Created Manual installation (markdown)

Manual-installation.md

@@ -0,0 +1,120 @@
+These steps apply to the latest release of Raspbian (currently [Buster](https://www.raspberrypi.org/downloads/raspbian/)). Notes for previously released versions are provided, where applicable. Start off by installing git, lighttpd, php7, hostapd and dnsmasq. 
+```sh
+sudo apt-get install git lighttpd php7.1-cgi hostapd dnsmasq vnstat
+```
+**Note:** for Raspbian Stretch, replace `php7.1-cgi` with `php7.0-cgi`. For Raspbian Jessie and older versions, use `php5-cgi`. After that, enable PHP for lighttpd and restart it for the settings to take effect.
+```sh
+sudo lighttpd-enable-mod fastcgi-php
+sudo service lighttpd restart
+```
+Now comes the fun part. For security reasons, the `www-data` user which lighttpd runs under is not allowed to start or stop daemons, or run commands like ifdown and ifup, all of which we want our page to do.
+So what I have done is added the `www-data` user to the sudoers file, but with restrictions on what commands the user can run. Add the following to the end of `/etc/sudoers`: 
+
+```sh
+www-data ALL=(ALL) NOPASSWD:/sbin/ifdown
+www-data ALL=(ALL) NOPASSWD:/sbin/ifup
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan_results
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] reconfigure
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] select_network
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl start dnsmasq.service
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop dnsmasq.service
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/openvpn.ovpn /etc/openvpn/client/client.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf
+www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now
+www-data ALL=(ALL) NOPASSWD:/sbin/reboot
+www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
+www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
+www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
+www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
+```
+
+Once those modifications are done, git clone the files to `/var/www/html`.
+**Note:** for older versions of Raspbian (before Jessie, May 2016) use
+`/var/www` instead.
+```sh
+sudo rm -rf /var/www/html
+sudo git clone https://github.com/billz/raspap-webgui /var/www/html
+```
+Move the high-res favicons to the web root.
+```
+sudo mv /var/www/html/app/icons/* /var/www/html
+```
+Set the files ownership to `www-data` user.
+```sh
+sudo chown -R www-data:www-data /var/www/html
+```
+Move the RaspAP configuration file to the correct location.
+```sh
+sudo mkdir /etc/raspap
+sudo mv /var/www/html/raspap.php /etc/raspap/
+sudo chown -R www-data:www-data /etc/raspap
+```
+Move the HostAPD logging and service control shell scripts to the correct location.
+```sh
+sudo mkdir /etc/raspap/hostapd
+sudo mv /var/www/html/installers/*log.sh /etc/raspap/hostapd 
+sudo mv /var/www/html/installers/service*.sh /etc/raspap/hostapd
+```
+Set ownership and permissions for logging and service control scripts.
+```sh
+sudo chown -c root:www-data /etc/raspap/hostapd/*.sh 
+sudo chmod 750 /etc/raspap/hostapd/*.sh 
+```
+Add the following lines to `/etc/rc.local` before `exit 0`.
+```sh
+echo 1 > /proc/sys/net/ipv4/ip_forward #RASPAP
+iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP 
+iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE #RASPAP
+```
+Force a reload of new settings in `/etc/rc.local`.
+```sh
+sudo systemctl restart rc-local.service
+sudo systemctl daemon-reload
+```
+Unmask and enable the hostapd service.
+```sh
+sudo systemctl unmask hostapd.service
+sudo systemctl enable hostapd.service
+```
+Move the raspap service to the correct location and enable it.
+```
+sudo mv /var/www/html/installers/raspap.service /lib/systemd/system
+sudo systemctl enable raspap.service
+```
+Copy the configuration files for dhcpcd, dnsmasq, and hostapd.
+```
+sudo mv /var/www/html/config/default_hostapd /etc/default/hostapd
+sudo mv /var/www/html/config/hostapd.conf /etc/hostapd/hostapd.conf
+sudo mv /var/www/html/config/dnsmasq.conf /etc/dnsmasq.conf
+sudo mv /var/www/html/config/dhcpcd.conf /etc/dhcpcd.conf
+sudo mv /var/www/html/config/config.php /var/www/html/includes/
+```
+(Optional) Optimize PHP
+```
+sudo sed -i -E 's/^session\.cookie_httponly\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/session.cookie_httponly = 1/' /etc/php/7.1/cgi/php.ini
+sudo sed -i -E 's/^;?opcache\.enable\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/opcache.enable = 1/' /etc/php/7.1/cgi/php.ini
+sudo phpenmod opcache
+```
+Reboot and it should be up and running!
+```sh
+sudo reboot
+```
+
+The default username is 'admin' and the default password is 'secret'.