In this article I am going to be useing an ARM board as a webserver and use it to serve a site using Nginx. I will add Jekyll as a tool to update the website. This way the website maintenance can be kept easy and the site still serves static pages, what is good for performance. I choose nginx as a websever (and not e.g. apache), because nginx is a light and efficient server for static webpages and Jekyll as the web compiler platform, just because.
For the software I need, the repository contains outdated armhf versions, so they need to compile them from source. This requires a build environment with which it is easily build from. Those packages are more or less current in the repository.
For debian/ubuntu install this
sudo apt-get install build-essential curl sudo apt-get install libpcre3-dev libpcre++-dev zlib1g-dev libcurl4-openssl-dev libssl-dev
...
Configuring nginx is the same on ARM as is on x86. I still describe it, just to document what I did, in case I need it again. I needed to install nginx from source, as I wanted to use some features that are only available in recent versions (e.g. logging to syslog). Some extra work was needed while configuring, e.g. accounts. I did this on a Wandboard and on a RPi, both with Ubuntu 14.04 installed. The latest version of my webserver is running on a RPi+ and running ArchLinuxArm
I want nginx to use a low privileged user to run the websites. It seems that www-data as a username is commonly used for this, so why not. The package installer on ubuntu creates this account, but when installing from source it might not be there. On a fresh RPi you should also have your own unpriviledged account, so I create it here too. Creating a user manually is as easy as executing:
using the ubuntu wrapper scripts sudo adduser --system --no-create-home --group www-data or using the native useradd as in archlinux (here I create bith mu regular user for updating and the website user) sudo useradd --system www-user and sudo useradd --create-home -G wheel,www-data myuser sudo passwd myuser and create a new password
Let nginx know that it needs to use this user for serving webpages, only a small change in the nginx.conf file.
Open nginx.conf in the editor and find the line that starts with user and change the user to www-data.
sudo vi /etc/nginx/nginx.conf user www-data;
Nginx defaults to /usr/share/nginx/html for it's website. This is a good starting point, however for each virtual website I will create a new folder. In this example test.roheve.nl will be used. For ease of use, but still secure, I modify permision with chown so that the www-data group gets read access and my own user account gets r/w access. This is easy and simple.
ssh into your node (e.g. ssh [email protected])
$ cd /usr/share/nginx $ sudo mkdir test.roheve.nl $ sudo chown www-data:user test.roheve.nl $ ls -l drwxr-xr-x 2 user www-data 4096 Aug 17 12:00 test.roheve.nl
need a special file for dh cyphers, create it (this is a placeholder remark)
sudo openssl dhparam -out /etc/nginx/ssl/dh2048.pem 2048
Before installing and configuring my new webserver, I consulted blogs or forum posts listed below. This gave me enough info and idea's for my own endavour. Offcource I already ran a website with nginx (both on x86, until now my main site and on a RPi with just a 'hello world' site), but there I used the nginx from the repository and I build my webpages using a text editor.
The nginx version in the arm repositories are a bit old. I wanted to use 'log to a remote syslog server', which is a feature requiring a quite recent (1.7.1) version. With this feature I can still log website use but not wear-out the SD-card by writing logfiles to it.
.
Raspberry Pi Dev Setup with Nginx + PHP7
Static site generator using jekyll
Installing Nginx source from the nginx.org debian repository
creating users and groups on archlinux
.