Sammy El Takriti

Tag: Arch Linux

  • How to install a web server on Arch Linux

    You have installed Arch Linux, great. Now what about installing a web server to display your personal website, for example?

    In this post, I explain step-by-step how to install and configure WordPress. For this, you need four components, commonly called “the LAMP stack”. It is a “stack” because each level derives off its base layer. The letters in LAMP refer to four layers:

    • L for Linux, the operating system. This should be done already – if not, read this post and come back here.
    • A for Apache. This is the web server, the software that receives the HTTP requests and sends back the responses to the clients that want to see your website on their browser.
    • M for MySQL. This is the database that contains your blog posts, users, comments, and anything else that WordPress needs in a database format.
    • P for PHP. This is the part that dynamically interacts with ???

    Apache

    The Apache HTTP Server is a free and open-source cross-platform web server software.

    Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Some common language interfaces support Perl, Python, Tcl, and PHP. Popular authentication modules include mod access, mod auth, mod digest, and mod auth digest, the successor to mod_digest. A sample of other features include SSL and TLS support (mod ssl), a proxy module (mod proxy), a URL rewriter (implemented under mod rewrite), custom log files (mod log config), and filtering support (mod include and mod ext filter).

    Installing Apache on Arch Linux is straightforward, just run:

    sudo pacman -S apache

    Configuration

    /etc/httpd/conf is the folder that contain the configuration files

    /etc/httpd/conf/httpd.conf is the main configuration file, which includes various other configuration files

    # Uncomment to enable virtual hosts:
Include conf/extra/httpd-vhosts.conf

    /etc/httpd/conf/extra/httpd-default.conf contains default settings

    # To hide server information like Apache and PHP versions:
ServerTokens Prod
# To turn off your server's signature:
ServerSignature Off

    PHP

    sudo pacman -S php php-apache install PHP

    # Comment this line:
#LoadModule mpm_event_module modules/mod_mpm_event.so
# Uncomment this line:
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

# Place this at the end of the LoadModule list:
LoadModule php_module modules/libphp.so
AddHandler php-script .php

# Place this at the end of the Include list:
Include conf/extra/php_module.conf

    To test whether PHP was correctly configured:

    Virtual hosts

    <VirtualHost *:80>
    ServerName *example.com*
    ServerAlias *www.example.com*
    ServerAdmin *example*@*example.com*
    DocumentRoot /srv/http/*example*

    ErrorLog /var/log/httpd/*example*-error.log
    CustomLog /var/log/httpd/*example*-access.log combined
</VirtualHost>

    User directories

    User directories are available by default through http://localhost/~*username* and show the contents of ~/public_html (this can be changed in /etc/httpd/conf/extra/httpd-userdir.conf).

    mkdir $HOME/public_html

    touch $HOME/public_html/index.html

    chown user:http $HOME $HOME/public_html $HOME/public_html/index.html

    chmod 750 $HOME $HOME/public_html $HOME/public_html/index.html give only read (descend into) permission to the web server user for the home directory and the user directory

    TLS

    ServerName www.example.com

# Uncomment:
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

    Set up an HTTP-to-HTTPS redirection to force HTTPS:

    <VirtualHost *:80 [::]:80>
    # Redirect all traffic to HTTPS
    Redirect permanent / <https://example.com/>

    Certbot

    The plugin certbot-apache provides an automatic configuration for the Apache HTTP Server. This plugin will try to detect the configuration setup for each domain. The plugin adds extra configuration recommended for security, settings for certificate use, and paths to Certbot certificates.

    certbot comes with a systemd certbot-renew.service, which attempts to renew certificates that expire in less than 30 days. If all certificates are not due for renewal, this service does nothing.

    sudo cp -r /etc/httpd/conf /etc/httpd/conf.bak backup configuration files

    # Uncomment:
LoadModule rewrite_module modules/mod_rewrite.so

    sudo pacman -S certbot-apache install plugin

    sudo certbot --apache get a certificate and configure Apache automatically

    sudo chmod 700 /etc/letsencrypt/archive

    sudo chmod 755 /etc/letsencrypt/live

    sudo chmod 600 /etc/letsencrypt/live/example.com/privkey.pem

    sudo systemctl restart httpd

    Usage

    sudo systemctl start httpd.service run Apache

    httpd

    • -M dump a list of loaded static and shared modules
    • -t run syntax tests for configuration files only
    • -S show the settings as parsed from the config file (currently only shows the virtualhost settings)

    sudo apachectl configtest run a configuration file syntax test. It parses the configuration files and either reports Syntax Ok or detailed information about the particular syntax error. This is equivalent to apachectl -t.

    WordPress installation

    We are now ready to proceed with the last layer of the LAMP stack: WordPress itself.

    But we first need to tweak some configuration files for Apache and PHP.

    Apache

    Enable the Apache module unique_id_module that provides a magic token for each request guaranteed to be unique across all requests.

    # Uncomment:
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule rewrite_module modules/mod_rewrite.so
    Alias /wordpress "/srv/http/wordpress"
<Directory "/srv/http/wordpress">
        AllowOverride All
        Options FollowSymlinks
        Require all granted
</Directory>

    PHP

    sudo pacman -S php-gd WordPress needs php-gd to modify images

    # Uncomment:
extension=gd
extension=mysqli

# Change the maximum upload file size of the media library
; Maximum allowed size for uploaded files.
upload_max_filesize = 64M
; Maximum size of POST data that PHP will accept.
post_max_size = 64M

    MariaDB

    sudo pacman -S mariadb

    sudo mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

    sudo systemctl start mariadb.service

    sudo mariadb-secure-installation MariaDB installation with a number of recommended security measures, such as removing anonymous accounts and removing the test database

    sudo mariadb -u root -p login as root, and enter the commands:

    CREATE DATABASE wordpress;
GRANT ALL PRIVILEGES ON wordpress.* TO "example-user"@"localhost" IDENTIFIED BY "example_password";
FLUSH PRIVILEGES;
EXIT

    WordPress

    OK, now everything is ready to install WordPress. The process is relatively easy and just involves downloading a compressed file that contains WordPress, uncompressing the file, change form configuration in a file, and completing the installation in a browser.

    cd /srv/http

    sudo wget <https://wordpress.org/latest.tar.gz

    sudo tar xvzf latest.tar.gz

    sudo rm latest.tar.gz

    sudo chown -R http:http /srv/http/wordpress

    cd wordpress

    sudo cp wp-config-sample.php wp-config.php

    sudo nano /srv/http/wordpress/wp-config.php set the database details in the configuration file:

    define( 'DB_NAME', 'wordpress' );
define( 'DB_USER', 'example-user' );
define( 'DB_PASSWORD', 'example-password' );

/* Add any custom values between this line and the "stop editing" line. */

/* to be added if <http://192.168.178.2/wordpress/wp-admin> redirects to <http://localhost/wordpress/wp-login.php?redirect_to=http%3A%2F%2F192.168.178.2%2Fwordpress%2Fwp-admin%2F&reauth=1> */
if (isset($_SERVER['HTTP_HOST'])) {
    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https://' : 'http://';
    define('WP_HOME', $protocol . $_SERVER['HTTP_HOST']);
    define('WP_SITEURL', $protocol . $_SERVER['HTTP_HOST']);
}

    Go to http://localhost/wordpress to finish the installation.

    http://localhost/wordpress/wp-admin admin page

  • How to install Arch Linux – and give a new life to your computer

    How to install Arch Linux – and give a new life to your computer

    Installing Arch Linux can seem like a daunting task, but it is definitely worth the effort.

    For the curious willing to learn, it is a great opportunity to have a peak into the inner workings of an operating system such as Linux, and get a grasp on how to tweak it to one’s personal taste.

    However, if you “simply” try to follow the official installation guide, you will probably feel overwhelmed by the unknown acronyms, technical jargon and endless links through the documentation. Well, this is how I felt when I installed it for the first time.

    This is because, as stated in the Frequently asked questions:

    If you are a beginner and want to use Arch, you must be willing to invest time into learning a new system, and accept that Arch is designed as a ‘do-it-yourself’ distribution; it is the user who assembles the system.

    Fine by me, I am willing to learn, but I wish I had a guide that explained in simple terms each term and acronym. This would immensely help the installation process while contributing to the understanding of each command.

    In this page I provide a step-by-step guide for beginners. I only assume very little prior knowledge from my readers, and I assume that you have downloaded an installation image, installed the image on a flash drive, then booted your system from the flash drive.

    The first thing you see is a simple console. This is where you start installing Arch Linux on your system. The first steps involve connecting to the internet, partitioning the disk, and installing essential packages.

    This is where it all starts…

    Console keyboard layout

    The only thing you can do, until you install a graphical environment, is to type. Easy, just start typing the commands I provide below and…

    Wait, my keyboard doesn’t have that layout!

    Oh sure, you have to configure your keyboard layout to match your actual physical keyboard. Not all the keyboards are made for English US.

    Yes, but when I type the letter a, I see the letter q on the screen! How am I supposed to find the correct letters to enter the commands below?

    Hum… For those first 2 commands, you will just have to try out the keys until you write the proper commands… But once this is done, your keyboard layout will be properly configured!

    localectl list-keymaps list available layouts

    loadkeys be-latin1 set keyboard layout

    Verify boot mode

    When you press the power button, the computer needs instructions to start up. These instructions are stored in a special chip on the motherboard called firmware.

    There are two main types of firmware, called “boot modes”:

    1. UEFI (Unified Extensible Firmware Interface). This is the modern way for computers to boot. UEFI offers advanced features like secure boot, faster startup, and better hardware support.
    2. BIOS (Basic Input/Output System). This is the older way of booting, often called “Legacy mode” or “CSM” (Compatibility Support Module).

    To see which type of firmware your computer has, run the command:

    cat /sys/firmware/efi/fw_platform_size

    This checks the UEFI bitness:

    • if it returns 64, then system is booted in UEFI mode and has a 64-bit x64 UEFI
    • if it returns 32, then system is booted in UEFI mode and has a 32-bit IA32 UEFI; while this is supported, it will limit the boot loader choice to systemd-boot and GRUB
    • if the file does not exist, the system may be booted in BIOS mode

    Internet

    You need to connect to the internet to install packages.

    ip link list network interfaces

    iwctl start interactive prompt for iwd (iNet wireless daemon by Intel):

    • device list list Wi-Fi devices
    • device name show display details of device name
    • device name set-property Powered on turn on device
    • station name scan scan for networks
    • station name get-networks list available networks
    • station name connect SSID connect to network with the name SSID
    • station name show display connection state

    ping archlinux.org verify connection

    timedatectl synchronise system clock

    Partition disks

    Partitioning a disk means dividing a hard drive into separate sections so the computer can organize and manage data more effectively. Each section, called a partition, acts like its own mini-storage space where you can install an operating system, store files, or set up backups.

    fdisk -l identify block devices

    fdisk /dev/sda run fdisk

    • g create a new empty GPT partition table
    • n add a new partition
    • t change a partition type
    • p print the partition table
    • w write table to disk and exit

    Here are some layout examples from the Arch documentation. An example of partitions for a BIOS system could look like:

    • /dev/sda1 size 1M, type BIOS boot
    • /dev/sda2 size 8G, type Linux swap
    • /dev/sda3 size 300G, type Linux root (x86-64)

    Format partitions

    mkfs.ext4 /dev/root_partition create an Ext4 file system on partition

    mkswap /dev/swap_partition initialise swap partition

    Mount file systems

    mount /dev/root_partition /mnt mount root volume to /mnt

    swapon /dev/swap_partition enable swap volume

    Select mirror servers

    nano /etc/pacman.d/mirrorlist list of mirror servers. The higher a mirror is placed in the list, the more priority it is given when downloading a package.

    Install essential packages

    pacstrap -K /mnt base linux linux-firmware

    pacstrap -K /mnt man-db man-pages nano networkmanager sudo optional but recommended packages

    Fstab

    genfstab -U /mnt >> /mnt/etc/fstab generate an fstab file

    Chroot

    arch-chroot /mnt change root into the new system

    Time

    ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime set the time zone

    hwclock --systohc generate /etc/adjtime

    Localization

    nano /etc/locale.gen uncomment needed UTF-8 locales

    locale-gen generate the locales

    echo LANG=en_US.UTF-8 > /etc/locale.conf create locale.conf file

    export LANG=en_US.UTF-8 set the LANG variable

    echo KEYMAP=be-latin1 > /etc/vconsole.conf make the console keyboard layout persistent

    Network configuration

    nano /etc/hostname create the hostname file: yourhostname

    Root password

    passwd set the root password

    Boot loader

    For GRUB to boot from a GPT-partitioned disk on a BIOS-based system, a BIOS boot partition is required.

    BIOS systems

    pacman -S grub install GRUB 2 package

    grub-install --target=i386-pc /dev/sda install GRUB

    grub-mkconfig -o /boot/grub/grub.cfg generate the main configuration file

    Reboot

    exit exit the chroot environment

    umount -R /mnt unmount all the partitions (optional)

    reboot

    Login into the new system with the root account.

    GRUB

    nano /etc/default/grub

    • GRUB_TIMEOUT=0 time to wait in seconds for a user selection before default is booted
    • GRUB_CMDLINE_LINUX_DEFAULT="loglevel=*6*" all kernel messages with a loglevel smaller than the console loglevel will be printed to the console
    0 (KERN_EMERG)          system is unusable
1 (KERN_ALERT)          action must be taken immediately
2 (KERN_CRIT)           critical conditions
3 (KERN_ERR)            error conditions
4 (KERN_WARNING)        warning conditions
5 (KERN_NOTICE)         normal but significant condition
6 (KERN_INFO)           informational
7 (KERN_DEBUG)          debug-level messages

    grub-mkconfig -o /boot/grub/grub.cfg regenerate the main configuration file

    Internet

    systemd-networkd is a system daemon that manages network configurations. It detects and configures network devices as they appear; it can also create virtual network devices.

    The systemd package is part of the default Arch installation and contains all needed files to operate a wired network. Wireless adapters can be set up by services such as wpa_supplicant or iwd.

    systemctl enable systemd-networkd

    systemctl start systemd-networkd

    systemctl enable systemd-resolved

    systemctl start systemd-resolved

    ip link list network interfaces

    nano /etc/systemd/network/20-wired.network:

    [Match]
Name=my_wired_interface
[Network]
DHCP=yes
[DHCPv4]
RouteMetric=100
[IPv6AcceptRA]
RouteMetric=100

    nano /etc/systemd/network/25-wireless.network:

    [Match]
Name=my_wireless_interface
[Network]
DHCP=yes
[DHCPv4]
RouteMetric=600
[IPv6AcceptRA]
RouteMetric=600

    systemctl restart systemd-networkd

    systemctl restart systemd-resolved

    ip addr show IP addresses

    Wi-Fi

    systemctl start NetworkManager.service

    systemctl enable NetworkManager.service

    nmcli device wifi list list nearby Wi-Fi networks

    nmcli device wifi connect SSID_or_BSSID password password connect to a Wi-Fi network

    Microcode

    grep microcode /proc/cpuinfo show current microcode (e.g. microcode: 0x2)

    pacman -S intel-ucode iucode-tool

    modprobe cpuid load the cpuid kernel module

    iucode_tool -lS /usr/lib/firmware/intel-ucode/ search update for your cpuid. If an update is available, it should show up below selected microcodes.

    grep microcode /proc/cpuinfo show current microcode (e.g. microcode: 0x7)

    journalctl -k --grep='microcode:' check kernel messages to see if the microcode has been updated

    Users

    useradd -m -G wheel user add new user and add it to the administration group wheel

    • G, --groups group comma separated list of supplementary groups which the user is also a member of
    • m, --create-home create user’s home directory

    EDITOR=nano visudo to allow members of group wheel sudo access, uncomment this line: %wheel ALL=(ALL:ALL) ALL

    Display driver

    lspci -v | grep -A1 -e VGA -e 3D identify the graphics card (the Subsystem: output shows the specific model)

    Intel graphics

    pacman -S mesa

    Desktop environment

    sudo pacman -S gnome includes the display manager GDM (GNOME display manager)

    sudo systemctl enable gdm

    To enable automatic login with GDM, add the following to /etc/gdm/custom.conf:

    # Enable automatic login for user
[daemon]
AutomaticLogin=user
AutomaticLoginEnable=True

    sudo pacman -S seahorse GNOME application for managing PGP keys

    • To use automatic unlocking with automatic login, set a blank password for the default keyring. Note that the contents of the keyring are stored unencrypted in this case.
      • Open searhorse (GUI application called Passwords and Keys)
      • In the left panel, right-click LoginChange Password

    Post-installation

    AUR

    sudo pacman -S base-devel git

    sudo nano /etc/makepkg.conf

    • MAKEFLAGS="--jobs=$(nproc)" specify the number of jobs to run simultaneously on a multi-core/multi-processor system

    mkdir ~/.builds create build directory

    Install packages

    sudo pacman -S noto-fonts noto-fonts-cjk noto-fonts-extra

    Shell

    sudo pacman -S zsh

    chsh -s /usr/bin/zsh change default shell to zsh

    sh -c "$(curl -fsSL <https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh>)" install Oh My Zsh

    nano

    sudo nano /etc/nanorc

    ## === Syntax coloring ===
# Uncomment:
include "/usr/share/nano/*.nanorc"
# Add:
include "/usr/share/nano/extra/*.nanorc"

    mkdir ~/.config/nano && cp /etc/nanorc ~/.config/nano/nanorc (optional – if the user needs another configuration) create a local copy of the configuration file

    Bluetooth

    sudo pacman -S bluez-utils bluez-obex

    sudo modprobe btusb

    sudo systemctl start bluetooth.service

    sudo systemctl enable bluetooth.service

    systemctl status bluetooth.service

    bluetoothctl

    Packages

    Pacman

    Here are some configuration options for pacman and explanations of the most important commands.

    /etc/pacman.conf Pacman’s settings

    • Color enable colors
    • VerbosePkgLists display name, version and size of target packages formatted as a table for upgrade, sync and remove operations

    pacman -R package remove package. NB: Pacman will not remove configurations that the application itself creates (for example dotfiles in the home directory).

    • -n prevent the creation of the .pacsave backup files created when removing certain applications
    • -s remove its dependencies which are not required by any other installed package

    pacman -S

    • package1 package2 install packages, including dependencies
    • -i package display extensive information about package
    • -s string1 string2 search for packages in the database, searching both in packages’ names and descriptions
    • -yu synchronise the repository databases and update the system’s packages, excluding “local” packages that are not in the configured repositories

    pacman -Q

    • -dt list all packages no longer required as dependencies (orphans)
    • -e list packages explicitly installed
    • -i package display extensive information about a locally installed package
    • -m list installed packages not found in sync db(s)
    • -s string1 string2 search for already installed packages

    pactree package show dependency tree of package

    • -r dependant tree

    paccache -r delete all cached versions of installed and uninstalled packages, except for the most recent 3. This is useful to run regularly, in order to free up disk space by removing old, unnecessary package files while keeping the latest 3 versions in case you need to reinstall or roll back.

    Arch User Repository (AUR)

    Install a package

    • cd ~/.builds
    • git clone https://aur.archlinux.org/*package*.git acquire build files
    • cd package/ and verify that the PKGBUILD and accompanying files are not malicious or untrustworthy
    • acquire a PGP public key if needed
    • makepkg -sirc make package
      • -s, --syncdeps install dependencies with pacman before building
      • -i, --install install the package if it is built successfully
      • -r, --rmdeps remove build-time dependencies after the build, as they are no longer needed. However, these dependencies may need to be reinstalled the next time the package is updated.
      • -c, --clean clean up temporary build files after the build, as they are no longer needed. These files are usually needed only when debugging the build process.
    • git clean -dfx delete all files not tracked by git, thus deleting all previously built package files

    AUR helper Yay (Yet Another Yogurt)

    yay -Syu or yay update all packages

    • --aur update only AUR packages

    makepkg

    makepkg is a script to automate the building of packages. The system configuration is available in /etc/makepkg.conf.

    To disable options, add a ! character directly in front of them in the OPTIONS=() array.

    • To configure makepkg to avoid generating debug packages, disable debug:
    OPTIONS=(... !debug ...)