Skip to content

Commit

Permalink
Readme Updated
Browse files Browse the repository at this point in the history
Moved Instructions to GitHub Wiki to consolidate stuff.
  • Loading branch information
sciguy14 committed Jan 25, 2016
1 parent 80cc99f commit 53713c1
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 67 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
config.php
config.php
Thumbs.db
73 changes: 7 additions & 66 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,73 +1,14 @@
REMOTE WAKE/SLEEP-ON-LAN SERVER
=========================
This is a simple webapp that runs on your Raspberry Pi to turn it into a remotely accessible Wake/Sleep-On-LAN Server. This is very useful when you have high-powered machine that you don't want to keep on all the time, but that you want to keep remotely accessible for Remote Desktop, SSH, FTP, etc. A detailed guide on how this software works, how to set it up, and more is available at my website. You should follow the instructions ony website first to get your network setup. Then, come back here and follow these instructions to get your Raspberry Pi set up correctly.
REMOTE WAKE/SLEEP-ON-LAN SERVER *(RWSOLS)*
==========================================
The Remote Wake/Sleep-on-LAN Server (RWSOLS) is a simple webapp that runs on your Raspberry Pi to turn it into a remotely accessible Wake/Sleep-On-LAN Server. This is very useful when you have a high-powered machine that you don't want to keep on all the time, but that you want to keep remotely accessible for Remote Desktop, SSH, FTP, etc. Wake-On-LAN packets cannot be forwarded through a router, so to wake up a remote machine behind a router, you need to have something on its local network to wake it up. That's where RWSOLS comes in. RWSOLS can control an unlimited number of remote machines on its local network, and is capable of waking them up (any OS) or putting them to sleep (only Windows remote machines). It can be configured to use SSL encryption or it can be run over traditional HTTP.

Follow these instructions first:
[http://www.jeremyblum.com/2013/07/14/rpi-wol-server/](http://www.jeremyblum.com/2013/07/14/rpi-wol-server/)
A very detailed set of [installation instructions](https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server/wiki/Installation) can be found in the GitHub Wiki.

This guide was updated on January 24th, 2016. It assumes that you are using a freshly installed copy of [Raspian Jessie Lite](https://www.raspberrypi.org/downloads/raspbian/) on any version of the Raspberry Pi.

I can't guarantee that this will work with older versions of Raspian or older versions of Apache (These instructions are tested on Apache 2.4.10).
You'll also find a description of [how it works](https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server/wiki/How-it-Works), [an FAQ](https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server/wiki/Notes-and-FAQs), and a list of [relevant terminology](https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server/wiki/Terminology) on the Wiki.

This guide assumes you've already gone through the setup steps listed on [my website](http://www.jeremyblum.com/2013/07/14/rpi-wol-server/), and that you're connected to your Pi over SSH or via the console. It assumes that you're logged in via a normal user (pi), not root.

Setting up your Pi
------------------
### Getting Setup
* First, install the packages we'll need:
`sudo apt-get install wakeonlan apache2 php5 git php5-curl libapache2-mod-php5`
* The PHP server uses the built-in ping command to check if the remote machine is awake or not. Give all users on the pi permission to ping by executing this command:
`` sudo chmod u+s `which ping` ``
* Now, clone this repository:
`git clone https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server.git`
* Apache 2 (as of version 2.4) keeps web files at /var/www/html. Let's take ownership of that directory:
`sudo chown pi: /var/www/html`

### Enabling Encryption
Enabling TLS/SSL encryption is recommended, but not required. If you don't want encryption, you can skip this section. If you do want to enable encryption, complete these steps, which create the required keys and enable SSL support within Apache 2:
* `sudo mkdir /etc/apache2/ssl`
* `sudo openssl genrsa -out /etc/apache2/ssl/wol.key 2048`
* `sudo openssl req -new -key /etc/apache2/ssl/wol.key -out /etc/apache2/ssl/wol.csr`

At this point you will be asked some questions, most of which have no impact on the running of your service. You can accept the default values, or fill in answers. However, the "Common Name" should be the name of the dynamic DNS you have setup, ("wol.example.com" for example) and the password should be left blank so that the Pi can load it on boot without prompting you for a password.
For more info, see [my blog post about RWSOLS](http://www.jeremyblum.com/2013/07/14/rpi-wol-server/) on my website.

Finish configuring the Apache SSL Support:
* `sudo openssl x509 -req -days 10 -in /etc/apache2/ssl/wol.csr -signkey /etc/apache2/ssl/wol.key -out /etc/apache2/ssl/wol.crt`
* `sudo mv -f Remote-Wake-Sleep-On-LAN-Server/ssl.conf /etc/apache2/mods-available/ssl.conf`
* `sudo a2enmod ssl`

### Setting up the Apache 2 Server and Securing it
If you chose to not enable encryption, resume following the instructions here.
* Enable the headers mod and restart apache:
`sudo a2enmod headers`
`sudo service apache2 restart`
* Move the site config file over to the Apache available sites config folder:
`sudo mv -f Remote-Wake-Sleep-On-LAN-Server/000-default.conf /etc/apache2/sites-available/000-default.conf`
* Make some config adjustments to improve security:
`sudo sed -i.bak "s/expose_php = On/expose_php = Off/g" /etc/php5/apache2/php.ini`
`sudo sed -i.bak "s/E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED/error_reporting = E_ERROR/g" /etc/php5/apache2/php.ini`
`sudo sed -i.bak "s/ServerSignature On/ServerSignature Off/g" /etc/apache2/conf-available/security.conf`
`sudo sed -i.bak "s/ServerTokens OS/ServerTokens Prod/g" /etc/apache2/conf-available/security.conf`
* Restart the Apache 2 Service:
`sudo service apache2 restart`
* Move the Website files over to the serving directory:
`mv Remote-Wake-Sleep-On-LAN-Server/* /var/www/html`
`mv Remote-Wake-Sleep-On-LAN-Server/.htaccess /var/www/html`
`rm -rf Remote-Wake-Sleep-On-LAN-Server/`
`rm -f /var/www/html/index.html`
`mv /var/www/html/config_sample.php /var/www/html/config.php`

### Finishing the Configuration
Now, the Apache 2 server is setup and secured. It's serving up your site. But, before it works, you need to adjust the configuration values to match your network setup. Open the config file and adjust the values to match your network setup:
`nano /var/www/html/config.php`

You'll need to enter a value for `$APPROVED_HASH` and optionally **turn on SSL enforcing (do this if you followed the above steps to enable encryption by setting `$USE_HTTPS` to `true`)**. To generate an approved hash, think of the password you want to use, and use the website linked from the config file to generate the one-way hash. Then paste that in to the config file. Don't forget to also set the other parameters in the config file, including the IP and MAC address of the computer you want to control.

Additional Notes
----------------
You will also likely want to port forward from your router to the Pi so that this service is accessible externally. If you are using TLS/SSL you most likely want your port forward to point to TCP/443 on the Pi, if unencrypted you probably want TCP/80. More details about how to do that are included in the tutorial on my blog.

And finally, a short warning that self-signed certificates are not perfect. They will likely cause a warning message in your browser. This is because the certificate is not linked to a trusted certificate authority (CA). The implications of this are that a Man-in-the-Middle attacker could theoretically insert a certificate that they control into your communication with the Pi and as a result would be able to read the encrypted messages being transferred. In summary, encryption using a self-signed certificate is not perfect, but better than none at all.
If you're having problems with getting RWSOLS working, check the [FAQ](https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server/wiki/Notes-and-FAQs) first, or [the comments](http://www.jeremyblum.com/2013/07/14/rpi-wol-server/#comments) on my blog. If you still can't get it to work, please [create a GitHub issue](https://github.com/sciguy14/Remote-Wake-Sleep-On-LAN-Server/issues) with specific details.

License
-------
Expand Down

0 comments on commit 53713c1

Please sign in to comment.