====== Compile and install KeexyBox + Packaging it ====== :!: DEBIAN 12 :!: IN PROGRESS... ===== Manual installation ===== ==== Requirement ==== The manual installation have to be done on RaspiOS or Debian. ==== Create environment ==== Create KeexyBox project folder: mkdir -p /opt/keexybox/logs Create keexybox system user: useradd -d /opt/keexybox/ -s /bin/bash keexybox ==== Install prerequisite packages ==== Update APT: apt-get update Install dev tools: apt-get install gcc make git MariaDB : apt-get install mariadb-server mariadb-client default-libmysqlclient-dev HTTP server: apt-get install apache2 libapache2-mod-php System tools: apt-get install sudo ntp acl arp-scan PHP: apt-get install php php-gettext php-tcpdf php-gd php-intl php-json php-mcrypt php-mysql php-readline php-sqlite3 Perl: apt-get install libproc-daemon-perl libfile-pid-perl Python: apt-get install python-pip python-dev python-mysqldb libssl-dev :!: Fix a bug MariaDB with python sed '/st_mysql_options options;/a unsigned int reconnect;' /usr/include/mysql/mysql.h -i.bkp Installation of Python modules: pip install mysql MySQL-python mysql-connector wget ==== KeexyApp ==== KeexyApp is the core of KeexyBox that also provide the Web Interface. Go to KeexyBox home directory: cd /opt/keexybox/ Clone **keexybox/keexyapp** from GitHub: git clone https://github.com/keexybox/keexyapp Create missing directories: mkdir /opt/keexybox/keexyapp/logs ==== ISC Bind ==== Bind is a DNS server used by KeexyBox. === Compile and install === Install required packages: apt-get install libmariadb-dev-compat libmariadb-dev libssl-dev pkg-config libuv1-dev libcap-dev python3-ply Check the lastest stable version of bind: https://www.isc.org/downloads/ Download and extract source code of Bind: cd /usr/src/ wget https://downloads.isc.org/isc/bind9/9.18.25/bind-9.18.25.tar.xz tar xJf bind-9.18.25.tar.xz Compile Bind: cd bind-9.18.25/ ./configure --prefix=/opt/keexybox/bind --with-dlz-mysql --enable-threads=no --disable-doh make make install :!: The option ''--enable-threads=no'' is added because the MySQL drivers cannot work with several threads. For more details, see: http://bind-dlz.sourceforge.net/mysql_driver.html ==== TEMP EDIT ==== === Configuration === Create redirectories required for Bind: mkdir -p /opt/keexybox/bind/var/log/ Generate ''rndc.key'': /opt/keexybox/bind/sbin/rndc-confgen -a Go to Bind configuration directory: cd /opt/keexybox/bind/etc/ Download ''db.root'' file: wget -O db.root ftp://ftp.internic.net/domain/named.cache Create and edit file ''db.0'': ; ; BIND reverse data file for broadcast zone ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. Create and edit file ''db.127'': ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 1.0.0 IN PTR localhost. Create and edit file ''db.255'': ; ; BIND reverse data file for broadcast zone ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. Create and edit file ''db.local'': ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1 @ IN AAAA ::1 Create and edit file ''named.conf.default-zones'': // prime the server with knowledge of the root servers zone "." { type hint; file "/opt/keexybox/bind/etc/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/opt/keexybox/bind/etc/db.local"; }; zone "127.in-addr.arpa" { type master; file "/opt/keexybox/bind/etc/db.127"; }; zone "0.in-addr.arpa" { type master; file "/opt/keexybox/bind/etc/db.0"; }; zone "255.in-addr.arpa" { type master; file "/opt/keexybox/bind/etc/db.255"; }; ==== ISC DHCPd ==== It is a DHCP server used by KeexyBox. === Compile and install === Check the lastest stable version of dhcpd: https://www.isc.org/downloads/ Download and extract source code of DHCPd: cd /usr/src/ wget https://downloads.isc.org/isc/dhcp/4.4.2/dhcp-4.4.2.tar.gz tar xzf dhcp-4.4.2.tar.gz Compile DHCPd: cd dhcp-4.4.2 ./configure --prefix=/opt/keexybox/dhcpd make make install Create file: touch /opt/keexybox/dhcpd/etc/dhcpd.leases ==== Tor ==== Tor is the software to anonymize your Internet connection. === Compile and install === Install required packages: apt-get install libevent-dev Check the lastest stable version of tor: https://dist.torproject.org/ Download and extract source code of Tor: cd /usr/src/ wget https://dist.torproject.org/tor-0.4.5.7.tar.gz tar xzf tor-0.4.5.7.tar.gz Compile Tor: cd tor-0.4.5.7/ ./configure --prefix=/opt/keexybox/tor make make install === Configuration === Create a missing directory: mkdir -p /opt/keexybox/tor/var/run ==== Hostapd ==== It is the Wifi Access Point software used by KeexyBox. === Install required packages === apt-get install libnl-3-dev libnl-genl-3-dev libssl-dev pkg-config === Compile and install === Check the lastest stable version of hostapd: http://w1.fi/hostapd/ Download and extract source code of Hostapd: cd /usr/src/ wget http://w1.fi/releases/hostapd-2.9.tar.gz tar xzf hostapd-2.9.tar.gz Prepare config file for compilation: cd hostapd-2.9/hostapd/ cp defconfig .config Edit ''.config'' and uncomment : CONFIG_ACS=y Compile Hostapd: make mkdir /opt/keexybox/hostapd make install DESTDIR=/opt/keexybox/hostapd Create config directory: mkdir /opt/keexybox/hostapd/etc ===== Create KeexyBox installation package ===== We explain here how to create KeexyBox archive for KeexyBox installation scripts. Clone **KeexyBox/installer** from GitHub: cd ~ git clone https://github.com/keexybox/installer mv installer keexybox-x.x.x Create archives of extra softwares (that have been compiled and install above): cd /opt/keexybox/ tar czf ~/keexybox-x.x.x/install_pkg/keexybox-bind.tar.gz bind tar czf ~/keexybox-x.x.x/install_pkg/keexybox-tor.tar.gz tor tar czf ~/keexybox-x.x.x/install_pkg/keexybox-dhcpd.tar.gz dhcpd tar czf ~/keexybox-x.x.x/install_pkg/keexybox-hostapd.tar.gz hostapd And then create archive for KeexyBox Application: tar czf ~/keexybox-x.x.x/install_pkg/keexybox-keexyapp.tar.gz \ --exclude keexyapp/.git \ --exclude keexyapp/tmp \ --exclude keexyapp/logs \ --exclude keexyapp/config/app.php \ --exclude keexyapp/src/Shell/scripts/config.py keexyapp Create final archive: tar czf ~/keexybox-x.x.x.tar.gz --exclude keexybox-x.x.x/.git keexybox-x.x.x ===== Configure KeexyApp ===== We explain here how to configure KeexyBox manually to get it work. ==== Initialize KeexyBox's Databases ==== Run MySQL client: mysql -u root -p In MySQL: CREATE DATABASE keexybox; GRANT ALL PRIVILEGES on keexybox.* to "keexybox"@'localhost' IDENTIFIED BY 'MyPassword'; CREATE DATABASE keexybox_blacklist; GRANT ALL PRIVILEGES on keexybox_blacklist.* to "keexybox"@'localhost' IDENTIFIED BY 'MyPassword'; CREATE DATABASE keexybox_logs; GRANT ALL PRIVILEGES on keexybox_logs.* to "keexybox"@'localhost' IDENTIFIED BY 'MyPassword'; :!: You have to replace ''MyPassword'' by you own database password. Import Schema and Keexybox DB config: mysql -u root -p keexybox < /opt/keexybox/keexyapp/config/schema/keexybox.sql mysql -u root -p keexybox_blacklist < /opt/keexybox/keexyapp/config/schema/keexybox_blacklist.sql mysql -u root -p keexybox_logs < /opt/keexybox/keexyapp/config/schema/keexybox_logs.sql mysql -u root -p keexybox < /opt/keexybox/keexyapp/config/schema/keexybox.config.sql ==== Setup KeexyApp DB config ==== Copy config template file with replacement: sed "s/CHANGE_DATABASE_KEEXYBOX_HOST/127.0.0.1/g" /opt/keexybox/keexyapp/config/app.template.php | sed "s/CHANGE_DATABASE_KEEXYBOX_USER/keexybox/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_PASSWORD/MyPassword/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_DATABASE/keexybox/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_BLACKLIST_HOST/127.0.0.1/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_BLACKLIST_USER/keexybox/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_BLACKLIST_PASSWORD/MyPassword/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_BLACKLIST_DATABASE/keexybox_blacklist/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_LOGS_HOST/127.0.0.1/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_LOGS_USER/keexybox/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_LOGS_PASSWORD/MyPassword/g" | sed "s/CHANGE_DATABASE_KEEXYBOX_LOGS_DATABASE/keexybox_logs/g" > /opt/keexybox/keexyapp/config/app.php :!: You have to replace ''MyPassword'' by you own database password. ==== Reset admin password and create default profile ==== Create ''admin'' account with password ''MyPassword'': /opt/keexybox/keexyapp/bin/cake users UpdateAdminPassword MyPassword Create default connection profile: /opt/keexybox/keexyapp/bin/cake profiles ResetDefaultProfile ==== Configure Apache HTTP server ==== Generate certificate: mkdir /opt/keexybox/ssl /opt/keexybox/keexyapp/bin/cake config certificate generate Generate Apache configuration files: /opt/keexybox/keexyapp/bin/cake config apache all Enable modules on apache: cd /etc/apache2/mods-enabled/ ln -s ../mods-available/rewrite.load ln -s ../mods-available/ssl.load Start apache: /etc/init.d/apache2 restart ==== Set permissions and misc actions ==== Create logrotate configuration: /opt/keexybox/keexyapp/bin/cake config logrotate all Set sudoers: /opt/keexybox/keexyapp/bin/cake config sudoers all /etc/init.d/sudo restart Set permissions for KeexyBox: /opt/keexybox/keexyapp/src/Shell/scripts/pre-startup-keexybox.sh KeexyBox startup script: cd /etc/init.d/ ln -s /opt/keexybox/keexyapp/src/Shell/scripts/init_keexybox keexybox If you want to start KeexyBox on startup: update-rc.d keexybox defaults ==== Configuration from WebUI ==== Access the KeexyBox's Web interface by the current IP address of your Raspberry. For example: http://192.168.1.254:8001 Configure Network and DHCP: * Configure the Network: [[system_settings_network|KeexyBox - Network settings]] * Configure the DHCP: [[system_settings_dhcp|KeexyBox - DHCP settings]] Go to ''Advanced config'' page. Example: http://192.168.1.254:8001/config/advanced In the section ''Generate configuration files'', Generate each of configuration files: * apache * bind * dhcpd * hostapd * ntp * scripts * tor