Alpine Linux - User contributions [en]

Eudev

2024-01-19T03:45:45Z

Arrogance:

{{DISPLAYTITLE:eudev}}
[https://github.com/eudev-project/eudev eudev] is a [[Device_Manager|device manager]] that provides a drop-in replacement for systemd udev. It is therefore recommended for full blown desktop environments.

== Installation ==

The easy way to setup eudev is through the [[#Setup_Script|setup script]]. For custom installation see the [[#Manually|manually section]]. Note that a manual installation is only recommended for advanced users.

=== Setup Script ===

The {{pkg|alpine-conf}} package provides [https://git.alpinelinux.org/alpine-conf/tree/setup-devd.in setup-devd] to easily install and setup device managers.

Install {{pkg|alpine-conf}} if it is not already installed.
{{cmd|# apk add {{pkg|alpine-conf}}}}
Setup eudev.
{{cmd|# setup-devd udev}}

=== Manually ===

You need to install eudev itself and the udev services.
{{cmd|# apk add {{pkg|eudev}} {{pkg|udev-init-scripts}}}}

If you already have a device manager installed you need to stop it before you start eudev.

Then enable the services.
{{cmd|<nowiki># rc-update add udev sysinit
# rc-update add udev-trigger sysinit
# rc-update add udev-settle sysinit
# rc-update add udev-postmount default
</nowiki>}}

If you are not running in a chroot you will also want to start eudev.
{{cmd|<nowiki># rc-service udev start
# rc-service udev-trigger start
# rc-service udev-settle start
# rc-service udev-postmount start
</nowiki>}}

== Remove ==

{{warning|Disabling eudev without setting up a different device manager may cause unexpected issues. If you install a different device manager with the setup script this step is not needed.}}

If you are not running in a chroot you need to stop the service first.
{{cmd|<nowiki># rc-service udev stop
# rc-service udev-postmount stop
</nowiki>}}

Then disable the services.
{{cmd|<nowiki># rc-update delete udev sysinit
# rc-update delete udev-trigger sysinit
# rc-update delete udev-settle sysinit
# rc-update delete udev-postmount default
</nowiki>}}

You might also want to uninstall the packages since they are not used anymore.
{{cmd|# apk del {{pkg|eudev}} {{pkg|udev-init-scripts}}}}

== See Also ==
* [[:Category:Device_Manager|Device Managers]]
* [https://wiki.gentoo.org/wiki/Eudev Gentoo wiki eudev]
* [https://wiki.archlinux.org/title/Udev Archwiki udev]

[[Category:Device_Manager]]

Requirements

2023-06-19T19:51:19Z

Arrogance: /* Memory */

This page will tell you what requirements you will need to use the Alpine Linux operating system:
__TOC__

== Hardware requirements ==

For installation and usage consider that Alpine can run on several kinds of devices, from the popular PC machine to video game consoles like the 3DS, and as such you must verify the details below:

* CPU architecture
* Memory
* Storage
* Peripherals

=== Architectures ===

CPU architecture is an instruction set design that defines how a processor is used by software. Widely used across desktops and servers are x86 (mostly i386) and x86_64 (also known as amd64). There are other supported computer architectures that are not "x86", like mainframes, servers, and embedded devices (such as routers like Sonicwall and Cisco ones). The table below represents architectures supported by Alpine:

{| class="wikitable"
|-
! Supported architecture !! Available since !! Description
|-
| x86_64 || all || Widely spread AMD64 compatible 64-bit x86 instruction set.
|-
| x86 || all || Another widely used 32-bit instruction set.
|-
| ppc64le || v3.6 || For PowerPC devices with pure little-endian mode, mostly for POWER8 and POWER9
|-
| armhf || v3.0 || A 32-bit ARM instruction set with hard-float point extension.
|-
| armv7 || v3.9 || The 32-bit ARM only execution state of the ARMv7 devices machines.
|-
| aarch64 || v3.5 || The 64-bit ARM only execution state of the ARMv8+ device machines.
|-
| ppc64le || v3.6 || For 64-bit big-endian PowerPC and Power ISA processors like some Mac computers.
|-
| s390x || v3.6 || For IBM mainframes, especially IBM Z and IBM LinuxONE servers.
|}

=== Memory ===
{{Obsolete|Most of these numbers seem to be guessed, if not outright fabricated}}
Below are shown minimum RAM amounts for various installation types and phases:

{| class="wikitable sortable"
|-
! Target Arch !! Minimum RAM to start !! Minimum RAM to install !! Minimum RAM for GUI desktop !! Enough for GUI work
|-
| x86_64 || 512 Megs || 512 Megs || 2 Gigs || 8 Gigs
|-
| x86_32 || 128 Megs || 256 Megs || 1 Gigs || 3 Gigs
|-
| ppc64le || 128 Megs || 256 Megs || 2 Gigs || 8 Gigs
|-
| armhf || 256 Megs || 512 Megs || 1 Gigs || 6 Gigs
|-
| armv7 || 256 Megs || 512 Megs || 1 Gigs || 6 Gigs
|-
| aarch64 || 256 Megs || 512 Megs || 2 Gigs || 8 Gigs
|-
| ppc64le || 256 Megs || 512 Megs || 1 Gigs || 6 Gigs
|-
| s390x || 128 Megs || 256 Megs || 2 Gigs || N/A
|}

=== Storage ===

This means any external or internal storage device that can be added after or before installation to use by the Alpine Linux system.

PATA and SATA hard disk drives are supported, as well as any USB or SD card that can be detected by the Linux during installation.

=== Peripherals ===

This means any external or internal device that can be added before or after installation and detected by Alpine Linux. The peripherals that are supported depends on the current version of the Linux kernel.

Almost any GPU is supported, but certain features and 3D acceleration might depend on MESA drivers:

* Intel: mostly any Intel by one exception, Intel i810/i815 will lack features since it has only 4Mb memory, support for it has been dropped by Mesa and Linux.
* ATI/AMD, only Radeon series with exception of recent last two years, Rage r128/match64 series has limited support.
* Nvidia: support for Nvidia GPUs is limited since their drivers are proprietary and built for GNU libc. Nouveau drivers are available as free alternative.
* Matrox: not all features are supported.
* Sis: limited features are supported, due to limited support from upstream.
* Via: limited features are supported, due to limited support from upstream.

== Software requirements ==

=== Media ===

Alpine boot images are provided on [https://alpinelinux.org/downloads/ downloads page] or on a [https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/ mirror]

The images should be verified as in [[Installation]], to ensure the file wasn't corrupted during transfer.

=== Booting ===

The following table describes supported firmware types, for more information please check [[Alpine_and_UEFI|Alpine and UEFI]] wiki page.

{| class="wikitable"
|-
! Supported Arch !! Supported firmware !! Supported Types
|-
| x86_64 || Coreboot, Vendor/OEM || BIOS, UEFI
|-
| x86 || Coreboot, Vendor/OEM || BIOS, UEFI
|-
| ppc64le || Coreboot, Vendor/OEM || UEFI
|-
| armhf || Uboot, Vendor/OEM || UEFI
|-
| armv7 || Uboot, Vendor/OEM || UEFI
|-
| aarch64 || Vendor/OEM || UEFI
|-
| s390x || Vendor/OEM || unknown
|}

=== Space ===

A default installation of Alpine requires at least 1GB of free space. You can see various partition configurations and their sizes on [[Alpine_and_UEFI#Alpine_disk_layout_for_UEFI|Alpine disk layout for UEFI/BIOS at Alpine and UEFI]] wiki page.

= See Also =

# [[Installation]]

[[Category:Installation]]

__FORCETOC__

Replacing non-Alpine Linux with Alpine remotely

2023-06-11T15:52:28Z

Arrogance: Marking as obsolete, as per comment by User:Darkfader on the talk page

{{obsolete}}
* What: These instructions are for installing Alpine Linux on a hosted ''physical'' server from a hosting company like serverpronto, bluehost, etc.
* Why: Typically these companies run Debian, Fedora, or another Linux distribution. This document explains how to get Alpine Linux on a machine with nothing but ssh access.

== With VNC access ==
{{Note|Usually providers offer vnc access to the server, if that's not the case skip this.}}
Download an alpine iso that boots from ram, e.g. alpine-virt
wget nl.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-virt-3.5.2-x86_64.iso
Flash the image to the drive of your server, e.g. /dev/sda
dd if=alpine-virt-3.5.2-x86_64.iso of=/dev/sda
Reboot, and login again from vnc with root. Alpine is now running from ram, and should have mounted /dev/sda on /media/sda, paste it into ram.
mkdir /media/setup
cp -a /media/sda/* /media/setup
Copy also the kernel modules which are located in /.modloop
mkdir /lib/setup
cp -a /.modloop/* /lib/setup
Unmount modloop and the media folder
/etc/init.d/modloop stop
umount /dev/sda
Move back the files in place
mv /media/setup/* /media/sda/
mv /lib/setup/* /.modloop/
Finally you can format the disk to install alpine
setup-disk
Or just run the the whole setup
setup-alpine

== Without VNC access ==

{{Note|This process will not work with alpine-1.9.0_rc4 or ''earlier''''' Use Alpine-1.9.1 or later for best results.}}

{{Warning| Practice on a computer with physical access first. If something goes wrong, the remote box will very likely be left in an unusable state. In that case, you get to turn in a support request to regen the server back to "factory fresh" mode.}}

{{Warning|Really. Practice this first.}}

Prerequisites:
* SSH access to the remote box (needs to have SSH server running)
* Alpine Linux supported hardware
* Adventurous mind
* Nerves of steel

These instructions are based on a debian (physical) server, and all steps are performed while logged into the machine. So you should start with a machine that has ssh running.

== Create apk overlay suitable for hard disk based tmpfs boot ==

{{Note|This entire section can be replaced by setting up a box from scratch, using setup-alpine and selecting 'none' for the install disk, then running 'lbu ci' to save the apkovl. You can then open the overlay and set up networking ''exactly'' as it should be on the target box, then repackage the overlay and drop in the root of alpine_dev on the remote host.)}}

The first step is to create Alpine configuration file with basic configuration of the host. We need the new box to start networking and ssh in the beginning so we can reconnect to it after reboot.

Create basic layout for the overlay:
mkdir overlay
cd overlay
mkdir -p etc/ssh etc/network etc/runlevels/{default,boot,sysinit,shutdown} root/.ssh etc/lbu

You can also use default Alpine configuration files. In this case you should use ssh key to authorize yourself (as root password is empty, and ssh has empty passwords disabled).

If you want to keep the existing host identity (e.g. SSH key), you can copy them over:

cp -a /etc/{passwd,group,shadow,gshadow,hostname,resolv.conf,network/interfaces,ssh} etc/
cp /etc/network/interfaces etc/network

Copy over your ssh authorized_keys and make sure its included in future:
cp -a /root/.ssh/authorized_keys root/.ssh
echo "/root/.ssh" > etc/lbu/include

Find out which shell is used for root:

grep ^root /etc/passwd

If its /bin/ash, you are good. If not, edit etc/passwd and change it to /bin/ash.
sed -i -e '/^root:/s:/bin/bash:/bin/ash:' etc/passwd

{{Note|If you don't do this, nobody (even with physical access) will be able to log into the machine.}}

Create etc/network/interfaces with network configuration (unless it was previously copied over). It should look something like:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address ip.ad.dr.es
netmask 255.255.255.0
gateway gw.ad.dr.es

Since Alpine 3.13 must be:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address ip.ad.dr.es/cidr
gateway gw.ad.dr.es
'''Make sure there is no whitespace at end of lines''' in interfaces file. Busybox ifup is very picky.

Make sure your etc/resolv.conf exists; if not create etc/resolv.conf with the nameserver configuration like:
nameserver dns.ip.ad.dr
options edns0 trust-ad single-request-reopen

Create the apk world (etc/apk/world) with essential packages:
mkdir -p etc/apk
echo "alpine-base iproute2 openssh" > etc/apk/world

'''Double check the IP configuration and ssh keys.'''

Finally, make the essential services start up automatically and create the overlay file:
ln -s /etc/init.d/{hwclock,modules,sysctl,hostname,bootmisc,syslog} etc/runlevels/boot/
ln -s /etc/init.d/{devfs,dmesg,mdev,hwdrivers} etc/runlevels/sysinit/
ln -s /etc/init.d/{networking,sshd} etc/runlevels/default/
ln -s /etc/init.d/{mount-ro,killprocs,savecache} etc/runlevels/shutdown/
tar czf ../host.apkovl.tar.gz *

Verify the overlay with "tar tzf" to see that it contains everything in proper places, and ensure it is in the / directory

tar tzvf host.apkovl.tar.gz
cp host.apkovl.tar.gz /

== Install Alpine cd-rom image on hard disk ==

We need to copy over two sets of information: the boot kernel (kernel, initramdisk and boot configuration) and operating system boot data (overlay, apk packages and kernel modules). These can reside on same partition if they fit. However, /boot is usually small, so you might want to put the apks on separate partition. This guide assumes they are on sda1 (/boot) and sda2 (/) with both having ext3 filesystems. If you don't have ext3 on / or /boot, then you might be able to disable swap and reformat the swap partition as ext3 and use that.

Download an alpine iso and mount it; for example

wget {{#latestalp:alpine|url}}
mount alpine*.iso /cdrom -o loop

Copy the apkovl and the contents of cd-rom image to root of current installation:
cp host.apkovl.tar.gz /
cp -a /cdrom/* /

Next we make the Alpine Linux kernel bootable (requires syslinux) and use fdisk to mark the /boot partition as bootable (if not done already):
dd if=/usr/share/syslinux/mbr.bin of=/dev/sda # on some older systems its /usr/lib/syslinux/mbr.bin
fdisk /dev/sda

Make sure that /boot dir has a symlink pointing to itself. This is to handle the case when /boot is on separate partition.
ln -sf . /boot/boot

Create /boot/extlinux.conf with contents like (check the filesystem type for alpine_dev; kernel and initrd are relative to partition root):
timeout 20
prompt 1
default grsec
label grsec
kernel /boot/grsec
append initrd=/boot/grsec.gz alpine_dev=sda2:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet

From Alpine Linux 2.1 you can use the UUID of the partition that holds the apkovl and the ''apks'' directory, the current root. Use ''blkid'' to get the proper UUID. By using UUID we solve the problem when there are multiple disks and we don't knowing how kernel enumerates them after boot. Example extlinux.conf:
timeout 20
prompt 1
default grsec
label grsec
kernel /boot/grsec
append initrd=/boot/grsec.gz alpine_dev=UUID=44ea33e2-deb4-4a29-88e2-fc8a4ef80ab0:ext3 modloop=grsec.cmg modules=loop,cramfs,sd-mod,usb-storage,ext3 quiet

[Comment added by IceCodeNew]

I tried this instruction on Ubuntu 20.04, and I'm installing Alpine-virt 3.13.2.

I found there is no such file named `*/syslinux/mbr.bin`, but even if I skip the step which issuing `dd if=/usr/share/syslinux/mbr.bin of=/dev/sda`, the machine was able to boot alpine without problem.

Here is the extlinux.conf I use (since there are lots of files that had been renamed):
timeout 20
prompt 1
default grsec
label grsec
kernel /boot/vmlinuz-virt
append initrd=/boot/initramfs-virt alpine_dev=UUID=db153994-91fe-426f-bd88-f751e07f97f2:ext4 modloop=/boot/modloop-virt modules=loop,cramfs,sd-mod,usb-storage,ext4 quiet

[End of comment]

Finally make the /boot partition bootable by extlinux.
extlinux -i /boot

(Tested on 2.1.2 and higher) Make sure:
* grsec.cmg is on /
* [something].apkovl.tar.gz is on /
* grsec.gz is on /boot
* The apline_dev UUID value points to whatever is currently /
* the partition for /boot is flagged as bootable
* the output of extlinux was for the partition currently mounted at /boot

== Install Alpine on hard-disk ==

Reboot the box. And wait for it to come alive again. If it doesn't, tough luck. So dry practice with local box, with as identical hardware as possible.

Once back in the box, we are running in Alpine Linux from tmpfs. So just do a regular installation of Alpine from network via ssh connection.

Edit /etc/apk/repositories to contain your favorite Alpine mirror or just:
http://dl-3.alpinelinux.org/alpine/v1.10/packages/main

Finally run:
/etc/init.d/modloop stop
apk update
setup-disk

After hard disk setup is complete, '''copy ssh_authorized_keys to hard disk'''.

Reboot once more, and you have the server with native Alpine hard disk installation.

[[Category:Installation]]

Template talk:AlpineLatest

2023-06-07T11:24:39Z

Arrogance: Created page with "This needs to be updated to the latest version (currently 3.18), but I can't do so as it is protected. ~~~~"

This needs to be updated to the latest version (currently 3.18), but I can't do so as it is protected. [[User:Arrogance|Arrogance]] ([[User talk:Arrogance|talk]]) 11:24, 7 June 2023 (UTC)

User:Arrogance/subpage/subpage

2023-05-30T18:38:28Z

Arrogance:

Talk:Installation

2023-05-30T18:25:50Z

Arrogance:

== New Discussions ==

I wasn't here for most of the drama, but it might help with reducing redundant pages and poor verbiage if some of the other "install" pages were made subpages of this one. Instead of "Installing Alpine in a virtual machine", "Installing Alpine on VMware ESXi", "Alpine on ARM", etc... we could group by hypervisor (if any), then architecture or firmware, then board, etc... existing only where there are differences between others of the same level. For example:

* '''Installation/VirtualBox/BIOS''' -
* '''Installation/AARCH64/Raspberry Pi 4'''
* '''Installation/x86/Dell Inspiron 1525'''

Alternatively, we could duplicate the top level installation page for each architecture (like the Gentoo Handbook). That would allow better nuance in the initial media preparation and boot process. This page would then simply provide a brief guide of choosing the correct arch. [[User:Arrogance|Arrogance]] ([[User talk:Arrogance|talk]]) 09:17, 30 May 2023 (UTC)

:+1 for this idea. I'm not a pro at this but it would make it easier to navigate. Is the subpage feature on for regular pages? [[User:Bbbhltz|bbbhltz]] ([[User talk:Bbbhltz|talk]]) 10:46, 30 May 2023 (UTC)
::No, it's not on, although that doesn't technically stop making pages this way. It mostly just means there isn't a built-in way to navigate to parent pages. Within certain constraints (a hypothetical '''Installation/x86''' would need to be named '''Installation/X86''', for example), it shouldn't stop enabling them at a future date, either. [[User:Arrogance|Arrogance]] ([[User talk:Arrogance|talk]]) 18:25, 30 May 2023 (UTC)

== Resolved Discussions==

=== Focused users and edits ===

We are aware that wiki is not so complete but, last month wiki installation page are a crap ton of changes.. The wiki page tries to include so many information.. but it lacks of good structure, neither hav a good requirements page

So then '''I separated the requirements detailed''' to a new wiki page, https://wiki.alpinelinux.org/wiki/Requirements, with all details and reduce significatively the installation page details to only RAM and SPACE storage..

Later added a section in https://wiki.alpinelinux.org/wiki/Alpine_newbie_install_manual#Ways_to_install_Alpine_listed_by_architectures so then '''users that need different methods of install does not need to crap''' with over information the only wiki installation page.. (over information) '''I mean over sentences of "for this ARM flafour go to here and here and for this toy go to here"'''

'''Last then i reduced rest of info to improved independent pages of each one!'''
Contributions must be focused in independent cases and listed in how to and tutorial wiki page .. so then i can check and later listed at new users tutorial pages.

All of this new pages will be improved in next days. Currently information was slpitted and improved to reduce the oversized installation page!

'''''About changes and recent diff from SB1 June and July changes..'''.''

'''Checksum command is a extra optional info''': first note are the checksum command to verify.. only takes in consideration linux (ovbiusly will be so "rare" if not) and win! there' is no more OS in the world? there's no MAC or FreeBSD? is clear Alpine need minimal linux knowledge so are nonsense try to catch win users without minimal linux knowledge.. specific pages for that must be done! not in main install pages!

'''Boot of external devices''' depends of each computer device so each wiki page cases of architecture installation must added its own information

'''also the use Sb1 erased/changed so many information''' and does not property posted in any other page .. (i mean setup alpine or similar) all the info was grouped and pasted in main installation page.. oversized the target of.. the good examples of wiki pages must be like: https://wiki.alpinelinux.org/wiki/Alpine_Linux:FAQ#What_is_the_difference_between_.27sys.27.2C_.27data.27.2C_and_.27diskless.27_when_running_.27setup-alpine.27_or_.27setup-disk.27.3F makes references to install page as further deep information available.. but this page as i said was changed significatively..

--[[User:mckaygerhard|mckaygerhard]] July 2020

* Sorry, it's problematic when your edits **replace** concise pages with your "alpine newbie" series style. (And that repeatedly.) For readers looking for information, these are a quite much convoluted agglomeration of multiple, unmaintainable pages with much overlapping and duplicate information and do not refrain from opinionated jargon. For example, it does not make much sense to move the recommended image verification commands into some [[Requirements]] page. That page is immense and convoluted with unmaintanable tables that for example only resemble statistics about the currently downloadable images. Further, parts of it are duplicated in the plethora of "Alpine_newbie" install recipes (in which readers that follow it or want to look up something to get lost in, without getting a much needed overview and information about the available options, to end up being able to arrive at well informed decisions). => So there are good reasons why your changes were reverted (12:40, 12 December 2020‎ "Reverting as of https://lists.alpinelinux.org/~alpine/devel/<20201002143513.yco7vwx2ci3lqezm@wolfsden.cz> Second time user Mckaygerhard pulled stunt on this page. (Aug.13/19 & Jul.12/20))

User:Arrogance/subpage

2023-05-30T18:09:09Z

Arrogance: touch

<!-->

User:Arrogance/subpage/subpage

2023-05-30T18:08:05Z

Arrogance: test

[[{{#titleparts:{{FULLPAGENAME}}|1|1}}]] {{#ifexist:{{#titleparts:{{FULLPAGENAME}}|2|1}}| > [[{{#titleparts:{{FULLPAGENAME}}|2|1}}]]}}{{#ifexist:{{#titleparts:{{FULLPAGENAME}}|3|1}}| > [[{{#titleparts:{{FULLPAGENAME}}|3|1}}]]}} {{#ifexist:{{#titleparts:{{FULLPAGENAME}}|4|1}}| > [[{{#titleparts:{{FULLPAGENAME}}|4|1}}]]}} {{#ifexist:{{#titleparts:{{FULLPAGENAME}}|5|1}}| > [[{{#titleparts:{{FULLPAGENAME}}|5|1}}]]}} {{#ifexist:{{#titleparts:{{FULLPAGENAME}}|6|1}}| > [[{{#titleparts:{{FULLPAGENAME}}|6|1}}]]}} {{#ifexist:{{#titleparts:{{FULLPAGENAME}}|7|1}}| > [[{{#titleparts:{{FULLPAGENAME}}|7|1}}]]}}

Talk:Installation

2023-05-30T09:17:10Z

Arrogance:

== New Discussions ==

I wasn't here for most of the drama, but it might help with reducing redundant pages and poor verbiage if some of the other "install" pages were made subpages of this one. Instead of "Installing Alpine in a virtual machine", "Installing Alpine on VMware ESXi", "Alpine on ARM", etc... we could group by hypervisor (if any), then architecture or firmware, then board, etc... existing only where there are differences between others of the same level. For example:

* '''Installation/VirtualBox/BIOS''' -
* '''Installation/AARCH64/Raspberry Pi 4'''
* '''Installation/x86/Dell Inspiron 1525'''

Alternatively, we could duplicate the top level installation page for each architecture (like the Gentoo Handbook). That would allow better nuance in the initial media preparation and boot process. This page would then simply provide a brief guide of choosing the correct arch. [[User:Arrogance|Arrogance]] ([[User talk:Arrogance|talk]]) 09:17, 30 May 2023 (UTC)

== Resolved Discussions==

=== Focused users and edits ===

We are aware that wiki is not so complete but, last month wiki installation page are a crap ton of changes.. The wiki page tries to include so many information.. but it lacks of good structure, neither hav a good requirements page

So then '''I separated the requirements detailed''' to a new wiki page, https://wiki.alpinelinux.org/wiki/Requirements, with all details and reduce significatively the installation page details to only RAM and SPACE storage..

Later added a section in https://wiki.alpinelinux.org/wiki/Alpine_newbie_install_manual#Ways_to_install_Alpine_listed_by_architectures so then '''users that need different methods of install does not need to crap''' with over information the only wiki installation page.. (over information) '''I mean over sentences of "for this ARM flafour go to here and here and for this toy go to here"'''

'''Last then i reduced rest of info to improved independent pages of each one!'''
Contributions must be focused in independent cases and listed in how to and tutorial wiki page .. so then i can check and later listed at new users tutorial pages.

All of this new pages will be improved in next days. Currently information was slpitted and improved to reduce the oversized installation page!

'''''About changes and recent diff from SB1 June and July changes..'''.''

'''Checksum command is a extra optional info''': first note are the checksum command to verify.. only takes in consideration linux (ovbiusly will be so "rare" if not) and win! there' is no more OS in the world? there's no MAC or FreeBSD? is clear Alpine need minimal linux knowledge so are nonsense try to catch win users without minimal linux knowledge.. specific pages for that must be done! not in main install pages!

'''Boot of external devices''' depends of each computer device so each wiki page cases of architecture installation must added its own information

'''also the use Sb1 erased/changed so many information''' and does not property posted in any other page .. (i mean setup alpine or similar) all the info was grouped and pasted in main installation page.. oversized the target of.. the good examples of wiki pages must be like: https://wiki.alpinelinux.org/wiki/Alpine_Linux:FAQ#What_is_the_difference_between_.27sys.27.2C_.27data.27.2C_and_.27diskless.27_when_running_.27setup-alpine.27_or_.27setup-disk.27.3F makes references to install page as further deep information available.. but this page as i said was changed significatively..

--[[User:mckaygerhard|mckaygerhard]] July 2020

* Sorry, it's problematic when your edits **replace** concise pages with your "alpine newbie" series style. (And that repeatedly.) For readers looking for information, these are a quite much convoluted agglomeration of multiple, unmaintainable pages with much overlapping and duplicate information and do not refrain from opinionated jargon. For example, it does not make much sense to move the recommended image verification commands into some [[Requirements]] page. That page is immense and convoluted with unmaintanable tables that for example only resemble statistics about the currently downloadable images. Further, parts of it are duplicated in the plethora of "Alpine_newbie" install recipes (in which readers that follow it or want to look up something to get lost in, without getting a much needed overview and information about the available options, to end up being able to arrive at well informed decisions). => So there are good reasons why your changes were reverted (12:40, 12 December 2020‎ "Reverting as of https://lists.alpinelinux.org/~alpine/devel/<20201002143513.yco7vwx2ci3lqezm@wolfsden.cz> Second time user Mckaygerhard pulled stunt on this page. (Aug.13/19 & Jul.12/20))

Install Alpine on VMware Workstation

2023-05-30T08:20:49Z

Arrogance:

{{merge|[[Installing Alpine on a virtual machine]]}}
There's at least 2 ways you can setup Alpine on a VMware box.

== Option 1: sys mode, traditional hard-disk install (preferable for a dev box) ==

# Create a virtual machine (Linux, other 3.x kernel 64 bit)
## Add a hard drive with your desired size
## Add a CD/DVD to the VM that points to the Alpine ISO you downloaded
## Disable "UEFI secure boot" in Settings -> Advanced
# Boot the VM and log in with username "root"
## run <code>setup-alpine</code>
## choose '''sys''' when asked about the disk mode ([[Installation#System_Disk_Mode|sys mode]] will install Alpine to the disk)
## choose the default hard disk mounted by VMware
## reboot after the installation is complete

== Option 2: USB mode, no data preserved between reboots ==

# Create a virtual machine (Linux, other 3.x kernel 64 bit)
## add a small hard drive, e.g. 100MB for saving configs (like an usb stick)
## Add a CD/DVD to the VM that points to the Alpine ISO you downloaded
# boot into the VM
# press F2 on boot to enter the BIOS
## change the boot order so that it boots from CD, then HD, then floppy (or whatever - as long as CD is first)
# boot the machine
# now run the following commands:
## <code>mkfs.vfat /dev/sda</code>
## <code>mount /dev/sda /media/usb</code> (Or try: <code>mount -t vfat /dev/sda /media/usb</code>)
## <code>grep /dev/sda /proc/mounts >> /etc/fstab</code>
## <code>setup-alpine</code> (select no disk, save configs to 'usb')
## <code>lbu ci usb</code>

If the VM hangs at the boot prompt, reboot the VM, and when the boot prompt appears again, type <code>pax_nouderef</code> (i.e. append it to the kernel options) and press Enter. This should allow normal boot-up. 

Now you should be able to reboot and it should retain your settings because they were saved to your "usb-disk".

== VMware Tools ==

More info on this page: [[Open-vm-tools]]

For VMware Tools support you need to install the package [https://pkgs.alpinelinux.org/package/edge/community/x86_64/open-vm-tools open-vm-tools].

[[Category:Virtualization]]

Installing Alpine on a virtual machine

2023-05-30T08:20:31Z

Arrogance: Changed redirect target from Category:Virtualization to Installing Alpine in a virtual machine

#REDIRECT [[Installing Alpine in a virtual machine]]

I3wm

2023-05-30T08:06:00Z

Arrogance:

{{DISPLAYTITLE:i3wm}}
== Initial setup ==

I will assume you are working on a fresh, installation of Alpine standard.
Otherwise see [[Installation|these]] instructions.

== Enable Community Repository ==

We need the Community Repository available for access to the i3 packages.
Instructions are available on the [[Repositories#Enabling_the_community_repository|Repositories]] page.

== Install drivers ==

Ensure you have the required drivers.

{{Cmd|# apk search xf86-input*}}

{{Cmd|# apk search xf86-video*}}

=== Example driver installation ===

{{Cmd|# apk add xf86-video-intel xf86-input-intel xf86-video-fbdev xf86-video-vesa}}

== Install fonts ==

Install [[Fonts|fonts]]. If you start i3 without fonts it will be unusable.

{{Cmd|# apk add font-terminus}}

== Install dbus ==

Install dbus and set it up.

{{Cmd|# apk add dbus}}

{{Cmd|# dbus-uuidgen > /var/lib/dbus/machine-id}}

{{Cmd|# rc-update add dbus}}

== Install X11 ==

Install X11 and set it up.

{{Cmd|# setup-xorg-base}}

== Install i3 ==

Install i3, the i3 status bar and a terminal.

{{Cmd|# apk add i3wm i3status xterm}}

== Set up a non-root account ==

Set up a non-root account:

{{Cmd|# adduser ''new-user''}}

{{Cmd|# addgroup ''new-user'' input}}

{{Cmd|# addgroup ''new-user'' video}}

== Test ==

Now you can start i3 manually:

{{Cmd|# startx /usr/bin/i3}}

{{Note|The default configuration is minimal and most menu options won't work unless you customize and/or install additional packages. More information is available in the [https://i3wm.org/docs/userguide.html i3 user guide].}}

== Starting i3 on login ==

To have i3 start automatically on login, you should set up xinit.

There are different ways to do this. The [https://wiki.archlinux.org/title/Xinit ArchWiki]
has information on this.

{{Todo|add section on Xinit}}

[[category: Desktop]]
[[category: Window Managers]]

QEMU

2023-05-30T07:44:13Z

Arrogance:

[http://wiki.qemu.org/Index.html QEMU] is a very flexible open source virtual machine and emulator. QEMU is able to virtualize or emulate x86, PowerPC, ARM, and S390 guests.

= Install Alpine Linux in QEMU =
{{merge|Installing_Alpine_in_a_virtual_machine#KVM_/_QEMU|Installing Alpine in QEMU and installing QEMU in Alpine should be handled separately.}}
{{:Install_Alpine_in_QEMU}}

= Live mode =
{{:Running_Alpine_in_Qemu_Live_mode}}

= Advanced network configuration =

{{:Running Alpine Linux As a QEMU networked Guest}}

= Using Xorg inside QEMU =

The video driver needed for Xorg inside QEMU is <code>xf86-video-modesetting</code>.

{{tip|Probably for KVM/Qemu guests you want to use ''qxl'' Video and Display ''Spice''. For this purpose install xf86-video-qxl on guest and run a Spice client on the host}}

If you decided to use a ''qxl'' Video on KVM/Qemu guest, add this configuration to `/etc/X11/xorg.conf`

{{Cmd|Section "Device"
Identifier "qxl"
Driver "qxl"
Option "ENABLE_SURFACES" "False"
EndSection}}

= Run a guest OS on Alpine Linux using KVM/QEMU =

Install:

{{Cmd|# apk add qemu-system-x86_64 qemu-modules libvirt libvirt-qemu}}

{{Note|also install {{Pkg|virt-manager}} for a KVM/QEMU gui}}

 

Add '''tun''' to <code>/etc/modules</code>:

{{Cmd|(su) echo tun >> /etc/modules}}

 

Starting '''tun''' now:

{{Cmd|# modprobe tun}}

 

Add your user to the '''kvm''' and '''qemu''' groups

{{Cmd|# addgroup <username> kvm}}
{{Cmd|# adduser <username> qemu}}

Logout for the group changes to take effect


 

Adding services:

{{Cmd|# rc-update add libvirtd}}
{{Cmd|# rc-update add libvirt-guests}}

Starting the services now:

{{Cmd|# rc-service libvirtd start}}
{{Cmd|# rc-service libvirt-guests start}}

 

If you are interested in using a bridged network (so that the guest machine can be reached easily from the outside), see [[Bridge]].

[[Category:Virtualization]]

Alpine Wall

2023-05-30T07:31:22Z

Arrogance:

{{obsolete}}
This page is a design and implementation plan for a new firewall
management framework. The new framework addresses the limitations
of Shorewall, which is probably the most common solution used
with Alpine.

== Proposal ==

We evaluated serveral existing open source projects, none of which
satisfied our demanding taste. The existing solutions are either too
tied to specific (router) distributions, targeted to home users (with
too many assumptions built-in), or depedent on bloated frameworks
(usually Perl). Moreover, we would like to keep management of firewall
settings and activation of such settings as two separate workflows,
which would facilitate centralized management of firewall rules.

As no readily available solution was found, the proposal is to
implement a new management framework for <code>iptables</code>, which
would integrate with the
[[Alpine Configuration Framework Design|Alpine Configuration
Framework]]
(ACF). The framework is hereafter referred to as the Alpine Wall
({{Pkg|awall}}).

== Design ==

Awall would consist of three major components: data model, front-end,
and back-end. It also implements a plug-in architecture, which allows
extending the data model and functionality, in order to simplify
common organization-specific administrative tasks.

The '''data model''' would describe the firewall configuration using
concepts and terminology that is roughly compatible with Shorewall. It
would also borrow some useful concepts from other firewall solutions
we evaluated, such as the Service concept as defined in the
[http://www.turtlefirewall.com/manual-en/x161.html Turtle Firewall]
(but generalized a bit). Awall plug-ins can contain schema extension
modules augmenting the basic model provided by the framework.

The '''back-end''' is responsible for translating the model's data
into configuration files, most notably the files that can be read by
<code>iptables-restore</code> and
<code>ip6tables-restore</code>. Moreover, it can produce files into
e.g. <code>/etc/modprobe.d</code> and <code>/etc/sysctl.d</code> if
necessary. When a plug-in extends the data model, it must also provide
a back-end module that interprets model extension and translates the
data into <code>iptables</code> and other rules. The framework
includes a module for interpreting the base model. The framework is
responsible for ordering and aggregating the results produced by all
modules into actual configuration files.

The '''front-end''' is essentially an ACF module which allows editing
the data model and activating the changes with the help of the
back-end. The front-end implements also a fallback mechanism that
prevents the operator from locking himself out by a faulty
configuration. The configuration data is stored in text files which
can be directly edited. The front-end provides a command line tool for
validating and activating the configuration after manual changes.

== Base Model ==

The basic data model could roughly look like as follows:

;Zone
; <code>interface*, subnet*</code>
;Service
; <code>(protocol, port*)+</code>
;Forwarding policy
; <code>Zone:in*, Zone:out*, accept/reject/drop, masq_on/masq_off</code>
;Filtering rule
; <code>Zone:in*, Zone:out*, Service+, accept/reject/drop, conn_limit?, flow_limit?</code>
;NAT rule
; <code>snat/dnat, Zone:in*, Zone:out*, Service, ip4_range, port_range?</code>

Subnets in zone definitions can be declared using IPv4/IPv6 addresses
(CIDR notation), domain names, or as references to
[http://ipset.netfilter.org/ipset.man.html ipsets]. A domain name can
resolve to one or more IP addresses. The referred ipsets may be
managed manually or by some other tool.

If a packet with source address ''a'' arrives on interface ''i'', it
is considered to originate from zone ''Z = (I, S)'' (where ''I'' is
the set of interfaces and ''S'' is the set of subnets) if and only if
''I'' includes ''i'', and ''a'' belongs to any subnet of ''S''. In
zone definitions, ''I'' would default to the set of all interfaces and
''S'' to {0.0.0.0/0, ::}. The destination zone would be defined in a
similar way based on the packet's destination address and interface.

== Implementation Considerations ==

The data model should preferably be based on some existing format,
such as JSON, XML, or YAML. In order to allow extensions to the data
model, awall must define some kind of schema language. This language
would embed the necessary information the front-end needs to
automatically generate a user interface for the extension. For
example, the help texts shown to the user would be placed in the
schema modules.

Ideally, the base model would be described using the very same
language as the model extensions, but it would impose quite demanding
requirements on the language, e.g. support for complex data types. If
we select this approach and model the data using XML, we could use XML
Schema as the basis. There is also an (expired) Internet Draft on
[http://tools.ietf.org/html/draft-zyp-json-schema-03 JSON Schema], but
there seems to be no existing validator implementation in C or Lua.

Even though elegant from architecture point of view, it is unlikely
that support for complex data types would be required by typical
extensions. In most cases, a set of global variables of primitive
types would suffice. Therefore, we could just use a very simple
language for declaring such variables or implement support for a
limited subset of some well-known schema language. In this
alternative, the base model would not be described using this language
but rather hard-coded into the front-end.

The back-end modules are responsible for translating the configuration
data into configuration file fragments. As regards their
implementation, we have two alternatives. The first alternative is to
implement them as Lua functions invoked by the framework in a defined
way. The framework would provide a library that allows the said
functions to access the data model, and also otherwise assists in
their implementation. The functions would report the results back to
the framework, which finally would translate them into target files.

In the second alternative, the back-end modules would be implemented
using a template language rather than a general-purpose programming
language. An example of a firewall-related template language is
[http://ferm.foo-projects.org/download/2.1/ferm.html ferm], which
unfortunately is implemented in Perl. Ferm also lacks certain
capabilities required to implement e.g. the Zone and Service concepts
conveniently. However, we could introduce a new template language that
would better suit our purposes. Such a language would eliminate some
redundancy from the back-end modules which necessarily comes with the
use of a general-purpose language. On the other hand, developing and
maintaining such a language would take effort and might make the
framework initially more difficult to use.

The back-end will contain functionality for domain name resolution. In
the data model, hosts of groups thereof can be identified by their
domain names. The back-end will resolve these to IP addresses, which
will be stored in the target files, so there will be no need to
resolve anything when activating the configuration during boot.

== See also ==
* [[Zero-To-Awall]]
* [[How-To Alpine Wall]]

[[Category:Networking]]
[[Category:Security]]
[[Category:Development]]

Vlan

2023-05-30T07:28:51Z

Arrogance: Arrogance moved page Vlan to VLAN

#REDIRECT [[VLAN]]

VLAN

2023-05-30T07:28:51Z

Arrogance: Arrogance moved page Vlan to VLAN

This article shows how to configure a network interface as an IEEE 802.1q VLAN trunk.

__TOC__

{{Note| Alpine Linux v2.4 or later is required}}
==Installation==
First, install the ''vlan'' package. This will give you support for vlans in the ''/etc/network/interfaces'' file.
{{Cmd|apk add vlan}}

==Configuration==
Edit the ''/etc/network/interfaces'' file:
<pre>
auto eth0.8
iface eth0.8
address 192.168.0.2/24
gateway 192.168.0.1
vlan-raw-device eth0
vlan_id 8

</pre>
With the ''vlan'' package installed, ifup will find the trailing .8 in eth0.8 and will create a vlan interface with vid 8 over eth0.

Alternativly with vlan8 over eth0:
<pre>
auto vlan8
iface vlan8
address 192.168.0.2/24
gateway 192.168.0.1
vlan-raw-device eth0
</pre>

A static ip address was used in the examples shown above, but dhcp can be used as well.

== Example with bridges associated with VLANs over bonding with differing MTUs on the various VLANs ==
This serves as an example of some of the more complicated networking possible. Particularly, this would work well for a hypervisor attached to a dedicated storage VLAN. Less complicated implementations can be achieved by merely removing the non-applicable parts.
<pre>
auto lo
iface lo inet loopback

auto bond0
iface bond0 inet manual
bond_slaves eth0 eth1
bond_mode 802.3ad
bond_miimon 100
bond_xmit_hash_policy layer2+3
post-up ip link set dev bondi0 mtu 9000

iface bond0.1

auto br1
iface br1
address 192.168.1.196/24
gateway 192.168.1.1
bridge_ports bond0.1
bridge_stp off
bridge_fd 0.0
post-up ip link set dev bond0.1 mtu 1500

iface bond0.10 inet manual

auto br10
iface br10 inet static
address 192.168.10.1/24
bridge_ports bond0.10
bridge_stp off
bridge_fd 0.0
</pre>

== Example with two interfaces on the same adapter. One with vlan and one without ==

Since linux doesn't allow multiple default gateways we need to use a second routing table using iproute2

{{Cmd|apk add iproute2}}

Then we'll add two new routig tables to the config file. One for each network

{{Cmd|echo "1 rt1" >> /etc/iproute2/rt_tables;echo "2 rt2" >> /etc/iproute2/rt_tables;}}

Now we need to edit /etc/network/interfaces

<pre>
auto lo
iface lo inet loopback

# the native interface without a vlan (also called untagged)

auto eth0
iface eth0
address 192.168.1.100/24
gateway 192.168.1.1
post-up ip route add 192.168.1.0/24 dev eth0 src 192.168.1.100 table rt1
post-up ip route add default via 192.168.1.1 dev eth0 table rt1 # the actual gateway for this interface
post-up ip rule add from 192.168.1.100/32 table rt1
post-up ip rule add to 192.168.1.100/32 table rt1

# second interface with the vlan tag 5
auto eth0.5
iface eth0.5
address 192.168.5.100/24
post-up ip route add 192.168.5.0/24 dev eth0.5 src 192.168.5.100 table rt2
post-up ip route add default via 192.168.5.1 dev eth0.5 table rt2 # the actual gateway for this interface
post-up ip rule add from 192.168.5.100/32 table rt2
post-up ip rule add to 192.168.5.100/32 table rt2
</pre>

Note that if you want to add a third interface this way, you'll have to add another routing table

[[Category:Networking]]

Tmux

2023-05-30T07:25:43Z

Arrogance:

{{DISPLAYTITLE:tmux}}
{{pkg|tmux}} is a terminal multiplexer. It's a good tool for e.g. remote support. It can also be used to start a command you want to keep running after you close your console session (you can later on attach to your running session).

= Install =
In order to use {{pkg|tmux}} you will have to install it:
{{cmd|apk add tmux}}

= Usage =

== Start a new session ==
To create a {{pkg|tmux}} session you just enter:
{{cmd|tmux}}

== List existing sessions ==
When you have started some session(s) you can list them:
{{cmd|tmux ls}}
{{tip|Above command can also be run as <code>tmux list-sessions</code>}}
You might get a list that looks like this:
<pre>
0: 1 windows (created Wed Oct 24 15:12:12 2012) [126x35]
1: 1 windows (created Wed Oct 24 15:14:44 2012) [126x35]
</pre>

== Attach to a existing session ==
Lets say you want to attach to a existing session (e.g. the above <code>1: 1 windows</code> session).
{{cmd|tmux attach -t 1}}
{{tip|If you only have one session you don't need to specify session. Just run <code>tmux attach</code>}}

== Controlling a session ==
While inside a {{pkg|tmux}} session, you can control it using keyboard shortcuts. We will only describe some of those alternatives.

{{tip|To enter a keyboard shortcut that controls the current {{pkg|tmux}} session, you should click {{key|B}} while holding down {{key|CTRL}} In the below examples this procedure is described as <code>C-b</code>}}
=== Get help ===
One of the most useful commands is the one that gives you 'help'. 
While in your {{pkg|tmux}} session, click:
{{cmd|C-b ?}}
''(Do not press/hold {{key|CTRL}} when clicking {{key|?}})''

=== Detach from a session ===
Sometimes it's useful to just detach from a session without killing it. 
{{cmd|C-b d}}
{{tip|Try starting <code>ping 127.0.0.1</code> while inside a session and then detach from the session. After some while re-connect to the session using <code>tmux attach</code>. Note that the "seq" value indicates that ping had continued running while you where detached from the session.}}

=== Close or kill a session ===
To 'kill' a session:
{{cmd|C-b &}}
Confirm by clicking {{key|y}} when prompted.

You can also 'kill' your session by entering:
{{cmd|exit}}

= Other terminal multiplexers =
A similar tool is {{pkg|screen}} which is documented [[Screen_on_console|here]].

[[Category:Shell]]

Tmux terminal multiplexer

2023-05-30T07:25:06Z

Arrogance: Arrogance moved page Tmux terminal multiplexer to Tmux

#REDIRECT [[Tmux]]

Tmux

2023-05-30T07:25:06Z

Arrogance: Arrogance moved page Tmux terminal multiplexer to Tmux

{{pkg|tmux}} is a terminal multiplexer. It's a good tool for e.g. remote support. It can also be used to start a command you want to keep running after you close your console session (you can later on attach to your running session).

= Install =
In order to use {{pkg|tmux}} you will have to install it:
{{cmd|apk add tmux}}

= Usage =

== Start a new session ==
To create a {{pkg|tmux}} session you just enter:
{{cmd|tmux}}

== List existing sessions ==
When you have started some session(s) you can list them:
{{cmd|tmux ls}}
{{tip|Above command can also be run as <code>tmux list-sessions</code>}}
You might get a list that looks like this:
<pre>
0: 1 windows (created Wed Oct 24 15:12:12 2012) [126x35]
1: 1 windows (created Wed Oct 24 15:14:44 2012) [126x35]
</pre>

== Attach to a existing session ==
Lets say you want to attach to a existing session (e.g. the above <code>1: 1 windows</code> session).
{{cmd|tmux attach -t 1}}
{{tip|If you only have one session you don't need to specify session. Just run <code>tmux attach</code>}}

== Controlling a session ==
While inside a {{pkg|tmux}} session, you can control it using keyboard shortcuts. We will only describe some of those alternatives.

{{tip|To enter a keyboard shortcut that controls the current {{pkg|tmux}} session, you should click {{key|B}} while holding down {{key|CTRL}} In the below examples this procedure is described as <code>C-b</code>}}
=== Get help ===
One of the most useful commands is the one that gives you 'help'. 
While in your {{pkg|tmux}} session, click:
{{cmd|C-b ?}}
''(Do not press/hold {{key|CTRL}} when clicking {{key|?}})''

=== Detach from a session ===
Sometimes it's useful to just detach from a session without killing it. 
{{cmd|C-b d}}
{{tip|Try starting <code>ping 127.0.0.1</code> while inside a session and then detach from the session. After some while re-connect to the session using <code>tmux attach</code>. Note that the "seq" value indicates that ping had continued running while you where detached from the session.}}

=== Close or kill a session ===
To 'kill' a session:
{{cmd|C-b &}}
Confirm by clicking {{key|y}} when prompted.

You can also 'kill' your session by entering:
{{cmd|exit}}

= Other terminal multiplexers =
A similar tool is {{pkg|screen}} which is documented [[Screen_on_console|here]].

[[Category:Shell]]

Serial mouse

2023-05-30T07:21:06Z

Arrogance:

=Introduction=

A mouse connected to the serial port will not be recognized by an X.Org server automatically. In <code>/var/log/Xorg.0.log</code> there will be a message:
<pre>
(II) The server relies on udev to provide the list of input devices.
If no devices become available, reconfigure udev or disable AutoAddDevices.
</pre>
An existing <code>/etc/X11/xorg.conf</code> with <code>AutoAddDevices</code> enabled will result in
<pre>
(WW) Hotplugging is on, devices using drivers 'kbd', 'mouse' or 'vmmouse' will be disabled.
</pre>

We will describe two ways of getting an usable serial mouse under X.org. In our example we have a Logitec serial mouse of the model M/N: M-M30 associated to the device <code>/dev/ttyS0</code>.

=Getting information about the mouse=

If the protocol for the serial mouse is unkown, the command {{cmd|mouse-test /dev/ttyS0}} from the package <code>gpm</code> can be used to get the necessary information. The program is interactive and will print at the end a message like:
<pre>
Your mouse seems to be a 'mman' one on "/dev/ttyS0" (24 matches)
</pre>
The <code>man</code> page <code>gpm-types</code> contain a list of the protocols. In our case the lines
<pre>
mman Mouseman
The protocol used by the new Logitech devices with three but-
tons. It is backward compatible with the Microsoft protocol, so
if your mouse has three buttons and works with -t ms or similar
decoders you may try -t mman instead to use the middle button.
This mouse decoder accepts standard serial options, although
they should not be needed.
</pre>
gives us more information about the protocol. We can test the mouse in a virtual console by running:
{{cmd|gpm -m /dev/ttyS0 -t mman}}

=Solution: Inform the Linux input subsystem=

The serial port should already be known to udev:
{{Cmd|udevadm info --name=/dev/ttyS0 --query=path}}
<pre>/devices/platform/serial8250/tty/ttyS0</pre>
But in the output of {{cmd|cat /proc/bus/input/devices}} there is no hint of its existence. Installing the package <code>linuxconsoletools</code> from the testing repository and executing
{{cmd|inputattach --mouseman /dev/ttyS0}}
should give us a working mouse for the X server.
The command
{{cmd|inputattach --help}} prints a list of the available protocols. In our case the line
<pre> --mouseman -mman 3-button Logitech / Genius mouse</pre>
tells us which one to use. Now the output of {{cmd|cat /proc/bus/input/devices}} should contain a section like:
<pre>
I: Bus=0013 Vendor=0004 Product=0001 Version=0100
N: Name="Logitech M+ Mouse"
P: Phys=ttyS0/serio0/input0
S: Sysfs=/devices/platform/serial8250/tty/ttyS0/serio8/input/input9
U: Uniq=
H: Handlers=event2 mouse0
B: PROP=0
B: EV=7
B: KEY=70000 0 0 0 0 0 0 0 0
B: REL=3
</pre>

To start the <code>inputattach</code> command automatically create a file <code>/etc/local.d/sermouse.start</code> with the content:
<pre>
#!/bin/sh
inputattach --daemon --mouseman /dev/ttyS0
</pre>
Make it executable and add the service <code>local</code> to the <code>default</code> runlevel:
{{cmd|rc-update add local default}}
Then the command
{{cmd|rc}} should start the new service. If you want to stop <code>inputattach</code> when stopping the <code>local</code> service, create an executable file <code>/etc/local.d/sermouse.stop</code> with content
<pre>
#!/bin/sh
killall inputattach
</pre>
Alternatively you can create a script in <code>/etc/init.d</code> to define a service for the serial mouse.

=Solution: Configure the X.org server=

If you don't have a <code>/etc/X11/xorg.conf</code>, then generate one with the command
{{cmd|Xorg -configure}}
and modify (and move) the resulting file <code>/root/xorg.conf.new</code> to get a running X server. For instance you might have to know the correct driver for the <code>"InputDevice"</code> section for your graphics card. Include the section
<pre>
Section "ServerFlags"
Option "AutoAddDevices" "False"
EndSection
</pre>
to disable hotplugging and set the <code>"Device"</code> and <code>"Protocol"</code> options in the <code>"InputDevice"</code> section for your mouse. In our case we have:
<pre>
Option "Protocol" "MouseMan"
Option "Device" "/dev/ttyS0"
</pre>
Then restart the X server. For instance:
{{cmd|rc-service lxdm restart}}

=References=

*[http://wiki.archlinux.org/index.php/serial_input_device_to_kernel_input Serial input device to kernel input - ArchWiki]
*[http://bugs.alpinelinux.org/issues/2532 Feature #2532: Request for package: linuxconsoletools]
*[http://lists.alpinelinux.org/alpine-devel/1891.html How to run script at startup (alpine-devel Archives)]
*[http://wiki.gentoo.org/wiki/Local.d local.d GEntoo Wiki]
[[Category:Hardware]]

Nginx with PHP

2023-05-30T07:15:44Z

Arrogance:

{{obsolete|PHP5 was removed in 3.9. PHP7 is not in 3.16 or later repositories.}}
{{:Nginx}}

== PHP5 Installation ==
PHP packages is available in the Alpine Linux repositories. To install php5 with modules run:
{{cmd|apk add php5-fpm php5-mcrypt php5-soap php5-openssl php5-gmp php5-pdo_odbc php5-json php5-dom php5-pdo php5-zip php5-mysql php5-mysqli php5-sqlite3 php5-apcu php5-pdo_pgsql php5-bcmath php5-gd php5-xcache php5-odbc php5-pdo_mysql php5-pdo_sqlite php5-gettext php5-xmlreader php5-xmlrpc php5-bz2 php5-memcache php5-mssql php5-iconv php5-pdo_dblib php5-curl php5-ctype}}

Perhaps you do not need all these PHP modules. Install modules according to your needs.

=== Configuration of PHP5 ===

Defining ENV variables which will be used in configuration. You can do this e.g. in [https://stackoverflow.com/questions/35325856/where-to-set-system-default-environment-variables-in-alpine-linux /etc/profile.d/php5.sh].
{{cmd|<nowiki>PHP_FPM_USER="www"
PHP_FPM_GROUP="www"
PHP_FPM_LISTEN_MODE="0660"
PHP_MEMORY_LIMIT="512M"
PHP_MAX_UPLOAD="50M"
PHP_MAX_FILE_UPLOAD="200"
PHP_MAX_POST="100M"
PHP_DISPLAY_ERRORS="On"
PHP_DISPLAY_STARTUP_ERRORS="On"
PHP_ERROR_REPORTING="E_COMPILE_ERROR\|E_RECOVERABLE_ERROR\|E_ERROR\|E_CORE_ERROR"
PHP_CGI_FIX_PATHINFO=0</nowiki>}}
Modify variables according to your needs.

Modifying configuration file php-fpm.conf
{{cmd|<nowiki>sed -i "s|;listen.owner\s*=\s*nobody|listen.owner = ${PHP_FPM_USER}|g" /etc/php5/php-fpm.conf
sed -i "s|;listen.group\s*=\s*nobody|listen.group = ${PHP_FPM_GROUP}|g" /etc/php5/php-fpm.conf
sed -i "s|;listen.mode\s*=\s*0660|listen.mode = ${PHP_FPM_LISTEN_MODE}|g" /etc/php5/php-fpm.conf
sed -i "s|user\s*=\s*nobody|user = ${PHP_FPM_USER}|g" /etc/php5/php-fpm.conf
sed -i "s|group\s*=\s*nobody|group = ${PHP_FPM_GROUP}|g" /etc/php5/php-fpm.conf
sed -i "s|;log_level\s*=\s*notice|log_level = notice|g" /etc/php5/php-fpm.conf #uncommenting line </nowiki>}}

Modifying configuration file php.ini
{{cmd|<nowiki>sed -i "s|display_errors\s*=\s*Off|display_errors = ${PHP_DISPLAY_ERRORS}|i" /etc/php5/php.ini
sed -i "s|display_startup_errors\s*=\s*Off|display_startup_errors = ${PHP_DISPLAY_STARTUP_ERRORS}|i" /etc/php5/php.ini
sed -i "s|error_reporting\s*=\s*E_ALL & ~E_DEPRECATED & ~E_STRICT|error_reporting = ${PHP_ERROR_REPORTING}|i" /etc/php5/php.ini
sed -i "s|;*memory_limit =.*|memory_limit = ${PHP_MEMORY_LIMIT}|i" /etc/php5/php.ini
sed -i "s|;*upload_max_filesize =.*|upload_max_filesize = ${PHP_MAX_UPLOAD}|i" /etc/php5/php.ini
sed -i "s|;*max_file_uploads =.*|max_file_uploads = ${PHP_MAX_FILE_UPLOAD}|i" /etc/php5/php.ini
sed -i "s|;*post_max_size =.*|post_max_size = ${PHP_MAX_POST}|i" /etc/php5/php.ini
sed -i "s|;*cgi.fix_pathinfo=.*|cgi.fix_pathinfo= ${PHP_CGI_FIX_PATHINFO}|i" /etc/php5/php.ini</nowiki>}}

To add PHP support to Nginx we should modify Nginx configuration file:
{{cmd|vi /etc/nginx/nginx.conf}}
<pre>
user www;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
access_log /var/log/nginx/access.log;
keepalive_timeout 3000;
server {
listen 80;
root /www;
index index.html index.htm index.php;
server_name localhost;
client_max_body_size 32m;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
}
</pre>
In our configuration we have line: "fastcgi_pass 127.0.0.1:9000" 
It should be corresponing to the line "listen = 127.0.0.1:9000" in PHP configuration file /etc/php5/php-fpm.conf

=== Timezone ===
For configuring Timezone you may use tzdata package which can be installed by running:
{{cmd|apk add tzdata}}

Timezone configuration
{{cmd|<nowiki>TIMEZONE="Europe/Helsinki"
cp /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
echo "${TIMEZONE}" > /etc/timezone
sed -i "s|;*date.timezone =.*|date.timezone = ${TIMEZONE}|i" /etc/php5/php.ini</nowiki>}}

=== Sample PHP page ===
{{cmd|vi /www/phpinfo.php}}
<pre>
<?php
phpinfo();
?>
</pre>

=== Starting Nginx with PHP5 ===
Nginx should be restarted because we have changed it's configuration. Restart it by running:
{{cmd|rc-service nginx restart}}

After the installation PHP is not running. Start it by running:
{{cmd|rc-service php-fpm start}}

=== Runlevel ===
Normally you want to start the web server when the system is launching. This is done by adding Nginx and PHP to the needed runlevel.
{{cmd|rc-update add nginx default
rc-update add php-fpm default}}

Now they should start automatically when you boot your machine next time. To test that run:
{{cmd|reboot}}

To make sure that Nginx and PHP are started run command:
{{cmd|<nowiki>ps aux | grep 'nginx\|php-fpm'</nowiki>}}

You should get something like this:
<pre>
263 root 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
264 www 0:00 nginx: worker process
291 root 0:00 php-fpm: master process (/etc/php5/php-fpm.conf)
302 www 0:00 php-fpm: pool www
303 www 0:00 php-fpm: pool www
310 root 0:00 grep nginx\|php-fpm
</pre>

=== Testing Nginx with PHP ===
This section is assuming that nginx is running and sample html page "/www/phpinfo.php" is created. Launch a web browser and point it to
<pre>
http://X.X.X.X/phpinfo.php
</pre>
where X.X.X.X is IP address of your web server 
 
If everything was set up correctly, you should see information about your web server.

=== Troubleshooting ===

If PHP is not started check php-fpm log file
{{cmd|less /var/log/php-fpm.log}}

Make sure that configuration files do not contain errors
{{cmd|vi /etc/php5/php-fpm.conf
vi /etc/php5/php.ini}}

== PHP7 Installation ==
PHP packages is available in the Alpine Linux repositories. To install php7 with modules run:
{{cmd|apk add php7-fpm php7-mcrypt php7-soap php7-openssl php7-gmp php7-pdo_odbc php7-json php7-dom php7-pdo php7-zip php7-mysqli php7-sqlite3 php7-apcu php7-pdo_pgsql php7-bcmath php7-gd php7-odbc php7-pdo_mysql php7-pdo_sqlite php7-gettext php7-xmlreader php7-xmlrpc php7-bz2 php7-iconv php7-pdo_dblib php7-curl php7-ctype}}

Perhaps you do not need all these PHP modules. Install modules according to your needs.

=== Configuration of PHP7 ===

Defining ENV variables which will be used in configuration. You can do this e.g. in [https://stackoverflow.com/questions/35325856/where-to-set-system-default-environment-variables-in-alpine-linux /etc/profile.d/php7.sh].
{{cmd|<nowiki>PHP_FPM_USER="www"
PHP_FPM_GROUP="www"
PHP_FPM_LISTEN_MODE="0660"
PHP_MEMORY_LIMIT="512M"
PHP_MAX_UPLOAD="50M"
PHP_MAX_FILE_UPLOAD="200"
PHP_MAX_POST="100M"
PHP_DISPLAY_ERRORS="On"
PHP_DISPLAY_STARTUP_ERRORS="On"
PHP_ERROR_REPORTING="E_COMPILE_ERROR\|E_RECOVERABLE_ERROR\|E_ERROR\|E_CORE_ERROR"
PHP_CGI_FIX_PATHINFO=0</nowiki>}}
Modify variables according to your needs.

Modifying configuration file www.conf
{{cmd|<nowiki>sed -i "s|;listen.owner\s*=\s*nobody|listen.owner = ${PHP_FPM_USER}|g" /etc/php7/php-fpm.d/www.conf
sed -i "s|;listen.group\s*=\s*nobody|listen.group = ${PHP_FPM_GROUP}|g" /etc/php7/php-fpm.d/www.conf
sed -i "s|;listen.mode\s*=\s*0660|listen.mode = ${PHP_FPM_LISTEN_MODE}|g" /etc/php7/php-fpm.d/www.conf
sed -i "s|user\s*=\s*nobody|user = ${PHP_FPM_USER}|g" /etc/php7/php-fpm.d/www.conf
sed -i "s|group\s*=\s*nobody|group = ${PHP_FPM_GROUP}|g" /etc/php7/php-fpm.d/www.conf
sed -i "s|;log_level\s*=\s*notice|log_level = notice|g" /etc/php7/php-fpm.d/www.conf #uncommenting line </nowiki>}}

Modifying configuration file php.ini
{{cmd|<nowiki>sed -i "s|display_errors\s*=\s*Off|display_errors = ${PHP_DISPLAY_ERRORS}|i" /etc/php7/php.ini
sed -i "s|display_startup_errors\s*=\s*Off|display_startup_errors = ${PHP_DISPLAY_STARTUP_ERRORS}|i" /etc/php7/php.ini
sed -i "s|error_reporting\s*=\s*E_ALL & ~E_DEPRECATED & ~E_STRICT|error_reporting = ${PHP_ERROR_REPORTING}|i" /etc/php7/php.ini
sed -i "s|;*memory_limit =.*|memory_limit = ${PHP_MEMORY_LIMIT}|i" /etc/php7/php.ini
sed -i "s|;*upload_max_filesize =.*|upload_max_filesize = ${PHP_MAX_UPLOAD}|i" /etc/php7/php.ini
sed -i "s|;*max_file_uploads =.*|max_file_uploads = ${PHP_MAX_FILE_UPLOAD}|i" /etc/php7/php.ini
sed -i "s|;*post_max_size =.*|post_max_size = ${PHP_MAX_POST}|i" /etc/php7/php.ini
sed -i "s|;*cgi.fix_pathinfo=.*|cgi.fix_pathinfo= ${PHP_CGI_FIX_PATHINFO}|i" /etc/php7/php.ini</nowiki>}}

To add PHP support to Nginx we should modify Nginx configuration file:
{{cmd|vi /etc/nginx/nginx.conf}}
<pre>
user www;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
access_log /var/log/nginx/access.log;
keepalive_timeout 3000;
server {
listen 80;
root /www;
index index.html index.htm index.php;
server_name localhost;
client_max_body_size 32m;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
}
</pre>
In our configuration we have line: "fastcgi_pass 127.0.0.1:9000" 
It should be corresponing to the line "listen = 127.0.0.1:9000" in PHP configuration file /etc/php7/php-fpm.d/www.conf

=== Timezone ===
For configuring Timezone you may use tzdata package which can be installed by running:
{{cmd|apk add tzdata}}

Timezone configuration
{{cmd|<nowiki>TIMEZONE="Europe/Helsinki"
cp /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
echo "${TIMEZONE}" > /etc/timezone
sed -i "s|;*date.timezone =.*|date.timezone = ${TIMEZONE}|i" /etc/php7/php.ini</nowiki>}}

=== Sample PHP page ===
{{cmd|vi /www/phpinfo.php}}
<pre>
<?php
phpinfo();
?>
</pre>

=== Starting Nginx with PHP7 ===
Nginx should be restarted because we have changed it's configuration. Restart it by running:
{{cmd|rc-service nginx restart}}

After the installation PHP is not running. Start it by running:
{{cmd|rc-service php-fpm7 start}}

=== Runlevel ===
Normally you want to start the web server when the system is launching. This is done by adding Nginx and PHP to the needed runlevel.
{{cmd|rc-update add nginx default
rc-update add php-fpm7 default}}

Now they should start automatically when you boot your machine next time. To test that run:
{{cmd|reboot}}

To make sure that Nginx and PHP are started run command:
{{cmd|<nowiki>ps aux | grep 'nginx\|php-fpm'</nowiki>}}

You should get something like this:
<pre>
263 root 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
264 www 0:00 nginx: worker process
291 root 0:00 php-fpm: master process (/etc/php7/php-fpm.conf)
302 www 0:00 php-fpm: pool www
303 www 0:00 php-fpm: pool www
310 root 0:00 grep nginx\|php-fpm
</pre>

=== Testing Nginx with PHP ===
This section is assuming that nginx is running and sample html page "/www/phpinfo.php" is created. Launch a web browser and point it to
<pre>
http://X.X.X.X/phpinfo.php
</pre>
where X.X.X.X is IP address of your web server 
 
If everything was set up correctly, you should see information about your web server.

=== Troubleshooting ===

If PHP is not started check php-fpm log file
{{cmd|less /var/log/php-fpm.log}}

Make sure that configuration files do not contain errors
{{cmd|vi /etc/php7/php-fpm.conf
vi /etc/php7/php.ini}}

[[Category:Web Server]]
[[Category:PHP]]

Serial Mouse

2023-05-30T06:53:19Z

Arrogance: Arrogance moved page Serial Mouse to Serial mouse

#REDIRECT [[Serial mouse]]

Serial mouse

2023-05-30T06:53:19Z

Arrogance: Arrogance moved page Serial Mouse to Serial mouse

[[Category:Installation]]

=Introduction=

A mouse connected to the serial port will not be recognized by an X.Org server automatically. In <code>/var/log/Xorg.0.log</code> there will be a message:
<pre>
(II) The server relies on udev to provide the list of input devices.
If no devices become available, reconfigure udev or disable AutoAddDevices.
</pre>
An existing <code>/etc/X11/xorg.conf</code> with <code>AutoAddDevices</code> enabled will result in
<pre>
(WW) Hotplugging is on, devices using drivers 'kbd', 'mouse' or 'vmmouse' will be disabled.
</pre>

We will describe two ways of getting an usable serial mouse under X.org. In our example we have a Logitec serial mouse of the model M/N: M-M30 associated to the device <code>/dev/ttyS0</code>.

=Getting information about the mouse=

If the protocol for the serial mouse is unkown, the command {{cmd|mouse-test /dev/ttyS0}} from the package <code>gpm</code> can be used to get the necessary information. The program is interactive and will print at the end a message like:
<pre>
Your mouse seems to be a 'mman' one on "/dev/ttyS0" (24 matches)
</pre>
The <code>man</code> page <code>gpm-types</code> contain a list of the protocols. In our case the lines
<pre>
mman Mouseman
The protocol used by the new Logitech devices with three but-
tons. It is backward compatible with the Microsoft protocol, so
if your mouse has three buttons and works with -t ms or similar
decoders you may try -t mman instead to use the middle button.
This mouse decoder accepts standard serial options, although
they should not be needed.
</pre>
gives us more information about the protocol. We can test the mouse in a virtual console by running:
{{cmd|gpm -m /dev/ttyS0 -t mman}}

=Solution: Inform the Linux input subsystem=

The serial port should already be known to udev:
{{Cmd|udevadm info --name=/dev/ttyS0 --query=path}}
<pre>/devices/platform/serial8250/tty/ttyS0</pre>
But in the output of {{cmd|cat /proc/bus/input/devices}} there is no hint of its existence. Installing the package <code>linuxconsoletools</code> from the testing repository and executing
{{cmd|inputattach --mouseman /dev/ttyS0}}
should give us a working mouse for the X server.
The command
{{cmd|inputattach --help}} prints a list of the available protocols. In our case the line
<pre> --mouseman -mman 3-button Logitech / Genius mouse</pre>
tells us which one to use. Now the output of {{cmd|cat /proc/bus/input/devices}} should contain a section like:
<pre>
I: Bus=0013 Vendor=0004 Product=0001 Version=0100
N: Name="Logitech M+ Mouse"
P: Phys=ttyS0/serio0/input0
S: Sysfs=/devices/platform/serial8250/tty/ttyS0/serio8/input/input9
U: Uniq=
H: Handlers=event2 mouse0
B: PROP=0
B: EV=7
B: KEY=70000 0 0 0 0 0 0 0 0
B: REL=3
</pre>

To start the <code>inputattach</code> command automatically create a file <code>/etc/local.d/sermouse.start</code> with the content:
<pre>
#!/bin/sh
inputattach --daemon --mouseman /dev/ttyS0
</pre>
Make it executable and add the service <code>local</code> to the <code>default</code> runlevel:
{{cmd|rc-update add local default}}
Then the command
{{cmd|rc}} should start the new service. If you want to stop <code>inputattach</code> when stopping the <code>local</code> service, create an executable file <code>/etc/local.d/sermouse.stop</code> with content
<pre>
#!/bin/sh
killall inputattach
</pre>
Alternatively you can create a script in <code>/etc/init.d</code> to define a service for the serial mouse.

=Solution: Configure the X.org server=

If you don't have a <code>/etc/X11/xorg.conf</code>, then generate one with the command
{{cmd|Xorg -configure}}
and modify (and move) the resulting file <code>/root/xorg.conf.new</code> to get a running X server. For instance you might have to know the correct driver for the <code>"InputDevice"</code> section for your graphics card. Include the section
<pre>
Section "ServerFlags"
Option "AutoAddDevices" "False"
EndSection
</pre>
to disable hotplugging and set the <code>"Device"</code> and <code>"Protocol"</code> options in the <code>"InputDevice"</code> section for your mouse. In our case we have:
<pre>
Option "Protocol" "MouseMan"
Option "Device" "/dev/ttyS0"
</pre>
Then restart the X server. For instance:
{{cmd|rc-service lxdm restart}}

=References=

*[http://wiki.archlinux.org/index.php/serial_input_device_to_kernel_input Serial input device to kernel input - ArchWiki]
*[http://bugs.alpinelinux.org/issues/2532 Feature #2532: Request for package: linuxconsoletools]
*[http://lists.alpinelinux.org/alpine-devel/1891.html How to run script at startup (alpine-devel Archives)]
*[http://wiki.gentoo.org/wiki/Local.d local.d GEntoo Wiki]

Install to disk

2023-05-30T06:51:29Z

Arrogance:

{{merge|installation}}
= If using Alpine Linux 2.2.3 or later =

{{Warning|This will erase '''everything''' on your machine's harddisk. Don't blame me if someone sues you for this, your cat dies etc. You are warned.}}

The following is meant to be an absolute newbie guide

* [[Burning ISOs|Burn the Alpine ISO image to a CD]]
* Put the CD into the new computer and turn on the power. Make sure the computer is capable to boot from a CD. Your manual for the computer or the BIOS can help.
* Wait for the text '''login:''' to appear, type '''root''' and press enter.
* Run the '''setup-alpine''' script
** Choose your keyboard layout. If you don't know your keyboard layout choose '''us'''. Here '''us''' was chosen.
*** Then I chose the '''us''' variant.
** Host name, which will be the name of your computer, you can just press enter if you want to use the default name
** Choose your network card, most people can just go with the default (press enter)
*** Most people will use DHCP, so press enter again, or you can enter in your static IP address
*** You will be asked if you want to do any manual network configuration, press enter for no
** Type in your root password twice.
** Choose a time zone, you can get a list by pressing '''?'''. If you want a sub zone, e.g. Africa, type in Africa and press enter, '''?''' will give you a list of sub zones in Africa.
** Press '''f''' to choose the fastest mirror.
** Choose an SSH server, this allows you to remotely manage your machine. OpenSSH is what the big distro's use, Dropbear is a tiny SSH replacement. Choose '''none''' for best security.
** Choose an NTP client, this keeps your machine's time accurate using an Internet time server. Openntpd is what the big distro's use, while Chrony is a tiny replacement.
** Choose a disk you want to install Alpine onto, as an example, '''sda''' is the first disk in your computer.
*** Now choose how you would like to use it, for this guide, choose '''sys''', this will install the entire OS onto your hard drive
*** You are given a final chance to back out, type in '''Y''' to continue
* The installation is now complete and you will be asked to reboot. Type in '''reboot''' and press enter
Take out the CD, and your computer should boot into Alpine using your hard drive.

=== Continue Setting up your Computer ===

* [[Alpine Linux package management]] ''(How to add/remove packages on your Alpine)''
* [[OpenRC]] ''(Configure a service to automatically boot at next reboot)''
* [[Setting up a SSH server]] ''(Using ssh is a good way to administer your box remotely)''
* [[Tutorials and Howtos]] ''(Various tutorials, including how to setup a [[XFCE Setup|XFCE desktop]])''

[[Category:Installation]]

= If using Alpine Linux 2.2.2 or earlier =

A number of steps are nowadays included in the setup-disk and setup-lbu scripts, which are invoked by setup-alpine. But in these older systems, these steps have to be performed manually.

Run <code>setup-alpine</code> to configure the keyboard, hostname and networking.
{{Cmd|setup-alpine}}

Now for the manual steps. Install needed programs for the setup:
{{Cmd|apk add e2fsprogs syslinux mkinitfs}}

Create partitions with <code>fdisk</code>.
{{Cmd|fdisk /dev/sda}}

Let's say you have 2 partitions: {{Path|/dev/sda1}} as "Linux" (type 83) and {{Path|/dev/sda2}} as "linux swap" (type 82). The partition containing {{Path|/boot}}---here, {{Path|/dev/sda1}}---must be marked bootable (command "a" within <code>fdisk</code>).

Next, create your filesystem(s) and swap:

{{Cmd|mkfs.ext4 /dev/sda1
mkswap /dev/sda2}}

Mount the filesystem:
{{Cmd|mount -t ext4 /dev/sda1 /mnt}}

Clone the current running config created by <code>setup-alpine</code> (hostname, networking root password):
{{Cmd|<nowiki>lbu package - | tar -C /mnt -zxf -</nowiki>}}

Install base packages on the mounted disk:
{{Cmd|<nowiki>apk add --root=/mnt --initdb $(cat /etc/apk/world)</nowiki>}}

Append the / and swap to {{Path|/etc/fstab}}:
{{Cmd|echo -e "/dev/sda1 / ext4 defaults 1 1" >> /mnt/etc/fstab
echo -e "/dev/sda2 none swap sw 0 0" >> /mnt/etc/fstab}}

Configure the boot loader, <code>extlinux</code>. We use the provided {{Path|syslinux.cfg}} as base.
{{Cmd|cp /media/cdrom/syslinux.cfg /mnt/boot/extlinux.conf
vi /mnt/boot/extlinux.conf}}

It should contain something like:
timeout 20
prompt 1
default grsec
label grsec
kernel /boot/grsec
append initrd=/boot/grsec.gz root=/dev/sda1 modules=ext4 quiet

Install the [[Bootloaders|bootloader]] on your {{Path|/boot}} partition:
{{Cmd|extlinux -i /mnt/boot}}

Install the early-stage bootloader in the disk's MBR (note that it's {{Path|/dev/sda}} not {{Path|/dev/sda1}}!)
{{Cmd|<nowiki>dd if=/usr/share/syslinux/mbr.bin of=/dev/sda</nowiki>}}

This also works:
{{Cmd|cat /usr/share/syslinux/mbr.bin > /dev/sda}}

Unmount, remove cdrom, and reboot. (If you can't eject, just remove it manually as the machine reboots)
{{Cmd|umount /mnt
umount /.modloop
eject
reboot}}

In recent versions of Alpine, the second line can be accomplished by <code>rc-service modloop stop</code>. (See [[FAQ#How_do_I_remove_the_CDROM.3F|this FAQ entry]]).

After reboot, you should be able to log in as root with the password you created in <code>setup-alpine</code>.

[[Category:Installation]]

Create UEFI secureboot USB

2023-05-30T06:48:11Z

Arrogance:

{{merge|Create UEFI boot USB}}This article explains how to create an UEFI boot USB with parted and rEFInd. Unfortunately the version of GRUB that ships with ALpine Linux did not work and Gummiboot only worked on one of two machines I tested. I will submit a PR for a rEFInd package and update these instructions to simplify them given time.

In this example we will use {{Path|/dev/sdX}} and $HOME. This will be different depending on your system. Substitute the paths in the examples below as necessary.

== Create GPT boot partition ==

Install {{Pkg|parted}}
{{Cmd | apk add parted }}

Create a single UEFI boot partitions.
{{warning| This will erase all content of your {{Path|/dev/sdX}}. Make sure that you use correct device.}}

{{Cmd | parted --script /dev/sdX mklabel gpt
parted --script --align{{=}}optimal /dev/sdX mkpart ESP fat32 1MiB 100%
parted --script /dev/sdX set 1 boot on }}

== Create fat32 filesystem ==

Create a fat32 system with the name `Alpine`.

{{Cmd | mkfs.vfat -n ALPINE /dev/sdX1 }}

== Copy content of ISO image to filesystem ==

It is possible to mount the iso image and copy files with {{codeline|cp}} or {{codeline|rsync}} and it is also possible to use {{codeline|7z}} to extract content from the iso. In this example I will use the {{codeline|uniso}} utility from {{Pkg|alpine-conf}} package.

{{Cmd | mount -t vfat /dev/sdX1 /mnt
cd /mnt
uniso < /path/to/alpine-3.8.2-x86_64.iso }}

== Create MOK Key ==
{{Cmd | openssl req -new -x509 -newkey rsa:2048 -keyout $HOME/alpine_local.key -out $HOME/alpine_local.crt -nodes -days 3650 -subj "/CN{{=}}Alpine Local CA/"
openssl x509 -in $HOME/alpine_local.crt -out $HOME/alpine_local.cer -outform DER}}

== Download and install rEFInd ==
Download the binary zip file of rEFInd from http://www.rodsbooks.com/refind/getting.html. In this example we will use the current version of rEFInd, refind-bin-0.11.4.zip. There may be a more recent version of rEFInd available when you download.

{{Cmd | cd /mnt/efi/boot
unzip /path/to/refind-bin-0.11.4.zip
mv refind-bin-0.11.4/refind/* .
rm -rf refind-bin-0.11.4}}

== Copy signed shim ==
Download Matthew J. Garrett's signed shim from http://www.codon.org.uk/~mjg59/shim-signed/shim-signed-0.2.tgz{{dead link}}. In this example we assume it is stored in your users download directory. Substitute the paths in the example below as necessary.

{{Cmd | cd /mnt/efi/boot
gunzip -c /path/to/shim-signed-0.2.tgz | tar x --strip-components{{=}}1 --no-same-owner}}

== Install Shim and Certificate ==
{{Cmd | cp $HOME/alpine_local.cer /mnt/efi/boot
cp /mnt/efi/boot/refind_x64.efi /mnt/efi/boot/grubx64.efi
cp /mnt/efi/boot/shim.efi /mnt/efi/boot/bootx64.efi }}

== Sign the Bootloader and kernel with your key ==
{{Cmd | sbsign --key $HOME/alpine_local.key --cert $HOME/alpine_local.crt /mnt/efi/boot/grubx64.efi
mv /mnt/efi/boot/grubx64.efi.signed /mnt/efi/boot/grubx64.efi
sbsign --key $HOME/alpine_local.key --cert $HOME/alpine_local.crt /mnt/boot/vmlinuz-vanilla
mv /mnt/boot/vmlinuz-vanilla.signed /mnt/boot/vmlinuz-vanilla}}

== Unmount the partition ==
Finally umount the disk
{{Cmd | cd ~ && umount /mnt}}

== Install the Keys and Enroll Hash ==
Insert the USB into the target PC and boot. When prompted select to enroll key, navigate to alpine_local.cer and add it. Then select enroll hash navigate to efi/boot/grubx64.efi select it and add the hash. Now reboot and given a bit of luck it should launch alpine. This step is a bit more complex than it needs to be due to the binary distribution of refind already being signed by the authors key. Once rEFInd is packaged it should simplify this step.

[[Category:Installation]]

Mysql

2023-05-30T06:45:53Z

Arrogance: Arrogance moved page Mysql to MySQL

#REDIRECT [[MySQL]]

MySQL

2023-05-30T06:45:53Z

Arrogance: Arrogance moved page Mysql to MySQL

MySQL is the most popular database manager in free software for two simple reasons (which are not the best technical reasons):
# It's simple and very easy to use
# It is very similar to SQLSERVER and is also used in other systems

'''In the world of Linux Alpine there is a software that provides it''', it is the [[MariaDB]], here we have a brief of info about compatibility and differences, but in short there's no great differences, if you have doubts check [[Mysql#MariaDB_vs_MySQL|MariaDB_vs_MySQL section here]]

'''In the wiki there are two approaches for its use''', [[Production_DataBases_:_mysql|the professional one]] (for servers and deploys) and the [[MariaDB|fast and simple]] usage (for developers and/or enthusiasts):

= MariaDB - fast and simple use =

{{:MariaDB}}

= MySQL (MariaDB) - Production usage =

{{:Production_DataBases_:_mysql}}

= MariaDB vs MySQL =

It is more a matter of compatibility than of performance and characteristics (with the arrival of MySQL v8) .. and it depends on whether there is a purely business and support approach "zero concern".

MySQL, being from Oracle, establishes limits if a license is not purchased, MariaDB has a large connection pool, more than 200,000 connections, while MySQL has a smaller connection pool if it is not licensed.

However, MariaDB does not support data masking and dynamic column while MySQL supports it, also MariaDB although it has 12 new storage engines while MySQL has less these are very new and MySQL's are widely known and tested.

In terms of performance, MariaDB is only a little faster than MySQL, this is because MySQL implements more business features, but this is only noticeable using these many features.

Which is more optimal this is not clear .. in general MySQL should be less, and MariaDB faster, there is a third option which is Percona which is the same MySQL service but with special aggressive optimization patches for servers. Percona mysql code must be compiled in Alpine linux.

== Comparison table ==

{| class="wikitable"
|-
! Characteristic !! MariaDB !! MySQL
|-
| Storage Engines || up to 12 but many in development stage || less but well tested
|-
| Performance || just a little faster || less, there is almost no difference
|-
| Initial version || 2009 (5.3) || 1995 (3.0)
|-
| Data masking || no || yes
|-
| dynamic columns || no || yes
|-
| Monitoring || SQLyog || MySQLworkbench
|-
| Routing || MariaDB MaxScale || Mysql Router
|-
| Analytics || MariaDB ColumnStore || not have
|-
| Git starred times (github)|| [https://github.com/MariaDB/server around 3.6k] || [https://github.com/mysql/mysql-server around 6k]
|}

For more info check a review here: http://qgqlochekone.blogspot.com/2020/04/mariadb-mysql-and-mysqlworkbench.html

[[Category:Newbie]]
[[Category:Server]]
[[Category:Database]]
[[Category:Development]]

Talk:Setting up a samba-server

2023-05-30T06:45:03Z

Arrogance: Arrogance moved page Talk:Setting up a samba-server to Talk:Setting up a Samba server

#REDIRECT [[Talk:Setting up a Samba server]]

Talk:Setting up a Samba server

2023-05-30T06:45:03Z

Arrogance: Arrogance moved page Talk:Setting up a samba-server to Talk:Setting up a Samba server

updated to reflect the smb.conf created on install in 3.8. Also formatting. --[[User:Astrawso|Astrawso]] ([[User talk:Astrawso|talk]]) 20:59, 7 December 2018 (UTC)

== smb passwords ==

When running from RAM, samba passwords db should be added to lbu, right ?

::''lbu inc /var/lib/samba/private/passdb.tdb''
::''lbu inc /var/lib/samba/private/secrets.tdb''

Are there other files that could be needed across reboots, out of /etc ?

See last paragraph in this section here:
::'''''[https://wiki.samba.org/index.php/Frequently_Asked_Questions#What_are_tdb_files.3F What_are_tdb_files on samba.org Wiki]'''''

Quote:
::'''''“The following tdb's should be backed up IMO:'''''

::'''''nt*.tdb account_policy.tdb group_mapping.tdb share_info.tdb winbindd_idmap.tdb secrets.tdb passdb.tdb“'''''

Setting up a samba-server

2023-05-30T06:45:03Z

Arrogance: Arrogance moved page Setting up a samba-server to Setting up a Samba server

#REDIRECT [[Setting up a Samba server]]

Setting up a Samba server

2023-05-30T06:45:03Z

Arrogance: Arrogance moved page Setting up a samba-server to Setting up a Samba server

= Installation =
Install packages:
{{Cmd|# apk add samba}}

= Create a share directory =
This will be the directory that's shared to clients. You can create as many of these as you wish.
{{Cmd|# mkdir /media/storage}}
{{Cmd|# chmod 0777 /media/storage}}

= Create smb.conf =
Alpine provides an example configuration file located at /etc/samba/smb.conf. The following is a simple example to get you up and running.
{{cat|/etc/samba/smb.conf|# /etc/samba/smb.conf
<nowiki>
[global]
#to allow symlinks from everywhere
allow insecure wide links = yes
workgroup = WORKGROUP
dos charset = cp866
unix charset = utf-8
force user = username

[storage]
# to follow symlinks
follow symlinks = yes
# to allow symlinks from outside
wide links = yes
browseable = yes
writeable = yes
path = /media/storage
</nowiki>
}}
{{note|For each directory share, you'll need to add a subsection to '''smb.conf'''}}

= Create a system user and Samba user =
Create a user on the system. Create a Samba user. Give both users the same password.
{{Cmd|# adduser username}}
{{Cmd|# smbpasswd -a username}}

= Configure the Samba service =
Run these two commands to start the service on boot and to start the service right now.
{{Cmd|# rc-update add samba}}
{{Cmd|# rc-service samba start}}

[[Category:Server]]
[[Category:Printers]]
[[Category:Authentication]]

Setting up a nfs-server

2023-05-30T06:44:15Z

Arrogance: Arrogance moved page Setting up a nfs-server to Setting up an NFS server: spelling/grammar

#REDIRECT [[Setting up an NFS server]]

Setting up an NFS server

2023-05-30T06:44:15Z

Arrogance: Arrogance moved page Setting up a nfs-server to Setting up an NFS server: spelling/grammar

= Installation =
Install package:
{{Cmd|apk add nfs-utils}}

= Make it autostart =
Export dirs in /etc/exports, then
{{Cmd|rc-update add nfs}}

If you need just to mount nfs share from fstab file at booting of the system

{{Cmd|rc-update add nfsmount}}

or
{{Cmd|rc-update add netmount}}

You can check your boot services:
{{Cmd|rc-status}}

= Start it up now =
{{Cmd|rc-service nfs start}}

or if you need to mount nfs share from fstab file now
{{Cmd|rc-service nfsmount start}}

or

{{Cmd|rc-service netmount start}}

[[Category:Server]]

Mini httpd with Haserl and Lua

2023-05-30T06:43:24Z

Arrogance:

{{DISPLAYTITLE:mini_httpd with Haserl and Lua}}
[http://acme.com/software/mini_httpd/ mini_httpd] is a small HTTP server. Its performance is not great, but for low or medium traffic sites it's quite adequate. It implements all the basic features of an HTTP server.

[http://haserl.sourceforge.net/ Haserl] is a small program that uses shell or Lua script to create cgi web scripts. It is intended for environments where PHP or ruby are too big.

[https://www.lua.org Lua] is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.

= mini_httpd setup =
For setting up mini_httpd please see article [[mini_httpd]]

= Haserl and Lua setup =
Haserl and Lua packages are available in the Alpine Linux repositories. To install them run:
{{cmd|apk add haserl lua}}

You need to modify mini_httpd.conf (to add cgipat)
{{cmd|vi /etc/mini_httpd/mini_httpd.conf}}
<pre>
## do not leave empty lines in here!
#host=www.example.org
port=80
user=minihttpd
dir=/www
cgipat=**.sh|**.cgi|**.lua
nochroot
</pre>

mini_httpd service should be restarted because we have changed it's configuration
{{cmd|rc-service mini_httpd restart}}

Creating sample Lua script
{{cmd|vi /www/test.lua}}
<pre>
#!/usr/bin/haserl --shell=lua
Content-type: text/html

<html>
<body>
<table border=1><tr>
<%
t = {'Red', 'Blue', 'Yellow', 'Cyan'}
for k,v in ipairs(t) do
io.write('<td bgcolor="'..v..'">'..v..'</td>')
end
%>
</tr></table>
</body>
</html>
</pre>

Setting execution permission
{{cmd|chmod +x /www/*.lua}}

== Troubleshooting ==
For troubleshooting you can try running commands:
{{cmd|lua /www/test.lua}}
{{cmd|/www/test.lua}}
{{cmd|<nowiki>/usr/bin/haserl --shell=lua /www/test.lua</nowiki>}}
{{cmd|apk add sudo
sudo -u minihttpd /usr/bin/haserl /www/test.lua}}
{{cmd|<nowiki>apk add curl
curl http://localhost/test.lua</nowiki>}}

[[Category:Web Server]]
[[Category:Lua]]

Mini httpd with Haserl

2023-05-30T06:43:02Z

Arrogance:

{{DISPLAYTITLE:mini_httpd with Haserl}}
[http://acme.com/software/mini_httpd/ mini_httpd] is a small HTTP server. Its performance is not great, but for low or medium traffic sites it's quite adequate. It implements all the basic features of an HTTP server.

[http://haserl.sourceforge.net/ Haserl] is a small program that uses shell or Lua script to create cgi web scripts. It is intended for environments where PHP or ruby are too big.

= mini_httpd setup =
For setting up mini_httpd please see article [[mini_httpd]]

= Haserl setup =
Haserl package is available in the Alpine Linux repositories. To install it run:
{{cmd|apk add haserl}}

You need to modify mini_httpd.conf (to add cgipat)
{{cmd|vi /etc/mini_httpd/mini_httpd.conf}}
<pre>
## do not leave empty lines in here!
#host=www.example.org
port=80
user=minihttpd
dir=/www
cgipat=**.sh|**.cgi
nochroot
</pre>

mini_httpd service should be restarted because we have changed it's configuration
{{cmd|rc-service mini_httpd restart}}

Creating sample bash script
{{cmd|vi /www/test.sh}}
<pre>
#!/usr/bin/haserl
content-type: text/plain

<%# This is a sample "env" script %>
<% env %>
</pre>

Setting execution permission
{{cmd|chmod +x /www/*.sh}}

== Troubleshooting ==
For troubleshooting you can try running commands:
{{cmd|/www/test.sh}}
{{cmd|/usr/bin/haserl /www/test.sh}}
{{cmd|apk add sudo
sudo -u minihttpd /usr/bin/haserl /www/test.sh}}
{{cmd|apk add curl
curl <nowiki>http://localhost/test.sh</nowiki>}}

= mini_httpd with Haserl and Lua =

[https://www.lua.org Lua] is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.

For setting up mini_httpd with Haserl and Lua, please, see arcticle
[[Mini_httpd_with_Haserl_and_Lua|mini_httpd with Haserl and Lua]]

[[Category:Web Server]]
[[Category:Lua]]

Mini httpd

2023-05-30T06:42:21Z

Arrogance:

{{DISPLAYTITLE:mini_httpd}}
[http://acme.com/software/mini_httpd/ mini_httpd] is a small HTTP server. Its performance is not great, but for low or medium traffic sites it's quite adequate. It implements all the basic features of an HTTP server.

= Setup =

mini_httpd package is available in the Alpine Linux repositories. To install it run:
{{cmd|apk add mini_httpd}}

Preparing home directory
{{cmd|mkdir /www
chown minihttpd /www}}

Before writing your configuration perhaps you may wish to backup original configuration file
{{cmd|mv /etc/mini_httpd/mini_httpd.conf /etc/mini_httpd/mini_httpd.conf.orig}}

Creating mini_httpd configuration file
{{cmd|vi /etc/mini_httpd/mini_httpd.conf}}
<pre>
## do not leave empty lines in here!
#host=www.example.org
port=80
user=minihttpd
dir=/www
nochroot
</pre>

Creating sample .html file
{{cmd|vi /www/index.html}}
<pre>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>HTML5</title>
</head>
<body>
Server is online
</body>
</html>
</pre>

Starting mini_httpd
{{cmd|rc-service mini_httpd start}}
<pre>
* Starting mini_httpd ... [ ok ]
</pre>

== Testing ==
This section is assuming that mini_httpd is running and sample html page "/www/index.html" is created. Launch a web browser and point it to your web server. You should get:
<pre>
Server is online
</pre>

You can also test web server with curl
{{cmd|apk add curl
curl http://localhost}}

== Adding to runlevel ==
Normally you want to start the web server when the system is launching. This is done by adding mini_httpd to the needed runlevel.
{{Cmd|rc-update add mini_httpd default}}

Now mini_httpd should start automatically when you launch your system next time. To test that run:
{{cmd|reboot}}

To make sure that mini_httpd is started run:
{{cmd|<nowiki>ps aux | grep mini_httpd</nowiki>}}

You should get something like this:
<pre>
580 minihttp 0:00 /usr/sbin/mini_httpd -i /var/run/mini_httpd/mini_httpd.pid -C /etc/mini_httpd/mini_httpd.conf -l /var/log/mini_httpd/mini_httpd.log
</pre>

= mini_httpd with Haserl =
[http://haserl.sourceforge.net/ Haserl] is a small program that uses shell or Lua script to create cgi web scripts. It is intended for environments where PHP or ruby are too big.

For setting up mini_httpd with Haserl, please see article [[Mini_httpd_with_Haserl|mini_httpd with Haserl]]

= mini_httpd with Haserl and Lua =
[http://haserl.sourceforge.net/ Haserl] is a small program that uses shell or Lua script to create cgi web scripts. It is intended for environments where PHP or ruby are too big.

[https://www.lua.org Lua] Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.

For setting up mini_httpd with Haserl and Lua, please see article [[Mini_httpd_with_Haserl_and_Lua|mini_httpd with Haserl and Lua]]

[[Category:Web Server]]
[[Category:Lua]]

Lighttpd Advanced security

2023-05-30T06:41:30Z

Arrogance:

== Access Control List ==

This is a way you can define a directory and only allow clients coming from the specified ip's to have access. This might be nice to allow internal LAN clients access to the status pages or employee contact information and deny other clients.

<pre>
#### access control list for hidden_dir (not for use behind proxies) CAUTION REMOVE "#" to work
$HTTP["remoteip"] !~ "127.0.0.1|10.10.10.2|20.10.20.30" {
$HTTP["url"] =~ "^/hidden_dir/" {
url.access-deny = ( "" )
}
}
</pre>

* <code>remoteip</code> will be compared again single ip only, in that example again 3 ip's. The <nowiki>!~</nowiki> are only used for those ip's that ar allowed, the rest will be denied (negative comparison).
* <code>hidden_dir</code> are the name of the relative path under your root htdocs webserver place, or absolute path where are the files that are served.

<pre>
$HTTP["url"] =~ "^/hidden_dir/" {
$HTTP["remoteip"] == "33.222.0.0/16" {
}
else $HTTP["remoteip"] == "75.209.116.4" {
}
else $HTTP["remoteip"] == "79.31.34.79" {
}
else $HTTP["remoteip"] != "" { # (dummy match everything)
url.access-deny = ( "" )
}
}
</pre>

* <nowiki>33.222.0.0/16</nowiki> in this case, we first match the denied entry to, then check the ip that access to that entry and for each network range at the last will be the acces deny rule.

===== See also =====

* https://redmine.lighttpd.net/boards/2/topics/1279
* https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess

== stop image hijacking ==

Image hijacking is when someone makes a link to your site to one of your pictures or videos, but displays it on their site as their own content. The reason this is done is to send a browser to your server to use your bandwidth and make the content look like part of the hijacker's site. This is most common as people make links to pictures and add them to a public forum or blog listing. They get to use your picture in their content and not have to use their bandwidth or server to host the file. In order to keep your bandwidth usage low you should block access to images from those clients who are not requesting the connection from your site. Note, this function can be used for any kind on content. Just add the file types to the url.access-deny list. If would like more ideas on lowering bandwidth usage check out our Saving Webserver Bandwidth (Tips).

<pre>
#### stop image hijacking (anti-hotlinking) CAUTION REMOVE "#" to work
# $HTTP["referer"] !~ "^(http://midominio\.org|http://www\.midominio\.org)" {
# url.access-deny = ( ".jpg", ".jpeg", ".png", ".avi", ".mov" )
# }
</pre>

== virtual host limits ==

A virtual host is the hostname of your web server. For example this site is called calomel.org. Some bots and scanners will try to access your site using the ip address or no hostname header at all to bypass virtual host limitations. We can block this type of behavior by requiring all clients who want to access our server to reference us by our official host name. This will block anyone who is scanning ip addresses or trying to be mischievous, but allow normal clients like browsers and bots like Google.

<pre>
#### virtual host limits CAUTION REMOVE "#" to work
# $HTTP["host"] !~ "^(midominio\.org|www\.midominio\.org)" {
# url.access-deny = ( "" )
# }
</pre>

== stop referer spam ==

Referer spam is more of an annoyance than a problem. A web site will connect to your server with the referer field referencing their web site. The idea is that if you publish your web logs or statistics then their hostname will show up on your page. When a search bot like Google comes by it will see the link from your site to theirs and give them more PageRank credit. First, never make your weblogs public. Second, block access to referer spammers with these lines.

<pre>
#### stop referer spam CAUTION REMOVE "#" to work
# $HTTP["referer"] =~ "(tarotathome|casinospam)" {
# url.access-deny = ( "" )
# }
</pre>

== Perfect Forward Secrecy (PFS) ==

[https://en.wikipedia.org/wiki/Perfect_forward_secrecy Perfect Forward Secrecy] isn't perfect, but what it does mean is that an adversary who gains the private key of a server does not have the ability to decrypt every encrypted SSL/TLS session. Without it, an adversary can simply obtain the private key of a server and decrypt and and all SSL/TLS sessions using that key. This is a major security and privacy concern and so using PFS is probably a good idea long term. It means that every session would have to be decrypted individually, regardless of the state (whether obtained by the adversary or otherwise).

Ultimately when choosing SSL/TLS ciphers it is the usual chose of security or usability? Increasing one usually decreases the other. Nonetheless, an example to prevent the BEAST attack and offer PFS is:

<pre>
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
</pre>

== Mitigation of well know-ed attacks ==

=== BEAST attack, CVE-2011-3389 ===

To help mitigate the BEAST attack add the following to your configuration:

<code>
#### Mitigate BEAST attack:

# A stricter base cipher suite. For details see:
# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
# or
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
#
# Make the server prefer the order of the server side cipher suite instead of the client suite.
# This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
# This option is enabled by default, but only used if ssl.cipher-list is set.
ssl.honor-cipher-order = "enable"

# Mitigate CVE-2009-3555 by disabling client triggered renegotiation
# This option is enabled by default.
#
ssl.disable-client-renegotiation = "enable"
#
</code>

=== POODLE attack (CVE-2014-3566) ===

In light of the recent [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 POODLE] findings, it's advisable to wherever possible turn off support for SSLv3. This is quite simple, you can just append the following to your cipher list to explicitly disable SSLv3 support:

<pre>
:!SSLv3
</pre>

=== FREAK attack (CVE-2015-0204) ===

To prevent the so called [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 FREAK] attack, keep your SSL library up to date, and do not offer support for export grade ciphers.

There's multiple ways to do this, like turning off export cipher support in the cipher list:

<pre>
:!EXPORT
</pre>

Although now might be a good time to review the cipher list in use, and use a stronger, explicit set like the one from the Perfect Forward Secrecy section, or another example:

<pre>
ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
</pre>

Also see https://freakattack.com/

== Https access ==

For higher security [[Lighttpd]] can be configured to allow https access.

The configuration of lighttpd needs to be modified.

{{Cmd|nano /etc/lighttpd/lighttpd.conf}}

Uncomment this section and adjust the path so 'ssl.pemfile' points to where our cert/key pair is stored. Or copy the example below into your configuration file if you saved it to /etc/lighttpd/server.pem.
<pre>
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
</pre>

You'll also want to set the server to listen on port 443. Replace this:
<pre>server.port = 80</pre>
with this:
<pre>server.port = 443</pre>

Restart lighttpd

{{Cmd|rc-service lighttpd restart}}

===Generate Certificate and Keys===
Either generate the public key and certificate and private key using {{Pkg|openssl}}, or by using the ones generated by installing [[Alpine_Configuration_Framework_Design| ACF]]. You don't need to do both, just do one or the other. The former method, with OpenSSL, is preferred since it gives greater control.

====Generate self-signed certificates with openssl ====

To generate certificates, openssl is needed.

{{Cmd|apk add openssl}}

Change to the lighttpd configuration directory

{{Cmd|cd /etc/lighttpd}}

With the command below the self-signed certificate and key pair are generated. A 2048 bit key is the minimum recommended at the time of writing, so we use '-newkey rsa:2048' in the command. Change to suit your needs. Answer all questions.

{{Cmd|openssl req -newkey rsa:2048 -x509 -keyout server.pem -out server.pem -days 365 -nodes}}

Adjust the permissions

{{Cmd|chmod 400 /etc/lighttpd/server.pem}}

==== Generate self-signed certificates with acf ====

Install the [[Alpine_Configuration_Framework_Design| ACF]]

{{Cmd|setup-acf}}

Copy the generated certificate to the lighttpd configuration directory.

{{Cmd|mv /etc/ssl/mini_httpd/server.pem /etc/lighttpd/server.pem}}

Adjust the permissions

{{Cmd|chown root:root /etc/lighttpd/server.pem}}
{{Cmd|chmod 400 /etc/lighttpd/server.pem}}

mini_http is no longer needed.

{{Cmd|/etc/init.d/mini_httpd stop && rc-update del mini_httpd}}

Removing the mini_http package

{{Cmd|apk del mini_httpd}}

=== redirecting HTTP to HTTPS ===

Any requests to the server via HTTP (TCP port 80 by default) will be redirected to HTTPS (port 443):

<pre>
## Ensure mod_redirect is enabled!
server.modules = (
"mod_redirect",
)

$SERVER["socket"] == ":80" {
$HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
}
</pre>

== More details ==

* [http://redmine.lighttpd.net/wiki/1/Docs:SSL Lighttpd documentation]

[[Category:Web Server]]
[[Category:Security]]

Lighttpd

2023-05-30T06:41:07Z

Arrogance:

Its name is a portmanteau of "light" and "httpd": [http://www.lighttpd.net/ lighttpd] is a simple, standards-compliant, secure, and flexible web server.

'''lighttpd is a powerful server, made long ago to handle upwards of 10,000 connections in parallel on one server'''. It was used in wikipedia server a log time ago and also some google services.

{{Note|As for minimal sites and quick-start purposes, it is recommended due to its easy configuration process and excellent performance without much configuration. Check https://w3techs.com/technologies/details/ws-lighttpd and note that it is used in high traffic and important sites like postgresql.org}}

== General information ==

{| class="wikitable"
|-
! Feature/Artifact !! Value/Name !! Observations
|-
| Main package name || lighttpd || <code><nowiki>apk add lighttpd</nowiki></code>
|-
| Manpages and DOCs packages || lighttpd-doc || <code><nowiki>apk add lighttpd-doc</nowiki></code>
|-
| Configuration file || {{Path|/etc/lighttpd/lighttpd.conf}} || A vanilla default configuration
|-
| Html place for system pages || {{Path|/var/www/localhost/htdocs/}} || Each web server in alpine has own path for that
|-
| Dynamic files (cache, extra) || {{Path|/var/lib/lighttpd/}} || Created dynamically, each server in alpine has own path for that
|-
| Log files (error, access, etc) || {{Path|/var/log/lighttpd/}} || Each web server in alpine has own path for that
|-
| User running the webserver || lighttpd || Others Linux used "www-data" alpine has as a group
|-
| Group to common to webserver || www-data || Used to share things amont others daemons or services, like redis or apache files
|-
| Programed on || C and lua || Main engine code in C, modules and config in Lua variants
|}

==== Important Limitations ====

Some common hosting panels do not handle {{Pkg|lighttpd}} configuration management.

No HTTP/3 support.

As we read previously.. main purpose was handle several request on one server, so are focused on high load.

As main front end web server are perfect and it's '''recommended as reverse proxy server for {{Pkg|apache2}} or {{Pkg|nginx}}'''.

== Install Lighttpd ==

The installation works just out of the box for only static pages, just with install you can see webserver in action by put any file inside the {{Path|/var/www/localhost/htdocs/}} directory.

Per user web files are supported by default in {{Path|/home/<user>/public_html}} directory by default if we enable it (process are described below in further section "Lighttpd configuration".

{{Pkg|lighttpd}} is available in the Alpine Linux repositories. To install, simple launch the commands below:

<pre>
<nowiki>
apk add lighttpd

rc-update add lighttpd default

rc-service lighttpd restart
</nowiki>
</pre>

== Testing Lighttpd ==

This section is assuming that lighttpd is running. If you now launch a web browser from a remote system and point it to your web server, you will see a page that says "404 - Not Found". Well, at the moment there is no content available but the server is up and running.

Let's add a simple test page to get rid of the "404 - Not Found page".

{{Cmd|echo "Lighttpd is running..." > /var/www/localhost/htdocs/index.html}}

'''For testing open a browser and go to <code><nowiki>http://127.0.0.1/</nowiki></code> and you will see "Lighttpd is running..."'''. Note that we used "127.0.0.1" if you are using alpine as the only machine for all as your main desktop/pc/machine.

If you are using alpine remotelly as web server and just install it the package, '''open a browser in your desktop machine, and go to <code><nowiki>http://<webserveripaddres>/</nowiki></code>. The "webserveripaddres" are the ip address of your setup/server machine.

== Lighttpd Configuration ==

'''If you just want to serve simple HTML pages lighttpd can be used out-of-box. No further configuration needed.'''

For production purposes the [[Production LAMP system: Lighttpd + PHP + MySQL]] wiki page will explain in details all the needs, there's the [[Production Lets Encrypt: dehydrated]] wiki page with futher information to use HTTPS and lets encrypt certificates.

Due to the minimalism of alpine linux, '''unfortunately the lighttpd packaging only provided vanilla configurations not close to alpine or easy admin maintenance''', see the [[Production LAMP system: Lighttpd + PHP + MySQL]] wiki page to goin in deep about configuring lighttpd web server.

==== Controlling Lighttpd ====

'''''Start lighttpd''''': After the installation {{Pkg|lighttpd}} is not running. As we made in first section was started already but if you want to start {{Pkg|lighttpd}} manually use:

{{Cmd|rc-service lighttpd start}}

You will get a feedback about the status.

<pre>
* Caching service dependencies [ ok ]
* Starting lighttpd... [ ok ]
</pre>

'''''Stop lighttpd''''': If you want to stop the web server use ''stop'' in the same way of previous command:

{{Cmd|rc-service lighttpd stop}}

'''''Restart lighttpd''''': After changing the configuration file lighttpd needs to be restarted.

{{Cmd|rc-service lighttpd restart}}

'''''Proper Runlevel''''': By default no services are added to start process, sysadmin must know what we want and what will services do, also other main reason are due in dockers there's no runlevels per se and Alpine linux are mostly used in dockers containers. You must added the servide only to the default runlevel, not to boot, because need networking activated

{{Cmd|rc-update add lighttpd default}}

= See Also =

In production web, LAMP means '''L'''inux + '''A'''pache + '''M'''ysql + '''P'''hp installed and integrated, but today the "A" of apache are more used as Nginx or Lighttpd, and the "M" of MySQL are more used as Mariadb, the LAMP focused documents are:

* [[Setting_Up_Lighttpd_with_PHP|Setting Up Lighttpd with PHP]]
* [[Lighttpd Advanced security]]

[[Category:Web_Server]]
[[Category:Development]]

Nginx

2023-05-30T06:38:43Z

Arrogance:

[https://nginx.org/en/ Nginx] (engine x) is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server

== Installation ==
Nginx package is available in the Alpine Linux repositories. To install it run:

{{Cmd|apk update
apk add nginx}}

Creating new user and group 'www' for nginx
{{Cmd|adduser -D -g 'www' www}}

Create a directory for html files
{{Cmd|mkdir /www
chown -R www:www /var/lib/nginx
chown -R www:www /www
}}

== Configuration ==
You may want to make backup of original nginx.conf file before writting your own
{{Cmd|mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig}}

Configuring Nginx to listen to port 80 and process .html or .htm files
{{Cmd|vi /etc/nginx/nginx.conf}}
<pre>
user www;
worker_processes auto; # it will be determinate automatically by the number of core

error_log /var/log/nginx/error.log warn;
#pid /var/run/nginx/nginx.pid; # it permit you to use /etc/init.d/nginx reload|restart|stop|start

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
access_log /var/log/nginx/access.log;
keepalive_timeout 3000;
server {
listen 80;
root /www;
index index.html index.htm;
server_name localhost;
client_max_body_size 32m;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
}
}
</pre>

== Sample page ==
{{Cmd|vi /www/index.html}}
<pre>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>HTML5</title>
</head>
<body>
Server is online
</body>
</html>
</pre>

== Controlling nginx ==

=== Start Nginx ===
After the installation Nginx is not running. To start Nginx, use ''start''.
{{Cmd|rc-service nginx start}}

You will get a feedback about the status.
<pre>
* Caching service dependencies ... [ ok ]
* /run/nginx: creating directory
* /run/nginx: correcting owner
* Starting nginx ... [ ok ]
</pre>

=== Test configuration ===
When you've made any changes to your nginx configuration files, you should check it for errors before restarting/reloading nginx. 
This will check for any duplicate configuration, syntax errors etc. To do this, run:
{{Cmd|nginx -t}}

You will get a feedback if it failed or not. If everything is fine, you'll see the following and can then move ahead to reload the nginx server.
<pre>
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
</pre>

=== Reload and Restart Nginx ===
Changes made in the configuration file will not be applied until the command to reload configuration is sent to nginx or it is restarted. 
Reloading will do a "hot reload" of the configuration without server downtime. It will start the new worker processes with a new configuration and gracefully shutdown the old worker processes. If you have pending requests, then these will be handled by the old worker processes before it dies, so it's an extremely graceful way to reload configs.
If you want to reload the web server, use ''reload''.
{{Cmd|rc-service nginx reload}}
If you want to restart the web server, use ''restart''.
{{Cmd|rc-service nginx restart}}

=== Stop Nginx ===
If you want to stop the web server, use ''stop''.
{{Cmd|rc-service nginx stop}}

=== Runlevel ===
Normally you want to start the web server when the system is launching. This is done by adding Nginx to the needed runlevel.
{{Cmd|rc-update add nginx default}}

Now Nginx should start automatically when you boot your machine next time. To test that run:
{{cmd|reboot}}

To make sure that Nginx is started run:
{{cmd|<nowiki>ps aux | grep nginx</nowiki>}}

You should get something like this:
<pre>
263 root 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
264 www 0:00 nginx: worker process
310 root 0:00 grep nginx
</pre>

== Testing Nginx ==
This section is assuming that nginx is running and sample html page "/www/index.html" is created. Launch a web browser and point it to your web server.
You should get:
<pre>Server is online</pre>

== Troubleshooting ==
If Nginx is not started check Nginx log file
{{cmd|less /var/log/nginx/error.log}}

Make sure that configuration file does not contain errors. Edit the file in case there are any errors.
{{cmd|nginx -t
vi /etc/nginx/nginx.conf}}

== Nginx with PHP ==

[[Nginx_with_PHP#Configuration_of_PHP5|Setting Up Nginx with PHP5]] 
[[Nginx_with_PHP#Configuration_of_PHP7|Setting Up Nginx with PHP7]] 
[[Nginx_as_reverse_proxy_with_acme_(letsencrypt)|Setting Up Nginx as Reverse Proxy with acme (Let's Encrypt)]]

[[Category:Web Server]]

Darkhttpd

2023-05-30T06:37:31Z

Arrogance:

Darkhttpd is a simple, fast HTTP 1.1 web server for static content. It does not support PHP or CGI etc but is designed to serve static content, which it does very well. Darkhttpd would be an excellent alternative to [[Lighttpd]] for [[How to setup a Alpine Linux mirror|running an Alpine mirror]]

For a full list of features see the [http://unix4lyfe.org/darkhttpd/ darkhttpd homepage]

= Install =

{{Cmd|apk add darkhttpd}}

= Configure =

Default location of files to serve: {{Path|/var/www/localhost/htdocs}}

Default log path: {{Path|/var/log/darkhttpd/access.log}}

There's no configuration file for {{Pkg|darkhttpd}}, everything is controlled from the command line or in our case the OpenRC init file, which is stored in {{Path|/etc/init.d/darkhttpd}} and by default looks like this:

<pre>
#! /sbin/runscript

description="darkhttpd web server"
command="/usr/bin/darkhttpd"
command_args="${document_root:-/var/www/localhost/htdocs} --chroot --daemon --uid darkhttpd --gid www-data --log /var/log/darkhttpd/access.log"
procname="darkhttpd"
pidfile=""
stopsig="SIGTERM"
</pre>

So by default we will serve pages from {{Path|/var/www/localhost/htdocs}} and darkhttpd will run as a background daemon, [https://en.wikipedia.org/wiki/Chroot chrooted] to {{Path|/var/www/localhost/htdocs}} with a user of <code>darkhttpd</code> and group of <code>www-data</code>.
Logs will go to {{Path|/var/log/darkhttpd/access.log}}.
The default values have been chosen to provide sane, secure settings.

Change any of these values as you see fit, but it's a good idea to backup the file before making changes.

For a full list of available options, run: {{Cmd|darkhttpd}}

and amend the <code>command_args</code> line as you see fit.
For example, you might wish to serve files from {{Path|/var/files}} instead, so you can edit the {{Path|/etc/init.d/darkhttpd}} file with an editor of your choice (vi, nano, vim or whatever) and make it like so:

<pre>
#! /sbin/runscript

description="darkhttpd web server"
command="/usr/bin/darkhttpd"
command_args="/var/files --chroot --daemon --uid darkhttpd --gid www-data --log /var/log/darkhttpd/access.log"
procname="darkhttpd"
pidfile=""
stopsig="SIGTERM"
</pre>

= Use =

Filesharing is made easy; simply add your files under the server root, by default {{Path|/var/www/localhost/htdocs}}

== Test ==

Create a test page under the server root, by default {{Path|/var/www/localhost/htdocs}}

{{Cmd|echo "this is a test page" > /var/www/localhost/htdocs/index.html}}

{{Note| You don't have to create a test page; in a working environment darkhttpd will generate a directory listing if no index page is found.}}

Start the daemon: {{Cmd|rc-service darkhttpd start}}

Output should be something like this:
<pre>
* Starting darkhttpd ...
darkhttpd/1.9, copyright (c) 2003-2013 Emil Mikulic.
listening on: http://0.0.0.0:80/
chrooted to `/var/www/localhost/htdocs'
set gid to 82
set uid to 100
</pre>
Now point a browser to your darkhttpd server and you should get the index page, or a directory listing if you didn't create an index page.

Check the logfile: {{Cmd|tail /var/log/darkhttpd/access.log}}

== Controlling darkhttpd status ==

Stop, start and restart the daemon in the usual fashion:
{{Cmd|rc-service darkhttpd start}}

{{Cmd|rc-service darkhttpd stop}}

{{Cmd|rc-service darkhttpd restart}}

== Auto-start darkhttpd at boot ==

To add the daemon to the default runlevel so it auto-starts at boot, do: {{Cmd|rc-update add darkhttpd}}

= Troubleshooting =

* When restarting the daemon you may see an error message:
<pre>
Stopping darkhttpd ...
/lib/rc/sh/runscript.sh: line 202: can't create /sys/fs/cgroup/openrc/darkhttpd/tasks: nonexistent directory
Starting darkhttpd ...
</pre>

This error message appears to be benign and of no consequence so can be ignored. I can only replicate this error on a VMWare vSphere client.

* If the daemon will not start, ensure you haven't made a syntax error in the init script.

* Ensure the daemon is running with {{Cmd|rc-status}}

* Make use of the logs to check it is receiving requests. To do this, run {{Cmd|tail -f /var/log/darkhttpd/access.log}} and then send requests to the web server. If darkhttpd is receiving the requests, lines will be logged. If you don't see these lines, perhaps a firewall rule is blocking access to the server or there is a routing issue somewhere?
Use 'Ctrl C' to exit back to the prompt when finished testing.

= man darkhttpd =
<pre>
darkhttpd/1.12, copyright (c) 2003-2016 Emil Mikulic.
usage: darkhttpd /path/to/wwwroot [flags]

flags: --port number (default: 8080, or 80 if running as root)
Specifies which port to listen on for connections.
Pass 0 to let the system choose any free port for you.

--addr ip (default: all)
If multiple interfaces are present, specifies
which one to bind the listening port to.

--maxconn number (default: system maximum)
Specifies how many concurrent connections to accept.

--log filename (default: stdout)
Specifies which file to append the request log to.

--chroot (default: don't chroot)
Locks server into wwwroot directory for added security.

--daemon (default: don't daemonize)
Detach from the controlling terminal and run in the background.

--index filename (default: index.html)
Default file to serve when a directory is requested.

--no-listing
Do not serve listing if directory is requested.

--mimetypes filename (optional)
Parses specified file for extension-MIME associations.

--default-mimetype string (optional, default: application/octet-stream)
Files with unknown extensions are served as this mimetype.

--uid uid/uname, --gid gid/gname (default: don't privdrop)
Drops privileges to given uid:gid after initialization.

--pidfile filename (default: no pidfile)
Write PID to the specified file. Note that if you are
using --chroot, then the pidfile must be relative to,
and inside the wwwroot.

--no-keepalive
Disables HTTP Keep-Alive functionality.

--forward host url (default: don't forward)
Web forward (301 redirect).
Requests to the host are redirected to the corresponding url.
The option may be specified multiple times, in which case
the host is matched in order of appearance.

--forward-all url (default: don't forward)
Web forward (301 redirect).
All requests are redirected to the corresponding url.

--no-server-id
Don't identify the server type in headers
or directory listings.

--ipv6
Listen on IPv6 address.
</pre>

[[Category:Web Server]]

Template talk:Delete

2023-05-30T06:05:06Z

Arrogance:

It might help admins to delete pages better (or others to fix the articles / contest their deletion) if this template included a category. <nowiki><includeonly>[[Category:Articles for deletion]]</includeonly></nowiki>, for example. I'd add it myself, but for some reason it's been made admin-only.[[User:Arrogance|Arrogance]] ([[User talk:Arrogance|talk]]) 04:04, 30 May 2023 (UTC)

: Like this? https://wiki.alpinelinux.org/wiki/Special:WhatLinksHere/Template:Delete [[User:Bbbhltz|bbbhltz]] ([[User talk:Bbbhltz|talk]]) 05:25, 30 May 2023 (UTC)
::No. Lots of pages can potentially link to a template without using it, or needing to be deleted. It also makes it easier to parse with tools. [[User:Arrogance|Arrogance]] ([[User talk:Arrogance|talk]]) 06:03, 30 May 2023 (UTC)

Template talk:Delete

2023-05-30T06:03:28Z

Arrogance:

It might help admins to delete pages better (or others to fix the articles / contest their deletion) if this template included a category. <nowiki><includeonly>[[Category:Articles for deletion]]</includeonly></nowiki>, for example. I'd add it myself, but for some reason it's been made admin-only.[[User:Arrogance|Arrogance]] ([[User talk:Arrogance|talk]]) 04:04, 30 May 2023 (UTC)

: Like this? https://wiki.alpinelinux.org/wiki/Special:WhatLinksHere/Template:Delete [[User:Bbbhltz|bbbhltz]] ([[User talk:Bbbhltz|talk]]) 05:25, 30 May 2023 (UTC)
::No. Lots of pages can potentially link to a template without using it, or needing to be deleted. [[User:Arrogance|Arrogance]] ([[User talk:Arrogance|talk]]) 06:03, 30 May 2023 (UTC)

GNOME

2023-05-30T05:05:58Z

Arrogance:

= Prerequisites =

* [[Installation|Install]] AlpineLinux
* [[Setting_up_a_new_user#Creating_a_new_user|Create a user account]] (optional but recommended)
* [[Repositories#Enabling_the_community_repository|Enable the Community repository]]
* [[Alpine_setup_scripts#setup-xorg-base|Install Xorg]] (no longer needed if installing GNOME through "setup-desktop")

{{Note|[[Wayland]] can be used but may be less stable and GNOME may still require Xorg}}

= Installing packages =

Install basic desktop system and gnome packages.
{{Cmd|# setup-desktop gnome}}

It will take care of installing the basic packages and setting up the display manager.

If you want, you can install additional GNOME apps for a more complete GNOME experience with:
{{Cmd|# apk add gnome-apps-extra}}

And even all of GNOME games with:
{{Cmd|# apk add gnome-games-collection}}

= Enabling terminal apps =
If you want to use the gnome-terminal/other terminal applications you will need to install bash. If you want a typical bash setup also enable bash completion:
{{cmd|# apk add bash}}
{{cmd|# apk add bash-completion}}

= Enabling GNOME Shell screen recording =
For the embedded screen recording in GNOME Shell to work, you will need some additional packages: {{cmd|# apk add pipewire wireplumber gst-plugin-pipewire}}

= Enabling GNOME Software =
For GNOME Software to be able to manage APK packages, it needs the <code>apk-polkit-server</code> service working. To enable it and start it up:
{{cmd|# rc-update add apk-polkit-server default && rc-service apk-polkit-server start}}

= Troubleshooting =
If GDM does not start with no logs generated at /var/log/gdm, try setting up udev: {{cmd|# setup-devd udev}}

If you are unable to log in, check /var/log/gdm/greeter.log, there may be info there from X that indicates failed modules, etc.

If logging in from GDM kicks you back to the login screen, try {{cmd|# apk add bash}} (bug report: #10953 sorry cannot link yet)

If GNOME Terminal doesn't start, add the following to /etc/locale.conf: LANG=en_US.UTF-8 and reboot.

If the on-screen keyboard shows up in GDM after installing other UIs such as Phosh, you need to disable it by opening the Accessibility menu (top right) when you are in the GDM login screen. You can disable the on-screen keyboard there. Or set <code>org.gnome.desktop.a11y.applications screen-keyboard-enabled</code> to <code>false</code> for the <code>gdm</code> user with <code>dconf</code>

[[Category:Desktop]]
[[Category:Desktop Environments]]

Gnome

2023-05-30T05:04:20Z

Arrogance: Arrogance moved page Gnome to GNOME: The proper name is ALLCAPS

#REDIRECT [[GNOME]]

GNOME

2023-05-30T05:04:20Z

Arrogance: Arrogance moved page Gnome to GNOME: The proper name is ALLCAPS

= Prerequisites =

* [[Installation|Install]] AlpineLinux
* [[Setting_up_a_new_user#Creating_a_new_user|Create a user account]] (optional but recommended)
* [[Repositories#Enabling_the_community_repository|Enable the Community repository]]
* [[Alpine_setup_scripts#setup-xorg-base|Install Xorg]] (no longer needed if installing GNOME through "setup-desktop")

{{Note|[[Wayland]] can be used but may be less stable and Gnome may still require Xorg}}

= Installing packages =

Install basic desktop system and gnome packages.
{{Cmd|# setup-desktop gnome}}

It will take care of installing the basic packages and setting up the display manager.

If you want, you can install additional GNOME apps for a more complete GNOME experience with:
{{Cmd|# apk add gnome-apps-extra}}

And even all of GNOME games with:
{{Cmd|# apk add gnome-games-collection}}

= Enabling terminal apps =
If you want to use the gnome-terminal/other terminal applications you will need to install bash. If you want a typical bash setup also enable bash completion:
{{cmd|# apk add bash}}
{{cmd|# apk add bash-completion}}

= Enabling GNOME Shell screen recording =
For the embedded screen recording in GNOME Shell to work, you will need some additional packages: {{cmd|# apk add pipewire wireplumber gst-plugin-pipewire}}

= Enabling GNOME Software =
For GNOME Software to be able to manage APK packages, it needs the <code>apk-polkit-server</code> service working. To enable it and start it up:
{{cmd|# rc-update add apk-polkit-server default && rc-service apk-polkit-server start}}

= Troubleshooting =
If GDM does not start with no logs generated at /var/log/gdm, try setting up udev: {{cmd|# setup-devd udev}}

If you are unable to log in, check /var/log/gdm/greeter.log, there may be info there from X that indicates failed modules, etc.

If logging in from GDM kicks you back to the login screen, try {{cmd|# apk add bash}} (bug report: #10953 sorry cannot link yet)

If GNOME Terminal doesn't start, add the following to /etc/locale.conf: LANG=en_US.UTF-8 and reboot.

If the on-screen keyboard shows up in GDM after installing other UIs such as Phosh, you need to disable it by opening the Accessibility menu (top right) when you are in the GDM login screen. You can disable the on-screen keyboard there. Or set <code>org.gnome.desktop.a11y.applications screen-keyboard-enabled</code> to <code>false</code> for the <code>gdm</code> user with <code>dconf</code>

[[Category:Desktop]]
[[Category:Desktop Environments]]

Dynamic Multipoint VPN (DMVPN) Phase 3 with Quagga NHRPd

2023-05-30T05:01:47Z

Arrogance:

{{merge|Dynamic Multipoint VPN (DMVPN)}}
{{TOC right}}

= THIS DOC IS STILL A DRAFT =

= Overview =
This is a follow-up of the most famous document [http://wiki.alpinelinux.org/wiki/Dynamic_Multipoint_VPN_(DMVPN)],
since opennhrp has been rewritten as quagga plugin [1], supporting interoperability with new Cisco's FlexVPN and Strongswan.

This NHRP implementation has some limits yet (Multicast is not ready, so you need to use BGP rather than OSPF), though is usable in a production environment.

{{Note|This document assumes that all Alpine installations are run in [[Installation#Basics|diskless mode]] and that the configuration is saved on USB key}}

This How-To will show you how to configure a DMVPN solution with this key items:

.1 VPN setup with Strongswan with PSK for the authentication (same PSK between all of the spokes and hub)

.2 DMVPN setup with quagga.nhrpd;

.3 iBGP used for announce LAN subnet

.4 Awall rules to allow NHRP shortcuts between spokes

The goal is making private network of spoke's nodes and hub to communicate each other over VPN created dynamically.
Routes are learned via BGP, and hte IPSEC VPN is authenticated via PSK.

The logical setup is configured as shown:

= Terminology =
;NBMA: ''Non-Broadcast Multi-Access'' network as described in [http://tools.ietf.org/html/rfc2332 RFC 2332]

;Hub: the ''Next Hop Server'' (NHS) performing the Next Hop Resolution Protocol service within the NBMA cloud.

;Spoke: the ''Next Hop Resolution Protocol Client'' (NHC) which initiates NHRP requests of various types in order to obtain access to the NHRP service.

= Hardware =

For supporting VIA Padlock engine enable its modules:

{{Cmd|echo -e "padlock_aes\npadlock-sha" >> /etc/modules}}

= Alpine Installation =

Follow the instructions on http://wiki.alpinelinux.org/wiki/Create_a_Bootable_USB about how to create a bootable USB.

= Spoke Nodes =

== Spoke Node 1 ==

== Networking ==

We're going to setup the spoke node 1 as follow:

{|class="wikitable"
!'''Host'''
!'''Interface'''
!'''Description'''
!'''Subnet'''
|-
|rowspan="3"|Spoke 1
|eth0
|Internet
|DHCP
|-
|eth1
|LAN
|192.168.10.0/24
|-
|gre1
|Tunnel
|172.16.1.1
|-
|rowspan="3"|Spoke 2
|eth0
|Internet
|DHCP
|-
|eth1
|LAN
|192.168.20.0/24
|-
|gre1
|Tunnel
|172.16.2.1
|-
|rowspan="3"|Spoke 3
|eth0
|Internet
|90.100.150.200
|-
|eth1
|LAN
|192.168.30.0/24
|-
|gre1
|Tunnel
|172.16.3.1
|-
|}

With your favorite editor open <code>/etc/network/interfaces</code> and add interfaces:

{{cat|/etc/network/interfaces|
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
}}

== SSH ==
Remove password authentication and DNS reverse lookup:

{{Cmd|sed -i "s/.PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
sed -i "s/.UseDNS yes/UseDNS no/" /etc/ssh/sshd_config}}

Restart ssh:
{{Cmd|/etc/init.d/sshd restart}}

== GRE Tunnel ==
With your favorite editor open <code>/etc/network/interfaces</code> and add the following:

{{cat|/etc/network/interfaces|<nowiki>
auto gre1
iface gre1 inet static
pre-up ip tunnel add gre1 mode gre key 42 ttl 64 dev eth0 || true
address 172.16.1.1
netmask 255.255.255.255
post-down ip tunnel del $IFACE || true
</nowiki>}}

Bring up the new <code>gre1</code> interface:

{{Cmd|ifup gre1}}

== IPSEC ==
Install package(s):

{{Cmd|apk add strongswan
}}

{{cat|/etc/swanctl/swanctl.conf|<nowiki>
connections {
dmvpn {
version = 2
pull = no
mobike = no
dpd_delay = 15
dpd_timeout = 30
fragmentation = yes
unique = replace
rekey_time = 4h
reauth_time = 13h
proposals = aes256-sha512-ecp384
local {
auth = psk
id = spoke1
}
remote {
auth = psk
}
children {
dmvpn {
esp_proposals = aes256-sha512-ecp384
local_ts = dynamic[gre]
remote_ts = dynamic[gre]
inactivity = 90m
rekey_time = 100m
mode = transport
dpd_action = clear
reqid = 1
}
}
}
}
</nowiki>}}

{{cat|/etc/ipsec.secrets|
# /etc/ipsec.secrets - strongSwan IPsec secrets file

%any : PSK "cisco12345678987654321"
}}

Start service(s):

{{Cmd|/etc/init.d/charon start
rc-update add charon}}

== Routing ==

This section will configure the routing protocol suite quagga patched with NHRP support.

{{Cmd|apk add quagga-nhrp
touch /etc/quagga/zebra.conf /etc/quagga/bgpd.conf /etc/quagga/nhrpd.conf}}}

Fix permissions:
{{Cmd|chown -R quagga:quagga /etc/quagga}}}

Start all the daemons:

{{Cmd|/etc/init.d/zebra start
/etc/init.d/bgpd start
/etc/init.d/nhrpd start
}}

Configure it to start from boot:
{{Cmd|rc-update add zebra nhrpd bgpd}}

Now we're going to configure it with <code>vtysh</code> cli:

{{Cmd|vtysh

configure terminal
log syslog
debug nhrp common

router bgp 65000
bgp router-id 172.16.1.1
network 192.168.10.0/24
neighbor spokes-ibgp peer-group
neighbor spokes-ibgp remote-as 65000
neighbor spokes-ibgp ebgp-multihop 1
neighbor spokes-ibgp disable-connected-check
neighbor spokes-ibgp advertisement-interval 1
neighbor spokes-ibgp next-hop-self
neighbor spokes-ibgp soft-reconfiguration inbound
neighbor 172.16.0.1 peer-group spokes-ibgp
exit

nhrp nflog-group 1
interface gre1
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 50.60.70.80
ip nhrp registration no-unique
ip nhrp shortcut
ipv6 nd suppress-ra
no link-detect
tunnel protection vici profile dmvpn
tunnel source eth0
exit
write mem
}}

= Hub Node =

We will document only what changes from the Spoke node setup.

== Networking ==

The NHS (Hub) has the following settings:

{|class="wikitable"
!'''Host'''
!'''Interface'''
!'''Description'''
!'''Subnet'''
|-
|rowspan="2"|Hub
|eth0
|Internet
|50.60.70.80
|-
|eth1
|LAN
|192.168.1.0/24
|}

With your favorite editor open <code>/etc/network/interfaces</code> and add interfaces:

{{cat|/etc/network/interfaces|
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 50.60.70.80
netmask 255.255.255.0
gateway 50.60.70.1

auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
}}

== GRE Tunnel ==
With your favorite editor open <code>/etc/network/interfaces</code> and add the following:

{{cat|/etc/network/interfaces|<nowiki>
auto gre1
iface gre1 inet static
pre-up ip tunnel add gre1 mode gre key 42 ttl 64 dev eth0 || true
address 172.16.0.1
netmask 255.255.255.255
post-down ip tunnel del $IFACE || true
</nowiki>}}

Bring up the new gre1 interface:

{{Cmd|ifup gre1}}

== Routing ==

Again, routing is configured directly with <code>vtysh</code>

{{Cmd|vtysh

configure terminal
log syslog
debug nhrp common

router bgp 65000
bgp router-id 172.16.0.1
bgp deterministic-med
network 172.16.0.0/16
redistribute nhrp
neighbor spokes-ibgp peer-group
neighbor spokes-ibgp remote-as 65000
neighbor spokes-ibgp ebgp-multihop 1
neighbor spokes-ibgp disable-connected-check
neighbor spokes-ibgp route-reflector-client
neighbor spokes-ibgp next-hop-self all
neighbor spokes-ibgp advertisement-interval 1
neighbor spokes-ibgp soft-reconfiguration inbound
neighbor 172.16.1.1 peer-group spokes-ibgp
exit

interface gre1
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 50.60.70.80
ip nhrp registration no-unique
ip nhrp shortcut
ipv6 nd suppress-ra
no link-detect
tunnel protection vici profile dmvpn
tunnel source eth0
exit
write mem
}}

Add the lines <code>neighbor %Spoke1_GRE_IP%...</code> for each spoke node you have.
For instance, if you want to add spoke node with gre1 address 172.16.3.1:

{{Cmd|vtysh
conf t
router bgp 65000
neighbor 172.16.3.1 peer-group spokes-ibgp
exit
write mem
}}

== Awall ==

Differently from DMVPN Phase 2, in the Phase 3 DMVPN the HUB is the default gateway for all the spokes, then the spokes are able to communicate directly each other by means of NHRP redirects.

(For a good explanation of the differences between Phase 1, Phase 2 and Phase 3 DMVPN, see http://blog.ine.com/2008/12/23/dmvpn-phase-3/).

This is implemented by sending traffic indication notifications with iptables nflog.

This is the complete firewall configuration for the HUB, using Alpine Firewall Framework, Awall [http://wiki.alpinelinux.org/wiki/Alpine_Wall].

With your favorite editor open <code>/etc/awall/optional/zones.json</code>:

{{cat|/etc/awall/optional/zones.json|<nowiki>

{
"description": "Zones - zone definition for management",

"variable": {
"SUBNETS": [ "192.168.0.0/16", "172.16.0.0/16" ]
},

"zone": {
"DMVPN": { "addr": "$SUBNETS" }
}
}
</nowiki>}}

Now, create <code>/etc/awall/optional/inet.json</code>:

{{cat|/etc/awall/optional/inet.json|<nowiki>
{
"description": "Internet - Host Management (rate limited)",

"zone": {
"INET": { "iface": "eth0" }
},

"policy": [
{ "in": "INET", "action": "drop" }
],

"filter": [
{
"in": "INET",
"out": "_fw",
"service": "ping",
"action": "accept",
"flow-limit": { "count": 10, "interval": 6 }
},
{
"in": "INET",
"out": "_fw",
"service": "ssh",
"action": "accept",
"conn-limit": { "count": 3, "interval": 60 }
},
{
"in": "_fw",
"out": "INET",
"service": [ "dns", "http", "ntp" ],
"action": "accept"
},
{
"in": "_fw",
"service": [ "ping", "ssh" ],
"action": "accept"
}
]
}
</nowiki>}}

Now, the DMVPN rule:

{{cat|/etc/awall/optional/dmvpn.json|<nowiki>
{
"description": "DMVPN specific rules",

"import": [ "inet", "zones" ],

"variable": {
"HUB": true
},

"policy": [
{ "in": "DMVPN", "out": "DMVPN", "action": "accept" }
],

"zone": {
"DMVPN": { "iface": "gre1", "addr": "$SUBNETS", "route-back": "$HUB" }
},

"filter": [
{ "in": "INET", "out": "_fw", "service": "ipsec", "action": "accept" },
{ "in": "_fw", "out": "INET", "service": "ipsec", "action": "accept" },
{
"in": "INET",
"out": "_fw",
"ipsec": "in",
"service": "gre",
"action": "accept"
},
{
"in": "_fw",
"out": "INET",
"ipsec": "out",
"service": "gre",
"action": "accept"
},

{ "in": "_fw", "out": "DMVPN", "service": "bgp", "action": "accept" },
{ "in": "DMVPN", "out": "_fw", "service": "bgp", "action": "accept"},
{ "out": "INET", "dest": "$SUBNETS", "action": "reject" }
]
}
</nowiki>}}

Management interface allowed traffic:

{{cat|/etc/awall/optional/management.json|<nowiki>
{
"description": "Host Management (ssh, https, ping)",

"import": [ "zones" ],

"policy": [
{ "in": "DMVPN", "out": "_fw", "action": "reject" }
],

"filter": [
{
"in": "DMVPN",
"out": "_fw",
"service": [ "ping", "ssh", "https", "bgp" ],
"action": "accept"
},
{
"in": "_fw",
"out": "DMVPN",
"service": [ "ping", "ssh", "http", "http-alt", "https", "dns", "ntp" ],
"action": "accept"
}
]
}
</nowiki>}}

NHRP redirects rule:

{{cat|/etc/awall/optional/vpnredirect.json|<nowiki>
{
"description": "NHRP Traffic Indication Probe",

"log": {
"dmvpn": {
"mode": "nflog",
"group": 1,
"range": 128,
"limit": {
"count": 6,
"interval": 60,
"mask": {
"inet": { "src": 16, "dest": 16 },
"inet6": { "src": 48, "dest": 48 }
}
}
}
},

"packet-log": [ { "in": "DMVPN", "out": "DMVPN", "log": "dmvpn" } ]
}
</nowiki>}}

Enable awall rules:

{{Cmd|awall enable zones
awall enable inet
awall enable dmvpn
awall enable vpnredirect
}}

Apply awall rules:

{{Cmd|awall activate -f
}}

== IPSEC ==
Install package(s):

{{Cmd|apk add strongswan
}}

{{cat|/etc/swanctl/swanctl.conf|<nowiki>

connections {
dmvpn {
version = 2
pull = no
mobike = no
dpd_delay = 15
dpd_timeout = 30
fragmentation = yes
unique = replace
rekey_time = 4h
reauth_time = 13h
proposals = aes256-sha512-ecp384
local {
auth = psk
id = hub
}
remote {
auth = psk
}
children {
dmvpn {
esp_proposals = aes256-sha512-ecp384
local_ts = dynamic[gre]
remote_ts = dynamic[gre]
inactivity = 90m
rekey_time = 100m
mode = transport
dpd_action = clear
reqid = 1
}
}
}
}
</nowiki>}}

{{cat|/etc/ipsec.secrets|
# /etc/ipsec.secrets - strongSwan IPsec secrets file

%any : PSK "cisco12345678987654321"
}}

Start service(s):

{{Cmd|/etc/init.d/charon start
rc-update add charon}}

Now, test if it works.
In this example, spoke 1 tries to connect to spoke 3, who announces his subnet 192.168.30.0/24 via iBGP, the gre1 address is 172.16.3.1 and the public ip address is 90.100.150.200.

The first traffic goes from through the HUB.

{{Cmd|spoke1:~/root# traceroute -n 192.168.30.1
traceroute to 192.168.30.1 (192.168.30.1), 30 hops max, 38 byte packets
1 172.16.0.1 0.664 ms 0.461 ms 0.457 ms
2 192.168.30.1 0.907 ms 0.776 ms 0.771 ms
}}

Then, once the VPN is created, the traffic goes directly to the spoke node.

{{Cmd|spoke1:~/root# traceroute -n 192.168.30.1
traceroute to 192.168.30.1 (192.168.30.1), 30 hops max, 38 byte packets
1 192.168.30.1 0.456 ms 0.385 ms 0.357 ms
}}

With <code>ipsec --status-all</code> you can see alle the VPNs created:

{{Cmd|spoke1:~/root# ipsec statusall<nowiki>
Status of IKE charon daemon (strongSwan 5.3.2, Linux 3.18.20-1-grsec, i686):
uptime: 9 days, since Aug 28 14:22:27 2015
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 28
loaded plugins: charon random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac curl sqlite attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp unity
Listening IP addresses:
192.168.10.1
172.17.50.1
172.16.1.1
Connections:
dmvpn: %any...%any IKEv2, dpddelay=15s
dmvpn: local: [spoke1] uses pre-shared key authentication
dmvpn: remote: uses pre-shared key authentication
dmvpn: child: dynamic[gre] === dynamic[gre] TRANSPORT, dpdaction=clear
Security Associations (3 up, 0 connecting):
dmvpn[121]: ESTABLISHED 4 seconds ago, 172.17.50.1[spoke1]...90.100.150.200[spoke3]
dmvpn[121]: IKEv2 SPIs: c770729967ea636c_i 0de8ffedbe32f21c_r*, rekeying in 3 hours, pre-shared key reauthentication in 12 hours
dmvpn[121]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_384
dmvpn{187}: INSTALLED, TRANSPORT, reqid 1, ESP in UDP SPIs: c132e6c3_i c49ae122_o
dmvpn{187}: AES_CBC_256/HMAC_SHA2_512_256, 469 bytes_i (6 pkts, 2s ago), 326 bytes_o (6 pkts, 2s ago), rekeying in 90 minutes
dmvpn{187}: 172.17.50.1/32[gre] === 90.100.150.200/32[gre]
dmvpn[120]: ESTABLISHED 8 seconds ago, 172.17.50.1[spoke1]...90.100.150.200[spoke3]
dmvpn[120]: IKEv2 SPIs: 46f81c8ec9a4b753_i* f768298b31ebe4da_r, rekeying in 3 hours, pre-shared key reauthentication in 11 hours
dmvpn[120]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_384
dmvpn{186}: INSTALLED, TRANSPORT, reqid 1, ESP in UDP SPIs: cad2c1c9_i cd5a287c_o
dmvpn{186}: AES_CBC_256/HMAC_SHA2_512_256, 74 bytes_i (1 pkt, 2s ago), 46 bytes_o (1 pkt, 2s ago), rekeying in 91 minutes
dmvpn{186}: 172.17.50.1/32[gre] === 90.100.150.200/32[gre]
dmvpn[119]: ESTABLISHED 2 hours ago, 172.17.50.1[spoke1]...50.60.70.80[hub]
dmvpn[119]: IKEv2 SPIs: 0e999ad802ced9cc_i* 6eaa469463601437_r, rekeying in 84 minutes, pre-shared key reauthentication in 8 hours
dmvpn[119]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_384
dmvpn{185}: INSTALLED, TRANSPORT, reqid 1, ESP in UDP SPIs: c84d6035_i cb72cd30_o
dmvpn{185}: AES_CBC_256/HMAC_SHA2_512_256, 35764 bytes_i (473 pkts, 0s ago), 38266 bytes_o (384 pkts, 0s ago), rekeying in 46 minutes
dmvpn{185}: 172.17.50.1/32[gre] === 50.60.70.80/32[gre]
</nowiki>}}

= See also =
* [[Dynamic Multipoint VPN (DMVPN)]]
* [[Setup of DMVPN on Alpine linux]]

[[category: VPN]]

Alpine mini

2023-05-30T04:42:04Z

Arrogance:

{{obsolete|See notice on [[Alpine Security and Rescue]]}}
Alpine Mini contains only a very limited set of packages.

== Basics ==

{| cellpadding="5" border="1" class="wikitable"
|-
! Name
! Description
! URL
|-
| alpine-base
| Alpine base package
| http://alpinelinux.org
|-
| alpine-mirrors
| Alpine base package
| http://alpinelinux.org
|-
| bkeymaps
| Binary keymaps for busybox
| http://dev.alpinelinux.org/alpine/bkeymaps
|}

== Tools ==

{| cellpadding="5" border="1" class="wikitable"
|-
! Name
! Description
! URL
|-
| network-extras
| Meta package to pull in vlan, bonding, bridge and wifi support
| http://alpinelinux.org
|-
| openssl
| Toolkit for SSL v2/v3 and TLS v1
| http://openssl.org/
|-
| tzdata
| Timezone data
| http://www.twinsun.com/tz/tz-link.htm
|}

[[Category:ISO]]

User:Arrogance

2023-05-30T04:39:42Z

Arrogance:

Useful links:

* [[Special:RandomPage]]
* [[Special:AllPages]]

Template talk:Delete

2023-05-30T04:04:29Z

Arrogance: Created page with "It might help admins to delete pages better (or others to fix the articles / contest their deletion) if this template included a category. <nowiki><includeonly>Category:Articles for deletion</includeonly></nowiki>, for example. I'd add it myself, but for some reason it's been made admin-only.~~~~"

Abuild and Helpers

2023-05-30T03:49:19Z

Arrogance:

The abuild package provides scripts you need when creating packages for Alpine Linux. The abuild package and its friends are installed automatically along with the <tt>alpine-sdk</tt> package.

{{Cmd|apk add alpine-sdk}}

The [https://git.alpinelinux.org/cgit/abuild/tree/ git repository] always contains the latest version of the scripts, example-files, and makefiles.

== Building and maintaining packages ==

=== abuild ===
{{:Include:Abuild}}

=== abuild-rootbld ===
{{:Include:AbuildRootBld}}

=== abump ===
{{:Include:Abump}}

=== apkgrel ===

If you want to bump or reset the pkgrel value of your APKBUILD or test your APKBUILD files, <tt>apkgrel</tt> can assist you.

{{Cmd|<nowiki>apkgrel -a|-h|-s NUM|-t|-z [-f] FILE...</nowiki>}}

'''apkgrel options'''

* '''-a''' Add 1 to current pkgrel
* '''-f''' Force, even if given files are not in proper format
* '''-h''' Show this help
* '''-s''' Set pkgrel to NUM
* '''-t''' Only verify that files are in proper format
* '''-z''' Set pkgrel to 0

[[Category:Development]]

== Generating new APKBUILDs ==

=== newapkbuild ===
To create the actual APKBUILD file {{Pkg|newapkbuild}} can serve you a template to start with. It will create a directory with the given package name, place an example/template APKBUILD file in the given directory, and fill some variables if those are provided.

{{:Include:Newapkbuild}}

=== apkbuild-cpan ===
The [http://www.cpan.org/ Comprehensive Perl Archive Network] (CPAN) provides a large collection of perl software and documentation. <tt>apkbuild-cpan</tt> helps with the creation of APKBUILD for perl modules from CPAN.

{{Cmd|apkbuild-cpan [create <Module::Name> <nowiki>| check | recreate | update | upgrade]</nowiki>}}

=== apkbuild-pypi ===
{{:Include:Apkbuild-pypi}}

== Signing packages and indexes ==

=== abuild-sign ===
{{:Include:Abuild-sign}}

=== abuild-tar ===
{{:Include:Abuild-tar}}

=== buildrepo ===
{{:Include:Buildrepo}}

== Setting up the build environment ==

=== abuild-keygen ===
{{:Include:Abuild-keygen}}