.
.

Raspberry Pi Web Server (and webcam) - made fairly simple!


The "Raspberry Pi User Guide"  (Upton & Halfacree) is not very helpful because:

    a) a simple server does not need an entire "LAMP STACK"
    b) Apache is a bit 'heavyweight' and simpler servers are better for Raspberry Pi
    c)  The guide does not address FTP, or the network addressing issues
    d)  The guide tends to dismiss the straightforward use of the default www directory

A lot of 'wiki's, 'man's and forums also contain relevant pages, but they confused me!  So this is an effort to set down the most straightforward steps to a secure set-up, based on the Raspbian distribution. It  assumes that your service-provider has given you a static  IP address.  First determine this (Google "my ip address")

1.  Before doing anything else, attend to user/password-management.  If the pi password is still "raspberry" then change it.  And   create a new user account <newuser> (without administrator privileges) for site ownership.  Note that <newuser> will not have sudo privileges, so remain logged in as 'pi' at this stage.  Don't bother about 'groups'.   The set-up procedures that follow provide security for the 'pi' and for the website.  Only <newuser> will have write-access to the site files (with 744 permissions), and <newuser> will have no write-access to other folders.   

2.  Though it's not actually essential, it's desirable to register a domain.  (This one is davidandkay.me.uk)  It's an easy matter to set DNS translation to your IP address through the registrars control panel.

3.The Raspberry Pi itself must have a static address on the internal network.  That is set by the file /etc/network/interfaces, and the default entries must be changed using 'sudo nano /etc/network/interfaces' as follows -

    In the line commencing 'iface', change 'DHCP' to 'STATIC'
    then add the lines        address 192.168.0.20  (or whatever you choose for the static address)
                                        netmask 255.255.255.0
                                        gateway 192.168.0.1  (your router address)

And then restart

4.  The router must be set up to direct inbound services (http, ftp, ssh) to the Raspberry Pi static address.  On Netgear that is set via 'Firewall Rules'.

5.  Now install nginx  ( En-gin-x) and vsftpd (e.g. using Synaptic)

6.  The nginx server will immediately delver it's placeholder welcome page via the default index.html file located at /usr/share/nginx/www

        (and it is then possible to install your own site in this folder by copying files as 'root' from a memory stick.  But it's better to set up ftp as follows so that the live, headless server can be updated at will. )

7.  FTP operation requires small changes in the vsftpd.conf configuration file. Use 'sudo nano /etc/vsftpd.conf'

      Change anonymous_enable=YES to anonymous_enable=NO, Uncomment local_enable=YES and write_enable=YES,   then go to the bottom of the file and add  force_dot_files=YES .  Also add local_root=/usr/share/nginx/www . 

Save and restart
       

8.  Now   FTP will only work for file transfers if the ownership/permissions for nginx and vsftpd are consistent. The default state needs changing. 

9  So set <newuser> as the owner of the directory - sudo chown -R <newuser>  /usr/share/nginx/www .  Then set  file permissions  to '744'  -  sudo chmod 744  /usr/share/nginx/www . Only <newuser> will be able to write to the directory and view the file-structure.

10.  Set <newuser> as the 'user' in the first line of the nginx.conf file using sudo nano  /etc/nginx/nginx.conf

Now (after a restart) Filezilla will have access to the site directory by logging in as <newuser>, and the site can be put in place and maintained using ftp.

( Note that Raspberry Pi itself can run Filezilla - giving other ways of transferring files by ftp.