跳到主要內容

Raspberry Pi 4 伺服器軟體設定


按照之前的步驟把 Ubuntu 18.04 安裝好到 Raspberry Pi 4,還用上了 SSD 作為主要儲存媒體。下一步便是安裝所需軟件。在這之前,先做一下更新,確保所有資源都是最新。在 Raspberry Pi 4 上登入 Console 並輸入:
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt dist-upgrade
$ sudo reboot

$ sudo apt-get install ubuntu-desktop
$ sudo apt-get install -y xterm

$ sudo apt-get install python3.7
$ sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1
$ sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.7 2
$ sudo update-alternatives --config python3
為了安全起見,先建立一個新用戶並把它加到 sudo 群組。往後就是用這個帳號來做設定:
$ sudo adduser sitachan
$ sudo usermod -aG sudo sitachan
這時回到 macOS 的 Terminal,測試新帳號能否登入:
$ ssh sitachan@192.168.1.100
$ exit
除了使用密碼登入 SSH 外,還可以 SSH Key 來登入,能省卻了輸入密碼的步驟。在 macOS 的 Terminal 下輸入:
$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/home/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/home/.ssh/id_rsa.
Your public key has been saved in /Users/home/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:4CQn536JOnKchPefJ9XZdK6nGKzP92hbqto8VfIwPSI home@MacBook-Pro-2019-Pacess.local
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|    o =        . |
|     O .   E .=.+|
|   .  o S  ..+.O.|
|  . o. . ...o o o|
|   + oo o.  o. ..|
|  . =......=.o++.|
|   o.. .ooooB===.|
+----[SHA256]-----+
這時生成了一組登入密匙,下一步是把它安裝到 Raspberry Pi 4 上:
$ ssh-copy-id sitachan@192.168.1.100

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/home/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
sitachan@192.168.1.100's password: 

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'sitachan@192.168.1.100'"
and check to make sure that only the key(s) you wanted were added.
嘗試再登入一次。今次不用輸入密碼了:
ssh sitachan@192.168.1.100
接著是正式的安裝步驟。先安裝 MySQL:
$ sudo apt install mysql-server
$ sudo mysql_secure_installation
MySQL 也同樣建立新的登入帳號和資料庫給 Laravel 使用:
$ mysql -u root -p

mysql> GRANT ALL ON *.* TO 'sita'@'localhost' IDENTIFIED BY 'Password';
mysql> GRANT ALL ON *.* TO 'sita'@'%' IDENTIFIED BY 'Password';
mysql> CREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
mysql> GRANT ALL ON laravel.* TO 'laraveluser'@'localhost' IDENTIFIED BY 'Password';
mysql> FLUSH PRIVILEGES;
mysql> quit
另外要把 MySQL 的綁定地址由 127.0.0.1 修改為 0.0.0.0:
$ sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
$ sudo service mysql restart
$ sudo ufw allow from any to any port 3306 proto tcp
安裝 Nginx 及配件:
$ sudo apt install nginx nginx-extras
安裝防火牆:
$ sudo ufw app list

Available applications:
  CUPS
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH

$ sudo ufw allow 'Nginx Full'
$ sudo ufw enable
$ sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
3306/tcp                   ALLOW       Anywhere                  
8888/tcp                   ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
3306/tcp (v6)              ALLOW       Anywhere (v6)             
8888/tcp (v6)              ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)             
Ubuntu 18.04 跟機的是 Python 3.6,要把它換成 Python 3.7:
$ sudo apt install python3.7 python3.7-dev
為了不讓項目的模組互相干擾,需要用到 virtualenv 把它們分隔:
$ sudo apt install python3-pip python3-dev virtualenv
$ virtualenv -p python3.7 jupyter-env
$ . jupyter-env/bin/activate
有了 Python 3.7 及進入了 virtualenv 後,就是安裝不同的模組了:
(jupyter-env) sudo apt-get install libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev
(jupyter-env) sudo apt-get install python3-dev python3-setuptools
(jupyter-env) sudo apt-get install libtiff5-dev libjpeg8-dev libopenjp2-7-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python3-tk libharfbuzz-dev libfribidi-dev

(jupyter-env) /home/sitachan/jupyter-env/bin/python3 -m pip install --upgrade pip
(jupyter-env) /home/sitachan/jupyter-env/bin/python3 -m pip install --upgrade Pillow
(jupyter-env) /home/sitachan/jupyter-env/bin/python3 -m pip install python3-opencv
(jupyter-env) /home/sitachan/jupyter-env/bin/python3 -m pip install pandas
(jupyter-env) /home/sitachan/jupyter-env/bin/python3 -m pip install Cython
有部份模組無法用 PIP 安裝,需要由 source code 編譯,像是 Matplotlib:
(jupyter-env) cd ~/Downloads
(jupyter-env) git clone https://github.com/matplotlib/matplotlib
(jupyter-env) cd matplotlib/
(jupyter-env) /home/sitachan/jupyter-env/bin/python3 setup.py build
(jupyter-env) sudo /home/sitachan/jupyter-env/bin/python3 setup.py install
還有 Scipy:
(jupyter-env) cd ~/Downloads
(jupyter-env) git clone https://github.com/scipy/scipy.git
(jupyter-env) cd scipy/
(jupyter-env) /home/sitachan/jupyter-env/bin/python3 setup.py build
(jupyter-env) sudo /home/sitachan/jupyter-env/bin/python3 setup.py install
到安裝 Jupyter 了:
(jupyter-env) pip3 install Cython --install-option="--no-cython-compile"
(jupyter-env) pip3 install pyzmq
(jupyter-env) pip3 install jupyter

(jupyter-env) jupyter notebook password
(jupyter-env) which jupyter-notebook
(jupyter-env) mkdir /home/sitachan/Documents/Jupyter-notebook
設定以下內容:
(jupyter-env) sudo vi /etc/systemd/system/jupyter.service

[Unit]
Description=Jupyter Notebook

[Service]
Type=simple
PIDFile=/run/jupyter.pid
ExecStart=/bin/bash -c ". /home/sitachan/jupyter-env/bin/activate;jupyter-notebook --notebook-dir=/home/sitachan/Document”s/Jupyter-notebook
User=sitachan
Group=ubuntu
WorkingDirectory=/home/sitachan/Documents/Jupyter-notebooks
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
重新啟動 Jupyter,它會出現在 http://192.168.1.100:8888/:
(jupyter-env) sudo systemctl enable jupyter.service
(jupyter-env) sudo systemctl daemon-reload
(jupyter-env) sudo systemctl start jupyter.service
(jupyter-env) systemctl status jupyter.service 
新的 Raspberry Pi 4 上其中一個功能是提供 VPN 服務。使用的是 L2TP 通訊格式。安裝方法如下:
(jupyter-env) wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
安裝完成後會看到以下畫面:
================================================

IPsec VPN server is now ready for use!

Connect to your new VPN with these details:

Server IP: 17.172.224.47
IPsec PSK: akZVHfUFCNXJedSA8f3d
Username: vpnuser
Password: ce5XKjNJAKHLMt2D

Write these down. You'll need them to connect!

Important notes:   https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients

================================================
上面的 vpnsetup.sh 已自動建立了一個 VPN 帳號。為了安全考慮,要把帳號更改一下。先修改 PSK 密碼。在 Password 輸入自己的密碼並儲存:
(jupyter-env) sudo vi /etc/ipsec.secrets

%any  %any  : PSK "Password"
然後設定帳號:
(jupyter-env) sudo vi /etc/ppp/chap-secrets

"pacess" l2tpd "Password" *
"sitachan" l2tpd "Password" *
儲存後重新啟動 VPN 服務:
(jupyter-env) sudo service xl2tpd restart || sudo systemctl restart xl2tpd
(jupyter-env) sudo service ipsec restart || sudo systemctl restart ipsec
建立網頁服務:
(jupyter-env) sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/www.pacess.com
(jupyter-env) sudo vi /etc/nginx/sites-available/www.pacess.com

server {

   root /var/www/www.pacess.com/public;

   # Add index.php to the list if you are using PHP
   index index.php index.html;

   server_name pacess.com www.pacess.com;

   location / {
      # First attempt to serve request as file, then
      # as directory, then fall back to displaying a 404.
      try_files $uri $uri/ /index.php?$query_string;
   }

   # pass PHP scripts to FastCGI server
   #
   location ~ \.php$ {
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_index index.php;
      fastcgi_split_path_info ^(.+\.php)(.*)$;
      include fastcgi_params;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   }

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   location ~ /\.ht {
      deny all;
   }
}

(jupyter-env) sudo ln -s /etc/nginx/sites-available/www.pacess.com /etc/nginx/sites-enabled/
(jupyter-env) sudo systemctl reload nginx
安裝 Certbot:
(jupyter-env) sudo add-apt-repository ppa:certbot/certbot
(jupyter-env) sudo apt-get update
(jupyter-env) sudo apt-get install python-certbot-nginx
(jupyter-env) sudo certbot --nginx -d pacess.com -d www.pacess.com

參考:
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04#step-4-—-obtaining-an-ssl-certificate
https://computingforgeeks.com/build-ipsec-vpn-server-with-ipsec-l2tp-and-cisco-ipsec-linux/
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804

留言

這個網誌中的熱門文章

After Effects 下的影片加速

Fast Forward in After Effects

很久很久沒有剪片了。今個星期接了一個項目,替客人製作兩段影片作為報告之用。雖然這個項目沒有難度,但步驟很多。總算完成了第一段。要在 iPad 中為動畫編程,然後錄下模擬器的動畫,把影片裁好後,還要將原來 2 分 17 秒的影片濃縮到 8 秒。否則看報告的人必然睡著。花了一點時間,才找到影片加速的方法。在 Composite 中點右鍵,選 Time 內的 Time Stretch 後,輸入最終想要的時間長度。

連接 PSVR 到 MacBook Pro

一兩個星期前,在 PS4 Pro 上安裝了 Littlstar 軟件去播放儲存在 USB 的立體影片。豈料今天在自動更新過後,這個免費的軟件現在只能播放兩分鐘,若要播放完整影片,則需要以訂購方式每月付費,或一次過給 US$39.9。對於 Littlstar 這個吸金方法,讀取 USB 影片要收費、官方內容又太少的情況下,很多人亦因此離開,尋找其他方法。其中一個方法是把 PSVR 連接到 macOS 上看。

方法是利用 https://github.com/emoRaivis/MacMorpheus 這個開源程式。先開著 PS4 Pro 及 PSVR,然後如上圖把線重新連接,這樣就能把 MacBook Pro 的畫面投射到 PSVR 上。

Python 按鍵檢測程式

完成了計數器程式後,接著是測試按鍵的程式。程式用來確保接線無誤之外,同時測試怎樣檢測會來得順暢,甚至是確保按鍵時的噪訊處理。以前開發遊戲程式時,在讀取搖桿訊號時會出現噪訊。例如按鍵時,從系統收到的訊號很多時候會像是 0000010101111111,而不會是 000000111111 這麼乾淨。這是硬件無法處理的情況,需要從軟件方面修正。Raspberry Pi 同樣有這種情況。

兩顆按鈕的接線非常簡單,一邊接地,另一方接 GPIO。在網上了解過後,我決定用較多人用的 BCM 作為 GPIO 的編號格式。同時選用了位於接口群右下方的 #20 及 #21 號腳;地線也選用了上兩格的 #18 號腳。它們位於外殻邊沿,能減少阻礙或鬆脫而導致接觸不良。焊接工作很快地完成了。正常來說,按鍵線路需要加入「上拉」或「下拉」設計,我曾向朋友 Peter 請教,了解兩者的分別及用法。主要都是用來確保未按鍵時的值,就像軟件中的 Initialise 一樣。然而,Raspberry Pi 已經內鍵了這兩種設計,GPIO.setup() 就是決定針腳是「上拉」或「下拉」。

我測試了兩款在 Raspberry Pi 的 Python 中的按鍵檢測方法。第一種 GPIO.wait_for_edge() 是等候按鍵時會一直停著,直到狀態成立才能繼續,套用到 #21 號腳;第二種 GPIO.add_event_detect() 是事件方式,當按鍵發生時會直接跳到已登記的程式,套用到 #20 號腳。#!/usr/bin/python ##------------------------------------------------------------ ## AMIGO Camera Button Test ## Copyright Pacess Studio, 2015. All rights reserved. ##------------------------------------------------------------ import RPi.GPIO as GPIO import time ##------------------------------------------------------------ def buttonPressed(channel):…