Raspberry Pi home server: Difference between revisions

From munkjensen.net/wiki
No edit summary
 
(41 intermediate revisions by the same user not shown)
Line 1: Line 1:
== About this page. ==
== About this page. ==


This page contains explanation of the things i did to make different projects live together on a single Raspberri Pi.
This page contains explanation of *most* of the things i did to make all the different parts live nicely together on my Raspberri Pi... It is a bit complicated, and i tend to forget to document stuff, when I run into a problem i cannot easily defeat ;-)
 
Links to projects i have used:


  https://www.pestmeester.nl/ is the base inspiration for my [https://en.wikipedia.org/wiki/Home_server Home Server].
  https://www.pestmeester.nl/ is the base inspiration for my [https://en.wikipedia.org/wiki/Home_server Home Server].
Line 8: Line 10:


== Hardware ==
== Hardware ==
  Raspberry Pi 3 Model B, 1GB Ram
  [https://www.raspberrypi.org/products/raspberry-pi-3-model-b/ Raspberry Pi 3 Model B]
  4 Gb MicroSD card.
  4 Gb MicroSD card.
  USB Harddrive, 500 Gb SSHD
  USB Harddrive, 500 Gb SSHD
Line 30: Line 32:
  sudo apt-get install nginx php-apc mysql-server
  sudo apt-get install nginx php-apc mysql-server


Then, because PHP 7 is not available in jessie repo I get it from the new stretch repo:
Then, because PHP 7 is not available in jessie repo I get it from the [https://wiki.debian.org/DebianStretch stretch repo]:


# Add the GPG keys needed to use the stretch repository
sudo gpg --keyserver pgpkeys.mit.edu --recv-key  8B48AD6246925553     
sudo gpg -a --export 8B48AD6246925553 | sudo apt-key add -
sudo gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010     
sudo gpg -a --export 7638D0442B90D010 | sudo apt-key add -
# Add the stretch repo as a source for apt
  sudo echo "deb http://httpredir.debian.org/debian stretch main contrib non-free" | sudo tee /etc/apt/sources.list.d/debian-stretch.list
  sudo echo "deb http://httpredir.debian.org/debian stretch main contrib non-free" | sudo tee /etc/apt/sources.list.d/debian-stretch.list
  sudo apt-get install php7.0-fpm php7.0-curl php7.0-gd php7.0-cli php7.0-mcrypt php7.0-mysql -t stretch
# Update the local apt index so the stretch repo is present
  sudo apt-get -y update
# Install the needed PHP7 packages
sudo apt-get -y install -y php7.0-fpm php7.0-curl php7.0-gd php7.0-cli php7.0-mcrypt php7.0-mysql php7.0-mbstring php7.0-zip php7.0-xml php7.0-common php7.0-json php7.0-dev -t stretch
# Remove the stretcg repo as a source
  sudo rm /etc/apt/sources.list.d/debian-stretch.list
  sudo rm /etc/apt/sources.list.d/debian-stretch.list
  sudo apt-get update -y
# Lastly I update the local apt source lists so stretch repo is removed.
  sudo apt-get -y update
 
Then continue the [https://www.pestmeester.nl/index.html#7.1 pestmeester guide] ''but change the nginx configuration'' (/etc/nginx/sites-available/[your_configuration_file_name]) so it utilizes PHP7 and not the missing PHP5 ;-)
Here you see what i use:
 
## Begin - PHP
location ~ \.php$ {
  fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_index index.php;
  include fastcgi_params;
  fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
## End - PHP


== LetsEncrypt ==
== LetsEncrypt ==
This is my /etc/nginx/sites-available/[your_configuration_file_name] that force all clients to use HTTPS, and PHP7 :
server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name install.pulspc.dk;
        return 301 https://$server_name$request_uri;
}
#
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
    server_name install.pulspc.dk;
    #
    ssl_certificate          /etc/letsencrypt/live/install.pulspc.dk/fullchain.pem;
    ssl_certificate_key      /etc/letsencrypt/live/install.pulspc.dk/privkey.pem;
    #
    root /data/websites/rpiii/html;
    index index.php index.html index.htm;
    #
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /data/websites/rpiii/html;
    }
    #
    # Error & Access logs
    error_log /data/websites/rpiii/logs/error.log error;
    access_log /data/websites/rpiii/logs/access.log;
    #
    location / {
        index index.html index.php;
    }
    #
    location ~ /.well-known {
                allow all;
    }
    ## Begin - PHP
    location ~ \.php$ {
      fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_index index.php;
      include fastcgi_params;
      fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }
    ## End - PHP
}
== PHPMyAdmin ==
This requires php7.0-mbstring wich was installed earlier from the stretch repo :-)


== OwnCloud ==
== OwnCloud ==
Make sure to check for / download the latest version. Find the information [https://owncloud.org/install/#edition here].
Remember to config for PHP7
sudo vi /etc/php/7.0/fpm/pool.d/www.conf
Opencloud requires the PHP modules ''zip dom XMLWriter XMLReader libxml SimpleXML''. These were installed above as php7.0-zip php7.0-xml.
Install APCu
sudo pecl install apcu
Answer [no] to the question about enabling internat debugging.
Add
[apcu]
extension=/usr/lib/php/20151012/apcu.so
apc.enabled=1
apc.enable_cli=1
to the two php.ini files
sudo vi /etc/php/7.0/fpm/php.ini
sudo vi /etc/php/7.0/cli/php.ini
--
nginx config is now adapted to serve OwnCloud from the subfolder /owncloud
upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.0-fpm.sock;
}
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name install.pulspc.dk;
        return 301 https://$server_name$request_uri;
}
#
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
    server_name install.pulspc.dk;
    #
    ssl_certificate          /etc/letsencrypt/live/install.pulspc.dk/fullchain.pem;
    ssl_certificate_key      /etc/letsencrypt/live/install.pulspc.dk/privkey.pem;
    #
    root /data/websites/rpiii/html;
    index index.php index.html index.hmt;
    #
    # Disable gzip to avoid the removal of the ETag header
    gzip off;
    #
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /data/websites/rpiii/html;
    }
    #
    # Error & Access logs
    error_log /data/websites/rpiii/logs/error.log error;
    access_log /data/websites/rpiii/logs/access.log;
    #
    location / {
        index index.php index.html index.hmt;
    }
    #
    location ~ /.well-known {
                allow all;
    }
    #
    ## Begin - PHP
    location ~ \.php$ {
      fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_index index.php;
      include fastcgi_params;
      fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
      fastcgi_param HTTPS on;
      fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
      fastcgi_intercept_errors on;
    }
    ## End - PHP
    #
    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this topic first.
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    #
location ^~ /owncloud {
        #
        # set max upload size
        client_max_body_size 12G;
        fastcgi_buffers 64 4K;
        #
        # Disable gzip to avoid the removal of the ETag header
        gzip off;
        #
        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;
        #
        error_page 403 /owncloud/core/templates/403.php;
        error_page 404 /owncloud/core/templates/404.php;
        #
        location /owncloud {
            rewrite ^ /owncloud/index.php$uri;
        }
        #
        location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            return 404;
        }
        location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            return 404;
        }
        #
        location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_param front_controller_active true;
            fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
            fastcgi_intercept_errors on;
        }
        #
        location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri $uri/ =404;
            index index.php;
        }
        #
        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~* \.(?:css|js)$ {
            try_files $uri /owncloud/index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=7200";
            # Add headers to serve security related headers  (It is intended to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into this topic first.
            add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
            add_header X-Content-Type-Options nosniff;
            add_header X-Frame-Options "SAMEORIGIN";
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }
        #
        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
            try_files $uri /owncloud/index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}
== Pi-Hole DNS ==
This must be installed using the option to NOT install the normally included webinterface, because that will require lighttpd, wich is not compatible with OwnCloud ;-)
Execute the command:
curl -sSL https://install.pi-hole.net | bash


== PiHole DNS ==
All Pi-Hole administration must consequentially be done using terminal commands.
  This must be installed using the option to NOT install the normally included webinterface, because that will require lighttpd, wich is not compatible with OwnCloud ;-)
 
  All PiHole administration must consequentially be done using terminal commands.
::: Control all PiHole specific functions!
:::
::: Usage: pihole [options]
:::            Add -h after -w (whitelist), -b (blacklist), -c (chronometer), or -a (admin)  for more information on usage
:::
::: Options:
:::  -w, whitelist            Whitelist domain(s)
:::  -b, blacklist            Blacklist domain(s) (exact match)
:::  -wild, wildcard          Blacklist whole domain(s) (wildcard)
:::  -d, debug                Start a debugging session
  :::                            Automated debugging can be enabled with .
:::                            'pihole -d -a'
:::  -f, flush                Flush the 'pihole.log' file
:::  -t, tail                Output the last lines of the 'pihole.log' file. Lines are appended as the file grows
:::  -up, updatePihole        Update Pi-hole components
:::  -r, reconfigure          Reconfigure or Repair Pi-hole
:::  -g, updateGravity        Update the list of ad-serving domains
:::  -c, chronometer          Calculates stats and displays to an LCD
:::  -h, help                Show this help dialog
:::  -v, version              Show installed versions of Pi-Hole and Web-Admin
:::  -q, query                Query the adlists for a specific domain
:::                            'pihole -q domain -exact' shows exact matches only
:::  -l, logging              Enable or Disable logging (pass 'on' or 'off')
:::  -a, admin                Admin webpage options
:::  uninstall                Uninstall Pi-Hole from your system :(!
:::  status                  Is Pi-Hole Enabled or Disabled
:::  enable                  Enable Pi-Hole DNS Blocking
:::  disable                  Disable Pi-Hole DNS Blocking
  :::                            Blocking can also be disabled only temporarily, e.g.,
:::                            'pihole disable 5m' - will disable blocking for 5 minutes
:::  restartdns              Restart dnsmasq
:::  checkout                Check out different branches


== PiVPN server ==
== PiVPN server ==
Execute the command:
curl -L https://install.pivpn.io | bash
to install the PiVPN server.
Be sure to enable automatic security updates when asked about it!
'pivpn help' :
::: Control all PiVPN specific functions!
:::
::: Usage: pivpn <command> [option]
:::
::: Commands:
:::  -a, add [nopass]    Create a client ovpn profile, optional nopass
:::  -c, clients          List any connected clients to the server
:::  -d, debug            Start a debugging session if having trouble
:::  -l, list            List all valid and revoked certificates
:::  -r, revoke          Revoke a client ovpn profile
:::  -h, help            Show this help dialog
:::  -u, uninstall        Uninstall PiVPN from your system!


== WebCam, Htaccess password protected ==
== WebCam, Htaccess password protected ==
https://github.com/Motion-Project/motion/wiki
https://github.com/ccrisan/motioneye/wiki


== Public accesible webpage. ==
== Public accesible webpage. ==


...Need to find a purpose for this page tho'


[[Category:RaspBerry Pi]]
[[Category:RaspBerry Pi]]
[[Category:VPN]]
[[Category:VPN]]
[[Category:DNS]]
[[Category:DNS]]
[[Category:Pi-Hole]]

Latest revision as of 07:28, 13 April 2018

About this page.

This page contains explanation of *most* of the things i did to make all the different parts live nicely together on my Raspberri Pi... It is a bit complicated, and i tend to forget to document stuff, when I run into a problem i cannot easily defeat ;-)

Links to projects i have used:

https://www.pestmeester.nl/ is the base inspiration for my Home Server.
https://github.com/pi-hole/ provides super easy installation of an AdBlocking Domain Name Server functionality.
https://github.com/pivpn/ provides super easy installation and administration of OpenVPN Server funnctionality.

Hardware

Raspberry Pi 3 Model B
4 Gb MicroSD card.
USB Harddrive, 500 Gb SSHD
Raspberry Pi Camera Board v2.

Basic installation

Download and write Raspian Lite to the MicroSD card

Raspi-config

Go thrugh all the menu points of the Rapsberry Pi SOftware Configuration Tool, and change the basic configuration to fit the needs of this Home Server.

Hardening + SSH

Follow the guide: Hardened SSH daemon using the 'sudo' command when root powah is required.

Add USB HD

I configured /dev/sdb1 to be mounted on /data, not the strange UUID..

Nginx, PHP7, MySQL

First the 'easy' stuff. Answer all install questions wisely!

sudo apt-get install nginx php-apc mysql-server

Then, because PHP 7 is not available in jessie repo I get it from the stretch repo:

# Add the GPG keys needed to use the stretch repository
sudo gpg --keyserver pgpkeys.mit.edu --recv-key  8B48AD6246925553      
sudo gpg -a --export 8B48AD6246925553 | sudo apt-key add -
sudo gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010      
sudo gpg -a --export 7638D0442B90D010 | sudo apt-key add -
# Add the stretch repo as a source for apt
sudo echo "deb http://httpredir.debian.org/debian stretch main contrib non-free" | sudo tee /etc/apt/sources.list.d/debian-stretch.list
# Update the local apt index so the stretch repo is present
sudo apt-get -y update
# Install the needed PHP7 packages
sudo apt-get -y install -y php7.0-fpm php7.0-curl php7.0-gd php7.0-cli php7.0-mcrypt php7.0-mysql php7.0-mbstring php7.0-zip php7.0-xml php7.0-common php7.0-json php7.0-dev -t stretch
# Remove the stretcg repo as a source
sudo rm /etc/apt/sources.list.d/debian-stretch.list
# Lastly I update the local apt source lists so stretch repo is removed.
sudo apt-get -y update

Then continue the pestmeester guide but change the nginx configuration (/etc/nginx/sites-available/[your_configuration_file_name]) so it utilizes PHP7 and not the missing PHP5 ;-) Here you see what i use:

## Begin - PHP
location ~ \.php$ {
  fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_index index.php;
  include fastcgi_params;
  fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
## End - PHP

LetsEncrypt

This is my /etc/nginx/sites-available/[your_configuration_file_name] that force all clients to use HTTPS, and PHP7 :

server {
       listen 80 default_server;
       listen [::]:80 default_server;
       server_name install.pulspc.dk;
       return 301 https://$server_name$request_uri;
}
#
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
   server_name install.pulspc.dk;
   #
   ssl_certificate          /etc/letsencrypt/live/install.pulspc.dk/fullchain.pem;
   ssl_certificate_key      /etc/letsencrypt/live/install.pulspc.dk/privkey.pem;
   #
   root /data/websites/rpiii/html;
   index index.php index.html index.htm;
   #
   error_page 404 /404.html;
   error_page 500 502 503 504 /50x.html;
   location = /50x.html {
       root /data/websites/rpiii/html;
   }
   #
   # Error & Access logs
   error_log /data/websites/rpiii/logs/error.log error;
   access_log /data/websites/rpiii/logs/access.log;
   #
   location / {
       index index.html index.php;
   }
   #
   location ~ /.well-known {
               allow all;
   }
   ## Begin - PHP
   location ~ \.php$ {
     fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
     fastcgi_split_path_info ^(.+\.php)(/.+)$;
     fastcgi_index index.php;
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
   }
   ## End - PHP
}

PHPMyAdmin

This requires php7.0-mbstring wich was installed earlier from the stretch repo :-)

OwnCloud

Make sure to check for / download the latest version. Find the information here.

Remember to config for PHP7

sudo vi /etc/php/7.0/fpm/pool.d/www.conf

Opencloud requires the PHP modules zip dom XMLWriter XMLReader libxml SimpleXML. These were installed above as php7.0-zip php7.0-xml.

Install APCu

sudo pecl install apcu

Answer [no] to the question about enabling internat debugging.

Add

[apcu]
extension=/usr/lib/php/20151012/apcu.so
apc.enabled=1
apc.enable_cli=1

to the two php.ini files

sudo vi /etc/php/7.0/fpm/php.ini
sudo vi /etc/php/7.0/cli/php.ini

--

nginx config is now adapted to serve OwnCloud from the subfolder /owncloud

upstream php-handler {
   server 127.0.0.1:9000;
   #server unix:/var/run/php/php7.0-fpm.sock;
}
#
server {
       listen 80 default_server;
       listen [::]:80 default_server;
       server_name install.pulspc.dk;
       return 301 https://$server_name$request_uri;
}
#
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
   server_name install.pulspc.dk;
   #
   ssl_certificate          /etc/letsencrypt/live/install.pulspc.dk/fullchain.pem;
   ssl_certificate_key      /etc/letsencrypt/live/install.pulspc.dk/privkey.pem;
   #
   root /data/websites/rpiii/html;
   index index.php index.html index.hmt;
   #
   # Disable gzip to avoid the removal of the ETag header
   gzip off;
   #
   error_page 404 /404.html;
   error_page 500 502 503 504 /50x.html;
   location = /50x.html {
       root /data/websites/rpiii/html;
   }
   #
   # Error & Access logs
   error_log /data/websites/rpiii/logs/error.log error;
   access_log /data/websites/rpiii/logs/access.log;
   #
   location / {
       index index.php index.html index.hmt;
   }
   #
   location ~ /.well-known {
               allow all;
   }
   #
   ## Begin - PHP
   location ~ \.php$ {
      fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_index index.php;
      include fastcgi_params;
      fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
      fastcgi_param HTTPS on;
      fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
      fastcgi_intercept_errors on;
   }
   ## End - PHP
   #
   # Add headers to serve security related headers
   # Before enabling Strict-Transport-Security headers please read into this topic first.
   add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
   add_header X-Content-Type-Options nosniff;
   add_header X-Frame-Options "SAMEORIGIN";
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Robots-Tag none;
   add_header X-Download-Options noopen;
   add_header X-Permitted-Cross-Domain-Policies none;
   #
location ^~ /owncloud {
       #
       # set max upload size
       client_max_body_size 12G;
       fastcgi_buffers 64 4K;
       #
       # Disable gzip to avoid the removal of the ETag header
       gzip off;
       #
       # Uncomment if your server is build with the ngx_pagespeed module
       # This module is currently not supported.
       #pagespeed off;
       #
       error_page 403 /owncloud/core/templates/403.php;
       error_page 404 /owncloud/core/templates/404.php;
       #
       location /owncloud {
           rewrite ^ /owncloud/index.php$uri;
       }
       #
       location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
           return 404;
       }
       location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
           return 404;
       }
       #
       location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
           fastcgi_split_path_info ^(.+\.php)(/.*)$;
           include fastcgi_params;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           fastcgi_param PATH_INFO $fastcgi_path_info;
           fastcgi_param HTTPS on;
           fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
           fastcgi_param front_controller_active true;
           fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
           fastcgi_intercept_errors on;
       }
       #
       location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) {
           try_files $uri $uri/ =404;
           index index.php;
       }
       #
       # Adding the cache control header for js and css files
       # Make sure it is BELOW the PHP block
       location ~* \.(?:css|js)$ {
           try_files $uri /owncloud/index.php$uri$is_args$args;
           add_header Cache-Control "public, max-age=7200";
           # Add headers to serve security related headers  (It is intended to have those duplicated to the ones above)
           # Before enabling Strict-Transport-Security headers please read into this topic first.
           add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
           add_header X-Content-Type-Options nosniff;
           add_header X-Frame-Options "SAMEORIGIN";
           add_header X-XSS-Protection "1; mode=block";
           add_header X-Robots-Tag none;
           add_header X-Download-Options noopen;
           add_header X-Permitted-Cross-Domain-Policies none;
           # Optional: Don't log access to assets
           access_log off;
       }
       #
       location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
           try_files $uri /owncloud/index.php$uri$is_args$args;
           # Optional: Don't log access to other assets
           access_log off;
       }
   }
}

Pi-Hole DNS

This must be installed using the option to NOT install the normally included webinterface, because that will require lighttpd, wich is not compatible with OwnCloud ;-)

Execute the command:

curl -sSL https://install.pi-hole.net | bash

All Pi-Hole administration must consequentially be done using terminal commands.

::: Control all PiHole specific functions!
:::
::: Usage: pihole [options]
:::             Add -h after -w (whitelist), -b (blacklist), -c (chronometer), or -a (admin)  for more information on usage
:::
::: Options:
:::  -w, whitelist            Whitelist domain(s)
:::  -b, blacklist            Blacklist domain(s) (exact match)
:::  -wild, wildcard          Blacklist whole domain(s) (wildcard)
:::  -d, debug                Start a debugging session
:::                             Automated debugging can be enabled with .
:::                             'pihole -d -a'
:::  -f, flush                Flush the 'pihole.log' file
:::  -t, tail                 Output the last lines of the 'pihole.log' file. Lines are appended as the file grows
:::  -up, updatePihole        Update Pi-hole components
:::  -r, reconfigure          Reconfigure or Repair Pi-hole
:::  -g, updateGravity        Update the list of ad-serving domains
:::  -c, chronometer          Calculates stats and displays to an LCD
:::  -h, help                 Show this help dialog
:::  -v, version              Show installed versions of Pi-Hole and Web-Admin
:::  -q, query                Query the adlists for a specific domain
:::                             'pihole -q domain -exact' shows exact matches only
:::  -l, logging              Enable or Disable logging (pass 'on' or 'off')
:::  -a, admin                Admin webpage options
:::  uninstall                Uninstall Pi-Hole from your system :(!
:::  status                   Is Pi-Hole Enabled or Disabled
:::  enable                   Enable Pi-Hole DNS Blocking
:::  disable                  Disable Pi-Hole DNS Blocking
:::                             Blocking can also be disabled only temporarily, e.g.,
:::                             'pihole disable 5m' - will disable blocking for 5 minutes
:::  restartdns               Restart dnsmasq
:::  checkout                 Check out different branches

PiVPN server

Execute the command:

curl -L https://install.pivpn.io | bash

to install the PiVPN server.

Be sure to enable automatic security updates when asked about it!

'pivpn help' :

::: Control all PiVPN specific functions!
:::
::: Usage: pivpn <command> [option]
:::
::: Commands:
:::  -a, add [nopass]     Create a client ovpn profile, optional nopass
:::  -c, clients          List any connected clients to the server
:::  -d, debug            Start a debugging session if having trouble
:::  -l, list             List all valid and revoked certificates
:::  -r, revoke           Revoke a client ovpn profile
:::  -h, help             Show this help dialog
:::  -u, uninstall        Uninstall PiVPN from your system!

WebCam, Htaccess password protected

https://github.com/Motion-Project/motion/wiki

https://github.com/ccrisan/motioneye/wiki

Public accesible webpage.

...Need to find a purpose for this page tho'