RaspberryPi server
Last update
2018-09-20
2018
09-20
«raspi, raspbian, nas, webdav, dlna, media center, torrent, rdp/vnc, print/scan, firewall, dns, monitoring, vpn, zram»

Table of contents:

  1. Update raspbian linux to latest version
  2. Change pi user password and hostname
  3. Configure a static IP address
  4. Tune kernel settings
  5. Remove tv black borders
  6. Fix slow usb mouse
  7. Reduce power consumption
  8. Extend lifespan of mechanic HDD
  9. Extend lifespan of sdcard
  10. Extend your RAM by enabling ZRAM
  11. Setup a NAS (via NFS)
  12. Setup a remote desktop (via VNC)
  13. Setup a shared printer
  14. Setup the firewall
  15. Dedicated posts:
  16. SSH access and tunnels
  17. Miscellanea

Update raspbian linux to latest version:

1
2
3
4
5
6
7
apt-get update
apt-get upgrade      && apt-get clean
apt-get dist-upgrade && apt-get clean

apt-get purge bash-completion     # speed up shell TAB-auto completion

rpi-update # update firmware & kernel




Change pi user password and hostname:

1
sudo raspi-config # Change User Password; Hostname




Configure a static IP address (see also):

append the desired following blocks to /etc/dhcpcd.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
SSID my_wifi_ssid
static ip_address=192.168.1.110/24
static routers=192.168.1.1
static domain_name_servers=84.200.69.80 84.200.70.40

interface eth0
static ip_address=192.168.1.110/24
static routers=192.168.1.1
static domain_name_servers=84.200.69.80 84.200.70.40

interface wlan0
static ip_address=192.168.1.110/24
static routers=192.168.1.1
static domain_name_servers=84.200.69.80 84.200.70.40

Note: Do not use the directive inform 192.168.1.110 because it breaks the UPS monitor.




Tune kernel settings

  • Disable IPv6: append ipv6.disable=1 to kernel parameters in /boot/cmdline.txt or via sysctl:
1
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/local.conf
  • Set autoreboot on kernel panic: append panic=5 to kernel parameters in /boot/cmdline.txt or via sysctl:
1
echo "kernel.panic = 5" >> /etc/sysctl.d/local.conf
  • Remove tv black borders: set disable_overscan=1 in the /boot/config.txt.

  • Fix slow usb mouse: append usbhid.mousepoll=0 to kernel parameters in /boot/cmdline.txt.




Reduce power consumption:

put in /etc/rc.local:

1
2
3
4
5
6
7
8
9
10
11
# turn off leds multiple times
(for i in 1 2 3 4 5; do
  for i in /sys/class/leds/led?; do
    echo none > $i/trigger
    echo 0    > $i/brightness
  done
  sleep 60
done) &

# disable HDMI output (and set boot to console via raspi-config)
/usr/bin/tvservice -o # -p to re-enable

set boot to console and reduce memory split:

1
2
raspi-config # Boot Options > Desktop / CLI > Console
raspi-config # Advanced Options > Memory Split > 16

turn off unsued wlan/bluetooth (see /boot/overlays/README), put in /boot/config.txt:

1
2
dtoverlay=pi3-disable-wifi
dtoverlay=pi3-disable-bt

and turn off the bluetooth service systemctl disable hciuart.




Extend lifespan of mechanic HDD:

put in /etc/hdparm.conf:

1
2
3
4
5
6
7
/dev/sda {
  write_cache = on
  # -B -- disable Advanced Power Management
  apm = 254
  # -S -- 1h timeout
  spindown_time = 242
}




Extend lifespan of sdcard:

install my tmpfs-folders script and add a custom periodic cleaning of /var/log files in root crontab:

1
2
#  m   h   dom   mon   dow   command
   0   0     *     *     3   /opt/systemd-units/clear_var_log.sh > /dev/null 2> /dev/null




Extend your RAM by enabling ZRAM (compressed RAM):

put in /etc/rc.local:

1
2
3
4
5
6
7
8
9
10
if modprobe zram num_devices=1 ; then
  echo lz4  > /sys/block/zram0/comp_algorithm
  echo 384M > /sys/block/zram0/mem_limit
  echo 768M > /sys/block/zram0/disksize

  mkswap /dev/zram0
  swapon -p 10 /dev/zram0

  sysctl vm.swappiness=90
fi

and optionally disable dphys-swapfile swapfile service:

1
systemctl disable dphys-swapfile




Setup a NAS (via NFS):

Server side commands:

1
2
3
4
5
6
7
8
9
apt-get install nfs-kernel-server

systemctl enable rpcbind # it's disabled by default...
systemctl restart nfs-kernel-server

# add a share to /etc/exports
echo "/path 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,anonuid=1001,anongid=1001)" >> /etc/exports

exportfs -ra # reload server

and append these lines to /ect/rc.local:

1
2
3
# fix: nfs server doesn't start without rpcbind
systemctl start   rpcbind
systemctl restart nfs-kernel-server

Client side commands:

1
2
echo "192.168.1.110:/path /mnt/path nfs defaults,user,exec 0 0" >> /etc/fstab
mount /mnt/path




Setup a remote desktop (via VNC):

First install the chromium mods for video acceleration:

1
apt-get install rpi-chromium-mods # google chrome mods

then you can follow the instrucions on my TigerVNC post for a modern server or install the old one:

1
2
3
4
5
6
7
apt-get install tightvncserver

# set a password and run a LQ server on display 1:
vncpasswd
vncserver -geometry 1024x768 -depth 8 :1

vncviewer server_ip:1 # connect from another host

You can also fire up a VNC server automatically with lightdm by enabling it in /etc/lightdm/lightdm.conf




Setup a shared printer:

1
2
3
4
5
6
7
apt-get install cups
apt-get install hplip # HP printers drivers
hp-setup -i # install printer + dl drivers

elinks http://localhost:631
# Administration > Printers > Add printer
# Server settings > Share printers connected to this system

then turn the printer off and on again.

On Android you can install these apps: Let's print Droid, and Let's Print PDF.




Setup the firewall:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apt-get install ufw

ufw reset # reset to defaults

ufw default allow outgoing
ufw default deny  incoming

ufw limit 22/tcp              # max 6 new connections every 30 seconds
ufw limit 2200:2230/udp       # mosh port range
ufw allow from 192.168.1.0/24 # your intranet
ufw allow 1810:1819/tcp       # deluge
ufw allow 1810:1819/udp       # deluge

ufw enable




Dedicated posts:




SSH access and tunnels:

1
2
3
4
5
6
7
# deluge thin client & web ui, vnc, nginx
ssh \
  -L 58846:localhost:58846 \
  -L 8112:localhost:8112   \
  -L 5901:localhost:5901   \
  -L 1234:localhost:1234   \
  user@server_addr

You can use these very useful clients: PuTTY for windows/linux and juiceSSH on Android.

You can also use your server as a SOCKS proxy.

You can use mosh (even with juiceSSH!) to reliably connect from unstable or high latency networks:

1
2
apt-get install mosh               # run this both on client and server
mosh -p 2200:2230 user@server_addr # connect to opened UDP ports on server




Miscellanea:

1
2
cat /sys/firmware/devicetree/base/model # Raspberry Pi 3 Model B Rev 1.2
grep Hardware /proc/cpuinfo             # Hardware : BCM2708
  • To save space on new installs of ruby gems, put in ~/.gemrc:
1
2
install: --no-rdoc --no-ri -​-no-document
update:  --no-rdoc --no-ri -​-no-document

and to install a gem in the user $HOME use this command:

1
2
3
4
gem install --user-install bundler

# remember to update your PATH adding this line to ~/.bashrc
export PATH=$HOME/.gem/ruby/2.1.0/bin:$PATH
  • If you have a keyboard without the F# keys (like the kano keybord) you can emulate them with xdotool and then run it via xbindkeys:
1
2
3
4
sudo apt-get install xdotool xbindkeys xbindkeys-config
xdotool key ctrl+alt+F1  # emulate these key press
xbindkeys-config         # create and save your bindings
xbindkeys                # run daemon

or you can use xmodmap to remap existing keys:

1
2
3
xmodmap -pke | tee ~/.Xmodmap > ~/.Xmodmap-orig
nano    ~/.Xmodmap # edit keys
xmodmap ~/.Xmodmap # load changes (run this on X startup)

see Xorg keyboard references on the bottom.




Notes:

  • Raspberry Pi 3 provides 1.2A USB current by default (no need to set max_usb_current=1 in /boot/config.txt). Of course a 2.5A PSU is mandatory.

Tips:

Sources:


TODO/WIP:

  • openvpn: check connection is up by pinging vpn server ip (ping -c1 -w5 -q `ip route|grep via.*eth0|sed ...`)
  • remote control: ruby Sinatra/telegram bot
    • toggle Wi-Fi
    • scan: to hd/dl/mail, jpeg/pdf, color/grey, resolution
    • print PDF (upload file) Fronte/retro?
    • copy (scan & print)
    • restart services
    • reboot, shutdown
  • upgrade to debian 9
  • sdcard backup/image + live backup