PIXILAB Wiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
blocks:server:advanced_server_configuration-pre-7 [2023-03-16 06:47]
mattias [Using a DNS Server for Accessing Computers by Name] 		— (current)
Line 1: Line 1:
-====== Advanced Server Configuration ====== 
  
-The setup procedure outlined in [[first_start|"First Start"]] gets you up and running with a working and secure BLOCKS server. The basic system set up in "First Start" used its own, separate, small network, where each computer had a fixed IP address, assigned manually. While that's useful for getting up and running and making sure everything works, it's not practical for everyday use. This article describes various options for configuring BLOCKS and for integrating it with another, already existing network: 
- 
-  * Changing the IP address of the BLOCKS computer, along with other network settings, making it fit within an existing network. 
-  * Assigning IP addresses automatically to most computers on the network using a DHCP server. 
-  * Using a DNS server for accessing important computers on the network, such as the BLOCKS server, by name rather than by IP address. 
-  * Configuring some [[#configuring_blocks_server_options|additional options]] of the BLOCKS server, such as the ability to use it as a Display Spot as well as a server, or activating the [[blocks:server:mirror|mirroring server]] for building redundancy. 
- 
- 
-==== Changing the BLOCKS server's IP Address ==== 
- 
-If you're building a new network for BLOCKS, we recommend that you stick with the addresses and other settings established in [[blocks:server:first_start|First Start]], with the BLOCKS server at 10.2.0.10 and a network mask of 255.255.0.0. These settings match default settings in other parts of the server's configuration, and provide ample room for display spots and other network devices, both with fixed and automatically assigned IP addresses. 
- 
-However, if you need to integrate BLOCKS into an already existing network, you will likely have to change the server's IP address and other network settings to match the existing network. The information you need before you can do so is: 
- 
-  * What fixed IP address can I use for the BLOCKS server. 
-  * What netmask should I use (often a group of numbers such as 255.255.255.0 or 255.255.0.0). 
-  * Does this network have Internet access? If so, what's the IP address of the gateway. This is often an IP address similar to others on your network, but ending in 1, such as 10.2.0.1. 
-  * Does this network already have a DHCP server for allocating IP addresses automatically?  
-  * Is there already a local DNS server on this network, for binding local computer names to IP addresses.  
- 
-:!: While not strictly necessary, being able to use names rather than numeric IP addresses makes configuration easier, and simplifies any changes you may need to make later, since IP addresses of the BLOCKS server and possibly other devices, are only stored in one place. 
- 
-Equipped with the above information, which you should be able to obtain from your network administrator, you can now change the settings of your BLOCKS server. Please refer to the instructions under [[blocks:server:first_start#basic_network_configuration|Basic Network Configuration]] to apply your new settings. You should now be able to connect the BLOCKS server to your existing network. 
- 
-:!: If you're also using the built-in DHCP server and/or DNS, you need to update their settings to match your new configuration, as described below. 
- 
- 
-==== Securing your Server ==== 
-In case you want to expose your Blocks server on a public network, such as one accessed over wifi by guests, or perhaps even from the Internet, there are a number of precautions you need to take. For instance, you should strongly consider using a [[blocks:server:nginx#https_domain_name_and_certificate|secure connection]] (https) to your server. That applies in particular if your server is exposed to the internet. You should also make sure to have a proper firewall in place. Such a firewall is often part of the networking infrastructure. If you have no external firewall in place, you should at least apply a software firewall, such as [[https://help.ubuntu.com/community/UFW|ufw]], which is included in our Linux server image. 
- 
-:!: Whenever in doubt, consult with professional security experts before exposing your server to public networks or the internet. 
-==== Assigning IP Addresses Automatically ==== 
- 
-A DHCP server automatically assigns IP addresses to some network devices, thus removing the need to specifying hard-coded IP addresses everywhere. Most networks have such a DHCP server, sometimes built into a router or similar device. If you already have such a DHCP server, you may prefer to keep it. If not, the BLOCKS server can perform this function as well (see [[#dhcp_server|DHCP Server]] below for details). 
- 
-:!: Some devices on the network must have known IP addresses, and can not use dynamically assigned addresses. This includes the BLOCKS server itself, as well as other devices acting as "servers", such as displays and projectors to be controlled over the network (e.g., to turn power off), MODBUS I/O modules, etc. Such devices can either be assigned a fixed address in its settings, or handed a known IP addresses by a DHCP server.  
- 
-In addition to automatically assigning IP addresses, the DHCP server also serves the following important functions: 
- 
-  * It tells clients where to find the DNS server (either an internal one or an external). 
-  * Initiates network booting of PIXILAB Player (more on that [[blocks:server:pxe-boot#configuring_the_dhcp_server|here]]). 
- 
-:!: If you want to network-boot PIXILAB Player with another DHCP server than the pre-configured in our Linux BLOCKS server, you need to manually add the required options to your DHCP server.  
- 
-==== Using a DNS Server for Accessing Computers by Name ==== 
- 
-A DNS server provides name lookups for clients on your network, allowing you to access the BLOCKS Server, and possibly other devices on the network, by name rather than by its IP address. This is particularly important if you want to allow guests to access BLOCKS using their own mobile devices, e.g. to create a mobile guide system. 
- 
-If your BLOCKS Server will be part of an existing network that has a local DNS server, all you  need to do is adding a name for your BLOCK Server to your DNS, pointing it to the fixed IP address of the BLOCKS server.  
- 
-If you're setting up a new network for use by BLOCKS, displays and other clients, you may want the server running BLOCKS to also act as a local DNS. Such functions are already installed and pre-configured in the Linux OS image. See [[#|below]] for how to enable those services, and where to find their settings. 
- 
-==== Configuring BLOCKS Server Options ==== 
- 
-Beginning with our Linux-based BLOCKS server dated 2020-05-14 and later, based on Ubuntu 20.04, there are a few additional options that can be selected. These options affect the behavior of the server in various ways, such as: 
- 
-  * Use a single BLOCKS server. 
-  * Run two BLOCKS servers in tandem for redundancy and fail-over. 
-  * Run a Display Spot on the screen of the BLOCKS server. 
-  * Show GUI windows indicating that BLOCKS is running, or hide such windows. 
- 
-You can switch among these options using a command included with the server, named option-select.sh. To use this command, do as follows: 
- 
-  - Start your Linux based BLOCKS server. 
-  - Once the desktop appears, click the Terminal icon in the icon bar on the left hand side (highlighted in the screenshot shown below). 
-  - Type **./option-select.sh** into the terminal window (note the leading period). 
- 
-{{ :blocks:server:advanced_server_configuration:option-config.png?nolink |}} 
- 
-Doing so shows the various options available, along with the currently selected options (//standalone// and //gui// in the screenshot shown above). 
- 
-To select another set of options, type those options after the command name. For instance, to use the sever's display as a Display Spot, type: 
- 
-<code> 
-./option-select.sh kiosk 
-</code> 
- 
-:!: Specifying the kiosk option implicitly also selects the //headless// option to avoid having any Blocks windows appearing on top of the Display Spot.  
- 
-Start BLOCKS either by clicking the PIXILAB icon in the icon bar or by typing the command: 
- 
-<code> 
-./start.sh 
-</code> 
- 
-Doing so will start BLOCKS along with a full-screen web browser connecting to BLOCKS as a Display Spot. Connect to BLOCKS using another computer to configure this display spot and add content to it. To get rid of the full-screen web browser, do as follows: 
- 
-  - Connect a keyboard to the server computer. 
-  - Press Alt-F4 to close the browser window. 
-  - Open a terminal window. 
-  - Type **./stop.sh** to stop the full screen browser from re-appearing. 
-  - Type the following command if you want to return to the stand-alone BLOCKS server mode: 
- 
-<code> 
-./option-select.sh standalone gui 
-</code> 
- 
-The command shown above also re-enables the GUI mode, making BLOCKS' window appear on screen while running. 
- 
-====Enable Optional server services==== 
-:!: **While additional services such as DNS and DHCP can be managed in many different ways, after all that is standard Linux server components well documented on the internet but we have documented most server management tasks using the server management tool Webmin.** 
- 
-=== Webmin  === 
- 
-Webmin provide a browser interface to manage a  server from the desktop or over the local network using a web browser. 
- 
- 
- 
-[[blocks:server:advanced_server_configuration:webmin|Enable webmin.]] 
- 
-  
- 
- 
-===DHCP Server === 
-A DHCP server automatically assigns IP addresses to some network devices, thus removing the need to specifying hard-coded IP addresses everywhere. Most networks have such a DHCP server, sometimes built into a router or similar device. If you already have such a DHCP server, you may prefer to keep it. If not, the BLOCKS server can perform this function as well 
- 
-[[blocks:server:advanced_server_configuration:dhcp_server|Enable the DHCP server]] 
- 
- 
-=== DNS Server === 
- 
-A DNS server provides name lookups for clients on your network, allowing you to access the BLOCKS Server, and possibly other devices on the network, by name rather than by its IP address. This is particularly important if you want to allow guests to access BLOCKS using their own mobile devices, e.g. to create a mobile guide system. 
- 
-[[blocks:server:advanced_server_configuration:dns_server|Enable the DNS server]] 
- 
- 
-=== Viewing Logs in Webmin=== 
- 
-When things don't work as expected, valuable information can often be found in various log files. Those exist as text files on the server itself, byt can be viewed remotely through webmin. 
- 
-[[blocks:server:advanced_server_configuration:webmin_logs|View logs in webmin]] 
- 
- 
-=== File Transfers and Sharing === 
- 
-Sometimes, you may want to copy files to/from the server. You can do so directly in webmin (under Others > File Manager). This can be useful for occasionally pulling or uploading a file from/to the server. You can, for instance, use this method to download archived log files from the server by selecting "File Manager" under "Others" in the menu on the left hand side, navigating to /home/pixi-server/PIXILAB-BLOCKS-root/logs and clicking the name of one of the "archived" log files. A similar method can be used to upload files to the server. 
- 
-However, it's often more convenient to connect to the server by mounting it as a network volume on your own laptop, rather than copying files back and forth. This makes the server files directly accessible, without having to copy them. 
- 
-[[blocks:server:advanced_server_configuration:samba|Enable SMB filesharing]] 
- 
-=== Server Redundancy === 
-While the Blocks server software is very robust, the complete system can never be more reliable than the hardware it runs on. If your Blocks server dies for some reason, your system will stop functioning. To safeguard agains such major disasters, you can install a //secondary// Blocks server in your system. 
- 
-{{ :blocks:server:mirror:mirroring.jpg?nolink |}} 
- 
-Specialized [[blocks:server:mirror|mirroring software]] running in the background keeps this second server in lock-step with the primary server – copying all changes across as they happen in real time. Should the main server die, you can immediately switch over to the mirror copy, and be back up and running in a matter of minutes. 
- 
- 
- 
-===== Uninterruptible Power Supply ===== 
- 
-For critical applications, we recommend the use of uninterruptible power supply (UPS) with the server. An UPS can shorten downtime and perform a controlled power down in the event of a power failure. Software for the popular [[https://www.apc.com/us/en/|APC]] brand of UPSes is preinstalled on server image version 191001 and later. 
- 
-[[blocks:server:advanced_server_configuration:ups|Enable Uninterruptible Power Supply]] 
- 
- 
- 
- 
-=====Configure PXE boot===== 
-In case you want to run PIXILAB Players by booting them from the server, rather than from a local disk or USB stick, you may want  set up the server for PXE booting of players. 
- 
-[[blocks:server:pxe-boot|Enable PXE boot ]]