Support

Akeeba Solo

#36412 Akeeba Solo on Raspberry Pi

Posted in ‘Akeeba Solo (standalone)’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

PHP version
n/a
Akeeba Solo version
n/a

marian

Hello there,

In fact I am a musician and I have known your company for many years only through Akeeba Backup and Admintools for Joomla. I use theese products on a site of a classical music orchestra but only for internal interests. I administrate there this site. So I know (as a genuine user) your product Akeeba Backup.

I use now your product Akeeba Backup Solo and I have a problem. First of all I would like to write a bit about the project.

My brother in law would like to take over a genealogical project of mine and asked me about a possibility to give to him a site with a big database of persons to revise it. He wouldn't do that online and I found a possibility with a Raspberry Pi computer. I hope you know theese small single-board computer with a Debian Linux distribution. Anyway, I instalated on a Respbian Pi Apache 2.4.52, PHP 7.4.25 and MariaDB (I think with the server version 10.5.12). And the genealogical software The Next Generation of Genealogy Sitebuilding (TNG). Because I didn't have any problems installing it, I guess it was a good guide I used because I have NO ideea about Linux software).

I wanted to secure this project with your Akeeba Solo and here I have a problem and I don't know where could be the "bug" (I am sure there is no bug, there is a setting somewhere in the system but, as I said I have no ideea with Linux and I hope you are so nice to give me a clou).

Ok, I could't set up the system so good to take over the settings when Akeeba Solo started. The problem was (I am not sure now) at the chmod of the config.php from Solo/assets/private (I think config.php coldn't be written at the first run. Anyway I made the folder private writeable (777) and now Akeeba can write there the config.php but the configuration wizzard starts every time I start Akeeba or I push Home.

In Status Summary I have:

- Missing root definition for backup
- Missing database connection information for backup
- Default output directory in use

I took a look in the pages wich are aopen when I click the links from status summary but I think that at the end Akeeba can not save properly the informations it takes with the configuration wizard. As I said, the config.php can be written from Akeeba in Solo/assets/private and the folder backups has now chmod 777.

Perhaps you can help me because the other PHP application on the server (TNG) works (as I can observe).

Thank you very much for the help

nicholas
Akeeba Staff
Manager

Forget that your server is Raspberry Pi. The form factor is irrelevant. What matters is that it's a Debian-based distribution.

The default setup on Apache on Debian is to run Apache under user nobody and group nogroup following the principle of least privilege.

I assume you installed Solo by extracting the files using your regular user, most likely the one with the username pi (and group users). 

Therefore you have a mismatch between Solo's ownership and the user and group the server runs under.

Stop here and read the Security Information chapter in our documentation. Twice. Things will click in place.

Armed with this better understanding you should now see that you need to change the ownership of the Solo application to nobody:nogroup.

Assuming you have installed it under /var/www/html/solo you should run in a terminal:

sudo -H chown nobody:users /var/www/html/solo
sudo -H find /var/www/html/solo -type f -exec chmod 0664 \{} \;
sudo -H find /var/www/html/solo -type d -exec chmod 0775 \{} \;

Not the most efficient way to do this but at least it doesn't look like inscrutable runes :)

You will be seeing the same messages. You can ignore the “Default output directory in use”; your server is not exposed to the Internet.

The other two message simply tell you that you need to run the Configuration Wizard to tell Akeeba Solo what to backup: where are the files and how to connect to the database.

For the files, point that to the root of your TNG installation. For the database, you need to give your root database credentials and the name of your TNG database. I have not used that software, please don't ask me what either of these are. If unsure, ask their forum, I guess?

One final point. After all is configured go to the Configuration page. Find the Archiver row and click on the Configure button. In the pane which opens below set Archive Permissions to 0666. This will let you access and delete the backup archives from the file manager or over SFTP.

That's all. Happy backups!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

marian

Nicholas,

thank you very much for your help.
First, I want to thank you for pointing out the safety information chapters in the documentation. I found it to be very well written and pointed out to ponder the many aspects of the background processes.
Socrates might have said the same: "We all know intuitively what a file might be, but we seldom know what exactly it is." (because he is right with "The beginning of wisdom is the definition of the concepts.") :-) .

I changed your codes a bit (Akeeba Solo is in the Akeeba folder so /var/www/html/solo is /var/www/html/akeeba), applied them and now the folder "belongs" to users/nobody and now no more pi/pi (screenshot 03.png).

I'm trying to review the steps and:
1. at the very beginning (fresh akeeba folder in html folder - var/www/html/akeeba - with your changed code) (http://localhost/akeeba)
- the file config.php in /var/www/html/akeeba/Solo/assets/private/ is not created (screenshot 05.png).
- only two entries were made in the database (in solo_ak_users with the correct entries - username, name, email, password and in solo_ak_profiles - id, description (field configuration is empty))
- File config.php in /var/www/html/akeeba/Solo/assets/private/ saved (pi/pi 644) and logout from Akeeba Solo brings an error 500 (Application Error - "Can not save") (screenshot 07.png)
- Log out after assigning rights to config.php (777)

2. New login (http://localhost/akeeba)
- Configuration Wizard (screenshot 09.png)
- Configuration Wizard ends with Configuration Wizard Failure - Assignment of rights to the folder /var/www/html/akeeba/backups (777)
- The configuration field of entry 1 in solo_ak_profiles has been filled in in the database (screenshot 11.png)
- Log out

3. Login
- a mask "Please log in" appears
- everything looks very good (only one entry in Status Summary - Default output directory in use) (screenshot 13.png)
- One-click Backup brings the Configuration Wizard back (screenshot 14.png)
- The configuration field in the database looks completely different than before (screenshot 15.png)

I suspect that this change in the content of this field causes the Configuration Wizard to be called constantly. Unfortunately I don't know who gives this order.

Since I mentioned Socrates (said that to a Greek! :-) ), he would have said: "Success is nothing small, but it starts with little things."

Thank you again!

nicholas
Akeeba Staff
Manager

We still have a permissions issue. I would really need to know which user and group Apache runs under. I have not set up a Debian / Raspbian server in quite a while, just Ubuntu Server. It's possible that instead of nobody:nogroup it's using www-data:www-data. 

You should best check /etc/apache2/envvars. The user and group are listed in the exports APACHE_RUN_USER and APACHE_RUN_GROUP. Use their values instead of nobody:nogroup in my previous instructions.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

marian

Hello Nicholas,

thank you very much for your help.

Indeed, in etc/apache2/envvars it stays:

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

Raspberry Pi OS comes with no Apache, PHP, MySQL. To have them, for somebody without knowledge is a bit hard to find out a tutorial somewhat complet. I say this because in the tutorial I used https://howtoraspberrypi.com/how-to-install-web-server-raspberry-pi-lamp/ theese www-data comes from there:

sudo chown -R pi:www-data /var/www/html/
sudo chmod -R 770 /var/www/html/

("we’ll take advantage of it to give rights to the apache file that you can easily manage your sites")

Greetings

nicholas
Akeeba Staff
Manager

So, I reckon the issue is now resolved?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

marian

Hello Nicholas,

sorry, the issue isn't resolved.
And I presume that it has nothing to do with Akeeba Solo.
My incapability to set up such a web server is the cause...

I must say that I tried to do all things without mistakes. So I made a SD card from scratch with the RaspberryPi OS Bullseye (as I understand a Debian OS), then I updated all packages. From this point I made some clones from the SD Card (to save time) and I tried some possibilities. To install apache2, mariaDB, php (7.4) there is no problem. I understand what I must to do and I understand also what I do :-)

The problem was/is at the point sudo chown...
The tutorial from https://howtoraspberrypi.com/how-to-install-web-server-raspberry-pi-lamp/ has:
sudo chown -R pi:www-data /var/www/html/
With this I can upload per FTP the zip files on the Raspberry in the folder html, I can unzip them etc... All I do "belongs" to pi, the owner and the group (the user pi is the main user in Raspberry - pi@raspberrypi: )
But in this way Akeeba Solo can not save its cofig file and all the things I wrote about at the beginning happen again (configuration wizzard etc).

With this sudo chown -R pi:www-data /var/www/html/ the genealogie application works but such some things also not quite well (chmod for some files can not be seted, some backups can be made). Anyway, this is not the point.

I must say that the file /etc/apache2/envvars has:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

I found also in Internet something:
sudo chown -R www-data:www-data /var/www/html/

and with this Akeeba Solo had no problems :-)
But... then I can't do other things as uploads with the ftp, change files etc (because I login with pi).

I found also a possibility to ad the user pi in the group www-data (I forgot the code).
Also there I had problems.

 

I didn't found any tutorial to set up this server as I know from my internet hoster, sorry , I didn't find because I presume that I don't know what I must search.

Anyway, thank you for your help!

marian

Hello Nicholas,

I want to thank you for the input.
I knew that it had to work and if it didn't, according to your statement, it has to be with the wrong assignment of rights. The system is/was new installed and updated on each SD card. I hadn't changed anything in the system.
The game between user ownship, group membership and chmod rights remained.

I found out that after I uploaded the akeeba folder in the html folder and after I changed the group affiliation and ownership and write permissions with:
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 775 /var/www/html

Akeeba Solo was able to work properly.
However, I (as a user pi) could no longer upload anything.

Then I had to change the ownership of the html folder again:
sudo chown -R pi:www-data /var/www/html/

But I also found out that the saved configuration from the time of www-data:www-data also in the time of pi:www-data remains usable.
Probably because I read somewhere about the command where the user pi is added to the group www-data
sudo usermod -a -G www-data pi
but I am not sure when I did this.

This game
pi:www-data -> www-data:www-data -> pi:www-data (upload, setup, use)
I also had to use at the genealogy software because in some situations it worked there only if I had set www-data:www-data.

Currently it is set up as
sudo chown -R pi:www-data /var/www/html
sudo chmod -R 775 /var/www/html
sudo chmod g+s /var/www/html

and I hope it works stably.
I don't know if that was the right way. And I don't really know what I did about the safety and security aspects.

But I haven't found any tutorial or explanation or hint anywhere about I must set that this web server on the Raspberry behaves like my host's server (upload, set up, everything works correctly) and no permanent transfer of ownership.

I thank you for the help.

nicholas
Akeeba Staff
Manager

I strongly recommend reading the Security Information chapter in our documentation to understand how user, groups and permissions work together.

Your problem is indeed one that has to do with users, groups and permissions, not with Akeeba Solo itself.

I am closing this ticket since you have a solution and this issue is anyway a server setup issue we can't do much to help with :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: Typically we work Monday to Friday, 9am to 7pm Cyprus timezone (EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets, but we cannot respond to them, outside of our working hours.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!