Rock64 Webserver / NAS project
After the “Basic” configuration I got started with my webserver part,

1)     First, I started installing Apache
$ sudo apt install apache2
You can check this is working by surfing in your web browser to the IP address of your rock.

2)     Once this was working I installed Maria DB to have a database if needed     
$ sudo apt install mariadb-server
        The database server needs to be secured, I have done this by following command
$ sudo mysql_secure_installation
        Then I got some question :
                       Set root password [Y/n]                          Answer yes and set password
                       Remove anonymous users? [Y/n]           Answer yes
                       Disallow root login remotely? [Y/n]          Answer yes
                       Remove test DB an access to it? [Y/n]    Answer yes
                       Reload privilege tables now? [Y/n]           Answer yes
        You can check this is working with following commands
$ sudo mysql – u root -p
MariaDB [(none)]> show database;
MariaDB [(none)]> exit 

3)     After that I installed PHP with following command
$ sudo apt install php7.0 libapache2-mod-php7.0 php7.0-mysql php7.0-gd php7.0-opcache
        For this to take effect I restarted the apache server with following command
$ sudo systemctl restart apache2
        To check if PHP is working correctly I deleted the index.html file from the html folder and made a new index.php file with the phpinfo function
$ sudo rm /var/www/html/index.html
$ sudo nano /var/www/html/index.php
//Add following code in the index.php
<?php phpinfo(); ?>        
        You can check this is working by surfing in your web browser to the IP address of your rock.

4)     To add some extra security I installed a firewall to block all open ports on the rock 
$ sudo apt install ufw
        Of course not all our ports have to be blocked or the webserver cannot be accessed, I allowed next ports : 22 for SSH access, 80 for http access and 443 for https access.
$ sudo ufw allow 22
$ sudo ufw allow 80
$ sudo ufw allow 443       
        After entering thes ports I started up UFW
$ sudo ufw enable
        To check the open ports
$ sudo ufw status verbose

Used resource for 1 to 4 is

5)     To make access to the database easier I installed phpMyAdmin with following command   
$ sudo apt install phpMyAdmin
        While installing I got some questions:
        Web server to reconfigure?                                                     Chose apache2
        Config DB for phpMyAdmin with dbconfig-common?               Choose Yes
        Password of the DB admin user                                               Give the root password from MariaDB install
        MySQL app password for phpMyAdmin                                   Choose a password (this doesn’t need to be same as the root but it can)
        This completes the installation, then I still had to configure phpMyAdmin to Apache
$ sudo nano /etc/apache2/apache2.conf
//Add following code to the bottom of apache2.conf
Include /etc/phpmyadmin/apache.conf        
        Next I granted full access to the user phpMyAdmin in MariaDB so that I could connect to the DB outside “localhost”
$ sudo mysql – u root -p
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'phpmyadmin'@'localhost' WITH GRANT OPTION;
MariaDB [(none)]> exit       
        Then I restarted apache for the changes to take effect
$ sudo /etc/init.d/apache2 restart
        You can check this is working by surfing in your web browser to the IP address of your rock and adding /phpmyadmin to the IP address (example :

Used resource for 5 is

6)     Most of my projects I write are in Java so I needed to install Java and of course a tomcat server, first of all I started installing Oracle Java on my Rock (at the moment of installing 8u162 was the latest version, u will need to check to see what is now the latest version and change the command accordingly )
$ sudo wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie"
$ sudo tar -zxvf jdk-8u162-linux-arm64-vfp-hflt.tar.gz
$ sudo mv jdk1.8.0_162/ /usr/
$ sudo rm jdk-8u162-linux-arm64-vfp-hflt.tar.gz
$ sudo update-alternatives --install /usr/bin/java java /usr/jdk1.8.0_162/bin/java 2
$ sudo update-alternatives --config java        
        To verify the installation I checked the Java version
$ java -version
        At last I have set up the Environmental Variable’s in /etc/profile
$ sudo nano /etc/profile
//Added following code to the bottom of /etc/profile
export JAVA_HOME=/usr/jdk1.8.0_162/
export JRE_HOME=/usr/jdk1.8.0_162/jre/
export PATH=$JAVA_HOME/bin:$PATH      

7)     After installing Java we need a server to run Java projects, I installed tomcat 8 (at the moment of installing v8.5.28 was the latest version, you will need to check to see what is now the latest version and change the command accordingly )
        I started with making a low-privilege user to run the tomcat service
$ sudo groupadd tomcat
$ sudo mkdir /opt/tomcat
$ sudo useradd -g tomcat -d /opt/tomcat -s /bin/nologin tomcat       
        Then I downloaded and installed tomcat server
$ sudo wget
$ sudo tar -zxvf apache-tomcat-*.tar.gz
$ sudo mv apache-tomcat-8.5.28/* /opt/tomcat/
$ sudo rm  apache-tomcat-8.5.28.tar.gz
$ sudo chown -R tomcat:tomcat /opt/tomcat/        
        After installing I manual started tomcat with
$ sudo sh /opt/tomcat/bin/
//To stop tomcat manual use
$ sudo $ sudo sh /opt/tomcat/bin/        
        Because it’s not user friendly to start tomcat on each reboot cycle I added a system service
$ sudo nano /etc/systemd/system/tomcat.service
//I added following code to the new file tomcat.service
Description=Apache Tomcat 8.x Web Application Container
Environment='CATALINA_OPTS=-Xms512M -Xmx1G'
        For this system service file to work I needed to restart system daemon and then enable the service.
$ sudo systemctl daemon-reload
$ sudo systemctl enable tomcat    
        Now I can start tomcat with the following commands
$ sudo systemctl start tomcat
//To see the status of the service I can run the command
$ sudo systemctl status tomcat    
        To have access to the web GUI I needed to make an user in tomcat-user.xml
$ sudo nano /opt/tomcat/conf/tomcat-users.xml
// Add following code just above </tomcat-users>
<role rolename="admin-gui,manager-gui"/>
<user username="admin" password="XXX" roles="manager-gui,admin-gui"/> 
        The Tomcat admin web GUI is standard made to only allow access from the local host, since I’m using a headless system I need add some extra code so I can access the admin web GUI, I needed to change 2 files
$ sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml
//Change         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />     To
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.178.*" />
$ sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml
//Change         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />     To
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.178.*" />      
        I added |192.168.178.* so I’m not able to enter the admin web GUI when I’m not home, to make It’s accessible from anywhere you can add only |*
        Before the changes take effected I needed to restart my tomcat server
$ sudo systemctl restart tomcat
        Because I’m using UFW firewall I first had to add port 8080 to UFW and reload UFW
$ sudo ufw allow 8080
$ sudo ufw reload       
        You can check this is working by surfing in your web browser to the IP address of your rock and adding :8080 to the IP address (example :
Used resource for 6 and 7 is

8)     Because I don’t want to let my user surf to I wanted to link a subdomain to the tomcat server(Java) and my main domain the apache server(html and php), this is done by adding a proxy to mine .conf file in apache      
$ sudo nano /etc/apache2/sites-available/000-default.conf
//Add following code the bottom of the file
<VirtualHost *:80>
ProxyPreserveHost On
# setup the proxy
<Proxy *>
      Order allow,deny
      Allow from all
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
        I also changed the ServerName and Alias from the original virtual host to
        After adding this code I still needed to activate proxy in apache and restart the apache server
$ sudo a2enmod proxy
$ sudo a2enmod proxy_http
$ sudo service apache2 restart        
        Of course I also made the corresponding DNS records.
Used resource for 8
So now I have a working apache server that can run HTML and PHP on my main domain and a tomcat server that can run Java on a subdomain, both can access my database and I can easy access my database in a web GUI.
At last I also will implement HTTPS access, but I’m waiting for CertBot to implement wildcards in Apache.

