Professional Documents
Culture Documents
Overview Presentation
1. Introduction LAMP Stack: 2. Raspbian 3. Nginx 4. MySQL 5. PHP 6. phpMyAdmin
>>>Sheetsat:www.db8.nl<<<
1. Introduction Raspberry Pi
Goal education Today's engineers: computer experience on home computers youth of today: computer classes = operate software, click menus and swipe yourself to death ...
1. Introduction Raspberry Pi
Benefits
Rpi
small
Dirt cheap: $ 35 38 Euro Low power (3.5 Watt) No moving parts Silent De facto standard (2 types)
Much
documentation (Linux & RPi) Many documented applications Much additional hardware Many software
1. Introduction Raspberry Pi
Hardware
Single-board computer, 700 Mhz RAM 512 Mbyte (1st version: 256 Mbyte) Graphics: Broadcom VideoCore IV Connections:
SD
Card Micro USB powerplug (5v 1A 3,5 Watt) Ethernet HDMI & RCA Video Audio 2x USB GPIO
1. Introduction Raspberry Pi
Community
1. Introduction Raspberry Pi
LAMP Stack
(phpMyAdmin)
2. Raspbian
a)Installation b)Connect to Network c) Update OS d)Backup e)Configuration f) Internet Access
2a. Raspbian
Download
2013-07-26-wheezy-raspbian.zip Unzip
location: dmesg
sudo dd bs=1M if=~/rpi/2013-07-26-wheezyraspbian.img of=/dev/mmcblk0 OSX: sudo dd bs=1M if=~/rpi/2013-07-26-wheezyraspbian.img of=/dev/disk1s1 dd bs=1M if=c:\temp\2013-07-26-wheezyraspbian.img od=e
Joomladay 2013 South Africa 15
Mac
Windows:
Remove Backup:
SSH traffic = IP 192.168.0.9, port 22 Web traffic = IP 192.168.0.9, port 80 Https traffic= IP 192.168.0.9, port 443
Raspberry
Pi Static IP
3. Nginx webserver
3. Nginx
High performance: Dynamic pages = FAST & Static = very FAST! Low memory usage (useful on Rpi!) Easy configuration Automatic configuration test after changes Reverse proxy capabilities
> 100 million sites 15.5 % of all sites (Apache 53%, IIS 16.6%) Top million busiest websites:
1. Apache 57.4% 2. Nginx 13.5% 3. Microsoft 12.3%
3. Nginx Popularity
3. Nginx Installation
peter@rpi~$sudoaptgetinstallnginx Readingpackagelists...Done [..] Needtoget2,132kBofarchives. Afterthisoperation,6,200kBofadditional diskspacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Settingupnginx(1.2.12.2)... peter@rpi~$
3. Nginx Configuration
peter@rpi~$sudonano/etc/nginx/nginx.conf userwwwdata; worker_processes1; pid/var/run/nginx.pid; peter@rpi~$sudo/etc/init.d/nginxstart
3. Nginx Websites
Browse URL http://192.168.0.9/ or http://petermartin.nl Result:
Welcome to nginx!
/index.html
petermartin.nl
3. Activate with symbolic link to config file /etc/nginx/sites-enabled/ petermartin.nl 4. Nginx load new config file: $ sudo /etc/init.d/nginx reload
Joomladay 2013 South Africa 39
peter@rpi~$sudo/etc/init.d/nginxreload Reloadingnginxconfiguration:nginx.
http://192.168.0.9/petermartin.nl
Error?
404 Not Found nginx/1.2.1 Check error log file: $ cat /var/log/nginx/petermartin.nl.error_log
4. MySQL
Joomla
Configuration
during installation:
Secure
4. MySQL Installation
peter@rpi~$sudoaptgetinstallmysql server Readingpackagelists...Done [..] Needtoget9,603kBofarchives. Afterthisoperation,91.1MBofadditional diskspacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Settingupmysqlserver(5.5.30+dfsg1)... Processingtriggersformenu... peter@rpi~$sudomysql_secure_installation
5. PHP
php5-fpm
FastCGI Process Manager interpreter that runs as a daemon and receives Fast/CGI requests modules for MySQL database connections directly from PHP scripts
php5-mysql
php5-cli
command-line interpreter library for getting files from FTP & HTTP server
Joomladay 2013 South Africa 48
php5-curl
5. PHP Installation
peter@rpi~$sudoaptgetinstall php5fpmphp5mysql Readingpackagelists...Done [..] Settingupphp5(5.4.414)... Processingtriggersforphp5fpm... [ok]RestartingPHP5FastCGIProcess Manager:php5fpm. peter@rpi~$
5. PHP Result
Test
with phpinfo();
6. phpMyAdmin
6. phpMyAdmin
Database
GUI
http://192.168.0.9/phpmyadmin/
Secure:
6. phpMyAdmin Installation
peter@rpi~$sudoaptgetinstallphpmyadmin Readingpackagelists...Done [..] Needtoget6,092kBofarchives. Afterthisoperation,16.6MBofadditionaldisk spacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Webservertoreconfigureautomatically:none Configuredatabaseforphpmyadminwithdbconfig common?N Creatingconfigfile/etc/phpmyadmin/configdb.php withnewversion peter@rpi~$
Peter Martin joomladagen.nl 20+21 april 2013
7. Joomla
7. Joomla
Download
Joomla to RPi using wget database, e.g. use phpMyAdmin http://192.168.0.9/phpmyadmin/ database: petermartin browser to start Joomla's web installer
Create
Use
http://192.168.0.9/petermartin.nl/
SEF
8. Performance
8. Performance
The need for speed Visitors + Google indexing Test different configurations Server settings, Joomla settings, Joomla Extensions (Templates + Plugins) Testing, testing, one, two Joomla! Debug Console > Profile Information
8. Performance
Test: Refresh (3x) new setting > Refresh (3x) & compare
Socket vs Port?
fastcgi_pass
socket connections are around 10-15% faster than TCP/IP connections because it saves the passing the data over the different layers of TCP/IP stack
After
1. Application 3.009 seconds (+0.038); 4.67 MB (+0.035) - afterRender 2. Application 2.503 seconds (+0.037); 4.67 MB (+0.035) - afterRender
After
1. Application 2.718 seconds (+0.051); 4.69 MB (0.027) - afterRender 2. Application 1.543 seconds (+0.114); 4.02 MB (+0.051) - afterRender 3. Application 1.426 seconds (+0.265); 3.95 MB (+0.334) - afterRender
Joomladay 2013 South Africa 70
After
gzip in Nginx
1.Application 1.421 seconds (+0.267); 3.95 MB (+0.334) - afterRender 2.Application 1.436 seconds (+0.274); 3.95 MB (+0.334) - afterRender
After
1.Application 1.464 seconds (+0.308); 3.95 MB (+0.334) - afterRender 2.Application 1.459 seconds (+0.299); 3.95 MB (+0.334) - afterRender
After
$ sudo /etc/init.d/nginx restart $ sudo /etc/init.d/php5-fpm reload 1. Application 1.813 seconds (+0.311); 4.52 MB (+0.403) - afterRender 2. Application 0.696 seconds (+0.198); 2.00 MB (+0.148) - afterRender 3. Application 0.727 seconds (+0.221); 2.00 MB (+0.148) - afterRender
Joomladay 2013 South Africa 79
data traffic:
Joomla
Plugins, e.g.
Plugins
vs manual
Optimize, before
After
1.Application 0.864 seconds (+0.341); 2.06 MB (+0.177) - afterRender 2.Application 1.723 seconds (+0.170); 2.43 MB (-0.019) - afterRender 3.Application 1.016 seconds (+0.118); 2.08 MB (-0.029) - afterRender 4.Application 0.691 seconds (+0.217); 2.05 MB (+0.172) - afterRender
Joomladay 2013 South Africa 83
before
After
1.Application 1.810 seconds (+1.234); 2.31 MB (+0.233) - afterRender 2.Application 0.751 seconds (+0.222); 2.27 MB (+0.193) - afterRender 3.Application 0.769 seconds (+0.223); 2.27 MB (+0.193) - afterRender
8. Performance Memchached
pi@rpi~$sudoaptgetinstallmemcached php5memcache {Download/compile/installAPC} pi@rpi~$sudopeclinstallmemcache {Reboot} pi@rpi~$sudoservicenginxrestart pi@rpi~$sudoservicemysqlrestart pi@rpi~$sudoservicephp5fpmrestart pi@rpi~$sudoservicememcachedrestart
8. Performance Memchached
Before
After
1.Application 1.673 seconds (+0.320); 4.52 MB (+0.403) - afterRender 2.Application 0.721 seconds (+0.199); 2.00 MB (+0.148) - afterRender 3.Application 0.705 seconds (+0.211); 2.00 MB (+0.148) - afterRender 4.Application 0.678 seconds (+0.199); 2.00 MB (+0.148) - afterRender
Joomladay 2013 South Africa 87
8. Performance Overclocking
$ sudo raspi-config
8. Performance Overclocking
Before
Application 0.678 seconds (+0.210); 2.00 MB (+0.151) - afterRender Application 0.649 seconds (+0.171); 2.05 MB (+0.153) - afterRender Application 0.579 seconds (+0.169); 2.00 MB (+0.151) - afterRender Application 0.596 seconds (+0.167); 2.00 MB (+0.151) - afterRender Application 0.620 seconds (+0.167); 2.00 MB (+0.151) - afterRender Application 0.583 seconds (+0.167); 2.00 MB (+0.151) - afterRender
Joomladay 2013 South Africa 90
After
8. Performance Cryogenics
Superconducting
computers
Cool
down RPi?
Fridge: RPi = small, but not enough room for beer :-( Not cool enough... < 123 K ( = 150 C, 238 F)
8. Performance My RPi
Every
My
PHP-FPM: fastcgi_pass to Unix Socket (not IP+port) Joomla: (progressive) cache (2.7 -> 1.4 sec) Alternative PHP Cache (1.4 -> 0.7 sec)
9. Security
9. Security 10 Aspects
1. Change default username pi & password 2. Backup !!! 3. Study logfiles (e.g. with Logwatch)
9. Security 10 Aspects
1. Change default username pi & password 2. Backup !!! 3. Study logfiles (e.g. with Logwatch) 4. Block ssh root login ! 5. Block portscans -> Firewall
9. Security Firewall
{checkFirewall} peter@rpi~$sudoiptablesL ChainINPUT(policyACCEPT) target protoptsource ChainFORWARD(policyACCEPT) target protoptsource ChainOUTPUT(policyACCEPT) target protoptsource {createrulesforFirewall} peter@rpi~$sudonano /etc/iptables.firewall.rules
9. Security Fail2Ban
Scan
Filters
/etc/fail2ban/filter.d/
Regex ROOT LOGIN REFUSED, POSSIBLE BREAK-IN ATTEMPT!, Failed password etc...
Joomladay 2013 South Africa 105
9. Security Fail2Ban
{installFail2Ban} peter@rpi~$sudoaptgetinstallfail2ban Readingpackagelists...Done 0upgraded,6newlyinstalled,0toremoveand0not upgraded. Needtoget340kBofarchives. {checkfailedloginattempts} peter@rpi~$catfail2ban.log
2013040916:45:59,000fail2ban.actions:WARNING[ssh]Ban9.8.7.6
{checkFirewall} peter@rpi~$sudoiptablesL Chainfail2banssh(1references) target protoptsource DROP alltest123.example.com RETURN allanywhere destination anywhere anywhere
Joomladay 2013 South Africa 106
9. Security 10 Aspects
1. Change default username pi & password 2. Backup !!! 3. Study logfiles (e.g. with Logwatch) 4. Block ssh root login ! 5. Block portscans -> Firewall 6. Block scriptkiddies
/var/log/nginx/petermartin.nl.access_log
198.7.57.74 - - [30/Mar/2013:16:47:49 +0100] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 1565 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET /scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:54 +0100] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /web/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /webdb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
9. Security 10 Aspects
1. Change default username pi & password 2. Backup !!! 3. Study logfiles (e.g. with Logwatch) 4. Block ssh root login ! 5. Block portscans -> Firewall 6. Block scriptkiddies 7. SSL certificate for /administrator/ 8. Block phpmyadmin (allow 1 specified IP) 9. Backup !!! 10.Passwordless login? SSH shared keys
Peter Martin joomladagen.nl 20+21 april 2013
Questions?
Questions?
Presentation
is available at www.db8.nl
Used photos
Chinese Raspberry Pie nr.1 1 - Koen Mol http://www.sxc.hu/photo/346723 Switched On Tech Design - www.sotechdesign.com.au Bricks - Sharlene Jackson http://www.sxc.hu/photo/759981 Hotrod Dash - Peter Mazurek http://www.sxc.hu/photo/1341923 Greased Lightnin' - Donald Cook http://www.sxc.hu/photo/690214 File Overload - Bob Smith http://www.sxc.hu/photo/367985 Rusted Gears - Angelo Rosa http://www.sxc.hu/photo/1365696 Man Made - "csremedy" http://www.sxc.hu/photo/1267108 digital world - ilker http://www.sxc.hu/photo/1206711 Crazy Man in Shower - scott adams http://www.sxc.hu/photo/760765 laptop 2 - emre nacigil http://www.sxc.hu/photo/810741 Speedometer Abdulhamid AlFadhly http://www.sxc.hu/photo/1390189 Secure - Frank Khne http://www.sxc.hu/photo/962334 Professor Tiger - Gabriel Doyle http://www.sxc.hu/photo/526749 signs signs - Jason Antony, http://www.sxc.hu/photo/751034 Face - Questions - Bob Smith, http://www.sxc.hu/photo/418215 Joomladay 2013 South Africa 118