Skip to content

Manual installation

Bill Zimmerman edited this page Jan 19, 2020 · 4 revisions

These steps apply to the latest release of Raspbian (currently Buster). Notes for previously released versions are provided, where applicable. Start off by installing git, lighttpd, php7, hostapd and dnsmasq.

sudo apt-get install git lighttpd php7.1-cgi hostapd dnsmasq vnstat

Note: for Raspbian Stretch, replace php7.1-cgi with php7.0-cgi. php5 is no longer supported. After that, enable PHP for lighttpd and restart it for the settings to take effect.

sudo lighttpd-enable-mod fastcgi-php
sudo service lighttpd restart

Now comes the fun part. For security reasons, the www-data user which lighttpd runs under is not allowed to start or stop daemons, or run commands like ifdown and ifup, all of which we want our page to do. So what I have done is added the www-data user to the sudoers file, but with restrictions on what commands the user can run. Add the following to the end of /etc/sudoers with sudo visudo:

www-data ALL=(ALL) NOPASSWD:/sbin/ifdown
www-data ALL=(ALL) NOPASSWD:/sbin/ifup
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan_results
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] reconfigure
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] select_network
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start dnsmasq.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop dnsmasq.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/openvpn.ovpn /etc/openvpn/client/client.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf
www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now
www-data ALL=(ALL) NOPASSWD:/sbin/reboot
www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh

Once those modifications are done, git clone the files to /var/www/html.

sudo rm -rf /var/www/html
sudo git clone https://github.com/billz/raspap-webgui /var/www/html

Move the high-res favicons to the web root.

sudo mv /var/www/html/app/icons/* /var/www/html

Set the files ownership to www-data user.

sudo chown -R www-data:www-data /var/www/html

Move the RaspAP configuration file to the correct location.

sudo mkdir /etc/raspap
sudo mv /var/www/html/raspap.php /etc/raspap/
sudo chown -R www-data:www-data /etc/raspap

Move the HostAPD logging and service control shell scripts to the correct location.

sudo mkdir /etc/raspap/hostapd
sudo mv /var/www/html/installers/*log.sh /etc/raspap/hostapd 
sudo mv /var/www/html/installers/service*.sh /etc/raspap/hostapd

Set ownership and permissions for logging and service control scripts.

sudo chown -c root:www-data /etc/raspap/hostapd/*.sh 
sudo chmod 750 /etc/raspap/hostapd/*.sh 

Add the following lines to /etc/rc.local before exit 0.

echo 1 > /proc/sys/net/ipv4/ip_forward #RASPAP
iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP 
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE #RASPAP

Force a reload of new settings in /etc/rc.local.

sudo systemctl restart rc-local.service
sudo systemctl daemon-reload

Unmask and enable the hostapd service.

sudo systemctl unmask hostapd.service
sudo systemctl enable hostapd.service

Move the raspap service to the correct location and enable it.

sudo mv /var/www/html/installers/raspap.service /lib/systemd/system
sudo systemctl enable raspap.service

Copy the configuration files for dhcpcd, dnsmasq, and hostapd.

sudo mv /var/www/html/config/default_hostapd /etc/default/hostapd
sudo mv /var/www/html/config/hostapd.conf /etc/hostapd/hostapd.conf
sudo mv /var/www/html/config/dnsmasq.conf /etc/dnsmasq.conf
sudo mv /var/www/html/config/dhcpcd.conf /etc/dhcpcd.conf
sudo mv /var/www/html/config/config.php /var/www/html/includes/

(Optional) Optimize PHP

sudo sed -i -E 's/^session\.cookie_httponly\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/session.cookie_httponly = 1/' /etc/php/7.1/cgi/php.ini
sudo sed -i -E 's/^;?opcache\.enable\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/opcache.enable = 1/' /etc/php/7.1/cgi/php.ini
sudo phpenmod opcache

(Optional) Install OpenVPN, enable option in RaspAP config and enable openvpn-client service

sudo apt-get install openvpn
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" /var/www/html/includes/config.php
sudo systemctl enable openvpn-client@client

(Optional) Create OpenVPN auth control scripts, set ownership and permissions

sudo mkdir /etc/raspap/openvpn
sudo cp /var/www/html/installers/configauth.sh /etc/raspap/openvpn
sudo chown -c root:www-data /etc/raspap/openvpn/*.sh
sudo chmod 750 /etc/raspap/openvpn/*.sh

Reboot and it should be up and running!

sudo reboot

The default username is 'admin' and the default password is 'secret'.

You can’t perform that action at this time.