Set up a Raspberry Pi Server

• Enable SSH. It allows you access the command line of a Raspberry Pi remotely from another computer or device on the same network.

1. Option A: sudo raspi-config, Interface Options, SSH. raspi-config helps you to configure your Raspberry Pi. It enables you to configure various settings of your Raspbian PI, such as the keyboard layout, the timezone, the password for the pi user, the SSH access, etc.
2. Option B. Enable and start the SSH service: sudo stystemctl enable ssh. sudo systemctl start ssh.
3. In order to connect to your Raspberry Pi from another machine. you can use SSH: Putty (Windows) or

   ssh [email protected]
   # Raspberry's IP address. If you don't know it, open a Terminal window and type: hostname -I which will reveal your Raspberry Pi’s IP address). 
   # You may want to create an alias in your .bashrc: 
   alias sshpi = 'ssh [email protected]'
   

4. SSH Key-Based Authentication. Generate an SSH key pair on the client (your local computer): ssh-keygen. By default, the keys will be stored in the ~/.ssh directory, the private key will be called id_rsa and the associated public key will be called id_rsa.pub. Finally, copy the public key to the Pi server:

     ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
   

5. Custom Login or MOTD: sudo bash -c $‘echo “neofetch” » /etc/profile.d/mymotd.sh && chmod +x /etc/profile.d/mymotd.sh’
6. Set up and use X11 forwarding. It allows you to run GUI-based applications that are running on the remote server but displaying on your local machine: A. vim /etc/ssh/sshd_config: “X11Forwarding yes”. B. Restart sshd service: sudo systemctl restart ssh. These steps are already set up in your Raspberry Pi. C. If you want to allow the use of graphical applications, you need to add -Y flag: ssh -Y [email protected], and try vlc & or geany &.

• VNC. It allows your Raspberry Pi to be viewed and controlled remotely.

1. Raspberry Pi: sudo raspi-config, Interface Options, VNC.
2. Client. Download and install VNC Viewer. Enter your VNC Server address (Raspberry address).

• BerryBoot allows you to put multiple Linux distributions on a single SD card.

1. Clean the SD. We will use Raspberry Pi Imager. It provides a quick and easy way to install Raspberry Pi OS and other operating systems to a microSD card (sudo apt install rpi-imager). Open Raspberry Pi Imager: Accessories, Imager. Click Choose OS, select Erase. Format card as FAT32 from the list. Click Choose Storage and select your SD.
2. Download and extract berryboot.zip to the newly formatted SD card.
3. Insert the SD card in your Raspberry Pi and turn it on.
4. Set the appropriate video scan option, network connection (Wired or Wifi), timezone, and keyboard layout.
5. Disk selection: select where you want to store the operating system: on the SD card itself, on an external USB stick/disk. Select which operating system you want to install.
6. BerryBoot menu editor, Add OS: add another operating system to the boot menu: Ubuntu, Debian Wheezy Raspbian, Twister OS, etc.
7. Add OS manually to BerryBoot. Download custom berry images (.img.gz) and extract it (.img) on an USB stick. BerryBoot menu editor, Add OS, Copy OS from USB stick and select the image on the USB (twister_os…berryboot.img).

• VPN creates a secure tunnel between your device and the internet. This allows you some level of anonymous networking.

1. PiVPN is the simplest way to setup and manage a VPN, designed for Raspberry Pi. Download a script and start the install process: curl -L https://install.pivpn.io | bash.

2. Interface: eth0/wlan, Do you want to use your current network settings as a static address? 192.168.1.7/24. Yes. Basically, it confirms your current IP address for your Raspberry Pi. Enter your desired IPv4 default gateway: 192.168.0.1 (Router’s IP address).

3. Choose a user: pi.

4. Unattended Upgrades (OK), Protocol (UDP), OpenVPN Port: 1194.

5. Public IP or DNS: type your static IP (If you don’t know it yet, you can use services like WhatIsMyIp.com ). Obviously, you need a static public IP. Otherwise, you will use a free dynamic DNS service, such as NoIP.com or Duck DNS, and port forward the VPN traffic to your Raspberry Pi in your router. In this case, select DNS Entry. What is the public DNS name of this Server? justtothepoint.ddns.net (a more detailed explanation will be given further in step 9).

6. DNS Provider for your VPN clients: Google.

7. Create a client ovpn profile: pivpn add (client). It will generate a client.ovpn for that client in /home/pi/ovpns. You’ll need this to log in on each client device.

8. Let’s configure the client. Copy the VPN client configuration file from the Raspberry PI:

   scp [email protected]:~/ovpns/client.ovpn . 
   

   scp [source [email protected]]:/[source directory and file name] [destination directory]). Install TunnelBlink in the client computer and open client.ovpn in TunnelBlink. Test: ping 10.8.0.1 (VPN private IP).

9. If you don’t have a static IP, you need a dynamic DNS provider. Let’s see no-ip.com: Dynamic DNS, Create Hostname: Hostname (justtothepoint), Domain (ddns.net), Record Type (DNS Host(A)), IPv4 Address (your IP).

   Dynamic DNS is a service for allowing an Internet domain name (e.g., justtothepoint.ddns.net) to be assigned to a computer with dynamic IP addresses.

10. Access your router: http://192.168.1.1. Advanced configuration, Advanced Setup, DNS, Dynamic DNS: D-DNS provider (No-IP), Hostname (justtothepoint.ddns.net), NOIP Setting (NoIP’s user and password).

11. Setting up port forwarding for dynamic dns. Port Forwarding (Puertos), Create a port forwarding rule. Name (Nombre Regla de Puertos: VPN), Private IP Address (Dirección IP: Raspberry’s IP), Public Port (Abrir Puerto/Rango externo: 1194), Private Port (Abrir Puerto/Rango interno: 1194), Protocol (UDP).

12. Go to your Android device, first install and then launch the OpenVPN Connect app. OPVN Profile, Import Profile (You need to copy the OpenVPN configuration file “client.ovpn” to your Android and navigate to the folder where you have saved the file).

Uninstall VPN: pivpn uninstall. List connected clients: pivpn clients.

• Pi-hole. The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.

1. Installing Pi-hole. First, download the script and run the installer: curl -sSL https://install.pi-hole.net | bash

2. Choose An Interface: tun0/eth0/wlan0 (VPN, Ethernet, WiFi). Select Upstream DNS Provider (which DNS server the Pi-hole should use to resolve IPs/domains): Google. Pi-hole relies on third party lists (with unwanted ad domains): *StevenBlack, *MalwareDom. Select Protocols: *IPv4, *IPv6.

3. Do you want to use your current network settings as a static address? Typically you will answer Yes and jump to step 5 directly. We will answer No. Enter your desired IPv4 address: 10.8.0.1/24 (OpenVPN server’s static IP address: ip a show dev tun0). Enter your desired IPv4 default gateway: 192.168.1.1 (default router IP).

4. Update OpenVPN config to force all DNS requests to Pi-Hole: sudo vi /etc/openvpn/server.conf

   #Stop using Google DNS for our OpenVPN 
   #push "dhcp-option DNS 8.8.8.8" 
   #push "dhcp-option DNS 8.8.4.4" 
   push "dhcp-option DNS 10.8.0.1"
   

5. Restart the openvpn service: sudo systemctl restart openvpn. Change your pihole password: pihole -a -p. Other useful commands: PiHole Status (pihole status), Update PiHole (pihole -up).

6. Access the web interface for your PiHole, http://10.8.0.1/admin or http://192.168.1.7/admin.

7. You will also need to configure the client devices: Settings, Wi-Fi/Ethernet, DNS: Pi-hole’s IP address (192.168.1.7).

8. If you have setup PiHole and OpenVPN on your Raspberry Pi, you can go to your router and change your DNS settings so that it points to your PiHole server. Open a browser and type http://192.168.1.1/. The password is usually on the back of the router.

   Advanced Setup, DNS, DNS Server Configuration, Use the following Static DNS IP address: Pi-hole’s IP address (192.168.1.7). Besides, we could set up the DHCP server in the router, just navigate through Advanced Setup, LAN (Local Area Network (LAN) Setup): Enable DHCP, 192.168.1.40 (Start IP address)-192.168.1.254 (End IP address).

9. Uninstall Pi-hole: pihole uninstall.

10. Disable PiHole for 30 minutes: pihole disable 30m.

11. Add custom blocklists. Access the Pi-hole’s Web Interface in your browser by going to http://Raspberry’sIP/admin. Navigate through Adlist, Groups. Add a new adlist.

    You can find adlists or, more technically, their URLs in The Firebog. Run pihole -g or update your gravity list (list of blocked domains) online after modifying your adlists: http://Raspberry’sIP/admin/gravity.php. You may want to check: pihole -q www.xhamster.com.