Raspberry Pi home server: Difference between revisions
| No edit summary | |||
| (39 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| == About this page. == | == About this page. == | ||
| This page contains explanation of the things i did to make different  | This page contains explanation of *most* of the things i did to make all the different parts live nicely together on my Raspberri Pi... It is a bit complicated, and i tend to forget to document stuff, when I run into a problem i cannot easily defeat ;-) | ||
| Links to projects i have used: | |||
|   https://www.pestmeester.nl/ is the base inspiration for my [https://en.wikipedia.org/wiki/Home_server Home Server]. |   https://www.pestmeester.nl/ is the base inspiration for my [https://en.wikipedia.org/wiki/Home_server Home Server]. | ||
| Line 8: | Line 10: | ||
| == Hardware == | == Hardware == | ||
|   Raspberry Pi 3 Model B |   [https://www.raspberrypi.org/products/raspberry-pi-3-model-b/ Raspberry Pi 3 Model B] | ||
|   4 Gb MicroSD card. |   4 Gb MicroSD card. | ||
|   USB Harddrive, 500 Gb SSHD |   USB Harddrive, 500 Gb SSHD | ||
| Line 32: | Line 34: | ||
| Then, because PHP 7 is not available in jessie repo I get it from the [https://wiki.debian.org/DebianStretch stretch repo]: | Then, because PHP 7 is not available in jessie repo I get it from the [https://wiki.debian.org/DebianStretch stretch repo]: | ||
|  # Add the GPG keys needed to use the stretch repository | |||
|   sudo gpg --keyserver pgpkeys.mit.edu --recv-key  8B48AD6246925553        |   sudo gpg --keyserver pgpkeys.mit.edu --recv-key  8B48AD6246925553        | ||
|   sudo gpg -a --export 8B48AD6246925553 | sudo apt-key add - |   sudo gpg -a --export 8B48AD6246925553 | sudo apt-key add - | ||
|   sudo gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010        |   sudo gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010        | ||
|   sudo gpg -a --export 7638D0442B90D010 | sudo apt-key add - |   sudo gpg -a --export 7638D0442B90D010 | sudo apt-key add - | ||
|  # Add the stretch repo as a source for apt | |||
|   sudo echo "deb http://httpredir.debian.org/debian stretch main contrib non-free" | sudo tee /etc/apt/sources.list.d/debian-stretch.list |   sudo echo "deb http://httpredir.debian.org/debian stretch main contrib non-free" | sudo tee /etc/apt/sources.list.d/debian-stretch.list | ||
|  # Update the local apt index so the stretch repo is present | |||
|   sudo apt-get -y update |   sudo apt-get -y update | ||
|   sudo apt-get -y install -y php7.0-fpm php7.0-curl php7.0-gd php7.0-cli php7.0-mcrypt php7.0-mysql -t stretch |  # Install the needed PHP7 packages | ||
|   sudo apt-get -y install -y php7.0-fpm php7.0-curl php7.0-gd php7.0-cli php7.0-mcrypt php7.0-mysql php7.0-mbstring php7.0-zip php7.0-xml php7.0-common php7.0-json php7.0-dev -t stretch | |||
|  # Remove the stretcg repo as a source | |||
|   sudo rm /etc/apt/sources.list.d/debian-stretch.list |   sudo rm /etc/apt/sources.list.d/debian-stretch.list | ||
|  # Lastly I update the local apt source lists so stretch repo is removed. | |||
|   sudo apt-get -y update |   sudo apt-get -y update | ||
| Then continue the [https://www.pestmeester.nl/index.html#7.1 pestmeester guide] ''but change the nginx configuration'' (/etc/nginx/sites-available/[your_configuration_file_name]) so it utilizes PHP7 and not the missing PHP5 ;-)  | |||
| Here you see what i use: | |||
|  ## Begin - PHP | |||
|  location ~ \.php$ { | |||
|    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |||
|    fastcgi_split_path_info ^(.+\.php)(/.+)$; | |||
|    fastcgi_index index.php; | |||
|    include fastcgi_params; | |||
|    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; | |||
|  } | |||
|  ## End - PHP | |||
| == LetsEncrypt == | == LetsEncrypt == | ||
| This is my /etc/nginx/sites-available/[your_configuration_file_name] that force all clients to use HTTPS, and PHP7 : | |||
|  server { | |||
|         listen 80 default_server; | |||
|         listen [::]:80 default_server; | |||
|         server_name install.pulspc.dk; | |||
|         return 301 https://$server_name$request_uri; | |||
|  } | |||
|  # | |||
|  server { | |||
|  listen 443 ssl default_server; | |||
|  listen [::]:443 ssl default_server; | |||
|     server_name install.pulspc.dk; | |||
|     # | |||
|     ssl_certificate          /etc/letsencrypt/live/install.pulspc.dk/fullchain.pem; | |||
|     ssl_certificate_key      /etc/letsencrypt/live/install.pulspc.dk/privkey.pem; | |||
|     # | |||
|     root /data/websites/rpiii/html; | |||
|     index index.php index.html index.htm; | |||
|     # | |||
|     error_page 404 /404.html; | |||
|     error_page 500 502 503 504 /50x.html; | |||
|     location = /50x.html { | |||
|         root /data/websites/rpiii/html; | |||
|     } | |||
|     # | |||
|     # Error & Access logs | |||
|     error_log /data/websites/rpiii/logs/error.log error; | |||
|     access_log /data/websites/rpiii/logs/access.log; | |||
|     # | |||
|     location / { | |||
|         index index.html index.php; | |||
|     } | |||
|     # | |||
|     location ~ /.well-known { | |||
|                 allow all; | |||
|     } | |||
|     ## Begin - PHP | |||
|     location ~ \.php$ { | |||
|       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |||
|       fastcgi_split_path_info ^(.+\.php)(/.+)$; | |||
|       fastcgi_index index.php; | |||
|       include fastcgi_params; | |||
|       fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; | |||
|     } | |||
|     ## End - PHP | |||
|  } | |||
| == PHPMyAdmin == | |||
| This requires php7.0-mbstring wich was installed earlier from the stretch repo :-) | |||
| == OwnCloud == | == OwnCloud == | ||
| Make sure to check for / download the latest version. Find the information [https://owncloud.org/install/#edition here]. | |||
| Remember to config for PHP7 | |||
|  sudo vi /etc/php/7.0/fpm/pool.d/www.conf | |||
| Opencloud requires the PHP modules ''zip dom XMLWriter XMLReader libxml SimpleXML''. These were installed above as php7.0-zip php7.0-xml. | |||
| Install APCu | |||
|  sudo pecl install apcu | |||
| Answer [no] to the question about enabling internat debugging. | |||
| Add  | |||
|  [apcu] | |||
|  extension=/usr/lib/php/20151012/apcu.so | |||
|  apc.enabled=1 | |||
|  apc.enable_cli=1 | |||
| to the two php.ini files | |||
|  sudo vi /etc/php/7.0/fpm/php.ini | |||
|  sudo vi /etc/php/7.0/cli/php.ini | |||
| -- | |||
| nginx config is now adapted to serve OwnCloud from the subfolder /owncloud | |||
|  upstream php-handler { | |||
|     server 127.0.0.1:9000; | |||
|     #server unix:/var/run/php/php7.0-fpm.sock; | |||
|  } | |||
|  # | |||
|  server { | |||
|         listen 80 default_server; | |||
|         listen [::]:80 default_server; | |||
|         server_name install.pulspc.dk; | |||
|         return 301 https://$server_name$request_uri; | |||
|  } | |||
|  # | |||
|  server { | |||
|  listen 443 ssl default_server; | |||
|  listen [::]:443 ssl default_server; | |||
|     server_name install.pulspc.dk; | |||
|     # | |||
|     ssl_certificate          /etc/letsencrypt/live/install.pulspc.dk/fullchain.pem; | |||
|     ssl_certificate_key      /etc/letsencrypt/live/install.pulspc.dk/privkey.pem; | |||
|     # | |||
|     root /data/websites/rpiii/html; | |||
|     index index.php index.html index.hmt; | |||
|     # | |||
|     # Disable gzip to avoid the removal of the ETag header | |||
|     gzip off; | |||
|     # | |||
|     error_page 404 /404.html; | |||
|     error_page 500 502 503 504 /50x.html; | |||
|     location = /50x.html { | |||
|         root /data/websites/rpiii/html; | |||
|     } | |||
|     # | |||
|     # Error & Access logs | |||
|     error_log /data/websites/rpiii/logs/error.log error; | |||
|     access_log /data/websites/rpiii/logs/access.log; | |||
|     # | |||
|     location / { | |||
|         index index.php index.html index.hmt; | |||
|     } | |||
|     # | |||
|     location ~ /.well-known { | |||
|                 allow all; | |||
|     } | |||
|     # | |||
|     ## Begin - PHP | |||
|     location ~ \.php$ { | |||
|        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |||
|        fastcgi_split_path_info ^(.+\.php)(/.+)$; | |||
|        fastcgi_index index.php; | |||
|        include fastcgi_params; | |||
|        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; | |||
|        fastcgi_param HTTPS on; | |||
|        fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice | |||
|        fastcgi_intercept_errors on; | |||
|     } | |||
|     ## End - PHP | |||
|     # | |||
|     # Add headers to serve security related headers | |||
|     # Before enabling Strict-Transport-Security headers please read into this topic first. | |||
|     add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; | |||
|     add_header X-Content-Type-Options nosniff; | |||
|     add_header X-Frame-Options "SAMEORIGIN"; | |||
|     add_header X-XSS-Protection "1; mode=block"; | |||
|     add_header X-Robots-Tag none; | |||
|     add_header X-Download-Options noopen; | |||
|     add_header X-Permitted-Cross-Domain-Policies none; | |||
|     # | |||
|  location ^~ /owncloud { | |||
|         # | |||
|         # set max upload size | |||
|         client_max_body_size 12G; | |||
|         fastcgi_buffers 64 4K; | |||
|         # | |||
|         # Disable gzip to avoid the removal of the ETag header | |||
|         gzip off; | |||
|         # | |||
|         # Uncomment if your server is build with the ngx_pagespeed module | |||
|         # This module is currently not supported. | |||
|         #pagespeed off; | |||
|         # | |||
|         error_page 403 /owncloud/core/templates/403.php; | |||
|         error_page 404 /owncloud/core/templates/404.php; | |||
|         # | |||
|         location /owncloud { | |||
|             rewrite ^ /owncloud/index.php$uri; | |||
|         } | |||
|         # | |||
|         location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ { | |||
|             return 404; | |||
|         } | |||
|         location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) { | |||
|             return 404; | |||
|         } | |||
|         # | |||
|         location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { | |||
|             fastcgi_split_path_info ^(.+\.php)(/.*)$; | |||
|             include fastcgi_params; | |||
|             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |||
|             fastcgi_param PATH_INFO $fastcgi_path_info; | |||
|             fastcgi_param HTTPS on; | |||
|             fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice | |||
|             fastcgi_param front_controller_active true; | |||
|             fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |||
|             fastcgi_intercept_errors on; | |||
|         } | |||
|         # | |||
|         location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) { | |||
|             try_files $uri $uri/ =404; | |||
|             index index.php; | |||
|         } | |||
|         # | |||
|         # Adding the cache control header for js and css files | |||
|         # Make sure it is BELOW the PHP block | |||
|         location ~* \.(?:css|js)$ { | |||
|             try_files $uri /owncloud/index.php$uri$is_args$args; | |||
|             add_header Cache-Control "public, max-age=7200"; | |||
|             # Add headers to serve security related headers  (It is intended to have those duplicated to the ones above) | |||
|             # Before enabling Strict-Transport-Security headers please read into this topic first. | |||
|             add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; | |||
|             add_header X-Content-Type-Options nosniff; | |||
|             add_header X-Frame-Options "SAMEORIGIN"; | |||
|             add_header X-XSS-Protection "1; mode=block"; | |||
|             add_header X-Robots-Tag none; | |||
|             add_header X-Download-Options noopen; | |||
|             add_header X-Permitted-Cross-Domain-Policies none; | |||
|             # Optional: Don't log access to assets | |||
|             access_log off; | |||
|         } | |||
|         # | |||
|         location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { | |||
|             try_files $uri /owncloud/index.php$uri$is_args$args; | |||
|             # Optional: Don't log access to other assets | |||
|             access_log off; | |||
|         } | |||
|     } | |||
|  } | |||
| == Pi-Hole DNS == | |||
| This must be installed using the option to NOT install the normally included webinterface, because that will require lighttpd, wich is not compatible with OwnCloud ;-) | |||
| Execute the command: | |||
|  curl -sSL https://install.pi-hole.net | bash | |||
| All Pi-Hole administration must consequentially be done using terminal commands. | |||
|  ::: Control all PiHole specific functions! | |||
|  ::: | |||
|  ::: Usage: pihole [options] | |||
|  :::             Add -h after -w (whitelist), -b (blacklist), -c (chronometer), or -a (admin)  for more information on usage | |||
|  ::: | |||
|  ::: Options: | |||
|  :::  -w, whitelist            Whitelist domain(s) | |||
|  :::  -b, blacklist            Blacklist domain(s) (exact match) | |||
|  :::  -wild, wildcard          Blacklist whole domain(s) (wildcard) | |||
|  :::  -d, debug                Start a debugging session | |||
|   :::                             Automated debugging can be enabled with . | |||
|  :::                             'pihole -d -a' | |||
|  :::  -f, flush                Flush the 'pihole.log' file | |||
|  :::  -t, tail                 Output the last lines of the 'pihole.log' file. Lines are appended as the file grows | |||
|  :::  -up, updatePihole        Update Pi-hole components | |||
|  :::  -r, reconfigure          Reconfigure or Repair Pi-hole | |||
|  :::  -g, updateGravity        Update the list of ad-serving domains | |||
|  :::  -c, chronometer          Calculates stats and displays to an LCD | |||
|  :::  -h, help                 Show this help dialog | |||
|  :::  -v, version              Show installed versions of Pi-Hole and Web-Admin | |||
|  :::  -q, query                Query the adlists for a specific domain | |||
|  :::                             'pihole -q domain -exact' shows exact matches only | |||
|  :::  -l, logging              Enable or Disable logging (pass 'on' or 'off') | |||
|  :::  -a, admin                Admin webpage options | |||
|  :::  uninstall                Uninstall Pi-Hole from your system :(! | |||
|  :::  status                   Is Pi-Hole Enabled or Disabled | |||
|  :::  enable                   Enable Pi-Hole DNS Blocking | |||
|  :::  disable                  Disable Pi-Hole DNS Blocking | |||
|   :::                             Blocking can also be disabled only temporarily, e.g., | |||
|  :::                             'pihole disable 5m' - will disable blocking for 5 minutes | |||
|  :::  restartdns               Restart dnsmasq | |||
|  :::  checkout                 Check out different branches | |||
| == PiVPN server == | == PiVPN server == | ||
| Execute the command: | |||
|  curl -L https://install.pivpn.io | bash | |||
| to install the PiVPN server. | |||
| Be sure to enable automatic security updates when asked about it! | |||
| 'pivpn help' : | |||
|  ::: Control all PiVPN specific functions! | |||
|  ::: | |||
|  ::: Usage: pivpn <command> [option] | |||
|  ::: | |||
|  ::: Commands: | |||
|  :::  -a, add [nopass]     Create a client ovpn profile, optional nopass | |||
|  :::  -c, clients          List any connected clients to the server | |||
|  :::  -d, debug            Start a debugging session if having trouble | |||
|  :::  -l, list             List all valid and revoked certificates | |||
|  :::  -r, revoke           Revoke a client ovpn profile | |||
|  :::  -h, help             Show this help dialog | |||
|  :::  -u, uninstall        Uninstall PiVPN from your system! | |||
| == WebCam, Htaccess password protected == | == WebCam, Htaccess password protected == | ||
| https://github.com/Motion-Project/motion/wiki | |||
| https://github.com/ccrisan/motioneye/wiki | |||
| == Public accesible webpage. == | == Public accesible webpage. == | ||
| ...Need to find a purpose for this page tho' | |||
| [[Category:RaspBerry Pi]] | [[Category:RaspBerry Pi]] | ||
| [[Category:VPN]] | [[Category:VPN]] | ||
| [[Category:DNS]] | [[Category:DNS]] | ||
| [[Category:Pi-Hole]] | |||
Latest revision as of 08:28, 13 April 2018
About this page.
This page contains explanation of *most* of the things i did to make all the different parts live nicely together on my Raspberri Pi... It is a bit complicated, and i tend to forget to document stuff, when I run into a problem i cannot easily defeat ;-)
Links to projects i have used:
https://www.pestmeester.nl/ is the base inspiration for my Home Server. https://github.com/pi-hole/ provides super easy installation of an AdBlocking Domain Name Server functionality. https://github.com/pivpn/ provides super easy installation and administration of OpenVPN Server funnctionality.
Hardware
Raspberry Pi 3 Model B 4 Gb MicroSD card. USB Harddrive, 500 Gb SSHD Raspberry Pi Camera Board v2.
Basic installation
Download and write Raspian Lite to the MicroSD card
Raspi-config
Go thrugh all the menu points of the Rapsberry Pi SOftware Configuration Tool, and change the basic configuration to fit the needs of this Home Server.
Hardening + SSH
Follow the guide: Hardened SSH daemon using the 'sudo' command when root powah is required.
Add USB HD
I configured /dev/sdb1 to be mounted on /data, not the strange UUID..
Nginx, PHP7, MySQL
First the 'easy' stuff. Answer all install questions wisely!
sudo apt-get install nginx php-apc mysql-server
Then, because PHP 7 is not available in jessie repo I get it from the stretch repo:
# Add the GPG keys needed to use the stretch repository sudo gpg --keyserver pgpkeys.mit.edu --recv-key 8B48AD6246925553 sudo gpg -a --export 8B48AD6246925553 | sudo apt-key add - sudo gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010 sudo gpg -a --export 7638D0442B90D010 | sudo apt-key add - # Add the stretch repo as a source for apt sudo echo "deb http://httpredir.debian.org/debian stretch main contrib non-free" | sudo tee /etc/apt/sources.list.d/debian-stretch.list # Update the local apt index so the stretch repo is present sudo apt-get -y update # Install the needed PHP7 packages sudo apt-get -y install -y php7.0-fpm php7.0-curl php7.0-gd php7.0-cli php7.0-mcrypt php7.0-mysql php7.0-mbstring php7.0-zip php7.0-xml php7.0-common php7.0-json php7.0-dev -t stretch # Remove the stretcg repo as a source sudo rm /etc/apt/sources.list.d/debian-stretch.list # Lastly I update the local apt source lists so stretch repo is removed. sudo apt-get -y update
Then continue the pestmeester guide but change the nginx configuration (/etc/nginx/sites-available/[your_configuration_file_name]) so it utilizes PHP7 and not the missing PHP5 ;-) Here you see what i use:
## Begin - PHP
location ~ \.php$ {
  fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_index index.php;
  include fastcgi_params;
  fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
## End - PHP
LetsEncrypt
This is my /etc/nginx/sites-available/[your_configuration_file_name] that force all clients to use HTTPS, and PHP7 :
server {
       listen 80 default_server;
       listen [::]:80 default_server;
       server_name install.pulspc.dk;
       return 301 https://$server_name$request_uri;
}
#
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
   server_name install.pulspc.dk;
   #
   ssl_certificate          /etc/letsencrypt/live/install.pulspc.dk/fullchain.pem;
   ssl_certificate_key      /etc/letsencrypt/live/install.pulspc.dk/privkey.pem;
   #
   root /data/websites/rpiii/html;
   index index.php index.html index.htm;
   #
   error_page 404 /404.html;
   error_page 500 502 503 504 /50x.html;
   location = /50x.html {
       root /data/websites/rpiii/html;
   }
   #
   # Error & Access logs
   error_log /data/websites/rpiii/logs/error.log error;
   access_log /data/websites/rpiii/logs/access.log;
   #
   location / {
       index index.html index.php;
   }
   #
   location ~ /.well-known {
               allow all;
   }
   ## Begin - PHP
   location ~ \.php$ {
     fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
     fastcgi_split_path_info ^(.+\.php)(/.+)$;
     fastcgi_index index.php;
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
   }
   ## End - PHP
}
PHPMyAdmin
This requires php7.0-mbstring wich was installed earlier from the stretch repo :-)
OwnCloud
Make sure to check for / download the latest version. Find the information here.
Remember to config for PHP7
sudo vi /etc/php/7.0/fpm/pool.d/www.conf
Opencloud requires the PHP modules zip dom XMLWriter XMLReader libxml SimpleXML. These were installed above as php7.0-zip php7.0-xml.
Install APCu
sudo pecl install apcu
Answer [no] to the question about enabling internat debugging.
Add
[apcu] extension=/usr/lib/php/20151012/apcu.so apc.enabled=1 apc.enable_cli=1
to the two php.ini files
sudo vi /etc/php/7.0/fpm/php.ini
sudo vi /etc/php/7.0/cli/php.ini
--
nginx config is now adapted to serve OwnCloud from the subfolder /owncloud
upstream php-handler {
   server 127.0.0.1:9000;
   #server unix:/var/run/php/php7.0-fpm.sock;
}
#
server {
       listen 80 default_server;
       listen [::]:80 default_server;
       server_name install.pulspc.dk;
       return 301 https://$server_name$request_uri;
}
#
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
   server_name install.pulspc.dk;
   #
   ssl_certificate          /etc/letsencrypt/live/install.pulspc.dk/fullchain.pem;
   ssl_certificate_key      /etc/letsencrypt/live/install.pulspc.dk/privkey.pem;
   #
   root /data/websites/rpiii/html;
   index index.php index.html index.hmt;
   #
   # Disable gzip to avoid the removal of the ETag header
   gzip off;
   #
   error_page 404 /404.html;
   error_page 500 502 503 504 /50x.html;
   location = /50x.html {
       root /data/websites/rpiii/html;
   }
   #
   # Error & Access logs
   error_log /data/websites/rpiii/logs/error.log error;
   access_log /data/websites/rpiii/logs/access.log;
   #
   location / {
       index index.php index.html index.hmt;
   }
   #
   location ~ /.well-known {
               allow all;
   }
   #
   ## Begin - PHP
   location ~ \.php$ {
      fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_index index.php;
      include fastcgi_params;
      fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
      fastcgi_param HTTPS on;
      fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
      fastcgi_intercept_errors on;
   }
   ## End - PHP
   #
   # Add headers to serve security related headers
   # Before enabling Strict-Transport-Security headers please read into this topic first.
   add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
   add_header X-Content-Type-Options nosniff;
   add_header X-Frame-Options "SAMEORIGIN";
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Robots-Tag none;
   add_header X-Download-Options noopen;
   add_header X-Permitted-Cross-Domain-Policies none;
   #
location ^~ /owncloud {
       #
       # set max upload size
       client_max_body_size 12G;
       fastcgi_buffers 64 4K;
       #
       # Disable gzip to avoid the removal of the ETag header
       gzip off;
       #
       # Uncomment if your server is build with the ngx_pagespeed module
       # This module is currently not supported.
       #pagespeed off;
       #
       error_page 403 /owncloud/core/templates/403.php;
       error_page 404 /owncloud/core/templates/404.php;
       #
       location /owncloud {
           rewrite ^ /owncloud/index.php$uri;
       }
       #
       location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
           return 404;
       }
       location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
           return 404;
       }
       #
       location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
           fastcgi_split_path_info ^(.+\.php)(/.*)$;
           include fastcgi_params;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           fastcgi_param PATH_INFO $fastcgi_path_info;
           fastcgi_param HTTPS on;
           fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
           fastcgi_param front_controller_active true;
           fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
           fastcgi_intercept_errors on;
       }
       #
       location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) {
           try_files $uri $uri/ =404;
           index index.php;
       }
       #
       # Adding the cache control header for js and css files
       # Make sure it is BELOW the PHP block
       location ~* \.(?:css|js)$ {
           try_files $uri /owncloud/index.php$uri$is_args$args;
           add_header Cache-Control "public, max-age=7200";
           # Add headers to serve security related headers  (It is intended to have those duplicated to the ones above)
           # Before enabling Strict-Transport-Security headers please read into this topic first.
           add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
           add_header X-Content-Type-Options nosniff;
           add_header X-Frame-Options "SAMEORIGIN";
           add_header X-XSS-Protection "1; mode=block";
           add_header X-Robots-Tag none;
           add_header X-Download-Options noopen;
           add_header X-Permitted-Cross-Domain-Policies none;
           # Optional: Don't log access to assets
           access_log off;
       }
       #
       location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
           try_files $uri /owncloud/index.php$uri$is_args$args;
           # Optional: Don't log access to other assets
           access_log off;
       }
   }
}
Pi-Hole DNS
This must be installed using the option to NOT install the normally included webinterface, because that will require lighttpd, wich is not compatible with OwnCloud ;-)
Execute the command:
curl -sSL https://install.pi-hole.net | bash
All Pi-Hole administration must consequentially be done using terminal commands.
::: Control all PiHole specific functions! ::: ::: Usage: pihole [options] ::: Add -h after -w (whitelist), -b (blacklist), -c (chronometer), or -a (admin) for more information on usage ::: ::: Options: ::: -w, whitelist Whitelist domain(s) ::: -b, blacklist Blacklist domain(s) (exact match) ::: -wild, wildcard Blacklist whole domain(s) (wildcard) ::: -d, debug Start a debugging session ::: Automated debugging can be enabled with . ::: 'pihole -d -a' ::: -f, flush Flush the 'pihole.log' file ::: -t, tail Output the last lines of the 'pihole.log' file. Lines are appended as the file grows ::: -up, updatePihole Update Pi-hole components ::: -r, reconfigure Reconfigure or Repair Pi-hole ::: -g, updateGravity Update the list of ad-serving domains ::: -c, chronometer Calculates stats and displays to an LCD ::: -h, help Show this help dialog ::: -v, version Show installed versions of Pi-Hole and Web-Admin ::: -q, query Query the adlists for a specific domain ::: 'pihole -q domain -exact' shows exact matches only ::: -l, logging Enable or Disable logging (pass 'on' or 'off') ::: -a, admin Admin webpage options ::: uninstall Uninstall Pi-Hole from your system :(! ::: status Is Pi-Hole Enabled or Disabled ::: enable Enable Pi-Hole DNS Blocking ::: disable Disable Pi-Hole DNS Blocking ::: Blocking can also be disabled only temporarily, e.g., ::: 'pihole disable 5m' - will disable blocking for 5 minutes ::: restartdns Restart dnsmasq ::: checkout Check out different branches
PiVPN server
Execute the command:
curl -L https://install.pivpn.io | bash
to install the PiVPN server.
Be sure to enable automatic security updates when asked about it!
'pivpn help' :
::: Control all PiVPN specific functions! ::: ::: Usage: pivpn <command> [option] ::: ::: Commands: ::: -a, add [nopass] Create a client ovpn profile, optional nopass ::: -c, clients List any connected clients to the server ::: -d, debug Start a debugging session if having trouble ::: -l, list List all valid and revoked certificates ::: -r, revoke Revoke a client ovpn profile ::: -h, help Show this help dialog ::: -u, uninstall Uninstall PiVPN from your system!
WebCam, Htaccess password protected
https://github.com/Motion-Project/motion/wiki
https://github.com/ccrisan/motioneye/wiki
Public accesible webpage.
...Need to find a purpose for this page tho'