Raspberry Pi3(Raspbian/Ubuntu) as Webserver – Complete Guide-Installing (NGINX,CLOUDFLARE,WORDPRESS) Final part


For setting up cloudflare and also to make the website publish online.
Few things to remember from the last part is that we are done configuration of server but not hosting it.
First thing to do here is to get your raspberry pi to work out of your network.hence port forwarding needs to be done.
For that you need to enter router, type http://192.168.1.1 – this will make you enter the router setup.
Go to the advanced setup or settings, there you will see the port forwarding – enable the service and enter the ip address of raspberry of your network.(192.168.1.X)
Now its time to test it out.So, get your public ip and try it in browser.(eg:157.51.235.140)
You will be able to see your wordpress website in this address.
Actually, this ip address is not static and will change with respect to time in home network, hence we need cloudflare and its ddns service to enable the website running at 24×7.
So, we are signing up cloudflare -> cloudflare.com
Add your website or domain you have bought, change the dns nameservers in your domain management service.
Probably its easier to do than explaining it.
Now, go to crypto tab in the cloudflare and change it as like this.
SSL – flexible and kindly follow the steps to configure rightly
Now to generate orgin certificate click, create certificate.you will get a pop up like this.
verify that your domain is correct and click next. This step is the most important one.
You will get two content in pem format – orgin certificate and privatekey.
Now you have to copy the content into raspberry pi.
Copy orgin certificate content into sudo nano /etc/ssl/certs/yourdomain.com.pem
then private key into sudo nano /etc/ssl/certs/yourdomain.com.pem.key
After finishing it save both files and also download orgin pull certificate
Copy this file content into sudo nano /etc/ssl/certs/origin-pull-ca.pem
Save the file and enter the server configuration file, sudo nano /etc/nginx/sites-available/default
As we configured ssl and to enable it in the server,you need to make changes as follows – 443 server port enabling
The changes are
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/certs/yourdomainname.pem;
ssl_certificate_key /etc/ssl/certs/yourdomainname.pem.key;
ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
ssl_verify_client on;
Since it is the last configuration step, here by adding the complete server setup content for you.
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
 listen 80 default_server;
 listen [::]:80 default_server;

 # SSL configuration
 #
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 #
 # Note: You should disable gzip for SSL traffic.
 # See: https://bugs.debian.org/773332
 #
 # Read up on ssl_ciphers to ensure a secure configuration.
 # See: https://bugs.debian.org/765782
 #
 # Self signed certs generated by the ssl-cert package
 # Don't use them in a production server!
 #
 # include snippets/snakeoil.conf;

 root /var/www/html;

 # Add index.php to the list if you are using PHP
 #index index.html index.htm index.nginx-debian.html;
 index index.php index.html index.htm;
 # ssl_certificate /etc/ssl/certs/blog.techiebouncer.pem;
        # ssl_certificate_key /etc/ssl/private/blog.techiebouncer.pem;
        # ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
 

 server_name blog.techiebouncer.com;

 ssl_certificate /etc/ssl/certs/blog.techiebouncer.com.pem;
        ssl_certificate_key /etc/ssl/certs/blog.techiebouncer.com.pem.key;
 ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
        ssl_verify_client on;       
 location / {
  # First attempt to serve request as file, then
  # as directory, then fall back to displaying a 404.
  #try_files $uri $uri/ =404;
  try_files $uri $uri/ /index.php?$args;

 }

 # pass PHP scripts to FastCGI server
 #
 location ~ \.php$ {
  include snippets/fastcgi-php.conf;
 #
 # # With php-fpm (or other unix sockets):
  fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
 # # With php-cgi (or other tcp sockets):
 # fastcgi_pass 127.0.0.1:9000;
 }

 # deny access to .htaccess files, if Apache's document root
 # concurs with nginx's one
 #
 #location ~ /\.ht {
 # deny all;
 #}
    location ~ /admin/.*\.php$ {
       allow 192.168.0.0/24;
       deny all;
       include snippets/fastcgi-php.conf;
       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
    }
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
#  try_files $uri $uri/ =404;
# }
#}
We are on the verge of completing this project, two simple steps more to complete it.
Now to update the ip address into the cloudflare we need to install ddclient
Before going ther install sudo apt-get install gnome-schedule
This helps in running cron tab graphically.
Now install ddclient sudo apt-get install ddclient.
Once it’s installed, a few prompts will pop up. It doesn’t really matter what you enter into the prompts. The prompts are used to created a configuration file for you, but we’re going to replace that configuration file anyway.
To edit ddclient’s configuration file, enter sudo nano /etc/ddclient.conf. Here’s the content of the config file for your convenience:
/etc/ddclient.conf
daemon=3600
 cache=/tmp/ddclient.cache
 pid=/var/run/ddclient.pid
 protocol=dyndns2
 use=web
 server=api.cloudflare.com/client/v4
 ssl=yes
 login=yourcloudflareemail
 password=gloablcloudflareapi
 zone=yourdomain
 yourdomain
Change the your domain name and cloudflare api and now its ready for running.Now, test it out with the command.
ddclient -daemon=0 -debug -verbose -noquiet
If this runs without an error everything is fine and we are ready for final step.
final step is of two part, installing wordpress plugins, you need to install two plugins – cloudflare and RealSimpleSSl
In cloudflare you need to login and enable cache control and SSL plugin doesn’t require any work.
Last step is to maintain smooth running, add restarts to task schedular.
Open Gnome schedular in raspberry pi.
Since i have been testing it for few days, i found php is not starting after reboot and also when the ip changes hence to resolve it – i have added the commands to restart after every hour and also after every reboot.
Also updating public ip every minute.
To your surprise the content you are reading now is already running on the raspberry pi…Hope you love it.

Post a Comment

0 Comments