Home Network Update

When I received my new router (a MikroTik Cloud Router Switch CRS109-8G-1S-2HnD-IN), I was surprised and disappointed to find that even though it had two external antennas for wireless receiving and transmitting, the range of the wireless signal was considerably less than that of my previous router (a MikroTik RB751U-2HnD). Despite this, every other function of the router was great, including switching and routing at gigabit speeds (compared to my last router’s Fast Ethernet speeds).

A messy display. The top router is my old router (which I now use as an access point) while the bottom router is my new router.

Because of this, I decided I would re-purpose my old router to be a stand-alone access point (AP) for my network. This would not only increase signal strength but allow me to move my access point away from my other equipment, reducing interference. It would also allow me to position the access point in a location closer to the center of the house to ensure more even coverage.

A satellite image of my house (courtesy of Google Maps) with overlays of the old AP location versus the new AP location.

In order to do this, I first set up a local network on the AP router specifically to use for management in case of an issue with the rest of the network or any other issues. After doing this, I set up a network on my router specifically to use for remote management of the AP from the rest of the network (how I would be managing it most of the time). Since I only needed two host IP addresses (one for the router and one for the AP), I used a /30 network. After this, I enabled remote management and allowed connections through to the AP. Once I verified this was working, I shut down the AP so I could move it to its new location.

The IP address settings for the new /30 network.

Once I finished setting up the AP in its new location, I booted it and was able to connect to its management interface from the admin network. Once I opened the management interface, I created a few new VLANs to allow data to be passed from multiple virtual access points to their respective networks. These VLANs were configured with IDs 50, 51, and 52. Their designated purposes were the main network, the admin network, and the guest network respectively. After creating these VLANs on both the router and AP, I set up trunking between the router and the AP. This ensured that VLAN traffic could be properly transferred and interpreted by both endpoints.

A simplified diagram of the trunking between the router and the access point.

At this point, I had to configure virtual access points that would run on the AP (guest, admin, main). To do this, I disabled connection to the main wireless interface and instead created multiple virtual access points on this interface. I also configured appropriate security profiles using the same information the other router’s wireless configuration had to ensure users could connect without having to change their connection information.

The physical wireless interface and its three virtual access points, which correspond to the three VLANs I set up earlier.

On the AP, I bridged each VLAN to its corresponding virtual access point to ensure data sent and received from the virtual access point was transferred to the proper VLAN back at the router. At this point, the AP and the router could pass VLAN information over the trunk cable from the appropriate virtual access point, but devices would not be able to connect because no networking had been configured at the router.

The three bridge interfaces and the VLANs and virtual APs they join.

Getting networking up and running was a fairly straightforward process, since I had most of the networking configured previously from when I used the router’s built-in wireless interface. All I had to do was move the DHCP servers configured on the router and their corresponding networks to the proper VLAN with the exception of the admin network. In that case, I simply joined the VLAN to the bridge I previously used to join the built in wireless interface and the wired interfaces.

DHCP servers and their interfaces. Note that guest and main are on VLANs while admin is on a bridge due to the fact it spans a VLAN and several physical interfaces.

Once I was finished with that, I tested each wireless network to make sure IPs were being assigned properly and there was internet connectivity. After that, I made a backup of the configuration of both the router and the AP and enabled email alerts on the AP. To get an idea of what my network looks like, see below:

My network. Please note that the AP has three virtual access points, each with its own SSID and each corresponding to a VLAN that is passed over the connection to the router.

Installing WordPress

Now that I have HTTPS working properly, it’s time to actually put content on my website. WordPress is a open-source free content management system which many websites use. It is good for hosting personal and professional blogs alike as well as other types of sites. It requires a web server with PHP and MySQL. I already have Apache with PHP and MySQL installed, so I will just install WordPress.

First, I found the link to download the latest WordPress package using Google. The first thing that popped up searching “WordPress” is a link to get a site through WordPress’ service, but I want to install it on my own server, so I searched “WordPress Download.”

Once I found the list, I removed the default/test site I had set up before so I could make way for WordPress’ files. Then, I downloaded an archive (latest.tar.gz) with the latest version of WordPress using the link I found on the WordPress site. After that, I extracted the files and moved them to the document root of my site (/var/www/joshve.ga) which my Apache configuration is already pointing to.

After that, I had to set up a database in MySQL for WordPress to use. I will later reference this database when installing WordPress. The database is named “josh.”

Now that I have done this, I was ready to visit the site and set it up through the web interface! I began the installation in my browser.

A few pages into the installation, I had to put in information for the database. Naturally, I used the same database name as I set up in MySQL and the username I use for my websites (www).

After finishing the setup, I was able to set up my site and start posting!

Setting Up HTTPS With Let’s Encrypt

Let’s Encrypt is a great resource for system administrators. It is a certificate authority that issues SSL certificates for free and even provides a command line tool named Certbot that makes obtaining and renewing certificates simple.

Please note that I already have Certbot installed and host several sites using certificates generated and downloaded using it, so I will not be going over the installation process for that.

First, I set up a default site on my domain, joshve.ga. I did this so I could use it to verify that I administrate the site using Certbot.

Then, I ran Certbot to pull certificate and key files from Let’s Encrypt.

Then, I copied the files to the directory I store SSL files in (certificates, keyfiles) and enabled SSL on the website. Now, the site redirects to HTTPS and returns no errors in Chrome.

I also added the same command along with the copy command to the script I have set to run every other month (using CRON) to renew my SSL certificates.

Please note that the black gaps between certain parts of the commands are the names of sites that have been blocked to hide the name of the sites.