This is a text-only version of the following page on https://raymii.org: --- Title : Installing Freedombox on Armbian on the Olimex Pioneer Author : Remy van Elst Date : 29-01-2020 URL : https://raymii.org/s/tutorials/Installing_Freedombox_On_Armbian_On_The_Olimex_A20_Pioneer.html Format : Markdown/HTML --- > [FreedomBox][1] is a private server for non-experts: it lets you install and configure server applications with only a few clicks. It runs on cheap hardware of your choice, uses your internet connection and power, and is under your control. Freedombox is a project that has been running for over 10 years and [last year the Pioneer][2] became available, officially supported and sanctioned by the Freedombox Foundation. This is a home server you can [buy from Olimex][7], comes in a nice metal case with a proper power supply, network cable, battery and SD card preloaded with Freedombox. Plug in and go. Perfect for users that don't want to tinker but do want their freedom and control. With the Pioneer, both the hardware and software are fully open source. The Pioneer case is metal and feels very high quality. The logo on it is beautiful. Under the hood there is a Lime 2 board (A20). Here's a picture: ![freedombox][11] This guide covers the installation of Freedombox and Debian for the Olimex A20 Lime2 Pioneer with Armbian including reinstalling, Apache SSL certificate and LDAP issues. <p class="ad"> <b>Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:</b><br><br> <a href="https://leafnode.nl">I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!</a><br><br> <a href="https://github.com/sponsors/RaymiiOrg/">Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.</a><br><br> <a href="https://www.digitalocean.com/?refcode=7435ae6b8212">You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days. </a><br><br> </p> I'm not sponsored by Olimex, I bought two Freedomboxes myself. There is also no referral link. I really love [Olimex][8], have been using their hardware since 2014, [made linux images][9] before Armbian was a thing and even have a [commit in the linux kernel][10] for the A10 board enabling USB OTG. I whole-heartedly recommend their hardware. ### Default Freedombox Pioneer Distribution The Pioneer comes with the operating system on SD card, but that is a customized version of Debian with a few things I dislike. **Do note, there is nothing wrong with that system if you want to run Freedombox as provided.** I however, do like a bit more control and tinkering. For example, the battery works, but you can't get the charge level or status. The filesystem is BTRFS and has a lot of logging enabled, causing way more writes than I like to the SD card. The `haveged` package is not installed, installing OpenVPN takes hours due to limited entropy during key generation As the Freedombox project is available as a "Debian Pure Blend", you can install it on any system that runs plain Debian. Even if you have a [IBM S/390 mainframe][3], you can install Freedombox because everything is available in the default Debian repository. You can install another Debian version on the Pioneer and install Freedombox on top of that, allowing for our own setup and customization. ### Armbian Armbian is a project that provides Debian and Ubuntu images for a variety of Arm boards, including the [Pioneer A20 Lime2][4]. Their Debian version is compiled for the specific arm board and has specific [tweaks][5] for performance and storage (reducing writes). It also includes a modern mainline kernel wich supports the battery. ![armbian][6] Follow the instructions on the Armbian site for their Debian version (not ubuntu). It's as simple as downloading the image and writing it to an SD card (either with `dd` or if you're on Windows, Balena Etcher). Boot up your Pioneer, login via SSH and setup the root password and a new user account. Armbian will ask you interactively. Do note that if you want to use the same username for Freedombox, you need to remove this user you've created: userdel USERNAME rm -rf /home/USERNAME I assume you will delete the user and use the root user for the rest of the setup of Freedombox. The installation of freedombox changes the authentication and login of the machine, so it's best not to setup users before installing freedombox. ### Installation of Freedombox The installation of Freedombox on Armbian is not as simple as just installing the package `freedombox`. You need another package otherwise the webserver won't start and you need to tell the package manager that you don't want to be asked questions. If you don't do that, your LDAP configuration will not work. Use the below command to install Freedombox: DEBIAN_FRONTEND=noninteractive apt-get install ssl-cert freedombox If you forget the `ssl-cert` package, the webserver won't start, it will log the following error: AH00526: Syntax error on line 32 of /etc/apache2/sites-enabled/default-ssl.conf: SSLCertificateFile: file '/etc/ssl/certs/ssl-cert-snakeoil.pem' does not exist or is empty Proceed to the `Reinstall` section of this article, since the setup has not been done correctly. You need to start over. ### Setup of Freedombox When the installation is completed, you will need to wait about 10 minutes or so for Freedombox to complete its initialization. You can follow what the setup is doing a bit by looking at the system log: journalctl -f Fire up your web browser, navigate to the IP of your Freedombox and it will tell you when it is ready. If the initialization is not yet done, the page will tell you so and it will auto refresh. You will be asked for a setup secret, which you can get with the following command: cat /var/lib/plinth/firstboot-wizard-secret Enter it on the webpage and continue. If you get an error with the user creation, related to LDAP, you also have a problem and need to reinstall. If you don't, most things will sort of work, except for single sign on and authentication. An LDAP error looks like this: ![ldap error][12] If there are no errors, your setup is complete and you can start using your Freedombox. ### LDAP issues If you do have LDAP issues, or log messages like below, or a setup page which never completes and the below lines repeating in the log, and the ldap server restarting, you need to reinstall. Proceed to the `Reinstall` section of this article. Jan 29 08:51:19 freedombox nslcd[27778]: [8b4567] <group/member="root"> ldap_result() failed: No such object Jan 29 08:51:19 freedombox nslcd[27778]: [8b4567] <group/member="root"> ldap_result() failed: No such object Jan 29 08:51:19 freedombox nslcd[27778]: [7b23c6] <group/member="plinth"> ldap_result() failed: No such object Jan 29 08:51:19 freedombox nslcd[27778]: [7b23c6] <group/member="plinth"> ldap_result() failed: No such object Jan 29 08:51:19 freedombox nslcd[27778]: [3c9869] <group="fbx"> ldap_result() failed: No such object Jan 29 08:51:19 freedombox sudo[27939]: plinth : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/share/plinth/actions/users first-setup If you manually execute the `first-setup` command a more descriptive error message is given: Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.47+dfsg-3+deb10u1... done. Moving old database directory to /var/backups: Backup path /var/backups/unknown-2.4.47+dfsg-3+deb10u1.ldapdb exists. Giving up... ### Fail2ban warning Your log might contain the following message from fail2ban, and it might repeat often: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ban.pid -> /run/fail2ban/fail2ban.pid; please update the unit file accordingly. It's related to [this issue][13] and a fix is available [here][14]. I don't like log that are contaminated with messages like this and an easy fix is available. This is a one line fix that applies the patch: sed -i 's:/var/run:/run:g' /lib/systemd/system/fail2ban.service Restart fail2ban: systemctl daemon-reload systemctl restart fail2ban ### Reinstall If you've messed up the setup or have issues afterwards, you can reinstall Freedombox. You do need to remove a few things manually, otherwise the reinstall will fail. **Do note that you will loose all data and applications configured with Freedombox**. Even local backups that you make via the backup module are lost. Create a remote (ssh) backup if you want an easy way to restore, or download a backup to your machine first. Here are the commands to remove everything and reboot afterwards: apt-get purge freedombox rm -rf /var/lib/dpkg/info/slapd.* dpkg --remove --force-remove-reinstreq slapd dpkg --purge slapd apt-get autoremove --purge # (Confirm the removal of ldap from nsswitch.conf) rm -rf /etc/ldap* rm -rf /var/lib/ldap* rm -rf /var/backups/* rm -rf /etc/apache2 rm -rf /etc/php rm -rf /var/run/avahi-daemon rm -rf /etc/firewalld/zones reboot After rebooting, you can (re) install freedombox. ### Reinstalling an application If you want to reinstall an application inside Freedombox, you must first remove it manually via the commandline. An example for OpenVPN: apt-get purge openvpn Then tell Freedombox that it is removed: echo "delete from plinth_module where name='openvpn';" | sqlite3 /var/lib/plinth/plinth.sqlite3 There is no way to do this via the webinterface. ### Update freedombox from backports Armbian includes the debian backports repository, so if you want a newer version of Freedombox than is available in debian stable, you can install it from backports without needing to upgrade your entire system to debian testing or unstable. __Security updates are not provided by the debian security team for backports. If security updates are provided, it's on a best effort base.__ To install or upgrade Freedombox from backports use the following command: DEBIAN_FRONTEND=noninteractive apt-get -t buster-backports install ssl-cert freedombox A warning is given in the Freedombox UI if you use the backports version: ![backports][15] If you need to install an application from backports, there are [instructions here][16], mirrored below. Edit the sources list: apt edit-sources Replace `stable` in the file with `unstable`. Comment out the lines containing `testing-updates` or `stable-backports`. Update the sources list: apt update Install the application from FreedomBox web interface. Afterwards edit the sources again: apt edit-sources Replace `unstable` with `stable`. Don't forget to uncomment the `updates` or `backports` lines that were commented earlier. Update the sources list again: apt update **Always change back the sources list file, otherwise, the automatic updates that run each night will update your entire freedombox to debian unstable**. [1]: https://freedombox.org/ [2]: https://freedomboxfoundation.org/news/launching_sales/ [3]: https://www.debian.org/ports/s390/ [4]: https://www.armbian.com/olimex-lime-2/ [5]: https://docs.armbian.com/#what-is-armbian [6]: /s/inc/img/armbian.png [7]: https://www.olimex.com/Products/OLinuXino/Home-Server/Pioneer-FreedomBox-HSK/open-source-hardware [8]: /s/tags/olimex.html [9]: https://olimex.wordpress.com/2015/02/20/building-debian-linux-image-for-a20-olinuxino-lime2-with-mainline-kernel-3-19-new-tutorial-by-remy-van-elst/ [10]: https://github.com/torvalds/linux/commit/b7b1d645bb7a3dab4be9d4114cbe319b67a45c01 [11]: /s/inc/img/pioneer-edition.png [12]: /s/inc/img/ldap-error.png [13]: https://github.com/fail2ban/fail2ban/issues/2474 [14]: https://github.com/fail2ban/fail2ban/commit/d5a5efcd5af272372153e86436d7c8cde2ddf66d [15]: /s/inc/img/backports.png [16]: https://wiki.debian.org/FreedomBox/QuestionsAndAnswers#A_FreedomBox_application_has_been_removed_from_testing.2Fstable._How_do_I_manually_install_it.3F --- License: All the text on this website is free as in freedom unless stated otherwise. This means you can use it in any way you want, you can copy it, change it the way you like and republish it, as long as you release the (modified) content under the same license to give others the same freedoms you've got and place my name and a link to this site with the article as source. This site uses Google Analytics for statistics and Google Adwords for advertisements. You are tracked and Google knows everything about you. Use an adblocker like ublock-origin if you don't want it. All the code on this website is licensed under the GNU GPL v3 license unless already licensed under a license which does not allows this form of licensing or if another license is stated on that page / in that software: This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. Just to be clear, the information on this website is for meant for educational purposes and you use it at your own risk. I do not take responsibility if you screw something up. Use common sense, do not 'rm -rf /' as root for example. If you have any questions then do not hesitate to contact me. See https://raymii.org/s/static/About.html for details.