Installation

saintnick edited this page Apr 18, 2017 · 11 revisions

Ready to get the Remote Wake/Sleep-on-LAN Server (RWSOLS) installed? OK! You should read the terminology page first, so you know what we're talking about. Done? Cool.

Setting up the Remote Machine(s)

You'll need to get your remote machine(s) set up to support WOL Magic packets. If you're using a Windows remote machine, and you want to be able to put it to sleep Remotely, too, you've gotta set that up.

  • Ensure that the remote computer supports Wake-On-Lan (WOL) functionality. You may need to boot into the BIOS and permit the computer to be woken up via the network interface. This will look different on nearly every BIOS. You also need to configure the network interface from within the OS to not go into power save mode, and to support Wake events from magic packets. LifeHacker has a good tutorial showing how to enable WOL functionality.
  • If the remote computer is Windows 8 or 10, you might need to change some settings to make it reply to ping requests (or else you won't know when it has woken up, and the webapp won't be able to ascertain its state). Follow these instructions to make it reply.
  • If you want to be able to put your computer to sleep remotely, in addition to being able to wake it up, you need to install and run the Sleep-on-LAN application server. Download the Sleep on LAN software (original download link) (v1.1 alt download link) and run it on your windows computer. Set it to launch at boot so that it will always be ready to go.
  • If the Remote computer is Windows 10, its Sleep settings may prevent it from supporting Wake-On-LAN. You can fix this by disabling "Fast Boot". You can find instructions how to disable Fast Boot, here.

Setting up the Network and Router

If you want to wake/sleep your machines from outside you're network, you'll need to setup static DHCP leases, setup port forwarding, and configure a dynamic DNS service.

  • Log into your Router’s administration panel (in most scenarios you can do this by visiting your Gateway IP from your browser). Find the status page and locate the listing of attached clients. Identify your Raspberry Pi and your computer by their hostnames, and copy down their MAC addresses, and IP addresses. In the screenshot below, the hostname of the computer I want to control is “PHOENIX” and the Pi’s hostname is, appropriately, “raspberrypi.” This will vary by router, but the listing will look something like this (Note: I blurred out some of my personal info):
  • Now, find the “DHCP Reservation” or “Static Leases” list in your router’s administration panel. You’ll configure your router to always assign your remote computer and the raspberry pi the same IP address every time they connect to the network. This ensures that you’ll be able to reliably forward data to them through the router. It will look something like this. You can use the currently assigned IP addresses, just make sure that you reserve them for those MAC addresses:
  • Next, find the port forwarding configuration screen in your router’s administration panel. You’ll want to route the HTTP port (TCP 80) and/or HTTPS port (TCP 443) to the Raspberry Pi's IP. Note, you only need to forward port 443 if you plan to enable SSL encryption (I recommend that you do, and this software supports it). These ports will be used to send data to the Raspberry Pi. You’ll also need to forward any remote service ports that you want to use to access the remote computer. Importantly, many ISPs will block incoming traffic on port 80 and or 443, the default HTTP(S) ports, to prevent customers from hosting websites from their residences. But, you’re smarter than they are! Simply route an arbitrary external port, to the internal port 80 or 443 on your Raspberry Pi. In the screenshot below, you can see that I am routing external port 5000 to internal port 80. This means that when you eventually access the WOL server, you’ll need to specify the port, like this: wol.example.com:5000. Route the appropriate port for whatever services you want to access on the remote computer. In the screenshot below, I’ve routed port 3389, which is what Windows uses for Remote Desktop. If you wanted to access an SSH server or SFTP server running on the remote computer, you could additionally route port 22. You can find a listing of ports used by various services on wikipedia.
  • Next, you’ll want to sign up for a dynamic DNS updating service that your router supports. Different routers support different services. In the screenshot below, I'm using DynDNS. Unfortunately, DynDNS no longer offers its free services, but NoIP.com does, and is supported by many routers. Sign up for a free account, and get a URL that looks something like this: yoursite.no-ip.org. NoIP even supports port 80 redirects, so you can configure your account to not require appending the non-standard port number to the end as described in the last step. Once you’ve got your dynamic DNS account, find the Dynamic DNS (DDNS) updating screen in your router’s administration panel, and enter your account info. Now, you’ll always be able to access your home network, without knowing the IP addresses, and the router will handle automatically updating where the URL directs when your dynamic IP changes!

You're done setting up the network. Time to move on to setting up your actual Raspberry Pi/Cubieboard Server!

Setting up the Raspberry Pi/Cubieboard

Now that your router is all set to handle everything, it’s time to get the Raspberry Pi/cubieboard setup. Please note, as of April 4th, 2016, RWSOLS is tested and confirmed to work on Raspian Jessie Lite and Cubian running Apache 2.4.10. It likely will not work correctly on pre 2.4.x versions of Apache, as Apache made several non-backwards-compatible changes to config file formats. I suggest you start with a fresh Pi (any model should work) running Raspbian Jessie Lite.

  • Setup your Raspberry Pi with Raspbian if you haven’t already, and get it connected to your network. Adafruit has a great set of tutorials that can help you do the initial setup for your Raspberry Pi. Remember, install Raspbian Jessie - that's what RWSOLS is tested on. Don't forget we also first need to install git and apache and php onto Jessie, which doesn't carry them default.
  • Access your Raspberry Pi over SSH and log in with the username (pi) and the password that you configured...

Prepping the Pi/Cubieboard

  • First, install the packages we'll need:
    sudo apt-get install git
    sudo apt-get install apache2 -y
    sudo apt-get install php5 libapache2-mod-php5 -y
    sudo apt-get install wakeonlan apache2 php5 git php5-curl libapache2-mod-php5
  • The PHP server uses the built-in ping command to check if the remote machine is awake or not. Give all users on the pi permission to ping by executing this command:
    sudo chmod u+s `which ping`
  • Now, clone this repository:
    git clone https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server.git
  • Apache 2 (as of version 2.4) keeps web files at /var/www/html. Let's take ownership of that directory:
    sudo chown pi: /var/www/html

Enabling Encryption

Enabling TLS/SSL encryption is recommended, but not required. If you don't want encryption, you can skip this section. If you do want to enable encryption, complete these steps, which create the required keys and enable SSL support within Apache 2. You must have internal port 443 on router forwarded to your pi if you want to use SSL. See the notes/faq page for more info about encryption using self-signed certificates.

  • sudo mkdir /etc/apache2/ssl
  • sudo openssl genrsa -out /etc/apache2/ssl/wol.key 2048
  • sudo openssl req -new -key /etc/apache2/ssl/wol.key -out /etc/apache2/ssl/wol.csr

At this point you will be asked some questions, most of which have no impact on the running of your service. You can accept the default values, or fill in answers. However, the "Common Name" should be the name of the dynamic DNS you have setup, ("wol.example.com" for example) and the password should be left blank so that the Pi can load it on boot without prompting you for a password.

Finish configuring the Apache SSL Support:

  • sudo openssl x509 -req -days 10 -in /etc/apache2/ssl/wol.csr -signkey /etc/apache2/ssl/wol.key -out /etc/apache2/ssl/wol.crt
  • sudo mv -f Remote-Wake-Sleep-On-LAN-Server/ssl.conf /etc/apache2/mods-available/ssl.conf
  • sudo a2enmod ssl

Setting up the Apache 2 Server and Securing it

If you chose to not enable encryption, resume following the instructions here.

  • Enable the headers mod and restart apache:
    sudo a2enmod headers
    sudo service apache2 restart
  • Move the site config file over to the Apache available sites config folder:
    sudo mv -f Remote-Wake-Sleep-On-LAN-Server/000-default.conf /etc/apache2/sites-available/000-default.conf
  • Make some config adjustments to improve security:
    sudo sed -i.bak "s/expose_php = On/expose_php = Off/g" /etc/php5/apache2/php.ini
    sudo sed -i.bak "s/E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED/error_reporting = E_ERROR/g" /etc/php5/apache2/php.ini
    sudo sed -i.bak "s/ServerSignature On/ServerSignature Off/g" /etc/apache2/conf-available/security.conf
    sudo sed -i.bak "s/ServerTokens OS/ServerTokens Prod/g" /etc/apache2/conf-available/security.conf
  • Restart the Apache 2 Service:
    sudo service apache2 restart
  • Move the Website files over to the serving directory:
    mv Remote-Wake-Sleep-On-LAN-Server/* /var/www/html
    mv Remote-Wake-Sleep-On-LAN-Server/.htaccess /var/www/html
    rm -rf Remote-Wake-Sleep-On-LAN-Server/
    rm -f /var/www/html/index.html
    mv /var/www/html/config_sample.php /var/www/html/config.php

Finishing the Configuration

Now, the Apache 2 server is setup and secured. It's serving up your site. But, before it works, you need to adjust the configuration values to match your network setup. Open the config file and adjust the values to match your network setup:
nano /var/www/html/config.php

You'll need to enter a value for $APPROVED_HASH and optionally turn on SSL enforcing (do this if you followed the above steps to enable encryption by setting $USE_HTTPS to true). To generate an approved hash, think of the password you want to use, and use the website linked from the config file to generate the one-way hash. Then paste that in to the config file. Don't forget to also set the other parameters in the config file, including the IP and MAC address of the computer you want to control. A completed config file will look like this. Note where you need to put quotes, etc. In this example, the password is banana. If you enter banana into the hash generation site, you'll see that the output matches what is shown in this config file.

You can now access your web site at the dynamic DNS URL that you specified! Enjoy Waking and Sleeping remotely.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.