Install software on your Raspberry Pi Install and configure Apache, PHP, and MySQL to create a LAMP web server Download WordPress and run it as a local website on your Raspberry Pi Configure WordPress and make your website accessible to other devices on your local network. This is where I effed up, so don’t you do it too. The FQDN name is the name of your Apache web server. For me, since I’m just running it locally, that would be the server name, like “raspberrypi” – if you kept the default. That server name is mapped to an internal IP, like 192.168.1.11 or something. Apache is a popular web server application you can install on the Raspberry Pi to allow it to serve web pages.
In my previous blog I installed Apache 2 on a raspberry Pi. To display more than simple HTML pages, you need to install and configure additional software such as a database server and scripting language PHP. For more convenience and security you can still arrange things like SSL. You do that as follows.You can install Apache web server yourself as described here.
Install a database server
Most sites do not consist of passive HTML pages, but retrieve their ever-changing content from a database. To store the content and other data in a database, you must install MySQL (or MariaDB) as database server.
During installation, a password is requested for the database user. After you have typed that in for confirmation again, the database server is ready for use. Wit the following command you can check if that is indeed the case.
Remember the database password well, because you will need it later, for example to create backups or new tables.
Install PHP
To install the language PHP you have to add some extra modules. This is why this command is a bit longer than the commands that you have typed so far.
and
To test if PHP is properly installed, you must first have a PHP page that you can run. To create such a page, you need an editor for editing text files. For beginners, nano is the easiest.
Then you can make a test page. At Apache, the files on the web server are in the directory by default.
In that directory you create a test page with the extension php.
Then type the following line.
Save the file (Ctrl + O) and close the editor (Ctrl + X). Then go to http://Servername/test.php with the browser. If all goes well, you will now see the system information of PHP. Because you probably do not want everyone to be able to view all the information about your web server, you remove that page after testing with the command.
Multiple websites
Usually you want to host multiple websites on a single web server. They all come in their own directory and work with their own database, so that they do not get in each other’s way. In this case you make with the command.
a directory for the test.com website, followed by the command.
goes to that directory and there with
the file index. html creates a default opening when someone visits a website.
In that index file you put the following content with nano:
Add A Website
You have created a separate directory for the new website, but Apache does not yet know what to do with it. In the directory
are the configuration files for the websites hosted by your Apache server. The configuration file for the new test.com domain must be created in that directory.
In the configuration file you set the following rules. At
enter your email address.
Then that configuration has to be added and loaded. With
(Apache 2 enable site) you add the site to the web server and with it
command recharges Apache the configuration. After this the site should be available.
If you go to http: //Servername/test.com with the browser, you should see the index page. If you have registered the domain name test.com and refer to the IP address of your web server, you should get the same result if you go to http://test.com.
Install SSL
The internet traffic between your web server and the browser of your visitors are not yet encrypted. Everyone who has access to that network traffic can therefore read everything and see what is being sent. Of course, you do not want that on pages with login details or payment information. That is why we need to encrypt this traffic. Nowadays this can be done in several ways: a difficult one, a reasonably easy one and a very easy one. Of course we take the easiest – and free – method and do it with Let’s Encrypt. You can let Let’s Encrypt arrange the certificates needed for encryption and also have all the settings necessary to secure internet traffic.
Thereby the file
in the directory
created in which port 443 is configured for secure SSL traffic. The normal data traffic via HTTP uses port 80, but the HTTPS protocol works with port 443. Fortunately, both HTTP and HTTPS are already enabled by the firewall, so that the secure data traffic is not stopped.
For optimal security, of course, you want all traffic that enters your web server via HTTP to be redirected to HTTPS. That is also what Let’s Encrypt sets for you in the configuration file
from your website. If you then go to https: // www. ssllabs.com/ssltest/analyze. html? d = test.com & latest, you can test if your site is indeed secure. If you go to http://test.com with your browser, you will see that you are automatically redirected to https://test.com. And more importantly: next to the url you will see a green lock to confirm the secure status of the web traffic.
Extend automatically
A Let’s Encrypt certificate has a maximum validity of 90 days, after which you normally have to renew the certificate manually. That is still possible for one website, but if you manage multiple sites, you do not want to run the risk of accidentally forgetting to extend one, which means your site will suddenly no longer be reachable safely. Fortunately, there is a possibility to automatically renew the certificate.
For this we create a system task, called Linux cronjob or crontab. With Cron (from the English word chronograph, a sort of stopwatch) you can perform tasks at a preset time. At the bottom of the list of existing tasks you add a new task to renew the certificates. In this case, that happens every morning at 7 a.m. If a certificate does not have to be renewed yet, nothing else happens.
Install the database manager
Now that the traffic from and to your web server is encrypted, you can continue with the database server. You have already installed it, but there is no management interface yet. Usually phpMyAdmin is used for this. Install this software with the following commands:
At the first screen, select apache2 by pressing the space bar and in the question to dbconfig- common you say yes. Then you have to enter a password to login to phpMyAdmin. The modules mcrypt and mbstring need to be explicitly allowed because phpMyAdmin needs them and they are not automatically installed. Then you have to restart Apache:
Then you can go to https: // test in the browser. com / phpmyadmin and you will be asked to log in. Use the password you just entered. You use root as the username.
By logging in at phpMyAdmin as root, you will manage the database as a kind of super-user. Just like with the management of the web server, this is absolutely undesirable in practice, especially not because that interface is often the target of attackers. If malicious people manage to hack the interface, they have total access to all your databases. This is prevented by better shielding phpMyAdmin. Open the php-MyAdmin configuration file with
And add the line with
to overrule the default settings later:
Restart the Apache server for the new settings:
Then you will ensure that only explicitly specified users can login to php-MyAdmin. There you create a .htaccess file in the phpMyAdmin directory for
containing the following content:
Save the file and create the file named .htpasswd with the permissible users:
for the first user and for every subsequent user the second command again, but without
. If you then go to https://test.com/ phpmyadmin, you will first have to log in as one of those users to access the interface.
Web server ready
Then the basic configuration of your web server is ready and your website is ready for use. If you want to work with a content management system (CMS), you can use phpMyAdmin to create a database for the relevant CMS package (for example WordPress, Jooma or Drupal) and specify its data when installing that package. Basically you now have a secure web server with all the basic functions – but also the possibility to extend that functionality where, how and when you want it.
DO YOU HAVE ANY QUESTIONS? LEAVE A COMMENT DOWN HERE.
This provides details of how to configure a Raspberry Pi as a webserver. This is similar to the guide to using Ubuntu as a LAMP webserver, but adds some of the things that need to be handled differently for the Raspberry Pi.
It is termed a LAMP server which is one of the most common configuration for webservers which standard for:
Linux – operating system
Apache – webserver (http) software
Mysql – database server (recently this is often replaced by Maria)
PHP or Perl – programming languages
This setup is probably overkill for most uses of the Raspberry Pi, but it is the setup that most users will be familiar with and is a good way to learn about setting up a webserver. If you want a more basic (less resource intensive) version then try Running a lightweight webserver on the Raspberry Pi
In this guide the configuration is done at the command line. This may not be quite as easy as clicking a few icons, but it has many advantages, including the ability to remotely manage and install the server. It also means that the computer can spend more of it’s time server up web pages and less processor time drawing a GUI, which is after all the whole point of a webserver.
Why run a web server on the Pi?
The Raspberry Pi is a low power computer and so is useful to use in place of a more power hungry computer; it's a great way to learn Linux through practical application and a good way to learn web programming.
The Raspberry Pi is useful as a device for collecting information from various sensors. A web server can be a good way of making that information available, perhaps via the Internet of Things (IoT).
You could use it as a dedicated network service for the home. Perhaps streaming videos / media etc.
Debian Linux
This is based on the Raspbian Raspberry Pi NOOBS image from Raspberry Pi download page.
To follow this then the Raspberry Pi will need to have an Internet connection. These instructions assume that it is physically connected to a home router.
Security
The first priority is to make the Raspberry Pi a little more secure. The image includes a default username and password, which once connected to the Internet would allow anyone to login and have free roam of the device.
To change the password for the pi user after logging in issue
passwd
and follow the prompts for changing the password.
You may also want to add your own username. I have used user1 as the username, but typically this will be a persons name. You can skip this and go straight to the performance / networking steps if this is not required.
This will add a new user and change their password.
Here you will see the first use of the sudo command which we will be using a lot. As used above the sudo command allows the user to issue a command as the superuser. Without using the sudo command this would fail as regular users are not allowed to create other users. This is a security feature that protects the system from other users, but also limits the amount of damage that a user can do by mistake (although if prefixed with the sudo command it will not help against accidents).
The new user will need to be added to certain groups to allow the same privileges that the pi user had.
You can add the new user to the groups using the usermod command or you can edit the file directly. I’ve done the following by editing the file so that you can see the file (it’s also arguably a little quicker as you can make multiple changes whilst editing the file). Please be aware that when editing files like these a mistake can result in not being able to login.
There are two command line text editors. The nano editor is the easiest for new users (so that’s what I’ve referred to below), but I do recommend learning the vi text editor as it is useful tool that is installed on all linux systems. If you are familiar with vi then replace nano with vi for the rest of this guide.
sudo nano /etc/group
Go through the file adding ,user1 to the end of all of the groups that pi is in.
egadm:x:4:pi,user1
Use CTRL-O to save and CTRL-X to quit after editing the file.
The most important is the admin entry as without that the user will not be able to run sudo and hence perform any system administration. Of course if you want to add a different user and don’t want to give them admin access then you don’t need to make any updates to the /etc/group file.
type
exit
to logout and now login under the new username to check that it is working correctly.
By default the shell for the new user is the bourne shell. The bash shell is an improvement on that allowing the user of the arrow keys on the command line and autocompletion.
To set the default shell for you new account (when logged in under that account) use:
chsh -s /bin/bash
You could now remove the pi username if it is no longer required.
Raspberry Pi Home Server
userdel pi
This is just the initial stages in making the Pi more secure. There are other aspects to Linux security including making sure that appropriate security fixes are applied as they become available (eg. apt-get update).
Performance tuning the operating system
Performance tuning is something that you would normally leave until later, but in the case of the Raspberry Pi there is an single option that can be done to improve performance for servers. By configuring it here we can let it get picked up by the reboot later saving us from having to reboot the server.
The Raspberry Pi has up to 1Gb of RAM. This RAM is however shared between the graphics and main system memory. By default 64Mb is allocated to graphics. This is overkill if you don’t plan to run the graphical interface (or rarely) as in the case of a server. To reduce the amount of memory available for graphics to 32MB enter usesudo raspi-config and see the memory split option under advanced options.
This requires a reboot to take effect, but we will be rebooting later, so there is no need to reboot at this point.
Setting up networking
The next step is to give the Raspberry Pi a static IP address. This is a little more complex as it depends upon your own setup and what router you have on how to achieve this.
By default the Raspberry Pi will request a dynamic IP address which is issued by your router as required. This however may change in future which would make it hard to connect to the webserver. Instead we provide it with an address that doesn’t change such as 192.168.1.4.
Note that this address can be used on the local network, but not on the Internet – later you will see how to provide access through your router / firewall from the Internet.
First find out what DHCP address has been allocated by using the ifconfig command – see the extract below
This is saying that the ethernet port 0 – has an IP address of 192.168.1.110
You will also need to find out what address your router is, using the route command
This shows that the router IP address (Gateway) is 192.168.1.1 and all traffic is sent via that router.
At this point you will also need to check on what address range is being issued by the router for dynamic (DHCP) requests. This depends upon the individual router. In my case I have a Belkin Wireless Router which can be reached by pointing a web browser to the IP address of the router 192.168.1.1
The LAN settings are shown below:
In this case the local network has valid addresses from 192.168.1.1 to 192.168.1.254. The router is at address 192.168.1.1 and any DHCP requests will be given entries between 192.168.1.100 and 192.168.1.150 (you can change the range of the DHCP addresses if required). I have used 192.168.1.4 for this server.
To change to static IP address you should look in the /etc/dhcpcd.conf file which allows you to specify static addressing.
add the following entries to the bottom of the file
Note that for the domain_name_servers entry I have used the Google DNS servers, but you may prefer to use your local router or ISP DNS servers.
Whilst you can dynamically reload the network interface I suggest a reboot at this stage to make sure that the configuration is correct.
sudo reboot
After logging in check using ifconfig to confirm that we have a static ip address
Enabling ssh
SSH (Secure Shell) is a network protocol that allows you to login and control the computer through the command line remotely. As the name suggests it is secure as it encrypts communication across the network (so that others cannot see your password etc). It also has some great features such as tunnelling, which we won’t go into here.
The ssh server is installed on the default image but needs to be enabled so that it starts at boot time. You can enable/disable the ssh server using sudo raspi-config.
You can now connect to the Raspberry pi remotely (on the same network) via ssh.
If you have another linux computer on the network then from a terminal run
ssh 192.168.1.4
which will login with the same username. If you want to use a different username then prefix that before the ip address with an @ sign.
egssh user1@192.168.1.4
SSH is also included on a MAC so you can use the same commands as above.
If you want to connect from Windows then there are several options, but I suggest the open source software Putty.
Making the server available on the Internet
Apache Web Server On Raspberry Pi
Next we are going to configure the router to allow ssh logins and web traffics through its firewall to the Raspberry Pi.
You did remember to change the default password for the pi username didn’t you! If you haven’t already changed the default password then do it now otherwise anyone will be able to login to your Raspberry Pi.
As a home user the ip address used on your local network is a private address range that will not work over the Internet. Instead your ISP will provide a single dynamic IP address which is used by the router. To allow traffic to flow from the Internet to your Raspberry Pi needs the IP address of the Pi to be made to look as though it is from the router. This is a process called Network Address Translation (NAT).
The ports that need to be allowed through are port 80 (http) and if you would like to be able to login to the computer from the Internet then port 22 (ssh).
To do this you will need to consult the instructions on your router. In the case of my Belkin router this is through the Firewall > Virtual servers settings (see below), but Netgear this is Advanced > Security > IP Forwarding.
DNS
The final stage is to have a DNS entry point at your router’s IP address. Unless you have a fixed IP address from your provider then your IP address can change. I use DuckDNS.
Install apache webserver
The Apache webserver is available to download from the Debian repositories. This can be done through the apt tools.
First have you refreshed the software repositories? If not run sudo apt update to make sure that it knows about any new packages / versions available.
Apache is installed by entering the followingsudo apt install apache2
Install Maria (mysql replacement)
In the past the Mysql database server was used by most distributions. Since mysql is now managed by Oracle many distributions (including Debian on which Raspbian is based) have now moved to the similar Maria database software. Maris can be isntalled from the software repositories using:
sudo apt install mariadb-server
During the install there is a prompt request for a password.
The password is for the mysql root user and it is strongly recommended you choose an appropraite password.
Install PHP
In the past Perl was frequently used for web programming, but since then PHP gained popularity for being easier to integrate into web pages. Python is also gaining popularity for web programming. For Python there are two different versions, the old Python (which is what runs when you just type python) and the new (recommended) Python which is version 3 (run by entering python3).
You can install all these different programming languages and then just pick and choose based on your particular needs.
The good new is that Perl (version 5) and Python (version 2.7 and 3) are installed as part of the operating system so you will just need to install PHP.
The following commands will install PHP version 5 and the mysql libraries to allow PHP to access the maria database. Note this is not a typo, the PHP libraries are written for mysql, but work the same with MariaDB.
Setup complete
Once the setup is complete you can access the web page by pointing your browser to the router IP address or DNS entry.
You should get a page back stating that it works, but that there is no content loaded.
To test that the webserver and PHP are working correctly then delete the file /var/www/html/index.html and create a file /var/www/html/index.php with the contents of this page.
The file will need to have appropriate permissions; in particular for a php executable file then it needs to have read and execute permissions.
Assuming you also want others in the group to be able to edit the files then for a regular file use:sudo chmod 664 filename
for an executable file (eg. .php) use:sudo chmod 775 filename
Raspberry Pi Apache2
Note that the filename of the link ends in .txt to prevent my webserver from running this, you should have the file ending with .php so that the file is run as a PHP script.
This guide has been updated for Raspbian Stretch (available from August 2017). If you are using a different version then the install steps may be different. For example with Debian Wheezy the html director was /var/www instead of /var/www/html