User Tools

Site Tools


manual_installation_debian12

Compile and install KeexyBox + Packaging it

:!: DEBIAN 12 :!: IN PROGRESS…

Manual installation

Requirement

The manual installation have to be done on RaspiOS or Debian.

Create environment

Create KeexyBox project folder:

mkdir -p /opt/keexybox/logs

Create keexybox system user:

useradd -d /opt/keexybox/ -s /bin/bash keexybox

Install prerequisite packages

Update APT:

apt-get update

Install dev tools:

apt-get install gcc make git

MariaDB :

apt-get install mariadb-server mariadb-client default-libmysqlclient-dev

HTTP server:

apt-get install apache2 libapache2-mod-php

System tools:

apt-get install sudo ntp acl arp-scan

PHP:

apt-get install php php-gettext php-tcpdf php-gd php-intl php-json php-mcrypt php-mysql php-readline php-sqlite3

Perl:

apt-get install libproc-daemon-perl libfile-pid-perl

Python:

apt-get install python-pip python-dev python-mysqldb libssl-dev

:!: Fix a bug MariaDB with python

sed '/st_mysql_options options;/a unsigned int reconnect;' /usr/include/mysql/mysql.h -i.bkp

Installation of Python modules:

pip install mysql MySQL-python mysql-connector wget

KeexyApp

KeexyApp is the core of KeexyBox that also provide the Web Interface.

Go to KeexyBox home directory:

cd /opt/keexybox/

Clone keexybox/keexyapp from GitHub:

git clone https://github.com/keexybox/keexyapp

Create missing directories:

mkdir /opt/keexybox/keexyapp/logs

ISC Bind

Bind is a DNS server used by KeexyBox.

Compile and install

Install required packages:

apt-get install libmariadb-dev-compat libmariadb-dev libssl-dev pkg-config libuv1-dev libcap-dev python3-ply

Check the lastest stable version of bind: https://www.isc.org/downloads/

Download and extract source code of Bind:

cd /usr/src/
wget https://downloads.isc.org/isc/bind9/9.18.25/bind-9.18.25.tar.xz
tar xJf bind-9.18.25.tar.xz

Compile Bind:

cd bind-9.18.25/
./configure --prefix=/opt/keexybox/bind --with-dlz-mysql --enable-threads=no --disable-doh
make
make install

:!: The option –enable-threads=no is added because the MySQL drivers cannot work with several threads. For more details, see: http://bind-dlz.sourceforge.net/mysql_driver.html

TEMP EDIT

Configuration

Create redirectories required for Bind:

mkdir -p /opt/keexybox/bind/var/log/

Generate rndc.key:

/opt/keexybox/bind/sbin/rndc-confgen -a

Go to Bind configuration directory:

cd /opt/keexybox/bind/etc/

Download db.root file:

wget -O db.root ftp://ftp.internic.net/domain/named.cache

Create and edit file db.0:

;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.

Create and edit file db.127:

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
1.0.0   IN      PTR     localhost.

Create and edit file db.255:

;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.

Create and edit file db.local:

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1

Create and edit file named.conf.default-zones:

// prime the server with knowledge of the root servers
zone "." {
      type hint;
      file "/opt/keexybox/bind/etc/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
      type master;
      file "/opt/keexybox/bind/etc/db.local";
};

zone "127.in-addr.arpa" {
      type master;
      file "/opt/keexybox/bind/etc/db.127";
};

zone "0.in-addr.arpa" {
      type master;
      file "/opt/keexybox/bind/etc/db.0";
};

zone "255.in-addr.arpa" {
      type master;
      file "/opt/keexybox/bind/etc/db.255";
};

ISC DHCPd

It is a DHCP server used by KeexyBox.

Compile and install

Check the lastest stable version of dhcpd: https://www.isc.org/downloads/

Download and extract source code of DHCPd:

cd /usr/src/
wget https://downloads.isc.org/isc/dhcp/4.4.2/dhcp-4.4.2.tar.gz
tar xzf dhcp-4.4.2.tar.gz

Compile DHCPd:

cd dhcp-4.4.2
./configure --prefix=/opt/keexybox/dhcpd
make
make install

Create file:

touch /opt/keexybox/dhcpd/etc/dhcpd.leases

Tor

Tor is the software to anonymize your Internet connection.

Compile and install

Install required packages:

apt-get install libevent-dev

Check the lastest stable version of tor: https://dist.torproject.org/

Download and extract source code of Tor:

cd /usr/src/
wget https://dist.torproject.org/tor-0.4.5.7.tar.gz
tar xzf tor-0.4.5.7.tar.gz

Compile Tor:

cd tor-0.4.5.7/
./configure --prefix=/opt/keexybox/tor
make
make install

Configuration

Create a missing directory:

mkdir -p /opt/keexybox/tor/var/run

Hostapd

It is the Wifi Access Point software used by KeexyBox.

Install required packages

apt-get install libnl-3-dev libnl-genl-3-dev libssl-dev pkg-config

Compile and install

Check the lastest stable version of hostapd: http://w1.fi/hostapd/

Download and extract source code of Hostapd:

cd /usr/src/
wget http://w1.fi/releases/hostapd-2.9.tar.gz
tar xzf hostapd-2.9.tar.gz

Prepare config file for compilation:

cd hostapd-2.9/hostapd/
cp defconfig .config

Edit .config and uncomment :

CONFIG_ACS=y

Compile Hostapd:

make
mkdir /opt/keexybox/hostapd
make install DESTDIR=/opt/keexybox/hostapd

Create config directory:

mkdir /opt/keexybox/hostapd/etc

Create KeexyBox installation package

We explain here how to create KeexyBox archive for KeexyBox installation scripts.

Clone KeexyBox/installer from GitHub:

cd ~
git clone https://github.com/keexybox/installer
mv installer keexybox-x.x.x

Create archives of extra softwares (that have been compiled and install above):

cd /opt/keexybox/
tar czf ~/keexybox-x.x.x/install_pkg/keexybox-bind.tar.gz bind
tar czf ~/keexybox-x.x.x/install_pkg/keexybox-tor.tar.gz tor
tar czf ~/keexybox-x.x.x/install_pkg/keexybox-dhcpd.tar.gz dhcpd
tar czf ~/keexybox-x.x.x/install_pkg/keexybox-hostapd.tar.gz hostapd

And then create archive for KeexyBox Application:

tar czf ~/keexybox-x.x.x/install_pkg/keexybox-keexyapp.tar.gz \
--exclude keexyapp/.git \
--exclude keexyapp/tmp \
--exclude keexyapp/logs \
--exclude keexyapp/config/app.php \
--exclude keexyapp/src/Shell/scripts/config.py keexyapp

Create final archive:

tar czf ~/keexybox-x.x.x.tar.gz --exclude keexybox-x.x.x/.git keexybox-x.x.x

Configure KeexyApp

We explain here how to configure KeexyBox manually to get it work.

Initialize KeexyBox's Databases

Run MySQL client:

mysql -u root -p

In MySQL:

CREATE DATABASE keexybox;
GRANT ALL PRIVILEGES on keexybox.* to "keexybox"@'localhost' IDENTIFIED BY 'MyPassword';
CREATE DATABASE keexybox_blacklist;
GRANT ALL PRIVILEGES on keexybox_blacklist.* to "keexybox"@'localhost' IDENTIFIED BY 'MyPassword';
CREATE DATABASE keexybox_logs;
GRANT ALL PRIVILEGES on keexybox_logs.* to "keexybox"@'localhost' IDENTIFIED BY 'MyPassword';

:!: You have to replace MyPassword by you own database password.

Import Schema and Keexybox DB config:

mysql -u root -p keexybox < /opt/keexybox/keexyapp/config/schema/keexybox.sql
mysql -u root -p keexybox_blacklist < /opt/keexybox/keexyapp/config/schema/keexybox_blacklist.sql
mysql -u root -p keexybox_logs < /opt/keexybox/keexyapp/config/schema/keexybox_logs.sql
mysql -u root -p keexybox < /opt/keexybox/keexyapp/config/schema/keexybox.config.sql

Setup KeexyApp DB config

Copy config template file with replacement:

sed "s/CHANGE_DATABASE_KEEXYBOX_HOST/127.0.0.1/g" /opt/keexybox/keexyapp/config/app.template.php |
sed "s/CHANGE_DATABASE_KEEXYBOX_USER/keexybox/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_PASSWORD/MyPassword/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_DATABASE/keexybox/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_BLACKLIST_HOST/127.0.0.1/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_BLACKLIST_USER/keexybox/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_BLACKLIST_PASSWORD/MyPassword/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_BLACKLIST_DATABASE/keexybox_blacklist/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_LOGS_HOST/127.0.0.1/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_LOGS_USER/keexybox/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_LOGS_PASSWORD/MyPassword/g" |
sed "s/CHANGE_DATABASE_KEEXYBOX_LOGS_DATABASE/keexybox_logs/g" > /opt/keexybox/keexyapp/config/app.php

:!: You have to replace MyPassword by you own database password.

Reset admin password and create default profile

Create admin account with password MyPassword:

/opt/keexybox/keexyapp/bin/cake users UpdateAdminPassword MyPassword

Create default connection profile:

/opt/keexybox/keexyapp/bin/cake profiles ResetDefaultProfile

Configure Apache HTTP server

Generate certificate:

mkdir /opt/keexybox/ssl
/opt/keexybox/keexyapp/bin/cake config certificate generate

Generate Apache configuration files:

/opt/keexybox/keexyapp/bin/cake config apache all

Enable modules on apache:

cd /etc/apache2/mods-enabled/
ln -s ../mods-available/rewrite.load
ln -s ../mods-available/ssl.load

Start apache:

/etc/init.d/apache2 restart

Set permissions and misc actions

Create logrotate configuration:

/opt/keexybox/keexyapp/bin/cake config logrotate all

Set sudoers:

/opt/keexybox/keexyapp/bin/cake config sudoers all
/etc/init.d/sudo restart

Set permissions for KeexyBox:

/opt/keexybox/keexyapp/src/Shell/scripts/pre-startup-keexybox.sh

KeexyBox startup script:

cd /etc/init.d/
ln -s /opt/keexybox/keexyapp/src/Shell/scripts/init_keexybox keexybox

If you want to start KeexyBox on startup:

update-rc.d keexybox defaults

Configuration from WebUI

Access the KeexyBox's Web interface by the current IP address of your Raspberry. For example:

http://192.168.1.254:8001

Configure Network and DHCP:

Go to Advanced config page. Example:

http://192.168.1.254:8001/config/advanced

In the section Generate configuration files, Generate each of configuration files:

  • apache
  • bind
  • dhcpd
  • hostapd
  • ntp
  • scripts
  • tor

About KeexyBox Project:

manual_installation_debian12.txt · Last modified: 2024/04/05 08:49 by benoit