$59 Web Server With Amazon Class Performance & Security

DRCURZON did an awesome job describing how to build a complete Raspberry Pi Web Server to run on your home network. This will take you far beyond that to a pi hosted site with world-class performance for a worldwide audience. These instructions use a high performance web server called Nginx, then we front end it with a FREE Content Delivery Network (CDN) provider who mirrors your content to deliver awesome global performance (nearly 30 data centers today & growing) while also providing world-class security & Distributed Denial of Service (DDoS) protection. This ensures that your Pi's content can be seen by thousands of people, all at the same time, without any of them ever actually touching your home server. This will give your site blazing performance & security, all while running on your little $59 Raspberry Pi. Also since we're using Nginx we'll show how to easily host several websites on the same Pi & configure the CDN to support this.

I chose to order my parts from an electronics warehouse, Element14. I've ordered several Pis over the past year & numerous other toys to plug into it so if you want to join this community, this is the way to go. Once on their emailing list you get a real feel for new projects.

Note since I bought my last Pi earlier this year they've introduced the model B+ which has a few minor enhancements as outlined above so let's order that, click on the links below to buy the parts:

• Raspberry Pi B+ for $35
• 8GB SD Memory card with OS pre-installed for $9.85
• Micro USB Power supply for $7.95
• Transparent Case (so you can keep an eye on your pi) for $6.25

I'm going to assume you have a network cable, USB keyboard & a display with an HDMI cable.

There are kits that come with all the above parts, and some are even are pre-assembled, but that takes all the fun out of it.

*Note the SD card referenced above comes with a pre-installed version of Linux for the Pi if you would like to take the easy route this would be it. One reviewer commented that this release is a bit behind. You could save a buck or two perhaps using another SD card, or you might also want a bigger one, this is for you to decide. I would opt for picking up a bigger SD card from some high volume site like Amazon, perhaps this 16GB one for $9.36, although they have a nice 64GB for $30, but that will blow our budget.

Your assemblage of parts will look a bit different than what's above but this is pretty simple lego class stuff.

• Install the board in the case & snap the case together.
• Plug in the SD card.
• Plug in the network cable.
• Plug in your USB keyboard.
• Plug in your display with your existing HDMI cable, and turn it on.
• Plug in the MicroUSB power supply and it should power up & begin loading Linux.

At this point you can jump ahead to step 4 as the next step will tell you how to install the OS on the SD card. If you want the latest version of Debian, or another Linux distribution, then you should check out the next step.

I used OS X on a Mac to install the Debian distribution of Linux on the SD cards for my Pis. This is what I do, for everyone else who doesn't use a Mac I would suggest visiting this link to see other options.

• Visit: http://www.raspberrypi.org/downloads to select and download your image. I'm a fan of Raspian, Debian Wheezy as it is the most popular.
• Start downloading the image to your desktop, this may take a while so it makes for a good background task.
• While downloading, insert the SD card into your Mac & it should mount automatically.
• Clicl on your Applications, Utilities folder and use "Disk Utility" to:
  • Clean your SD card, remove all current partitions.
  • Create a new partition (FAT32) the whole size of the card.
  • Prior to unmounting the partition, click on the partition then click on info & note the "Disk Identifier",
    ex. diskXsY, we want the X number. This is shown in the graphic above.
  • Unmount the partition.
  • Exit Disk Utility
• Right click on the disk image file you just downloaded to your desktop & unzip it to an image file "*.img"
• Open a terminal session, then use "cd Desktop" to change your location.
• Then use: "sudo dd if=wheezy.img of=/dev/diskX bs=1m" where X is the disk number above, and wheezy.img is actually the fully qualified name of the disk image you just unzipped.
• This will take a long time, 20 minutes plus, but you can hit Ctl-T to check progress.
• When "dd" finishes successfully remove the SD card from your Mac and install it in your Pi.

These are the OS configuration steps I would suggest prior to installing the Nginx web server. Note they align with the prior OS install, not the NOOB one that would come on a pre-installed SD card, but frankly most of them should apply anyway.

• After your Pi is done booting up follow the on screen menus to grow the install image to consume the whole SD card.
• Set the time zone, etc... then exit & reboot.
• Use your favorite Linux editor, I'm old school so I use vi, to configure the wired ethernet port for a STATIC network address. You don't want to run your web server from a Wifi port, or one that use dynamic addressing. A wired port will provided the best performance, and a fixed static address will ensure things don't change. These are the lines I added/modified on my Pi in the "/etc/network/interfaces" file shown above, your setting may be different:
  • iface eth0 inet static
  • address 10.0.0.199
  • netmask 255.255.255.0
  • gateway 10.0.0.1
  • If you don't know what to use then from a command line on another system on your home network, perhaps the one you used to create the SD card image, type "netstat -r". One line should start with "default", use the value on that line under gateway for your gateway above. For a static address pick something like X.Y.Z.199 where X,Y & Z match the network values from the gateway. Before you set this from your home system type "ping X.Y.Z.199" to see if this address is in use, and perhaps even log into your home router and look at it's DHCP table to see what ranges between 1-254 are not in use.
• Change the default password for the "pi" userid using "passwd"
• Change the root password by using "sudo su" to enter root mode then "passwd" to change the root password.
• While root add a userid for Nginx to use "useradd -u 1001 -d /usr/share/nginx www-nginx" I needed this to align with a prior install so I explicitly set the UID number, you could drop off the "-u 1001" part if you like.
• Add a group for nginx, you don't have to do this, but I like to be thorough using "groupadd -g 33 www-data" again I needed this to align with a prior install, you could omit "-g 33".

This is very basic setup stuff. Of course you could do hundreds of other things to customize your system, but that's for another instructable.

Now we'll install the Nginx web server, load in some content, and fire it up.

• To install nginx use "sudo apt-get install nginx"
• Nginx may be started so I'd suggest stopping it while we finish setting things up, to do this use "nginx -s quit"
• Change directory & edit the config file "cd /etc/nginx" then use your favorite editor to change the first line of nginx.conf to use your new userid "www-nginx".
• Move any existing content directories you may have that you would like to host into
  "/etc/nginx/sites-available" as directories with the exact domain name you plan to host on them, for example
  "mv mysite /etc/nginx/sites-available/mysite.com". You can put many multiple sites here, this is the trick I use for hosting several sites from a single Pi.
• Now to serve that site you have to enable the site by creating a symbolic link from your available site to your enabled site with "cd /etc/nginx/sites-available" and "ls -s mysite.com /etc/nginx/sites-enabled/mysite.com"
• Add config files for each server, like the one shown above, or the one in the attached file to "/etc/nginx/conf.d" directory with a name like "mysite.com.conf" for each. Also note in this configuration file I did short circuit the sites-enabled symbolic step we did above to make things work. This may be due to a stray config file somewhere, I'm looking into this, and will update these instructions in the future.
• For long domain names you might see an error, so it's best to just increase your server names hash bucket size by editing /etc/nginx/nginx.conf and uncommenting, by removing the "#" sign, line "server_names_hash_bucket_size 64;"
• Start Nginx with "nginx" or if it is already running reload it with "nginx -s reload"
• Just to be a bit more thorough I added a line to my "/etc/hosts" file for each hosted domain that points to my local address with the following structure "10.0.0.199 www.mysite.com mysite.com"

Now you should be hosting your new content.

If you grab the browser on your desktop system and go to say http://10.0.0.199 (or whatever address you selected on the prior step) you should see a default page proclaiming that Nginx is running, congratulations!

Note your specific content won't appear till you're coming directly to "mysite.com".

Now for the exciting stuff, exposing your new web server to the world!

Ok, so your Nginx web server is up and running, hopefully with some content you had moved in from elsewhere. Now you need to share it with the world. To do that you need to setup port forwarding on your homes Internet Router. Most routers these days are configured from a web page. You should already know how to do this, but if not you can try opening up a browser on another system in your house and typing "http://X.Y.Z.1" again using the X, Y, & Z values you've been carrying along through the past several steps. This should bring up your router configuration page. Some people may need to use "http://X.Y.Z.254" to get to their config page.

Now there should be an Advanced tab, this is the method Netgear uses, click that & select port forwarding. I've shown my port forwarding screen above. Here you want to create a record that forwards all port 80 traffic to your new Pi so use the address X.Y.Z.199 or whatever you selected. Once saved your router should reboot & anyone hitting your home's network address on purpose, or by accident, on port 80 will reach your Pi.

Now to find out how to reach your Pi from the outside world. Here you want to click on the Internet tab on your router setup and write down your Internet IP address. In my case it's 66.57.1.64. Open another browser window on your computer and type in "http://" and that address and you should see your default Nginx page, not your domain's content page, we'll handle that shortly. This will confirm that your Pi is now available to the world!

Now we're going to give your Pi Amazon class website performance using a Content Delivery Network.

Cloudflare is one of the most well known Content Delivery Networks, and they provide a free service for mirroring your web site's content and they provide a Distributed Denial of Service (DDoS) layer in front of all your website traffic.

You can visit "http://www.cloudflare.com" and click the "Sign Up Now" button for free. It will then take you to the above page that will ask you a few simple questions so they can setup your account. Keep track of the userid & password you created for this account, as you may need them in the future to tune things up.

After you fully complete setting up your first domain you can add additional domains to your free Cloudflare account. Setting up additional other domains will follow nearly the same process you'll experience in the next few steps.

Now the easy part, on the next screen enter your domain "mysite.com" and Cloudflare will take about 40 seconds and learn everything they can about your domain's configuration on with regard to what the Internet knows about it.

Ok, this is the final Cloudflare step, and it's pretty easy. There are two records on this screen that we care about. The first record has an "A" in the first column, and the second has "CNAME" in the first column, and "www" in the data column. Locate both of these records as you need to change them.

Click on the gear in the last column of the "A" record, the click edit record.

Under the value column where it says "points to" type the internet address of your Pi from the prior step that you were asked to write down in step seven, then click save. Make sure you do this for both the "A" record and the "CNAME" record with the "www" value.

Once completed, both of these should have an orange cloud under the active column. When you're all done scroll to the bottom and click the "I'm done entering DNS records" button and Cloudflare will provide you with two name server records you should also write down. They will typically be a person's first name, in my case it was "toby.ns.cloudflare.com" write these name server names down for the last & final step.

This is it the last & final step.

Go to the registration service for your domain, I use Godaddy, and point the name servers Cloudflare provided to your domain. To do this follow these steps:

• First log into your account.
• Select domains.
• click launch all the way in the right most column of the domain you want to forward to Cloudflare "mysite.com" for example.
• Locate the Name Servers section about half way down the page and click "Manage".
• Now click the radio button as shown above that says custom.
• Now click "Add Name Server" and add each of the two Cloudflare name servers provided in the prior step,
  ex. "toby.ns.cloudflare.com"
• Click the save button.
• And wait, and wait, ...

It will take some time for the name server changes to drip through the Internet. I found that Godaddy is actually pretty fast, on the weekends often in minutes, while Network Solutions is often much longer (I have domains on both).

In a few minutes you should be able to visit "http://www.mysite.com" and see your new website with world-class performance hosted on your Raspberry Pi.