Advanced Server Configuration

The setup procedure outlined in "First Start" gets you up and running with a working and secure BLOCKS server. The basic system set up in "First Start" used its own, separate, small network, where each computer had a fixed IP address, assigned manually. While that's useful for getting up and running and making sure everything works, it's not practical for everyday use. This article describes various options for configuring BLOCKS and for integrating it with another, already existing network:

  • Changing the IP address of the BLOCKS computer, along with other network settings, making it fit within an existing network.
  • Assigning IP addresses automatically to most computers on the network using a DHCP server.
  • Using a DNS server for accessing important computers on the network, such as the BLOCKS server, by name rather than by IP address.
  • Configuring some additional options of the BLOCKS server, such as the ability to use it as a Display Spot as well as a server, or activating the mirroring server for building redundancy.

Changing the BLOCKS server's IP Address

If you're building a new network for BLOCKS, we recommend that you stick with the addresses and other settings established in First Start, with the BLOCKS server at 10.2.0.10 and a network mask of 255.255.0.0. These settings match default settings in other parts of the server's configuration, and provide ample room for display spots and other network devices, both with fixed and automatically assigned IP addresses.

However, if you need to integrate BLOCKS into an already existing network, you will likely have to change the server's IP address and other network settings to match the existing network. The information you need before you can do so is:

  • What fixed IP address can I use for the BLOCKS server.
  • What netmask should I use (often a group of numbers such as 255.255.255.0 or 255.255.0.0).
  • Does this network have Internet access? If so, what's the IP address of the gateway. This is often an IP address similar to others on your network, but ending in 1, such as 10.2.0.1.
  • Does this network already have a DHCP server for allocating IP addresses automatically?
  • Is there already a local DNS server on this network, for binding local computer names to IP addresses.

:!: While not strictly necessary, being able to use names rather than numeric IP addresses makes configuration easier, and simplifies any changes you may need to make later, since IP addresses of the BLOCKS server and possibly other devices, are only stored in one place.

Equipped with the above information, which you should be able to obtain from your network administrator, you can now change the settings of your BLOCKS server. Please refer to the instructions under Basic Network Configuration to apply your new settings. You should now be able to connect the BLOCKS server to your existing network.

:!: If you're also using the built-in DHCP server and/or DNS, you need to update their settings to match your new configuration, as described below.

Assigning IP Addresses Automatically

A DHCP server automatically assigns IP addresses to some network devices, thus removing the need to specifying hard-coded IP addresses everywhere. Most networks have such a DHCP server, sometimes built into a router or similar device. If you already have such a DHCP server, you may prefer to keep it. If not, the BLOCKS server can perform this function as well (see DHCP Server below for details).

:!: Some devices on the network must have known IP addresses, and can not use dynamically assigned addresses. This includes the BLOCKS server itself, as well as other devices acting as "servers", such as displays and projectors to be controlled over the network (e.g., to turn power off), MODBUS I/O modules, etc. Such devices can either be assigned a fixed address in its settings, or handed a known IP addresses by a DHCP server.

In addition to automatically assigning IP addresses, the DHCP server also serves the following important functions:

  • It tells clients where to find the DNS server (either an internal one or an external).
  • Initiates network booting of PIXILAB Player (more on that here).

:!: If you want to network-boot PIXILAB Player with another DHCP server than the pre-configured in our Linux BLOCKS server, you need to manually add the required options to your DHCP server.

Using a DNS Server for Accessing Computers by Name

A DNS server provides name lookups for clients on your network, allowing you to access the BLOCKS Server, and possibly other devices on the network, by name rather than by its IP address. This is particularly important if you want to allow guests to access BLOCKS using their own mobile devices, e.g. to create a mobile guide system.

If your BLOCKS Server will be part of an existing network that has a local DNS server, all you need to do is adding a name for your BLOCK Server to your DNS, pointing it to the fixed IP address of the BLOCKS server.

If you're setting up a new network for use by BLOCKS, displays and other clients, you may want the server running BLOCKS to also act as a local DNS. Such functions are already installed and pre-configured in the Linux OS image. See below for how to enable those services, and where to find their settings.

Configuring BLOCKS Server Options

Beginning with our Linux-based BLOCKS server dated 2020-05-14 and later, based on Ubuntu 20.04, there are a few additional options that can be selected. These options affect the behavior of the server in various ways, such as:

  • Use a single BLOCKS server.
  • Run two BLOCKS servers in tandem for redundancy and fail-over.
  • Run a Display Spot on the screen of the BLOCKS server.
  • Show GUI windows indicating that BLOCKS is running, or hide such windows.

You can switch among these options using a command included with the server, named option-select.sh. To use this command, do as follows:

  1. Start your Linux based BLOCKS server.
  2. Once the desktop appears, click the Terminal icon in the icon bar on the left hand side (highlighted in the screenshot shown below).
  3. Type ./option-select.sh into the terminal window (note the leading period).

Doing so shows the various options available, along with the currently selected options (standalone and gui in the screenshot shown above).

To select another set of options, type those options after the command name. For instance, to use the sever's display as a Display Spot, type:

./option-select.sh kiosk

:!: Specifying the kiosk option implicitly also selects the headless option to avoid having any Blocks windows appearing on top of the Display Spot.

Start BLOCKS either by clicking the PIXILAB icon in the icon bar or by typing the command:

./start.sh

Doing so will start BLOCKS along with a full-screen web browser connecting to BLOCKS as a Display Spot. Connect to BLOCKS using another computer to configure this display spot and add content to it. To get rid of the full-screen web browser, do as follows:

  1. Connect a keyboard to the server computer.
  2. Press Alt-F4 to close the browser window.
  3. Open a terminal window.
  4. Type ./stop.sh to stop the full screen browser from re-appearing.
  5. Type the following command if you want to return to the stand-alone BLOCKS server mode:
./option-select.sh standalone gui

The command shown above also re-enables the GUI mode, making BLOCKS' window appear on screen while running.

Introducing Webmin

Most services on a Linux server are at their core enabled and configured using various text files. As those can be hard to find, and even harder to modify in the proper way, a web based graphical user interface is provided, called Webmin. This is already installed in the Linux server image.

The Webmin user interface can be accessed remotely, over the network, using a web browser. However, enabling webmin requires local access through a terminal window. So you may want to do this as part of your initial setup, while you have a keyboard connected to the server. Once this first step has been done, remaining configurations can all be done through the browser-based user interface.

If webmin has been disabled and you wish to enable webmin, first switch to the pixi-admin user through the menu in the top right hand corner of the screen.

When requested, type in the password you assigned to the pixi-admin user in "First Start". Once you've switched to the pixi-admin user, open the Terminal using the button in the left hand panel.

Type the following two commands into the terminal window, one by one

sudo systemctl enable webmin

sudo systemctl start webmin

When asked for your password, type the password assigned to the pixi-admin user (the one you used when switching to this user). Nothing will appear on screen as you type the password into the Terminal window, but the password still takes effect. The first of the two commands enables webmin for future server starts. The second command starts it now, so you can use webmin right away without having to restart the server.

Using another computer, connected to the same network, open a web browser and type in the IP address of your BLOCKS Server, followed by a colon and the number 10000. You may also access webmin from a brower started on the server by typing https://localhost:10000 in the address bar.

:!: You may see a warning message when first accessing webmin. This warning is caused by the kind of certificate used by webmin to encrypt the communication. You need to convince your web browser that this is normal, asking it to store a certificate exception for this server, thereby avoiding this warning in the future.

The start screen of webmin shows some basic information about your server.

DHCP Server

The DHCP server configuration is found under Servers/DHCP Server in the menu shown on the left hand side. Click that item to open the "DHCP Server" panel.

Scroll down a bit and click the "Edit Network Interface" button. In the list that appears, make sure that your Ethernet interface is selected, then click Save.

:!: The exact name shown for your Ethernet interface (in the illustration above "enp2s0") may vary. If you have multiple ethernet interfaces, you may need to revisit Networking menu to learn about the proper network interface name.

Return to the "DHCP Server" page and click the small, red pen symbol in the top right hand corner of the rectangle with the 10.2.0.0 IP address. This opens the configuration for this subnet.

As you may recall from the "Network Configuration" section of the First Start article, we gave the server the IP address "10.2.0.10", with a netmask of "255.255.0.0" (or "16" as this is sometimes called). Hence, the BLOCKS server is in the "10.2.0.0" subnet, which is the subnet about to be managed by this DHCP server. If you gave the server another IP address for some reason, you need to adjust the subnet address managed by the DHCP server accordingly, which is done in the "Network address" field.

Here, you also specify the range of addresses allocated to dynamic clients. You typically want a small number of addresses reserved for network devices that need a fixed IP address (such as the BLOCKS Server itself). In this example, we're allowing the DHCP server to dynamically allocate address in the 10.2.5.1 through 10.2.16.254 range, giving us loads of dynamic adresses, while all addresses below 10.2.5.1 can be used for fixed IP address, as those are off limits for the DHCP server. You can adjust those numbers as you see fit. Click the green "Save" button at the bottom of the window if you make any changes.

Client Options

In addition to merely handing out dynamically assigned IP addresses to clients, a DHCP server can also inform clients of other important pieces of information. Those are called "Client Options". To review those options, first return to the top level "DHCP Server" view, then click the "Edit Client Options" button.

The following options have been specified here. Again, you may need to adjust those as appropriate if you change the server's address or other network-related options.

  • Subnet mask. Specifies the type of subnet being used (in this case a B-class).
  • Domain name. Informs clients about the default domain name, which in this case refers to the name to be given to the BLOCK Server.
  • Broadcast address. Consists of the base network address with 255 in the last segment, and is used for some specialized network functions.
  • DNS server. The IP address of the DNS to be used by DHCP clients. The address shown here is the address of the BLOCKS Server itself, which we'll configure to use as a DNS later in this article. Leave empty if you don't want to use a DHS server, or modify as appropriate if you prefer to use another DNS server already available to you.
  • Default router. Enter the router address to be used by clients if you want them to have access to the internet or other "outer" network. The router is a separate piece of hardware, sitting between the BLOCKS Server's network and another, outer network (possibly the Internet). The router typically has an address ending in ".1". Remove this field if you don't want to provide access to any outside network.
  • Boot filename. Set to "grub/grubnetx64.efi.signed " as shown above and select this radiobutton instead of None. This option supports network (PXE) booting of PIXILAB Player with BLOCKS 3.

Click the green "Save" button at the bottom of the window if you make any changes.

:!: If your DHCP server is already up and running, you need to click the green "Start Server" button at the bottom of the the top level "DHCP Server" window to activate those changes. Existing clients may need to disconnect and then re-connect to the network to pick up any changes.

Enabling and Starting the DHCP Server

To start your DHCP server, and to make sure that it will start automatically if the server is restarted, select "Bootup and Shutdown" under System in the menu on the left hand side. Once the list of services appear, type dhcp into the filter field in the top right hand corner to see only relevant services. Put a checkmark next to "ics-dhcp-server.service" as shown below, then click "Start Now and on Boot". Return to this page, filter on dhcp again, and verify that both the "Start at boot" and "Running now" columns read "Yes" for the service you just enabled. The service will automaticly start the "ics-dhcp-server".

Verify Operation of the DHCP Server

Once the DHCP server is properly configured and started, connect another computer to the same network, and set it to use "Automatic" or "DHCP" addressing mode. This will cause it to look for a DHCP server on the network, obtaining its address and other settings from there. Here we're using a Mac set to "Automatic". Once it connects to the network (indicated by the green circle next to the interface name), the settings obtained from the DHCP server appear as "IP Address", "Subnet Mask", "Router" and "DNS Server". The values indicated here should match your DHCP server settings, as described above.

If you don't get any values in those fields, here are some points to check

  • Check that the DHCP server is indeed running (see above).
  • Ensure that your separate computer is connected to the same network as the server (open a terminal window and type "ping 10.2.0.10" to verify that it reaches the server).
  • If you just made changes to your separate computer's network settings, make sure you've clicked any "Apply" button to make those changes take effect.

:!: Macs may take 1-2 minutes to connect properly to DHCP (showing a "green light" in the settings) if no internet connection can be found, which will be the case here since we're on a small local test network.

DNS Server

The procedure for configuring and enabling the DNS server is similar to the one used for the DHCP server above. Start by selecting "BIND DNS Server" under "Servers" in the list on the left hand side. This displays a window with a number of buttons at the top. Scroll down a bit a locate the rectangle named "pixi.guide".

Click the red pen symbol in the top right hand corner of this rectangle. This opens the "Edit Master Zone" window shown below. Here, click the "Addresses" button.

The next window lists all name-to-address bindings.

The name "pixi.guide" is pre-configured pointing to the IP address of the BLOCKS server (here assuming that the server is configured as set up in the First Start article). If you use a different address for the server on your network, it must be changed accordingly here.

:!: There's also an alias (CNAME) record named "int.pixi.guide" that points back to "pixi.guide", which is used in some cases and should be left in place.

As a side note, the name given to the server (here "pixi.guide") is somewhat arbitrary. Since this DNS server applies only to your internal network, and isn't visible on the Internet, you can choose any valid domain name you want. However, PIXILAB recommends that you go with the "pixi.guide" name for the following reasons:

  • It's the name we will use for any services and applications that need to access the server on your local network.
  • It exists also as a real domain on the Internet, informing any visitors that they need to select your local wifi before they can access your mobile guide.

The second point above is important if you provide guide functionality for your visitors using their own mobile devices. Such guide functionality is then typically accessed by first choosing your local wifi network provided for this purpose, then accessing the server using an easy-to-remember name (here "pixi.guide"). If your visitors overlook the need to first choose your local wifi network, and just enter the name into their browser, they may only get a cryptic error message if there's nothing responding to that name. By also having an Internet server responding to the name, your visitors will instead get a meaningful message, telling them what to do.

If you need to change the addess of the server, click the server name (shown in blue on the previous illustration). This opens the window shown below. Here, change the address as appropriate and click Save.

If you make any changes to the DNS server while it is running, click the "Apply Configuration" button shown in the top, right hand corner.

Enabling and Starting the DNS Server

To start your DNS server, and to make sure that it will start automatically if the server is restarted, select "Bootup and Shutdown" under System in the menu on the left-hand side. Once the list of services appears, type named into the filter field in the top right hand corner to see only relevant services. Put a checkmark next to "named.service" and "named", as shown below, then click "Start Now and on Boot". Return to this page, filter on named again, and verify that both the "Start at boot" and "Running now" columns read "Yes" for the services you just enabled.

Create a new DNS Zone Master Record

This article is related to a general network topic outside the scope of blocks. We strongly recommend that you consult with a network professional for assistance in this area.

To use your own domain name, add a Zone Master Record. If visitors can use their own devices for accessing your server by this name, use a domain name that you own. You can then also publish instructions on an internet-accessible web server advising visitor to log on to the local wifi first. In this example, we'll add the “my.guide” domain, which will work alongside the default "pixi.guide" domain.

Start by logging in to webmin, by entering [your servers IP address]:10000 into the address field of your browser. If you do this from a browser on the server itself, you can type localhost:10000 into the address field. Log in as pixi-admin. Select Servers/BIND DNS Server in the left-hand menu.

Click the Create master zone button, then enter your domain name, the server address and an email address.

Finally, click the "Create" button. You have now created a Master Zone, now we need to add a A-record to the zone. This is done by clicking the new Master Zone Records icon, then click the Address button.

Enter your domain name and the IP address of your server and click create.

Finally, restart the DNS-server or the computer. (This can be done in webmin, System/Bootup and shutdown, search for named, select named.service and click the restart button).

Update DNS records for a new server IP address

If you change the IP address of computers on the network you wish to reach by name, you must also make the corresponding changes to the DNS records for those computers.

  • Use Webmin.
  • Select BIND DNS Server under the Servers heading on the left hand side.
  • Click the pixi.guide zone button.

  • Click the Addresses button.

Image Edit master zone.png

  • Click the pixi.guide. record to open the edit window.
  • Enter the desired IP address.
  • Click save.

Image pixi.guide address record

Restart the DNS server by clicking the "rotary arrow" button in the top right hand corner of the main "BIND DNS Server" page.

Verify Operation of the DNS Server

To verify that the DNS server is running and response properly, open a terminal window on a separate computer on the same network, and type

nslookup pixi.guide

This will attempt to look up the name given to the server. If your other computer is indeed using your newly configured DNS server, it should look up the name there, and give you a result like this.

This response provides you with the following information:

  • The server being used is at address 10.2.0.10 (which is the address of the BLOCKS server, now also acting as a DNS server).
  • The adress being resolved for the name "pixi.guide" is 10.2.0.10 (again, the address of the BLOCKS server).

Here are some things to check if you don't get the expected response:

  • Ensure that your separate computer is connected to the same network as the server (open a terminal window and type "ping 10.2.0.10" to verify that it reaches the server).
  • Are you using the BLOCKS Server as the DHCP server, as described earlier in this article? If so, it should provide your separate computer with its own IP address as the DNS adress. See under Verify Operation of the DHCP Server above.
  • Are there other enabled network interfaces on your separate computer? If so, that network can specify another DNS which may take precedence. This will be indicated by the Server address shown not being the IP address of the local BLOCKS server. If so, disconnect that network and try again.

Editing DHCP Server settings

If you're using the built-in DHCP server, you need to change its settings if you change the IP address of the server.

  • Use Webmin.
  • Select DHCP server under the Servers heading on the left hand side.
  • Click the icon for your subnet (initially named 10.2.0.0)
  • Change its settings to match your network.

As an example, to configure a lass C network with the base address 192.168.0.0:

  • Set the "Network address" to the base address of your network.
  • Set "Netmask to 255.255.255.0.
  • Set "Address ranges" to 192.168.0.25-192.168.0.254 (defines the range of dynamically assigned addresses).
  • Click save.

  • Back on the main "DHCP Server" page, click "Edit Clients Options" button at the bottom of the window.
  • Specify "Default router", "Broadcast address" and "DNS server" and "Subnet mask" as appropriate for your network (see example below).
  • Click Save.

Restart the DHCP server using those new configurations by clicking the "Start Server" button at the bottom of the main "DHCP Server". Then restart the devices that use dynamically assigned addresses to pick up those changes.

Viewing Logs

When things don't work as expected, valuable information can often be found in various log files. Those exist as text files on the server itself, byt can be viewed remotely through webmin.

To view a log file, select "System Logs" under "System" in the menu on the left hand side. This shows a list of log files. Click the View button (outlined in red below) to view the log file of the BLOCK Server program. It is a possible to map any log to the webmin System Logs view by clicking "Add a new system log" button and configure the path to the log file and select the message type to log.

While viewing the log, you can specify that you only want to see log messages that include some specific text (such as the word ERROR), and to increase the number of lines shown.

:!: The method described above shows only the current log file. PIXILAB BLOCKS also archives several old log files in its "logs" directory, which may be useful when diagnosing events that happened in the past.

For general server errors, not specific to the BLOCKS Server program, it is sometimes valuable to check the "syslog" file in the same way. For example, if you run into trouble with the DHCP or DNS server, this log may reveal why.

File Transfers and Sharing

Sometimes, you may want to copy files to/from the server. You can do so directly in webmin (under Others > File Manager). This can be useful for occasionally pulling or uploading a file from/to the server. You can, for instance, use this method to download archived log files from the server by selecting "File Manager" under "Others" in the menu on the left hand side, navigating to /home/pixi-server/PIXILAB-BLOCKS-root/logs and clicking the name of one of the "archived" log files. A similar method can be used to upload files to the server.

However, it's often more convenient to connect to the server by mounting it as a network volume on your own laptop, rather than copying files back and forth. This makes the server files directly accessible, without having to copy them.

Configuring File Sharing

To configure file sharing, select "Samba Windows File Sharing" under "Servers" in the menu on the left hand side.

There is one pre-configured share:

  • "pixi-server" provides direct access to the BLOCK Server files for authenticated users.

File Sharing Users

The users that can access File Sharing are specified and configured separately. Even though the preconfigured users have the same names as the Linux OS users, they do not share their passwords. To configure the File Sharing users, click the "Samba users" button on the "Samba Windows File Sharing" page. Doing so reveals a list of users. Click each user in turn to configure its password. The illustration below shows how to change the password for the pre-configured "pixi-server" user.

:!: You must change the password for all active File Sharing users before you start File Sharing. Leaving those passwords unchanged allows anyone who knows the default passwords and has access your network to access your files.

After changing user settings, click the green Save button. If you don't want to keep a pre-configured user, click the "Delete" button instead. You may also add other users with their own names and passwords, if desired.

Enabling and Starting the File Sharing Server

To start File Sharing, and to make sure that it will start automatically if the server is restarted, select "Bootup and Shutdown" under System in the menu on the left hand side. Once the list of services appear, type "smb" into the filter field in the top right hand corner to see the relevant services. Check "smbd.service", as shown below, then click "Start Now and on Boot".

Verifying File Sharing

Connect to the server using file sharing from a separate computer connected to the same network. Examples here show how to do so from a Mac, with the procedure from a Windows computer being similar.

First open the "Connect to Server" window and type in the IP address of the server (if you have a configured DNS pointing to the server, you can use its assigned name instead of the IP address. Default IP is 10.2.0.10 in Linux images dated 2019-07-01 or later).

Type in the user name and password (as specified above under "File Sharing Users"). then press Connect.

Select the desired volume (e.g., "pixi-server" to access the BLOCKS Server's files).

Finally, the content of the "pixi-server" user's home directory appear, allowing you to directly access its files.

Here are some things to check if you don't get the expected response:

  • Ensure that your separate computer is connected to the same network as the server (open a terminal window and type "ping 10.2.0.10" (or the IP of your particular server IP) to verify that it can reach the server).
  • Double-check that the user name and password you specify match those configured in the server.

Desktop Sharing

Most server management can be handled either through the BLOCKS user interface or using the webmin interface. However, you may occasionally need to have desktop-level access to the server. Having a mouse and keyboard connected to the server is the simplest way to accomplish this. If your server is in a location that is hard to access, you may instead access it using Desktop Sharing, which is a way to connect remotely to the server from another computer on the same network.

Remote Management

The desktop sharing solution discussed in the previous paragraph works only within the same network. Another remote management option – one that includes destop, browser and file-sharing support – is AnyDesk.

Uninterruptible Power Supply

For critical applications, we recommend the use of uninterruptible power supply (UPS) with the server. An UPS can shorten downtime and perform a controlled power down in the event of a power failure. Software for the popular APC brand of UPSes is preinstalled on server image version 191001 and later.

The software is enabled using webmin.

  • Open webmin and select "System/Bootup and Shutdown".
  • Click the filter symbol in the top right hand corner and search for apcups.
  • Check the apcups.service checkbox and click "Start Now and On Boot".

The settings for the apcups is stored in a file on the server. The initial settings should work with most APC UPS devices that connect using USB. If you want to edit these settings, use webmin to open a terminal window (Alt+K), then type

nano /etc/apcupsd/apcupsd.config

This opens up the settings file using the nano text editor. Edit the settings as required. Save the file by pressing ctrl+s, or click save, then close by clicking the X button in the top right hand corner. Restart the server to apply any changes.

In the event of a longer power failure, the UPS will supply power until the remaining battery threshold is reached and then power down the computer. Once computer has beens shut down, the UPS will break the power to the computer until mains power is restored. To make the server start automatically once power returns, configure the computer to always start automatically when power is connected. This configuration is typically found in the BIOS settings.

More information on apcupsd, the program that manages the UPS, can be found here:

https://wiki.ubuntu.com/apcupsd

http://www.apcupsd.org/manual/

Next Step

In case you want to run PIXILAB Players by booting them from the server, rather than from a local disk or USB stick, you may now want to take a look at this guide to learn how to set up the server for PXE booting of players.