Roel's Praathoek - ARM - Build a blog engine with Nginx

Introduction

In this article I am going to be useing an ARM board as a webserver and use it to serve a site using Nginx. I will add Jekyll as a tool to update the website. This way the website maintenance can be kept easy and the site still serves static pages, what is good for performance. I choose nginx as a websever (and not e.g. apache), because nginx is a light and efficient server for static webpages and Jekyll as the web compiler platform, just because.

Preparing the RPI build environment

For the software I need, the repository contains outdated armhf versions, so they need to compile them from source. This requires a build environment with which it is easily build from. Those packages are more or less current in the repository.

Build tools

For debian/ubuntu install this

sudo apt-get install build-essential curl
sudo apt-get install libpcre3-dev libpcre++-dev zlib1g-dev libcurl4-openssl-dev libssl-dev

Nginx from source

...

Configuring the website(s) as a virtual server

Configuring nginx is the same on ARM as is on x86. I still describe it, just to document what I did, in case I need it again. I needed to install nginx from source, as I wanted to use some features that are only available in recent versions (e.g. logging to syslog). Some extra work was needed while configuring, e.g. accounts. I did this on a Wandboard and on a RPi, both with Ubuntu 14.04 installed. The latest version of my webserver is running on a RPi+ and running ArchLinuxArm

User and Access

I want nginx to use a low privileged user to run the websites. It seems that www-data as a username is commonly used for this, so why not. The package installer on ubuntu creates this account, but when installing from source it might not be there. On a fresh RPi you should also have your own unpriviledged account, so I create it here too. Creating a user manually is as easy as executing:

using the ubuntu wrapper scripts
sudo adduser --system --no-create-home --group www-data
or
using the native useradd as in archlinux (here I create bith mu regular user for updating and the website user)
sudo useradd --system www-user
and
sudo useradd --create-home -G wheel,www-data myuser
sudo passwd myuser and create a new password

Let nginx know that it needs to use this user for serving webpages, only a small change in the nginx.conf file.

Open nginx.conf in the editor and find the line that starts with user and change the user to www-data.

sudo vi /etc/nginx/nginx.conf

user  www-data;

Nginx defaults to /usr/share/nginx/html for it's website. This is a good starting point, however for each virtual website I will create a new folder. In this example test.roheve.nl will be used. For ease of use, but still secure, I modify permision with chown so that the www-data group gets read access and my own user account gets r/w access. This is easy and simple.

ssh into your node (e.g. ssh [email protected])

$ cd /usr/share/nginx
$ sudo mkdir test.roheve.nl
$ sudo chown www-data:user test.roheve.nl
$  ls -l
drwxr-xr-x 2 user www-data 4096 Aug 17 12:00 test.roheve.nl

need a special file for dh cyphers, create it (this is a placeholder remark)

sudo openssl dhparam -out /etc/nginx/ssl/dh2048.pem 2048

HowTo

Before installing and configuring my new webserver, I consulted blogs or forum posts listed below. This gave me enough info and idea's for my own endavour. Offcource I already ran a website with nginx (both on x86, until now my main site and on a RPi with just a 'hello world' site), but there I used the nginx from the repository and I build my webpages using a text editor.

The nginx version in the arm repositories are a bit old. I wanted to use 'log to a remote syslog server', which is a feature requiring a quite recent (1.7.1) version. With this feature I can still log website use but not wear-out the SD-card by writing logfiles to it.

.

.

42

Answer to the Ultimate Question of Life, the Universe, and Everything.

World IPv6 Launch

RoHeVe - Roel's Praathoek - Persoonlijke Site

Creative Commons LicenseThis work by Roelof Heuvel is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.