Skip to content
/ CM3588 Public

FriendlyElec CM3588 SBC with NAS Kit: Debian Bullseye Installation and Configuration

License

Notifications You must be signed in to change notification settings

wenod/CM3588

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

FriendlyElec CM3588 SBC with NAS Kit - Setup Guide

FriendlyElec CM3588 SBC

Table of Contents

  1. Introduction
  2. Initial Setup
  3. System Configuration
  4. Network Configuration
  5. System Optimization
  6. Remote Access
  7. NAS Functionality
  8. Advanced Topics
  9. Troubleshooting
  10. Additional Resources

Introduction

The FriendlyElec CM3588 Single Board Computer (SBC) with NAS Kit is a versatile platform for creating a powerful Network Attached Storage (NAS) solution. This comprehensive guide covers the setup process, including installation of Debian Desktop (Bullseye), essential service configurations, and system optimizations for NAS functionality.

Initial Setup

  1. Download the latest Debian Desktop (Bullseye) image for CM3588 from the FriendlyElec website.
  2. Use BalenaEtcher to create a bootable SD card with the image.
  3. Insert the SD card into the CM3588 and power on the device.
  4. Allow the system to complete the initial boot process and flash the eMMC.
  5. Remove the SD card and reboot the device.

System Configuration

Package Management

Update the package sources to ensure access to the latest software:

  1. SSH into the device using the default credentials (username: pi, password: pi).
  2. Update the package sources:
sudo mv /etc/apt/sources.list /etc/apt/sources.list.old
sudo nano /etc/apt/sources.list
  1. Add the following content to the new sources.list file:
deb http://deb.debian.org/debian bookworm main non-free-firmware
deb-src http://deb.debian.org/debian bookworm main non-free-firmware
deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
deb http://deb.debian.org/debian bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware
deb http://deb.debian.org/debian bookworm-backports main non-free-firmware
deb-src http://deb.debian.org/debian bookworm-backports main non-free-firmware
  1. Update the package lists:
sudo apt-get update

Kernel and Firmware

Install necessary kernel headers and proprietary firmware:

  1. Install kernel headers:
sudo -i
dpkg -i /opt/archives/linux-headers-6.1.57_6.1.57-13_arm64.deb
  1. Install and update USB Wi-Fi driver firmware:
sudo apt update
sudo apt install firmware-realtek
sudo apt upgrade firmware-realtek
sudo modprobe -r r8188eu
sudo modprobe r8188eu
dmesg | grep r8188eu
sudo reboot

CPU Fan Configuration

To address potential CPU fan issues, follow these steps:

  1. Open the GPIO configuration file:
sudo nano /boot/rk3588.dtb
  1. Locate the fan section and modify it as follows:
fan: pwm-fan {
    compatible = "pwm-fan";
    #cooling-cells = <2>;
    pwms = <&pwm14 0 50000 0>;
    cooling-levels = <0 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 255>;
    status = "okay";
};
  1. Save the file and reboot the system:
sudo reboot

For more details on this fix, refer to the FriendlyElec forum thread.

Network Configuration

Wi-Fi Setup

Configure Wi-Fi for network connectivity:

  1. List available Wi-Fi access points:
nmcli device wifi list
  1. Connect to a Wi-Fi network:
sudo nmcli device wifi connect "SSID" password "PASSWORD"
  1. Set auto-connect for the Wi-Fi network:
sudo nmcli connection modify "SSID" connection.autoconnect yes
  1. Set connection priority (optional):
sudo nmcli connection modify "SSID" connection.autoconnect-priority 1

System Optimization

Localization

Set the correct timezone and locale for your region:

  1. Set timezone:
sudo timedatectl set-timezone Your/Timezone
  1. Configure locale:
sudo dpkg-reconfigure locales
  1. Add locale environment variables to .bashrc:
echo "export LC_ALL=en_US.UTF-8" >> ~/.bashrc
echo "export LANG=en_US.UTF-8" >> ~/.bashrc
echo "export LANGUAGE=en_US.UTF-8" >> ~/.bashrc
  1. Reboot the system:
sudo reboot

Security Enhancements

Configure UFW (Uncomplicated Firewall) to enhance system security:

  1. Install UFW:
sudo apt install ufw
  1. Set default policies:
sudo ufw default deny incoming
sudo ufw default allow outgoing
  1. Allow SSH access:
sudo ufw allow 22/tcp
  1. Allow VNC access (if needed):
sudo ufw allow 5900/tcp
  1. Enable the firewall:
sudo ufw enable
  1. Check the status:
sudo ufw status verbose

Remote Access

SSH Configuration

SSH is enabled by default. Ensure you change the default password for security reasons.

VNC Server Setup

Install and configure x11vnc for remote desktop access:

  1. Install x11vnc:
sudo apt-get install x11vnc
  1. Set VNC password:
sudo x11vnc -storepasswd /etc/x11vnc.pwd
  1. Create a systemd service file:
sudo nano /lib/systemd/system/x11vnc.service
  1. Add the following content:
[Unit]
Description=Start x11vnc at startup.
After=multi-user.target

[Service]
Type=simple
ExecStart=/usr/bin/x11vnc -display :0 -auth /home/pi/.Xauthority -forever -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pwd -rfbport 5900 -shared -listen 0.0.0.0 -verbose
Restart=on-failure
RestartSec=2

[Install]
WantedBy=multi-user.target
  1. Enable and start the x11vnc service:
sudo systemctl daemon-reload
sudo systemctl enable x11vnc.service
sudo systemctl start x11vnc

Tailscale VPN Installation

Install Tailscale for secure remote access:

  1. Install Tailscale:
curl -fsSL https://tailscale.com/install.sh | sh
  1. Start Tailscale and authenticate:
sudo tailscale up
  1. Follow the provided link to authenticate your device with your Tailscale account.

NAS Functionality

CasaOS Installation

CasaOS is a user-friendly, open-source home cloud system that enhances CM3588 NAS capabilities:

  1. Install CasaOS:
curl -fsSL https://get.casaos.io | sudo bash
  1. Access the CasaOS web interface by navigating to http://your-cm3588-ip:80 in a web browser.

  2. Follow the on-screen instructions to complete the CasaOS setup.

HTTPS Configuration with Tailscale and Caddy

Secure your CasaOS interface with HTTPS using Tailscale's certificates and Caddy as a reverse proxy:

  1. Install Caddy:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
  1. Change CasaOS to listen on port 81:
sudo sed -i 's/80/81/g' /etc/casaos/gateway.ini
sudo systemctl restart casaos-gateway
  1. Generate a Tailscale certificate:
tailscale cert your-device-name.your-tailnet.ts.net
  1. Configure Caddy:
sudo nano /etc/caddy/Caddyfile

Add the following content:

{
    auto_https off
}

:443 {
    tls /etc/caddy/ssl/your-device-name.your-tailnet.ts.net.crt /etc/caddy/ssl/your-device-name.your-tailnet.ts.net.key
    reverse_proxy 127.0.0.1:81
}
  1. Set correct permissions for certificate files:
sudo chown caddy:caddy /etc/caddy/ssl/your-device-name.your-tailnet.ts.net.crt /etc/caddy/ssl/your-device-name.your-tailnet.ts.net.key
sudo chmod 600 /etc/caddy/ssl/your-device-name.your-tailnet.ts.net.key
  1. Configure Tailscale to allow Caddy to use the certificate:
echo "TS_PERMIT_CERT_UID=caddy" | sudo tee -a /etc/default/tailscaled
  1. Restart Tailscale and Caddy:
sudo systemctl restart tailscaled
sudo systemctl restart caddy

You can now access your CasaOS interface securely via HTTPS using your Tailscale hostname:

https://your-device-name.your-tailnet.ts.net

Automatic Certificate Renewal

To ensure the Tailscale certificate remains valid, set up an automatic renewal process:

  1. Create a renewal script (/usr/local/bin/renew_tailscale_cert.sh):

    #!/bin/bash
    
    TAILSCALE_HOSTNAME="your-device-name.your-tailnet.ts.net"
    CERT_DIR="/etc/caddy/ssl"
    LOG_FILE="/var/log/tailscale_cert_renewal.log"
    
    sudo mkdir -p $CERT_DIR
    
    if tailscale cert $TAILSCALE_HOSTNAME; then
        sudo mv $TAILSCALE_HOSTNAME.crt $CERT_DIR/
        sudo mv $TAILSCALE_HOSTNAME.key $CERT_DIR/
        sudo chown caddy:caddy $CERT_DIR/$TAILSCALE_HOSTNAME.crt $CERT_DIR/$TAILSCALE_HOSTNAME.key
        sudo chmod 644 $CERT_DIR/$TAILSCALE_HOSTNAME.crt
        sudo chmod 600 $CERT_DIR/$TAILSCALE_HOSTNAME.key
        sudo systemctl restart caddy
        echo "Tailscale certificate renewed successfully on $(date)" >> $LOG_FILE
        echo "Next scheduled renewal: $(date -d "+83 days" "+%Y-%m-%d")" >> $LOG_FILE
    else
        echo "Failed to renew Tailscale certificate on $(date)" >> $LOG_FILE
    fi
  2. Make the script executable:

    sudo chmod +x /usr/local/bin/renew_tailscale_cert.sh
  3. Set up a cron job to run every 83 days:

    sudo crontab -e

    Add the following line:

    0 0 */83 * * /usr/local/bin/renew_tailscale_cert.sh
    

This setup ensures that the CasaOS interface remains accessible securely via HTTPS through the Tailscale network, with automatic certificate renewal occurring approximately one week before the 90-day expiration, maintaining continuous functionality.

Advanced Topics

Custom DNS Configuration

If using custom DNS services, ensure they're configured to properly resolve Tailscale's .ts.net domains. In some cases, using your system's default DNS settings may be necessary for proper resolution of Tailscale domains.

Troubleshooting

For common issues and their solutions, refer to the FriendlyElec CM3588 Wiki Troubleshooting section.

Additional Resources

About

FriendlyElec CM3588 SBC with NAS Kit: Debian Bullseye Installation and Configuration

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published