RaspberryPi server
Last update
2018-12-07
2018
12-07
«raspi, raspbian, nas, webdav, dlna, media center, torrent, rdp/vnc, print/scan, firewall, dns, monitoring, vpn, zram»

Table of contents:

  1. Update raspbian linux to latest version
  2. Change pi user password and hostname
  3. Configure a static IP address
  4. Tune kernel settings
  5. Tune wifi settings
  6. Remove tv black borders
  7. Fix slow usb mouse
  8. Reduce power consumption
  9. Extend lifespan of mechanical HDD
  10. Extend lifespan of sdcard
  11. Extend your RAM by enabling ZRAM
  12. Setup a NAS (via NFS)
  13. Setup a remote desktop (via VNC)
  14. Setup a shared printer
  15. Setup the firewall
  16. Dedicated posts:
  17. SSH access and tunnels
  18. Tools
  19. Backup
  20. Miscellanea

Update raspbian linux to latest version:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apt-get update
apt-get upgrade
apt-get dist-upgrade
apt-get clean
apt-get autoremove
rpi-update # update firmware & kernel

apt-get purge bash-completion     # speed up shell TAB-auto completion

# --- os version update, eg: from jessie (deb8) to stretch (deb9)
sed -i 's/jessie/stretch/g' /etc/apt/sources.list
sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/raspi.list
# repeat the commands above, then check the current version:
cat /etc/os-release




Change pi user password and hostname:

1
sudo raspi-config # Change User Password; Hostname




Configure a static IP address (see also this and fallback method):

append the desired following blocks to /etc/dhcpcd.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
interface eth0
fallback mylan

SSID my_wifi_ssid
fallback mylan

interface wlan0
fallback mylan

profile mylan
static ip_address=192.168.1.110/24
static routers=192.168.1.1
static domain_name_servers=84.200.69.80 37.235.1.174 84.200.70.40 37.235.1.177

Note: Do not use the directive inform 192.168.1.110 because it breaks the UPS monitor.




Tune kernel settings

  • Disable IPv6: append ipv6.disable=1 to kernel parameters in /boot/cmdline.txt or:
1
2
3
4
# via sysctl:
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/local.conf
# via modprobe:
echo "blacklist ipv6" >> /etc/modprobe.d/local.conf
  • Set autoreboot on kernel panic: append panic=5 to kernel parameters in /boot/cmdline.txt or via sysctl:
1
echo "kernel.panic = 5" >> /etc/sysctl.d/local.conf
  • Remove tv black borders: set disable_overscan=1 in the /boot/config.txt.

  • Fix slow usb mouse: append usbhid.mousepoll=0 to kernel parameters in /boot/cmdline.txt.




Tune wifi settings

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# disable roaming
echo "options brcmfmac roamoff=1" >> /etc/modprobe.d/local.conf

# set correct regional domain
sed -i 's/REGDOMAIN=.*/REGDOMAIN=IT/' /etc/default/crda

# auto turn off power management
cd /etc/network/if-up.d/
echo -e '#!/bin/bash\n/sbin/iw dev wlan0 set power_save off' > local-wlan
chmod 755 local-wlan
# find an optimal MTU size via:
#   ping -c 2 -M do -s 1600 www.google.com
# then save it with:
echo "/sbin/ip link set dev wlan0 mtu 1400" >> local-wlan

Turn off bluetooth if unused, see this section.




Reduce power consumption:

put in /etc/rc.local:

1
2
3
4
5
6
7
8
9
10
11
# turn off leds multiple times
(for i in 1 2 3 4 5; do
  for i in /sys/class/leds/led?; do
    echo none > $i/trigger
    echo 0    > $i/brightness
  done
  sleep 60
done) &

# disable HDMI output (and set boot to console via raspi-config)
/usr/bin/tvservice -o # -p to re-enable

set boot to console and reduce memory split:

1
2
raspi-config # Boot Options > Desktop / CLI > Console
raspi-config # Advanced Options > Memory Split > 16

turn off unsued wlan/bluetooth (see /boot/overlays/README), put in /boot/config.txt:

1
2
dtoverlay=pi3-disable-wifi
dtoverlay=pi3-disable-bt

and turn off the bluetooth services:

1
2
systemctl disable hciuart
systemctl disable bluetooth




Extend lifespan of mechanical HDD:

put in /etc/hdparm.conf:

1
2
3
4
5
6
7
/dev/sda {
  write_cache = on
  # -B -- disable Advanced Power Management
  apm = 254
  # -S -- 1h timeout
  spindown_time = 242
}




Extend lifespan of sdcard:

install my tmpfs-folders script and add a custom periodic cleaning of /var/log files in root crontab:

1
2
#  m   h   dom   mon   dow   command
   0   0     *     *     3   /opt/systemd-units/clear_var_log.sh > /dev/null 2> /dev/null




Extend your RAM by enabling ZRAM (compressed RAM):

put in /etc/rc.local:

1
2
3
4
5
6
7
8
9
10
if modprobe zram num_devices=1 ; then
  echo lz4  > /sys/block/zram0/comp_algorithm
  echo 384M > /sys/block/zram0/mem_limit
  echo 768M > /sys/block/zram0/disksize

  mkswap /dev/zram0
  swapon -p 10 /dev/zram0

  sysctl vm.swappiness=90
fi

and optionally disable dphys-swapfile swapfile service:

1
systemctl disable dphys-swapfile




Setup a NAS (via NFS):

Server side commands:

1
2
3
4
5
6
7
8
9
apt-get install nfs-kernel-server

systemctl enable rpcbind # it's disabled by default...
systemctl restart nfs-kernel-server

# add a share to /etc/exports
echo "/path 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,anonuid=1001,anongid=1001)" >> /etc/exports

exportfs -ra # reload server

and append these lines to /ect/rc.local:

1
2
3
# fix: nfs server doesn't start without rpcbind
systemctl start   rpcbind
systemctl restart nfs-kernel-server

Client side commands:

1
2
echo "192.168.1.110:/path /mnt/path nfs defaults,user,exec 0 0" >> /etc/fstab
mount /mnt/path




Setup a remote desktop (via VNC):

You have three options:

  1. Install the modern TigerVNC server, see the dedicated post
  2. Use the lightdm TigerVNC service by enabling it in /etc/lightdm/lightdm.conf
  3. Install the old TightVNC:

    1
    2
    3
    4
    5
    apt-get install tightvncserver
    # set a password and run a LQ server on display 1:
    vncpasswd
    vncserver -geometry 1024x768 -depth 8 :1
    vncviewer server_ip:1 # connect from another host
    




Setup a shared printer:

1
2
3
4
5
6
7
apt-get install cups
apt-get install hplip # HP printers drivers
hp-setup -i # install printer + dl drivers

elinks http://localhost:631
# Administration > Printers > Add printer
# Server settings > Share printers connected to this system

then turn the printer off and on again.

On Android you can install these apps: Let's print Droid, and Let's Print PDF.




Setup the firewall:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apt-get install ufw

ufw reset # reset to defaults

ufw default allow outgoing
ufw default deny  incoming

ufw limit 22/tcp              # max 6 new connections every 30 seconds
ufw limit 2200:2230/udp       # mosh port range
ufw allow from 192.168.1.0/24 # your intranet
ufw allow 1810:1819/tcp       # deluge
ufw allow 1810:1819/udp       # deluge

ufw enable




Dedicated posts:




SSH access and tunnels:

1
2
3
4
5
6
7
# deluge thin client & web ui, vnc, nginx
ssh \
  -L 58846:localhost:58846 \
  -L 8112:localhost:8112   \
  -L 5901:localhost:5901   \
  -L 1234:localhost:1234   \
  user@server_addr

You can use these very useful clients: PuTTY for windows/linux and juiceSSH on Android.

You can also use your server as a SOCKS proxy.

You can use mosh (even with juiceSSH!) to reliably connect from unstable or high latency networks:

1
2
apt-get install mosh               # run this both on client and server
mosh -p 2200:2230 user@server_addr # connect to opened UDP ports on server




Tools:

1
2
3
apt-get install rpi-chromium-mods # video acceleration on google chrome
apt-get install remmina           # very handy VNC/SSH GUI
apt-get install omxplayer         # accelerated cli media player
  • OMXplayer GUIs:

    1
    2
    3
    4
    5
    sudo apt install libdbus-1-dev
    pip install omxplayer-wrapper
    wget -O ~/bin/gomx https://github.com/vladcc/gomx/raw/master/gomx/gomx.py
    chmod 755 ~/bin/gomx
    sed -i 's/^PL_WIN_PAD = .*/PL_WIN_PAD = 0/' ~/bin/gomx # adjust padding
    
  • raspi-keygen -- Patch for MPEG-2, VC-1 license (untested, use it at your own risk)

    1
    2
    cd /boot && cp start.elf start.elf_backup && \
      perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
    




Backup:

You can do a full/raw sdcard backup or a live/tar one.

As an alternative to 7za you can use xz just like the gz command (or use the -J option of tar).




Miscellanea:

  • Fix TV/monitor not detected unless powered on first:

    1
    sudo tvservice -d /boot/edid.dat
    
    1
    2
    3
    # /boot/config.txt
    hdmi_edid_file=1
    hdmi_force_hotplug=1
    
  • Test if we are on a raspberry (/sys, /proc/cpuinfo):

    1
    2
    cat /sys/firmware/devicetree/base/model # Raspberry Pi 3 Model B Rev 1.2
    grep Hardware /proc/cpuinfo             # Hardware : BCM2708
    
  • To save space on new installs of ruby gems, put in ~/.gemrc:

    1
    2
    install: --no-rdoc --no-ri -​-no-document
    update:  --no-rdoc --no-ri -​-no-document
    

    and to install a gem in the user $HOME use this command:

    1
    2
    3
    4
    gem install --user-install bundler
    
    # remember to update your PATH adding this line to ~/.bashrc
    export PATH=$HOME/.gem/ruby/2.1.0/bin:$PATH
    
  • If you have a keyboard without the F# keys (like the kano keybord) you can emulate them with xdotool and then run it via xbindkeys:

    1
    2
    3
    4
    sudo apt-get install xdotool xbindkeys xbindkeys-config
    xdotool key ctrl+alt+F1  # emulate these key press
    xbindkeys-config         # create and save your bindings
    xbindkeys                # run daemon
    

    or you can use xmodmap to remap existing keys:

    1
    2
    3
    xmodmap -pke | tee ~/.Xmodmap > ~/.Xmodmap-orig
    nano    ~/.Xmodmap # edit keys
    xmodmap ~/.Xmodmap # load changes (run this on X startup)
    

    see Xorg keyboard references on the bottom.

  • Autostart programs when loggin in LXDE: put your commands prefixed by @ in ~/.config/lxsession/LXDE-pi/autostart




Notes:

  • Raspberry Pi 3 provides 1.2A USB current by default (no need to set max_usb_current=1 in /boot/config.txt). Of course a 2.5A PSU is mandatory.

Tips:

Sources:


TODO/WIP:

  • openvpn: check connection is up by pinging vpn server ip (ping -c1 -w5 -q `ip route|grep via.*eth0|sed ...`)
  • remote control: ruby Sinatra/telegram bot
    • toggle Wi-Fi
    • scan: to hd/dl/mail, jpeg/pdf, color/grey, resolution
    • print PDF (upload file) Fronte/retro?
    • copy (scan & print)
    • restart services
    • reboot, shutdown