Difference between revisions of "Skynet Software Wiki:Setup Pi"
Jump to navigation
Jump to search
m (→Setup CUPS: Add allow from customers IP address text.) |
(Added how to add a printer via Ethernet, made some links unclickable, few other small changes.) |
||
Line 33: | Line 33: | ||
= Securing SSH and setting up the UFW firewall = | = Securing SSH and setting up the UFW firewall = | ||
− | For further reference, see https://www.cups.org/doc/firewalls.html | + | For further reference, see [https://www.cups.org/doc/firewalls.html CUPS UFW Firewall page] |
#sudo nano /etc/ssh/sshd_config | #sudo nano /etc/ssh/sshd_config | ||
#*Add "AllowUsers skynet" | #*Add "AllowUsers skynet" | ||
Line 91: | Line 91: | ||
#sudo usermod -a -G lpadmin skynet | #sudo usermod -a -G lpadmin skynet | ||
#sudo cupsctl --remote-any | #sudo cupsctl --remote-any | ||
− | #https://{internal_ip}:631 -> "Edit Configuration" and add this line to the bottom: | + | #<nowiki>https://{internal_ip}:631</nowiki> -> "Edit Configuration" and add this line to the bottom: |
MaxJobs 0 | MaxJobs 0 | ||
#Location "Location /" and "Location /admin" and replace the content with: | #Location "Location /" and "Location /admin" and replace the content with: | ||
Line 103: | Line 103: | ||
#Once saved, make sure "Allow printing from the internet" is ticked. | #Once saved, make sure "Allow printing from the internet" is ticked. | ||
− | = Add printer to CUPS - Zebra GK420d | + | = Add printer to CUPS - Zebra GK420d = |
− | #https://{internal_ip}:631 (change IP as required, user/pass is the skynet one) | + | |
− | #Administration | + | == USB == |
− | ##Select "Zebra Technologies ZTC GK420d (Zebra Technologies ZTC GK420d)" from the "Local Printers" list | + | #<nowiki>https://{internal_ip}:631</nowiki> (change IP as required, user/pass is the skynet one) |
− | ##Change "Name" to something simple - e.g. customer01, Description/Location as required and tick "Share This Printer" -> "Continue". | + | #Click "Administration" then "Add Printer". |
− | ##Model - Select "Zebra ZPL Label Printer (en)" and "Add Printer" | + | ##Select "Zebra Technologies ZTC GK420d (Zebra Technologies ZTC GK420d)" from the "Local Printers" list then click "Continue". |
− | #Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options" | + | ##Change "Name" to something simple - e.g. customer01, Description/Location as required and tick "Share This Printer" then click "Continue". |
− | #*Media Size -> "4.00x6.00" -> "Set Default Options" | + | ##Model - Select "Zebra ZPL Label Printer (en)" then click "Add Printer". |
+ | #Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options". | ||
+ | #*Media Size -> "4.00x6.00" -> "Set Default Options". | ||
+ | |||
+ | == Ethernet == | ||
+ | #<nowiki>https://{internal_ip}:631</nowiki> (change IP as required, user/pass is the skynet one) | ||
+ | #Click "Administration" then "Add Printer". | ||
+ | ##Select "AppSocket/HP JetDirect" from the "Other Network Printers:" list then click Continue. | ||
+ | ##Put "socket://<IP Address of printer> into the "Connection:" box then click "Continue". | ||
+ | ##Change "Name" to something simple - e.g. customer01, Description/Location as required, tick "Share This Printer" then click "Continue". | ||
+ | ##Model - Select "Zebra ZPL Label Printer (en)" and click "Add Printer". | ||
+ | #Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options". | ||
+ | #*Media Size -> "4.00x6.00" -> "Set Default Options". | ||
= Customer Firewall Setup = | = Customer Firewall Setup = | ||
Line 119: | Line 131: | ||
= Add Printer to Spitfire (Recon) = | = Add Printer to Spitfire (Recon) = | ||
Now add the printer via Recon: | Now add the printer via Recon: | ||
− | #https://recon.spitfire-ams.co.uk:631/ | + | #<nowiki>https://recon.spitfire-ams.co.uk:631/</nowiki> |
#"Administration" -> "Add Printer" -> "Internet Printing Protocol (ipp)" | #"Administration" -> "Add Printer" -> "Internet Printing Protocol (ipp)" | ||
#ipp://skynet:{password}@{public_ip_address}:631/printers/{name} | #ipp://skynet:{password}@{public_ip_address}:631/printers/{name} | ||
Line 137: | Line 149: | ||
sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' /home/pi/.config/chromium/Default/Preferences | sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' /home/pi/.config/chromium/Default/Preferences | ||
sed -i 's/"exit_type":"Crashed"/"exit_type":"Normal"/' /home/pi/.config/chromium/Default/Preferences | sed -i 's/"exit_type":"Crashed"/"exit_type":"Normal"/' /home/pi/.config/chromium/Default/Preferences | ||
− | /usr/bin/chromium-browser --noerrdialogs --disable-infobars --kiosk http://sams.spitfire-ams.co.uk/tablet_scan.php & | + | /usr/bin/chromium-browser --noerrdialogs --disable-infobars --kiosk <nowiki>http://sams.spitfire-ams.co.uk/tablet_scan.php</nowiki> & |
#sudo nano /lib/systemd/system/kiosk.service | #sudo nano /lib/systemd/system/kiosk.service |
Revision as of 10:23, 27 May 2021
Contents
- 1 Setting up a Raspberry Pi
- 2 Setting up a new internal user
- 3 Securing SSH and setting up the UFW firewall
- 4 Setting up fail2ban for SSH
- 5 Make the Raspberry Pi Static
- 6 Setup CUPS
- 7 Add printer to CUPS - Zebra GK420d
- 8 Customer Firewall Setup
- 9 Add Printer to Spitfire (Recon)
- 10 Setting up Pi as a Kiosk
- 11 After Testing
Setting up a Raspberry Pi
- Put the Pi together.
- Connect to WiFi / Cable.
- Select "Raspberry Pi OS Lite"
- user pi, password raspberry
- Note the IP address
- sudo apt-get purge wolfram-engine scratch scratch2 nuscratch sonic-pi idle3 -y
- sudo apt-get purge smartsim java-common minecraft-pi libreoffice* -y
- sudo apt-get clean
- sudo apt-get autoremove -y
- sudo apt-get update
- sudo apt-get upgrade
- sudo apt-get dist-upgrade
- sudo apt-get install xdotool unclutter sed
- passwd - and note the new password.
- sudo raspi-config
- Interface Options
- P1, P3, P4, P5, P7, P8 - All "No".
- P6 - Set to "No" then "No" again.
- P2 - Set to "Yes"
- Localisation Options
- Timezone - set to "Europe" then "London".
- WLAN Country - set to "GB".
- Locale - set to "en_GB.UTF-8"
- Interface Options
Setting up a new internal user
- sudo adduser skynet - note the new password.
- It will ask for a Full Name - set this as "Spitfire Support" - for the other options just press Enter
- sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi skynet
- "sudo su - skynet" - double check this works fine.
- Logout of SSH and re-login as skynet.
- sudo pkill -u pi
Securing SSH and setting up the UFW firewall
For further reference, see CUPS UFW Firewall page
- sudo nano /etc/ssh/sshd_config
- Add "AllowUsers skynet"
- sudo systemctl restart ssh
- sudo apt install ufw
- sudo ufw allow ssh
- sudo ufw allow 631
- sudo ufw allow 5353
- sudo ufw allow 53
- sudo ufw enable
- sudo ufw limit ssh/tcp
- sudo ufw allow from 84.92.64.163 to any port 22 (Plusnet)
- sudo ufw allow from 212.140.134.122 to any port 22 (Lea House)
- sudo ufw allow from 217.182.136.107 to any port 22 (Recon)
- sudo ufw allow from 192.168.0.0/16 to any port 22
- sudo ufw allow from Customer's IP Address to any port 22
- sudo ufw allow from 84.92.64.163 to any port 631
- sudo ufw allow from 212.140.134.122 to any port 631
- sudo ufw allow from 217.182.136.107 to any port 631
- sudo ufw allow from 192.168.0.0/16 to any port 631
- sudo ufw allow from Customer's IP Address to any port 631
- sudo ufw allow from 84.92.64.163 to any port 5353
- sudo ufw allow from 212.140.134.122 to any port 5353
- sudo ufw allow from 217.182.136.107 to any port 5353
- sudo ufw allow from 192.168.0.0/16 to any port 5353
- sudo ufw allow from Customer's IP Address to any port 5353
- sudo ufw allow from 84.92.64.163 to any port 53
- sudo ufw allow from 212.140.134.122 to any port 53
- sudo ufw allow from 217.182.136.107 to any port 53
- sudo ufw allow from 192.168.0.0/16 to any port 53
- sudo ufw allow from Customer's IP Address to any port 53
Setting up fail2ban for SSH
- sudo apt install fail2ban -y
- sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- sudo nano /etc/fail2ban/jail.local - and add the following:
[ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = -1
Make the Raspberry Pi Static
- sudo nano /etc/dhcpcd.conf
interface wlan0 (or eth0 if ethernet) static ip_address=192.168.1.155/24 (or as required) static routers=192.168.1.254 (or as required) static domain_name_servers=192.168.1.254 (or as required)
- sudo nano /etc/hostname
- Change the hostname to something - and keep track of it.
Setup CUPS
- sudo apt install cups
- sudo usermod -a -G lpadmin pi
- sudo usermod -a -G lpadmin skynet
- sudo cupsctl --remote-any
- https://{internal_ip}:631 -> "Edit Configuration" and add this line to the bottom:
MaxJobs 0
- Location "Location /" and "Location /admin" and replace the content with:
Order allow,deny Allow from localhost Allow from 84.92.64.163 Allow from 212.140.134.122 Allow from 217.182.136.107 Allow from 192.168.1.* Allow from <Customers' IP Address>
- Once saved, make sure "Allow printing from the internet" is ticked.
Add printer to CUPS - Zebra GK420d
USB
- https://{internal_ip}:631 (change IP as required, user/pass is the skynet one)
- Click "Administration" then "Add Printer".
- Select "Zebra Technologies ZTC GK420d (Zebra Technologies ZTC GK420d)" from the "Local Printers" list then click "Continue".
- Change "Name" to something simple - e.g. customer01, Description/Location as required and tick "Share This Printer" then click "Continue".
- Model - Select "Zebra ZPL Label Printer (en)" then click "Add Printer".
- Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options".
- Media Size -> "4.00x6.00" -> "Set Default Options".
Ethernet
- https://{internal_ip}:631 (change IP as required, user/pass is the skynet one)
- Click "Administration" then "Add Printer".
- Select "AppSocket/HP JetDirect" from the "Other Network Printers:" list then click Continue.
- Put "socket://<IP Address of printer> into the "Connection:" box then click "Continue".
- Change "Name" to something simple - e.g. customer01, Description/Location as required, tick "Share This Printer" then click "Continue".
- Model - Select "Zebra ZPL Label Printer (en)" and click "Add Printer".
- Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options".
- Media Size -> "4.00x6.00" -> "Set Default Options".
Customer Firewall Setup
Now make sure the following ports are forwarded to the printer from the external firewall (change as required) - if any of these are changed, you will need to change the above steps as well.
- 631 for cups
- 22 for ssh
Add Printer to Spitfire (Recon)
Now add the printer via Recon:
- https://recon.spitfire-ams.co.uk:631/
- "Administration" -> "Add Printer" -> "Internet Printing Protocol (ipp)"
- ipp://skynet:{password}@{public_ip_address}:631/printers/{name}
- "Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options"
- Resolution to 300 dpi
- Override A4 with Letter to "No"
- "Set Default Options"
Setting up Pi as a Kiosk
- sudo nano /home/pi/kiosk.sh
#!/bin/bash export DISPLAY=:0 xset s noblank xset s off xset -dpms unclutter -idle 0.5 -root & sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' /home/pi/.config/chromium/Default/Preferences sed -i 's/"exit_type":"Crashed"/"exit_type":"Normal"/' /home/pi/.config/chromium/Default/Preferences /usr/bin/chromium-browser --noerrdialogs --disable-infobars --kiosk http://sams.spitfire-ams.co.uk/tablet_scan.php &
- sudo nano /lib/systemd/system/kiosk.service
[Unit] Description=Chromium Kiosk Wants=graphical.target After=graphical.target
[Service] Environment=DISPLAY=:0.0 Environment=XAUTHORITY=/home/pi/.Xauthority Type=simple ExecStart=/bin/bash /home/pi/kiosk.sh Restart=on-abort User=pi Group=pi
[Install] WantedBy=graphical.target
- sudo systemctl enable kiosk.service
- sudo systemctl start kiosk.service
- sudo nano /home/pi/.config/autostart/kiosk.desktop
[Desktop Entry] Type=Application Name=Kiosk Exec=/home/pi/kiosk.sh X-GNOME-Autostart-enabled=true
- sudo chmod 755 kiosk.sh
- sudo chown pi:pi kiosk.sh
After Testing
Once all of the above has been completed, you can test a print locally. Before sending it off to the customer, make sure to comment out the settings from "/etc/dhcpcd.conf" under "Make the Raspberry Pi Static" are commented out, as then it'll be easier to locate it on the customers network and repeat any firewall steps.