Mango Info
Some info on
Lawrie's mini Mango Ochre Emu home server, which is a modified
GL.iNet GL-MT300N-V2, a tiny, ultra-cheap, Chinese Mini Smart Router,
running OpenWRT.
For a tiny box using a MTK 7628NN 580MHz CPU with 16Mb flash & 128Mb RAM,
its doing a pretty good job! I'm using it both as a very low power server
that can be left on most of the time, as well as another box to play with :-)
Some Brief Notes on My Configuration
My setup has the Mango WAN ethernet port connected to my home wired LAN.
Hence needed to make some changes to allow management access via this port.
Then installed extra packages and config to work as my mini home server.
In brief, my configuration steps included:
- run through initial web based setup using WiFi, per
first-time_setup, including upgrade to latest firmware
- modified firewall config to allow access via WAN port for services on
ports:
22, 80, 443, 800
- switched to Luci web admin to configure SSH access & keys.
- login as root using ssh to continue configuration on command-line with
uci,
opkg
and assorted file edits
- disable WiFi once confirmed web mgmt & SSH access via WAN ethernet port
- configure hostname (uci set system)
- update dropbear (sshd) config to diable root password access (keys only)
(uci set dropbear)
- populate /etc/hosts with my local names
- use opkg to istall the following packages:
diffutils kmod-fs-cifs cifsmount kmod-ledtrig-heartbeat
banip luci-app-banip logrotate luaposix
lighttpd-mod-accesslog lighttpd-mod-auth lighttpd-mod-authn_file
- configure
SMB mount of TimeCapsule. nb. need options
sec=ntlm,vers=1.0,
add my /etc/init.d/mountcifs script to mount/umount as needed
- configure a couple of user accounts on system. nb create manually as
adduser not available, so edit
/etc/passwd, /etc/shadow,
make home dirs & set perms.
cf this ref
- configure backups & heartbeat cronjobs, update sysupgrade.conf to include
all my config files & key user areas
- configure
leds and updated /root/bins/led & web led scripts
- configure
lighttpd web server, including installing own SSL key & certificate,
mandatory authentication for all access, access logging, log rotation,
move glport config port to 800 (so config interface only accessed locally)
- configure
banip via Luci interface Services->banIP to auto block pesty IPs
<== -
Lawrie Brown - Thursday, 16-Sep-2021 16:51:26 AEST