Raspberry Pi as Server

The Raspberry Pi is the great device to set up a small server at home to be used for almost any purpose. It’s rather cheap, small, has a low power consumption footprint and there is a great community for it to get help from. There are tons of things to do with such a mini-server. However, the very first step always will be to get the system up and running.

The best Linux to install on the Raspberry Pi is probably Raspbian which is a Debian flavor (effectively, just Debian adopted for the Raspberry Pi). Raspbian is the most stable and best supported operating system for the Raspberry with lots of helpful support. The Raspberry Pi OS Linux comes in two flavors – a full system with almost everything included and a reduced, ‚lite‘ version without the graphical desktop which is the perfect choice to run the Raspberry as a server. Below is a description how to bring up the Raspberry with the lite linux version and do some fine-tuning so it is a solid basis to use it as a server.

Install Linux (Raspberry-Pi-OS-Lite)

Download the Raspberry-OS Lite zip package to your computer from raspberrypi.org. You should ensure the integrity of the download by checking the SHA-256 checksum provided on the download page. For Linux you can use the sha256sum shell command (typcially already installed and available).

Best solution is to use a SSD-drive (connected to the Raspberry via USB) but alternatively a SD-card can be used. Flash the SSD-drive or SD-card with the downloaded linux zip-package using etcher which is available from etcher.io (for Linux and Windows). Please note that there’s no need to unzip the Rasberry-OS file to burn the image (i.e. linux). After Etcher is finished and no errors are reported don’t remove the SD card yet! The card should be mounted autmatically as well.

Copy an empty file simply called „ssh“ (no file extension like .txt!) into the boot partition of the drive or card. Note: there should be two partitions, the other one is called „rootfs„, the boot partition is the one where the file „kernel.img“ is. This will enable remote ssh access to the Raspberry right on the first boot.

In the same directory you need to create a file called „userconfig.txt“ and put a username and encrypted password in it (just one line with ‚username:enc-passwd‘). A good username here would be just „admin“. You can get the encrypted password at the linux command-line with:

echo 'mypassword' | openssl passwd -6 -stdin 

If you want the Raspberry to connect to an existing WLAN right on first boot, create a file called „wpa_supplicant.conf in the same boot partition. On first boot Raspberry Pi OS will use this file to configure and connect to the WLAN. The file itself should contain at least the following information on the WLAN (and change the country-code to your needs):

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=us

network={
    scan_ssid=1
    ssid="My-WLAN-Name"
    psk="My-WLAN-Password"
}

Once done, connect the drive (or insert the SD-card) to the Raspberry. If WLAN is not used also connect it to the router (your internet gateway) with a LAN cable and finally power on the Raspberry.

Now connect to the Raspberry via ssh and confirm the new certificate that you’re asked for. The username is „pi“ so use „ssh pi@raspberrypi“ and the initial password is „raspberry„. If the password doesn’t work, try „raspberrz“ (due to a wrong keyboard layout) and ensure you’re on the same LAN as the Raspberry.

Once logged in on the terminal (command line) the first thing is to update the whole system – for this just type in:

sudo apt update
sudo apt upgrade -y

A reboot might be required. The next step is to change the basic configuration of the server via the special config-tool for the Raspberry. To start it, simply enter and confirm with the password:

sudo raspi-config

Change the following things within this configuration application:

  • Change hostname (option 1, S4)
  • Enable old, standard interface names (option 6, A4 – select „No“!)
  • Change localisation (option 5) – Locale: space and tab to select (UTF-8 preferred), select your timezone, and your wifi-country.
  • Expand filesystem (option 6, A1)
  • Change GPU memory to the minimum 16 (option 4, P2)

Upon „Finish“ you’re asked to reboot; do so and then log into the Raspberry once again (as user „pi“ with the new password just set).

Now you have a running system you can start using already. All the following steps are only optional and might or might not be helpful depending on what you want to achieve.

Some Optional Improvements

Create an additional user

To create a new user (e.g. your nickname; replace <username> with it):

sudo adduser <username>

You need to provide the password for that new user; all the rest being asked for can be left blank (just press Enter).

If you want this new user to also be able to use ’sudo‘ (i.e. having all rights of root), then also enable that user with:

sudo usermod --append --groups sudo <username>

Just in case you want to re-name a user: login as another, then:

sudo usermod --login admin --home /home/admin --move-home pi
sudo groupmod --new-name admin pi

Logout and login via ssh as admin.

SSH login without password

You can use keys instead of entering a password each time you log into the new server. If you’re coming from a Linux machine, then simply enter the following command on that other Linux device (if this is the first time you do this, then you might first need to generate the keys by entering ssh-keygen and simply press enter on the questions):

ssh-copy-id admin@my-new-server

Confirm once with the password – afterwards you will log into the new server without being asked for a password anymore (you identify yourself with the key on the machine your coming from).

You probably should repeat the above for other users on the same maching (e.g. the one created earlier on).

You can even improve the ssh login process even more by creating a configuration file for ssh on the server that you’re coming from:

nano ~/.ssh/config

and enter something like the following (adjust to your needs):

Host my-server1
    Hostname my-server1.mydomain
    User admin

Host raspberry
    Hostname raspberry.lan
    User alice

Then you can simply type ssh raspberry  and you’re logged into raspberry.lan as user alice right away. This alias configuration even works with scp as well.

Automatic security updates

One should also ensure that important security updates are installed automatically, i.e. unattended – this can be achieved with the following tool:

sudo apt install -y unattended-upgrades

and configure and enable it with (just confirm what is suggested):

sudo dpkg-reconfigure unattended-upgrades

Any updates are logged in the file /var/log/unattended-upgrades/unattended-upgrades.log.

Disable WLAN and/or Bluetooth

Most often the Bluetooth interface of the Raspberry Pi will not be used at all. Therefore, it’s a good security measure to simply disable it completely (just remember this):

sudo rfkill block bluetooth

and check it was sucessfull with:

sudo rfkill list

The same can be done with WLAN – if you’re setup and use case doesn’t require the WLAN at all just use the following:

sudo rfkill block wlan

and check the status like for Bluetooth above.

Welcome Text (motd)

If you don’t like the welcome text shown each time you log in you can easily change it by editing the motd file:

sudo nano /etc/motd

One could clear out anything or even add the hostname as ASCII art (check e.g. ascii.co.uk/text with the ’standard‘ font).

Shell behaviour

Something useful and a nice-to-have are a few shortcuts for shell commands often used. This can be easily achieved by

nano .bash_aliases

and then define aliases as wanted along these examples

alias l='ls -CF'
alias la='ls -A'
alias ll='ls -lF'
alias lla='ls -AlF'

alias check='curl https://check.torproject.org/api/ip ; echo'

To enable them right away just run (alternatively, one could just log out and back in):

source .bash_aliases

Again, you might probably want to repeat the above for any other user on that machine.

Last but not least it proved quite useful to change the prompt so it looks different for each server (this helps mixing up different machines). You can change the prompt in the file .bashrc; look for the variable PS1 and change it to your needs (there’s enough detailed information on the internet about the details).

Configure the nano editor

The way the nano editior is working can be changed (and improved) in its config file:

nano ~/.nanorc

with e.g. the follwing configs:

# Use smooth scrolling by default.
set smooth

# Use the blank line below the titlebar as extra editing space.
set morespace

# Use a tab size of number columns. The value of number must be greater than 0. The default value is 8.
set tabsize 4

# Specify the color combination to use for the titlebar. Valid color names for are:
# white, black, red, blue, green, yellow, magenta, and cyan. Either "fgcolor" or ",bgcolor" may be left out.
#set titlecolor fgcolor,bgcolor

# Enable the use of ~/.nano/search_history for saving and reading search/replace strings.
unset historylog

# Save a file by default in Unix format. This overrides nano's default behavior of saving a file in the format
# that it had.  (This option has no effect when you also use set noconvert.)
set unix

# Enable mouse support, if available for your system. When enabled, mouse clicks can be used to place the cursor,
# set the mark with a double click and execute shortcuts. The mouse will work in the X Window System, and on the
# console when gpm is running. Text can still be selected through dragging by holding down the Shift key.
set mouse

As with some other configurations you might want to repeat this for any other users on that device.

Stop the avahi service

The avahi service is only needed in case you want to connect to e.g. a printer or scanner etc. (a device relying on zeroconfig). On a headless server this is usually not needed and just causes unnecessary overhead on the server and the network. To disable avahi just apply:

sudo systemctl stop avahi-daemon.service 
sudo systemctl stop avahi-daemon.socket 
sudo systemctl disable avahi-daemon.service 
sudo systemctl disable avahi-daemon.socket

What to do with the Raspberry Server

There are lot’s of things that could be done with the Raspberry Pi server just enabled. Just A few ideas are:

or simply search the internet for tons of other ideas. Have fun, and happy ’serving‘!

image_pdfimage_print