From 74992aaa27eb384128924c4a3b93052961a3eaab Mon Sep 17 00:00:00 2001 From: Christian Cleberg Date: Sat, 27 Apr 2024 17:01:13 -0500 Subject: test conversion back to markdown --- content/blog/2022-10-22-alpine-linux.md | 281 ++++++++++++++++++++++++++++++++ 1 file changed, 281 insertions(+) create mode 100644 content/blog/2022-10-22-alpine-linux.md (limited to 'content/blog/2022-10-22-alpine-linux.md') diff --git a/content/blog/2022-10-22-alpine-linux.md b/content/blog/2022-10-22-alpine-linux.md new file mode 100644 index 0000000..2bc43cd --- /dev/null +++ b/content/blog/2022-10-22-alpine-linux.md @@ -0,0 +1,281 @@ ++++ +date = 2022-10-22 +title = "Alpine Linux: My New Server OS" +description = "" +draft = false ++++ + +# Alpine Linux + +[Alpine Linux](https://alpinelinux.org) is a very small distro, built on +musl libc and busybox. It uses ash as the default shell, OpenRC as the +init system, and apk as the package manager. According to their website, +an Alpine container \"requires no more than 8 MB and a minimal +installation to disk requires around 130 MB of storage.\" An actual bare +metal machine is recommended to have 100 MB of RAM and 0-700 MB of +storage space. + +Historically, I\'ve used Ubuntu\'s minimal installation image as my +server OS for the last five years. Ubuntu worked well and helped as my +original server contained an nVidia GPU and no onboard graphics, so +quite a few distros won\'t boot or install without a lot of tinkering. + +Alpine has given me a huge increase in performance across my Docker apps +and Nginx websites. CPU load for the new server I\'m using to test +Alpine hovers around 0-5% on average with an Intel(R) Core(TM) i3-6100 +CPU @ 3.70GHz. + +The only services I haven\'t moved over to Alpine are Plex Media Server +and Syncthing, which may increase CPU load quite a bit depending on how +many streams are running. + +## Installation + +In terms of installation, Alpine has an incredibly useful +[wiki](https://wiki.alpinelinux.org/wiki/Installation) that will guide a +user throughout the installation and post-installation processes, as +well as various other articles and guides. + +To install Alpine, find an appropriate [image to +download](https://alpinelinux.org/downloads/) and flash it to a USB +using software such as Rufus or Etcher. I opted to use the Standard +image for my x86~64~ architecture. + +Once the USB is ready, plug it into the machine and reboot. Note that +you may have to use a key such as `Esc` or `F1-12` +to access the boot menu. The Alpine Linux terminal will load quickly and +for a login. + +To log in to the installation image, use the `root` account; +there is no password. Once logged-in, execute the setup command: + +```sh +setup-alpine +``` + +The setup script will ask a series of questions to configure the system. +Be sure to answer carefully or else you may have to re-configure the +system after boot. + +- Keyboard Layout (Local keyboard language and usage mode, e.g., us + and variant of us-nodeadkeys.) +- Hostname (The name for the computer.) +- Network (For example, automatic IP address discovery with the + \"DHCP\" protocol.) +- DNS Servers (Domain Name Servers to query. For privacy reasons, it + is NOT recommended to route every local request to servers like + Google\'s 8.8.8.8 .) +- Timezone +- Proxy (Proxy server to use for accessing the web. Use \"none\" for + direct connections to the internet.) +- Mirror (From where to download packages. Choose the organization you + trust giving your usage patterns to.) +- SSH (Secure SHell remote access server. \"Openssh\" is part of the + default install image. Use \"none\" to disable remote login, e.g. on + laptops.) +- NTP (Network Time Protocol client used for keeping the system clock + in sync with a time-server. Package \"chrony\" is part of the + default install image.) +- Disk Mode (Select between diskless (disk=\"none\"), \"data\" or + \"sys\", as described above.) + +Once the setup script is finished, be sure to reboot the machine and +remove the USB device. + +```sh +reboot +``` + +## Post-Installation + +There are many things you can do once your Alpine Linux system is up and +running, and it largely depends on what you\'ll use the machine for. +I\'m going to walk through my personal post-installation setup for my +web server. + +1. Upgrade the System + + First, login as `root` in order to update and upgrade the + system: + + ```sh + apk -U upgrade + ``` + +2. Adding a User + + I needed to add a user so that I don\'t need to log in as root. Note + that if you\'re used to using the `sudo` command, you + will now need to use the `doas` command on Alpine Linux. + + ```sh + apk add doas + adduser + adduser wheel + ``` + + You can now log out and log back in using the newly-created user: + + ```sh + exit + ``` + +3. Enable Community Packages + + In order to install more common packages that aren\'t found in the + `main` repository, you will need to enable the + `community` repository: + + ```sh + doas nano /etc/apk/repositories + ``` + + Uncomment the community line for whichever version of Alpine you\'re + running: + + ```sh + /media/usb/apks + http://dl-cdn.alpinelinux.org/alpine/v3.16/main + http://dl-cdn.alpinelinux.org/alpine/v3.16/community + #http://dl-cdn.alpinelinux.org/alpine/edge/main + #http://dl-cdn.alpinelinux.org/alpine/edge/community + #http://dl-cdn.alpinelinux.org/alpine/edge/testing + ``` + +4. Install Required Packages + + Now that the community packages are available, you can install any + packages you need. In my case, I installed the web server packages I + need for my services: + + ```sh + doas apk add nano nginx docker docker-compose ufw + ``` + +5. SSH + + If you didn\'t install OpenSSH as part of the installation, you can + do so now: + + ```sh + doas apk add openssh + ``` + + Next, either create a new key or copy your SSH key to the server + from your current machines: + + ```sh + # Create a new key + ssh-keygen + ``` + + If you need to copy an existing SSH key from a current machine: + + ```sh + # Copy key from existing machines + ssh-copy-id @ + ``` + +6. Firewall + + Lastly, I installed `ufw` above as my firewall. To set + up, default to deny incoming and allow outgoing connections. Then + selectively allow other ports or apps as needed. + + ```sh + doas ufw default deny incoming + doas ufw default allow outgoing + doas ufw allow SSH + doas ufw allow "WWW Full" + doas ufw allow 9418 # Git server port + ``` + +7. Change Hostname + + If you don\'t like the hostname set during installation, you just + need to edit two files. First, edit the simple hostname file: + + ```sh + doas nano /etc/hostname + ``` + + ```sh + + ``` + + Next, edit the `hosts` file: + + ```sh + doas nano /etc/hosts + ``` + + ```sh + 127.0.0.1 .local localhost.local localhost + ::1 .local + ``` + +# Nginx Web Server + +To set up my web server, I simply created the `www` user and +created the necessary files. + +```sh +doas adduser -D -g 'www' www +mkdir /www +doas mkdir /www +doas chown -R www:www /var/lib/nginx/ +doas chown -R www:www /www +``` + +If you\'re running a simple webroot, you can alter the main +`nginx.conf` file. Otherwise, you can drop configuration +files in the following directory. You don\'t need to enable or symlink +the configuration file like you do in other systems. + +```sh +doas nano /etc/nginx/http.d/example_website.conf +``` + +Once the configuration is set and pointed at the `/www` +directory to serve files, enable the Nginx service: + +```sh +# Note that 'default' must be included or Nginx will not start on boot +doas rc-update add nginx default +``` + +# Docker Containers + +Docker works exactly the same as other systems. Either execute a +`docker run` command or create a +`docker-compose.yml` file and do +`docker-compose up -d`. + +# Git Server + +I went in-depth on how to self-host a git server in another post: +[Self-Hosting a Personal Git Server](../git-server/). + +However, there are a few differences with Alpine. First note that in +order to change the `git` user\'s shell, you must do a few +things a little different: + +```sh +doas apk add libuser +doas touch /etc/login.defs +doas mkdir /etc/default +doas touch /etc/default/useradd +doas lchsh git +``` + +# Thoughts on Alpine + +So far, I love Alpine Linux. I have no complaints about anything at this +point, but I\'m not completely finished with the migration yet. Once +I\'m able to upgrade my hardware to a rack-mounted server, I will +migrate Plex and Syncthing over to Alpine as well - possibly putting +Plex into a container or VM. + +The performance is stellar, the `apk` package manager is +seamless, and system administration tasks are effortless. My only regret +is that I didn\'t install Alpine sooner. -- cgit v1.2.3-70-g09d2