed to handle the websocket transport through the proxy, since
       # etherpad does not use a specific sub-folder, such as /ws/ to handle this kind of traffic.
       # Taken from https://github.com/ether/etherpad-lite/issues/2318#issuecomment-63548542
       # Thanks to beaugunderson for the semantics
       RewriteEngine On
       RewriteCond %{QUERY_STRING} transport=websocket    [NC]
       RewriteRule /(.*) ws://localhost:9001/socket.io/$1 [P,L]
       ProxyPass http://localhost:9001/socket.io retry=0 timeout=30
       ProxyPassReverse http://localhost:9001/socket.io
   </Location>
   <Proxy *>
     Options FollowSymLinks MultiViews
     AllowOverride All
     Order allow,deny
     allow from all
   </Proxy>

</VirtualHost>

  1. vim: syntax=apache ts=4 sw=4 sts=4 sr noet

</source>

Error messages FAQ

Failed to restart apache2.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files

When you see this you maybe just forgot to sudo, as in:

   sudo systemctl restart apache2