RaspberryPi server
Last update
2023-12-15
2023
12-15
«raspi, raspbian, nas, webdav, dlna, media center, torrent, rdp/vnc, print/scan, firewall, dns, monitoring, vpn, zram, android»

Table of contents:

  1. Update raspbian linux to latest version
  2. Change password, hostname, full xdm greeter
  3. Configure a static IP address
  4. Tune kernel settings
  5. Tune video settings
  6. Tune audio settings
  7. Tune wifi settings
  8. Tune eth settings
  9. Remove tv black borders
  10. Fix slow usb mouse
  11. Reduce power consumption
  12. Overclock
  13. Extend lifespan of mechanical HDD
  14. Extend lifespan of sdcard
  15. Extend your RAM by enabling ZRAM
  16. Setup a NAS (via NFS)
  17. Setup a remote desktop (via VNC)
  18. Setup a shared printer
  19. Setup the firewall
  20. SSH access and tunnels
  21. Save external syslog
  22. Enable bluetooth without WiFi
  23. Dedicated posts:
  24. Tools
  25. Backup
  26. Miscellanea

Update raspbian linux to latest version:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apt-get update
apt-get upgrade
apt-get dist-upgrade
apt-get clean
apt-get autoremove
rpi-update # update firmware & kernel

apt-get purge bash-completion     # speed up shell TAB-auto completion

# --- os version update, eg: from jessie (deb8) to stretch (deb9)
sed -i 's/jessie/stretch/g' /etc/apt/sources.list
sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/raspi.list
# repeat the commands above, then check the current version:
cat /etc/os-release

Debian 10 upgrade: see rpi blog post notes and comments.




Change password, hostname, full xdm greeter:

1
2
3
4
sudo raspi-config # Change User Password; Hostname

# choose lightdm-gtk-greeter
sudo update-alternatives --config lightdm-greeter




Configure a static IP address (see also this and fallback method):

append the desired following blocks to /etc/dhcpcd.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
interface eth0
fallback mylan

SSID my_wifi_ssid
fallback mylan

interface wlan0
fallback mylan

profile mylan
static ip_address=192.168.1.110/24
static routers=192.168.1.1
static domain_name_servers=84.200.69.80 37.235.1.174 84.200.70.40 37.235.1.177

Note: Do not use the directive inform 192.168.1.110 because it breaks the UPS monitor.

Optional do not wait for network at boot: run raspi-config and select Boot > Wait for Network at Boot > No.




Tune kernel settings

1
arm_64bit=0
  • Disable IPv6: append ipv6.disable=1 to kernel parameters in /boot/cmdline.txt or:
1
2
3
4
# via sysctl:
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/local.conf
# via modprobe:
echo "blacklist ipv6" >> /etc/modprobe.d/local.conf
  • Set autoreboot on kernel panic: append panic=5 to kernel parameters in /boot/cmdline.txt or via sysctl:
1
echo "kernel.panic = 5" >> /etc/sysctl.d/local.conf
  • use eth0 as first ethernet device name (wiki)

    • raspi-config > Advanced Options > Network Interface Names > disable predictable network i/f names
    • append net.ifnames=0 to /boot/cmdline.txt
  • better/visible boot messages: append consoleblank=0 plymouth.enable=0 to kernel parameters in /boot/cmdline.txt

  • Remove tv black borders: set disable_overscan=1 in the /boot/config.txt.

  • Fix slow usb mouse: append usbhid.mousepoll=0 to kernel parameters in /boot/cmdline.txt.




Tune video settings

Run raspi-config and in the Advanced Options section, if using a raspberry pi 4 then enable both the GL driver and the Compositor otherwise turn them off.

  • Note: to ensure the loading of Pi4's VC4/GL driver make sure to uninstall Xorg frame buffer drivers:

    1
    2
    apt install xserver-xorg-video-vesa
    apt purge xserver-xorg-video-fbdev xserver-xorg-video-fbturbo
    
  • Fix HDMI no signal

1
2
3
# /boot/config.txt
hdmi_force_hotplug=1
config_hdmi_boost=6
  • Fix Pi4's DRM mem error:

    1
    DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory
    

    If you see the above error then use these /boot/config.txt settings:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    # force HD, and prevent 4K memory drain (optional)
    hdmi_group=1
    hdmi_mode=16
    [hdmi:0]
    hdmi_max_pixel_freq=200000000
    [hdmi:1]
    hdmi_max_pixel_freq=200000000
    
    [pi4]
    # Enable DRM VC4 V3D driver on top of the dispmanx display stack (default driver)
    dtoverlay=vc4-fkms-v3d
    # number of active displays 1-2
    max_framebuffers=1
    # disable any memory split
    #gpu_mem=256
    

    and append cma=384M to /boot/cmdline.txt.




Tune audio settings

1
2
# add tsched=0 in /etc/pulse/default.pa on this line:
load-module module-udev-detect tsched=0
1
2
3
4
cd /usr/share/pulseaudio/alsa-mixer/paths
tar -czvf ../paths.tgz .  # backup
perl -pi -0 -e 's/(\[[A-Za-z ]*(Mic Boost|Capture)\][A-Za-z._=\s-]+volume *= *)merge/\1zero/g;' *mic*.conf
shutdown -r 0
  • to have a much better audio quality you can buy an usb soundcard (eg. PCM2704 DAC)
1
2
3
4
5
6
# /etc/modprobe.d/local-audio.conf

# https://alsa.opensrc.org/MultipleCards#Reordering_the_driver_for_a_particular_card
options snd_bcm2835    index=0
# get vendor and product IDs via "lsusb" (my PCM2704 has 08bb:27c4)
options snd-usb-audio  index=2,3,4 vid=0x08bb,0x1395,0x046d pid=0x27c4,0x0025,0x0836
1
2
3
4
5
# set default card in pulseaudio (taken from raspi-config script)
pulseaudio --check || pulseaudio -D
export XDG_RUNTIME_DIR=/run/user/`id -g`
pacmd list-sinks | grep -e index -e alsa.name  # identify your card number
pactl set-default-sink 3




Tune wifi settings

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# disable roaming
echo "options brcmfmac roamoff=1" >> /etc/modprobe.d/local.conf

# set correct regional domain
sed -i 's/REGDOMAIN=.*/REGDOMAIN=IT/' /etc/default/crda

# auto turn off power management
cd /etc/network/if-up.d/
echo -e '#!/bin/bash\n/sbin/iw dev wlan0 set power_save off' > local-wlan
chmod 755 local-wlan
# find an optimal MTU size via:
#   ping -c 2 -M do -s 1600 www.google.com
# then save it with:
echo "/sbin/ip link set dev wlan0 mtu 1400" >> local-wlan

Turn off bluetooth if unused, see this section.




Tune eth settings

  1. create a device tree file cm4-disable-gigabit-ethernet.dts:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
     /dts-v1/;
     /plugin/;
    
     / {
         /* Change the phy max-speed to 100 Mbps */
         fragment@0 {
             target = <&phy1>;
             __overlay__ {
                 max-speed = <100>;
             };
         };
     };
    
  2. compile and install:

    1
    2
     sudo dtc -@ -Hepapr -I dts -O dtb -o /boot/overlays/cm4-disable-gigabit-ethernet.dtbo cm4-disable-gigabit-ethernet.dts
     echo "dtoverlay=cm4-disable-gigabit-ethernet" >> /boot/config.txt
    




Reduce power consumption:

turn off leds (RPIex, forum, lindevs) by putting in /boot/config.txt under the [pi4] tag:

1
2
3
4
5
6
7
8
9
10
11
12
[pi4]
# Disable the PWR LED
dtparam=pwr_led_trigger=default-on
dtparam=pwr_led_activelow=off

# Disable the Activity LED
dtparam=act_led_trigger=none
dtparam=act_led_activelow=off

# Disable ethernet port LEDs (0=ACT, 1=LNK)
dtparam=eth_led0=4
dtparam=eth_led1=4
1
2
# disable HDMI output (and set boot to console via raspi-config)
/usr/bin/tvservice -o # -p to re-enable

set boot to console and reduce memory split:

1
2
raspi-config # Boot Options > Desktop / CLI > Console
raspi-config # Advanced Options > Memory Split > 16

turn off unsued wlan/bluetooth (see /boot/overlays/README), put in /boot/config.txt:

1
2
dtoverlay=disable-wifi
dtoverlay=disable-bt

and turn off the bluetooth services:

1
2
systemctl disable hciuart
systemctl disable bluetooth




Overclock RPI4:

Add these lines in /boot/config.txt:

1
2
3
4
arm_freq=2048
v3d_freq=750
over_voltage=6
hdmi_enable_4kp60=1

optionally set performance cpu governor:

1
2
# /etc/rc.local
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor




Extend lifespan of mechanical HDD:

put in /etc/hdparm.conf:

1
2
3
4
5
6
7
/dev/sda {
  write_cache = on
  # -B -- disable Advanced Power Management
  apm = 254
  # -S -- 1h timeout
  spindown_time = 242
}




Extend lifespan of sdcard:

install my tmpfs-folders script and add a custom periodic cleaning of /var/log files in root crontab:

1
2
#  m   h   dom   mon   dow   command
   0   0     *     *     3   /opt/systemd-units/clear_var_log.sh > /dev/null 2> /dev/null




Extend your RAM by enabling ZRAM (compressed RAM):

put in /etc/rc.local:

1
2
3
4
5
6
7
8
9
10
if modprobe zram num_devices=1 ; then
  echo lz4  > /sys/block/zram0/comp_algorithm
  echo 384M > /sys/block/zram0/mem_limit
  echo 768M > /sys/block/zram0/disksize

  mkswap /dev/zram0
  swapon -p 10 /dev/zram0

  sysctl vm.swappiness=90
fi

and optionally disable dphys-swapfile swapfile service:

1
systemctl disable dphys-swapfile




Setup a NAS (via NFS):

Server side commands:

1
2
3
4
5
6
7
8
9
apt-get install nfs-kernel-server

systemctl enable rpcbind # it's disabled by default...
systemctl restart nfs-kernel-server

# add a share to /etc/exports
echo "/path 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,anonuid=1001,anongid=1001)" >> /etc/exports

exportfs -ra # reload server

and append these lines to /ect/rc.local:

1
2
3
# fix: nfs server doesn't start without rpcbind
systemctl start   rpcbind
systemctl restart nfs-kernel-server

Client side commands:

1
2
echo "192.168.1.110:/path /mnt/path nfs defaults,user,exec 0 0" >> /etc/fstab
mount /mnt/path




Setup a remote desktop (via VNC):

You have three options:

  1. Install the modern TigerVNC server, see the dedicated post
  2. Use the lightdm TigerVNC service by enabling it in /etc/lightdm/lightdm.conf
  3. Install the old TightVNC:

    1
    2
    3
    4
    5
    apt-get install tightvncserver
    # set a password and run a LQ server on display 1:
    vncpasswd
    vncserver -geometry 1024x768 -depth 8 :1
    vncviewer server_ip:1 # connect from another host
    




Setup a shared printer:

1
2
3
4
5
6
7
apt-get install cups
apt-get install hplip # HP printers drivers
hp-setup -i # install printer + dl drivers

elinks http://localhost:631
# Administration > Printers > Add printer
# Server settings > Share printers connected to this system

then turn the printer off and on again.

On Android you can install these apps: Let's print Droid, and Let's Print PDF.




Setup the firewall:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apt-get install ufw

ufw reset # reset to defaults

ufw default deny  incoming
ufw default allow outgoing

ufw allow from 192.168.1.0/24 # your intranet
ufw allow from x.x.x.x        # a trusted IP
ufw limit 22/tcp              # max 6 new connections every 30 seconds
ufw limit 2200:2230/udp       # mosh port range
ufw allow 1810:1820/tcp       # bittorent - data
ufw allow 1810:1820/udp
ufw allow 6881:6891/tcp       # bittorent - tracker
ufw allow 6881:6891/udp
ufw allow 6771/udp            # bittorent - local peer discovery

ufw enable




SSH access and tunnels:

Here is an example for creating some simple forward tunnels while connecting to a remote server:

1
2
3
4
5
6
7
# deluge thin client & web ui, vnc, nginx
ssh \
  -L 58846:localhost:58846 \
  -L 8112:localhost:8112   \
  -L 5901:localhost:5901   \
  -L 1234:localhost:1234   \
  user@server_addr

There are some great SSH clients as PuTTY for windows/linux and juiceSSH on Android.

Use mosh (even with juiceSSH!) to reliably connect from unstable or high latency networks:

1
2
apt-get install mosh               # run this both on client and server
mosh -p 2200:2230 user@server_addr # connect to opened UDP ports on server

Read the dedicated post for an advanced tunnel usage.

Read the dedicated post to setup a SOCKS proxy with SSH.

Note: if sshd is slow to start at boot (systemd-analyze blame) then install haveged to have more entropy. Also apply this patch if it's killed by systemd on debian bullseye:

1
2
3
4
mkdir -p /etc/systemd/system/haveged.service.d
echo -e '[Service]\nSystemCallFilter=uname' > /etc/systemd/system/haveged.service.d/dietpi.conf
systemctl daemon-reload
systemctl restart haveged




Save external syslog via rsyslog:

  • enable tcp/udp ports, uncomment these lines in /etc/rsyslog.conf
1
2
3
4
5
module(load="imudp")
input(type="imudp" port="514")

module(load="imtcp")
input(type="imtcp" port="514")
  • filter and save remote logs by IP, create /etc/rsyslog.d/router.conf
1
2
3
4
$template routerlog, "/var/log/router.log"

if $fromhost-ip startswith "192.168.1.1" then -?routerlog
& stop
  • restart service
1
systemctl restart rsyslog
  • configure the device (eg. a router) to use your raspi IP as the remote syslog server




Enable bluetooth without WiFi

  • disable WiFi by blacklisting its modules, add in /etc/modprobe.d/local-wifi.conf:
1
2
blacklist brcmfmac
blacklist brcmutil
  • set enable_uart=1 in /boot/config.txt
  • ensure /boot/cmdline.txt contains this text in this exact order:
1
console=serial0,115200 console=tty1
  • enable services:
1
2
systemctl enable hciuart
systemctl enable bluetooth




Dedicated posts:




Tools:

1
2
3
apt-get install rpi-chromium-mods # video acceleration on google chrome
apt-get install remmina           # very handy VNC/SSH GUI
apt-get install omxplayer         # accelerated cli media player
  • Fast/light web browsers:

    • kweb - raspberry pi's custom webkit build with omxplayer support
    • vivaldi - opera like browser
    • midori
  • OMXplayer GUIs:

    1
    2
    3
    4
    5
    sudo apt install libdbus-1-dev libglib2.0-dev
    pip install omxplayer-wrapper
    wget -O ~/bin/gomx https://github.com/vladcc/gomx/raw/master/gomx/gomx.py
    chmod 755 ~/bin/gomx
    sed -i 's/^PL_WIN_PAD = .*/PL_WIN_PAD = 0/' ~/bin/gomx # adjust padding
    
  • raspi-keygen -- Patch for MPEG-2, VC-1 license (untested, use it at your own risk)

    1
    2
    cd /boot && cp start.elf start.elf_backup && \
      perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
    
  • latest mkvtoolnix for raspbian




Backup:

You can do a full/raw sdcard backup, a live/tar one, or an incremental one.

As an alternative to 7za you can use xz just like the gz command (or use the -J option of tar).

Incremental backup commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# --- backup ----------------------------------------
cd /tmp && mkdir -p p1 p2
sudo mount -o ro /dev/sdc1 p1
sudo mount -o ro /dev/sdc2 p2

cd bkup-folder
sudo sfdisk -d /dev/sdc > ptable
mkdir -p p1 p2
sudo ribs -b --no-p p1 /tmp/p1
sudo ribs -b        p2 /tmp/p2

sudo umount /tmp/p?


# --- restore ---------------------------------------
cd bkup-folder

cd /tmp && mkdir -p p1 p2
sfdisk /dev/sdc < ptable
mkfs.vfat /dev/sdc1
mkfs.ext4 /dev/sdc2
sudo mount /dev/sdc1 p1
sudo mount /dev/sdc2 p2

sudo ribs -r p1 /tmp/p1
sudo ribs -r p2 /tmp/p2

cat ptable | grep label-id   # view old partition ID

# change to the new partition ID
sfdisk -d /dev/sdc | grep label-id
# update PARTUUID in p1/cmdline.txt 
# update PARTUUID in p2/etc/fstab

sudo umount /tmp/p?




Miscellanea:

  • turn TV/monitor on/off

    1
    2
    3
    cec-ctl -d/dev/cec0 --playback -S          # initialize
    cec-ctl -d/dev/cec0 --to 0 --standby       # turn OFF
    cec-ctl -d/dev/cec0 --to 0 --image-view-on # turn ON
    
  • Fix TV/monitor not detected unless powered on first:

    1
    sudo tvservice -d /boot/edid.dat
    
    1
    2
    3
    # /boot/config.txt
    hdmi_edid_file=1
    hdmi_force_hotplug=1
    
  • Test if we are on a raspberry (/sys, /proc/cpuinfo):

    1
    2
    cat /sys/firmware/devicetree/base/model # Raspberry Pi 3 Model B Rev 1.2
    grep Hardware /proc/cpuinfo             # Hardware : BCM2708
    
  • To save space on new installs of ruby gems, put in ~/.gemrc:

    1
    2
    install: --no-rdoc --no-ri -​-no-document
    update:  --no-rdoc --no-ri -​-no-document
    

    and to install a gem in the user $HOME use this command:

    1
    2
    3
    4
    gem install --user-install bundler
    
    # remember to update your PATH adding this line to ~/.bashrc
    export PATH=$HOME/.gem/ruby/2.1.0/bin:$PATH
    
  • If you have a logitech wireless keyboard (eg: K400+) then you can use solaar to query and configure it:

    1
    2
    3
    4
    5
    6
    git clone https://github.com/pwr/Solaar.git
    cd Solaar/bin
    
    solaar show all
    solaar show 1 | grep Battery
    solaar config 1 fn-swap off # toggle function keys
    
  • If you have a keyboard without the F# keys (like the kano keybord) you can emulate them with xdotool and then run it via xbindkeys:

    1
    2
    3
    4
    sudo apt-get install xdotool xbindkeys xbindkeys-config
    xdotool key ctrl+alt+F1  # emulate these key press
    xbindkeys-config         # create and save your bindings
    xbindkeys                # run daemon
    

    or you can use xmodmap to remap existing keys:

    1
    2
    3
    xmodmap -pke | tee ~/.Xmodmap > ~/.Xmodmap-orig
    nano    ~/.Xmodmap # edit keys
    xmodmap ~/.Xmodmap # load changes (run this on X startup)
    

    see Xorg keyboard references on the bottom.

  • Autostart programs when loggin in LXDE: put your commands prefixed by @ in ~/.config/lxsession/LXDE-pi/autostart

  • Change video mode/resolution without rebooting -- see rpi forum post

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# query available video modes
tvservice -m CEA
#Group CEA has 16 modes:
#           mode  4: 1280x720  @ 60Hz 16:9, clock:74MHz progressive 
#           mode 19: 1280x720  @ 50Hz 16:9, clock:74MHz progressive 
#  (prefer) mode 16: 1920x1080 @ 60Hz 16:9, clock:148MHz progressive 

# set custom video mode
tvservice -e "CEA 4 HDMI"
#fbset -depth 8 ; fbset -depth 16
fbset -g 1280 720 1280 720 16
xrefresh

# set default video mode
tvservice -p




Notes:

  • Raspberry Pi 3 provides 1.2A USB current by default (no need to set max_usb_current=1 in /boot/config.txt). Of course a 2.5A PSU is mandatory.

Tips:

Sources: