diff --git a/.nojekyll b/.nojekyll new file mode 100644 index 00000000..e69de29b diff --git a/404.html b/404.html new file mode 100644 index 00000000..60cf8fa1 --- /dev/null +++ b/404.html @@ -0,0 +1,937 @@ + + + + + + + + + + + + + + + + + + + RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ +

404 - Not found

+ +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/CNAME b/CNAME new file mode 100644 index 00000000..0de50d3f --- /dev/null +++ b/CNAME @@ -0,0 +1 @@ +docs.raspap.com diff --git a/adblock/index.html b/adblock/index.html new file mode 100644 index 00000000..44c9da3d --- /dev/null +++ b/adblock/index.html @@ -0,0 +1,1416 @@ + + + + + + + + + + + + + + + + + + + + + + + Ad blocking - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Ad blocking

+

adblock

+

RaspAP has introduced a new DNS based filter to stop ads, trackers, malware and other undesirable hosts in their tracks.

+

In the best of times, ads are usually just annoying. When access to online services served by our AP is hampered by ads, malware and trackers, the best tool in our arsenal is DNS blacklisting. +RaspAP already uses dnsmasq to manage both DHCP and DNS, so we have the foundation for a highly effective ad blocking facility.

+

Quick installer

+

To install ad blocking with DNS blacklists, simply respond with Y or press Enter when prompted by the installer:

+
Install ad blocking and enable list management? [Y/n]
+
+

The installer will download the blocklists, configure RaspAP to use them and enable the Ad blocking management page.

+

Ad block install option

+

Ad blocking is enabled and active for clients connected to your AP. You may update the blocklists or disable ad blocking with the management page. These actions are described below.

+

Manual installation

+

Ad blocking may also be installed manually. Refer to the detailed installation steps.

+

Blocklist sources

+

Blocklists are sourced from multiple, continuously updated open source projects. These are divided into two groups: hosts and domain blocklists. By default, RaspAP's ad block facility uses StevenBlack's hosts as the primary hosts blocklist. This repository is a hosts file aggregator that consolidates several reputable hosts files and merges them into a unified, optimized hosts file with duplicates removed.

+

StevenBlack's hosts file aggregator

+

Alternatively, users may choose from a number of host blocklist sources maintained by the badmojr/1Hosts GitHub project. These lists are compiled daily into Mini, Lite, Pro and Xtra versions depending on specific user needs. Refer to the GitHub project for an explanation of these different blocklists.

+

In addition to blocking hosts, domain blocking gives us the ability to use wildcards with dnsmasq to block an entire domain (for example, baddomain.org) with a single rule. This includes all known and unknown subdomains, such as *.baddomain.org. Domain blocklists are provided by the OISD project. Similar to hosts lists, these are continuously updated and curated into several lists: Small, Big and NSFW. Refer to the OISD project for an explanation of these lists.

+

Updating lists

+

Each of the hosts and domains blocklists are updated daily, so it's a good practice to refresh them periodically. You can do this from the Ad Blocking management page in RaspAP. Simply select the list from the dropdown and choose Update now.

+

Manage blocklists

+

Next to the update button, a gear icon will appear to indicate that the selected list is being downloaded. Thereafter, a timestamp after each list will indicate when it was last updated.

+
+

Note

+

To apply the latest blocklists, be sure to Restart Ad Blocking.

+
+

Automatic updates

+

Alternatively, you may wish to automate the process of keeping the ad block source lists up-to-date. A method to achieve this is described in this FAQ.

+

Custom blocklist

+

In addition to the notracking blocklists, you may create your own host blocklist by adding entries on the Custom blocklist tab. +Define custom hosts to be blocked by entering an IPv4 or IPv6 address followed by any whitespace (spaces or tabs) and the host name. An IPv4 example would take the form 0.0.0.0 badhost.com. +Choose Save settings and Restart Ad Blocking.

+
+

Note

+

As the name suggests, this is effective at blocking individual hosts, but not entire domains (or subdomains).

+
+

Enabling logging

+

By default, DNS logging is disabled. If you'd like to see which hosts are being blocked, enable it on the DHCP Server > Logging tab by selecting the Log DNS queries toggle. Save settings and Restart Ad Blocking. The Logging tab on the Ad Blocking page will display blacklisted DNS queries with host addresses of 0.0.0.0. A sample of blocked ad/tracker requests is below.

+
dnsmasq[9633]: config static.ads-twitter.com is 0.0.0.0
+dnsmasq[9633]: config tag.bounceexchange.com is 0.0.0.0
+dnsmasq[9633]: config cdn.boomtrain.com is 0.0.0.0
+dnsmasq[9633]: config securepubads.g.doubleclick.net is 0.0.0.0
+dnsmasq[9633]: config c.amazon-adsystem.com is 0.0.0.0
+dnsmasq[9633]: config pixel.adsafeprotected.com is 0.0.0.0
+dnsmasq[9633]: config ad.doubleclick.net is 0.0.0.0
+dnsmasq[9633]: config www.summerhamster.com is 0.0.0.0
+dnsmasq[9633]: config c2.taboola.com is 0.0.0.0
+dnsmasq[9633]: config ads.servebom.com is 0.0.0.0
+dnsmasq[9633]: config s.cpx.to is 0.0.0.0
+dnsmasq[9633]: config pixel.quantserve.com is 0.0.0.0
+dnsmasq[9633]: config cdn.taboola.com is 0.0.0.0
+dnsmasq[9633]: config sdk.iad-01.braze.com is 0.0.0.0
+
+

Disabling ad block

+

To disable the ad blocking service, slide the Enable blocklists toggle to its off position, then choose Save settings. You may then restart your hotspot for the changes to take effect.

+

About blocklist policies

+

The blocklist sources chosen for RaspAP adhere to these policies:

+
    +
  • Should not break useful websites or apps
    • +
  • Blocks tracking servers
    • +
  • Blocks advertising servers
    • +
  • Blocks analytics servers
    • +
  • Blocks scam websites
    • +
  • Blocks malware servers
    • +
  • Blocks webminers
    • +
  • Blocks phishing servers
    • +
+

Users may tailor RaspAP's ad blocking to suit their needs by selecting from multiple blocklist sources. Furthermore, domain blocklists enable full use of domain name based wildcard filtering (for example, *.baddomain.org). This reduces the chance of missing any new subdomains and significantly reduces the size of the blocklists.

+

Discussions

+

Questions or comments about using Ad blocking? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/ap-basics/index.html b/ap-basics/index.html new file mode 100644 index 00000000..eda8fb42 --- /dev/null +++ b/ap-basics/index.html @@ -0,0 +1,1757 @@ + + + + + + + + + + + + + + + + + + + + + + + Access point settings - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Access point settings

+

Basics

+

After running the Quick installer, Docker setup or following the manual installation steps, RaspAP will start up a routed wireless access point (AP) with a default configuration. +As part of this initial setup, the hostapd service broadcasts an AP with the following settings:

+

Interface: wlan0
+SSID: raspi-webgui
+Wireless Mode: 802.11n - 2.4GHz
+Channel: 1
+Security Type: WPA2
+Encryption Type: CCMP
+Passphrase: ChangeMe

+

Each of these settings may be changed on the Hotspot > Basic and Security tabs to any values you wish. Your changes will be applied and made visible on the broadcasted AP by choosing +Save settings followed by Restart hotspot.

+

+

At this point, a dialog will appear to indicate the progress of the RaspAP service. This is a Linux systemd process that is responsible for starting up several network services in a specific order and timing.

+

Connecting clients

+

When the AP is operational, you may connect clients to it by using one of two methods:

+
    +
  1. Select the SSID from the list of available networks on your device and enter the passphrase.
    2. +
  2. Scan the QR code displayed on the Hotspot > Security tab and join the AP.
    3. +
+

By default, clients are assigned IP addresses from the DHCP range 10.3.141.50 โ€” 10.3.141.254. These values may be changed in the DHCP options section of the DHCP server settings UI. If for some reason a client is unable to obtain an IP address from your AP, consult this FAQ.

+

802.11ac 5 GHz

+

For devices with compatible wireless hardware, RaspAP version 3.0 largely removes the guesswork in creating a 5 GHz access point. It achieves this by being tightly integrated with the wireless regulatory database used by the Linux kernel. Behind the scenes, RaspAP queries iw and intelligently matches its output with the 5 GHz channels allowed by hostapd, the user space daemon access point software.

+

From the Hotspot > Advanced tab, select your country from the dropdown then choose Save settings. This sets the wireless regulatory domain for your device. Now, on the Hotspot > Basic tab choose an interface and select the 802.11ac - 5 GHz wireless mode option. RaspAP will automatically populate the available 5 GHz channels for your country. Select a channel followed by Save settings, then Start or Restart hotspot.

+
+

Tip

+

Not all AC channels may be compatible with your hardware. If your hotspot fails to start, enable hostapd service logging by sliding the Logfile output toggle on the Hotspot > Logging tab, followed by Save settings, then Restart hotspot. See this FAQ for more assistance.

+
+

If the Channel dropdown and Save settings button are disabled, refer to this FAQ.

+

Security settings

+

WPA2 is currently the most secure standard utilizing AES (Advanced Encryption Standard) and a pre-shared key for authentication. WPA2 is also backwards compatible with TKIP to allow interoperability with legacy devices. AES uses the CCMP encryption protocol which is a stronger algorithm for message integrity and confidentiality.

+

By default, RaspAP's access point is configured with WPA2 and CCMP encryption. You may of course change this to allow legacy clients (older mobile devices, for example) by selecting TKIP+CCMP as the encryption type. Choose Save settings and Restart hotspot for your changes to take effect.

+

WPA3-Personal

+

Experimental ยท Insiders only

+

WPA3 is an improved encryption standard, thanks to Simultaneous Authentication of Equals (SAE) which replaces the Pre-Shared Key (PSK) authentication method used in prior WPA +versions. WPA3-Personal allows for better password-based authentication even when using simple passphrases. In general, WPA3-Personal networks with simple passphrases are more difficult to crack +by using brute-force, dictionary-based methods, as with WPA/WPA2.

+

+

WPA3 also requires the use of Protected Management Frames (PMFs) to increase network security. If you wish to connect AP clients that may not have support for WPA3-Personal or PMFs, a transitional +security mode is also available.

+
+

Note

+

The Raspberry Pi's onboard wireless chipsets do not currently support the WPA3 standard. For this reason, in order to use this setting you will need to configure your AP with an external wireless adapter that supports WPA3.

+
+

802.11w

+

Experimental ยท Insiders only

+

The 802.11w amendment was introduced as a way to secure Wi-Fi management frames against attacks by ensuring that these frames are legitimately exchanged between an AP and its clients, rather than +a malicious third-party. These 802.11w Protected Management Frames (PMFs) can mitigate common types of "deauthentication" and "disassociation" attacks.

+

Similar to WPA3-Personal, 802.11w may be configured in one of two modes: enabled and required. Enabled allows for mixed operation by allowing legacy devices that do not support 802.11w to associate +while also allowing devices that support 802.11w to use the PMF features. Required will prevent clients that do not support 802.11w from associating with the SSID.

+

Drag & drop widgets

+

Experimental ยท Insiders only

+

The default dashboard layout may be customized to suit your needs. Enable this option from the System > Theme menu by selecting the Dynamic widgets toggle. Next, from the Dashboard click or tap the icon to modify the widgets. Each widget may be resized, dragged and repositioned. Release the widget to drop it into a new location.

+
+

Tip

+

This option works best for large displays. The default dashboard widgets are optimized for mobile devices and smaller displays.

+
+ + +

Click or tap the icon a second time when you're done making changes. The new responsive dashboard layout will be saved to your browser's local storage.

+

Printable signs

+

Experimental ยท Insiders only

+

Beneath the QR code on the Hotspot > Security tab, you will find a link to open a "Wi-Fi connect" sign suitable for printing. Click or tap the link after the printer icon to open a new window with your hotspot's QR code, SSID and password neatly formatted.

+

+

To print, select File > Print from your browser's toolbar and adjust print preferences as needed. This feature can be especially useful if you operate a public wireless access point. You may also +opt to integrate a captive portal for your visitors.

+

Advanced options

+

The above sections cover everything you will need for a basic routed AP. The Hotspot > Advanced tab has several options that allow you to control advanced settings for the Linux hostapd service. These are discussed in the following sections.

+

Bridged AP mode

+

If you wish to configure RaspAP as a bridged AP, this may be done by sliding the Bridged AP mode toggle, saving settings and restarting the hotspot. Be aware that when the hotspot restarts +you will no longer be able to access the web interface from the default 10.1.141.1 address. Refer to this explanation and tips for administering your bridged AP.

+

WiFi repeater mode

+

Experimental ยท Insiders only

+

RaspAP is capable of acting as a wireless repeater to connect to your wireless network and rebroadcast an existing signal. This requires configuring interface metrics and default routes with DHCP. Alternatively, enabling the WiFi repeater mode toggle will create these settings for you automatically.

+

WiFi repeater mode

+

Save settings and choose Restart hotspot to active the wireless repeater. As with AP-STA mode, described below, this option is disabled or "greyed out" until a wireless client is configured.

+

WiFi client AP mode

+

RaspAP has support for this special mode, also known as a micro-AP or simply AP-STA. Typically this can be difficult to configure manually, but RaspAP performs most of the config work behind the scenes for you.

+
+

Note

+

This option is disabled or "greyed out" until a wireless client is configured. This can be done via the WiFi client UI, or by manually configuring a valid wpa_supplicant.conf.

+
+

Before using this mode, it is recommended that users familiarize themselves with how AP-STA works. Users of AP-STA mode should also be aware of its limitations, and understand that performance and stability of this AP mode will not be equal to using a second wireless adapter bound to a separate interface. +For the latter, refer to this FAQ.

+

Beacon interval

+

Wireless APs continuously send beacon frames to indicate their presence, traffic load, and capabilities. The default hostapd beacon interval is 100ms. If desired, you may change this to any value between 15 and 65535.

+

Disable disassoc_low_ack

+

An AP may disassociate a client due to inactivity, transmission failures or other indications of connection loss. This phenomenon can usually be observed in the hostapd logs like so:

+
wlan0: AP-STA-DISCONNECTED 24:62:ab:fd:24:34
+wlan0: STA 24:62:ab:fd:24:34 IEEE 802.11: disassociated
+wlan0: STA 24:62:ab:fd:24:34 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
+
+

This option sets the disassoc_low_ack boolean value for hostapd. Be aware that this value is dependent on driver capabilities. Moreover, hostapd may disassociate a client (or station) for a variety of reasons, so this is not a silver bullet.

+

Transmit power

+

RaspAP allows you to control the transmit power of the configured AP interface. The default "auto" setting will suffice for the vast majority of APs. A lower txpower value +can be useful to mitigate WiFi radio interference, for example if you are hosting multiple APs in a given area. It can also be advantageous to set txpower to a lower value in IoT or similar applications where reduced power consumption is needed.

+

+

Set the transmit power by selecting a value from the dropdown and choosing Save settings. The transmit power setting is expressed as dBm, or decibels (dB) with reference to one milliwatt (mW). +It is not necessary to restart the AP for this to take effect.

+

Maximum number of clients

+

This option sets the max_num_sta value for hostapd, and is effective for placing a limit on the number of clients (stations) that can connect to your AP. When the limit is reached, new client connections will be rejected.

+
+

Note

+

The default setting is 2007, but this is merely the value set by hostapd from the IEEE 802.11 specification. It should not be interpreted as a guarantee that RaspAP can support this many simultaneous clients. In practice, this number depends on several factors and is a much lower value, as discussed in this FAQ.

+
+

Troubleshooting

+

RaspAP gives you advanced control over several Linux networking-related services. As a result, your AP may fail to start for a variety of reasons. You may also encounter errors connecting clients to +the AP, have no internet on AP clients, or observe clients being disconnected from the AP for no apparent reason.

+

If any of the above happens, one of the best diagnostic tools at your disposal is RaspAP's built-in service logging facility. You may enable the hostapd service log by sliding the Logfile output toggle on the Hotspot > Logging tab and choosing Save settings. Finally, choose +Restart hotspot and check the log output.

+

+

Similarly, you may also enable DHCP server activity by sliding either of the two logging options on the DHCP server > Logging tab.

+

Debug log

+

In some situations, you may need more comprehensive information to self-diagnose a problem. RaspAP lets you generate a debug log with a detailed summary of your system including the installed OS, Linux kernel version, attached USB devices, RaspAP settings, network configuration and current state of several AP-related services.

+

+

To create this log, simply click or tap on the Generate debug log button from the System > Tools tab. You will be prompted to choose a location to store the generated raspap_debug.log file on your local computer or mobile device. An example portion of RaspAP's debug log is shown below:

+
System Info
+===========
+Hardware: Raspberry Pi 3 Model B Rev 1.2
+Detected OS: Debian GNU/Linux 12 (bookworm) 64-bit
+Kernel: Linux raspberrypi 6.1.0-rpi4-rpi-v8 (2023-10-05) aarch64 GNU/Linux
+System Uptime: 4 days, 20 hours, 45 minutes
+Memory Usage: 29.0749%
+
+Installed Packages
+==================
+PHP Version: 8.2.7 (cli) (built: Jun  9 2023 19:37:27) (NTS)
+Dnsmasq Version: 2.89
+dhcpcd Version: 9.4.1
+lighttpd Version: 1.4.69
+vnStat Version: 2.10
+
+RaspAP Install
+==============
+RaspAP Version: 2.9.9
+RaspAP Installation Directory: /var/www/html
+RaspAP hostapd.ini contents:
+WifiInterface = wlan0
+
+
+

Tip

+

If you are unable to perform a self-diagnosis and would like to share your debug log (or a portion of it) with another party, upload it to Pastebin or Ubuntu Pastebin. Please don't paste the log in its entirety to RaspAP's discussions, issues or other support channels.

+
+

RaspAP's debug log contains information about your system and local network configuration. However, no passwords or other senstive data are included.

+

Diagnosing problems

+

Look for any reported errors logged by the hostapd, dhcpcd or dnsmasq services. In most cases, errors thrown by one or more of these services have been discussed in various online forums. +Start by searching the official Raspberry Pi forums or Raspberry Pi on Stack Exchange. Chances are the problems with your AP have been discussed and answered before.

+

For additional help and advice, the FAQ is a rich source of troubleshooting info that is continuously updated with answers to the most commonly asked questions. For issues not covered in +the FAQ, you may find many topics in RaspAP discussions and the RaspAP subreddit.

+
+

Tip

+

Capture output from the Linux kernel's message buffer with dmesg to help diagnose failure events. Read the last 100 lines with dmesg | tail -100 and look for any anomalies.

+
+

The performance of WiFi radios may be impacted by many factors, including, but not limited to:

+
    +
  1. Undervoltage due to inadequate power or too many peripherals connected to the USB bus
    2. +
  2. Interference from a poorly shielded HDMI cable or using a specific HDMI screen resolution
    3. +
  3. RF interference from overlapping WiFi networks on a crowded 2.4 GHz band.
    4. +
+

Bear these things in mind if your AP exhibits unexpected behavior and do your best to mitigate them.

+

Reverting to base settings

+

It is generally advisable to begin with RaspAP's default configuration, which has been rigorously tested and validated with the project's supported operating systems. If, after modifying RaspAP's default settings, your AP no longer functions as expected, you may perform a system reset to restore these defaults.

+

Accessing backups

+

Each time you revert to RaspAP's base settings, your existing service configuration files are automatically backed up to /etc/raspap/backups. In this way, you can compare differences between your files and the default configuration, if needed. +There are many ways to do this in Linux, such as using the built-in GNU diff tool. Another option is to install colordiff, a wrapper for diff that produces the same output but with colored syntax highligting. +Install colordiff with sudo apt-get install colordiff.

+

Similarly, the web files located in the default /var/www/html root are backed up to /var/www in a directory named with a timestamp. Therefore, any changes you've made to RaspAP's internals are preserved.

+

Discussions

+

Questions or comments about using access point settings? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/ap-sta/index.html b/ap-sta/index.html new file mode 100644 index 00000000..edea24cc --- /dev/null +++ b/ap-sta/index.html @@ -0,0 +1,1392 @@ + + + + + + + + + + + + + + + + + + + + + + + AP-STA mode - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

AP-STA mode

+

Overview

+

Experimental (Unsupported)

+

This walkthrough describes an installation of RaspAP on the Raspberry Pi Zero W or Zero 2 W models. However, the same steps apply to any device with a chipset capable of supporting this mode.

+

A managed mode AP, variously known as WiFi client AP mode, a micro-AP or simply AP-STA, usually works with the Quick Installer if the steps below are followed carefully. This feature was added to RaspAP specifically to support Internet of Things (IoT) and embedded applications for the Pi Zero W, however it is equally useful for a broad range of projects.

+
+

Disclaimer

+

This mode is completely unsupported and should be used for educational purposes only. If you need a reliable solution with an access point (AP) and wireless client (STA) on the same device, buy a second Wi-Fi adapter and follow this FAQ instead.

+
+

+

Before proceeding with the installation, it's important to have a basic understanding of how AP-STA works.

+

What is AP-STA mode?

+

Many wireless devices support simultaneous operation as both an access point (AP) and as a wireless client/station (STA). This is sometimes called Wi-Fi AP/STA concurrency. In this configuration, it is possible to create a software AP acting as a wireless repeater for an existing network, using a single wireless device. This capability is listed in the following section in the output of iw list:

+
$ iw list | grep -A 4 'valid interface'
+    valid interface combinations:
+    * #{ managed } <= 1, #{ P2P-device } <= 1, #{ P2P-client, P2P-GO } <= 1,
+      total <= 3, #channels <= 2
+    * #{ managed } <= 1, #{ AP } <= 1, #{ P2P-client } <= 1, #{ P2P-device } <= 1,
+      total <= 4, #channels <= 1
+
+

The second valid interface combination indicates that both a managed and AP configuration is possible. The constraint #channels <= 1 means that your software AP must operate on the same channel as your Wi-Fi client connection.

+
+

Note

+

If you have a second wireless adapter bound to wlan1 on a Pi Zero W (or other device), refer to this FAQ.

+
+

Use cases

+

There are many scenarios in which AP-STA mode might be useful. These are some of the more popular ones:

+
    +
  1. A device that connects to a wireless AP but needs an admin interface to configure the network and/or other services.
    2. +
  2. A hub for Internet of Things devices, while also creating a bridge between them and the internet.
    3. +
  3. A guest interface to your home wireless network.
    4. +
+

Security is an important consideration with IoT and it can be beneficial to keep your devices on a separate network, for safetyโ€™s sake. No one wants a random internet user turning your lights on and off.

+

How does AP-STA work?

+

In this configuration, we create a virtual network interface (here uap0) and add it as the AP to the physical wlan0 device. This virtual interface is used by several of the services needed to operate a software access point. RaspAP manages these configurations in the background for you. Relevant sections are displayed below as examples.

+

dhcpcd.conf: +

# RaspAP uap0 configuration
+interface uap0
+static ip_address=192.168.50.1/24
+nohook wpa_supplicant
+

+

hostapd.conf: +

# RaspAP wireless client AP mode
+interface=uap0
+

+

dnsmasq.conf: +

# RaspAP uap0 configuration
+interface=lo,uap0               # Use interfaces lo and uap0
+bind-interfaces                 # Bind to the interfaces
+domain-needed                   # Don't forward short names
+bogus-priv                      # Never forward addresses in the non-routed address spaces
+

+

On AP-STA startup and system reboots, RaspAP's service control script adds the virtual uap0 interface and brings it up, like so:

+
iw dev wlan0 interface add uap0 type __ap
+ifconfig uap0 up
+
+

After the virtual uap0 interface is added to the wlan0 physical device, we can then start up hostapd. It is important that the virtual interface is brought up first, otherwise it will fail with the message "could not configure driver mode". We also need to be sure that the interface is not managed by systemd-networkd, so this service should be disabled. These steps are handled by the RaspAP daemon.

+

With a basic understanding of AP-STA mode, we can proceed with the installation.

+

Installation

+
    +
  1. Begin by flashing an SD card with the latest release of Raspberry Pi OS (32- or 64-bit) Lite.
    2. +
  2. Prepare the SD card to connect to your WiFi network in headless mode according to this FAQ.
    3. +
  3. Enable ssh access by creating an empty file called "ssh" (no extension) in the SD card's root.
    4. +
  4. Insert the SD card into the Pi Zero W and connect it to power. Note: the standard power supply for the Raspberry Pi is 5.1V @ 2.5A. Other power sources may result in undervoltage or other issues. Do not use the micro USB connection.
    5. +
  5. Connect to your Pi via ssh. ssh pi@raspberrypi.local is typical.
    6. +
  6. Follow the project prerequisites exactly. Do not skip any of these steps.
    7. +
  7. Invoke the Quick Installer as normal: curl -sL https://install.raspap.com | bash.
    8. +
  8. The installer automatically detects a Pi (or other device) without an active eth0 interface. In this case, you will not be prompted to reboot your Pi.
    9. +
  9. Open the RaspAP admin interface in your browser, usually http://raspberrypi.local.
    10. +
  10. The status widget should indicate that hostapd is inactive. This is expected.
    11. +
  11. Confirm that the Wireless Client dashboard widget displays an active connection.
    12. +
  12. Choose Hotspot > Advanced and enable the WiFi client AP mode option.
    13. +
  13. Optionally, enable Logfile output as this is often helpful for troubleshooting.
    14. +
  14. Choose Save settings and Start hotspot.
    15. +
  15. Wait a few moments and confirm that your AP has started.
    16. +
+

+
+

Note

+

The WiFi client AP mode option will be disabled, or "greyed out", until a wireless client is configured.

+
+

When to reboot?

+

Rebooting before configuring AP-STA mode is likely the main cause of problems for users with the Pi Zero W. The reason is the default configuration is designed for a wired (ethernet) AP.

+

Once the Pi Zero W is configured in AP-STA mode, RaspAP will store several values in /etc/raspap/hostapd.ini: +

LogEnable = 1
+WifiAPEnable = 1
+BridgedEnable = 0
+WifiManaged = wlan0
+
+These are used by RaspAP's systemd control service raspapd to determine that a managed mode AP is enabled for the Pi and restore the connection after subsequent reboots.

+

Changing hostapd settings

+

Changes to the hotspot configuration should be applied to the wlan0 physical device, not uap0 (a virtual interface). In other words, if you wish to change hostapd settings, stop the hotspot, +disable AP-STA, make your config changes on wlan0, re-enable AP-STA and finally restart hostapd. An explanation is available here.

+

Discussions

+

Questions or comments about using AP-STA mode? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/assets/images/favicon.png b/assets/images/favicon.png new file mode 100644 index 00000000..1cf13b9f Binary files /dev/null and b/assets/images/favicon.png differ diff --git a/assets/images/social/adblock.png b/assets/images/social/adblock.png new file mode 100644 index 00000000..bb361f7e Binary files /dev/null and b/assets/images/social/adblock.png differ diff --git a/assets/images/social/ap-basics.png b/assets/images/social/ap-basics.png new file mode 100644 index 00000000..fbb10d15 Binary files /dev/null and b/assets/images/social/ap-basics.png differ diff --git a/assets/images/social/ap-sta.png b/assets/images/social/ap-sta.png new file mode 100644 index 00000000..ba87f9be Binary files /dev/null and b/assets/images/social/ap-sta.png differ diff --git a/assets/images/social/bridged.png b/assets/images/social/bridged.png new file mode 100644 index 00000000..b0e385c0 Binary files /dev/null and b/assets/images/social/bridged.png differ diff --git a/assets/images/social/captive.png b/assets/images/social/captive.png new file mode 100644 index 00000000..90365f92 Binary files /dev/null and b/assets/images/social/captive.png differ diff --git a/assets/images/social/defaults.png b/assets/images/social/defaults.png new file mode 100644 index 00000000..73fd548d Binary files /dev/null and b/assets/images/social/defaults.png differ diff --git a/assets/images/social/docker.png b/assets/images/social/docker.png new file mode 100644 index 00000000..0c04fa2b Binary files /dev/null and b/assets/images/social/docker.png differ diff --git a/assets/images/social/dynamicdns.png b/assets/images/social/dynamicdns.png new file mode 100644 index 00000000..82360a5d Binary files /dev/null and b/assets/images/social/dynamicdns.png differ diff --git a/assets/images/social/faq.png b/assets/images/social/faq.png new file mode 100644 index 00000000..e25d9e0d Binary files /dev/null and b/assets/images/social/faq.png differ diff --git a/assets/images/social/firewall.png b/assets/images/social/firewall.png new file mode 100644 index 00000000..bd2c666f Binary files /dev/null and b/assets/images/social/firewall.png differ diff --git a/assets/images/social/index.png b/assets/images/social/index.png new file mode 100644 index 00000000..719f2915 Binary files /dev/null and b/assets/images/social/index.png differ diff --git a/assets/images/social/insiders.png b/assets/images/social/insiders.png new file mode 100644 index 00000000..33f0e8c2 Binary files /dev/null and b/assets/images/social/insiders.png differ diff --git a/assets/images/social/issues.png b/assets/images/social/issues.png new file mode 100644 index 00000000..1160fe3d Binary files /dev/null and b/assets/images/social/issues.png differ diff --git a/assets/images/social/manual.png b/assets/images/social/manual.png new file mode 100644 index 00000000..734e6c2c Binary files /dev/null and b/assets/images/social/manual.png differ diff --git a/assets/images/social/minwrite.png b/assets/images/social/minwrite.png new file mode 100644 index 00000000..b1ec4891 Binary files /dev/null and b/assets/images/social/minwrite.png differ diff --git a/assets/images/social/multiple.png b/assets/images/social/multiple.png new file mode 100644 index 00000000..0fbdc0e0 Binary files /dev/null and b/assets/images/social/multiple.png differ diff --git a/assets/images/social/net-devices.png b/assets/images/social/net-devices.png new file mode 100644 index 00000000..01d52545 Binary files /dev/null and b/assets/images/social/net-devices.png differ diff --git a/assets/images/social/openvpn.png b/assets/images/social/openvpn.png new file mode 100644 index 00000000..df92921f Binary files /dev/null and b/assets/images/social/openvpn.png differ diff --git a/assets/images/social/providers.png b/assets/images/social/providers.png new file mode 100644 index 00000000..8583ae52 Binary files /dev/null and b/assets/images/social/providers.png differ diff --git a/assets/images/social/quick.png b/assets/images/social/quick.png new file mode 100644 index 00000000..07966a05 Binary files /dev/null and b/assets/images/social/quick.png differ diff --git a/assets/images/social/repeater.png b/assets/images/social/repeater.png new file mode 100644 index 00000000..923702fd Binary files /dev/null and b/assets/images/social/repeater.png differ diff --git a/assets/images/social/speedtest.png b/assets/images/social/speedtest.png new file mode 100644 index 00000000..e75ea181 Binary files /dev/null and b/assets/images/social/speedtest.png differ diff --git a/assets/images/social/ssl.png b/assets/images/social/ssl.png new file mode 100644 index 00000000..1b57d798 Binary files /dev/null and b/assets/images/social/ssl.png differ diff --git a/assets/images/social/translations.png b/assets/images/social/translations.png new file mode 100644 index 00000000..f79c7e62 Binary files /dev/null and b/assets/images/social/translations.png differ diff --git a/assets/images/social/wireguard.png b/assets/images/social/wireguard.png new file mode 100644 index 00000000..fcc0f9f4 Binary files /dev/null and b/assets/images/social/wireguard.png differ diff --git a/assets/images/social/wlanrouting.png b/assets/images/social/wlanrouting.png new file mode 100644 index 00000000..c1d5db02 Binary files /dev/null and b/assets/images/social/wlanrouting.png differ diff --git a/assets/javascripts/bundle.c8d2eff1.min.js b/assets/javascripts/bundle.c8d2eff1.min.js new file mode 100644 index 00000000..4b1b31f5 --- /dev/null +++ b/assets/javascripts/bundle.c8d2eff1.min.js @@ -0,0 +1,29 @@ +"use strict";(()=>{var _i=Object.create;var br=Object.defineProperty;var Ai=Object.getOwnPropertyDescriptor;var Ci=Object.getOwnPropertyNames,Ft=Object.getOwnPropertySymbols,ki=Object.getPrototypeOf,vr=Object.prototype.hasOwnProperty,eo=Object.prototype.propertyIsEnumerable;var Zr=(e,t,r)=>t in e?br(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,F=(e,t)=>{for(var r in t||(t={}))vr.call(t,r)&&Zr(e,r,t[r]);if(Ft)for(var r of Ft(t))eo.call(t,r)&&Zr(e,r,t[r]);return e};var to=(e,t)=>{var r={};for(var o in e)vr.call(e,o)&&t.indexOf(o)<0&&(r[o]=e[o]);if(e!=null&&Ft)for(var o of Ft(e))t.indexOf(o)<0&&eo.call(e,o)&&(r[o]=e[o]);return r};var gr=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var Hi=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of Ci(t))!vr.call(e,n)&&n!==r&&br(e,n,{get:()=>t[n],enumerable:!(o=Ai(t,n))||o.enumerable});return e};var jt=(e,t,r)=>(r=e!=null?_i(ki(e)):{},Hi(t||!e||!e.__esModule?br(r,"default",{value:e,enumerable:!0}):r,e));var ro=(e,t,r)=>new Promise((o,n)=>{var i=c=>{try{a(r.next(c))}catch(p){n(p)}},s=c=>{try{a(r.throw(c))}catch(p){n(p)}},a=c=>c.done?o(c.value):Promise.resolve(c.value).then(i,s);a((r=r.apply(e,t)).next())});var no=gr((xr,oo)=>{(function(e,t){typeof xr=="object"&&typeof oo!="undefined"?t():typeof define=="function"&&define.amd?define(t):t()})(xr,function(){"use strict";function e(r){var o=!0,n=!1,i=null,s={text:!0,search:!0,url:!0,tel:!0,email:!0,password:!0,number:!0,date:!0,month:!0,week:!0,time:!0,datetime:!0,"datetime-local":!0};function a(C){return!!(C&&C!==document&&C.nodeName!=="HTML"&&C.nodeName!=="BODY"&&"classList"in C&&"contains"in C.classList)}function c(C){var ct=C.type,Ne=C.tagName;return!!(Ne==="INPUT"&&s[ct]&&!C.readOnly||Ne==="TEXTAREA"&&!C.readOnly||C.isContentEditable)}function p(C){C.classList.contains("focus-visible")||(C.classList.add("focus-visible"),C.setAttribute("data-focus-visible-added",""))}function l(C){C.hasAttribute("data-focus-visible-added")&&(C.classList.remove("focus-visible"),C.removeAttribute("data-focus-visible-added"))}function f(C){C.metaKey||C.altKey||C.ctrlKey||(a(r.activeElement)&&p(r.activeElement),o=!0)}function u(C){o=!1}function h(C){a(C.target)&&(o||c(C.target))&&p(C.target)}function w(C){a(C.target)&&(C.target.classList.contains("focus-visible")||C.target.hasAttribute("data-focus-visible-added"))&&(n=!0,window.clearTimeout(i),i=window.setTimeout(function(){n=!1},100),l(C.target))}function A(C){document.visibilityState==="hidden"&&(n&&(o=!0),Z())}function Z(){document.addEventListener("mousemove",J),document.addEventListener("mousedown",J),document.addEventListener("mouseup",J),document.addEventListener("pointermove",J),document.addEventListener("pointerdown",J),document.addEventListener("pointerup",J),document.addEventListener("touchmove",J),document.addEventListener("touchstart",J),document.addEventListener("touchend",J)}function te(){document.removeEventListener("mousemove",J),document.removeEventListener("mousedown",J),document.removeEventListener("mouseup",J),document.removeEventListener("pointermove",J),document.removeEventListener("pointerdown",J),document.removeEventListener("pointerup",J),document.removeEventListener("touchmove",J),document.removeEventListener("touchstart",J),document.removeEventListener("touchend",J)}function J(C){C.target.nodeName&&C.target.nodeName.toLowerCase()==="html"||(o=!1,te())}document.addEventListener("keydown",f,!0),document.addEventListener("mousedown",u,!0),document.addEventListener("pointerdown",u,!0),document.addEventListener("touchstart",u,!0),document.addEventListener("visibilitychange",A,!0),Z(),r.addEventListener("focus",h,!0),r.addEventListener("blur",w,!0),r.nodeType===Node.DOCUMENT_FRAGMENT_NODE&&r.host?r.host.setAttribute("data-js-focus-visible",""):r.nodeType===Node.DOCUMENT_NODE&&(document.documentElement.classList.add("js-focus-visible"),document.documentElement.setAttribute("data-js-focus-visible",""))}if(typeof window!="undefined"&&typeof document!="undefined"){window.applyFocusVisiblePolyfill=e;var t;try{t=new CustomEvent("focus-visible-polyfill-ready")}catch(r){t=document.createEvent("CustomEvent"),t.initCustomEvent("focus-visible-polyfill-ready",!1,!1,{})}window.dispatchEvent(t)}typeof document!="undefined"&&e(document)})});var zr=gr((kt,Vr)=>{/*! + * clipboard.js v2.0.11 + * https://clipboardjs.com/ + * + * Licensed MIT ยฉ Zeno Rocha + */(function(t,r){typeof kt=="object"&&typeof Vr=="object"?Vr.exports=r():typeof define=="function"&&define.amd?define([],r):typeof kt=="object"?kt.ClipboardJS=r():t.ClipboardJS=r()})(kt,function(){return function(){var e={686:function(o,n,i){"use strict";i.d(n,{default:function(){return Li}});var s=i(279),a=i.n(s),c=i(370),p=i.n(c),l=i(817),f=i.n(l);function u(D){try{return document.execCommand(D)}catch(M){return!1}}var h=function(M){var O=f()(M);return u("cut"),O},w=h;function A(D){var M=document.documentElement.getAttribute("dir")==="rtl",O=document.createElement("textarea");O.style.fontSize="12pt",O.style.border="0",O.style.padding="0",O.style.margin="0",O.style.position="absolute",O.style[M?"right":"left"]="-9999px";var I=window.pageYOffset||document.documentElement.scrollTop;return O.style.top="".concat(I,"px"),O.setAttribute("readonly",""),O.value=D,O}var Z=function(M,O){var I=A(M);O.container.appendChild(I);var W=f()(I);return u("copy"),I.remove(),W},te=function(M){var O=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{container:document.body},I="";return typeof M=="string"?I=Z(M,O):M instanceof HTMLInputElement&&!["text","search","url","tel","password"].includes(M==null?void 0:M.type)?I=Z(M.value,O):(I=f()(M),u("copy")),I},J=te;function C(D){"@babel/helpers - typeof";return typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?C=function(O){return typeof O}:C=function(O){return O&&typeof Symbol=="function"&&O.constructor===Symbol&&O!==Symbol.prototype?"symbol":typeof O},C(D)}var ct=function(){var M=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},O=M.action,I=O===void 0?"copy":O,W=M.container,K=M.target,Ce=M.text;if(I!=="copy"&&I!=="cut")throw new Error('Invalid "action" value, use either "copy" or "cut"');if(K!==void 0)if(K&&C(K)==="object"&&K.nodeType===1){if(I==="copy"&&K.hasAttribute("disabled"))throw new Error('Invalid "target" attribute. Please use "readonly" instead of "disabled" attribute');if(I==="cut"&&(K.hasAttribute("readonly")||K.hasAttribute("disabled")))throw new Error(`Invalid "target" attribute. You can't cut text from elements with "readonly" or "disabled" attributes`)}else throw new Error('Invalid "target" value, use a valid Element');if(Ce)return J(Ce,{container:W});if(K)return I==="cut"?w(K):J(K,{container:W})},Ne=ct;function Pe(D){"@babel/helpers - typeof";return typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?Pe=function(O){return typeof O}:Pe=function(O){return O&&typeof Symbol=="function"&&O.constructor===Symbol&&O!==Symbol.prototype?"symbol":typeof O},Pe(D)}function xi(D,M){if(!(D instanceof M))throw new TypeError("Cannot call a class as a function")}function Xr(D,M){for(var O=0;O0&&arguments[0]!==void 0?arguments[0]:{};this.action=typeof W.action=="function"?W.action:this.defaultAction,this.target=typeof W.target=="function"?W.target:this.defaultTarget,this.text=typeof W.text=="function"?W.text:this.defaultText,this.container=Pe(W.container)==="object"?W.container:document.body}},{key:"listenClick",value:function(W){var K=this;this.listener=p()(W,"click",function(Ce){return K.onClick(Ce)})}},{key:"onClick",value:function(W){var K=W.delegateTarget||W.currentTarget,Ce=this.action(K)||"copy",It=Ne({action:Ce,container:this.container,target:this.target(K),text:this.text(K)});this.emit(It?"success":"error",{action:Ce,text:It,trigger:K,clearSelection:function(){K&&K.focus(),window.getSelection().removeAllRanges()}})}},{key:"defaultAction",value:function(W){return hr("action",W)}},{key:"defaultTarget",value:function(W){var K=hr("target",W);if(K)return document.querySelector(K)}},{key:"defaultText",value:function(W){return hr("text",W)}},{key:"destroy",value:function(){this.listener.destroy()}}],[{key:"copy",value:function(W){var K=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{container:document.body};return J(W,K)}},{key:"cut",value:function(W){return w(W)}},{key:"isSupported",value:function(){var W=arguments.length>0&&arguments[0]!==void 0?arguments[0]:["copy","cut"],K=typeof W=="string"?[W]:W,Ce=!!document.queryCommandSupported;return K.forEach(function(It){Ce=Ce&&!!document.queryCommandSupported(It)}),Ce}}]),O}(a()),Li=Mi},828:function(o){var n=9;if(typeof Element!="undefined"&&!Element.prototype.matches){var i=Element.prototype;i.matches=i.matchesSelector||i.mozMatchesSelector||i.msMatchesSelector||i.oMatchesSelector||i.webkitMatchesSelector}function s(a,c){for(;a&&a.nodeType!==n;){if(typeof a.matches=="function"&&a.matches(c))return a;a=a.parentNode}}o.exports=s},438:function(o,n,i){var s=i(828);function a(l,f,u,h,w){var A=p.apply(this,arguments);return l.addEventListener(u,A,w),{destroy:function(){l.removeEventListener(u,A,w)}}}function c(l,f,u,h,w){return typeof l.addEventListener=="function"?a.apply(null,arguments):typeof u=="function"?a.bind(null,document).apply(null,arguments):(typeof l=="string"&&(l=document.querySelectorAll(l)),Array.prototype.map.call(l,function(A){return a(A,f,u,h,w)}))}function p(l,f,u,h){return function(w){w.delegateTarget=s(w.target,f),w.delegateTarget&&h.call(l,w)}}o.exports=c},879:function(o,n){n.node=function(i){return i!==void 0&&i instanceof HTMLElement&&i.nodeType===1},n.nodeList=function(i){var s=Object.prototype.toString.call(i);return i!==void 0&&(s==="[object NodeList]"||s==="[object HTMLCollection]")&&"length"in i&&(i.length===0||n.node(i[0]))},n.string=function(i){return typeof i=="string"||i instanceof String},n.fn=function(i){var s=Object.prototype.toString.call(i);return s==="[object Function]"}},370:function(o,n,i){var s=i(879),a=i(438);function c(u,h,w){if(!u&&!h&&!w)throw new Error("Missing required arguments");if(!s.string(h))throw new TypeError("Second argument must be a String");if(!s.fn(w))throw new TypeError("Third argument must be a Function");if(s.node(u))return p(u,h,w);if(s.nodeList(u))return l(u,h,w);if(s.string(u))return f(u,h,w);throw new TypeError("First argument must be a String, HTMLElement, HTMLCollection, or NodeList")}function p(u,h,w){return u.addEventListener(h,w),{destroy:function(){u.removeEventListener(h,w)}}}function l(u,h,w){return Array.prototype.forEach.call(u,function(A){A.addEventListener(h,w)}),{destroy:function(){Array.prototype.forEach.call(u,function(A){A.removeEventListener(h,w)})}}}function f(u,h,w){return a(document.body,u,h,w)}o.exports=c},817:function(o){function n(i){var s;if(i.nodeName==="SELECT")i.focus(),s=i.value;else if(i.nodeName==="INPUT"||i.nodeName==="TEXTAREA"){var a=i.hasAttribute("readonly");a||i.setAttribute("readonly",""),i.select(),i.setSelectionRange(0,i.value.length),a||i.removeAttribute("readonly"),s=i.value}else{i.hasAttribute("contenteditable")&&i.focus();var c=window.getSelection(),p=document.createRange();p.selectNodeContents(i),c.removeAllRanges(),c.addRange(p),s=c.toString()}return s}o.exports=n},279:function(o){function n(){}n.prototype={on:function(i,s,a){var c=this.e||(this.e={});return(c[i]||(c[i]=[])).push({fn:s,ctx:a}),this},once:function(i,s,a){var c=this;function p(){c.off(i,p),s.apply(a,arguments)}return p._=s,this.on(i,p,a)},emit:function(i){var s=[].slice.call(arguments,1),a=((this.e||(this.e={}))[i]||[]).slice(),c=0,p=a.length;for(c;c{"use strict";/*! + * escape-html + * Copyright(c) 2012-2013 TJ Holowaychuk + * Copyright(c) 2015 Andreas Lubbe + * Copyright(c) 2015 Tiancheng "Timothy" Gu + * MIT Licensed + */var Va=/["'&<>]/;qn.exports=za;function za(e){var t=""+e,r=Va.exec(t);if(!r)return t;var o,n="",i=0,s=0;for(i=r.index;i0&&i[i.length-1])&&(p[0]===6||p[0]===2)){r=0;continue}if(p[0]===3&&(!i||p[1]>i[0]&&p[1]=e.length&&(e=void 0),{value:e&&e[o++],done:!e}}};throw new TypeError(t?"Object is not iterable.":"Symbol.iterator is not defined.")}function V(e,t){var r=typeof Symbol=="function"&&e[Symbol.iterator];if(!r)return e;var o=r.call(e),n,i=[],s;try{for(;(t===void 0||t-- >0)&&!(n=o.next()).done;)i.push(n.value)}catch(a){s={error:a}}finally{try{n&&!n.done&&(r=o.return)&&r.call(o)}finally{if(s)throw s.error}}return i}function z(e,t,r){if(r||arguments.length===2)for(var o=0,n=t.length,i;o1||a(u,h)})})}function a(u,h){try{c(o[u](h))}catch(w){f(i[0][3],w)}}function c(u){u.value instanceof ot?Promise.resolve(u.value.v).then(p,l):f(i[0][2],u)}function p(u){a("next",u)}function l(u){a("throw",u)}function f(u,h){u(h),i.shift(),i.length&&a(i[0][0],i[0][1])}}function so(e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var t=e[Symbol.asyncIterator],r;return t?t.call(e):(e=typeof ue=="function"?ue(e):e[Symbol.iterator](),r={},o("next"),o("throw"),o("return"),r[Symbol.asyncIterator]=function(){return this},r);function o(i){r[i]=e[i]&&function(s){return new Promise(function(a,c){s=e[i](s),n(a,c,s.done,s.value)})}}function n(i,s,a,c){Promise.resolve(c).then(function(p){i({value:p,done:a})},s)}}function k(e){return typeof e=="function"}function pt(e){var t=function(o){Error.call(o),o.stack=new Error().stack},r=e(t);return r.prototype=Object.create(Error.prototype),r.prototype.constructor=r,r}var Wt=pt(function(e){return function(r){e(this),this.message=r?r.length+` errors occurred during unsubscription: +`+r.map(function(o,n){return n+1+") "+o.toString()}).join(` + `):"",this.name="UnsubscriptionError",this.errors=r}});function Ve(e,t){if(e){var r=e.indexOf(t);0<=r&&e.splice(r,1)}}var Ie=function(){function e(t){this.initialTeardown=t,this.closed=!1,this._parentage=null,this._finalizers=null}return e.prototype.unsubscribe=function(){var t,r,o,n,i;if(!this.closed){this.closed=!0;var s=this._parentage;if(s)if(this._parentage=null,Array.isArray(s))try{for(var a=ue(s),c=a.next();!c.done;c=a.next()){var p=c.value;p.remove(this)}}catch(A){t={error:A}}finally{try{c&&!c.done&&(r=a.return)&&r.call(a)}finally{if(t)throw t.error}}else s.remove(this);var l=this.initialTeardown;if(k(l))try{l()}catch(A){i=A instanceof Wt?A.errors:[A]}var f=this._finalizers;if(f){this._finalizers=null;try{for(var u=ue(f),h=u.next();!h.done;h=u.next()){var w=h.value;try{co(w)}catch(A){i=i!=null?i:[],A instanceof Wt?i=z(z([],V(i)),V(A.errors)):i.push(A)}}}catch(A){o={error:A}}finally{try{h&&!h.done&&(n=u.return)&&n.call(u)}finally{if(o)throw o.error}}}if(i)throw new Wt(i)}},e.prototype.add=function(t){var r;if(t&&t!==this)if(this.closed)co(t);else{if(t instanceof e){if(t.closed||t._hasParent(this))return;t._addParent(this)}(this._finalizers=(r=this._finalizers)!==null&&r!==void 0?r:[]).push(t)}},e.prototype._hasParent=function(t){var r=this._parentage;return r===t||Array.isArray(r)&&r.includes(t)},e.prototype._addParent=function(t){var r=this._parentage;this._parentage=Array.isArray(r)?(r.push(t),r):r?[r,t]:t},e.prototype._removeParent=function(t){var r=this._parentage;r===t?this._parentage=null:Array.isArray(r)&&Ve(r,t)},e.prototype.remove=function(t){var r=this._finalizers;r&&Ve(r,t),t instanceof e&&t._removeParent(this)},e.EMPTY=function(){var t=new e;return t.closed=!0,t}(),e}();var Er=Ie.EMPTY;function Dt(e){return e instanceof Ie||e&&"closed"in e&&k(e.remove)&&k(e.add)&&k(e.unsubscribe)}function co(e){k(e)?e():e.unsubscribe()}var ke={onUnhandledError:null,onStoppedNotification:null,Promise:void 0,useDeprecatedSynchronousErrorHandling:!1,useDeprecatedNextContext:!1};var lt={setTimeout:function(e,t){for(var r=[],o=2;o0},enumerable:!1,configurable:!0}),t.prototype._trySubscribe=function(r){return this._throwIfClosed(),e.prototype._trySubscribe.call(this,r)},t.prototype._subscribe=function(r){return this._throwIfClosed(),this._checkFinalizedStatuses(r),this._innerSubscribe(r)},t.prototype._innerSubscribe=function(r){var o=this,n=this,i=n.hasError,s=n.isStopped,a=n.observers;return i||s?Er:(this.currentObservers=null,a.push(r),new Ie(function(){o.currentObservers=null,Ve(a,r)}))},t.prototype._checkFinalizedStatuses=function(r){var o=this,n=o.hasError,i=o.thrownError,s=o.isStopped;n?r.error(i):s&&r.complete()},t.prototype.asObservable=function(){var r=new j;return r.source=this,r},t.create=function(r,o){return new vo(r,o)},t}(j);var vo=function(e){se(t,e);function t(r,o){var n=e.call(this)||this;return n.destination=r,n.source=o,n}return t.prototype.next=function(r){var o,n;(n=(o=this.destination)===null||o===void 0?void 0:o.next)===null||n===void 0||n.call(o,r)},t.prototype.error=function(r){var o,n;(n=(o=this.destination)===null||o===void 0?void 0:o.error)===null||n===void 0||n.call(o,r)},t.prototype.complete=function(){var r,o;(o=(r=this.destination)===null||r===void 0?void 0:r.complete)===null||o===void 0||o.call(r)},t.prototype._subscribe=function(r){var o,n;return(n=(o=this.source)===null||o===void 0?void 0:o.subscribe(r))!==null&&n!==void 0?n:Er},t}(v);var St={now:function(){return(St.delegate||Date).now()},delegate:void 0};var Ot=function(e){se(t,e);function t(r,o,n){r===void 0&&(r=1/0),o===void 0&&(o=1/0),n===void 0&&(n=St);var i=e.call(this)||this;return i._bufferSize=r,i._windowTime=o,i._timestampProvider=n,i._buffer=[],i._infiniteTimeWindow=!0,i._infiniteTimeWindow=o===1/0,i._bufferSize=Math.max(1,r),i._windowTime=Math.max(1,o),i}return t.prototype.next=function(r){var o=this,n=o.isStopped,i=o._buffer,s=o._infiniteTimeWindow,a=o._timestampProvider,c=o._windowTime;n||(i.push(r),!s&&i.push(a.now()+c)),this._trimBuffer(),e.prototype.next.call(this,r)},t.prototype._subscribe=function(r){this._throwIfClosed(),this._trimBuffer();for(var o=this._innerSubscribe(r),n=this,i=n._infiniteTimeWindow,s=n._buffer,a=s.slice(),c=0;c0?e.prototype.requestAsyncId.call(this,r,o,n):(r.actions.push(this),r._scheduled||(r._scheduled=ut.requestAnimationFrame(function(){return r.flush(void 0)})))},t.prototype.recycleAsyncId=function(r,o,n){var i;if(n===void 0&&(n=0),n!=null?n>0:this.delay>0)return e.prototype.recycleAsyncId.call(this,r,o,n);var s=r.actions;o!=null&&((i=s[s.length-1])===null||i===void 0?void 0:i.id)!==o&&(ut.cancelAnimationFrame(o),r._scheduled=void 0)},t}(zt);var yo=function(e){se(t,e);function t(){return e!==null&&e.apply(this,arguments)||this}return t.prototype.flush=function(r){this._active=!0;var o=this._scheduled;this._scheduled=void 0;var n=this.actions,i;r=r||n.shift();do if(i=r.execute(r.state,r.delay))break;while((r=n[0])&&r.id===o&&n.shift());if(this._active=!1,i){for(;(r=n[0])&&r.id===o&&n.shift();)r.unsubscribe();throw i}},t}(qt);var de=new yo(xo);var L=new j(function(e){return e.complete()});function Kt(e){return e&&k(e.schedule)}function _r(e){return e[e.length-1]}function Je(e){return k(_r(e))?e.pop():void 0}function Ae(e){return Kt(_r(e))?e.pop():void 0}function Qt(e,t){return typeof _r(e)=="number"?e.pop():t}var dt=function(e){return e&&typeof e.length=="number"&&typeof e!="function"};function Yt(e){return k(e==null?void 0:e.then)}function Bt(e){return k(e[ft])}function Gt(e){return Symbol.asyncIterator&&k(e==null?void 0:e[Symbol.asyncIterator])}function Jt(e){return new TypeError("You provided "+(e!==null&&typeof e=="object"?"an invalid object":"'"+e+"'")+" where a stream was expected. You can provide an Observable, Promise, ReadableStream, Array, AsyncIterable, or Iterable.")}function Di(){return typeof Symbol!="function"||!Symbol.iterator?"@@iterator":Symbol.iterator}var Xt=Di();function Zt(e){return k(e==null?void 0:e[Xt])}function er(e){return ao(this,arguments,function(){var r,o,n,i;return Ut(this,function(s){switch(s.label){case 0:r=e.getReader(),s.label=1;case 1:s.trys.push([1,,9,10]),s.label=2;case 2:return[4,ot(r.read())];case 3:return o=s.sent(),n=o.value,i=o.done,i?[4,ot(void 0)]:[3,5];case 4:return[2,s.sent()];case 5:return[4,ot(n)];case 6:return[4,s.sent()];case 7:return s.sent(),[3,2];case 8:return[3,10];case 9:return r.releaseLock(),[7];case 10:return[2]}})})}function tr(e){return k(e==null?void 0:e.getReader)}function N(e){if(e instanceof j)return e;if(e!=null){if(Bt(e))return Ni(e);if(dt(e))return Vi(e);if(Yt(e))return zi(e);if(Gt(e))return Eo(e);if(Zt(e))return qi(e);if(tr(e))return Ki(e)}throw Jt(e)}function Ni(e){return new j(function(t){var r=e[ft]();if(k(r.subscribe))return r.subscribe(t);throw new TypeError("Provided object does not correctly implement Symbol.observable")})}function Vi(e){return new j(function(t){for(var r=0;r=2;return function(o){return o.pipe(e?g(function(n,i){return e(n,i,o)}):ce,ye(1),r?Qe(t):jo(function(){return new or}))}}function $r(e){return e<=0?function(){return L}:x(function(t,r){var o=[];t.subscribe(S(r,function(n){o.push(n),e=2,!0))}function le(e){e===void 0&&(e={});var t=e.connector,r=t===void 0?function(){return new v}:t,o=e.resetOnError,n=o===void 0?!0:o,i=e.resetOnComplete,s=i===void 0?!0:i,a=e.resetOnRefCountZero,c=a===void 0?!0:a;return function(p){var l,f,u,h=0,w=!1,A=!1,Z=function(){f==null||f.unsubscribe(),f=void 0},te=function(){Z(),l=u=void 0,w=A=!1},J=function(){var C=l;te(),C==null||C.unsubscribe()};return x(function(C,ct){h++,!A&&!w&&Z();var Ne=u=u!=null?u:r();ct.add(function(){h--,h===0&&!A&&!w&&(f=Pr(J,c))}),Ne.subscribe(ct),!l&&h>0&&(l=new it({next:function(Pe){return Ne.next(Pe)},error:function(Pe){A=!0,Z(),f=Pr(te,n,Pe),Ne.error(Pe)},complete:function(){w=!0,Z(),f=Pr(te,s),Ne.complete()}}),N(C).subscribe(l))})(p)}}function Pr(e,t){for(var r=[],o=2;oe.next(document)),e}function R(e,t=document){return Array.from(t.querySelectorAll(e))}function P(e,t=document){let r=me(e,t);if(typeof r=="undefined")throw new ReferenceError(`Missing element: expected "${e}" to be present`);return r}function me(e,t=document){return t.querySelector(e)||void 0}function Re(){var e,t,r,o;return(o=(r=(t=(e=document.activeElement)==null?void 0:e.shadowRoot)==null?void 0:t.activeElement)!=null?r:document.activeElement)!=null?o:void 0}var la=T(d(document.body,"focusin"),d(document.body,"focusout")).pipe(be(1),q(void 0),m(()=>Re()||document.body),B(1));function vt(e){return la.pipe(m(t=>e.contains(t)),Y())}function Vo(e,t){return T(d(e,"mouseenter").pipe(m(()=>!0)),d(e,"mouseleave").pipe(m(()=>!1))).pipe(t?be(t):ce,q(!1))}function Ue(e){return{x:e.offsetLeft,y:e.offsetTop}}function zo(e){return T(d(window,"load"),d(window,"resize")).pipe(Me(0,de),m(()=>Ue(e)),q(Ue(e)))}function ir(e){return{x:e.scrollLeft,y:e.scrollTop}}function et(e){return T(d(e,"scroll"),d(window,"resize")).pipe(Me(0,de),m(()=>ir(e)),q(ir(e)))}function qo(e,t){if(typeof t=="string"||typeof t=="number")e.innerHTML+=t.toString();else if(t instanceof Node)e.appendChild(t);else if(Array.isArray(t))for(let r of t)qo(e,r)}function E(e,t,...r){let o=document.createElement(e);if(t)for(let n of Object.keys(t))typeof t[n]!="undefined"&&(typeof t[n]!="boolean"?o.setAttribute(n,t[n]):o.setAttribute(n,""));for(let n of r)qo(o,n);return o}function ar(e){if(e>999){let t=+((e-950)%1e3>99);return`${((e+1e-6)/1e3).toFixed(t)}k`}else return e.toString()}function gt(e){let t=E("script",{src:e});return H(()=>(document.head.appendChild(t),T(d(t,"load"),d(t,"error").pipe(b(()=>Ar(()=>new ReferenceError(`Invalid script: ${e}`))))).pipe(m(()=>{}),_(()=>document.head.removeChild(t)),ye(1))))}var Ko=new v,ma=H(()=>typeof ResizeObserver=="undefined"?gt("https://unpkg.com/resize-observer-polyfill"):$(void 0)).pipe(m(()=>new ResizeObserver(e=>{for(let t of e)Ko.next(t)})),b(e=>T(qe,$(e)).pipe(_(()=>e.disconnect()))),B(1));function pe(e){return{width:e.offsetWidth,height:e.offsetHeight}}function Ee(e){return ma.pipe(y(t=>t.observe(e)),b(t=>Ko.pipe(g(({target:r})=>r===e),_(()=>t.unobserve(e)),m(()=>pe(e)))),q(pe(e)))}function xt(e){return{width:e.scrollWidth,height:e.scrollHeight}}function sr(e){let t=e.parentElement;for(;t&&(e.scrollWidth<=t.scrollWidth&&e.scrollHeight<=t.scrollHeight);)t=(e=t).parentElement;return t?e:void 0}var Qo=new v,fa=H(()=>$(new IntersectionObserver(e=>{for(let t of e)Qo.next(t)},{threshold:0}))).pipe(b(e=>T(qe,$(e)).pipe(_(()=>e.disconnect()))),B(1));function yt(e){return fa.pipe(y(t=>t.observe(e)),b(t=>Qo.pipe(g(({target:r})=>r===e),_(()=>t.unobserve(e)),m(({isIntersecting:r})=>r))))}function Yo(e,t=16){return et(e).pipe(m(({y:r})=>{let o=pe(e),n=xt(e);return r>=n.height-o.height-t}),Y())}var cr={drawer:P("[data-md-toggle=drawer]"),search:P("[data-md-toggle=search]")};function Bo(e){return cr[e].checked}function Be(e,t){cr[e].checked!==t&&cr[e].click()}function We(e){let t=cr[e];return d(t,"change").pipe(m(()=>t.checked),q(t.checked))}function ua(e,t){switch(e.constructor){case HTMLInputElement:return e.type==="radio"?/^Arrow/.test(t):!0;case HTMLSelectElement:case HTMLTextAreaElement:return!0;default:return e.isContentEditable}}function da(){return T(d(window,"compositionstart").pipe(m(()=>!0)),d(window,"compositionend").pipe(m(()=>!1))).pipe(q(!1))}function Go(){let e=d(window,"keydown").pipe(g(t=>!(t.metaKey||t.ctrlKey)),m(t=>({mode:Bo("search")?"search":"global",type:t.key,claim(){t.preventDefault(),t.stopPropagation()}})),g(({mode:t,type:r})=>{if(t==="global"){let o=Re();if(typeof o!="undefined")return!ua(o,r)}return!0}),le());return da().pipe(b(t=>t?L:e))}function ve(){return new URL(location.href)}function st(e,t=!1){if(G("navigation.instant")&&!t){let r=E("a",{href:e.href});document.body.appendChild(r),r.click(),r.remove()}else location.href=e.href}function Jo(){return new v}function Xo(){return location.hash.slice(1)}function Zo(e){let t=E("a",{href:e});t.addEventListener("click",r=>r.stopPropagation()),t.click()}function ha(e){return T(d(window,"hashchange"),e).pipe(m(Xo),q(Xo()),g(t=>t.length>0),B(1))}function en(e){return ha(e).pipe(m(t=>me(`[id="${t}"]`)),g(t=>typeof t!="undefined"))}function At(e){let t=matchMedia(e);return nr(r=>t.addListener(()=>r(t.matches))).pipe(q(t.matches))}function tn(){let e=matchMedia("print");return T(d(window,"beforeprint").pipe(m(()=>!0)),d(window,"afterprint").pipe(m(()=>!1))).pipe(q(e.matches))}function Ur(e,t){return e.pipe(b(r=>r?t():L))}function Wr(e,t){return new j(r=>{let o=new XMLHttpRequest;return o.open("GET",`${e}`),o.responseType="blob",o.addEventListener("load",()=>{o.status>=200&&o.status<300?(r.next(o.response),r.complete()):r.error(new Error(o.statusText))}),o.addEventListener("error",()=>{r.error(new Error("Network error"))}),o.addEventListener("abort",()=>{r.complete()}),typeof(t==null?void 0:t.progress$)!="undefined"&&(o.addEventListener("progress",n=>{var i;if(n.lengthComputable)t.progress$.next(n.loaded/n.total*100);else{let s=(i=o.getResponseHeader("Content-Length"))!=null?i:0;t.progress$.next(n.loaded/+s*100)}}),t.progress$.next(5)),o.send(),()=>o.abort()})}function De(e,t){return Wr(e,t).pipe(b(r=>r.text()),m(r=>JSON.parse(r)),B(1))}function rn(e,t){let r=new DOMParser;return Wr(e,t).pipe(b(o=>o.text()),m(o=>r.parseFromString(o,"text/html")),B(1))}function on(e,t){let r=new DOMParser;return Wr(e,t).pipe(b(o=>o.text()),m(o=>r.parseFromString(o,"text/xml")),B(1))}function nn(){return{x:Math.max(0,scrollX),y:Math.max(0,scrollY)}}function an(){return T(d(window,"scroll",{passive:!0}),d(window,"resize",{passive:!0})).pipe(m(nn),q(nn()))}function sn(){return{width:innerWidth,height:innerHeight}}function cn(){return d(window,"resize",{passive:!0}).pipe(m(sn),q(sn()))}function pn(){return Q([an(),cn()]).pipe(m(([e,t])=>({offset:e,size:t})),B(1))}function pr(e,{viewport$:t,header$:r}){let o=t.pipe(X("size")),n=Q([o,r]).pipe(m(()=>Ue(e)));return Q([r,t,n]).pipe(m(([{height:i},{offset:s,size:a},{x:c,y:p}])=>({offset:{x:s.x-c,y:s.y-p+i},size:a})))}function ba(e){return d(e,"message",t=>t.data)}function va(e){let t=new v;return t.subscribe(r=>e.postMessage(r)),t}function ln(e,t=new Worker(e)){let r=ba(t),o=va(t),n=new v;n.subscribe(o);let i=o.pipe(ee(),oe(!0));return n.pipe(ee(),$e(r.pipe(U(i))),le())}var ga=P("#__config"),Et=JSON.parse(ga.textContent);Et.base=`${new URL(Et.base,ve())}`;function we(){return Et}function G(e){return Et.features.includes(e)}function ge(e,t){return typeof t!="undefined"?Et.translations[e].replace("#",t.toString()):Et.translations[e]}function Te(e,t=document){return P(`[data-md-component=${e}]`,t)}function ne(e,t=document){return R(`[data-md-component=${e}]`,t)}function xa(e){let t=P(".md-typeset > :first-child",e);return d(t,"click",{once:!0}).pipe(m(()=>P(".md-typeset",e)),m(r=>({hash:__md_hash(r.innerHTML)})))}function mn(e){if(!G("announce.dismiss")||!e.childElementCount)return L;if(!e.hidden){let t=P(".md-typeset",e);__md_hash(t.innerHTML)===__md_get("__announce")&&(e.hidden=!0)}return H(()=>{let t=new v;return t.subscribe(({hash:r})=>{e.hidden=!0,__md_set("__announce",r)}),xa(e).pipe(y(r=>t.next(r)),_(()=>t.complete()),m(r=>F({ref:e},r)))})}function ya(e,{target$:t}){return t.pipe(m(r=>({hidden:r!==e})))}function fn(e,t){let r=new v;return r.subscribe(({hidden:o})=>{e.hidden=o}),ya(e,t).pipe(y(o=>r.next(o)),_(()=>r.complete()),m(o=>F({ref:e},o)))}function Ct(e,t){return t==="inline"?E("div",{class:"md-tooltip md-tooltip--inline",id:e,role:"tooltip"},E("div",{class:"md-tooltip__inner md-typeset"})):E("div",{class:"md-tooltip",id:e,role:"tooltip"},E("div",{class:"md-tooltip__inner md-typeset"}))}function un(e,t){if(t=t?`${t}_annotation_${e}`:void 0,t){let r=t?`#${t}`:void 0;return E("aside",{class:"md-annotation",tabIndex:0},Ct(t),E("a",{href:r,class:"md-annotation__index",tabIndex:-1},E("span",{"data-md-annotation-id":e})))}else return E("aside",{class:"md-annotation",tabIndex:0},Ct(t),E("span",{class:"md-annotation__index",tabIndex:-1},E("span",{"data-md-annotation-id":e})))}function dn(e){return E("button",{class:"md-clipboard md-icon",title:ge("clipboard.copy"),"data-clipboard-target":`#${e} > code`})}function Dr(e,t){let r=t&2,o=t&1,n=Object.keys(e.terms).filter(c=>!e.terms[c]).reduce((c,p)=>[...c,E("del",null,p)," "],[]).slice(0,-1),i=we(),s=new URL(e.location,i.base);G("search.highlight")&&s.searchParams.set("h",Object.entries(e.terms).filter(([,c])=>c).reduce((c,[p])=>`${c} ${p}`.trim(),""));let{tags:a}=we();return E("a",{href:`${s}`,class:"md-search-result__link",tabIndex:-1},E("article",{class:"md-search-result__article md-typeset","data-md-score":e.score.toFixed(2)},r>0&&E("div",{class:"md-search-result__icon md-icon"}),r>0&&E("h1",null,e.title),r<=0&&E("h2",null,e.title),o>0&&e.text.length>0&&e.text,e.tags&&e.tags.map(c=>{let p=a?c in a?`md-tag-icon md-tag--${a[c]}`:"md-tag-icon":"";return E("span",{class:`md-tag ${p}`},c)}),o>0&&n.length>0&&E("p",{class:"md-search-result__terms"},ge("search.result.term.missing"),": ",...n)))}function hn(e){let t=e[0].score,r=[...e],o=we(),n=r.findIndex(l=>!`${new URL(l.location,o.base)}`.includes("#")),[i]=r.splice(n,1),s=r.findIndex(l=>l.scoreDr(l,1)),...c.length?[E("details",{class:"md-search-result__more"},E("summary",{tabIndex:-1},E("div",null,c.length>0&&c.length===1?ge("search.result.more.one"):ge("search.result.more.other",c.length))),...c.map(l=>Dr(l,1)))]:[]];return E("li",{class:"md-search-result__item"},p)}function bn(e){return E("ul",{class:"md-source__facts"},Object.entries(e).map(([t,r])=>E("li",{class:`md-source__fact md-source__fact--${t}`},typeof r=="number"?ar(r):r)))}function Nr(e){let t=`tabbed-control tabbed-control--${e}`;return E("div",{class:t,hidden:!0},E("button",{class:"tabbed-button",tabIndex:-1,"aria-hidden":"true"}))}function vn(e){return E("div",{class:"md-typeset__scrollwrap"},E("div",{class:"md-typeset__table"},e))}function Ea(e){let t=we(),r=new URL(`../${e.version}/`,t.base);return E("li",{class:"md-version__item"},E("a",{href:`${r}`,class:"md-version__link"},e.title))}function gn(e,t){return E("div",{class:"md-version"},E("button",{class:"md-version__current","aria-label":ge("select.version")},t.title),E("ul",{class:"md-version__list"},e.map(Ea)))}var wa=0;function Ta(e,t){document.body.append(e);let{width:r}=pe(e);e.style.setProperty("--md-tooltip-width",`${r}px`),e.remove();let o=sr(t),n=typeof o!="undefined"?et(o):$({x:0,y:0}),i=T(vt(t),Vo(t)).pipe(Y());return Q([i,n]).pipe(m(([s,a])=>{let{x:c,y:p}=Ue(t),l=pe(t),f=t.closest("table");return f&&t.parentElement&&(c+=f.offsetLeft+t.parentElement.offsetLeft,p+=f.offsetTop+t.parentElement.offsetTop),{active:s,offset:{x:c-a.x+l.width/2-r/2,y:p-a.y+l.height+8}}}))}function Ge(e){let t=e.title;if(!t.length)return L;let r=`__tooltip_${wa++}`,o=Ct(r,"inline"),n=P(".md-typeset",o);return n.innerHTML=t,H(()=>{let i=new v;return i.subscribe({next({offset:s}){o.style.setProperty("--md-tooltip-x",`${s.x}px`),o.style.setProperty("--md-tooltip-y",`${s.y}px`)},complete(){o.style.removeProperty("--md-tooltip-x"),o.style.removeProperty("--md-tooltip-y")}}),T(i.pipe(g(({active:s})=>s)),i.pipe(be(250),g(({active:s})=>!s))).subscribe({next({active:s}){s?(e.insertAdjacentElement("afterend",o),e.setAttribute("aria-describedby",r),e.removeAttribute("title")):(o.remove(),e.removeAttribute("aria-describedby"),e.setAttribute("title",t))},complete(){o.remove(),e.removeAttribute("aria-describedby"),e.setAttribute("title",t)}}),i.pipe(Me(16,de)).subscribe(({active:s})=>{o.classList.toggle("md-tooltip--active",s)}),i.pipe(_t(125,de),g(()=>!!e.offsetParent),m(()=>e.offsetParent.getBoundingClientRect()),m(({x:s})=>s)).subscribe({next(s){s?o.style.setProperty("--md-tooltip-0",`${-s}px`):o.style.removeProperty("--md-tooltip-0")},complete(){o.style.removeProperty("--md-tooltip-0")}}),Ta(o,e).pipe(y(s=>i.next(s)),_(()=>i.complete()),m(s=>F({ref:e},s)))}).pipe(ze(ie))}function Sa(e,t){let r=H(()=>Q([zo(e),et(t)])).pipe(m(([{x:o,y:n},i])=>{let{width:s,height:a}=pe(e);return{x:o-i.x+s/2,y:n-i.y+a/2}}));return vt(e).pipe(b(o=>r.pipe(m(n=>({active:o,offset:n})),ye(+!o||1/0))))}function xn(e,t,{target$:r}){let[o,n]=Array.from(e.children);return H(()=>{let i=new v,s=i.pipe(ee(),oe(!0));return i.subscribe({next({offset:a}){e.style.setProperty("--md-tooltip-x",`${a.x}px`),e.style.setProperty("--md-tooltip-y",`${a.y}px`)},complete(){e.style.removeProperty("--md-tooltip-x"),e.style.removeProperty("--md-tooltip-y")}}),yt(e).pipe(U(s)).subscribe(a=>{e.toggleAttribute("data-md-visible",a)}),T(i.pipe(g(({active:a})=>a)),i.pipe(be(250),g(({active:a})=>!a))).subscribe({next({active:a}){a?e.prepend(o):o.remove()},complete(){e.prepend(o)}}),i.pipe(Me(16,de)).subscribe(({active:a})=>{o.classList.toggle("md-tooltip--active",a)}),i.pipe(_t(125,de),g(()=>!!e.offsetParent),m(()=>e.offsetParent.getBoundingClientRect()),m(({x:a})=>a)).subscribe({next(a){a?e.style.setProperty("--md-tooltip-0",`${-a}px`):e.style.removeProperty("--md-tooltip-0")},complete(){e.style.removeProperty("--md-tooltip-0")}}),d(n,"click").pipe(U(s),g(a=>!(a.metaKey||a.ctrlKey))).subscribe(a=>{a.stopPropagation(),a.preventDefault()}),d(n,"mousedown").pipe(U(s),ae(i)).subscribe(([a,{active:c}])=>{var p;if(a.button!==0||a.metaKey||a.ctrlKey)a.preventDefault();else if(c){a.preventDefault();let l=e.parentElement.closest(".md-annotation");l instanceof HTMLElement?l.focus():(p=Re())==null||p.blur()}}),r.pipe(U(s),g(a=>a===o),Ye(125)).subscribe(()=>e.focus()),Sa(e,t).pipe(y(a=>i.next(a)),_(()=>i.complete()),m(a=>F({ref:e},a)))})}function Oa(e){return e.tagName==="CODE"?R(".c, .c1, .cm",e):[e]}function Ma(e){let t=[];for(let r of Oa(e)){let o=[],n=document.createNodeIterator(r,NodeFilter.SHOW_TEXT);for(let i=n.nextNode();i;i=n.nextNode())o.push(i);for(let i of o){let s;for(;s=/(\(\d+\))(!)?/.exec(i.textContent);){let[,a,c]=s;if(typeof c=="undefined"){let p=i.splitText(s.index);i=p.splitText(a.length),t.push(p)}else{i.textContent=a,t.push(i);break}}}}return t}function yn(e,t){t.append(...Array.from(e.childNodes))}function lr(e,t,{target$:r,print$:o}){let n=t.closest("[id]"),i=n==null?void 0:n.id,s=new Map;for(let a of Ma(t)){let[,c]=a.textContent.match(/\((\d+)\)/);me(`:scope > li:nth-child(${c})`,e)&&(s.set(c,un(c,i)),a.replaceWith(s.get(c)))}return s.size===0?L:H(()=>{let a=new v,c=a.pipe(ee(),oe(!0)),p=[];for(let[l,f]of s)p.push([P(".md-typeset",f),P(`:scope > li:nth-child(${l})`,e)]);return o.pipe(U(c)).subscribe(l=>{e.hidden=!l,e.classList.toggle("md-annotation-list",l);for(let[f,u]of p)l?yn(f,u):yn(u,f)}),T(...[...s].map(([,l])=>xn(l,t,{target$:r}))).pipe(_(()=>a.complete()),le())})}function En(e){if(e.nextElementSibling){let t=e.nextElementSibling;if(t.tagName==="OL")return t;if(t.tagName==="P"&&!t.children.length)return En(t)}}function wn(e,t){return H(()=>{let r=En(e);return typeof r!="undefined"?lr(r,e,t):L})}var Tn=jt(zr());var La=0;function Sn(e){if(e.nextElementSibling){let t=e.nextElementSibling;if(t.tagName==="OL")return t;if(t.tagName==="P"&&!t.children.length)return Sn(t)}}function _a(e){return Ee(e).pipe(m(({width:t})=>({scrollable:xt(e).width>t})),X("scrollable"))}function On(e,t){let{matches:r}=matchMedia("(hover)"),o=H(()=>{let n=new v,i=n.pipe($r(1));n.subscribe(({scrollable:c})=>{c&&r?e.setAttribute("tabindex","0"):e.removeAttribute("tabindex")});let s=[];if(Tn.default.isSupported()&&(e.closest(".copy")||G("content.code.copy")&&!e.closest(".no-copy"))){let c=e.closest("pre");c.id=`__code_${La++}`;let p=dn(c.id);c.insertBefore(p,e),G("content.tooltips")&&s.push(Ge(p))}let a=e.closest(".highlight");if(a instanceof HTMLElement){let c=Sn(a);if(typeof c!="undefined"&&(a.classList.contains("annotate")||G("content.code.annotate"))){let p=lr(c,e,t);s.push(Ee(a).pipe(U(i),m(({width:l,height:f})=>l&&f),Y(),b(l=>l?p:L)))}}return _a(e).pipe(y(c=>n.next(c)),_(()=>n.complete()),m(c=>F({ref:e},c)),$e(...s))});return G("content.lazy")?yt(e).pipe(g(n=>n),ye(1),b(()=>o)):o}function Aa(e,{target$:t,print$:r}){let o=!0;return T(t.pipe(m(n=>n.closest("details:not([open])")),g(n=>e===n),m(()=>({action:"open",reveal:!0}))),r.pipe(g(n=>n||!o),y(()=>o=e.open),m(n=>({action:n?"open":"close"}))))}function Mn(e,t){return H(()=>{let r=new v;return r.subscribe(({action:o,reveal:n})=>{e.toggleAttribute("open",o==="open"),n&&e.scrollIntoView()}),Aa(e,t).pipe(y(o=>r.next(o)),_(()=>r.complete()),m(o=>F({ref:e},o)))})}var Ln=".node circle,.node ellipse,.node path,.node polygon,.node rect{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}marker{fill:var(--md-mermaid-edge-color)!important}.edgeLabel .label rect{fill:#0000}.label{color:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.label foreignObject{line-height:normal;overflow:visible}.label div .edgeLabel{color:var(--md-mermaid-label-fg-color)}.edgeLabel,.edgeLabel rect,.label div .edgeLabel{background-color:var(--md-mermaid-label-bg-color)}.edgeLabel,.edgeLabel rect{fill:var(--md-mermaid-label-bg-color);color:var(--md-mermaid-edge-color)}.edgePath .path,.flowchart-link{stroke:var(--md-mermaid-edge-color);stroke-width:.05rem}.edgePath .arrowheadPath{fill:var(--md-mermaid-edge-color);stroke:none}.cluster rect{fill:var(--md-default-fg-color--lightest);stroke:var(--md-default-fg-color--lighter)}.cluster span{color:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}g #flowchart-circleEnd,g #flowchart-circleStart,g #flowchart-crossEnd,g #flowchart-crossStart,g #flowchart-pointEnd,g #flowchart-pointStart{stroke:none}g.classGroup line,g.classGroup rect{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}g.classGroup text{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.classLabel .box{fill:var(--md-mermaid-label-bg-color);background-color:var(--md-mermaid-label-bg-color);opacity:1}.classLabel .label{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.node .divider{stroke:var(--md-mermaid-node-fg-color)}.relation{stroke:var(--md-mermaid-edge-color)}.cardinality{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.cardinality text{fill:inherit!important}defs #classDiagram-compositionEnd,defs #classDiagram-compositionStart,defs #classDiagram-dependencyEnd,defs #classDiagram-dependencyStart,defs #classDiagram-extensionEnd,defs #classDiagram-extensionStart{fill:var(--md-mermaid-edge-color)!important;stroke:var(--md-mermaid-edge-color)!important}defs #classDiagram-aggregationEnd,defs #classDiagram-aggregationStart{fill:var(--md-mermaid-label-bg-color)!important;stroke:var(--md-mermaid-edge-color)!important}g.stateGroup rect{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}g.stateGroup .state-title{fill:var(--md-mermaid-label-fg-color)!important;font-family:var(--md-mermaid-font-family)}g.stateGroup .composit{fill:var(--md-mermaid-label-bg-color)}.nodeLabel,.nodeLabel p{color:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.node circle.state-end,.node circle.state-start,.start-state{fill:var(--md-mermaid-edge-color);stroke:none}.end-state-inner,.end-state-outer{fill:var(--md-mermaid-edge-color)}.end-state-inner,.node circle.state-end{stroke:var(--md-mermaid-label-bg-color)}.transition{stroke:var(--md-mermaid-edge-color)}[id^=state-fork] rect,[id^=state-join] rect{fill:var(--md-mermaid-edge-color)!important;stroke:none!important}.statediagram-cluster.statediagram-cluster .inner{fill:var(--md-default-bg-color)}.statediagram-cluster rect{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}.statediagram-state rect.divider{fill:var(--md-default-fg-color--lightest);stroke:var(--md-default-fg-color--lighter)}defs #statediagram-barbEnd{stroke:var(--md-mermaid-edge-color)}.attributeBoxEven,.attributeBoxOdd{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}.entityBox{fill:var(--md-mermaid-label-bg-color);stroke:var(--md-mermaid-node-fg-color)}.entityLabel{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.relationshipLabelBox{fill:var(--md-mermaid-label-bg-color);fill-opacity:1;background-color:var(--md-mermaid-label-bg-color);opacity:1}.relationshipLabel{fill:var(--md-mermaid-label-fg-color)}.relationshipLine{stroke:var(--md-mermaid-edge-color)}defs #ONE_OR_MORE_END *,defs #ONE_OR_MORE_START *,defs #ONLY_ONE_END *,defs #ONLY_ONE_START *,defs #ZERO_OR_MORE_END *,defs #ZERO_OR_MORE_START *,defs #ZERO_OR_ONE_END *,defs #ZERO_OR_ONE_START *{stroke:var(--md-mermaid-edge-color)!important}defs #ZERO_OR_MORE_END circle,defs #ZERO_OR_MORE_START circle{fill:var(--md-mermaid-label-bg-color)}.actor{fill:var(--md-mermaid-sequence-actor-bg-color);stroke:var(--md-mermaid-sequence-actor-border-color)}text.actor>tspan{fill:var(--md-mermaid-sequence-actor-fg-color);font-family:var(--md-mermaid-font-family)}line{stroke:var(--md-mermaid-sequence-actor-line-color)}.actor-man circle,.actor-man line{fill:var(--md-mermaid-sequence-actorman-bg-color);stroke:var(--md-mermaid-sequence-actorman-line-color)}.messageLine0,.messageLine1{stroke:var(--md-mermaid-sequence-message-line-color)}.note{fill:var(--md-mermaid-sequence-note-bg-color);stroke:var(--md-mermaid-sequence-note-border-color)}.loopText,.loopText>tspan,.messageText,.noteText>tspan{stroke:none;font-family:var(--md-mermaid-font-family)!important}.messageText{fill:var(--md-mermaid-sequence-message-fg-color)}.loopText,.loopText>tspan{fill:var(--md-mermaid-sequence-loop-fg-color)}.noteText>tspan{fill:var(--md-mermaid-sequence-note-fg-color)}#arrowhead path{fill:var(--md-mermaid-sequence-message-line-color);stroke:none}.loopLine{fill:var(--md-mermaid-sequence-loop-bg-color);stroke:var(--md-mermaid-sequence-loop-border-color)}.labelBox{fill:var(--md-mermaid-sequence-label-bg-color);stroke:none}.labelText,.labelText>span{fill:var(--md-mermaid-sequence-label-fg-color);font-family:var(--md-mermaid-font-family)}.sequenceNumber{fill:var(--md-mermaid-sequence-number-fg-color)}rect.rect{fill:var(--md-mermaid-sequence-box-bg-color);stroke:none}rect.rect+text.text{fill:var(--md-mermaid-sequence-box-fg-color)}defs #sequencenumber{fill:var(--md-mermaid-sequence-number-bg-color)!important}";var qr,ka=0;function Ha(){return typeof mermaid=="undefined"||mermaid instanceof Element?gt("https://unpkg.com/mermaid@10.7.0/dist/mermaid.min.js"):$(void 0)}function _n(e){return e.classList.remove("mermaid"),qr||(qr=Ha().pipe(y(()=>mermaid.initialize({startOnLoad:!1,themeCSS:Ln,sequence:{actorFontSize:"16px",messageFontSize:"16px",noteFontSize:"16px"}})),m(()=>{}),B(1))),qr.subscribe(()=>ro(this,null,function*(){e.classList.add("mermaid");let t=`__mermaid_${ka++}`,r=E("div",{class:"mermaid"}),o=e.textContent,{svg:n,fn:i}=yield mermaid.render(t,o),s=r.attachShadow({mode:"closed"});s.innerHTML=n,e.replaceWith(r),i==null||i(s)})),qr.pipe(m(()=>({ref:e})))}var An=E("table");function Cn(e){return e.replaceWith(An),An.replaceWith(vn(e)),$({ref:e})}function $a(e){let t=e.find(r=>r.checked)||e[0];return T(...e.map(r=>d(r,"change").pipe(m(()=>P(`label[for="${r.id}"]`))))).pipe(q(P(`label[for="${t.id}"]`)),m(r=>({active:r})))}function kn(e,{viewport$:t,target$:r}){let o=P(".tabbed-labels",e),n=R(":scope > input",e),i=Nr("prev");e.append(i);let s=Nr("next");return e.append(s),H(()=>{let a=new v,c=a.pipe(ee(),oe(!0));Q([a,Ee(e)]).pipe(U(c),Me(1,de)).subscribe({next([{active:p},l]){let f=Ue(p),{width:u}=pe(p);e.style.setProperty("--md-indicator-x",`${f.x}px`),e.style.setProperty("--md-indicator-width",`${u}px`);let h=ir(o);(f.xh.x+l.width)&&o.scrollTo({left:Math.max(0,f.x-16),behavior:"smooth"})},complete(){e.style.removeProperty("--md-indicator-x"),e.style.removeProperty("--md-indicator-width")}}),Q([et(o),Ee(o)]).pipe(U(c)).subscribe(([p,l])=>{let f=xt(o);i.hidden=p.x<16,s.hidden=p.x>f.width-l.width-16}),T(d(i,"click").pipe(m(()=>-1)),d(s,"click").pipe(m(()=>1))).pipe(U(c)).subscribe(p=>{let{width:l}=pe(o);o.scrollBy({left:l*p,behavior:"smooth"})}),r.pipe(U(c),g(p=>n.includes(p))).subscribe(p=>p.click()),o.classList.add("tabbed-labels--linked");for(let p of n){let l=P(`label[for="${p.id}"]`);l.replaceChildren(E("a",{href:`#${l.htmlFor}`,tabIndex:-1},...Array.from(l.childNodes))),d(l.firstElementChild,"click").pipe(U(c),g(f=>!(f.metaKey||f.ctrlKey)),y(f=>{f.preventDefault(),f.stopPropagation()})).subscribe(()=>{history.replaceState({},"",`#${l.htmlFor}`),l.click()})}return G("content.tabs.link")&&a.pipe(Le(1),ae(t)).subscribe(([{active:p},{offset:l}])=>{let f=p.innerText.trim();if(p.hasAttribute("data-md-switching"))p.removeAttribute("data-md-switching");else{let u=e.offsetTop-l.y;for(let w of R("[data-tabs]"))for(let A of R(":scope > input",w)){let Z=P(`label[for="${A.id}"]`);if(Z!==p&&Z.innerText.trim()===f){Z.setAttribute("data-md-switching",""),A.click();break}}window.scrollTo({top:e.offsetTop-u});let h=__md_get("__tabs")||[];__md_set("__tabs",[...new Set([f,...h])])}}),a.pipe(U(c)).subscribe(()=>{for(let p of R("audio, video",e))p.pause()}),$a(n).pipe(y(p=>a.next(p)),_(()=>a.complete()),m(p=>F({ref:e},p)))}).pipe(ze(ie))}function Hn(e,{viewport$:t,target$:r,print$:o}){return T(...R(".annotate:not(.highlight)",e).map(n=>wn(n,{target$:r,print$:o})),...R("pre:not(.mermaid) > code",e).map(n=>On(n,{target$:r,print$:o})),...R("pre.mermaid",e).map(n=>_n(n)),...R("table:not([class])",e).map(n=>Cn(n)),...R("details",e).map(n=>Mn(n,{target$:r,print$:o})),...R("[data-tabs]",e).map(n=>kn(n,{viewport$:t,target$:r})),...R("[title]",e).filter(()=>G("content.tooltips")).map(n=>Ge(n)))}function Ra(e,{alert$:t}){return t.pipe(b(r=>T($(!0),$(!1).pipe(Ye(2e3))).pipe(m(o=>({message:r,active:o})))))}function $n(e,t){let r=P(".md-typeset",e);return H(()=>{let o=new v;return o.subscribe(({message:n,active:i})=>{e.classList.toggle("md-dialog--active",i),r.textContent=n}),Ra(e,t).pipe(y(n=>o.next(n)),_(()=>o.complete()),m(n=>F({ref:e},n)))})}function Pa({viewport$:e}){if(!G("header.autohide"))return $(!1);let t=e.pipe(m(({offset:{y:n}})=>n),Ke(2,1),m(([n,i])=>[nMath.abs(i-n.y)>100),m(([,[n]])=>n),Y()),o=We("search");return Q([e,o]).pipe(m(([{offset:n},i])=>n.y>400&&!i),Y(),b(n=>n?r:$(!1)),q(!1))}function Rn(e,t){return H(()=>Q([Ee(e),Pa(t)])).pipe(m(([{height:r},o])=>({height:r,hidden:o})),Y((r,o)=>r.height===o.height&&r.hidden===o.hidden),B(1))}function Pn(e,{header$:t,main$:r}){return H(()=>{let o=new v,n=o.pipe(ee(),oe(!0));o.pipe(X("active"),je(t)).subscribe(([{active:s},{hidden:a}])=>{e.classList.toggle("md-header--shadow",s&&!a),e.hidden=a});let i=fe(R("[title]",e)).pipe(g(()=>G("content.tooltips")),re(s=>Ge(s)));return r.subscribe(o),t.pipe(U(n),m(s=>F({ref:e},s)),$e(i.pipe(U(n))))})}function Ia(e,{viewport$:t,header$:r}){return pr(e,{viewport$:t,header$:r}).pipe(m(({offset:{y:o}})=>{let{height:n}=pe(e);return{active:o>=n}}),X("active"))}function In(e,t){return H(()=>{let r=new v;r.subscribe({next({active:n}){e.classList.toggle("md-header__title--active",n)},complete(){e.classList.remove("md-header__title--active")}});let o=me(".md-content h1");return typeof o=="undefined"?L:Ia(o,t).pipe(y(n=>r.next(n)),_(()=>r.complete()),m(n=>F({ref:e},n)))})}function Fn(e,{viewport$:t,header$:r}){let o=r.pipe(m(({height:i})=>i),Y()),n=o.pipe(b(()=>Ee(e).pipe(m(({height:i})=>({top:e.offsetTop,bottom:e.offsetTop+i})),X("bottom"))));return Q([o,n,t]).pipe(m(([i,{top:s,bottom:a},{offset:{y:c},size:{height:p}}])=>(p=Math.max(0,p-Math.max(0,s-c,i)-Math.max(0,p+c-a)),{offset:s-i,height:p,active:s-i<=c})),Y((i,s)=>i.offset===s.offset&&i.height===s.height&&i.active===s.active))}function Fa(e){let t=__md_get("__palette")||{index:e.findIndex(o=>matchMedia(o.getAttribute("data-md-color-media")).matches)},r=Math.max(0,Math.min(t.index,e.length-1));return $(...e).pipe(re(o=>d(o,"change").pipe(m(()=>o))),q(e[r]),m(o=>({index:e.indexOf(o),color:{media:o.getAttribute("data-md-color-media"),scheme:o.getAttribute("data-md-color-scheme"),primary:o.getAttribute("data-md-color-primary"),accent:o.getAttribute("data-md-color-accent")}})),B(1))}function jn(e){let t=R("input",e),r=E("meta",{name:"theme-color"});document.head.appendChild(r);let o=E("meta",{name:"color-scheme"});document.head.appendChild(o);let n=At("(prefers-color-scheme: light)");return H(()=>{let i=new v;return i.subscribe(s=>{if(document.body.setAttribute("data-md-color-switching",""),s.color.media==="(prefers-color-scheme)"){let a=matchMedia("(prefers-color-scheme: light)"),c=document.querySelector(a.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");s.color.scheme=c.getAttribute("data-md-color-scheme"),s.color.primary=c.getAttribute("data-md-color-primary"),s.color.accent=c.getAttribute("data-md-color-accent")}for(let[a,c]of Object.entries(s.color))document.body.setAttribute(`data-md-color-${a}`,c);for(let a=0;a{let s=Te("header"),a=window.getComputedStyle(s);return o.content=a.colorScheme,a.backgroundColor.match(/\d+/g).map(c=>(+c).toString(16).padStart(2,"0")).join("")})).subscribe(s=>r.content=`#${s}`),i.pipe(Oe(ie)).subscribe(()=>{document.body.removeAttribute("data-md-color-switching")}),Fa(t).pipe(U(n.pipe(Le(1))),at(),y(s=>i.next(s)),_(()=>i.complete()),m(s=>F({ref:e},s)))})}function Un(e,{progress$:t}){return H(()=>{let r=new v;return r.subscribe(({value:o})=>{e.style.setProperty("--md-progress-value",`${o}`)}),t.pipe(y(o=>r.next({value:o})),_(()=>r.complete()),m(o=>({ref:e,value:o})))})}var Kr=jt(zr());function ja(e){e.setAttribute("data-md-copying","");let t=e.closest("[data-copy]"),r=t?t.getAttribute("data-copy"):e.innerText;return e.removeAttribute("data-md-copying"),r.trimEnd()}function Wn({alert$:e}){Kr.default.isSupported()&&new j(t=>{new Kr.default("[data-clipboard-target], [data-clipboard-text]",{text:r=>r.getAttribute("data-clipboard-text")||ja(P(r.getAttribute("data-clipboard-target")))}).on("success",r=>t.next(r))}).pipe(y(t=>{t.trigger.focus()}),m(()=>ge("clipboard.copied"))).subscribe(e)}function Dn(e,t){return e.protocol=t.protocol,e.hostname=t.hostname,e}function Ua(e,t){let r=new Map;for(let o of R("url",e)){let n=P("loc",o),i=[Dn(new URL(n.textContent),t)];r.set(`${i[0]}`,i);for(let s of R("[rel=alternate]",o)){let a=s.getAttribute("href");a!=null&&i.push(Dn(new URL(a),t))}}return r}function mr(e){return on(new URL("sitemap.xml",e)).pipe(m(t=>Ua(t,new URL(e))),he(()=>$(new Map)))}function Wa(e,t){if(!(e.target instanceof Element))return L;let r=e.target.closest("a");if(r===null)return L;if(r.target||e.metaKey||e.ctrlKey)return L;let o=new URL(r.href);return o.search=o.hash="",t.has(`${o}`)?(e.preventDefault(),$(new URL(r.href))):L}function Nn(e){let t=new Map;for(let r of R(":scope > *",e.head))t.set(r.outerHTML,r);return t}function Vn(e){for(let t of R("[href], [src]",e))for(let r of["href","src"]){let o=t.getAttribute(r);if(o&&!/^(?:[a-z]+:)?\/\//i.test(o)){t[r]=t[r];break}}return $(e)}function Da(e){for(let o of["[data-md-component=announce]","[data-md-component=container]","[data-md-component=header-topic]","[data-md-component=outdated]","[data-md-component=logo]","[data-md-component=skip]",...G("navigation.tabs.sticky")?["[data-md-component=tabs]"]:[]]){let n=me(o),i=me(o,e);typeof n!="undefined"&&typeof i!="undefined"&&n.replaceWith(i)}let t=Nn(document);for(let[o,n]of Nn(e))t.has(o)?t.delete(o):document.head.appendChild(n);for(let o of t.values()){let n=o.getAttribute("name");n!=="theme-color"&&n!=="color-scheme"&&o.remove()}let r=Te("container");return Fe(R("script",r)).pipe(b(o=>{let n=e.createElement("script");if(o.src){for(let i of o.getAttributeNames())n.setAttribute(i,o.getAttribute(i));return o.replaceWith(n),new j(i=>{n.onload=()=>i.complete()})}else return n.textContent=o.textContent,o.replaceWith(n),L}),ee(),oe(document))}function zn({location$:e,viewport$:t,progress$:r}){let o=we();if(location.protocol==="file:")return L;let n=mr(o.base);$(document).subscribe(Vn);let i=d(document.body,"click").pipe(je(n),b(([c,p])=>Wa(c,p)),le()),s=d(window,"popstate").pipe(m(ve),le());i.pipe(ae(t)).subscribe(([c,{offset:p}])=>{history.replaceState(p,""),history.pushState(null,"",c)}),T(i,s).subscribe(e);let a=e.pipe(X("pathname"),b(c=>rn(c,{progress$:r}).pipe(he(()=>(st(c,!0),L)))),b(Vn),b(Da),le());return T(a.pipe(ae(e,(c,p)=>p)),e.pipe(X("pathname"),b(()=>e),X("hash")),e.pipe(Y((c,p)=>c.pathname===p.pathname&&c.hash===p.hash),b(()=>i),y(()=>history.back()))).subscribe(c=>{var p,l;history.state!==null||!c.hash?window.scrollTo(0,(l=(p=history.state)==null?void 0:p.y)!=null?l:0):(history.scrollRestoration="auto",Zo(c.hash),history.scrollRestoration="manual")}),e.subscribe(()=>{history.scrollRestoration="manual"}),d(window,"beforeunload").subscribe(()=>{history.scrollRestoration="auto"}),t.pipe(X("offset"),be(100)).subscribe(({offset:c})=>{history.replaceState(c,"")}),a}var Qn=jt(Kn());function Yn(e){let t=e.separator.split("|").map(n=>n.replace(/(\(\?[!=<][^)]+\))/g,"").length===0?"\uFFFD":n).join("|"),r=new RegExp(t,"img"),o=(n,i,s)=>`${i}${s}`;return n=>{n=n.replace(/[\s*+\-:~^]+/g," ").trim();let i=new RegExp(`(^|${e.separator}|)(${n.replace(/[|\\{}()[\]^$+*?.-]/g,"\\$&").replace(r,"|")})`,"img");return s=>(0,Qn.default)(s).replace(i,o).replace(/<\/mark>(\s+)]*>/img,"$1")}}function Ht(e){return e.type===1}function fr(e){return e.type===3}function Bn(e,t){let r=ln(e);return T($(location.protocol!=="file:"),We("search")).pipe(He(o=>o),b(()=>t)).subscribe(({config:o,docs:n})=>r.next({type:0,data:{config:o,docs:n,options:{suggest:G("search.suggest")}}})),r}function Gn({document$:e}){let t=we(),r=De(new URL("../versions.json",t.base)).pipe(he(()=>L)),o=r.pipe(m(n=>{let[,i]=t.base.match(/([^/]+)\/?$/);return n.find(({version:s,aliases:a})=>s===i||a.includes(i))||n[0]}));r.pipe(m(n=>new Map(n.map(i=>[`${new URL(`../${i.version}/`,t.base)}`,i]))),b(n=>d(document.body,"click").pipe(g(i=>!i.metaKey&&!i.ctrlKey),ae(o),b(([i,s])=>{if(i.target instanceof Element){let a=i.target.closest("a");if(a&&!a.target&&n.has(a.href)){let c=a.href;return!i.target.closest(".md-version")&&n.get(c)===s?L:(i.preventDefault(),$(c))}}return L}),b(i=>{let{version:s}=n.get(i);return mr(new URL(i)).pipe(m(a=>{let p=ve().href.replace(t.base,"");return a.has(p.split("#")[0])?new URL(`../${s}/${p}`,t.base):new URL(i)}))})))).subscribe(n=>st(n,!0)),Q([r,o]).subscribe(([n,i])=>{P(".md-header__topic").appendChild(gn(n,i))}),e.pipe(b(()=>o)).subscribe(n=>{var s;let i=__md_get("__outdated",sessionStorage);if(i===null){i=!0;let a=((s=t.version)==null?void 0:s.default)||"latest";Array.isArray(a)||(a=[a]);e:for(let c of a)for(let p of n.aliases.concat(n.version))if(new RegExp(c,"i").test(p)){i=!1;break e}__md_set("__outdated",i,sessionStorage)}if(i)for(let a of ne("outdated"))a.hidden=!1})}function Ka(e,{worker$:t}){let{searchParams:r}=ve();r.has("q")&&(Be("search",!0),e.value=r.get("q"),e.focus(),We("search").pipe(He(i=>!i)).subscribe(()=>{let i=ve();i.searchParams.delete("q"),history.replaceState({},"",`${i}`)}));let o=vt(e),n=T(t.pipe(He(Ht)),d(e,"keyup"),o).pipe(m(()=>e.value),Y());return Q([n,o]).pipe(m(([i,s])=>({value:i,focus:s})),B(1))}function Jn(e,{worker$:t}){let r=new v,o=r.pipe(ee(),oe(!0));Q([t.pipe(He(Ht)),r],(i,s)=>s).pipe(X("value")).subscribe(({value:i})=>t.next({type:2,data:i})),r.pipe(X("focus")).subscribe(({focus:i})=>{i&&Be("search",i)}),d(e.form,"reset").pipe(U(o)).subscribe(()=>e.focus());let n=P("header [for=__search]");return d(n,"click").subscribe(()=>e.focus()),Ka(e,{worker$:t}).pipe(y(i=>r.next(i)),_(()=>r.complete()),m(i=>F({ref:e},i)),B(1))}function Xn(e,{worker$:t,query$:r}){let o=new v,n=Yo(e.parentElement).pipe(g(Boolean)),i=e.parentElement,s=P(":scope > :first-child",e),a=P(":scope > :last-child",e);We("search").subscribe(l=>a.setAttribute("role",l?"list":"presentation")),o.pipe(ae(r),Ir(t.pipe(He(Ht)))).subscribe(([{items:l},{value:f}])=>{switch(l.length){case 0:s.textContent=f.length?ge("search.result.none"):ge("search.result.placeholder");break;case 1:s.textContent=ge("search.result.one");break;default:let u=ar(l.length);s.textContent=ge("search.result.other",u)}});let c=o.pipe(y(()=>a.innerHTML=""),b(({items:l})=>T($(...l.slice(0,10)),$(...l.slice(10)).pipe(Ke(4),jr(n),b(([f])=>f)))),m(hn),le());return c.subscribe(l=>a.appendChild(l)),c.pipe(re(l=>{let f=me("details",l);return typeof f=="undefined"?L:d(f,"toggle").pipe(U(o),m(()=>f))})).subscribe(l=>{l.open===!1&&l.offsetTop<=i.scrollTop&&i.scrollTo({top:l.offsetTop})}),t.pipe(g(fr),m(({data:l})=>l)).pipe(y(l=>o.next(l)),_(()=>o.complete()),m(l=>F({ref:e},l)))}function Qa(e,{query$:t}){return t.pipe(m(({value:r})=>{let o=ve();return o.hash="",r=r.replace(/\s+/g,"+").replace(/&/g,"%26").replace(/=/g,"%3D"),o.search=`q=${r}`,{url:o}}))}function Zn(e,t){let r=new v,o=r.pipe(ee(),oe(!0));return r.subscribe(({url:n})=>{e.setAttribute("data-clipboard-text",e.href),e.href=`${n}`}),d(e,"click").pipe(U(o)).subscribe(n=>n.preventDefault()),Qa(e,t).pipe(y(n=>r.next(n)),_(()=>r.complete()),m(n=>F({ref:e},n)))}function ei(e,{worker$:t,keyboard$:r}){let o=new v,n=Te("search-query"),i=T(d(n,"keydown"),d(n,"focus")).pipe(Oe(ie),m(()=>n.value),Y());return o.pipe(je(i),m(([{suggest:a},c])=>{let p=c.split(/([\s-]+)/);if(a!=null&&a.length&&p[p.length-1]){let l=a[a.length-1];l.startsWith(p[p.length-1])&&(p[p.length-1]=l)}else p.length=0;return p})).subscribe(a=>e.innerHTML=a.join("").replace(/\s/g," ")),r.pipe(g(({mode:a})=>a==="search")).subscribe(a=>{switch(a.type){case"ArrowRight":e.innerText.length&&n.selectionStart===n.value.length&&(n.value=e.innerText);break}}),t.pipe(g(fr),m(({data:a})=>a)).pipe(y(a=>o.next(a)),_(()=>o.complete()),m(()=>({ref:e})))}function ti(e,{index$:t,keyboard$:r}){let o=we();try{let n=Bn(o.search,t),i=Te("search-query",e),s=Te("search-result",e);d(e,"click").pipe(g(({target:c})=>c instanceof Element&&!!c.closest("a"))).subscribe(()=>Be("search",!1)),r.pipe(g(({mode:c})=>c==="search")).subscribe(c=>{let p=Re();switch(c.type){case"Enter":if(p===i){let l=new Map;for(let f of R(":first-child [href]",s)){let u=f.firstElementChild;l.set(f,parseFloat(u.getAttribute("data-md-score")))}if(l.size){let[[f]]=[...l].sort(([,u],[,h])=>h-u);f.click()}c.claim()}break;case"Escape":case"Tab":Be("search",!1),i.blur();break;case"ArrowUp":case"ArrowDown":if(typeof p=="undefined")i.focus();else{let l=[i,...R(":not(details) > [href], summary, details[open] [href]",s)],f=Math.max(0,(Math.max(0,l.indexOf(p))+l.length+(c.type==="ArrowUp"?-1:1))%l.length);l[f].focus()}c.claim();break;default:i!==Re()&&i.focus()}}),r.pipe(g(({mode:c})=>c==="global")).subscribe(c=>{switch(c.type){case"f":case"s":case"/":i.focus(),i.select(),c.claim();break}});let a=Jn(i,{worker$:n});return T(a,Xn(s,{worker$:n,query$:a})).pipe($e(...ne("search-share",e).map(c=>Zn(c,{query$:a})),...ne("search-suggest",e).map(c=>ei(c,{worker$:n,keyboard$:r}))))}catch(n){return e.hidden=!0,qe}}function ri(e,{index$:t,location$:r}){return Q([t,r.pipe(q(ve()),g(o=>!!o.searchParams.get("h")))]).pipe(m(([o,n])=>Yn(o.config)(n.searchParams.get("h"))),m(o=>{var s;let n=new Map,i=document.createNodeIterator(e,NodeFilter.SHOW_TEXT);for(let a=i.nextNode();a;a=i.nextNode())if((s=a.parentElement)!=null&&s.offsetHeight){let c=a.textContent,p=o(c);p.length>c.length&&n.set(a,p)}for(let[a,c]of n){let{childNodes:p}=E("span",null,c);a.replaceWith(...Array.from(p))}return{ref:e,nodes:n}}))}function Ya(e,{viewport$:t,main$:r}){let o=e.closest(".md-grid"),n=o.offsetTop-o.parentElement.offsetTop;return Q([r,t]).pipe(m(([{offset:i,height:s},{offset:{y:a}}])=>(s=s+Math.min(n,Math.max(0,a-i))-n,{height:s,locked:a>=i+n})),Y((i,s)=>i.height===s.height&&i.locked===s.locked))}function Qr(e,o){var n=o,{header$:t}=n,r=to(n,["header$"]);let i=P(".md-sidebar__scrollwrap",e),{y:s}=Ue(i);return H(()=>{let a=new v,c=a.pipe(ee(),oe(!0)),p=a.pipe(Me(0,de));return p.pipe(ae(t)).subscribe({next([{height:l},{height:f}]){i.style.height=`${l-2*s}px`,e.style.top=`${f}px`},complete(){i.style.height="",e.style.top=""}}),p.pipe(He()).subscribe(()=>{for(let l of R(".md-nav__link--active[href]",e)){if(!l.clientHeight)continue;let f=l.closest(".md-sidebar__scrollwrap");if(typeof f!="undefined"){let u=l.offsetTop-f.offsetTop,{height:h}=pe(f);f.scrollTo({top:u-h/2})}}}),fe(R("label[tabindex]",e)).pipe(re(l=>d(l,"click").pipe(Oe(ie),m(()=>l),U(c)))).subscribe(l=>{let f=P(`[id="${l.htmlFor}"]`);P(`[aria-labelledby="${l.id}"]`).setAttribute("aria-expanded",`${f.checked}`)}),Ya(e,r).pipe(y(l=>a.next(l)),_(()=>a.complete()),m(l=>F({ref:e},l)))})}function oi(e,t){if(typeof t!="undefined"){let r=`https://api.github.com/repos/${e}/${t}`;return Lt(De(`${r}/releases/latest`).pipe(he(()=>L),m(o=>({version:o.tag_name})),Qe({})),De(r).pipe(he(()=>L),m(o=>({stars:o.stargazers_count,forks:o.forks_count})),Qe({}))).pipe(m(([o,n])=>F(F({},o),n)))}else{let r=`https://api.github.com/users/${e}`;return De(r).pipe(m(o=>({repositories:o.public_repos})),Qe({}))}}function ni(e,t){let r=`https://${e}/api/v4/projects/${encodeURIComponent(t)}`;return De(r).pipe(he(()=>L),m(({star_count:o,forks_count:n})=>({stars:o,forks:n})),Qe({}))}function ii(e){let t=e.match(/^.+github\.com\/([^/]+)\/?([^/]+)?/i);if(t){let[,r,o]=t;return oi(r,o)}if(t=e.match(/^.+?([^/]*gitlab[^/]+)\/(.+?)\/?$/i),t){let[,r,o]=t;return ni(r,o)}return L}var Ba;function Ga(e){return Ba||(Ba=H(()=>{let t=__md_get("__source",sessionStorage);if(t)return $(t);if(ne("consent").length){let o=__md_get("__consent");if(!(o&&o.github))return L}return ii(e.href).pipe(y(o=>__md_set("__source",o,sessionStorage)))}).pipe(he(()=>L),g(t=>Object.keys(t).length>0),m(t=>({facts:t})),B(1)))}function ai(e){let t=P(":scope > :last-child",e);return H(()=>{let r=new v;return r.subscribe(({facts:o})=>{t.appendChild(bn(o)),t.classList.add("md-source__repository--active")}),Ga(e).pipe(y(o=>r.next(o)),_(()=>r.complete()),m(o=>F({ref:e},o)))})}function Ja(e,{viewport$:t,header$:r}){return Ee(document.body).pipe(b(()=>pr(e,{header$:r,viewport$:t})),m(({offset:{y:o}})=>({hidden:o>=10})),X("hidden"))}function si(e,t){return H(()=>{let r=new v;return r.subscribe({next({hidden:o}){e.hidden=o},complete(){e.hidden=!1}}),(G("navigation.tabs.sticky")?$({hidden:!1}):Ja(e,t)).pipe(y(o=>r.next(o)),_(()=>r.complete()),m(o=>F({ref:e},o)))})}function Xa(e,{viewport$:t,header$:r}){let o=new Map,n=R(".md-nav__link",e);for(let a of n){let c=decodeURIComponent(a.hash.substring(1)),p=me(`[id="${c}"]`);typeof p!="undefined"&&o.set(a,p)}let i=r.pipe(X("height"),m(({height:a})=>{let c=Te("main"),p=P(":scope > :first-child",c);return a+.8*(p.offsetTop-c.offsetTop)}),le());return Ee(document.body).pipe(X("height"),b(a=>H(()=>{let c=[];return $([...o].reduce((p,[l,f])=>{for(;c.length&&o.get(c[c.length-1]).tagName>=f.tagName;)c.pop();let u=f.offsetTop;for(;!u&&f.parentElement;)f=f.parentElement,u=f.offsetTop;let h=f.offsetParent;for(;h;h=h.offsetParent)u+=h.offsetTop;return p.set([...c=[...c,l]].reverse(),u)},new Map))}).pipe(m(c=>new Map([...c].sort(([,p],[,l])=>p-l))),je(i),b(([c,p])=>t.pipe(Rr(([l,f],{offset:{y:u},size:h})=>{let w=u+h.height>=Math.floor(a.height);for(;f.length;){let[,A]=f[0];if(A-p=u&&!w)f=[l.pop(),...f];else break}return[l,f]},[[],[...c]]),Y((l,f)=>l[0]===f[0]&&l[1]===f[1])))))).pipe(m(([a,c])=>({prev:a.map(([p])=>p),next:c.map(([p])=>p)})),q({prev:[],next:[]}),Ke(2,1),m(([a,c])=>a.prev.length{let i=new v,s=i.pipe(ee(),oe(!0));if(i.subscribe(({prev:a,next:c})=>{for(let[p]of c)p.classList.remove("md-nav__link--passed"),p.classList.remove("md-nav__link--active");for(let[p,[l]]of a.entries())l.classList.add("md-nav__link--passed"),l.classList.toggle("md-nav__link--active",p===a.length-1)}),G("toc.follow")){let a=T(t.pipe(be(1),m(()=>{})),t.pipe(be(250),m(()=>"smooth")));i.pipe(g(({prev:c})=>c.length>0),je(o.pipe(Oe(ie))),ae(a)).subscribe(([[{prev:c}],p])=>{let[l]=c[c.length-1];if(l.offsetHeight){let f=sr(l);if(typeof f!="undefined"){let u=l.offsetTop-f.offsetTop,{height:h}=pe(f);f.scrollTo({top:u-h/2,behavior:p})}}})}return G("navigation.tracking")&&t.pipe(U(s),X("offset"),be(250),Le(1),U(n.pipe(Le(1))),at({delay:250}),ae(i)).subscribe(([,{prev:a}])=>{let c=ve(),p=a[a.length-1];if(p&&p.length){let[l]=p,{hash:f}=new URL(l.href);c.hash!==f&&(c.hash=f,history.replaceState({},"",`${c}`))}else c.hash="",history.replaceState({},"",`${c}`)}),Xa(e,{viewport$:t,header$:r}).pipe(y(a=>i.next(a)),_(()=>i.complete()),m(a=>F({ref:e},a)))})}function Za(e,{viewport$:t,main$:r,target$:o}){let n=t.pipe(m(({offset:{y:s}})=>s),Ke(2,1),m(([s,a])=>s>a&&a>0),Y()),i=r.pipe(m(({active:s})=>s));return Q([i,n]).pipe(m(([s,a])=>!(s&&a)),Y(),U(o.pipe(Le(1))),oe(!0),at({delay:250}),m(s=>({hidden:s})))}function pi(e,{viewport$:t,header$:r,main$:o,target$:n}){let i=new v,s=i.pipe(ee(),oe(!0));return i.subscribe({next({hidden:a}){e.hidden=a,a?(e.setAttribute("tabindex","-1"),e.blur()):e.removeAttribute("tabindex")},complete(){e.style.top="",e.hidden=!0,e.removeAttribute("tabindex")}}),r.pipe(U(s),X("height")).subscribe(({height:a})=>{e.style.top=`${a+16}px`}),d(e,"click").subscribe(a=>{a.preventDefault(),window.scrollTo({top:0})}),Za(e,{viewport$:t,main$:o,target$:n}).pipe(y(a=>i.next(a)),_(()=>i.complete()),m(a=>F({ref:e},a)))}function li({document$:e}){e.pipe(b(()=>R(".md-ellipsis")),re(t=>yt(t).pipe(U(e.pipe(Le(1))),g(r=>r),m(()=>t),ye(1))),g(t=>t.offsetWidth{let r=t.innerText,o=t.closest("a")||t;return o.title=r,Ge(o).pipe(U(e.pipe(Le(1))),_(()=>o.removeAttribute("title")))})).subscribe(),e.pipe(b(()=>R(".md-status")),re(t=>Ge(t))).subscribe()}function mi({document$:e,tablet$:t}){e.pipe(b(()=>R(".md-toggle--indeterminate")),y(r=>{r.indeterminate=!0,r.checked=!1}),re(r=>d(r,"change").pipe(Fr(()=>r.classList.contains("md-toggle--indeterminate")),m(()=>r))),ae(t)).subscribe(([r,o])=>{r.classList.remove("md-toggle--indeterminate"),o&&(r.checked=!1)})}function es(){return/(iPad|iPhone|iPod)/.test(navigator.userAgent)}function fi({document$:e}){e.pipe(b(()=>R("[data-md-scrollfix]")),y(t=>t.removeAttribute("data-md-scrollfix")),g(es),re(t=>d(t,"touchstart").pipe(m(()=>t)))).subscribe(t=>{let r=t.scrollTop;r===0?t.scrollTop=1:r+t.offsetHeight===t.scrollHeight&&(t.scrollTop=r-1)})}function ui({viewport$:e,tablet$:t}){Q([We("search"),t]).pipe(m(([r,o])=>r&&!o),b(r=>$(r).pipe(Ye(r?400:100))),ae(e)).subscribe(([r,{offset:{y:o}}])=>{if(r)document.body.setAttribute("data-md-scrolllock",""),document.body.style.top=`-${o}px`;else{let n=-1*parseInt(document.body.style.top,10);document.body.removeAttribute("data-md-scrolllock"),document.body.style.top="",n&&window.scrollTo(0,n)}})}Object.entries||(Object.entries=function(e){let t=[];for(let r of Object.keys(e))t.push([r,e[r]]);return t});Object.values||(Object.values=function(e){let t=[];for(let r of Object.keys(e))t.push(e[r]);return t});typeof Element!="undefined"&&(Element.prototype.scrollTo||(Element.prototype.scrollTo=function(e,t){typeof e=="object"?(this.scrollLeft=e.left,this.scrollTop=e.top):(this.scrollLeft=e,this.scrollTop=t)}),Element.prototype.replaceWith||(Element.prototype.replaceWith=function(...e){let t=this.parentNode;if(t){e.length===0&&t.removeChild(this);for(let r=e.length-1;r>=0;r--){let o=e[r];typeof o=="string"?o=document.createTextNode(o):o.parentNode&&o.parentNode.removeChild(o),r?t.insertBefore(this.previousSibling,o):t.replaceChild(o,this)}}}));function ts(){return location.protocol==="file:"?gt(`${new URL("search/search_index.js",Yr.base)}`).pipe(m(()=>__index),B(1)):De(new URL("search/search_index.json",Yr.base))}document.documentElement.classList.remove("no-js");document.documentElement.classList.add("js");var rt=No(),Rt=Jo(),wt=en(Rt),Br=Go(),_e=pn(),ur=At("(min-width: 960px)"),hi=At("(min-width: 1220px)"),bi=tn(),Yr=we(),vi=document.forms.namedItem("search")?ts():qe,Gr=new v;Wn({alert$:Gr});var Jr=new v;G("navigation.instant")&&zn({location$:Rt,viewport$:_e,progress$:Jr}).subscribe(rt);var di;((di=Yr.version)==null?void 0:di.provider)==="mike"&&Gn({document$:rt});T(Rt,wt).pipe(Ye(125)).subscribe(()=>{Be("drawer",!1),Be("search",!1)});Br.pipe(g(({mode:e})=>e==="global")).subscribe(e=>{switch(e.type){case"p":case",":let t=me("link[rel=prev]");typeof t!="undefined"&&st(t);break;case"n":case".":let r=me("link[rel=next]");typeof r!="undefined"&&st(r);break;case"Enter":let o=Re();o instanceof HTMLLabelElement&&o.click()}});li({document$:rt});mi({document$:rt,tablet$:ur});fi({document$:rt});ui({viewport$:_e,tablet$:ur});var tt=Rn(Te("header"),{viewport$:_e}),$t=rt.pipe(m(()=>Te("main")),b(e=>Fn(e,{viewport$:_e,header$:tt})),B(1)),rs=T(...ne("consent").map(e=>fn(e,{target$:wt})),...ne("dialog").map(e=>$n(e,{alert$:Gr})),...ne("header").map(e=>Pn(e,{viewport$:_e,header$:tt,main$:$t})),...ne("palette").map(e=>jn(e)),...ne("progress").map(e=>Un(e,{progress$:Jr})),...ne("search").map(e=>ti(e,{index$:vi,keyboard$:Br})),...ne("source").map(e=>ai(e))),os=H(()=>T(...ne("announce").map(e=>mn(e)),...ne("content").map(e=>Hn(e,{viewport$:_e,target$:wt,print$:bi})),...ne("content").map(e=>G("search.highlight")?ri(e,{index$:vi,location$:Rt}):L),...ne("header-title").map(e=>In(e,{viewport$:_e,header$:tt})),...ne("sidebar").map(e=>e.getAttribute("data-md-type")==="navigation"?Ur(hi,()=>Qr(e,{viewport$:_e,header$:tt,main$:$t})):Ur(ur,()=>Qr(e,{viewport$:_e,header$:tt,main$:$t}))),...ne("tabs").map(e=>si(e,{viewport$:_e,header$:tt})),...ne("toc").map(e=>ci(e,{viewport$:_e,header$:tt,main$:$t,target$:wt})),...ne("top").map(e=>pi(e,{viewport$:_e,header$:tt,main$:$t,target$:wt})))),gi=rt.pipe(b(()=>os),$e(rs),B(1));gi.subscribe();window.document$=rt;window.location$=Rt;window.target$=wt;window.keyboard$=Br;window.viewport$=_e;window.tablet$=ur;window.screen$=hi;window.print$=bi;window.alert$=Gr;window.progress$=Jr;window.component$=gi;})(); +//# sourceMappingURL=bundle.c8d2eff1.min.js.map + diff --git a/assets/javascripts/bundle.c8d2eff1.min.js.map b/assets/javascripts/bundle.c8d2eff1.min.js.map new file mode 100644 index 00000000..fc522dba --- /dev/null +++ b/assets/javascripts/bundle.c8d2eff1.min.js.map @@ -0,0 +1,7 @@ +{ + "version": 3, + "sources": ["node_modules/focus-visible/dist/focus-visible.js", "node_modules/clipboard/dist/clipboard.js", "node_modules/escape-html/index.js", "src/templates/assets/javascripts/bundle.ts", "node_modules/rxjs/node_modules/tslib/tslib.es6.js", "node_modules/rxjs/src/internal/util/isFunction.ts", "node_modules/rxjs/src/internal/util/createErrorClass.ts", "node_modules/rxjs/src/internal/util/UnsubscriptionError.ts", "node_modules/rxjs/src/internal/util/arrRemove.ts", "node_modules/rxjs/src/internal/Subscription.ts", "node_modules/rxjs/src/internal/config.ts", "node_modules/rxjs/src/internal/scheduler/timeoutProvider.ts", "node_modules/rxjs/src/internal/util/reportUnhandledError.ts", "node_modules/rxjs/src/internal/util/noop.ts", "node_modules/rxjs/src/internal/NotificationFactories.ts", "node_modules/rxjs/src/internal/util/errorContext.ts", "node_modules/rxjs/src/internal/Subscriber.ts", "node_modules/rxjs/src/internal/symbol/observable.ts", "node_modules/rxjs/src/internal/util/identity.ts", "node_modules/rxjs/src/internal/util/pipe.ts", "node_modules/rxjs/src/internal/Observable.ts", "node_modules/rxjs/src/internal/util/lift.ts", "node_modules/rxjs/src/internal/operators/OperatorSubscriber.ts", "node_modules/rxjs/src/internal/scheduler/animationFrameProvider.ts", "node_modules/rxjs/src/internal/util/ObjectUnsubscribedError.ts", "node_modules/rxjs/src/internal/Subject.ts", "node_modules/rxjs/src/internal/scheduler/dateTimestampProvider.ts", "node_modules/rxjs/src/internal/ReplaySubject.ts", "node_modules/rxjs/src/internal/scheduler/Action.ts", "node_modules/rxjs/src/internal/scheduler/intervalProvider.ts", "node_modules/rxjs/src/internal/scheduler/AsyncAction.ts", "node_modules/rxjs/src/internal/Scheduler.ts", "node_modules/rxjs/src/internal/scheduler/AsyncScheduler.ts", "node_modules/rxjs/src/internal/scheduler/async.ts", "node_modules/rxjs/src/internal/scheduler/AnimationFrameAction.ts", "node_modules/rxjs/src/internal/scheduler/AnimationFrameScheduler.ts", "node_modules/rxjs/src/internal/scheduler/animationFrame.ts", "node_modules/rxjs/src/internal/observable/empty.ts", "node_modules/rxjs/src/internal/util/isScheduler.ts", "node_modules/rxjs/src/internal/util/args.ts", "node_modules/rxjs/src/internal/util/isArrayLike.ts", "node_modules/rxjs/src/internal/util/isPromise.ts", "node_modules/rxjs/src/internal/util/isInteropObservable.ts", "node_modules/rxjs/src/internal/util/isAsyncIterable.ts", "node_modules/rxjs/src/internal/util/throwUnobservableError.ts", "node_modules/rxjs/src/internal/symbol/iterator.ts", "node_modules/rxjs/src/internal/util/isIterable.ts", "node_modules/rxjs/src/internal/util/isReadableStreamLike.ts", "node_modules/rxjs/src/internal/observable/innerFrom.ts", "node_modules/rxjs/src/internal/util/executeSchedule.ts", "node_modules/rxjs/src/internal/operators/observeOn.ts", "node_modules/rxjs/src/internal/operators/subscribeOn.ts", "node_modules/rxjs/src/internal/scheduled/scheduleObservable.ts", "node_modules/rxjs/src/internal/scheduled/schedulePromise.ts", "node_modules/rxjs/src/internal/scheduled/scheduleArray.ts", "node_modules/rxjs/src/internal/scheduled/scheduleIterable.ts", "node_modules/rxjs/src/internal/scheduled/scheduleAsyncIterable.ts", "node_modules/rxjs/src/internal/scheduled/scheduleReadableStreamLike.ts", "node_modules/rxjs/src/internal/scheduled/scheduled.ts", "node_modules/rxjs/src/internal/observable/from.ts", "node_modules/rxjs/src/internal/observable/of.ts", "node_modules/rxjs/src/internal/observable/throwError.ts", "node_modules/rxjs/src/internal/util/EmptyError.ts", "node_modules/rxjs/src/internal/util/isDate.ts", "node_modules/rxjs/src/internal/operators/map.ts", "node_modules/rxjs/src/internal/util/mapOneOrManyArgs.ts", "node_modules/rxjs/src/internal/util/argsArgArrayOrObject.ts", "node_modules/rxjs/src/internal/util/createObject.ts", "node_modules/rxjs/src/internal/observable/combineLatest.ts", "node_modules/rxjs/src/internal/operators/mergeInternals.ts", "node_modules/rxjs/src/internal/operators/mergeMap.ts", "node_modules/rxjs/src/internal/operators/mergeAll.ts", "node_modules/rxjs/src/internal/operators/concatAll.ts", "node_modules/rxjs/src/internal/observable/concat.ts", "node_modules/rxjs/src/internal/observable/defer.ts", "node_modules/rxjs/src/internal/observable/fromEvent.ts", "node_modules/rxjs/src/internal/observable/fromEventPattern.ts", "node_modules/rxjs/src/internal/observable/timer.ts", "node_modules/rxjs/src/internal/observable/merge.ts", "node_modules/rxjs/src/internal/observable/never.ts", "node_modules/rxjs/src/internal/util/argsOrArgArray.ts", "node_modules/rxjs/src/internal/operators/filter.ts", "node_modules/rxjs/src/internal/observable/zip.ts", "node_modules/rxjs/src/internal/operators/audit.ts", "node_modules/rxjs/src/internal/operators/auditTime.ts", "node_modules/rxjs/src/internal/operators/bufferCount.ts", "node_modules/rxjs/src/internal/operators/catchError.ts", "node_modules/rxjs/src/internal/operators/scanInternals.ts", "node_modules/rxjs/src/internal/operators/combineLatest.ts", "node_modules/rxjs/src/internal/operators/combineLatestWith.ts", "node_modules/rxjs/src/internal/operators/debounceTime.ts", "node_modules/rxjs/src/internal/operators/defaultIfEmpty.ts", "node_modules/rxjs/src/internal/operators/take.ts", "node_modules/rxjs/src/internal/operators/ignoreElements.ts", "node_modules/rxjs/src/internal/operators/mapTo.ts", "node_modules/rxjs/src/internal/operators/delayWhen.ts", "node_modules/rxjs/src/internal/operators/delay.ts", "node_modules/rxjs/src/internal/operators/distinctUntilChanged.ts", "node_modules/rxjs/src/internal/operators/distinctUntilKeyChanged.ts", "node_modules/rxjs/src/internal/operators/throwIfEmpty.ts", "node_modules/rxjs/src/internal/operators/endWith.ts", "node_modules/rxjs/src/internal/operators/finalize.ts", "node_modules/rxjs/src/internal/operators/first.ts", "node_modules/rxjs/src/internal/operators/takeLast.ts", "node_modules/rxjs/src/internal/operators/merge.ts", "node_modules/rxjs/src/internal/operators/mergeWith.ts", "node_modules/rxjs/src/internal/operators/repeat.ts", "node_modules/rxjs/src/internal/operators/scan.ts", "node_modules/rxjs/src/internal/operators/share.ts", "node_modules/rxjs/src/internal/operators/shareReplay.ts", "node_modules/rxjs/src/internal/operators/skip.ts", "node_modules/rxjs/src/internal/operators/skipUntil.ts", "node_modules/rxjs/src/internal/operators/startWith.ts", "node_modules/rxjs/src/internal/operators/switchMap.ts", "node_modules/rxjs/src/internal/operators/takeUntil.ts", "node_modules/rxjs/src/internal/operators/takeWhile.ts", "node_modules/rxjs/src/internal/operators/tap.ts", "node_modules/rxjs/src/internal/operators/throttle.ts", "node_modules/rxjs/src/internal/operators/throttleTime.ts", "node_modules/rxjs/src/internal/operators/withLatestFrom.ts", "node_modules/rxjs/src/internal/operators/zip.ts", "node_modules/rxjs/src/internal/operators/zipWith.ts", "src/templates/assets/javascripts/browser/document/index.ts", "src/templates/assets/javascripts/browser/element/_/index.ts", "src/templates/assets/javascripts/browser/element/focus/index.ts", "src/templates/assets/javascripts/browser/element/hover/index.ts", "src/templates/assets/javascripts/browser/element/offset/_/index.ts", "src/templates/assets/javascripts/browser/element/offset/content/index.ts", "src/templates/assets/javascripts/utilities/h/index.ts", "src/templates/assets/javascripts/utilities/round/index.ts", "src/templates/assets/javascripts/browser/script/index.ts", "src/templates/assets/javascripts/browser/element/size/_/index.ts", "src/templates/assets/javascripts/browser/element/size/content/index.ts", "src/templates/assets/javascripts/browser/element/visibility/index.ts", "src/templates/assets/javascripts/browser/toggle/index.ts", "src/templates/assets/javascripts/browser/keyboard/index.ts", "src/templates/assets/javascripts/browser/location/_/index.ts", "src/templates/assets/javascripts/browser/location/hash/index.ts", "src/templates/assets/javascripts/browser/media/index.ts", "src/templates/assets/javascripts/browser/request/index.ts", "src/templates/assets/javascripts/browser/viewport/offset/index.ts", "src/templates/assets/javascripts/browser/viewport/size/index.ts", "src/templates/assets/javascripts/browser/viewport/_/index.ts", "src/templates/assets/javascripts/browser/viewport/at/index.ts", "src/templates/assets/javascripts/browser/worker/index.ts", "src/templates/assets/javascripts/_/index.ts", "src/templates/assets/javascripts/components/_/index.ts", "src/templates/assets/javascripts/components/announce/index.ts", "src/templates/assets/javascripts/components/consent/index.ts", "src/templates/assets/javascripts/templates/tooltip/index.tsx", "src/templates/assets/javascripts/templates/annotation/index.tsx", "src/templates/assets/javascripts/templates/clipboard/index.tsx", "src/templates/assets/javascripts/templates/search/index.tsx", "src/templates/assets/javascripts/templates/source/index.tsx", "src/templates/assets/javascripts/templates/tabbed/index.tsx", "src/templates/assets/javascripts/templates/table/index.tsx", "src/templates/assets/javascripts/templates/version/index.tsx", "src/templates/assets/javascripts/components/tooltip/index.ts", "src/templates/assets/javascripts/components/content/annotation/_/index.ts", "src/templates/assets/javascripts/components/content/annotation/list/index.ts", "src/templates/assets/javascripts/components/content/annotation/block/index.ts", "src/templates/assets/javascripts/components/content/code/_/index.ts", "src/templates/assets/javascripts/components/content/details/index.ts", "src/templates/assets/javascripts/components/content/mermaid/index.css", "src/templates/assets/javascripts/components/content/mermaid/index.ts", "src/templates/assets/javascripts/components/content/table/index.ts", "src/templates/assets/javascripts/components/content/tabs/index.ts", "src/templates/assets/javascripts/components/content/_/index.ts", "src/templates/assets/javascripts/components/dialog/index.ts", "src/templates/assets/javascripts/components/header/_/index.ts", "src/templates/assets/javascripts/components/header/title/index.ts", "src/templates/assets/javascripts/components/main/index.ts", "src/templates/assets/javascripts/components/palette/index.ts", "src/templates/assets/javascripts/components/progress/index.ts", "src/templates/assets/javascripts/integrations/clipboard/index.ts", "src/templates/assets/javascripts/integrations/sitemap/index.ts", "src/templates/assets/javascripts/integrations/instant/index.ts", "src/templates/assets/javascripts/integrations/search/highlighter/index.ts", "src/templates/assets/javascripts/integrations/search/worker/message/index.ts", "src/templates/assets/javascripts/integrations/search/worker/_/index.ts", "src/templates/assets/javascripts/integrations/version/index.ts", "src/templates/assets/javascripts/components/search/query/index.ts", "src/templates/assets/javascripts/components/search/result/index.ts", "src/templates/assets/javascripts/components/search/share/index.ts", "src/templates/assets/javascripts/components/search/suggest/index.ts", "src/templates/assets/javascripts/components/search/_/index.ts", "src/templates/assets/javascripts/components/search/highlight/index.ts", "src/templates/assets/javascripts/components/sidebar/index.ts", "src/templates/assets/javascripts/components/source/facts/github/index.ts", "src/templates/assets/javascripts/components/source/facts/gitlab/index.ts", "src/templates/assets/javascripts/components/source/facts/_/index.ts", "src/templates/assets/javascripts/components/source/_/index.ts", "src/templates/assets/javascripts/components/tabs/index.ts", "src/templates/assets/javascripts/components/toc/index.ts", "src/templates/assets/javascripts/components/top/index.ts", "src/templates/assets/javascripts/patches/ellipsis/index.ts", "src/templates/assets/javascripts/patches/indeterminate/index.ts", "src/templates/assets/javascripts/patches/scrollfix/index.ts", "src/templates/assets/javascripts/patches/scrolllock/index.ts", "src/templates/assets/javascripts/polyfills/index.ts"], + "sourcesContent": ["(function (global, factory) {\n typeof exports === 'object' && typeof module !== 'undefined' ? factory() :\n typeof define === 'function' && define.amd ? define(factory) :\n (factory());\n}(this, (function () { 'use strict';\n\n /**\n * Applies the :focus-visible polyfill at the given scope.\n * A scope in this case is either the top-level Document or a Shadow Root.\n *\n * @param {(Document|ShadowRoot)} scope\n * @see https://github.com/WICG/focus-visible\n */\n function applyFocusVisiblePolyfill(scope) {\n var hadKeyboardEvent = true;\n var hadFocusVisibleRecently = false;\n var hadFocusVisibleRecentlyTimeout = null;\n\n var inputTypesAllowlist = {\n text: true,\n search: true,\n url: true,\n tel: true,\n email: true,\n password: true,\n number: true,\n date: true,\n month: true,\n week: true,\n time: true,\n datetime: true,\n 'datetime-local': true\n };\n\n /**\n * Helper function for legacy browsers and iframes which sometimes focus\n * elements like document, body, and non-interactive SVG.\n * @param {Element} el\n */\n function isValidFocusTarget(el) {\n if (\n el &&\n el !== document &&\n el.nodeName !== 'HTML' &&\n el.nodeName !== 'BODY' &&\n 'classList' in el &&\n 'contains' in el.classList\n ) {\n return true;\n }\n return false;\n }\n\n /**\n * Computes whether the given element should automatically trigger the\n * `focus-visible` class being added, i.e. whether it should always match\n * `:focus-visible` when focused.\n * @param {Element} el\n * @return {boolean}\n */\n function focusTriggersKeyboardModality(el) {\n var type = el.type;\n var tagName = el.tagName;\n\n if (tagName === 'INPUT' && inputTypesAllowlist[type] && !el.readOnly) {\n return true;\n }\n\n if (tagName === 'TEXTAREA' && !el.readOnly) {\n return true;\n }\n\n if (el.isContentEditable) {\n return true;\n }\n\n return false;\n }\n\n /**\n * Add the `focus-visible` class to the given element if it was not added by\n * the author.\n * @param {Element} el\n */\n function addFocusVisibleClass(el) {\n if (el.classList.contains('focus-visible')) {\n return;\n }\n el.classList.add('focus-visible');\n el.setAttribute('data-focus-visible-added', '');\n }\n\n /**\n * Remove the `focus-visible` class from the given element if it was not\n * originally added by the author.\n * @param {Element} el\n */\n function removeFocusVisibleClass(el) {\n if (!el.hasAttribute('data-focus-visible-added')) {\n return;\n }\n el.classList.remove('focus-visible');\n el.removeAttribute('data-focus-visible-added');\n }\n\n /**\n * If the most recent user interaction was via the keyboard;\n * and the key press did not include a meta, alt/option, or control key;\n * then the modality is keyboard. Otherwise, the modality is not keyboard.\n * Apply `focus-visible` to any current active element and keep track\n * of our keyboard modality state with `hadKeyboardEvent`.\n * @param {KeyboardEvent} e\n */\n function onKeyDown(e) {\n if (e.metaKey || e.altKey || e.ctrlKey) {\n return;\n }\n\n if (isValidFocusTarget(scope.activeElement)) {\n addFocusVisibleClass(scope.activeElement);\n }\n\n hadKeyboardEvent = true;\n }\n\n /**\n * If at any point a user clicks with a pointing device, ensure that we change\n * the modality away from keyboard.\n * This avoids the situation where a user presses a key on an already focused\n * element, and then clicks on a different element, focusing it with a\n * pointing device, while we still think we're in keyboard modality.\n * @param {Event} e\n */\n function onPointerDown(e) {\n hadKeyboardEvent = false;\n }\n\n /**\n * On `focus`, add the `focus-visible` class to the target if:\n * - the target received focus as a result of keyboard navigation, or\n * - the event target is an element that will likely require interaction\n * via the keyboard (e.g. a text box)\n * @param {Event} e\n */\n function onFocus(e) {\n // Prevent IE from focusing the document or HTML element.\n if (!isValidFocusTarget(e.target)) {\n return;\n }\n\n if (hadKeyboardEvent || focusTriggersKeyboardModality(e.target)) {\n addFocusVisibleClass(e.target);\n }\n }\n\n /**\n * On `blur`, remove the `focus-visible` class from the target.\n * @param {Event} e\n */\n function onBlur(e) {\n if (!isValidFocusTarget(e.target)) {\n return;\n }\n\n if (\n e.target.classList.contains('focus-visible') ||\n e.target.hasAttribute('data-focus-visible-added')\n ) {\n // To detect a tab/window switch, we look for a blur event followed\n // rapidly by a visibility change.\n // If we don't see a visibility change within 100ms, it's probably a\n // regular focus change.\n hadFocusVisibleRecently = true;\n window.clearTimeout(hadFocusVisibleRecentlyTimeout);\n hadFocusVisibleRecentlyTimeout = window.setTimeout(function() {\n hadFocusVisibleRecently = false;\n }, 100);\n removeFocusVisibleClass(e.target);\n }\n }\n\n /**\n * If the user changes tabs, keep track of whether or not the previously\n * focused element had .focus-visible.\n * @param {Event} e\n */\n function onVisibilityChange(e) {\n if (document.visibilityState === 'hidden') {\n // If the tab becomes active again, the browser will handle calling focus\n // on the element (Safari actually calls it twice).\n // If this tab change caused a blur on an element with focus-visible,\n // re-apply the class when the user switches back to the tab.\n if (hadFocusVisibleRecently) {\n hadKeyboardEvent = true;\n }\n addInitialPointerMoveListeners();\n }\n }\n\n /**\n * Add a group of listeners to detect usage of any pointing devices.\n * These listeners will be added when the polyfill first loads, and anytime\n * the window is blurred, so that they are active when the window regains\n * focus.\n */\n function addInitialPointerMoveListeners() {\n document.addEventListener('mousemove', onInitialPointerMove);\n document.addEventListener('mousedown', onInitialPointerMove);\n document.addEventListener('mouseup', onInitialPointerMove);\n document.addEventListener('pointermove', onInitialPointerMove);\n document.addEventListener('pointerdown', onInitialPointerMove);\n document.addEventListener('pointerup', onInitialPointerMove);\n document.addEventListener('touchmove', onInitialPointerMove);\n document.addEventListener('touchstart', onInitialPointerMove);\n document.addEventListener('touchend', onInitialPointerMove);\n }\n\n function removeInitialPointerMoveListeners() {\n document.removeEventListener('mousemove', onInitialPointerMove);\n document.removeEventListener('mousedown', onInitialPointerMove);\n document.removeEventListener('mouseup', onInitialPointerMove);\n document.removeEventListener('pointermove', onInitialPointerMove);\n document.removeEventListener('pointerdown', onInitialPointerMove);\n document.removeEventListener('pointerup', onInitialPointerMove);\n document.removeEventListener('touchmove', onInitialPointerMove);\n document.removeEventListener('touchstart', onInitialPointerMove);\n document.removeEventListener('touchend', onInitialPointerMove);\n }\n\n /**\n * When the polfyill first loads, assume the user is in keyboard modality.\n * If any event is received from a pointing device (e.g. mouse, pointer,\n * touch), turn off keyboard modality.\n * This accounts for situations where focus enters the page from the URL bar.\n * @param {Event} e\n */\n function onInitialPointerMove(e) {\n // Work around a Safari quirk that fires a mousemove on whenever the\n // window blurs, even if you're tabbing out of the page. \u00AF\\_(\u30C4)_/\u00AF\n if (e.target.nodeName && e.target.nodeName.toLowerCase() === 'html') {\n return;\n }\n\n hadKeyboardEvent = false;\n removeInitialPointerMoveListeners();\n }\n\n // For some kinds of state, we are interested in changes at the global scope\n // only. For example, global pointer input, global key presses and global\n // visibility change should affect the state at every scope:\n document.addEventListener('keydown', onKeyDown, true);\n document.addEventListener('mousedown', onPointerDown, true);\n document.addEventListener('pointerdown', onPointerDown, true);\n document.addEventListener('touchstart', onPointerDown, true);\n document.addEventListener('visibilitychange', onVisibilityChange, true);\n\n addInitialPointerMoveListeners();\n\n // For focus and blur, we specifically care about state changes in the local\n // scope. This is because focus / blur events that originate from within a\n // shadow root are not re-dispatched from the host element if it was already\n // the active element in its own scope:\n scope.addEventListener('focus', onFocus, true);\n scope.addEventListener('blur', onBlur, true);\n\n // We detect that a node is a ShadowRoot by ensuring that it is a\n // DocumentFragment and also has a host property. This check covers native\n // implementation and polyfill implementation transparently. If we only cared\n // about the native implementation, we could just check if the scope was\n // an instance of a ShadowRoot.\n if (scope.nodeType === Node.DOCUMENT_FRAGMENT_NODE && scope.host) {\n // Since a ShadowRoot is a special kind of DocumentFragment, it does not\n // have a root element to add a class to. So, we add this attribute to the\n // host element instead:\n scope.host.setAttribute('data-js-focus-visible', '');\n } else if (scope.nodeType === Node.DOCUMENT_NODE) {\n document.documentElement.classList.add('js-focus-visible');\n document.documentElement.setAttribute('data-js-focus-visible', '');\n }\n }\n\n // It is important to wrap all references to global window and document in\n // these checks to support server-side rendering use cases\n // @see https://github.com/WICG/focus-visible/issues/199\n if (typeof window !== 'undefined' && typeof document !== 'undefined') {\n // Make the polyfill helper globally available. This can be used as a signal\n // to interested libraries that wish to coordinate with the polyfill for e.g.,\n // applying the polyfill to a shadow root:\n window.applyFocusVisiblePolyfill = applyFocusVisiblePolyfill;\n\n // Notify interested libraries of the polyfill's presence, in case the\n // polyfill was loaded lazily:\n var event;\n\n try {\n event = new CustomEvent('focus-visible-polyfill-ready');\n } catch (error) {\n // IE11 does not support using CustomEvent as a constructor directly:\n event = document.createEvent('CustomEvent');\n event.initCustomEvent('focus-visible-polyfill-ready', false, false, {});\n }\n\n window.dispatchEvent(event);\n }\n\n if (typeof document !== 'undefined') {\n // Apply the polyfill to the global document, so that no JavaScript\n // coordination is required to use the polyfill in the top-level document:\n applyFocusVisiblePolyfill(document);\n }\n\n})));\n", "/*!\n * clipboard.js v2.0.11\n * https://clipboardjs.com/\n *\n * Licensed MIT \u00A9 Zeno Rocha\n */\n(function webpackUniversalModuleDefinition(root, factory) {\n\tif(typeof exports === 'object' && typeof module === 'object')\n\t\tmodule.exports = factory();\n\telse if(typeof define === 'function' && define.amd)\n\t\tdefine([], factory);\n\telse if(typeof exports === 'object')\n\t\texports[\"ClipboardJS\"] = factory();\n\telse\n\t\troot[\"ClipboardJS\"] = factory();\n})(this, function() {\nreturn /******/ (function() { // webpackBootstrap\n/******/ \tvar __webpack_modules__ = ({\n\n/***/ 686:\n/***/ (function(__unused_webpack_module, __webpack_exports__, __webpack_require__) {\n\n\"use strict\";\n\n// EXPORTS\n__webpack_require__.d(__webpack_exports__, {\n \"default\": function() { return /* binding */ clipboard; }\n});\n\n// EXTERNAL MODULE: ./node_modules/tiny-emitter/index.js\nvar tiny_emitter = __webpack_require__(279);\nvar tiny_emitter_default = /*#__PURE__*/__webpack_require__.n(tiny_emitter);\n// EXTERNAL MODULE: ./node_modules/good-listener/src/listen.js\nvar listen = __webpack_require__(370);\nvar listen_default = /*#__PURE__*/__webpack_require__.n(listen);\n// EXTERNAL MODULE: ./node_modules/select/src/select.js\nvar src_select = __webpack_require__(817);\nvar select_default = /*#__PURE__*/__webpack_require__.n(src_select);\n;// CONCATENATED MODULE: ./src/common/command.js\n/**\n * Executes a given operation type.\n * @param {String} type\n * @return {Boolean}\n */\nfunction command(type) {\n try {\n return document.execCommand(type);\n } catch (err) {\n return false;\n }\n}\n;// CONCATENATED MODULE: ./src/actions/cut.js\n\n\n/**\n * Cut action wrapper.\n * @param {String|HTMLElement} target\n * @return {String}\n */\n\nvar ClipboardActionCut = function ClipboardActionCut(target) {\n var selectedText = select_default()(target);\n command('cut');\n return selectedText;\n};\n\n/* harmony default export */ var actions_cut = (ClipboardActionCut);\n;// CONCATENATED MODULE: ./src/common/create-fake-element.js\n/**\n * Creates a fake textarea element with a value.\n * @param {String} value\n * @return {HTMLElement}\n */\nfunction createFakeElement(value) {\n var isRTL = document.documentElement.getAttribute('dir') === 'rtl';\n var fakeElement = document.createElement('textarea'); // Prevent zooming on iOS\n\n fakeElement.style.fontSize = '12pt'; // Reset box model\n\n fakeElement.style.border = '0';\n fakeElement.style.padding = '0';\n fakeElement.style.margin = '0'; // Move element out of screen horizontally\n\n fakeElement.style.position = 'absolute';\n fakeElement.style[isRTL ? 'right' : 'left'] = '-9999px'; // Move element to the same position vertically\n\n var yPosition = window.pageYOffset || document.documentElement.scrollTop;\n fakeElement.style.top = \"\".concat(yPosition, \"px\");\n fakeElement.setAttribute('readonly', '');\n fakeElement.value = value;\n return fakeElement;\n}\n;// CONCATENATED MODULE: ./src/actions/copy.js\n\n\n\n/**\n * Create fake copy action wrapper using a fake element.\n * @param {String} target\n * @param {Object} options\n * @return {String}\n */\n\nvar fakeCopyAction = function fakeCopyAction(value, options) {\n var fakeElement = createFakeElement(value);\n options.container.appendChild(fakeElement);\n var selectedText = select_default()(fakeElement);\n command('copy');\n fakeElement.remove();\n return selectedText;\n};\n/**\n * Copy action wrapper.\n * @param {String|HTMLElement} target\n * @param {Object} options\n * @return {String}\n */\n\n\nvar ClipboardActionCopy = function ClipboardActionCopy(target) {\n var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {\n container: document.body\n };\n var selectedText = '';\n\n if (typeof target === 'string') {\n selectedText = fakeCopyAction(target, options);\n } else if (target instanceof HTMLInputElement && !['text', 'search', 'url', 'tel', 'password'].includes(target === null || target === void 0 ? void 0 : target.type)) {\n // If input type doesn't support `setSelectionRange`. Simulate it. https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/setSelectionRange\n selectedText = fakeCopyAction(target.value, options);\n } else {\n selectedText = select_default()(target);\n command('copy');\n }\n\n return selectedText;\n};\n\n/* harmony default export */ var actions_copy = (ClipboardActionCopy);\n;// CONCATENATED MODULE: ./src/actions/default.js\nfunction _typeof(obj) { \"@babel/helpers - typeof\"; if (typeof Symbol === \"function\" && typeof Symbol.iterator === \"symbol\") { _typeof = function _typeof(obj) { return typeof obj; }; } else { _typeof = function _typeof(obj) { return obj && typeof Symbol === \"function\" && obj.constructor === Symbol && obj !== Symbol.prototype ? \"symbol\" : typeof obj; }; } return _typeof(obj); }\n\n\n\n/**\n * Inner function which performs selection from either `text` or `target`\n * properties and then executes copy or cut operations.\n * @param {Object} options\n */\n\nvar ClipboardActionDefault = function ClipboardActionDefault() {\n var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};\n // Defines base properties passed from constructor.\n var _options$action = options.action,\n action = _options$action === void 0 ? 'copy' : _options$action,\n container = options.container,\n target = options.target,\n text = options.text; // Sets the `action` to be performed which can be either 'copy' or 'cut'.\n\n if (action !== 'copy' && action !== 'cut') {\n throw new Error('Invalid \"action\" value, use either \"copy\" or \"cut\"');\n } // Sets the `target` property using an element that will be have its content copied.\n\n\n if (target !== undefined) {\n if (target && _typeof(target) === 'object' && target.nodeType === 1) {\n if (action === 'copy' && target.hasAttribute('disabled')) {\n throw new Error('Invalid \"target\" attribute. Please use \"readonly\" instead of \"disabled\" attribute');\n }\n\n if (action === 'cut' && (target.hasAttribute('readonly') || target.hasAttribute('disabled'))) {\n throw new Error('Invalid \"target\" attribute. You can\\'t cut text from elements with \"readonly\" or \"disabled\" attributes');\n }\n } else {\n throw new Error('Invalid \"target\" value, use a valid Element');\n }\n } // Define selection strategy based on `text` property.\n\n\n if (text) {\n return actions_copy(text, {\n container: container\n });\n } // Defines which selection strategy based on `target` property.\n\n\n if (target) {\n return action === 'cut' ? actions_cut(target) : actions_copy(target, {\n container: container\n });\n }\n};\n\n/* harmony default export */ var actions_default = (ClipboardActionDefault);\n;// CONCATENATED MODULE: ./src/clipboard.js\nfunction clipboard_typeof(obj) { \"@babel/helpers - typeof\"; if (typeof Symbol === \"function\" && typeof Symbol.iterator === \"symbol\") { clipboard_typeof = function _typeof(obj) { return typeof obj; }; } else { clipboard_typeof = function _typeof(obj) { return obj && typeof Symbol === \"function\" && obj.constructor === Symbol && obj !== Symbol.prototype ? \"symbol\" : typeof obj; }; } return clipboard_typeof(obj); }\n\nfunction _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError(\"Cannot call a class as a function\"); } }\n\nfunction _defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if (\"value\" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } }\n\nfunction _createClass(Constructor, protoProps, staticProps) { if (protoProps) _defineProperties(Constructor.prototype, protoProps); if (staticProps) _defineProperties(Constructor, staticProps); return Constructor; }\n\nfunction _inherits(subClass, superClass) { if (typeof superClass !== \"function\" && superClass !== null) { throw new TypeError(\"Super expression must either be null or a function\"); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, writable: true, configurable: true } }); if (superClass) _setPrototypeOf(subClass, superClass); }\n\nfunction _setPrototypeOf(o, p) { _setPrototypeOf = Object.setPrototypeOf || function _setPrototypeOf(o, p) { o.__proto__ = p; return o; }; return _setPrototypeOf(o, p); }\n\nfunction _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }\n\nfunction _possibleConstructorReturn(self, call) { if (call && (clipboard_typeof(call) === \"object\" || typeof call === \"function\")) { return call; } return _assertThisInitialized(self); }\n\nfunction _assertThisInitialized(self) { if (self === void 0) { throw new ReferenceError(\"this hasn't been initialised - super() hasn't been called\"); } return self; }\n\nfunction _isNativeReflectConstruct() { if (typeof Reflect === \"undefined\" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === \"function\") return true; try { Date.prototype.toString.call(Reflect.construct(Date, [], function () {})); return true; } catch (e) { return false; } }\n\nfunction _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf : function _getPrototypeOf(o) { return o.__proto__ || Object.getPrototypeOf(o); }; return _getPrototypeOf(o); }\n\n\n\n\n\n\n/**\n * Helper function to retrieve attribute value.\n * @param {String} suffix\n * @param {Element} element\n */\n\nfunction getAttributeValue(suffix, element) {\n var attribute = \"data-clipboard-\".concat(suffix);\n\n if (!element.hasAttribute(attribute)) {\n return;\n }\n\n return element.getAttribute(attribute);\n}\n/**\n * Base class which takes one or more elements, adds event listeners to them,\n * and instantiates a new `ClipboardAction` on each click.\n */\n\n\nvar Clipboard = /*#__PURE__*/function (_Emitter) {\n _inherits(Clipboard, _Emitter);\n\n var _super = _createSuper(Clipboard);\n\n /**\n * @param {String|HTMLElement|HTMLCollection|NodeList} trigger\n * @param {Object} options\n */\n function Clipboard(trigger, options) {\n var _this;\n\n _classCallCheck(this, Clipboard);\n\n _this = _super.call(this);\n\n _this.resolveOptions(options);\n\n _this.listenClick(trigger);\n\n return _this;\n }\n /**\n * Defines if attributes would be resolved using internal setter functions\n * or custom functions that were passed in the constructor.\n * @param {Object} options\n */\n\n\n _createClass(Clipboard, [{\n key: \"resolveOptions\",\n value: function resolveOptions() {\n var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};\n this.action = typeof options.action === 'function' ? options.action : this.defaultAction;\n this.target = typeof options.target === 'function' ? options.target : this.defaultTarget;\n this.text = typeof options.text === 'function' ? options.text : this.defaultText;\n this.container = clipboard_typeof(options.container) === 'object' ? options.container : document.body;\n }\n /**\n * Adds a click event listener to the passed trigger.\n * @param {String|HTMLElement|HTMLCollection|NodeList} trigger\n */\n\n }, {\n key: \"listenClick\",\n value: function listenClick(trigger) {\n var _this2 = this;\n\n this.listener = listen_default()(trigger, 'click', function (e) {\n return _this2.onClick(e);\n });\n }\n /**\n * Defines a new `ClipboardAction` on each click event.\n * @param {Event} e\n */\n\n }, {\n key: \"onClick\",\n value: function onClick(e) {\n var trigger = e.delegateTarget || e.currentTarget;\n var action = this.action(trigger) || 'copy';\n var text = actions_default({\n action: action,\n container: this.container,\n target: this.target(trigger),\n text: this.text(trigger)\n }); // Fires an event based on the copy operation result.\n\n this.emit(text ? 'success' : 'error', {\n action: action,\n text: text,\n trigger: trigger,\n clearSelection: function clearSelection() {\n if (trigger) {\n trigger.focus();\n }\n\n window.getSelection().removeAllRanges();\n }\n });\n }\n /**\n * Default `action` lookup function.\n * @param {Element} trigger\n */\n\n }, {\n key: \"defaultAction\",\n value: function defaultAction(trigger) {\n return getAttributeValue('action', trigger);\n }\n /**\n * Default `target` lookup function.\n * @param {Element} trigger\n */\n\n }, {\n key: \"defaultTarget\",\n value: function defaultTarget(trigger) {\n var selector = getAttributeValue('target', trigger);\n\n if (selector) {\n return document.querySelector(selector);\n }\n }\n /**\n * Allow fire programmatically a copy action\n * @param {String|HTMLElement} target\n * @param {Object} options\n * @returns Text copied.\n */\n\n }, {\n key: \"defaultText\",\n\n /**\n * Default `text` lookup function.\n * @param {Element} trigger\n */\n value: function defaultText(trigger) {\n return getAttributeValue('text', trigger);\n }\n /**\n * Destroy lifecycle.\n */\n\n }, {\n key: \"destroy\",\n value: function destroy() {\n this.listener.destroy();\n }\n }], [{\n key: \"copy\",\n value: function copy(target) {\n var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {\n container: document.body\n };\n return actions_copy(target, options);\n }\n /**\n * Allow fire programmatically a cut action\n * @param {String|HTMLElement} target\n * @returns Text cutted.\n */\n\n }, {\n key: \"cut\",\n value: function cut(target) {\n return actions_cut(target);\n }\n /**\n * Returns the support of the given action, or all actions if no action is\n * given.\n * @param {String} [action]\n */\n\n }, {\n key: \"isSupported\",\n value: function isSupported() {\n var action = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : ['copy', 'cut'];\n var actions = typeof action === 'string' ? [action] : action;\n var support = !!document.queryCommandSupported;\n actions.forEach(function (action) {\n support = support && !!document.queryCommandSupported(action);\n });\n return support;\n }\n }]);\n\n return Clipboard;\n}((tiny_emitter_default()));\n\n/* harmony default export */ var clipboard = (Clipboard);\n\n/***/ }),\n\n/***/ 828:\n/***/ (function(module) {\n\nvar DOCUMENT_NODE_TYPE = 9;\n\n/**\n * A polyfill for Element.matches()\n */\nif (typeof Element !== 'undefined' && !Element.prototype.matches) {\n var proto = Element.prototype;\n\n proto.matches = proto.matchesSelector ||\n proto.mozMatchesSelector ||\n proto.msMatchesSelector ||\n proto.oMatchesSelector ||\n proto.webkitMatchesSelector;\n}\n\n/**\n * Finds the closest parent that matches a selector.\n *\n * @param {Element} element\n * @param {String} selector\n * @return {Function}\n */\nfunction closest (element, selector) {\n while (element && element.nodeType !== DOCUMENT_NODE_TYPE) {\n if (typeof element.matches === 'function' &&\n element.matches(selector)) {\n return element;\n }\n element = element.parentNode;\n }\n}\n\nmodule.exports = closest;\n\n\n/***/ }),\n\n/***/ 438:\n/***/ (function(module, __unused_webpack_exports, __webpack_require__) {\n\nvar closest = __webpack_require__(828);\n\n/**\n * Delegates event to a selector.\n *\n * @param {Element} element\n * @param {String} selector\n * @param {String} type\n * @param {Function} callback\n * @param {Boolean} useCapture\n * @return {Object}\n */\nfunction _delegate(element, selector, type, callback, useCapture) {\n var listenerFn = listener.apply(this, arguments);\n\n element.addEventListener(type, listenerFn, useCapture);\n\n return {\n destroy: function() {\n element.removeEventListener(type, listenerFn, useCapture);\n }\n }\n}\n\n/**\n * Delegates event to a selector.\n *\n * @param {Element|String|Array} [elements]\n * @param {String} selector\n * @param {String} type\n * @param {Function} callback\n * @param {Boolean} useCapture\n * @return {Object}\n */\nfunction delegate(elements, selector, type, callback, useCapture) {\n // Handle the regular Element usage\n if (typeof elements.addEventListener === 'function') {\n return _delegate.apply(null, arguments);\n }\n\n // Handle Element-less usage, it defaults to global delegation\n if (typeof type === 'function') {\n // Use `document` as the first parameter, then apply arguments\n // This is a short way to .unshift `arguments` without running into deoptimizations\n return _delegate.bind(null, document).apply(null, arguments);\n }\n\n // Handle Selector-based usage\n if (typeof elements === 'string') {\n elements = document.querySelectorAll(elements);\n }\n\n // Handle Array-like based usage\n return Array.prototype.map.call(elements, function (element) {\n return _delegate(element, selector, type, callback, useCapture);\n });\n}\n\n/**\n * Finds closest match and invokes callback.\n *\n * @param {Element} element\n * @param {String} selector\n * @param {String} type\n * @param {Function} callback\n * @return {Function}\n */\nfunction listener(element, selector, type, callback) {\n return function(e) {\n e.delegateTarget = closest(e.target, selector);\n\n if (e.delegateTarget) {\n callback.call(element, e);\n }\n }\n}\n\nmodule.exports = delegate;\n\n\n/***/ }),\n\n/***/ 879:\n/***/ (function(__unused_webpack_module, exports) {\n\n/**\n * Check if argument is a HTML element.\n *\n * @param {Object} value\n * @return {Boolean}\n */\nexports.node = function(value) {\n return value !== undefined\n && value instanceof HTMLElement\n && value.nodeType === 1;\n};\n\n/**\n * Check if argument is a list of HTML elements.\n *\n * @param {Object} value\n * @return {Boolean}\n */\nexports.nodeList = function(value) {\n var type = Object.prototype.toString.call(value);\n\n return value !== undefined\n && (type === '[object NodeList]' || type === '[object HTMLCollection]')\n && ('length' in value)\n && (value.length === 0 || exports.node(value[0]));\n};\n\n/**\n * Check if argument is a string.\n *\n * @param {Object} value\n * @return {Boolean}\n */\nexports.string = function(value) {\n return typeof value === 'string'\n || value instanceof String;\n};\n\n/**\n * Check if argument is a function.\n *\n * @param {Object} value\n * @return {Boolean}\n */\nexports.fn = function(value) {\n var type = Object.prototype.toString.call(value);\n\n return type === '[object Function]';\n};\n\n\n/***/ }),\n\n/***/ 370:\n/***/ (function(module, __unused_webpack_exports, __webpack_require__) {\n\nvar is = __webpack_require__(879);\nvar delegate = __webpack_require__(438);\n\n/**\n * Validates all params and calls the right\n * listener function based on its target type.\n *\n * @param {String|HTMLElement|HTMLCollection|NodeList} target\n * @param {String} type\n * @param {Function} callback\n * @return {Object}\n */\nfunction listen(target, type, callback) {\n if (!target && !type && !callback) {\n throw new Error('Missing required arguments');\n }\n\n if (!is.string(type)) {\n throw new TypeError('Second argument must be a String');\n }\n\n if (!is.fn(callback)) {\n throw new TypeError('Third argument must be a Function');\n }\n\n if (is.node(target)) {\n return listenNode(target, type, callback);\n }\n else if (is.nodeList(target)) {\n return listenNodeList(target, type, callback);\n }\n else if (is.string(target)) {\n return listenSelector(target, type, callback);\n }\n else {\n throw new TypeError('First argument must be a String, HTMLElement, HTMLCollection, or NodeList');\n }\n}\n\n/**\n * Adds an event listener to a HTML element\n * and returns a remove listener function.\n *\n * @param {HTMLElement} node\n * @param {String} type\n * @param {Function} callback\n * @return {Object}\n */\nfunction listenNode(node, type, callback) {\n node.addEventListener(type, callback);\n\n return {\n destroy: function() {\n node.removeEventListener(type, callback);\n }\n }\n}\n\n/**\n * Add an event listener to a list of HTML elements\n * and returns a remove listener function.\n *\n * @param {NodeList|HTMLCollection} nodeList\n * @param {String} type\n * @param {Function} callback\n * @return {Object}\n */\nfunction listenNodeList(nodeList, type, callback) {\n Array.prototype.forEach.call(nodeList, function(node) {\n node.addEventListener(type, callback);\n });\n\n return {\n destroy: function() {\n Array.prototype.forEach.call(nodeList, function(node) {\n node.removeEventListener(type, callback);\n });\n }\n }\n}\n\n/**\n * Add an event listener to a selector\n * and returns a remove listener function.\n *\n * @param {String} selector\n * @param {String} type\n * @param {Function} callback\n * @return {Object}\n */\nfunction listenSelector(selector, type, callback) {\n return delegate(document.body, selector, type, callback);\n}\n\nmodule.exports = listen;\n\n\n/***/ }),\n\n/***/ 817:\n/***/ (function(module) {\n\nfunction select(element) {\n var selectedText;\n\n if (element.nodeName === 'SELECT') {\n element.focus();\n\n selectedText = element.value;\n }\n else if (element.nodeName === 'INPUT' || element.nodeName === 'TEXTAREA') {\n var isReadOnly = element.hasAttribute('readonly');\n\n if (!isReadOnly) {\n element.setAttribute('readonly', '');\n }\n\n element.select();\n element.setSelectionRange(0, element.value.length);\n\n if (!isReadOnly) {\n element.removeAttribute('readonly');\n }\n\n selectedText = element.value;\n }\n else {\n if (element.hasAttribute('contenteditable')) {\n element.focus();\n }\n\n var selection = window.getSelection();\n var range = document.createRange();\n\n range.selectNodeContents(element);\n selection.removeAllRanges();\n selection.addRange(range);\n\n selectedText = selection.toString();\n }\n\n return selectedText;\n}\n\nmodule.exports = select;\n\n\n/***/ }),\n\n/***/ 279:\n/***/ (function(module) {\n\nfunction E () {\n // Keep this empty so it's easier to inherit from\n // (via https://github.com/lipsmack from https://github.com/scottcorgan/tiny-emitter/issues/3)\n}\n\nE.prototype = {\n on: function (name, callback, ctx) {\n var e = this.e || (this.e = {});\n\n (e[name] || (e[name] = [])).push({\n fn: callback,\n ctx: ctx\n });\n\n return this;\n },\n\n once: function (name, callback, ctx) {\n var self = this;\n function listener () {\n self.off(name, listener);\n callback.apply(ctx, arguments);\n };\n\n listener._ = callback\n return this.on(name, listener, ctx);\n },\n\n emit: function (name) {\n var data = [].slice.call(arguments, 1);\n var evtArr = ((this.e || (this.e = {}))[name] || []).slice();\n var i = 0;\n var len = evtArr.length;\n\n for (i; i < len; i++) {\n evtArr[i].fn.apply(evtArr[i].ctx, data);\n }\n\n return this;\n },\n\n off: function (name, callback) {\n var e = this.e || (this.e = {});\n var evts = e[name];\n var liveEvents = [];\n\n if (evts && callback) {\n for (var i = 0, len = evts.length; i < len; i++) {\n if (evts[i].fn !== callback && evts[i].fn._ !== callback)\n liveEvents.push(evts[i]);\n }\n }\n\n // Remove event from queue to prevent memory leak\n // Suggested by https://github.com/lazd\n // Ref: https://github.com/scottcorgan/tiny-emitter/commit/c6ebfaa9bc973b33d110a84a307742b7cf94c953#commitcomment-5024910\n\n (liveEvents.length)\n ? e[name] = liveEvents\n : delete e[name];\n\n return this;\n }\n};\n\nmodule.exports = E;\nmodule.exports.TinyEmitter = E;\n\n\n/***/ })\n\n/******/ \t});\n/************************************************************************/\n/******/ \t// The module cache\n/******/ \tvar __webpack_module_cache__ = {};\n/******/ \t\n/******/ \t// The require function\n/******/ \tfunction __webpack_require__(moduleId) {\n/******/ \t\t// Check if module is in cache\n/******/ \t\tif(__webpack_module_cache__[moduleId]) {\n/******/ \t\t\treturn __webpack_module_cache__[moduleId].exports;\n/******/ \t\t}\n/******/ \t\t// Create a new module (and put it into the cache)\n/******/ \t\tvar module = __webpack_module_cache__[moduleId] = {\n/******/ \t\t\t// no module.id needed\n/******/ \t\t\t// no module.loaded needed\n/******/ \t\t\texports: {}\n/******/ \t\t};\n/******/ \t\n/******/ \t\t// Execute the module function\n/******/ \t\t__webpack_modules__[moduleId](module, module.exports, __webpack_require__);\n/******/ \t\n/******/ \t\t// Return the exports of the module\n/******/ \t\treturn module.exports;\n/******/ \t}\n/******/ \t\n/************************************************************************/\n/******/ \t/* webpack/runtime/compat get default export */\n/******/ \t!function() {\n/******/ \t\t// getDefaultExport function for compatibility with non-harmony modules\n/******/ \t\t__webpack_require__.n = function(module) {\n/******/ \t\t\tvar getter = module && module.__esModule ?\n/******/ \t\t\t\tfunction() { return module['default']; } :\n/******/ \t\t\t\tfunction() { return module; };\n/******/ \t\t\t__webpack_require__.d(getter, { a: getter });\n/******/ \t\t\treturn getter;\n/******/ \t\t};\n/******/ \t}();\n/******/ \t\n/******/ \t/* webpack/runtime/define property getters */\n/******/ \t!function() {\n/******/ \t\t// define getter functions for harmony exports\n/******/ \t\t__webpack_require__.d = function(exports, definition) {\n/******/ \t\t\tfor(var key in definition) {\n/******/ \t\t\t\tif(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {\n/******/ \t\t\t\t\tObject.defineProperty(exports, key, { enumerable: true, get: definition[key] });\n/******/ \t\t\t\t}\n/******/ \t\t\t}\n/******/ \t\t};\n/******/ \t}();\n/******/ \t\n/******/ \t/* webpack/runtime/hasOwnProperty shorthand */\n/******/ \t!function() {\n/******/ \t\t__webpack_require__.o = function(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); }\n/******/ \t}();\n/******/ \t\n/************************************************************************/\n/******/ \t// module exports must be returned from runtime so entry inlining is disabled\n/******/ \t// startup\n/******/ \t// Load entry module and return exports\n/******/ \treturn __webpack_require__(686);\n/******/ })()\n.default;\n});", "/*!\n * escape-html\n * Copyright(c) 2012-2013 TJ Holowaychuk\n * Copyright(c) 2015 Andreas Lubbe\n * Copyright(c) 2015 Tiancheng \"Timothy\" Gu\n * MIT Licensed\n */\n\n'use strict';\n\n/**\n * Module variables.\n * @private\n */\n\nvar matchHtmlRegExp = /[\"'&<>]/;\n\n/**\n * Module exports.\n * @public\n */\n\nmodule.exports = escapeHtml;\n\n/**\n * Escape special characters in the given string of html.\n *\n * @param {string} string The string to escape for inserting into HTML\n * @return {string}\n * @public\n */\n\nfunction escapeHtml(string) {\n var str = '' + string;\n var match = matchHtmlRegExp.exec(str);\n\n if (!match) {\n return str;\n }\n\n var escape;\n var html = '';\n var index = 0;\n var lastIndex = 0;\n\n for (index = match.index; index < str.length; index++) {\n switch (str.charCodeAt(index)) {\n case 34: // \"\n escape = '"';\n break;\n case 38: // &\n escape = '&';\n break;\n case 39: // '\n escape = ''';\n break;\n case 60: // <\n escape = '<';\n break;\n case 62: // >\n escape = '>';\n break;\n default:\n continue;\n }\n\n if (lastIndex !== index) {\n html += str.substring(lastIndex, index);\n }\n\n lastIndex = index + 1;\n html += escape;\n }\n\n return lastIndex !== index\n ? html + str.substring(lastIndex, index)\n : html;\n}\n", "/*\n * Copyright (c) 2016-2024 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport \"focus-visible\"\n\nimport {\n EMPTY,\n NEVER,\n Observable,\n Subject,\n defer,\n delay,\n filter,\n map,\n merge,\n mergeWith,\n shareReplay,\n switchMap\n} from \"rxjs\"\n\nimport { configuration, feature } from \"./_\"\nimport {\n at,\n getActiveElement,\n getOptionalElement,\n requestJSON,\n setLocation,\n setToggle,\n watchDocument,\n watchKeyboard,\n watchLocation,\n watchLocationTarget,\n watchMedia,\n watchPrint,\n watchScript,\n watchViewport\n} from \"./browser\"\nimport {\n getComponentElement,\n getComponentElements,\n mountAnnounce,\n mountBackToTop,\n mountConsent,\n mountContent,\n mountDialog,\n mountHeader,\n mountHeaderTitle,\n mountPalette,\n mountProgress,\n mountSearch,\n mountSearchHiglight,\n mountSidebar,\n mountSource,\n mountTableOfContents,\n mountTabs,\n watchHeader,\n watchMain\n} from \"./components\"\nimport {\n SearchIndex,\n setupClipboardJS,\n setupInstantNavigation,\n setupVersionSelector\n} from \"./integrations\"\nimport {\n patchEllipsis,\n patchIndeterminate,\n patchScrollfix,\n patchScrolllock\n} from \"./patches\"\nimport \"./polyfills\"\n\n/* ----------------------------------------------------------------------------\n * Functions - @todo refactor\n * ------------------------------------------------------------------------- */\n\n/**\n * Fetch search index\n *\n * @returns Search index observable\n */\nfunction fetchSearchIndex(): Observable {\n if (location.protocol === \"file:\") {\n return watchScript(\n `${new URL(\"search/search_index.js\", config.base)}`\n )\n .pipe(\n // @ts-ignore - @todo fix typings\n map(() => __index),\n shareReplay(1)\n )\n } else {\n return requestJSON(\n new URL(\"search/search_index.json\", config.base)\n )\n }\n}\n\n/* ----------------------------------------------------------------------------\n * Application\n * ------------------------------------------------------------------------- */\n\n/* Yay, JavaScript is available */\ndocument.documentElement.classList.remove(\"no-js\")\ndocument.documentElement.classList.add(\"js\")\n\n/* Set up navigation observables and subjects */\nconst document$ = watchDocument()\nconst location$ = watchLocation()\nconst target$ = watchLocationTarget(location$)\nconst keyboard$ = watchKeyboard()\n\n/* Set up media observables */\nconst viewport$ = watchViewport()\nconst tablet$ = watchMedia(\"(min-width: 960px)\")\nconst screen$ = watchMedia(\"(min-width: 1220px)\")\nconst print$ = watchPrint()\n\n/* Retrieve search index, if search is enabled */\nconst config = configuration()\nconst index$ = document.forms.namedItem(\"search\")\n ? fetchSearchIndex()\n : NEVER\n\n/* Set up Clipboard.js integration */\nconst alert$ = new Subject()\nsetupClipboardJS({ alert$ })\n\n/* Set up progress indicator */\nconst progress$ = new Subject()\n\n/* Set up instant navigation, if enabled */\nif (feature(\"navigation.instant\"))\n setupInstantNavigation({ location$, viewport$, progress$ })\n .subscribe(document$)\n\n/* Set up version selector */\nif (config.version?.provider === \"mike\")\n setupVersionSelector({ document$ })\n\n/* Always close drawer and search on navigation */\nmerge(location$, target$)\n .pipe(\n delay(125)\n )\n .subscribe(() => {\n setToggle(\"drawer\", false)\n setToggle(\"search\", false)\n })\n\n/* Set up global keyboard handlers */\nkeyboard$\n .pipe(\n filter(({ mode }) => mode === \"global\")\n )\n .subscribe(key => {\n switch (key.type) {\n\n /* Go to previous page */\n case \"p\":\n case \",\":\n const prev = getOptionalElement(\"link[rel=prev]\")\n if (typeof prev !== \"undefined\")\n setLocation(prev)\n break\n\n /* Go to next page */\n case \"n\":\n case \".\":\n const next = getOptionalElement(\"link[rel=next]\")\n if (typeof next !== \"undefined\")\n setLocation(next)\n break\n\n /* Expand navigation, see https://bit.ly/3ZjG5io */\n case \"Enter\":\n const active = getActiveElement()\n if (active instanceof HTMLLabelElement)\n active.click()\n }\n })\n\n/* Set up patches */\npatchEllipsis({ document$ })\npatchIndeterminate({ document$, tablet$ })\npatchScrollfix({ document$ })\npatchScrolllock({ viewport$, tablet$ })\n\n/* Set up header and main area observable */\nconst header$ = watchHeader(getComponentElement(\"header\"), { viewport$ })\nconst main$ = document$\n .pipe(\n map(() => getComponentElement(\"main\")),\n switchMap(el => watchMain(el, { viewport$, header$ })),\n shareReplay(1)\n )\n\n/* Set up control component observables */\nconst control$ = merge(\n\n /* Consent */\n ...getComponentElements(\"consent\")\n .map(el => mountConsent(el, { target$ })),\n\n /* Dialog */\n ...getComponentElements(\"dialog\")\n .map(el => mountDialog(el, { alert$ })),\n\n /* Header */\n ...getComponentElements(\"header\")\n .map(el => mountHeader(el, { viewport$, header$, main$ })),\n\n /* Color palette */\n ...getComponentElements(\"palette\")\n .map(el => mountPalette(el)),\n\n /* Progress bar */\n ...getComponentElements(\"progress\")\n .map(el => mountProgress(el, { progress$ })),\n\n /* Search */\n ...getComponentElements(\"search\")\n .map(el => mountSearch(el, { index$, keyboard$ })),\n\n /* Repository information */\n ...getComponentElements(\"source\")\n .map(el => mountSource(el))\n)\n\n/* Set up content component observables */\nconst content$ = defer(() => merge(\n\n /* Announcement bar */\n ...getComponentElements(\"announce\")\n .map(el => mountAnnounce(el)),\n\n /* Content */\n ...getComponentElements(\"content\")\n .map(el => mountContent(el, { viewport$, target$, print$ })),\n\n /* Search highlighting */\n ...getComponentElements(\"content\")\n .map(el => feature(\"search.highlight\")\n ? mountSearchHiglight(el, { index$, location$ })\n : EMPTY\n ),\n\n /* Header title */\n ...getComponentElements(\"header-title\")\n .map(el => mountHeaderTitle(el, { viewport$, header$ })),\n\n /* Sidebar */\n ...getComponentElements(\"sidebar\")\n .map(el => el.getAttribute(\"data-md-type\") === \"navigation\"\n ? at(screen$, () => mountSidebar(el, { viewport$, header$, main$ }))\n : at(tablet$, () => mountSidebar(el, { viewport$, header$, main$ }))\n ),\n\n /* Navigation tabs */\n ...getComponentElements(\"tabs\")\n .map(el => mountTabs(el, { viewport$, header$ })),\n\n /* Table of contents */\n ...getComponentElements(\"toc\")\n .map(el => mountTableOfContents(el, {\n viewport$, header$, main$, target$\n })),\n\n /* Back-to-top button */\n ...getComponentElements(\"top\")\n .map(el => mountBackToTop(el, { viewport$, header$, main$, target$ }))\n))\n\n/* Set up component observables */\nconst component$ = document$\n .pipe(\n switchMap(() => content$),\n mergeWith(control$),\n shareReplay(1)\n )\n\n/* Subscribe to all components */\ncomponent$.subscribe()\n\n/* ----------------------------------------------------------------------------\n * Exports\n * ------------------------------------------------------------------------- */\n\nwindow.document$ = document$ /* Document observable */\nwindow.location$ = location$ /* Location subject */\nwindow.target$ = target$ /* Location target observable */\nwindow.keyboard$ = keyboard$ /* Keyboard observable */\nwindow.viewport$ = viewport$ /* Viewport observable */\nwindow.tablet$ = tablet$ /* Media tablet observable */\nwindow.screen$ = screen$ /* Media screen observable */\nwindow.print$ = print$ /* Media print observable */\nwindow.alert$ = alert$ /* Alert subject */\nwindow.progress$ = progress$ /* Progress indicator subject */\nwindow.component$ = component$ /* Component observable */\n", "/*! *****************************************************************************\r\nCopyright (c) Microsoft Corporation.\r\n\r\nPermission to use, copy, modify, and/or distribute this software for any\r\npurpose with or without fee is hereby granted.\r\n\r\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\r\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\r\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\r\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\r\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\r\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\r\nPERFORMANCE OF THIS SOFTWARE.\r\n***************************************************************************** */\r\n/* global Reflect, Promise */\r\n\r\nvar extendStatics = function(d, b) {\r\n extendStatics = Object.setPrototypeOf ||\r\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\r\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\r\n return extendStatics(d, b);\r\n};\r\n\r\nexport function __extends(d, b) {\r\n if (typeof b !== \"function\" && b !== null)\r\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\r\n extendStatics(d, b);\r\n function __() { this.constructor = d; }\r\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\r\n}\r\n\r\nexport var __assign = function() {\r\n __assign = Object.assign || function __assign(t) {\r\n for (var s, i = 1, n = arguments.length; i < n; i++) {\r\n s = arguments[i];\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];\r\n }\r\n return t;\r\n }\r\n return __assign.apply(this, arguments);\r\n}\r\n\r\nexport function __rest(s, e) {\r\n var t = {};\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)\r\n t[p] = s[p];\r\n if (s != null && typeof Object.getOwnPropertySymbols === \"function\")\r\n for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {\r\n if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))\r\n t[p[i]] = s[p[i]];\r\n }\r\n return t;\r\n}\r\n\r\nexport function __decorate(decorators, target, key, desc) {\r\n var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;\r\n if (typeof Reflect === \"object\" && typeof Reflect.decorate === \"function\") r = Reflect.decorate(decorators, target, key, desc);\r\n else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;\r\n return c > 3 && r && Object.defineProperty(target, key, r), r;\r\n}\r\n\r\nexport function __param(paramIndex, decorator) {\r\n return function (target, key) { decorator(target, key, paramIndex); }\r\n}\r\n\r\nexport function __metadata(metadataKey, metadataValue) {\r\n if (typeof Reflect === \"object\" && typeof Reflect.metadata === \"function\") return Reflect.metadata(metadataKey, metadataValue);\r\n}\r\n\r\nexport function __awaiter(thisArg, _arguments, P, generator) {\r\n function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\r\n return new (P || (P = Promise))(function (resolve, reject) {\r\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\r\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\r\n function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\r\n step((generator = generator.apply(thisArg, _arguments || [])).next());\r\n });\r\n}\r\n\r\nexport function __generator(thisArg, body) {\r\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\r\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\r\n function verb(n) { return function (v) { return step([n, v]); }; }\r\n function step(op) {\r\n if (f) throw new TypeError(\"Generator is already executing.\");\r\n while (_) try {\r\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\r\n if (y = 0, t) op = [op[0] & 2, t.value];\r\n switch (op[0]) {\r\n case 0: case 1: t = op; break;\r\n case 4: _.label++; return { value: op[1], done: false };\r\n case 5: _.label++; y = op[1]; op = [0]; continue;\r\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\r\n default:\r\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\r\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\r\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\r\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\r\n if (t[2]) _.ops.pop();\r\n _.trys.pop(); continue;\r\n }\r\n op = body.call(thisArg, _);\r\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\r\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\r\n }\r\n}\r\n\r\nexport var __createBinding = Object.create ? (function(o, m, k, k2) {\r\n if (k2 === undefined) k2 = k;\r\n Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\r\n}) : (function(o, m, k, k2) {\r\n if (k2 === undefined) k2 = k;\r\n o[k2] = m[k];\r\n});\r\n\r\nexport function __exportStar(m, o) {\r\n for (var p in m) if (p !== \"default\" && !Object.prototype.hasOwnProperty.call(o, p)) __createBinding(o, m, p);\r\n}\r\n\r\nexport function __values(o) {\r\n var s = typeof Symbol === \"function\" && Symbol.iterator, m = s && o[s], i = 0;\r\n if (m) return m.call(o);\r\n if (o && typeof o.length === \"number\") return {\r\n next: function () {\r\n if (o && i >= o.length) o = void 0;\r\n return { value: o && o[i++], done: !o };\r\n }\r\n };\r\n throw new TypeError(s ? \"Object is not iterable.\" : \"Symbol.iterator is not defined.\");\r\n}\r\n\r\nexport function __read(o, n) {\r\n var m = typeof Symbol === \"function\" && o[Symbol.iterator];\r\n if (!m) return o;\r\n var i = m.call(o), r, ar = [], e;\r\n try {\r\n while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);\r\n }\r\n catch (error) { e = { error: error }; }\r\n finally {\r\n try {\r\n if (r && !r.done && (m = i[\"return\"])) m.call(i);\r\n }\r\n finally { if (e) throw e.error; }\r\n }\r\n return ar;\r\n}\r\n\r\n/** @deprecated */\r\nexport function __spread() {\r\n for (var ar = [], i = 0; i < arguments.length; i++)\r\n ar = ar.concat(__read(arguments[i]));\r\n return ar;\r\n}\r\n\r\n/** @deprecated */\r\nexport function __spreadArrays() {\r\n for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length;\r\n for (var r = Array(s), k = 0, i = 0; i < il; i++)\r\n for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++)\r\n r[k] = a[j];\r\n return r;\r\n}\r\n\r\nexport function __spreadArray(to, from, pack) {\r\n if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {\r\n if (ar || !(i in from)) {\r\n if (!ar) ar = Array.prototype.slice.call(from, 0, i);\r\n ar[i] = from[i];\r\n }\r\n }\r\n return to.concat(ar || Array.prototype.slice.call(from));\r\n}\r\n\r\nexport function __await(v) {\r\n return this instanceof __await ? (this.v = v, this) : new __await(v);\r\n}\r\n\r\nexport function __asyncGenerator(thisArg, _arguments, generator) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var g = generator.apply(thisArg, _arguments || []), i, q = [];\r\n return i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i;\r\n function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }\r\n function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }\r\n function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }\r\n function fulfill(value) { resume(\"next\", value); }\r\n function reject(value) { resume(\"throw\", value); }\r\n function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }\r\n}\r\n\r\nexport function __asyncDelegator(o) {\r\n var i, p;\r\n return i = {}, verb(\"next\"), verb(\"throw\", function (e) { throw e; }), verb(\"return\"), i[Symbol.iterator] = function () { return this; }, i;\r\n function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === \"return\" } : f ? f(v) : v; } : f; }\r\n}\r\n\r\nexport function __asyncValues(o) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var m = o[Symbol.asyncIterator], i;\r\n return m ? m.call(o) : (o = typeof __values === \"function\" ? __values(o) : o[Symbol.iterator](), i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i);\r\n function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }\r\n function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }\r\n}\r\n\r\nexport function __makeTemplateObject(cooked, raw) {\r\n if (Object.defineProperty) { Object.defineProperty(cooked, \"raw\", { value: raw }); } else { cooked.raw = raw; }\r\n return cooked;\r\n};\r\n\r\nvar __setModuleDefault = Object.create ? (function(o, v) {\r\n Object.defineProperty(o, \"default\", { enumerable: true, value: v });\r\n}) : function(o, v) {\r\n o[\"default\"] = v;\r\n};\r\n\r\nexport function __importStar(mod) {\r\n if (mod && mod.__esModule) return mod;\r\n var result = {};\r\n if (mod != null) for (var k in mod) if (k !== \"default\" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\r\n __setModuleDefault(result, mod);\r\n return result;\r\n}\r\n\r\nexport function __importDefault(mod) {\r\n return (mod && mod.__esModule) ? mod : { default: mod };\r\n}\r\n\r\nexport function __classPrivateFieldGet(receiver, state, kind, f) {\r\n if (kind === \"a\" && !f) throw new TypeError(\"Private accessor was defined without a getter\");\r\n if (typeof state === \"function\" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError(\"Cannot read private member from an object whose class did not declare it\");\r\n return kind === \"m\" ? f : kind === \"a\" ? f.call(receiver) : f ? f.value : state.get(receiver);\r\n}\r\n\r\nexport function __classPrivateFieldSet(receiver, state, value, kind, f) {\r\n if (kind === \"m\") throw new TypeError(\"Private method is not writable\");\r\n if (kind === \"a\" && !f) throw new TypeError(\"Private accessor was defined without a setter\");\r\n if (typeof state === \"function\" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError(\"Cannot write private member to an object whose class did not declare it\");\r\n return (kind === \"a\" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;\r\n}\r\n", "/**\n * Returns true if the object is a function.\n * @param value The value to check\n */\nexport function isFunction(value: any): value is (...args: any[]) => any {\n return typeof value === 'function';\n}\n", "/**\n * Used to create Error subclasses until the community moves away from ES5.\n *\n * This is because compiling from TypeScript down to ES5 has issues with subclassing Errors\n * as well as other built-in types: https://github.com/Microsoft/TypeScript/issues/12123\n *\n * @param createImpl A factory function to create the actual constructor implementation. The returned\n * function should be a named function that calls `_super` internally.\n */\nexport function createErrorClass(createImpl: (_super: any) => any): T {\n const _super = (instance: any) => {\n Error.call(instance);\n instance.stack = new Error().stack;\n };\n\n const ctorFunc = createImpl(_super);\n ctorFunc.prototype = Object.create(Error.prototype);\n ctorFunc.prototype.constructor = ctorFunc;\n return ctorFunc;\n}\n", "import { createErrorClass } from './createErrorClass';\n\nexport interface UnsubscriptionError extends Error {\n readonly errors: any[];\n}\n\nexport interface UnsubscriptionErrorCtor {\n /**\n * @deprecated Internal implementation detail. Do not construct error instances.\n * Cannot be tagged as internal: https://github.com/ReactiveX/rxjs/issues/6269\n */\n new (errors: any[]): UnsubscriptionError;\n}\n\n/**\n * An error thrown when one or more errors have occurred during the\n * `unsubscribe` of a {@link Subscription}.\n */\nexport const UnsubscriptionError: UnsubscriptionErrorCtor = createErrorClass(\n (_super) =>\n function UnsubscriptionErrorImpl(this: any, errors: (Error | string)[]) {\n _super(this);\n this.message = errors\n ? `${errors.length} errors occurred during unsubscription:\n${errors.map((err, i) => `${i + 1}) ${err.toString()}`).join('\\n ')}`\n : '';\n this.name = 'UnsubscriptionError';\n this.errors = errors;\n }\n);\n", "/**\n * Removes an item from an array, mutating it.\n * @param arr The array to remove the item from\n * @param item The item to remove\n */\nexport function arrRemove(arr: T[] | undefined | null, item: T) {\n if (arr) {\n const index = arr.indexOf(item);\n 0 <= index && arr.splice(index, 1);\n }\n}\n", "import { isFunction } from './util/isFunction';\nimport { UnsubscriptionError } from './util/UnsubscriptionError';\nimport { SubscriptionLike, TeardownLogic, Unsubscribable } from './types';\nimport { arrRemove } from './util/arrRemove';\n\n/**\n * Represents a disposable resource, such as the execution of an Observable. A\n * Subscription has one important method, `unsubscribe`, that takes no argument\n * and just disposes the resource held by the subscription.\n *\n * Additionally, subscriptions may be grouped together through the `add()`\n * method, which will attach a child Subscription to the current Subscription.\n * When a Subscription is unsubscribed, all its children (and its grandchildren)\n * will be unsubscribed as well.\n *\n * @class Subscription\n */\nexport class Subscription implements SubscriptionLike {\n /** @nocollapse */\n public static EMPTY = (() => {\n const empty = new Subscription();\n empty.closed = true;\n return empty;\n })();\n\n /**\n * A flag to indicate whether this Subscription has already been unsubscribed.\n */\n public closed = false;\n\n private _parentage: Subscription[] | Subscription | null = null;\n\n /**\n * The list of registered finalizers to execute upon unsubscription. Adding and removing from this\n * list occurs in the {@link #add} and {@link #remove} methods.\n */\n private _finalizers: Exclude[] | null = null;\n\n /**\n * @param initialTeardown A function executed first as part of the finalization\n * process that is kicked off when {@link #unsubscribe} is called.\n */\n constructor(private initialTeardown?: () => void) {}\n\n /**\n * Disposes the resources held by the subscription. May, for instance, cancel\n * an ongoing Observable execution or cancel any other type of work that\n * started when the Subscription was created.\n * @return {void}\n */\n unsubscribe(): void {\n let errors: any[] | undefined;\n\n if (!this.closed) {\n this.closed = true;\n\n // Remove this from it's parents.\n const { _parentage } = this;\n if (_parentage) {\n this._parentage = null;\n if (Array.isArray(_parentage)) {\n for (const parent of _parentage) {\n parent.remove(this);\n }\n } else {\n _parentage.remove(this);\n }\n }\n\n const { initialTeardown: initialFinalizer } = this;\n if (isFunction(initialFinalizer)) {\n try {\n initialFinalizer();\n } catch (e) {\n errors = e instanceof UnsubscriptionError ? e.errors : [e];\n }\n }\n\n const { _finalizers } = this;\n if (_finalizers) {\n this._finalizers = null;\n for (const finalizer of _finalizers) {\n try {\n execFinalizer(finalizer);\n } catch (err) {\n errors = errors ?? [];\n if (err instanceof UnsubscriptionError) {\n errors = [...errors, ...err.errors];\n } else {\n errors.push(err);\n }\n }\n }\n }\n\n if (errors) {\n throw new UnsubscriptionError(errors);\n }\n }\n }\n\n /**\n * Adds a finalizer to this subscription, so that finalization will be unsubscribed/called\n * when this subscription is unsubscribed. If this subscription is already {@link #closed},\n * because it has already been unsubscribed, then whatever finalizer is passed to it\n * will automatically be executed (unless the finalizer itself is also a closed subscription).\n *\n * Closed Subscriptions cannot be added as finalizers to any subscription. Adding a closed\n * subscription to a any subscription will result in no operation. (A noop).\n *\n * Adding a subscription to itself, or adding `null` or `undefined` will not perform any\n * operation at all. (A noop).\n *\n * `Subscription` instances that are added to this instance will automatically remove themselves\n * if they are unsubscribed. Functions and {@link Unsubscribable} objects that you wish to remove\n * will need to be removed manually with {@link #remove}\n *\n * @param teardown The finalization logic to add to this subscription.\n */\n add(teardown: TeardownLogic): void {\n // Only add the finalizer if it's not undefined\n // and don't add a subscription to itself.\n if (teardown && teardown !== this) {\n if (this.closed) {\n // If this subscription is already closed,\n // execute whatever finalizer is handed to it automatically.\n execFinalizer(teardown);\n } else {\n if (teardown instanceof Subscription) {\n // We don't add closed subscriptions, and we don't add the same subscription\n // twice. Subscription unsubscribe is idempotent.\n if (teardown.closed || teardown._hasParent(this)) {\n return;\n }\n teardown._addParent(this);\n }\n (this._finalizers = this._finalizers ?? []).push(teardown);\n }\n }\n }\n\n /**\n * Checks to see if a this subscription already has a particular parent.\n * This will signal that this subscription has already been added to the parent in question.\n * @param parent the parent to check for\n */\n private _hasParent(parent: Subscription) {\n const { _parentage } = this;\n return _parentage === parent || (Array.isArray(_parentage) && _parentage.includes(parent));\n }\n\n /**\n * Adds a parent to this subscription so it can be removed from the parent if it\n * unsubscribes on it's own.\n *\n * NOTE: THIS ASSUMES THAT {@link _hasParent} HAS ALREADY BEEN CHECKED.\n * @param parent The parent subscription to add\n */\n private _addParent(parent: Subscription) {\n const { _parentage } = this;\n this._parentage = Array.isArray(_parentage) ? (_parentage.push(parent), _parentage) : _parentage ? [_parentage, parent] : parent;\n }\n\n /**\n * Called on a child when it is removed via {@link #remove}.\n * @param parent The parent to remove\n */\n private _removeParent(parent: Subscription) {\n const { _parentage } = this;\n if (_parentage === parent) {\n this._parentage = null;\n } else if (Array.isArray(_parentage)) {\n arrRemove(_parentage, parent);\n }\n }\n\n /**\n * Removes a finalizer from this subscription that was previously added with the {@link #add} method.\n *\n * Note that `Subscription` instances, when unsubscribed, will automatically remove themselves\n * from every other `Subscription` they have been added to. This means that using the `remove` method\n * is not a common thing and should be used thoughtfully.\n *\n * If you add the same finalizer instance of a function or an unsubscribable object to a `Subscription` instance\n * more than once, you will need to call `remove` the same number of times to remove all instances.\n *\n * All finalizer instances are removed to free up memory upon unsubscription.\n *\n * @param teardown The finalizer to remove from this subscription\n */\n remove(teardown: Exclude): void {\n const { _finalizers } = this;\n _finalizers && arrRemove(_finalizers, teardown);\n\n if (teardown instanceof Subscription) {\n teardown._removeParent(this);\n }\n }\n}\n\nexport const EMPTY_SUBSCRIPTION = Subscription.EMPTY;\n\nexport function isSubscription(value: any): value is Subscription {\n return (\n value instanceof Subscription ||\n (value && 'closed' in value && isFunction(value.remove) && isFunction(value.add) && isFunction(value.unsubscribe))\n );\n}\n\nfunction execFinalizer(finalizer: Unsubscribable | (() => void)) {\n if (isFunction(finalizer)) {\n finalizer();\n } else {\n finalizer.unsubscribe();\n }\n}\n", "import { Subscriber } from './Subscriber';\nimport { ObservableNotification } from './types';\n\n/**\n * The {@link GlobalConfig} object for RxJS. It is used to configure things\n * like how to react on unhandled errors.\n */\nexport const config: GlobalConfig = {\n onUnhandledError: null,\n onStoppedNotification: null,\n Promise: undefined,\n useDeprecatedSynchronousErrorHandling: false,\n useDeprecatedNextContext: false,\n};\n\n/**\n * The global configuration object for RxJS, used to configure things\n * like how to react on unhandled errors. Accessible via {@link config}\n * object.\n */\nexport interface GlobalConfig {\n /**\n * A registration point for unhandled errors from RxJS. These are errors that\n * cannot were not handled by consuming code in the usual subscription path. For\n * example, if you have this configured, and you subscribe to an observable without\n * providing an error handler, errors from that subscription will end up here. This\n * will _always_ be called asynchronously on another job in the runtime. This is because\n * we do not want errors thrown in this user-configured handler to interfere with the\n * behavior of the library.\n */\n onUnhandledError: ((err: any) => void) | null;\n\n /**\n * A registration point for notifications that cannot be sent to subscribers because they\n * have completed, errored or have been explicitly unsubscribed. By default, next, complete\n * and error notifications sent to stopped subscribers are noops. However, sometimes callers\n * might want a different behavior. For example, with sources that attempt to report errors\n * to stopped subscribers, a caller can configure RxJS to throw an unhandled error instead.\n * This will _always_ be called asynchronously on another job in the runtime. This is because\n * we do not want errors thrown in this user-configured handler to interfere with the\n * behavior of the library.\n */\n onStoppedNotification: ((notification: ObservableNotification, subscriber: Subscriber) => void) | null;\n\n /**\n * The promise constructor used by default for {@link Observable#toPromise toPromise} and {@link Observable#forEach forEach}\n * methods.\n *\n * @deprecated As of version 8, RxJS will no longer support this sort of injection of a\n * Promise constructor. If you need a Promise implementation other than native promises,\n * please polyfill/patch Promise as you see appropriate. Will be removed in v8.\n */\n Promise?: PromiseConstructorLike;\n\n /**\n * If true, turns on synchronous error rethrowing, which is a deprecated behavior\n * in v6 and higher. This behavior enables bad patterns like wrapping a subscribe\n * call in a try/catch block. It also enables producer interference, a nasty bug\n * where a multicast can be broken for all observers by a downstream consumer with\n * an unhandled error. DO NOT USE THIS FLAG UNLESS IT'S NEEDED TO BUY TIME\n * FOR MIGRATION REASONS.\n *\n * @deprecated As of version 8, RxJS will no longer support synchronous throwing\n * of unhandled errors. All errors will be thrown on a separate call stack to prevent bad\n * behaviors described above. Will be removed in v8.\n */\n useDeprecatedSynchronousErrorHandling: boolean;\n\n /**\n * If true, enables an as-of-yet undocumented feature from v5: The ability to access\n * `unsubscribe()` via `this` context in `next` functions created in observers passed\n * to `subscribe`.\n *\n * This is being removed because the performance was severely problematic, and it could also cause\n * issues when types other than POJOs are passed to subscribe as subscribers, as they will likely have\n * their `this` context overwritten.\n *\n * @deprecated As of version 8, RxJS will no longer support altering the\n * context of next functions provided as part of an observer to Subscribe. Instead,\n * you will have access to a subscription or a signal or token that will allow you to do things like\n * unsubscribe and test closed status. Will be removed in v8.\n */\n useDeprecatedNextContext: boolean;\n}\n", "import type { TimerHandle } from './timerHandle';\ntype SetTimeoutFunction = (handler: () => void, timeout?: number, ...args: any[]) => TimerHandle;\ntype ClearTimeoutFunction = (handle: TimerHandle) => void;\n\ninterface TimeoutProvider {\n setTimeout: SetTimeoutFunction;\n clearTimeout: ClearTimeoutFunction;\n delegate:\n | {\n setTimeout: SetTimeoutFunction;\n clearTimeout: ClearTimeoutFunction;\n }\n | undefined;\n}\n\nexport const timeoutProvider: TimeoutProvider = {\n // When accessing the delegate, use the variable rather than `this` so that\n // the functions can be called without being bound to the provider.\n setTimeout(handler: () => void, timeout?: number, ...args) {\n const { delegate } = timeoutProvider;\n if (delegate?.setTimeout) {\n return delegate.setTimeout(handler, timeout, ...args);\n }\n return setTimeout(handler, timeout, ...args);\n },\n clearTimeout(handle) {\n const { delegate } = timeoutProvider;\n return (delegate?.clearTimeout || clearTimeout)(handle as any);\n },\n delegate: undefined,\n};\n", "import { config } from '../config';\nimport { timeoutProvider } from '../scheduler/timeoutProvider';\n\n/**\n * Handles an error on another job either with the user-configured {@link onUnhandledError},\n * or by throwing it on that new job so it can be picked up by `window.onerror`, `process.on('error')`, etc.\n *\n * This should be called whenever there is an error that is out-of-band with the subscription\n * or when an error hits a terminal boundary of the subscription and no error handler was provided.\n *\n * @param err the error to report\n */\nexport function reportUnhandledError(err: any) {\n timeoutProvider.setTimeout(() => {\n const { onUnhandledError } = config;\n if (onUnhandledError) {\n // Execute the user-configured error handler.\n onUnhandledError(err);\n } else {\n // Throw so it is picked up by the runtime's uncaught error mechanism.\n throw err;\n }\n });\n}\n", "/* tslint:disable:no-empty */\nexport function noop() { }\n", "import { CompleteNotification, NextNotification, ErrorNotification } from './types';\n\n/**\n * A completion object optimized for memory use and created to be the\n * same \"shape\" as other notifications in v8.\n * @internal\n */\nexport const COMPLETE_NOTIFICATION = (() => createNotification('C', undefined, undefined) as CompleteNotification)();\n\n/**\n * Internal use only. Creates an optimized error notification that is the same \"shape\"\n * as other notifications.\n * @internal\n */\nexport function errorNotification(error: any): ErrorNotification {\n return createNotification('E', undefined, error) as any;\n}\n\n/**\n * Internal use only. Creates an optimized next notification that is the same \"shape\"\n * as other notifications.\n * @internal\n */\nexport function nextNotification(value: T) {\n return createNotification('N', value, undefined) as NextNotification;\n}\n\n/**\n * Ensures that all notifications created internally have the same \"shape\" in v8.\n *\n * TODO: This is only exported to support a crazy legacy test in `groupBy`.\n * @internal\n */\nexport function createNotification(kind: 'N' | 'E' | 'C', value: any, error: any) {\n return {\n kind,\n value,\n error,\n };\n}\n", "import { config } from '../config';\n\nlet context: { errorThrown: boolean; error: any } | null = null;\n\n/**\n * Handles dealing with errors for super-gross mode. Creates a context, in which\n * any synchronously thrown errors will be passed to {@link captureError}. Which\n * will record the error such that it will be rethrown after the call back is complete.\n * TODO: Remove in v8\n * @param cb An immediately executed function.\n */\nexport function errorContext(cb: () => void) {\n if (config.useDeprecatedSynchronousErrorHandling) {\n const isRoot = !context;\n if (isRoot) {\n context = { errorThrown: false, error: null };\n }\n cb();\n if (isRoot) {\n const { errorThrown, error } = context!;\n context = null;\n if (errorThrown) {\n throw error;\n }\n }\n } else {\n // This is the general non-deprecated path for everyone that\n // isn't crazy enough to use super-gross mode (useDeprecatedSynchronousErrorHandling)\n cb();\n }\n}\n\n/**\n * Captures errors only in super-gross mode.\n * @param err the error to capture\n */\nexport function captureError(err: any) {\n if (config.useDeprecatedSynchronousErrorHandling && context) {\n context.errorThrown = true;\n context.error = err;\n }\n}\n", "import { isFunction } from './util/isFunction';\nimport { Observer, ObservableNotification } from './types';\nimport { isSubscription, Subscription } from './Subscription';\nimport { config } from './config';\nimport { reportUnhandledError } from './util/reportUnhandledError';\nimport { noop } from './util/noop';\nimport { nextNotification, errorNotification, COMPLETE_NOTIFICATION } from './NotificationFactories';\nimport { timeoutProvider } from './scheduler/timeoutProvider';\nimport { captureError } from './util/errorContext';\n\n/**\n * Implements the {@link Observer} interface and extends the\n * {@link Subscription} class. While the {@link Observer} is the public API for\n * consuming the values of an {@link Observable}, all Observers get converted to\n * a Subscriber, in order to provide Subscription-like capabilities such as\n * `unsubscribe`. Subscriber is a common type in RxJS, and crucial for\n * implementing operators, but it is rarely used as a public API.\n *\n * @class Subscriber\n */\nexport class Subscriber extends Subscription implements Observer {\n /**\n * A static factory for a Subscriber, given a (potentially partial) definition\n * of an Observer.\n * @param next The `next` callback of an Observer.\n * @param error The `error` callback of an\n * Observer.\n * @param complete The `complete` callback of an\n * Observer.\n * @return A Subscriber wrapping the (partially defined)\n * Observer represented by the given arguments.\n * @nocollapse\n * @deprecated Do not use. Will be removed in v8. There is no replacement for this\n * method, and there is no reason to be creating instances of `Subscriber` directly.\n * If you have a specific use case, please file an issue.\n */\n static create(next?: (x?: T) => void, error?: (e?: any) => void, complete?: () => void): Subscriber {\n return new SafeSubscriber(next, error, complete);\n }\n\n /** @deprecated Internal implementation detail, do not use directly. Will be made internal in v8. */\n protected isStopped: boolean = false;\n /** @deprecated Internal implementation detail, do not use directly. Will be made internal in v8. */\n protected destination: Subscriber | Observer; // this `any` is the escape hatch to erase extra type param (e.g. R)\n\n /**\n * @deprecated Internal implementation detail, do not use directly. Will be made internal in v8.\n * There is no reason to directly create an instance of Subscriber. This type is exported for typings reasons.\n */\n constructor(destination?: Subscriber | Observer) {\n super();\n if (destination) {\n this.destination = destination;\n // Automatically chain subscriptions together here.\n // if destination is a Subscription, then it is a Subscriber.\n if (isSubscription(destination)) {\n destination.add(this);\n }\n } else {\n this.destination = EMPTY_OBSERVER;\n }\n }\n\n /**\n * The {@link Observer} callback to receive notifications of type `next` from\n * the Observable, with a value. The Observable may call this method 0 or more\n * times.\n * @param {T} [value] The `next` value.\n * @return {void}\n */\n next(value?: T): void {\n if (this.isStopped) {\n handleStoppedNotification(nextNotification(value), this);\n } else {\n this._next(value!);\n }\n }\n\n /**\n * The {@link Observer} callback to receive notifications of type `error` from\n * the Observable, with an attached `Error`. Notifies the Observer that\n * the Observable has experienced an error condition.\n * @param {any} [err] The `error` exception.\n * @return {void}\n */\n error(err?: any): void {\n if (this.isStopped) {\n handleStoppedNotification(errorNotification(err), this);\n } else {\n this.isStopped = true;\n this._error(err);\n }\n }\n\n /**\n * The {@link Observer} callback to receive a valueless notification of type\n * `complete` from the Observable. Notifies the Observer that the Observable\n * has finished sending push-based notifications.\n * @return {void}\n */\n complete(): void {\n if (this.isStopped) {\n handleStoppedNotification(COMPLETE_NOTIFICATION, this);\n } else {\n this.isStopped = true;\n this._complete();\n }\n }\n\n unsubscribe(): void {\n if (!this.closed) {\n this.isStopped = true;\n super.unsubscribe();\n this.destination = null!;\n }\n }\n\n protected _next(value: T): void {\n this.destination.next(value);\n }\n\n protected _error(err: any): void {\n try {\n this.destination.error(err);\n } finally {\n this.unsubscribe();\n }\n }\n\n protected _complete(): void {\n try {\n this.destination.complete();\n } finally {\n this.unsubscribe();\n }\n }\n}\n\n/**\n * This bind is captured here because we want to be able to have\n * compatibility with monoid libraries that tend to use a method named\n * `bind`. In particular, a library called Monio requires this.\n */\nconst _bind = Function.prototype.bind;\n\nfunction bind any>(fn: Fn, thisArg: any): Fn {\n return _bind.call(fn, thisArg);\n}\n\n/**\n * Internal optimization only, DO NOT EXPOSE.\n * @internal\n */\nclass ConsumerObserver implements Observer {\n constructor(private partialObserver: Partial>) {}\n\n next(value: T): void {\n const { partialObserver } = this;\n if (partialObserver.next) {\n try {\n partialObserver.next(value);\n } catch (error) {\n handleUnhandledError(error);\n }\n }\n }\n\n error(err: any): void {\n const { partialObserver } = this;\n if (partialObserver.error) {\n try {\n partialObserver.error(err);\n } catch (error) {\n handleUnhandledError(error);\n }\n } else {\n handleUnhandledError(err);\n }\n }\n\n complete(): void {\n const { partialObserver } = this;\n if (partialObserver.complete) {\n try {\n partialObserver.complete();\n } catch (error) {\n handleUnhandledError(error);\n }\n }\n }\n}\n\nexport class SafeSubscriber extends Subscriber {\n constructor(\n observerOrNext?: Partial> | ((value: T) => void) | null,\n error?: ((e?: any) => void) | null,\n complete?: (() => void) | null\n ) {\n super();\n\n let partialObserver: Partial>;\n if (isFunction(observerOrNext) || !observerOrNext) {\n // The first argument is a function, not an observer. The next\n // two arguments *could* be observers, or they could be empty.\n partialObserver = {\n next: (observerOrNext ?? undefined) as (((value: T) => void) | undefined),\n error: error ?? undefined,\n complete: complete ?? undefined,\n };\n } else {\n // The first argument is a partial observer.\n let context: any;\n if (this && config.useDeprecatedNextContext) {\n // This is a deprecated path that made `this.unsubscribe()` available in\n // next handler functions passed to subscribe. This only exists behind a flag\n // now, as it is *very* slow.\n context = Object.create(observerOrNext);\n context.unsubscribe = () => this.unsubscribe();\n partialObserver = {\n next: observerOrNext.next && bind(observerOrNext.next, context),\n error: observerOrNext.error && bind(observerOrNext.error, context),\n complete: observerOrNext.complete && bind(observerOrNext.complete, context),\n };\n } else {\n // The \"normal\" path. Just use the partial observer directly.\n partialObserver = observerOrNext;\n }\n }\n\n // Wrap the partial observer to ensure it's a full observer, and\n // make sure proper error handling is accounted for.\n this.destination = new ConsumerObserver(partialObserver);\n }\n}\n\nfunction handleUnhandledError(error: any) {\n if (config.useDeprecatedSynchronousErrorHandling) {\n captureError(error);\n } else {\n // Ideal path, we report this as an unhandled error,\n // which is thrown on a new call stack.\n reportUnhandledError(error);\n }\n}\n\n/**\n * An error handler used when no error handler was supplied\n * to the SafeSubscriber -- meaning no error handler was supplied\n * do the `subscribe` call on our observable.\n * @param err The error to handle\n */\nfunction defaultErrorHandler(err: any) {\n throw err;\n}\n\n/**\n * A handler for notifications that cannot be sent to a stopped subscriber.\n * @param notification The notification being sent\n * @param subscriber The stopped subscriber\n */\nfunction handleStoppedNotification(notification: ObservableNotification, subscriber: Subscriber) {\n const { onStoppedNotification } = config;\n onStoppedNotification && timeoutProvider.setTimeout(() => onStoppedNotification(notification, subscriber));\n}\n\n/**\n * The observer used as a stub for subscriptions where the user did not\n * pass any arguments to `subscribe`. Comes with the default error handling\n * behavior.\n */\nexport const EMPTY_OBSERVER: Readonly> & { closed: true } = {\n closed: true,\n next: noop,\n error: defaultErrorHandler,\n complete: noop,\n};\n", "/**\n * Symbol.observable or a string \"@@observable\". Used for interop\n *\n * @deprecated We will no longer be exporting this symbol in upcoming versions of RxJS.\n * Instead polyfill and use Symbol.observable directly *or* use https://www.npmjs.com/package/symbol-observable\n */\nexport const observable: string | symbol = (() => (typeof Symbol === 'function' && Symbol.observable) || '@@observable')();\n", "/**\n * This function takes one parameter and just returns it. Simply put,\n * this is like `(x: T): T => x`.\n *\n * ## Examples\n *\n * This is useful in some cases when using things like `mergeMap`\n *\n * ```ts\n * import { interval, take, map, range, mergeMap, identity } from 'rxjs';\n *\n * const source$ = interval(1000).pipe(take(5));\n *\n * const result$ = source$.pipe(\n * map(i => range(i)),\n * mergeMap(identity) // same as mergeMap(x => x)\n * );\n *\n * result$.subscribe({\n * next: console.log\n * });\n * ```\n *\n * Or when you want to selectively apply an operator\n *\n * ```ts\n * import { interval, take, identity } from 'rxjs';\n *\n * const shouldLimit = () => Math.random() < 0.5;\n *\n * const source$ = interval(1000);\n *\n * const result$ = source$.pipe(shouldLimit() ? take(5) : identity);\n *\n * result$.subscribe({\n * next: console.log\n * });\n * ```\n *\n * @param x Any value that is returned by this function\n * @returns The value passed as the first parameter to this function\n */\nexport function identity(x: T): T {\n return x;\n}\n", "import { identity } from './identity';\nimport { UnaryFunction } from '../types';\n\nexport function pipe(): typeof identity;\nexport function pipe(fn1: UnaryFunction): UnaryFunction;\nexport function pipe(fn1: UnaryFunction, fn2: UnaryFunction): UnaryFunction;\nexport function pipe(fn1: UnaryFunction, fn2: UnaryFunction, fn3: UnaryFunction): UnaryFunction;\nexport function pipe(\n fn1: UnaryFunction,\n fn2: UnaryFunction,\n fn3: UnaryFunction,\n fn4: UnaryFunction\n): UnaryFunction;\nexport function pipe(\n fn1: UnaryFunction,\n fn2: UnaryFunction,\n fn3: UnaryFunction,\n fn4: UnaryFunction,\n fn5: UnaryFunction\n): UnaryFunction;\nexport function pipe(\n fn1: UnaryFunction,\n fn2: UnaryFunction,\n fn3: UnaryFunction,\n fn4: UnaryFunction,\n fn5: UnaryFunction,\n fn6: UnaryFunction\n): UnaryFunction;\nexport function pipe(\n fn1: UnaryFunction,\n fn2: UnaryFunction,\n fn3: UnaryFunction,\n fn4: UnaryFunction,\n fn5: UnaryFunction,\n fn6: UnaryFunction,\n fn7: UnaryFunction\n): UnaryFunction;\nexport function pipe(\n fn1: UnaryFunction,\n fn2: UnaryFunction,\n fn3: UnaryFunction,\n fn4: UnaryFunction,\n fn5: UnaryFunction,\n fn6: UnaryFunction,\n fn7: UnaryFunction,\n fn8: UnaryFunction\n): UnaryFunction;\nexport function pipe(\n fn1: UnaryFunction,\n fn2: UnaryFunction,\n fn3: UnaryFunction,\n fn4: UnaryFunction,\n fn5: UnaryFunction,\n fn6: UnaryFunction,\n fn7: UnaryFunction,\n fn8: UnaryFunction,\n fn9: UnaryFunction\n): UnaryFunction;\nexport function pipe(\n fn1: UnaryFunction,\n fn2: UnaryFunction,\n fn3: UnaryFunction,\n fn4: UnaryFunction,\n fn5: UnaryFunction,\n fn6: UnaryFunction,\n fn7: UnaryFunction,\n fn8: UnaryFunction,\n fn9: UnaryFunction,\n ...fns: UnaryFunction[]\n): UnaryFunction;\n\n/**\n * pipe() can be called on one or more functions, each of which can take one argument (\"UnaryFunction\")\n * and uses it to return a value.\n * It returns a function that takes one argument, passes it to the first UnaryFunction, and then\n * passes the result to the next one, passes that result to the next one, and so on. \n */\nexport function pipe(...fns: Array>): UnaryFunction {\n return pipeFromArray(fns);\n}\n\n/** @internal */\nexport function pipeFromArray(fns: Array>): UnaryFunction {\n if (fns.length === 0) {\n return identity as UnaryFunction;\n }\n\n if (fns.length === 1) {\n return fns[0];\n }\n\n return function piped(input: T): R {\n return fns.reduce((prev: any, fn: UnaryFunction) => fn(prev), input as any);\n };\n}\n", "import { Operator } from './Operator';\nimport { SafeSubscriber, Subscriber } from './Subscriber';\nimport { isSubscription, Subscription } from './Subscription';\nimport { TeardownLogic, OperatorFunction, Subscribable, Observer } from './types';\nimport { observable as Symbol_observable } from './symbol/observable';\nimport { pipeFromArray } from './util/pipe';\nimport { config } from './config';\nimport { isFunction } from './util/isFunction';\nimport { errorContext } from './util/errorContext';\n\n/**\n * A representation of any set of values over any amount of time. This is the most basic building block\n * of RxJS.\n *\n * @class Observable\n */\nexport class Observable implements Subscribable {\n /**\n * @deprecated Internal implementation detail, do not use directly. Will be made internal in v8.\n */\n source: Observable | undefined;\n\n /**\n * @deprecated Internal implementation detail, do not use directly. Will be made internal in v8.\n */\n operator: Operator | undefined;\n\n /**\n * @constructor\n * @param {Function} subscribe the function that is called when the Observable is\n * initially subscribed to. This function is given a Subscriber, to which new values\n * can be `next`ed, or an `error` method can be called to raise an error, or\n * `complete` can be called to notify of a successful completion.\n */\n constructor(subscribe?: (this: Observable, subscriber: Subscriber) => TeardownLogic) {\n if (subscribe) {\n this._subscribe = subscribe;\n }\n }\n\n // HACK: Since TypeScript inherits static properties too, we have to\n // fight against TypeScript here so Subject can have a different static create signature\n /**\n * Creates a new Observable by calling the Observable constructor\n * @owner Observable\n * @method create\n * @param {Function} subscribe? the subscriber function to be passed to the Observable constructor\n * @return {Observable} a new observable\n * @nocollapse\n * @deprecated Use `new Observable()` instead. Will be removed in v8.\n */\n static create: (...args: any[]) => any = (subscribe?: (subscriber: Subscriber) => TeardownLogic) => {\n return new Observable(subscribe);\n };\n\n /**\n * Creates a new Observable, with this Observable instance as the source, and the passed\n * operator defined as the new observable's operator.\n * @method lift\n * @param operator the operator defining the operation to take on the observable\n * @return a new observable with the Operator applied\n * @deprecated Internal implementation detail, do not use directly. Will be made internal in v8.\n * If you have implemented an operator using `lift`, it is recommended that you create an\n * operator by simply returning `new Observable()` directly. See \"Creating new operators from\n * scratch\" section here: https://rxjs.dev/guide/operators\n */\n lift(operator?: Operator): Observable {\n const observable = new Observable();\n observable.source = this;\n observable.operator = operator;\n return observable;\n }\n\n subscribe(observerOrNext?: Partial> | ((value: T) => void)): Subscription;\n /** @deprecated Instead of passing separate callback arguments, use an observer argument. Signatures taking separate callback arguments will be removed in v8. Details: https://rxjs.dev/deprecations/subscribe-arguments */\n subscribe(next?: ((value: T) => void) | null, error?: ((error: any) => void) | null, complete?: (() => void) | null): Subscription;\n /**\n * Invokes an execution of an Observable and registers Observer handlers for notifications it will emit.\n *\n * Use it when you have all these Observables, but still nothing is happening.\n *\n * `subscribe` is not a regular operator, but a method that calls Observable's internal `subscribe` function. It\n * might be for example a function that you passed to Observable's constructor, but most of the time it is\n * a library implementation, which defines what will be emitted by an Observable, and when it be will emitted. This means\n * that calling `subscribe` is actually the moment when Observable starts its work, not when it is created, as it is often\n * the thought.\n *\n * Apart from starting the execution of an Observable, this method allows you to listen for values\n * that an Observable emits, as well as for when it completes or errors. You can achieve this in two\n * of the following ways.\n *\n * The first way is creating an object that implements {@link Observer} interface. It should have methods\n * defined by that interface, but note that it should be just a regular JavaScript object, which you can create\n * yourself in any way you want (ES6 class, classic function constructor, object literal etc.). In particular, do\n * not attempt to use any RxJS implementation details to create Observers - you don't need them. Remember also\n * that your object does not have to implement all methods. If you find yourself creating a method that doesn't\n * do anything, you can simply omit it. Note however, if the `error` method is not provided and an error happens,\n * it will be thrown asynchronously. Errors thrown asynchronously cannot be caught using `try`/`catch`. Instead,\n * use the {@link onUnhandledError} configuration option or use a runtime handler (like `window.onerror` or\n * `process.on('error)`) to be notified of unhandled errors. Because of this, it's recommended that you provide\n * an `error` method to avoid missing thrown errors.\n *\n * The second way is to give up on Observer object altogether and simply provide callback functions in place of its methods.\n * This means you can provide three functions as arguments to `subscribe`, where the first function is equivalent\n * of a `next` method, the second of an `error` method and the third of a `complete` method. Just as in case of an Observer,\n * if you do not need to listen for something, you can omit a function by passing `undefined` or `null`,\n * since `subscribe` recognizes these functions by where they were placed in function call. When it comes\n * to the `error` function, as with an Observer, if not provided, errors emitted by an Observable will be thrown asynchronously.\n *\n * You can, however, subscribe with no parameters at all. This may be the case where you're not interested in terminal events\n * and you also handled emissions internally by using operators (e.g. using `tap`).\n *\n * Whichever style of calling `subscribe` you use, in both cases it returns a Subscription object.\n * This object allows you to call `unsubscribe` on it, which in turn will stop the work that an Observable does and will clean\n * up all resources that an Observable used. Note that cancelling a subscription will not call `complete` callback\n * provided to `subscribe` function, which is reserved for a regular completion signal that comes from an Observable.\n *\n * Remember that callbacks provided to `subscribe` are not guaranteed to be called asynchronously.\n * It is an Observable itself that decides when these functions will be called. For example {@link of}\n * by default emits all its values synchronously. Always check documentation for how given Observable\n * will behave when subscribed and if its default behavior can be modified with a `scheduler`.\n *\n * #### Examples\n *\n * Subscribe with an {@link guide/observer Observer}\n *\n * ```ts\n * import { of } from 'rxjs';\n *\n * const sumObserver = {\n * sum: 0,\n * next(value) {\n * console.log('Adding: ' + value);\n * this.sum = this.sum + value;\n * },\n * error() {\n * // We actually could just remove this method,\n * // since we do not really care about errors right now.\n * },\n * complete() {\n * console.log('Sum equals: ' + this.sum);\n * }\n * };\n *\n * of(1, 2, 3) // Synchronously emits 1, 2, 3 and then completes.\n * .subscribe(sumObserver);\n *\n * // Logs:\n * // 'Adding: 1'\n * // 'Adding: 2'\n * // 'Adding: 3'\n * // 'Sum equals: 6'\n * ```\n *\n * Subscribe with functions ({@link deprecations/subscribe-arguments deprecated})\n *\n * ```ts\n * import { of } from 'rxjs'\n *\n * let sum = 0;\n *\n * of(1, 2, 3).subscribe(\n * value => {\n * console.log('Adding: ' + value);\n * sum = sum + value;\n * },\n * undefined,\n * () => console.log('Sum equals: ' + sum)\n * );\n *\n * // Logs:\n * // 'Adding: 1'\n * // 'Adding: 2'\n * // 'Adding: 3'\n * // 'Sum equals: 6'\n * ```\n *\n * Cancel a subscription\n *\n * ```ts\n * import { interval } from 'rxjs';\n *\n * const subscription = interval(1000).subscribe({\n * next(num) {\n * console.log(num)\n * },\n * complete() {\n * // Will not be called, even when cancelling subscription.\n * console.log('completed!');\n * }\n * });\n *\n * setTimeout(() => {\n * subscription.unsubscribe();\n * console.log('unsubscribed!');\n * }, 2500);\n *\n * // Logs:\n * // 0 after 1s\n * // 1 after 2s\n * // 'unsubscribed!' after 2.5s\n * ```\n *\n * @param {Observer|Function} observerOrNext (optional) Either an observer with methods to be called,\n * or the first of three possible handlers, which is the handler for each value emitted from the subscribed\n * Observable.\n * @param {Function} error (optional) A handler for a terminal event resulting from an error. If no error handler is provided,\n * the error will be thrown asynchronously as unhandled.\n * @param {Function} complete (optional) A handler for a terminal event resulting from successful completion.\n * @return {Subscription} a subscription reference to the registered handlers\n * @method subscribe\n */\n subscribe(\n observerOrNext?: Partial> | ((value: T) => void) | null,\n error?: ((error: any) => void) | null,\n complete?: (() => void) | null\n ): Subscription {\n const subscriber = isSubscriber(observerOrNext) ? observerOrNext : new SafeSubscriber(observerOrNext, error, complete);\n\n errorContext(() => {\n const { operator, source } = this;\n subscriber.add(\n operator\n ? // We're dealing with a subscription in the\n // operator chain to one of our lifted operators.\n operator.call(subscriber, source)\n : source\n ? // If `source` has a value, but `operator` does not, something that\n // had intimate knowledge of our API, like our `Subject`, must have\n // set it. We're going to just call `_subscribe` directly.\n this._subscribe(subscriber)\n : // In all other cases, we're likely wrapping a user-provided initializer\n // function, so we need to catch errors and handle them appropriately.\n this._trySubscribe(subscriber)\n );\n });\n\n return subscriber;\n }\n\n /** @internal */\n protected _trySubscribe(sink: Subscriber): TeardownLogic {\n try {\n return this._subscribe(sink);\n } catch (err) {\n // We don't need to return anything in this case,\n // because it's just going to try to `add()` to a subscription\n // above.\n sink.error(err);\n }\n }\n\n /**\n * Used as a NON-CANCELLABLE means of subscribing to an observable, for use with\n * APIs that expect promises, like `async/await`. You cannot unsubscribe from this.\n *\n * **WARNING**: Only use this with observables you *know* will complete. If the source\n * observable does not complete, you will end up with a promise that is hung up, and\n * potentially all of the state of an async function hanging out in memory. To avoid\n * this situation, look into adding something like {@link timeout}, {@link take},\n * {@link takeWhile}, or {@link takeUntil} amongst others.\n *\n * #### Example\n *\n * ```ts\n * import { interval, take } from 'rxjs';\n *\n * const source$ = interval(1000).pipe(take(4));\n *\n * async function getTotal() {\n * let total = 0;\n *\n * await source$.forEach(value => {\n * total += value;\n * console.log('observable -> ' + value);\n * });\n *\n * return total;\n * }\n *\n * getTotal().then(\n * total => console.log('Total: ' + total)\n * );\n *\n * // Expected:\n * // 'observable -> 0'\n * // 'observable -> 1'\n * // 'observable -> 2'\n * // 'observable -> 3'\n * // 'Total: 6'\n * ```\n *\n * @param next a handler for each value emitted by the observable\n * @return a promise that either resolves on observable completion or\n * rejects with the handled error\n */\n forEach(next: (value: T) => void): Promise;\n\n /**\n * @param next a handler for each value emitted by the observable\n * @param promiseCtor a constructor function used to instantiate the Promise\n * @return a promise that either resolves on observable completion or\n * rejects with the handled error\n * @deprecated Passing a Promise constructor will no longer be available\n * in upcoming versions of RxJS. This is because it adds weight to the library, for very\n * little benefit. If you need this functionality, it is recommended that you either\n * polyfill Promise, or you create an adapter to convert the returned native promise\n * to whatever promise implementation you wanted. Will be removed in v8.\n */\n forEach(next: (value: T) => void, promiseCtor: PromiseConstructorLike): Promise;\n\n forEach(next: (value: T) => void, promiseCtor?: PromiseConstructorLike): Promise {\n promiseCtor = getPromiseCtor(promiseCtor);\n\n return new promiseCtor((resolve, reject) => {\n const subscriber = new SafeSubscriber({\n next: (value) => {\n try {\n next(value);\n } catch (err) {\n reject(err);\n subscriber.unsubscribe();\n }\n },\n error: reject,\n complete: resolve,\n });\n this.subscribe(subscriber);\n }) as Promise;\n }\n\n /** @internal */\n protected _subscribe(subscriber: Subscriber): TeardownLogic {\n return this.source?.subscribe(subscriber);\n }\n\n /**\n * An interop point defined by the es7-observable spec https://github.com/zenparsing/es-observable\n * @method Symbol.observable\n * @return {Observable} this instance of the observable\n */\n [Symbol_observable]() {\n return this;\n }\n\n /* tslint:disable:max-line-length */\n pipe(): Observable;\n pipe(op1: OperatorFunction): Observable;\n pipe(op1: OperatorFunction, op2: OperatorFunction): Observable;\n pipe(op1: OperatorFunction, op2: OperatorFunction, op3: OperatorFunction): Observable;\n pipe(\n op1: OperatorFunction,\n op2: OperatorFunction,\n op3: OperatorFunction,\n op4: OperatorFunction\n ): Observable;\n pipe(\n op1: OperatorFunction,\n op2: OperatorFunction,\n op3: OperatorFunction,\n op4: OperatorFunction,\n op5: OperatorFunction\n ): Observable;\n pipe(\n op1: OperatorFunction,\n op2: OperatorFunction,\n op3: OperatorFunction,\n op4: OperatorFunction,\n op5: OperatorFunction,\n op6: OperatorFunction\n ): Observable;\n pipe(\n op1: OperatorFunction,\n op2: OperatorFunction,\n op3: OperatorFunction,\n op4: OperatorFunction,\n op5: OperatorFunction,\n op6: OperatorFunction,\n op7: OperatorFunction\n ): Observable;\n pipe(\n op1: OperatorFunction,\n op2: OperatorFunction,\n op3: OperatorFunction,\n op4: OperatorFunction,\n op5: OperatorFunction,\n op6: OperatorFunction,\n op7: OperatorFunction,\n op8: OperatorFunction\n ): Observable;\n pipe(\n op1: OperatorFunction,\n op2: OperatorFunction,\n op3: OperatorFunction,\n op4: OperatorFunction,\n op5: OperatorFunction,\n op6: OperatorFunction,\n op7: OperatorFunction,\n op8: OperatorFunction,\n op9: OperatorFunction\n ): Observable;\n pipe(\n op1: OperatorFunction,\n op2: OperatorFunction,\n op3: OperatorFunction,\n op4: OperatorFunction,\n op5: OperatorFunction,\n op6: OperatorFunction,\n op7: OperatorFunction,\n op8: OperatorFunction,\n op9: OperatorFunction,\n ...operations: OperatorFunction[]\n ): Observable;\n /* tslint:enable:max-line-length */\n\n /**\n * Used to stitch together functional operators into a chain.\n * @method pipe\n * @return {Observable} the Observable result of all of the operators having\n * been called in the order they were passed in.\n *\n * ## Example\n *\n * ```ts\n * import { interval, filter, map, scan } from 'rxjs';\n *\n * interval(1000)\n * .pipe(\n * filter(x => x % 2 === 0),\n * map(x => x + x),\n * scan((acc, x) => acc + x)\n * )\n * .subscribe(x => console.log(x));\n * ```\n */\n pipe(...operations: OperatorFunction[]): Observable {\n return pipeFromArray(operations)(this);\n }\n\n /* tslint:disable:max-line-length */\n /** @deprecated Replaced with {@link firstValueFrom} and {@link lastValueFrom}. Will be removed in v8. Details: https://rxjs.dev/deprecations/to-promise */\n toPromise(): Promise;\n /** @deprecated Replaced with {@link firstValueFrom} and {@link lastValueFrom}. Will be removed in v8. Details: https://rxjs.dev/deprecations/to-promise */\n toPromise(PromiseCtor: typeof Promise): Promise;\n /** @deprecated Replaced with {@link firstValueFrom} and {@link lastValueFrom}. Will be removed in v8. Details: https://rxjs.dev/deprecations/to-promise */\n toPromise(PromiseCtor: PromiseConstructorLike): Promise;\n /* tslint:enable:max-line-length */\n\n /**\n * Subscribe to this Observable and get a Promise resolving on\n * `complete` with the last emission (if any).\n *\n * **WARNING**: Only use this with observables you *know* will complete. If the source\n * observable does not complete, you will end up with a promise that is hung up, and\n * potentially all of the state of an async function hanging out in memory. To avoid\n * this situation, look into adding something like {@link timeout}, {@link take},\n * {@link takeWhile}, or {@link takeUntil} amongst others.\n *\n * @method toPromise\n * @param [promiseCtor] a constructor function used to instantiate\n * the Promise\n * @return A Promise that resolves with the last value emit, or\n * rejects on an error. If there were no emissions, Promise\n * resolves with undefined.\n * @deprecated Replaced with {@link firstValueFrom} and {@link lastValueFrom}. Will be removed in v8. Details: https://rxjs.dev/deprecations/to-promise\n */\n toPromise(promiseCtor?: PromiseConstructorLike): Promise {\n promiseCtor = getPromiseCtor(promiseCtor);\n\n return new promiseCtor((resolve, reject) => {\n let value: T | undefined;\n this.subscribe(\n (x: T) => (value = x),\n (err: any) => reject(err),\n () => resolve(value)\n );\n }) as Promise;\n }\n}\n\n/**\n * Decides between a passed promise constructor from consuming code,\n * A default configured promise constructor, and the native promise\n * constructor and returns it. If nothing can be found, it will throw\n * an error.\n * @param promiseCtor The optional promise constructor to passed by consuming code\n */\nfunction getPromiseCtor(promiseCtor: PromiseConstructorLike | undefined) {\n return promiseCtor ?? config.Promise ?? Promise;\n}\n\nfunction isObserver(value: any): value is Observer {\n return value && isFunction(value.next) && isFunction(value.error) && isFunction(value.complete);\n}\n\nfunction isSubscriber(value: any): value is Subscriber {\n return (value && value instanceof Subscriber) || (isObserver(value) && isSubscription(value));\n}\n", "import { Observable } from '../Observable';\nimport { Subscriber } from '../Subscriber';\nimport { OperatorFunction } from '../types';\nimport { isFunction } from './isFunction';\n\n/**\n * Used to determine if an object is an Observable with a lift function.\n */\nexport function hasLift(source: any): source is { lift: InstanceType['lift'] } {\n return isFunction(source?.lift);\n}\n\n/**\n * Creates an `OperatorFunction`. Used to define operators throughout the library in a concise way.\n * @param init The logic to connect the liftedSource to the subscriber at the moment of subscription.\n */\nexport function operate(\n init: (liftedSource: Observable, subscriber: Subscriber) => (() => void) | void\n): OperatorFunction {\n return (source: Observable) => {\n if (hasLift(source)) {\n return source.lift(function (this: Subscriber, liftedSource: Observable) {\n try {\n return init(liftedSource, this);\n } catch (err) {\n this.error(err);\n }\n });\n }\n throw new TypeError('Unable to lift unknown Observable type');\n };\n}\n", "import { Subscriber } from '../Subscriber';\n\n/**\n * Creates an instance of an `OperatorSubscriber`.\n * @param destination The downstream subscriber.\n * @param onNext Handles next values, only called if this subscriber is not stopped or closed. Any\n * error that occurs in this function is caught and sent to the `error` method of this subscriber.\n * @param onError Handles errors from the subscription, any errors that occur in this handler are caught\n * and send to the `destination` error handler.\n * @param onComplete Handles completion notification from the subscription. Any errors that occur in\n * this handler are sent to the `destination` error handler.\n * @param onFinalize Additional teardown logic here. This will only be called on teardown if the\n * subscriber itself is not already closed. This is called after all other teardown logic is executed.\n */\nexport function createOperatorSubscriber(\n destination: Subscriber,\n onNext?: (value: T) => void,\n onComplete?: () => void,\n onError?: (err: any) => void,\n onFinalize?: () => void\n): Subscriber {\n return new OperatorSubscriber(destination, onNext, onComplete, onError, onFinalize);\n}\n\n/**\n * A generic helper for allowing operators to be created with a Subscriber and\n * use closures to capture necessary state from the operator function itself.\n */\nexport class OperatorSubscriber extends Subscriber {\n /**\n * Creates an instance of an `OperatorSubscriber`.\n * @param destination The downstream subscriber.\n * @param onNext Handles next values, only called if this subscriber is not stopped or closed. Any\n * error that occurs in this function is caught and sent to the `error` method of this subscriber.\n * @param onError Handles errors from the subscription, any errors that occur in this handler are caught\n * and send to the `destination` error handler.\n * @param onComplete Handles completion notification from the subscription. Any errors that occur in\n * this handler are sent to the `destination` error handler.\n * @param onFinalize Additional finalization logic here. This will only be called on finalization if the\n * subscriber itself is not already closed. This is called after all other finalization logic is executed.\n * @param shouldUnsubscribe An optional check to see if an unsubscribe call should truly unsubscribe.\n * NOTE: This currently **ONLY** exists to support the strange behavior of {@link groupBy}, where unsubscription\n * to the resulting observable does not actually disconnect from the source if there are active subscriptions\n * to any grouped observable. (DO NOT EXPOSE OR USE EXTERNALLY!!!)\n */\n constructor(\n destination: Subscriber,\n onNext?: (value: T) => void,\n onComplete?: () => void,\n onError?: (err: any) => void,\n private onFinalize?: () => void,\n private shouldUnsubscribe?: () => boolean\n ) {\n // It's important - for performance reasons - that all of this class's\n // members are initialized and that they are always initialized in the same\n // order. This will ensure that all OperatorSubscriber instances have the\n // same hidden class in V8. This, in turn, will help keep the number of\n // hidden classes involved in property accesses within the base class as\n // low as possible. If the number of hidden classes involved exceeds four,\n // the property accesses will become megamorphic and performance penalties\n // will be incurred - i.e. inline caches won't be used.\n //\n // The reasons for ensuring all instances have the same hidden class are\n // further discussed in this blog post from Benedikt Meurer:\n // https://benediktmeurer.de/2018/03/23/impact-of-polymorphism-on-component-based-frameworks-like-react/\n super(destination);\n this._next = onNext\n ? function (this: OperatorSubscriber, value: T) {\n try {\n onNext(value);\n } catch (err) {\n destination.error(err);\n }\n }\n : super._next;\n this._error = onError\n ? function (this: OperatorSubscriber, err: any) {\n try {\n onError(err);\n } catch (err) {\n // Send any errors that occur down stream.\n destination.error(err);\n } finally {\n // Ensure finalization.\n this.unsubscribe();\n }\n }\n : super._error;\n this._complete = onComplete\n ? function (this: OperatorSubscriber) {\n try {\n onComplete();\n } catch (err) {\n // Send any errors that occur down stream.\n destination.error(err);\n } finally {\n // Ensure finalization.\n this.unsubscribe();\n }\n }\n : super._complete;\n }\n\n unsubscribe() {\n if (!this.shouldUnsubscribe || this.shouldUnsubscribe()) {\n const { closed } = this;\n super.unsubscribe();\n // Execute additional teardown if we have any and we didn't already do so.\n !closed && this.onFinalize?.();\n }\n }\n}\n", "import { Subscription } from '../Subscription';\n\ninterface AnimationFrameProvider {\n schedule(callback: FrameRequestCallback): Subscription;\n requestAnimationFrame: typeof requestAnimationFrame;\n cancelAnimationFrame: typeof cancelAnimationFrame;\n delegate:\n | {\n requestAnimationFrame: typeof requestAnimationFrame;\n cancelAnimationFrame: typeof cancelAnimationFrame;\n }\n | undefined;\n}\n\nexport const animationFrameProvider: AnimationFrameProvider = {\n // When accessing the delegate, use the variable rather than `this` so that\n // the functions can be called without being bound to the provider.\n schedule(callback) {\n let request = requestAnimationFrame;\n let cancel: typeof cancelAnimationFrame | undefined = cancelAnimationFrame;\n const { delegate } = animationFrameProvider;\n if (delegate) {\n request = delegate.requestAnimationFrame;\n cancel = delegate.cancelAnimationFrame;\n }\n const handle = request((timestamp) => {\n // Clear the cancel function. The request has been fulfilled, so\n // attempting to cancel the request upon unsubscription would be\n // pointless.\n cancel = undefined;\n callback(timestamp);\n });\n return new Subscription(() => cancel?.(handle));\n },\n requestAnimationFrame(...args) {\n const { delegate } = animationFrameProvider;\n return (delegate?.requestAnimationFrame || requestAnimationFrame)(...args);\n },\n cancelAnimationFrame(...args) {\n const { delegate } = animationFrameProvider;\n return (delegate?.cancelAnimationFrame || cancelAnimationFrame)(...args);\n },\n delegate: undefined,\n};\n", "import { createErrorClass } from './createErrorClass';\n\nexport interface ObjectUnsubscribedError extends Error {}\n\nexport interface ObjectUnsubscribedErrorCtor {\n /**\n * @deprecated Internal implementation detail. Do not construct error instances.\n * Cannot be tagged as internal: https://github.com/ReactiveX/rxjs/issues/6269\n */\n new (): ObjectUnsubscribedError;\n}\n\n/**\n * An error thrown when an action is invalid because the object has been\n * unsubscribed.\n *\n * @see {@link Subject}\n * @see {@link BehaviorSubject}\n *\n * @class ObjectUnsubscribedError\n */\nexport const ObjectUnsubscribedError: ObjectUnsubscribedErrorCtor = createErrorClass(\n (_super) =>\n function ObjectUnsubscribedErrorImpl(this: any) {\n _super(this);\n this.name = 'ObjectUnsubscribedError';\n this.message = 'object unsubscribed';\n }\n);\n", "import { Operator } from './Operator';\nimport { Observable } from './Observable';\nimport { Subscriber } from './Subscriber';\nimport { Subscription, EMPTY_SUBSCRIPTION } from './Subscription';\nimport { Observer, SubscriptionLike, TeardownLogic } from './types';\nimport { ObjectUnsubscribedError } from './util/ObjectUnsubscribedError';\nimport { arrRemove } from './util/arrRemove';\nimport { errorContext } from './util/errorContext';\n\n/**\n * A Subject is a special type of Observable that allows values to be\n * multicasted to many Observers. Subjects are like EventEmitters.\n *\n * Every Subject is an Observable and an Observer. You can subscribe to a\n * Subject, and you can call next to feed values as well as error and complete.\n */\nexport class Subject extends Observable implements SubscriptionLike {\n closed = false;\n\n private currentObservers: Observer[] | null = null;\n\n /** @deprecated Internal implementation detail, do not use directly. Will be made internal in v8. */\n observers: Observer[] = [];\n /** @deprecated Internal implementation detail, do not use directly. Will be made internal in v8. */\n isStopped = false;\n /** @deprecated Internal implementation detail, do not use directly. Will be made internal in v8. */\n hasError = false;\n /** @deprecated Internal implementation detail, do not use directly. Will be made internal in v8. */\n thrownError: any = null;\n\n /**\n * Creates a \"subject\" by basically gluing an observer to an observable.\n *\n * @nocollapse\n * @deprecated Recommended you do not use. Will be removed at some point in the future. Plans for replacement still under discussion.\n */\n static create: (...args: any[]) => any = (destination: Observer, source: Observable): AnonymousSubject => {\n return new AnonymousSubject(destination, source);\n };\n\n constructor() {\n // NOTE: This must be here to obscure Observable's constructor.\n super();\n }\n\n /** @deprecated Internal implementation detail, do not use directly. Will be made internal in v8. */\n lift(operator: Operator): Observable {\n const subject = new AnonymousSubject(this, this);\n subject.operator = operator as any;\n return subject as any;\n }\n\n /** @internal */\n protected _throwIfClosed() {\n if (this.closed) {\n throw new ObjectUnsubscribedError();\n }\n }\n\n next(value: T) {\n errorContext(() => {\n this._throwIfClosed();\n if (!this.isStopped) {\n if (!this.currentObservers) {\n this.currentObservers = Array.from(this.observers);\n }\n for (const observer of this.currentObservers) {\n observer.next(value);\n }\n }\n });\n }\n\n error(err: any) {\n errorContext(() => {\n this._throwIfClosed();\n if (!this.isStopped) {\n this.hasError = this.isStopped = true;\n this.thrownError = err;\n const { observers } = this;\n while (observers.length) {\n observers.shift()!.error(err);\n }\n }\n });\n }\n\n complete() {\n errorContext(() => {\n this._throwIfClosed();\n if (!this.isStopped) {\n this.isStopped = true;\n const { observers } = this;\n while (observers.length) {\n observers.shift()!.complete();\n }\n }\n });\n }\n\n unsubscribe() {\n this.isStopped = this.closed = true;\n this.observers = this.currentObservers = null!;\n }\n\n get observed() {\n return this.observers?.length > 0;\n }\n\n /** @internal */\n protected _trySubscribe(subscriber: Subscriber): TeardownLogic {\n this._throwIfClosed();\n return super._trySubscribe(subscriber);\n }\n\n /** @internal */\n protected _subscribe(subscriber: Subscriber): Subscription {\n this._throwIfClosed();\n this._checkFinalizedStatuses(subscriber);\n return this._innerSubscribe(subscriber);\n }\n\n /** @internal */\n protected _innerSubscribe(subscriber: Subscriber) {\n const { hasError, isStopped, observers } = this;\n if (hasError || isStopped) {\n return EMPTY_SUBSCRIPTION;\n }\n this.currentObservers = null;\n observers.push(subscriber);\n return new Subscription(() => {\n this.currentObservers = null;\n arrRemove(observers, subscriber);\n });\n }\n\n /** @internal */\n protected _checkFinalizedStatuses(subscriber: Subscriber) {\n const { hasError, thrownError, isStopped } = this;\n if (hasError) {\n subscriber.error(thrownError);\n } else if (isStopped) {\n subscriber.complete();\n }\n }\n\n /**\n * Creates a new Observable with this Subject as the source. You can do this\n * to create custom Observer-side logic of the Subject and conceal it from\n * code that uses the Observable.\n * @return {Observable} Observable that the Subject casts to\n */\n asObservable(): Observable {\n const observable: any = new Observable();\n observable.source = this;\n return observable;\n }\n}\n\n/**\n * @class AnonymousSubject\n */\nexport class AnonymousSubject extends Subject {\n constructor(\n /** @deprecated Internal implementation detail, do not use directly. Will be made internal in v8. */\n public destination?: Observer,\n source?: Observable\n ) {\n super();\n this.source = source;\n }\n\n next(value: T) {\n this.destination?.next?.(value);\n }\n\n error(err: any) {\n this.destination?.error?.(err);\n }\n\n complete() {\n this.destination?.complete?.();\n }\n\n /** @internal */\n protected _subscribe(subscriber: Subscriber): Subscription {\n return this.source?.subscribe(subscriber) ?? EMPTY_SUBSCRIPTION;\n }\n}\n", "import { TimestampProvider } from '../types';\n\ninterface DateTimestampProvider extends TimestampProvider {\n delegate: TimestampProvider | undefined;\n}\n\nexport const dateTimestampProvider: DateTimestampProvider = {\n now() {\n // Use the variable rather than `this` so that the function can be called\n // without being bound to the provider.\n return (dateTimestampProvider.delegate || Date).now();\n },\n delegate: undefined,\n};\n", "import { Subject } from './Subject';\nimport { TimestampProvider } from './types';\nimport { Subscriber } from './Subscriber';\nimport { Subscription } from './Subscription';\nimport { dateTimestampProvider } from './scheduler/dateTimestampProvider';\n\n/**\n * A variant of {@link Subject} that \"replays\" old values to new subscribers by emitting them when they first subscribe.\n *\n * `ReplaySubject` has an internal buffer that will store a specified number of values that it has observed. Like `Subject`,\n * `ReplaySubject` \"observes\" values by having them passed to its `next` method. When it observes a value, it will store that\n * value for a time determined by the configuration of the `ReplaySubject`, as passed to its constructor.\n *\n * When a new subscriber subscribes to the `ReplaySubject` instance, it will synchronously emit all values in its buffer in\n * a First-In-First-Out (FIFO) manner. The `ReplaySubject` will also complete, if it has observed completion; and it will\n * error if it has observed an error.\n *\n * There are two main configuration items to be concerned with:\n *\n * 1. `bufferSize` - This will determine how many items are stored in the buffer, defaults to infinite.\n * 2. `windowTime` - The amount of time to hold a value in the buffer before removing it from the buffer.\n *\n * Both configurations may exist simultaneously. So if you would like to buffer a maximum of 3 values, as long as the values\n * are less than 2 seconds old, you could do so with a `new ReplaySubject(3, 2000)`.\n *\n * ### Differences with BehaviorSubject\n *\n * `BehaviorSubject` is similar to `new ReplaySubject(1)`, with a couple of exceptions:\n *\n * 1. `BehaviorSubject` comes \"primed\" with a single value upon construction.\n * 2. `ReplaySubject` will replay values, even after observing an error, where `BehaviorSubject` will not.\n *\n * @see {@link Subject}\n * @see {@link BehaviorSubject}\n * @see {@link shareReplay}\n */\nexport class ReplaySubject extends Subject {\n private _buffer: (T | number)[] = [];\n private _infiniteTimeWindow = true;\n\n /**\n * @param bufferSize The size of the buffer to replay on subscription\n * @param windowTime The amount of time the buffered items will stay buffered\n * @param timestampProvider An object with a `now()` method that provides the current timestamp. This is used to\n * calculate the amount of time something has been buffered.\n */\n constructor(\n private _bufferSize = Infinity,\n private _windowTime = Infinity,\n private _timestampProvider: TimestampProvider = dateTimestampProvider\n ) {\n super();\n this._infiniteTimeWindow = _windowTime === Infinity;\n this._bufferSize = Math.max(1, _bufferSize);\n this._windowTime = Math.max(1, _windowTime);\n }\n\n next(value: T): void {\n const { isStopped, _buffer, _infiniteTimeWindow, _timestampProvider, _windowTime } = this;\n if (!isStopped) {\n _buffer.push(value);\n !_infiniteTimeWindow && _buffer.push(_timestampProvider.now() + _windowTime);\n }\n this._trimBuffer();\n super.next(value);\n }\n\n /** @internal */\n protected _subscribe(subscriber: Subscriber): Subscription {\n this._throwIfClosed();\n this._trimBuffer();\n\n const subscription = this._innerSubscribe(subscriber);\n\n const { _infiniteTimeWindow, _buffer } = this;\n // We use a copy here, so reentrant code does not mutate our array while we're\n // emitting it to a new subscriber.\n const copy = _buffer.slice();\n for (let i = 0; i < copy.length && !subscriber.closed; i += _infiniteTimeWindow ? 1 : 2) {\n subscriber.next(copy[i] as T);\n }\n\n this._checkFinalizedStatuses(subscriber);\n\n return subscription;\n }\n\n private _trimBuffer() {\n const { _bufferSize, _timestampProvider, _buffer, _infiniteTimeWindow } = this;\n // If we don't have an infinite buffer size, and we're over the length,\n // use splice to truncate the old buffer values off. Note that we have to\n // double the size for instances where we're not using an infinite time window\n // because we're storing the values and the timestamps in the same array.\n const adjustedBufferSize = (_infiniteTimeWindow ? 1 : 2) * _bufferSize;\n _bufferSize < Infinity && adjustedBufferSize < _buffer.length && _buffer.splice(0, _buffer.length - adjustedBufferSize);\n\n // Now, if we're not in an infinite time window, remove all values where the time is\n // older than what is allowed.\n if (!_infiniteTimeWindow) {\n const now = _timestampProvider.now();\n let last = 0;\n // Search the array for the first timestamp that isn't expired and\n // truncate the buffer up to that point.\n for (let i = 1; i < _buffer.length && (_buffer[i] as number) <= now; i += 2) {\n last = i;\n }\n last && _buffer.splice(0, last + 1);\n }\n }\n}\n", "import { Scheduler } from '../Scheduler';\nimport { Subscription } from '../Subscription';\nimport { SchedulerAction } from '../types';\n\n/**\n * A unit of work to be executed in a `scheduler`. An action is typically\n * created from within a {@link SchedulerLike} and an RxJS user does not need to concern\n * themselves about creating and manipulating an Action.\n *\n * ```ts\n * class Action extends Subscription {\n * new (scheduler: Scheduler, work: (state?: T) => void);\n * schedule(state?: T, delay: number = 0): Subscription;\n * }\n * ```\n *\n * @class Action\n */\nexport class Action extends Subscription {\n constructor(scheduler: Scheduler, work: (this: SchedulerAction, state?: T) => void) {\n super();\n }\n /**\n * Schedules this action on its parent {@link SchedulerLike} for execution. May be passed\n * some context object, `state`. May happen at some point in the future,\n * according to the `delay` parameter, if specified.\n * @param {T} [state] Some contextual data that the `work` function uses when\n * called by the Scheduler.\n * @param {number} [delay] Time to wait before executing the work, where the\n * time unit is implicit and defined by the Scheduler.\n * @return {void}\n */\n public schedule(state?: T, delay: number = 0): Subscription {\n return this;\n }\n}\n", "import type { TimerHandle } from './timerHandle';\ntype SetIntervalFunction = (handler: () => void, timeout?: number, ...args: any[]) => TimerHandle;\ntype ClearIntervalFunction = (handle: TimerHandle) => void;\n\ninterface IntervalProvider {\n setInterval: SetIntervalFunction;\n clearInterval: ClearIntervalFunction;\n delegate:\n | {\n setInterval: SetIntervalFunction;\n clearInterval: ClearIntervalFunction;\n }\n | undefined;\n}\n\nexport const intervalProvider: IntervalProvider = {\n // When accessing the delegate, use the variable rather than `this` so that\n // the functions can be called without being bound to the provider.\n setInterval(handler: () => void, timeout?: number, ...args) {\n const { delegate } = intervalProvider;\n if (delegate?.setInterval) {\n return delegate.setInterval(handler, timeout, ...args);\n }\n return setInterval(handler, timeout, ...args);\n },\n clearInterval(handle) {\n const { delegate } = intervalProvider;\n return (delegate?.clearInterval || clearInterval)(handle as any);\n },\n delegate: undefined,\n};\n", "import { Action } from './Action';\nimport { SchedulerAction } from '../types';\nimport { Subscription } from '../Subscription';\nimport { AsyncScheduler } from './AsyncScheduler';\nimport { intervalProvider } from './intervalProvider';\nimport { arrRemove } from '../util/arrRemove';\nimport { TimerHandle } from './timerHandle';\n\nexport class AsyncAction extends Action {\n public id: TimerHandle | undefined;\n public state?: T;\n // @ts-ignore: Property has no initializer and is not definitely assigned\n public delay: number;\n protected pending: boolean = false;\n\n constructor(protected scheduler: AsyncScheduler, protected work: (this: SchedulerAction, state?: T) => void) {\n super(scheduler, work);\n }\n\n public schedule(state?: T, delay: number = 0): Subscription {\n if (this.closed) {\n return this;\n }\n\n // Always replace the current state with the new state.\n this.state = state;\n\n const id = this.id;\n const scheduler = this.scheduler;\n\n //\n // Important implementation note:\n //\n // Actions only execute once by default, unless rescheduled from within the\n // scheduled callback. This allows us to implement single and repeat\n // actions via the same code path, without adding API surface area, as well\n // as mimic traditional recursion but across asynchronous boundaries.\n //\n // However, JS runtimes and timers distinguish between intervals achieved by\n // serial `setTimeout` calls vs. a single `setInterval` call. An interval of\n // serial `setTimeout` calls can be individually delayed, which delays\n // scheduling the next `setTimeout`, and so on. `setInterval` attempts to\n // guarantee the interval callback will be invoked more precisely to the\n // interval period, regardless of load.\n //\n // Therefore, we use `setInterval` to schedule single and repeat actions.\n // If the action reschedules itself with the same delay, the interval is not\n // canceled. If the action doesn't reschedule, or reschedules with a\n // different delay, the interval will be canceled after scheduled callback\n // execution.\n //\n if (id != null) {\n this.id = this.recycleAsyncId(scheduler, id, delay);\n }\n\n // Set the pending flag indicating that this action has been scheduled, or\n // has recursively rescheduled itself.\n this.pending = true;\n\n this.delay = delay;\n // If this action has already an async Id, don't request a new one.\n this.id = this.id ?? this.requestAsyncId(scheduler, this.id, delay);\n\n return this;\n }\n\n protected requestAsyncId(scheduler: AsyncScheduler, _id?: TimerHandle, delay: number = 0): TimerHandle {\n return intervalProvider.setInterval(scheduler.flush.bind(scheduler, this), delay);\n }\n\n protected recycleAsyncId(_scheduler: AsyncScheduler, id?: TimerHandle, delay: number | null = 0): TimerHandle | undefined {\n // If this action is rescheduled with the same delay time, don't clear the interval id.\n if (delay != null && this.delay === delay && this.pending === false) {\n return id;\n }\n // Otherwise, if the action's delay time is different from the current delay,\n // or the action has been rescheduled before it's executed, clear the interval id\n if (id != null) {\n intervalProvider.clearInterval(id);\n }\n\n return undefined;\n }\n\n /**\n * Immediately executes this action and the `work` it contains.\n * @return {any}\n */\n public execute(state: T, delay: number): any {\n if (this.closed) {\n return new Error('executing a cancelled action');\n }\n\n this.pending = false;\n const error = this._execute(state, delay);\n if (error) {\n return error;\n } else if (this.pending === false && this.id != null) {\n // Dequeue if the action didn't reschedule itself. Don't call\n // unsubscribe(), because the action could reschedule later.\n // For example:\n // ```\n // scheduler.schedule(function doWork(counter) {\n // /* ... I'm a busy worker bee ... */\n // var originalAction = this;\n // /* wait 100ms before rescheduling the action */\n // setTimeout(function () {\n // originalAction.schedule(counter + 1);\n // }, 100);\n // }, 1000);\n // ```\n this.id = this.recycleAsyncId(this.scheduler, this.id, null);\n }\n }\n\n protected _execute(state: T, _delay: number): any {\n let errored: boolean = false;\n let errorValue: any;\n try {\n this.work(state);\n } catch (e) {\n errored = true;\n // HACK: Since code elsewhere is relying on the \"truthiness\" of the\n // return here, we can't have it return \"\" or 0 or false.\n // TODO: Clean this up when we refactor schedulers mid-version-8 or so.\n errorValue = e ? e : new Error('Scheduled action threw falsy error');\n }\n if (errored) {\n this.unsubscribe();\n return errorValue;\n }\n }\n\n unsubscribe() {\n if (!this.closed) {\n const { id, scheduler } = this;\n const { actions } = scheduler;\n\n this.work = this.state = this.scheduler = null!;\n this.pending = false;\n\n arrRemove(actions, this);\n if (id != null) {\n this.id = this.recycleAsyncId(scheduler, id, null);\n }\n\n this.delay = null!;\n super.unsubscribe();\n }\n }\n}\n", "import { Action } from './scheduler/Action';\nimport { Subscription } from './Subscription';\nimport { SchedulerLike, SchedulerAction } from './types';\nimport { dateTimestampProvider } from './scheduler/dateTimestampProvider';\n\n/**\n * An execution context and a data structure to order tasks and schedule their\n * execution. Provides a notion of (potentially virtual) time, through the\n * `now()` getter method.\n *\n * Each unit of work in a Scheduler is called an `Action`.\n *\n * ```ts\n * class Scheduler {\n * now(): number;\n * schedule(work, delay?, state?): Subscription;\n * }\n * ```\n *\n * @class Scheduler\n * @deprecated Scheduler is an internal implementation detail of RxJS, and\n * should not be used directly. Rather, create your own class and implement\n * {@link SchedulerLike}. Will be made internal in v8.\n */\nexport class Scheduler implements SchedulerLike {\n public static now: () => number = dateTimestampProvider.now;\n\n constructor(private schedulerActionCtor: typeof Action, now: () => number = Scheduler.now) {\n this.now = now;\n }\n\n /**\n * A getter method that returns a number representing the current time\n * (at the time this function was called) according to the scheduler's own\n * internal clock.\n * @return {number} A number that represents the current time. May or may not\n * have a relation to wall-clock time. May or may not refer to a time unit\n * (e.g. milliseconds).\n */\n public now: () => number;\n\n /**\n * Schedules a function, `work`, for execution. May happen at some point in\n * the future, according to the `delay` parameter, if specified. May be passed\n * some context object, `state`, which will be passed to the `work` function.\n *\n * The given arguments will be processed an stored as an Action object in a\n * queue of actions.\n *\n * @param {function(state: ?T): ?Subscription} work A function representing a\n * task, or some unit of work to be executed by the Scheduler.\n * @param {number} [delay] Time to wait before executing the work, where the\n * time unit is implicit and defined by the Scheduler itself.\n * @param {T} [state] Some contextual data that the `work` function uses when\n * called by the Scheduler.\n * @return {Subscription} A subscription in order to be able to unsubscribe\n * the scheduled work.\n */\n public schedule(work: (this: SchedulerAction, state?: T) => void, delay: number = 0, state?: T): Subscription {\n return new this.schedulerActionCtor(this, work).schedule(state, delay);\n }\n}\n", "import { Scheduler } from '../Scheduler';\nimport { Action } from './Action';\nimport { AsyncAction } from './AsyncAction';\nimport { TimerHandle } from './timerHandle';\n\nexport class AsyncScheduler extends Scheduler {\n public actions: Array> = [];\n /**\n * A flag to indicate whether the Scheduler is currently executing a batch of\n * queued actions.\n * @type {boolean}\n * @internal\n */\n public _active: boolean = false;\n /**\n * An internal ID used to track the latest asynchronous task such as those\n * coming from `setTimeout`, `setInterval`, `requestAnimationFrame`, and\n * others.\n * @type {any}\n * @internal\n */\n public _scheduled: TimerHandle | undefined;\n\n constructor(SchedulerAction: typeof Action, now: () => number = Scheduler.now) {\n super(SchedulerAction, now);\n }\n\n public flush(action: AsyncAction): void {\n const { actions } = this;\n\n if (this._active) {\n actions.push(action);\n return;\n }\n\n let error: any;\n this._active = true;\n\n do {\n if ((error = action.execute(action.state, action.delay))) {\n break;\n }\n } while ((action = actions.shift()!)); // exhaust the scheduler queue\n\n this._active = false;\n\n if (error) {\n while ((action = actions.shift()!)) {\n action.unsubscribe();\n }\n throw error;\n }\n }\n}\n", "import { AsyncAction } from './AsyncAction';\nimport { AsyncScheduler } from './AsyncScheduler';\n\n/**\n *\n * Async Scheduler\n *\n * Schedule task as if you used setTimeout(task, duration)\n *\n * `async` scheduler schedules tasks asynchronously, by putting them on the JavaScript\n * event loop queue. It is best used to delay tasks in time or to schedule tasks repeating\n * in intervals.\n *\n * If you just want to \"defer\" task, that is to perform it right after currently\n * executing synchronous code ends (commonly achieved by `setTimeout(deferredTask, 0)`),\n * better choice will be the {@link asapScheduler} scheduler.\n *\n * ## Examples\n * Use async scheduler to delay task\n * ```ts\n * import { asyncScheduler } from 'rxjs';\n *\n * const task = () => console.log('it works!');\n *\n * asyncScheduler.schedule(task, 2000);\n *\n * // After 2 seconds logs:\n * // \"it works!\"\n * ```\n *\n * Use async scheduler to repeat task in intervals\n * ```ts\n * import { asyncScheduler } from 'rxjs';\n *\n * function task(state) {\n * console.log(state);\n * this.schedule(state + 1, 1000); // `this` references currently executing Action,\n * // which we reschedule with new state and delay\n * }\n *\n * asyncScheduler.schedule(task, 3000, 0);\n *\n * // Logs:\n * // 0 after 3s\n * // 1 after 4s\n * // 2 after 5s\n * // 3 after 6s\n * ```\n */\n\nexport const asyncScheduler = new AsyncScheduler(AsyncAction);\n\n/**\n * @deprecated Renamed to {@link asyncScheduler}. Will be removed in v8.\n */\nexport const async = asyncScheduler;\n", "import { AsyncAction } from './AsyncAction';\nimport { AnimationFrameScheduler } from './AnimationFrameScheduler';\nimport { SchedulerAction } from '../types';\nimport { animationFrameProvider } from './animationFrameProvider';\nimport { TimerHandle } from './timerHandle';\n\nexport class AnimationFrameAction extends AsyncAction {\n constructor(protected scheduler: AnimationFrameScheduler, protected work: (this: SchedulerAction, state?: T) => void) {\n super(scheduler, work);\n }\n\n protected requestAsyncId(scheduler: AnimationFrameScheduler, id?: TimerHandle, delay: number = 0): TimerHandle {\n // If delay is greater than 0, request as an async action.\n if (delay !== null && delay > 0) {\n return super.requestAsyncId(scheduler, id, delay);\n }\n // Push the action to the end of the scheduler queue.\n scheduler.actions.push(this);\n // If an animation frame has already been requested, don't request another\n // one. If an animation frame hasn't been requested yet, request one. Return\n // the current animation frame request id.\n return scheduler._scheduled || (scheduler._scheduled = animationFrameProvider.requestAnimationFrame(() => scheduler.flush(undefined)));\n }\n\n protected recycleAsyncId(scheduler: AnimationFrameScheduler, id?: TimerHandle, delay: number = 0): TimerHandle | undefined {\n // If delay exists and is greater than 0, or if the delay is null (the\n // action wasn't rescheduled) but was originally scheduled as an async\n // action, then recycle as an async action.\n if (delay != null ? delay > 0 : this.delay > 0) {\n return super.recycleAsyncId(scheduler, id, delay);\n }\n // If the scheduler queue has no remaining actions with the same async id,\n // cancel the requested animation frame and set the scheduled flag to\n // undefined so the next AnimationFrameAction will request its own.\n const { actions } = scheduler;\n if (id != null && actions[actions.length - 1]?.id !== id) {\n animationFrameProvider.cancelAnimationFrame(id as number);\n scheduler._scheduled = undefined;\n }\n // Return undefined so the action knows to request a new async id if it's rescheduled.\n return undefined;\n }\n}\n", "import { AsyncAction } from './AsyncAction';\nimport { AsyncScheduler } from './AsyncScheduler';\n\nexport class AnimationFrameScheduler extends AsyncScheduler {\n public flush(action?: AsyncAction): void {\n this._active = true;\n // The async id that effects a call to flush is stored in _scheduled.\n // Before executing an action, it's necessary to check the action's async\n // id to determine whether it's supposed to be executed in the current\n // flush.\n // Previous implementations of this method used a count to determine this,\n // but that was unsound, as actions that are unsubscribed - i.e. cancelled -\n // are removed from the actions array and that can shift actions that are\n // scheduled to be executed in a subsequent flush into positions at which\n // they are executed within the current flush.\n const flushId = this._scheduled;\n this._scheduled = undefined;\n\n const { actions } = this;\n let error: any;\n action = action || actions.shift()!;\n\n do {\n if ((error = action.execute(action.state, action.delay))) {\n break;\n }\n } while ((action = actions[0]) && action.id === flushId && actions.shift());\n\n this._active = false;\n\n if (error) {\n while ((action = actions[0]) && action.id === flushId && actions.shift()) {\n action.unsubscribe();\n }\n throw error;\n }\n }\n}\n", "import { AnimationFrameAction } from './AnimationFrameAction';\nimport { AnimationFrameScheduler } from './AnimationFrameScheduler';\n\n/**\n *\n * Animation Frame Scheduler\n *\n * Perform task when `window.requestAnimationFrame` would fire\n *\n * When `animationFrame` scheduler is used with delay, it will fall back to {@link asyncScheduler} scheduler\n * behaviour.\n *\n * Without delay, `animationFrame` scheduler can be used to create smooth browser animations.\n * It makes sure scheduled task will happen just before next browser content repaint,\n * thus performing animations as efficiently as possible.\n *\n * ## Example\n * Schedule div height animation\n * ```ts\n * // html:
\n * import { animationFrameScheduler } from 'rxjs';\n *\n * const div = document.querySelector('div');\n *\n * animationFrameScheduler.schedule(function(height) {\n * div.style.height = height + \"px\";\n *\n * this.schedule(height + 1); // `this` references currently executing Action,\n * // which we reschedule with new state\n * }, 0, 0);\n *\n * // You will see a div element growing in height\n * ```\n */\n\nexport const animationFrameScheduler = new AnimationFrameScheduler(AnimationFrameAction);\n\n/**\n * @deprecated Renamed to {@link animationFrameScheduler}. Will be removed in v8.\n */\nexport const animationFrame = animationFrameScheduler;\n", "import { Observable } from '../Observable';\nimport { SchedulerLike } from '../types';\n\n/**\n * A simple Observable that emits no items to the Observer and immediately\n * emits a complete notification.\n *\n * Just emits 'complete', and nothing else.\n *\n * ![](empty.png)\n *\n * A simple Observable that only emits the complete notification. It can be used\n * for composing with other Observables, such as in a {@link mergeMap}.\n *\n * ## Examples\n *\n * Log complete notification\n *\n * ```ts\n * import { EMPTY } from 'rxjs';\n *\n * EMPTY.subscribe({\n * next: () => console.log('Next'),\n * complete: () => console.log('Complete!')\n * });\n *\n * // Outputs\n * // Complete!\n * ```\n *\n * Emit the number 7, then complete\n *\n * ```ts\n * import { EMPTY, startWith } from 'rxjs';\n *\n * const result = EMPTY.pipe(startWith(7));\n * result.subscribe(x => console.log(x));\n *\n * // Outputs\n * // 7\n * ```\n *\n * Map and flatten only odd numbers to the sequence `'a'`, `'b'`, `'c'`\n *\n * ```ts\n * import { interval, mergeMap, of, EMPTY } from 'rxjs';\n *\n * const interval$ = interval(1000);\n * const result = interval$.pipe(\n * mergeMap(x => x % 2 === 1 ? of('a', 'b', 'c') : EMPTY),\n * );\n * result.subscribe(x => console.log(x));\n *\n * // Results in the following to the console:\n * // x is equal to the count on the interval, e.g. (0, 1, 2, 3, ...)\n * // x will occur every 1000ms\n * // if x % 2 is equal to 1, print a, b, c (each on its own)\n * // if x % 2 is not equal to 1, nothing will be output\n * ```\n *\n * @see {@link Observable}\n * @see {@link NEVER}\n * @see {@link of}\n * @see {@link throwError}\n */\nexport const EMPTY = new Observable((subscriber) => subscriber.complete());\n\n/**\n * @param scheduler A {@link SchedulerLike} to use for scheduling\n * the emission of the complete notification.\n * @deprecated Replaced with the {@link EMPTY} constant or {@link scheduled} (e.g. `scheduled([], scheduler)`). Will be removed in v8.\n */\nexport function empty(scheduler?: SchedulerLike) {\n return scheduler ? emptyScheduled(scheduler) : EMPTY;\n}\n\nfunction emptyScheduled(scheduler: SchedulerLike) {\n return new Observable((subscriber) => scheduler.schedule(() => subscriber.complete()));\n}\n", "import { SchedulerLike } from '../types';\nimport { isFunction } from './isFunction';\n\nexport function isScheduler(value: any): value is SchedulerLike {\n return value && isFunction(value.schedule);\n}\n", "import { SchedulerLike } from '../types';\nimport { isFunction } from './isFunction';\nimport { isScheduler } from './isScheduler';\n\nfunction last(arr: T[]): T | undefined {\n return arr[arr.length - 1];\n}\n\nexport function popResultSelector(args: any[]): ((...args: unknown[]) => unknown) | undefined {\n return isFunction(last(args)) ? args.pop() : undefined;\n}\n\nexport function popScheduler(args: any[]): SchedulerLike | undefined {\n return isScheduler(last(args)) ? args.pop() : undefined;\n}\n\nexport function popNumber(args: any[], defaultValue: number): number {\n return typeof last(args) === 'number' ? args.pop()! : defaultValue;\n}\n", "export const isArrayLike = ((x: any): x is ArrayLike => x && typeof x.length === 'number' && typeof x !== 'function');", "import { isFunction } from \"./isFunction\";\n\n/**\n * Tests to see if the object is \"thennable\".\n * @param value the object to test\n */\nexport function isPromise(value: any): value is PromiseLike {\n return isFunction(value?.then);\n}\n", "import { InteropObservable } from '../types';\nimport { observable as Symbol_observable } from '../symbol/observable';\nimport { isFunction } from './isFunction';\n\n/** Identifies an input as being Observable (but not necessary an Rx Observable) */\nexport function isInteropObservable(input: any): input is InteropObservable {\n return isFunction(input[Symbol_observable]);\n}\n", "import { isFunction } from './isFunction';\n\nexport function isAsyncIterable(obj: any): obj is AsyncIterable {\n return Symbol.asyncIterator && isFunction(obj?.[Symbol.asyncIterator]);\n}\n", "/**\n * Creates the TypeError to throw if an invalid object is passed to `from` or `scheduled`.\n * @param input The object that was passed.\n */\nexport function createInvalidObservableTypeError(input: any) {\n // TODO: We should create error codes that can be looked up, so this can be less verbose.\n return new TypeError(\n `You provided ${\n input !== null && typeof input === 'object' ? 'an invalid object' : `'${input}'`\n } where a stream was expected. You can provide an Observable, Promise, ReadableStream, Array, AsyncIterable, or Iterable.`\n );\n}\n", "export function getSymbolIterator(): symbol {\n if (typeof Symbol !== 'function' || !Symbol.iterator) {\n return '@@iterator' as any;\n }\n\n return Symbol.iterator;\n}\n\nexport const iterator = getSymbolIterator();\n", "import { iterator as Symbol_iterator } from '../symbol/iterator';\nimport { isFunction } from './isFunction';\n\n/** Identifies an input as being an Iterable */\nexport function isIterable(input: any): input is Iterable {\n return isFunction(input?.[Symbol_iterator]);\n}\n", "import { ReadableStreamLike } from '../types';\nimport { isFunction } from './isFunction';\n\nexport async function* readableStreamLikeToAsyncGenerator(readableStream: ReadableStreamLike): AsyncGenerator {\n const reader = readableStream.getReader();\n try {\n while (true) {\n const { value, done } = await reader.read();\n if (done) {\n return;\n }\n yield value!;\n }\n } finally {\n reader.releaseLock();\n }\n}\n\nexport function isReadableStreamLike(obj: any): obj is ReadableStreamLike {\n // We don't want to use instanceof checks because they would return\n // false for instances from another Realm, like an + + +

When you become an Insider, not only do you support development of RaspAP but you also help inspire young people by harnessing the power of computing to solve problems and express themselves creatively.

+

Support for educators

+

We are big believers in the role that computing and digital technologies can play in shaping a better world. Many engineers, including members of the RaspAP team, got their first introduction to computing +at an early age. This can take the form of a structured curriculum in a school setting, or less-formally through clubs, competitions and partnerships with youth organizations. Equally important is university, vocational and research training in digital technologies at all levels.

+

To this end, we have pledged to make Insiders freely available to all educators, their students, club participants and staff.

+

Criteria

+

Educators, teacher trainers, researchers and club organizers engaged in digital and computing technologies for students of all ages are eligible. The only requirement is a GitHub account and a domain email address associated with an educational institution or organization with a focus on digital learning. Send a mail to sponsors@raspap.com with your GitHub +account details and we'll get you started with Insiders.

+

Frequently asked questions

+

Repository access

+

When you become a sponsor, GitHub will send you an invitation to the private Insiders repo. You must accept this invite before performing an upgrade or new install, as described below. Until you accept this invitation, running the Quick installer with the --insiders switch will result in the following:

+
RaspAP Install: Cloning latest files from GitHub
+Cloning into '/tmp/raspap-webgui'...
+remote: Repository not found.
+fatal: repository 'https://github.com/RaspAP/raspap-insiders' not found
+
+

In this event, check your mail folders for an invitation from GitHub and accept it. You may also verify access to the Insiders repo with your token beforehand.

+

Installing

+

How do I install Insiders?

+

Invoke the Quick Installer with the --insiders switch, like so:

+
curl -sL https://install.raspap.com | bash -s -- --insiders
+
+
+

Tip

+

During the Insiders install, GitHub will ask you for your username and password in order to clone the private repository. You must enter a GitHub Personal Access Token at the password prompt. This is explained in the Authentication section below.

+
+

Alternatively, you may skip the GitHub authentication step by specifying your GitHub credentials with the --name and --token parameters:

+
curl -sL https://install.raspap.com | bash -s -- --insiders --name [username] --token [my-token]
+
+

Upgrading

+

I have an existing RaspAP installation. How do I upgrade to Insiders?

+

Upgrading is easy. Simply invoke the Quick Installer with the --upgrade switch, specifying the private Insiders option, like so:

+
curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders
+
+
+

Tip

+

When upgrading to Insiders, GitHub will ask you for your username and password in order to clone the private repository. You must enter a GitHub Personal Access Token at the password prompt. This is explained in the Authentication section below.

+
+

As with a fresh Insiders install, you may also skip the GitHub authentication step by specifying your GitHub credentials with the --name and --token parameters:

+
curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders --name [username] --token [my-token]
+
+

Authentication

+

As of August 2021 GitHub removed support for password authentication, so you will need to generate a Personal Access Token and use this in place of your password. The process of creating a token is straightforward and described here.

+
+

Tip

+

Be sure to create a "classic" personal access token, rather than a fine-grained one. The latter has resulted in errors when cloning the private GitHub repository. Before invoking the Quick installer to perform an upgrade or new Insiders install, it's recommended to verify your token using the method described below.

+
+

If this is your first time using a GitHub personal access token, you can verify it by using curl and the GitHub API. Substitute your token value for MY_TOKEN below:

+
curl -sS -f -I -H "Authorization: token MY_TOKEN" https://api.github.com
+
+

If successful, GitHub should reply with HTTP/2 200 and a x-oauth-scopes: repo value in the response. If you receive a HTTP 401 or other error from curl, check your token and try again.

+

You will be asked to authenticate with GitHub when the installer clones the private Insiders repo. In this case, simply enter your GitHub username and token when prompted.

+
+

Note

+

Your token is sent securely via SSH to GitHub. The installer does not have access to or store your token.

+
+

If you're using GitHub with 2FA enabled the same process above applies.

+

Scope of support

+

Individual sponsors may use the main RaspAP repository for non-bug related discussions, including troubleshooting. If you've found a bug with an Insiders feature, please review our issue policy and create a report in the Insiders repository.

+

The RaspAP team will prioritize issues and feature requests for sponsors at the Business tier. Please create a report in the Insiders repository or contact us via email to discuss your requirements.

+

Terms

+

We're using RaspAP for a commercial project. Can we use Insiders under the same terms and conditions?

+

Yes. Whether you're an individual or a company, you may use RaspAP Insiders precisely under the same terms as RaspAP, which are defined by the GNU GPL 3.0 license. However, we kindly ask you to respect the following guidelines:

+
    +
  • Please don't distribute the source code of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
    • +
  • If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may use the latest version that's available to you as long as you like. Just remember that GitHub deletes private forks.
    • +
+

Discussions

+

Questions or comments about Insiders? Join the discussion here.

+
+
+
    +
  1. +

    You may be wondering if the sponsorware model contradicts the ethos of Open Source software. It's true that some features are locked behind a payment, which means they are only accessible after pledging a small amount of money. +However, these features are only exclusive until specific funding targets are reached. Making an Open Source project sustainable is exceptionally difficult. Maintainers invest significant time and energy +developing software, testing, responding to issues, writing documentation and so on. Too often, this leads to burnout and abandoned projects. +The sponsorware model ensures that if you decide to use RaspAP, you can be sure that the project remains healthy, bugs are fixed quickly and new features are added regularly. 

    +
    2. +
  2. +

    It's currently not possible to grant access to each member of an organization, as GitHub only allows for adding users. Thus, after sponsoring, please send an email to sponsors@raspap.com, +stating which account should become a collaborator of the Insiders repository. We're working on a solution which will make access to organizations much simpler. 

    +
    3. +
  3. +

    If you cancel your sponsorship, GitHub schedules a cancellation request which will become effective at the end of the billing cycle, which ends at the 22nd of the month for monthly sponsorships. +This means that even though you cancel your sponsorship, you will keep your access to Insiders as long as your cancellation isn't effective. All charges are processed by GitHub through Stripe. +As we don't receive any information regarding your payment, and GitHub doesn't offer refunds, sponsorships are non-refundable. 

    +
    4. +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/issues/index.html b/issues/index.html new file mode 100644 index 00000000..f092467c --- /dev/null +++ b/issues/index.html @@ -0,0 +1,1337 @@ + + + + + + + + + + + + + + + + + + + + + + + Reporting issues - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Reporting issues

+

Overview

+

RaspAP is free software. It is delivered to you, at no cost, and with no warranty of any kind. The community of developers who contribute to this project make every effort to deliver defect-free code. That said, no software is perfect. You can help us improve this project by accurately describing your issue.

+

Issue policy

+

This project is currently led by one developer (@billz) in his very limited spare time. Please respect our developers' time by using issues for reporting bugs only. +RaspAP is not a boxed product with a free troubleshooting hotline. If your issue is of a general nature and not directly related to a defect with this project, try searching the official Raspberry Pi forums, RaspAP's GitHub discussions, or Raspberry Pi on Stack Exchange. Chances are your question has been discussed and answered before.

+

Issues are only valid for clean installs of this project's compatible operating systems. +If you observe RaspAP behaving strangely and you did not begin with a clean install, be sure to test it on a fresh SD card before reporting an issue.

+

The project FAQ is continuously updated with answers to many common questions. Refer to this first before creating a new issue.

+

Guidelines

+

You can help us improve this project by accurately describing defects. To that end, these guidelines have been established to streamline the reporting process:

+
    +
  1. Please read and follow the Code of Conduct.
    2. +
  2. Provide useful detail to reproduce your issue. "Doesn't work" or "not working" is not a valid report. Here's an example model issue.
    3. +
  3. Generate a debug log and upload the contents to Pastebin.
    4. +
  4. If an issue is unclear or needs further information, it will be labeled with question and awaiting-user.
    5. +
  5. Issues that becomes stale due to inactivity are automatically managed by stale-bot.
    6. +
+

Supported devices

+

RaspAP functions very well "out of the box" on fresh installs of the latest RPi OS Lite 32-bit distribution on recent hardware like the RPi 4, 3B+ and Zero W. The version 2.3.1 release extends beta support to additional Debian-based distros, including Armbian and Ubuntu Server. Please note that "supported" is not a guarantee.

+

If you have installed other software packages on top of RaspAP, particularly those related to networking such as Pi-hole, please test RaspAP first on a clean install before reporting an issue. You may also use RaspAP's Docker container to mitigate conflicts with other software packages.

+

External hardware

+

RaspAP has been rigorously tested on the above supported distros and devices using the onboard wireless chipsets. While many good external wireless USB adapters, or "dongles", are available, a +substantial number lack in-kernel driver support or are otherwise unsuitable for this project. It is not practical, or even possible, to individually test every dongle on the market with this project. +For this reason, issues that concern external wireless adapters, or request troubleshooting of these devices, will not be considered.

+

If you suspect a driver problem with your USB adapter, RaspAP tools +can assist you with installing missing WLAN driver modules. Beyond this, your best avenue for troubleshooting are the public forums mentioned above.

+

Default settings

+

One of RaspAP's most popular features is the Quick Installer, which gets an AP up and running quickly and with a minimum of hassle. This works by applying a known-good default configuration that has been validated in testing with the project's supported devices. When the project prerequisites are followed, an AP with wired ethernet (eth0) or managed mode (wlan0) Wifi client AP will be functional with the default settings.

+
+

Important

+

RaspAP gives you control over many of the settings for hostapd, dhcpcd and dnsmasq. Once these default settings are changed, it's possible that one or all of the above services will enter a failed state.

+
+

Will RaspAP let me create a configuration that "breaks" my hotspot?

+

In a word, yes. While the Quick Installer automates most of the work of creating an AP, RaspAP does not automagically validate your custom configurations. As a result, you may observe anomalous behavior when restarting these services and/or rebooting your device.

+

When in doubt, you may perform a system reset to restore the default settings.

+

Because of this, issues such as "hotspot isn't working" or "gui doesn't work" won't be considered. No hard feelings.

+

Submitting an issue

+

If, after searching these community forums, consulting the FAQ and understanding the default settings, your issue still persists, please provide as much detailed information as possible. Use the provided issue template. Incomplete issue reports will not be considered. +Thanks.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/manual/index.html b/manual/index.html new file mode 100644 index 00000000..4c611006 --- /dev/null +++ b/manual/index.html @@ -0,0 +1,1786 @@ + + + + + + + + + + + + + + + + + + + + + + + Manual installation - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Manual installation

+

Overview

+

These steps apply to the latest release of RaspAP, Raspberry Pi OS Lite, Debian and Armbian. Notes for previous versions, Ubuntu Server 18.04 TLS and 19.10 are provided, where applicable. +Please refer to this regarding operating systems support.

+

Alternatives

+

If your goal is to use RaspAP as a component of a larger project, or wish to isolate its dependencies from existing software on your system, consider deploying RaspAP in a Docker container instead.

+

Prerequisites

+

Start off by updating your system's package list, then upgrade the kernel, firmware and installed packages to their latest versions:

+
sudo apt-get update
+sudo apt-get full-upgrade
+
+

Note that full-upgrade is used rather than a simple upgrade, as this also picks up any dependency changes that may have been made. +The kernel and firmware are installed as a Debian package, and so will also get updates when using the procedure above. +These packages are updated infrequently and after extensive testing.

+

Enable wireless operation

+

Telecommunications radio bands are subject to regulatory restrictions to ensure interference-free operation. The Linux OS complies with these rules by requiring users +to configure a two-letter "WiFi country code". In RPi OS, 5 GHz wireless networking is disabled until this country code has been set, usually as part of the initial installation process. +If you have not set your country code or are unsure, check the "WLAN Country" setting in raspi-config's Localisation Options:

+
sudo raspi-config
+
+

To ensure the WiFi radio is not blocked on the Raspberry Pi, execute the following command:

+
sudo rfkill unblock wlan
+
+

Non-RPi OS dependencies

+

Operating systems other than RPi OS have some additional dependencies. If you are using RPi OS Lite, skip this section. On Ubuntu Server, add a dependency and the ppa:ondrej/php apt package:

+
sudo apt-get install software-properties-common 
+sudo add-apt-repository ppa:ondrej/php
+
+

On Debian, Armbian and Ubuntu, install dhcpcd5 with the following:

+
sudo apt-get install dhcpcd5
+
+

On Raspberry Pi OS Lite 32-bit (bookworm), install dhcpcd5 with a dependency:

+
sudo apt-get install dhcpcd dhcpcd-base
+
+

Ubuntu-specific steps

+
+

Note

+

This section concerns manual pre- and post-install steps required for the latest Ubuntu 23.04 (Lunar Lobster) and Armbian 23.11 (Jammy) releases. They are not necessary with other distributions.

+
+

RaspAP's installer will prompt you to stop and disable the systemd-resolved service listening on port 53 before installing dnsmasq. On Ubuntu 23.04 and Armbian 23.11 this results in a name resolution failure and the installation cannot continue. To resolve this, perform the following pre-install steps:

+
    +
  1. Stop systemd-resolved with sudo systemctl stop systemd-resolved.service.
    2. +
  2. Edit the systemd-resolved config file: sudo nano /etc/systemd/resolved.conf, un-hash and specify DNS=9.9.9.9 (for example) and set DNSStubListener=no. Save and exit the file.
    3. +
  3. Symlink /etc/resolv.conf with sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf.
    4. +
  4. Proceed with RaspAP install as normal. Disable systemd services when prompted by the installer.
    5. +
+

Post-install: The dnsmasq service will report errors such as "config error is REFUSED (EDE: not ready)". DNS 'A' record queries will fail and the AP will not be usable for clients. This is easily resolved with the following steps:

+
    +
  1. Edit the dnsmasq configuration with sudo nano /etc/default/dnsmasq and un-hash IGNORE_RESOLVCONF=yes. Save and exit the file.
    2. +
  2. Restart the dnsmasq service with sudo systemctl restart dnsmasq.service.
    3. +
+

Your RaspAP install on Ubuntu should now function as expected.

+

Install packages

+

Install git, lighttpd, php8, hostapd, dnsmasq and some extra packages with the following:

+
sudo apt-get install lighttpd git hostapd dnsmasq iptables-persistent vnstat qrencode php8.2-cgi jq isoquery
+
+
+

Note

+

For Raspberry Pi OS Lite (bullseye), Debian 11 and Ubuntu Server 22.04, replace php8.2-cgi with php7.4-cgi. For Ubuntu Server 23.04, you may use php8.1-cgi.

+
+

Enable PHP

+

Next, enable PHP for lighttpd and restart the service for the settings to take effect: +

sudo lighttpd-enable-mod fastcgi-php    
+sudo service lighttpd force-reload
+sudo systemctl restart lighttpd.service
+

+

Create the web application

+

In these steps we will prepare the web destination and git clone the files to /var/www/html.

+
+

Caution

+

If this is not a clean installation, be sure you do not have existing files or directories in the web root before executing the rm -rf command.

+
+
sudo rm -rf /var/www/html
+sudo git clone https://github.com/RaspAP/raspap-webgui /var/www/html
+
+

Copy an extra lighttpd config file to support application routing. This step requires some text substitutions to support user changes to lighttpd's server.document-root setting:

+
WEBROOT="/var/www/html"
+CONFSRC="$WEBROOT/config/50-raspap-router.conf"
+LTROOT=$(grep "server.document-root" /etc/lighttpd/lighttpd.conf | awk -F '=' '{print $2}' | tr -d " \"")
+
+HTROOT=${WEBROOT/$LTROOT}
+HTROOT=$(echo "$HTROOT" | sed -e 's/\/$//')
+awk "{gsub(\"/REPLACE_ME\",\"$HTROOT\")}1" $CONFSRC > /tmp/50-raspap-router.conf
+sudo cp /tmp/50-raspap-router.conf /etc/lighttpd/conf-available/
+
+

Link it into conf-enabled and restart the web service:

+
sudo ln -s /etc/lighttpd/conf-available/50-raspap-router.conf /etc/lighttpd/conf-enabled/50-raspap-router.conf
+sudo systemctl restart lighttpd.service
+
+

Now comes the fun part. For security reasons, the www-data user which lighttpd runs under is not allowed to start or stop daemons, or run commands like ip link, +all of which we want our app to do. So we will add the www-data user to sudoers, but with restrictions on what commands the user can run. Copy the sudoers rules to their destination:

+
cd /var/www/html
+sudo cp installers/raspap.sudoers /etc/sudoers.d/090_raspap
+
+

Configuration directories

+

RaspAP uses several directories to manage its own configuration. Create these with the following commands:

+
sudo mkdir /etc/raspap/
+sudo mkdir /etc/raspap/backups
+sudo mkdir /etc/raspap/networking
+sudo mkdir /etc/raspap/hostapd
+sudo mkdir /etc/raspap/lighttpd
+sudo mkdir /etc/raspap/system
+
+

Set permissions

+

Next, set the files ownership to the www-data user for the web files and RaspAP config:

+
sudo chown -R www-data:www-data /var/www/html
+sudo chown -R www-data:www-data /etc/raspap
+
+

Control scripts

+

RaspAP uses several shell scripts to manage various aspects of the application, including hostapd logging and raspapd, the RaspAP control service. Move these scripts to their destinations with the following:

+
sudo mv installers/enablelog.sh /etc/raspap/hostapd
+sudo mv installers/disablelog.sh /etc/raspap/hostapd
+sudo mv installers/servicestart.sh /etc/raspap/hostapd
+sudo mv installers/debuglog.sh /etc/raspap/system
+
+

Set ownership and permissions for the logging and service control scripts:

+
sudo chown -c root:root /etc/raspap/hostapd/*.sh
+sudo chmod 750 /etc/raspap/hostapd/*.sh
+
+sudo chown -c root:root /etc/raspap/system/*.sh
+sudo chmod 750 /etc/raspap/system/*.sh
+
+

Copy and set ownership of the lighttpd control scripts: +

sudo cp installers/configport.sh /etc/raspap/lighttpd
+sudo chown -c root:root /etc/raspap/lighttpd/*.sh
+

+

Next, move the raspapd service file to the correct location and enable it:

+
sudo mv installers/raspapd.service /lib/systemd/system
+sudo systemctl daemon-reload
+sudo systemctl enable raspapd.service
+
+

Default configuration

+

To facilitate a faster setup, RaspAP uses a "known-good" default configuration as a starting point. +Copy the configuration files for dhcpcd, dnsmasq, hostapd and defaults.json. Optionally, backup your existing hostapd.conf:

+
sudo mv /etc/default/hostapd ~/default_hostapd.old
+sudo cp /etc/hostapd/hostapd.conf ~/hostapd.conf.old
+sudo cp config/hostapd.conf /etc/hostapd/hostapd.conf
+sudo cp config/090_raspap.conf /etc/dnsmasq.d/090_raspap.conf
+sudo cp config/090_wlan0.conf /etc/dnsmasq.d/090_wlan0.conf
+sudo cp config/dhcpcd.conf /etc/dhcpcd.conf
+sudo cp config/config.php /var/www/html/includes/
+sudo cp config/defaults.json /etc/raspap/networking/
+
+
+

Tip

+

If you wish to modify RaspAP's default configuration for dnsmasq and dhcp, you may do so by changing these files and editing config/defaults.json.

+
+

Next, disable systemd-networkd and copy the bridge configuration with the following:

+
sudo systemctl stop systemd-networkd
+sudo systemctl disable systemd-networkd
+sudo cp config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev
+sudo cp config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network 
+
+

Optimize PHP

+

Optionally, you may optimize PHP with the following, replacing php8.2-cgi with your installed version:

+
sudo sed -i -E 's/^session\.cookie_httponly\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/session.cookie_httponly = 1/' /etc/php/8.2/cgi/php.ini
+sudo sed -i -E 's/^;?opcache\.enable\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/opcache.enable = 1/' /etc/php/8.2/cgi/php.ini
+sudo phpenmod opcache
+
+

Routing and IP masquerading

+

These steps allow WLAN clients to access computers on the main wired eth0 network, and from there the internet. +Begin by enabling IP forwarding with the following commands:

+
echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/90_raspap.conf > /dev/null
+sudo sysctl -p /etc/sysctl.d/90_raspap.conf
+sudo /etc/init.d/procps restart
+
+

To enable traffic between clients on the WLAN and the internet, we add two iptables network address translation (NAT) "masquerade" firewall rules. +Create these rules and persist them with the following:

+
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
+sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
+sudo iptables-save | sudo tee /etc/iptables/rules.v4
+
+

Enable hostapd

+

The hostapd service is disabled by default, as there is no configuration for it after its initial installation. Unmask and enable it with the following:

+
sudo systemctl unmask hostapd.service
+sudo systemctl enable hostapd.service
+
+

Optional components

+

The following components are not required to operate RaspAP, but extend its usefulness in several ways. Each is independent of the others, so you may choose to add whichever one you need.

+

OpenVPN

+

Install OpenVPN, enabling the option in RaspAP's config and the openvpn-client service, like so:

+
sudo apt-get install openvpn
+sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" /var/www/html/includes/config.php
+sudo systemctl enable openvpn-client@client
+
+

Copy the OpenVPN auth control script to its destination, setting ownership and permissions with the following:

+
sudo mkdir /etc/raspap/openvpn/
+sudo cp installers/configauth.sh /etc/raspap/openvpn/
+sudo chown -c root:root /etc/raspap/openvpn/*.sh
+sudo chmod 750 /etc/raspap/openvpn/*.sh
+
+

WireGuard

+

Adding support for WireGuard is straightforward. The application files are already present in RaspAP, so you may simply install and enable the service, then activate the management option:

+
sudo apt-get install wireguard
+sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" /var/www/html/includes/config.php
+sudo systemctl enable wg-quick@wg
+
+

Ad blocking

+

There are several steps to enable Ad blocking, including downloading the blocklists, setting permissions and adding a dnsmasq configuration:

+
sudo mkdir /etc/raspap/adblock
+wget https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -O /tmp/hostnames.txt
+wget https://big.oisd.nl/dnsmasq -O /tmp/domains.txt
+sudo cp /tmp/hostnames.txt /etc/raspap/adblock
+sudo cp /tmp/domains.txt /etc/raspap/adblock 
+sudo cp installers/update_blocklist.sh /etc/raspap/adblock/
+sudo chown -c root:www-data /etc/raspap/adblock/*.*
+sudo chmod 750 /etc/raspap/adblock/*.sh
+sudo touch /etc/dnsmasq.d/090_adblock.conf
+echo "conf-file=/etc/raspap/adblock/domains.txt" | sudo tee -a /etc/dnsmasq.d/090_adblock.conf > /dev/null 
+echo "addn-hosts=/etc/raspap/adblock/hostnames.txt" | sudo tee -a /etc/dnsmasq.d/090_adblock.conf > /dev/null
+sudo sed -i '/dhcp-option=6/d' /etc/dnsmasq.d/090_raspap.conf
+sudo sed -i "s/\('RASPI_ADBLOCK_ENABLED', \)false/\1true/g" includes/config.php
+
+

Restart

+

Finally, restart your device and verify that the wireless access point is available:

+
sudo systemctl reboot
+
+

After your device has restarted, search for wireless networks with your wireless client. The default SSID is raspi-webgui. +The default username is "admin" and the default password is "secret".

+
+

Important

+

It is strongly recommended that you change these default login credentials in RaspAP's Authentication panel. APs managed by RaspAP in the wild have been administered by third parties with the default login.

+
+

Discussions

+

Questions or comments about RaspAP's manual install? Join the discussions here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/minwrite/index.html b/minwrite/index.html new file mode 100644 index 00000000..02ddfc8a --- /dev/null +++ b/minwrite/index.html @@ -0,0 +1,1611 @@ + + + + + + + + + + + + + + + + + + + + + + + Minimal SD card write - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Minimal SD card write

+

+

Overview

+

Linux, and indeed most substantial operating systems, is frequently writing logs files, cache files and temporary data to disk (or the microSD card with the Raspberry Pi). Performing a shutdown puts these files away into a known valid state. If power is unexpectedly cut to a Raspberry Pi, these unwritten system files can become corrupted and render a card unbootable.

+

What is more, most microSD cards were not designed with 24/7 operation in mind. Continuous writing to the card's flash memory shortens its lifespan. They often accumulate bad sectors rather quickly after a period of extended use. This is particularly true of so-called "budget" microSD cards.

+

Using a Raspberry Pi as an access point requires reliable operation over a long period of time. While "read-only mode" operation for the SD card is one approach to prolong its use, this prevents user settings from being persisted to storage — meaning that any changes will be lost if the device is disconnected from power. This makes it less than ideal for RaspAP, or indeed any application such as a web server or database that depends on persistent storage.

+

Solution

+

Rather than force the system into a read-only mode, RaspAP has an alternative "minimal write mode" that substantially reduces the risk of SD card corruption and also helps to extend the card's lifespan.

+

This solution involves moving logging, cache and temporary data to a RAM-based file system. The default system log processor rsyslog is replaced with an in-memory logger and several log-related services are disabled. The tmpfs filesystem is used for most processes that require write access, such as sessions used by php-cgi, as well as paths for transient and cache data including /var/cache and /var/tmp.

+

In addition, the system's boot options are modified to disable swap and file system checks. A tangible side benefit of retaining a read/write boot partition is that your system will behave otherwise normally — you may install packages, add services and perform most operations as before.

+

Enabling minimal write

+

The minimal microSD card write utility, minwrite, may be invoked by using RaspAP's Quick installer. This does not (re)install RaspAP — only the minwrite shell script is loaded and executed. Users of this method are informed of which operations are performed at each step. Alternatively, manual configuration steps are also provided. Notes specific to Armbian are given where applicable.

+
+

Warning

+

These methods have been used successfully with many Debian-based systems. However, you still use this at your own risk. We recommend either creating a backup image of your SD card before proceeding, or begin with a baseline setup that you can easily recreate if needed.

+
+

Both methods are reasonably straightforward. Bear in mind that RAM usage on your device will necessarily increase, since we'll be migrating the disk I/O activity of several system processes to the tmpfs ramdisk. For this reason, it's recommended to review the memory considerations before proceeding.

+

After we've enabled minwrite we'll look at a technique to evaluate its effectiveness.

+

Quick install

+

The minwrite utility may be invoked remotely from the Quick installer like so:

+
curl -sL https://install.raspap.com | bash -s -- --minwrite
+
+

Alternatively, if you have a local install of RaspAP you may execute it from the /installers directory like so:

+
./raspbian.sh --minwrite.sh
+
+

You will be prompted at each step during the minwrite script's execution. As a final step, be sure to reboot your system.

+
$ curl -sL https://install.raspap.com | bash -s -- --minwrite
+
+
+ 888888ba                              .d888888   888888ba
+ 88     8b                            d8     88   88     8b
+a88aaaa8P' .d8888b. .d8888b. 88d888b. 88aaaaa88a a88aaaa8P
+ 88    8b. 88    88 Y8ooooo. 88    88 88     88   88
+ 88     88 88.  .88       88 88.  .88 88     88   88
+ dP     dP  88888P8  88888P  88Y888P  88     88   dP
+                             88
+                             dP      version 2.8.8
+
+The Quick Installer will guide you through a few easy steps
+
+
+RaspAP Minwrite: Modify the OS to minimize microSD card write operation
+Detected OS: Debian GNU/Linux 11 (bullseye)
+RaspAP Minwrite: Removing packages
+The following packages will be removed: dphys-swapfile logrotate
+Proceed? [Y/n]:
+The following packages will be REMOVED:
+  dphys-swapfile* logrotate*
+0 upgraded, 0 newly installed, 3 to remove and 65 not upgraded.
+After this operation, 351 kB disk space will be freed.
+(Reading database ... 65355 files and directories currently installed.)
+Removing dphys-swapfile (20100506-7+rpt1) ...
+Removing logrotate (3.18.0-2+deb11u1) ...
+Processing triggers for man-db (2.9.4-2) ...
+(Reading database ... 65313 files and directories currently installed.)
+Purging configuration files for logrotate (3.18.0-2+deb11u1) ...
+Purging configuration files for dphys-swapfile (20100506-7+rpt1) ...
+[ โœ“ ok ]
+RaspAP Minwrite: Disabling services
+The following services will be disabled: bootlogd.service bootlogs console-setup apt-daily
+Proceed? [Y/n]:
+
+

Manual steps

+

These steps perform the same actions as the Quick install method. Details are provided so that you may choose to customize or skip some steps, if desired.

+

Remove packages

+

The goal here is to only remove packages that actively write to the filesystem, and that we intend to replace or disable entirely. In a subsequent step, logrotate will be replaced with busybox-syslogd. +Additionally, dphys-swapfile, which manages a swapfile in the root filesystem on the SD card, is removed as it wonโ€™t be able to work.

+

Remove these packages with the following:

+
sudo apt-get remove --purge dphys-swapfile logrotate
+sudo apt-get autoremove --purge
+
+

Disable services

+

Linux is able to update packages autonomously without an external command. This task is scheduled by the apt-daily.service, which triggers the system to start apt tasks and scan installed packages for available updates. If updates are found, the apt-daily-upgrade.service downloads and installs them without user intervention. While useful for keeping your system updated, these are intensive processes in terms of disk I/O that we can safely disable and handle manually.

+

Disable the bootlogd.service, apt-daily and related services like so:

+
sudo systemctl unmask bootlogd.service
+sudo systemctl disable bootlogs
+sudo systemctl disable apt-daily.service apt-daily.timer apt-daily-upgrade.timer apt-daily-upgrade.service
+
+
+

Note

+

By disabling these services, you will need to manually check for package updates periodically with sudo apt-get update && sudo apt-get upgrade.

+
+

Replace logger

+

In this step we'll replace the default system logger rsyslog with an in-memory logger, busybox-syslogd. BusyBox combines tiny versions of many common Linux utilities into a single small executable. It provides a fairly complete POSIX environment for any small or embedded system, including a minimal write Raspberry Pi.

+

Install it like so and remove rsyslog:

+
sudo apt-get install busybox-syslogd
+sudo dpkg --purge rsyslog
+
+

Be aware that because busybox-syslogd writes system logs to RAM, these logs will be lost if your device is disconnected from power.

+

Disable swap

+

Next we'll modify system boot options to disable swap and filesystem checks, as these are both intensive disk I/O processes. Edit this file with sudo nano /boot/cmdline.txt and append the following to the end:

+
fsck.mode=skip noswap
+
+

The resulting file will look something like this (copied from a Pi 3 Model B+):

+
console=serial0,115200 console=tty1 root=PARTUUID=bddffae9-02 rootfstype=ext4 fsck.repair=yes rootwait fsck.mode=skip noswap
+
+

Save your changes and quit out of the editor with Ctrl+X followed by Y and finally Enter.

+
+

Note

+

By default Armbian does not use any SD card-based swap, so unless youโ€™ve customized your installation thereโ€™s nothing to disable.

+
+

Move directories to RAM

+

As a final step, we'll move several directories to the tmpfs filesystem. By storing these directories on a ramdisk instead of the SD card, we can substantially reduce the volume of I/O operations on the card's flash memory. Writing to tmpfs also provides fast sequential read/write speeds. The tradeoff is that tmpfs is volatile storage — meaning that you will lose all data stored on the filesystem if you lose power.

+

We'll select paths to migrate to tmpfs for transient and cache data, as well as those required for RaspAP's operation that are associated with disk I/O activity. Moving these directories to tmpfs is done by editing fstab with sudo nano /etc/fstab. Append the following lines to the end:

+
tmpfs /tmp tmpfs  nosuid,nodev 0 0
+tmpfs /var/log tmpfs  nosuid,nodev 0 0
+tmpfs /var/tmp tmpfs  nosuid,nodev 0 0
+tmpfs /var/lib/misc tmpfs  nosuid,nodev 0 0
+tmpfs /var/cache tmpfs  nosuid,nodev 0 0
+tmpfs /var/lib/vnstat tmpfs  nosuid,nodev 0 0
+tmpfs /var/php/sessions tmpfs  nosuid,nodev 0 0
+
+

Save your changes and quit out of the editor with Ctrl+X followed by Y and finally Enter.

+
+

Note

+

Armbian puts /tmp in RAM by default, while Raspberry Pi OS does not. On both Armbian and Raspberry Pi OS, /run is stored in RAM already and /var/run symlinks to it.

+
+

The /var/tmp directory is made available for programs that require temporary files or directories that are preserved between system reboots. Therefore, data stored in /var/tmp is more persistent than data in /tmp. In practice, however, few programs in common use with Raspberry Pi OS write to this directory so we can safely move it to RAM.

+

Reboot

+

A reboot is required for the above steps to take effect: sudo reboot.

+

Memory considerations

+

The minwrite configuration migrates as much as possible from SD card storage to the tmpfs ramdisk. As a result, a concomitant increase in memory utilization is expected. To benchmark this, we can compare the change in memory usage on a Pi 3 Model B+ with 1GB of RAM with a typical RaspAP installation.

+

Here we use the following to return the amount of free system memory expressed as a percentage of total available:

+
free -m | awk '/Mem:/ { total=$2 ; used=$3 } END { print used/total*100}'
+
+ + + + + + + + + + + + + +
Pre-minwritePost-minwrite
11.88% 29.70%
+

While this is a noticable increase in RAM usage, it's still well within the margin for reliable operation of the OS. If you have a higher rate of RAM utilization on your device, or have limited available system memory to begin with, bear this in mind before proceeding.

+
+

Note

+

Recall that we've disabled swap, so if the system runs out of physical memory (RAM) there is no partition available for the kernel to allocate virtual memory in its place. This will cause the kernel to throw an out of memory (OOM) error. Normally this causes the kernel to panic and stop functioning.

+
+

File system metrics

+

We can evaluate a minwrite configuration by using iotop, a utility that watches I/O usage information output by the Linux kernel. Install it like so:

+
sudo apt-get install iotop
+
+

Execute it with the following switches to monitor accumulated activity of processes doing actual I/O:

+
sudo iotop -aoP
+
+

After a period of time, you will see disk I/O activity reported for a number of processes. Returning to our Pi 3 Model B+ test bench, we can compare the before and after results:

+

Pre-minwrite I/O +

Total DISK READ:         0.00 B/s | Total DISK WRITE:       191.31 B/s
+Current DISK READ:       0.00 B/s | Current DISK WRITE:      22.52 K/s
+    PID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND
+     95 ?sys root          0.00 B    860.00 K                 [jbd2/mmcblk0p2-]
+    145 ?sys root          0.00 B      3.03 M                 systemd-journald
+    412 ?sys root          0.00 B    112.00 K                 rsyslogd -n -iNONE
+    529 ?sys vnstat        0.00 B    264.00 K                 vnstatd -n
+   1080 ?sys www-data    800.00 K     48.00 K                 lighttpd -D -f /etc/lighttpd/lighttpd.conf
+   1186 ?sys www-data      2.25 M      0.00 B                 php-cgi
+   1187 ?sys www-data      4.00 K      0.00 B                 php-cgi
+   1188 ?sys www-data     52.00 K      0.00 B                 php-cgi
+   4752 ?sys root          0.00 B      4.00 K                 dhcpcd -w -q
+   5402 ?sys dnsmasq       0.00 B    140.00 K                 dnsmasq -x /run/dnsmasq/dnsmasq.pid
+

+

Post-minwrite I/O +

Total DISK READ:         0.00 B/s | Total DISK WRITE:         0.00 B/s
+Current DISK READ:       0.00 B/s | Current DISK WRITE:       0.00 B/s
+    PID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND
+    101 ?sys root          0.00 B      8.00 K                 [jbd2/mmcblk0p2-8]
+    837 ?sys www-data     24.00 K      0.00 B                 lighttpd -D -f /etc/lighttpd/lighttpd.conf
+    890 ?sys www-data    170.00 K      0.00 B                 php-cgi
+    891 ?sys www-data      4.00 K      0.00 B                 php-cgi
+    892 ?sys www-data      4.00 K      0.00 B                 php-cgi
+    893 ?sys www-data     80.00 K      0.00 B                 php-cgi
+

+

Notice that in the latter iotop output, logging to disk is nearly absent and vnstatd now writes data to RAM. The remaining disk write activity originates mainly from the ext4 journal update process jbd2.

+

At the same time, RaspAP settings may be modified and persisted to the microSD card and the system otherwise operated normally.

+

Discussions

+

Questions or comments about using minwrite mode? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/multiple/index.html b/multiple/index.html new file mode 100644 index 00000000..e637189e --- /dev/null +++ b/multiple/index.html @@ -0,0 +1,1404 @@ + + + + + + + + + + + + + + + + + + + + + + + Multiple APs - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Multiple APs

+

Overview

+

Experimental

+

Many users have asked if it's possible to create a second wireless access point on the same device. The answer is "yes" with an AP-capable external wireless adapter and the correct settings. +The Edimax EW-7811Un USB adapter works without additional drivers on many devices, including the Raspberry Pi. For this reason it is used in this walkthrough.

+
+

Tip

+

We strongly recommend this resource which lists USB WiFi adapters with in-kernel Linux drivers. These will work out of the box on Debian-based devices without installing third-party drivers. You may also wish to skip directly to this short list of "superstar" USB WiFi adapters for Linux. Pay special attention to those that are excellent choices for 5 GHz AP mode, if this is desired.

+
+

Scenario

+

In this setup, we will use an external Edimax 2.4GHz USB adapter together with the onboard wireless chipset of the Raspberry Pi 4 operating on the 5GHz band. The end result is displayed in the WiFi network scan below.

+

+

It is not currently possible to create this setup with RaspAP's UI, so these manual steps are provided below. We can, however, leverage the web UI to create the hostapd configurations we'll need.

+

Prerequisites

+

This tutorial assumes that you have followed the Quick start or manual installation instructions. +If an 802.11 AC 5GHz wireless mode is desired with the RPi's onboard chipset, you must first configure a country that permits wireless operation on the 5GHz band. Refer to this FAQ for more information.

+

Create the hostapd configs

+

The simplest method to achieve this is to use RaspAP's Hotspot > Basic tab to create the base configurations. Configure an AP for the onboard wlan0 interface with the settings shown below. Choose Save settings to write this to the filesystem.

+

+

Open your preferred terminal program and enter the following command to copy this as a new wlan0 configuration:

+
sudo cp /etc/hostapd/hostapd.conf /etc/hostapd/wlan0.conf
+
+

Next, configure a second AP for the external wlan1 interface with the settings shown below. Again, choose Save settings to write this to the filesystem.

+

+

Enter the following command to copy this as a new wlan1 configuration:

+
sudo cp /etc/hostapd/hostapd.conf /etc/hostapd/wlan1.conf
+
+
+

Tip

+

If you decide to create two APs on the same band, for example 802.11n 2.4GHz, be sure to select two different channels for each interface.

+
+

Configure dnsmasq

+

RaspAP's default settings includes a preconfigured wlan0 file for the dnsmasq service. Execute cat /etc/dnsmasq.d/090_wlan0.conf to display its contents:

+
# RaspAP wlan0 configuration
+interface=wlan0
+domain-needed
+dhcp-range=10.3.141.50,10.3.141.254,255.255.255.0,12h
+
+

Next, we will copy this file and make some modfications to it:

+
sudo cp /etc/dnsmasq.d/090_wlan0.conf /etc/dnsmasq.d/090_wlan1.conf
+sudo nano /etc/dnsmasq.d/090_wlan1.conf
+
+

Edit this file so it looks like the example below, then save it and exit your editor.

+
# RaspAP wlan1 configuration
+interface=wlan1
+domain-needed
+dhcp-range=10.4.141.50,10.4.141.254,255.255.255.0,12h
+
+

Configure dhcpcd

+

Similar to dnsmasq, the dhcpcd service is preconfigured with RaspAP's default settings. Open this file in an editor by executing sudo nano /etc/dhcpcd.conf, then add a wlan1 block to the end of the file:

+
# RaspAP default configuration
+hostname
+clientid
+persistent
+option rapid_commit
+option domain_name_servers, domain_name, domain_search, host_name
+option classless_static_routes
+option ntp_servers
+require dhcp_server_identifier
+slaac private
+nohook lookup-hostname
+
+# RaspAP wlan0 configuration
+interface wlan0
+static ip_address=10.3.141.1/24
+static routers=10.3.141.1
+static domain_name_server=9.9.9.9 1.1.1.1
+
+# RaspAP wlan1 configuration
+interface wlan1
+static ip_address=10.4.141.1/24
+static routers=10.4.141.1
+static domain_name_server=9.9.9.9 1.1.1.1
+
+
+

Note

+

RaspAP only manipulates /etc/hostapd/hostapd.conf so your custom hostapd configs won't be touched. The version 2.6 release lets you manage the dhcpcd and dnsmasq configs from the UI, while also preserving any manual changes.

+
+

Finally, enable the Log DHCP requests toggle on RaspAP's DHCP Server > Logging tab. Be sure to restart the dnsmasq service.

+

Starting the hotspots

+

Ensure that hostapd is not already running before proceeding. You may stop the service with sudo systemctl stop hostapd.service or by using the Stop hotspot button in RaspAP's UI. +Now we are ready to run hostapd interactively with the configurations we've created above. The debug switch -dd is optional but useful for troubleshooting:

+
sudo hostapd -dd /etc/hostapd/wlan0.conf /etc/hostapd/wlan1.conf
+
+

Connect clients to each AP and monitor the output. You may stop hostapd from the terminal with the Ctrl+C keystroke. Alternatively, you may send the process to the background with Ctrl+Z and restore it to the foreground with fg.

+

Troubleshooting

+

With RaspAP's DHCP logging option enabled, it can be useful to monitor this service's activity from the terminal. Execute tail -f /tmp/dnsmasq.log and try associating and disconnecting client devices from each AP.

+

Discussions

+

Questions or comments about multiple APs? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/net-devices/index.html b/net-devices/index.html new file mode 100644 index 00000000..b66aa3bb --- /dev/null +++ b/net-devices/index.html @@ -0,0 +1,1551 @@ + + + + + + + + + + + + + + + + + + + + + + + Network devices - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Network devices

+

Overview

+

Experimental ยท Insiders only

+

Insiders are able to manage a variety of physical network devices as a source of data connectivity for RaspAP. +Broadly, this includes devices such as tethered phones, USB modems/routers, WLAN adapters and so on. This expands the practicality of RaspAP as a truly mobile AP for travel and/or field applications.

+

Supported device types

+

The following network devices are supported:

+
    +
  • Ethernet interface (eth)
    • +
  • Wireless adapter (wlan)
    • +
  • Mobile data modem (ppp)
    • +
  • Mobile data adapter with built-in router
    • +
  • USB connected smartphone (USB tethering)
    • +
+

All devices require a driver in order to be available for use with RaspAP.

+

Listing detected devices

+

The Networking > Devices tab displays a list of available devices with their attributes and assumed adapter type. The adapter type as well as the device name may be changed. +Incorrect device types might appear for some devices, which advertise themselves to the system as an ethernet (e.g. eth0) or usb (e.g. usb0) device. This often happens for USB connected phones and external routers.

+

Networking: Network devices

+

Changing the device name

+

Changing the name helps to distinguish different devices. This is especially important if, for example, the Access Point device is connected via USB and the automatically assigned name is changed. +This can sometimes occur when devices are connected in varying order.

+

To modify a device's name, enter a value in the Fixed name field and choose Change.

+

The only restriction for the device name is that it must only contain lowercase letters and numbers. The maximal length is limited to 20 characters. Devices names are automatically filtered accordingly.

+

Changing the MAC address

+

Sometimes you might need to set the MAC address of the WLAN interface to be the same as your PC or some other device on your network. This is known as MAC address cloning.

+

For example, some ISPs register your computer's MAC address when the service is first installed. When you place a router behind the cable or ADSL modem, the MAC address from the device WLAN port will not be recognized by the ISP.

+

External networking devices, like a Raspberry Pi, also have their own MAC addresses which can create authentication problems. This often occurs on guest Wi-Fi networks.

+

You can clone the MAC address of the WLAN interface (or any other valid interface) to be the same as your computer's MAC address. To create this configuration, follow the steps below:

+
    +
  1. Open the Networking > Devices tab.
    2. +
  2. Choose a MAC address for the interface you wish to clone.
    3. +
  3. Enter a valid address in the MAC field and click or tap Change.
    4. +
  4. The new MAC address will be configured immediately.
    5. +
+

image

+
+

Note

+

Virtual interfaces such as OpenVPN's tun0 or WireGuard's wg0 do not have this capability. To avoid potential conflicts, change the MAC address and reconnect the device before modifying any other settings.

+
+

Ethernet interfaces

+

The built-in ethernet adapter as well as USB adapters are usually detected automatically. In these cases no configuration is required. +Devices such as USB tethered phones might appear as an ethernet device as well. The same applies to mobile data adapters that also contain a router.

+

In these cases, the type may be adjusted in the device list and a name assigned to the device. This will have an effect on the network device widget shown on the dashboard.

+

Wireless network devices

+

These devices are usually listed with the automatically assigned device name prefix wlan, for example wlan0. If multiple wlan interfaces are used, it can be advantageous to assign a unique +name to the device.

+

Wireless devices will only appear if a supported driver exists in the currently installed OS. If your device does not appear in the list, this usually indicates that a required device driver is missing. +The helper script install_wlan_driver_modules.sh available in RaspAP/raspap-tools +can be used to search for and install existing driver modules.

+

Mobile data modems

+

Modems or Point-to-Point Protocol (ppp) devices require login data. This includes a PIN number to unlock the SIM card, the Access Point Name (APN) and login data of your mobile network provider. +These values may be entered under the Networking > Mobile Data tab.

+

image

+

Values entered here are stored in the file /etc/wvdial.conf. This configuration file contains the basic configuration needed to unlock the SIM card and connect +to the network. This has been tested with a Huawei E1550. If your device requires different AT-commands, you will need to manually change this configuration.

+

When a connected modem is attached, the connection mode, signal quality and network provider will be displayed on the dashboard.

+

image

+
+

Note

+

The names of modems cannot be changed. The reason is that the device name ppp0 is directly coupled with the required system services.

+
+

What if my modem device doesn't appear?

+

In this case your connected modem device is not recognized by the OS, or it has not been switched into modem mode by usb_modeswitch. +Check the log file (journalctl) for problems with the device.

+

Mobile data adapters with built-in routers

+

Mobile data USB devices which provide router functionality will usually appear as an ethernet device, for example eth1. This implies that the device has to be pre-configured +to work without a PIN for the SIM card and without login data. Typically, this can be done via a browser based administration interface on any computer.

+ +

A special case are Huawei Hilink devices (e.g. Huawei E3372h-320). RaspAP can communicate directly with these devices. Be sure that the administration interface is not locked with a user/password. +The PIN number entered on the Networking > Mobile Data tab will be used to unlock the SIM card. In addition, connection information (mode, signal quality and network provider) are +extracted from the device and displayed on the dashboard. The dashboard button to stop/start the device is active and will disconnect/connect the mobile network.

+

image

+

The model E3372h-320 will be detected as a Hilink device and appears with the name hilink0. Other Hilink devices require a corresponding assignment on the Networking > Devices tab.

+

USB tethered phones

+

A phone connected via USB and with USB tethering enabled will appear as either an ethernet device (e.g. eth1), or as a USB network device (e.g. usb0). +Changing the device type to phone will result in a corresponding display on the dashboard. In this case the default name is phone0.

+

image

+

Configuration files

+
    +
  • All device specific settings are stored as UDEV rules in the file /etc/udev/rules.d/80-raspap-net-devices.rules.
    • +
  • The templates for the UDEV rules are stored in /etc/raspap/networking/client_udev_prototypes.json. This file contains the list of recognized device types.
    • +
  • Mobile data settings are stored in: /etc/raspap/networking/mobiledata.ini
    • +
  • Modem AT-commands and login data are stored in: /etc/wvdial.conf
    • +
+

Diagnostics

+

A built-in tool to evaluate network performance is available on the Networking > Diagnostics tab. This permits testing of both local network throughput (that is, data transfer over a wired or wireless interface between RaspAP and a connected client) and internet speed (data transfer between a RaspAP instance and remote host). Ping, jitter download and upload metrics are included in the test.

+ + +

The remote host is RaspAP's public speedtest server located in the United States. Additional speedtest hosts distributed in other geographic centers are forthcoming.

+

Discussions

+

Questions or comments about network devices support? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/openvpn/index.html b/openvpn/index.html new file mode 100644 index 00000000..ee0ba64e --- /dev/null +++ b/openvpn/index.html @@ -0,0 +1,1387 @@ + + + + + + + + + + + + + + + + + + + + + + + OpenVPN - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

OpenVPN

+

+

Overview

+

OpenVPN may be optionally installed by the Quick Installer. Once this is done, you can create a client configuration and manage the openvpn-client service with RaspAP.

+

Enabling OpenVPN

+

To configure an OpenVPN client, upload a valid .ovpn file from your provider and, optionally, specify your login credentials. For clarity, these steps are described below:

+
    +
  1. Enter your credentials, if needed, into the Username and Password fields.
    2. +
  2. Browse to your provider's .ovpn file and choose Save settings.
    3. +
  3. Confirm that the OpenVPN client.conf uploaded successfully.
    4. +
  4. Choose Start OpenVPN.
    5. +
+

The video walkthrough below illustrates the steps of configuring an OpenVPN client from start to finish.

+ + +

Tunneling traffic

+

RaspAP will store your client configuration and add firewall rules to forward traffic from OpenVPNโ€™s tun0 interface to your configured wireless interface. +In the example below, the default AP interface wlan0 is used:

+
iptables -A POSTROUTING -o tun0 -j MASQUERADE
+iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
+
+

Public IP address

+

After a page reload, your new public IPv4 address will be indicated. Click or tap the icon to open a new window with details about your +public IP.

+

Multiple client configs

+

RaspAP lets you manage multiple OpenVPN client configurations. This includes the ability to upload, activate and delete any number of valid .ovpn files and +associated login credentials. Thereafter, switching between them is done by simply activating the desired profile. Traffic is automatically routed to clients connected on the AP interface.

+

+

Activating a profile will restart the openvpn-client service automatically. Additionally, openvpn-service activity may be tracked in the Logging tab.

+

Certificate authentication

+

Alternatively, you may also authenticate with a signing certification authority (CA) certificate. This is an alternative to the default username and password authentication, and is +often used with a private or self-hosted OpenVPN server.

+

+

To use this method, upload an OpenVPN configuration file (.ovpn) with the certificate authority (CA) certficate, client certificate and client private key enclosed in tags as described above.

+

Mitigating DNS leaks

+

Remote hosts use a variety of methods to defeat VPNs, some more aggressively than others. Many VPN providers will advise you to configure custom DNS servers to mitigate DNS leaks, +which you can do from RaspAP's DHCP > Advanced tab. You can also test for this with https://dnsleaktest.com/.

+

Other providers have specific VPN nodes to use with popular streaming services. It's recommended to check with your provider and follow their suggestions.

+

When an OpenVPN client is configured, RaspAP adds NAT rules with iptables to forward all packets from the AP interface to tun0. +If you suspect network traffic is not being routed through tun0 (or any other interface) for some reason, you can monitor this directly from your RPi with iftop:

+
sudo apt install iftop
+sudo iftop -i [interface]
+
+

Browser considerations

+

The Mozilla Foundation recently added a DNS over HTTPS (DoH) proprietary service to its Firefox browser. As of this writing, this "feature" is enabled by default for users in the United States. +A consequence of DoH is that DNS requests will be resolved by Mozilla's DNS servers, instead of your VPN provider's. Instructions for disabling this DoH may be found here.

+

Troubleshooting

+

See the FAQ section for OpenVPN.

+

Discussions

+

Questions or comments about using OpenVPN? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/overrides/main.html b/overrides/main.html new file mode 100644 index 00000000..2ae33bec --- /dev/null +++ b/overrides/main.html @@ -0,0 +1,7 @@ +{% extends "base.html" %} + +{% block announce %} + For updates follow @RaspAP on Twitter +{% endblock %} diff --git a/providers/index.html b/providers/index.html new file mode 100644 index 00000000..45f0596e --- /dev/null +++ b/providers/index.html @@ -0,0 +1,1444 @@ + + + + + + + + + + + + + + + + + + + + + + + VPN Providers - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

VPN Providers

+

+

Overview

+

Experimental

+

Several popular VPN providers include a Linux Command Line Interface (CLI) for interacting with their services. As a new beta feature, you may optionally control these VPN services from within RaspAP. In this way, after your preferred CLI is installed on your system you may administer it thereafter by using RaspAP's UI.

+

Installation

+

To configure VPN provider support, respond by pressing Enter to accept the default Y option when prompted by the Quick installer:

+
RaspAP Install: Configure VPN provider support (Beta)
+Enable VPN provider client configuration? [Y/n]:
+
+

Next, select an available VPN provider from the list. For the initial beta, we've identified three of the most popular VPN services that have Debian compatible Linux CLIs. Enter a number corresponding to your desired VPN provider followed by the Enter key.

+
Select an option from the list:
+  1) ExpressVPN
+  2) Mullvad VPN
+  3) NordVPN
+  0) None
+Choose an option: 3
+Configuring support for NordVPN
+Adding /usr/bin/nordvpn to raspap.sudoers
+Enabling administration option for NordVPN
+Adding VPN provider to /etc/raspap/provider.ini
+[ โœ“ ok ]
+
+

The installer will configure RaspAP to administer the corresponding Linux CLI. Choosing 0 (None) followed by Enter will exit the VPN provider option and continue with the installer.

+

Provider CLIs

+

RaspAP provides a visual interface to interact with your chosen VPN provider's CLI. To facilitate this, you must first install and configure the CLI on your system. Specific steps will depend on your VPN provider; consult the online documentation for your chosen VPN service.

+
+

Note

+

The RaspAP project has no affiliation whatsoever with the supported VPN providers. Each provider was selected solely based on availability of their Debian compatible CLIs.

+
+

NordVPN is demonstrated in the following example. Begin by executing the install script: +

sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)
+

+

After the installer completes, verify the CLI by checking its version:

+
nordvpn --version
+NordVPN Version 3.16.6
+
+

Next, activate your account. The --callback and --token methods are useful for headless setups. The latter is shown below:

+
nordvpn login --token [myToken]
+Welcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.
+
+

Before establishing a VPN connection with the CLI, add a rule to whitelist port 22. This will prevent the VPN from disrupting access to the shell via SSH: +

nordvpn whitelist add port 22
+Port 22 (UDP|TCP) is allowlisted successfully.
+

+

Now, execute the following to connect to a recommended VPN server: +

nordvpn connect
+Connecting to France #817 (fr817.nordvpn.com)
+You are connected to France #817 (fr817.nordvpn.com)!
+

+

With these setps completed, you are now ready to begin administering your VPN provider with RaspAP.

+

Administer your provider

+

Continuing from the above example, access your VPN provider's UI page from RaspAP. From the Settings page, you can view your account status, connect to a recommended VPN server or choose a specific country from the select list.

+

Below, RaspAP displays the CLI output when a country is selected from the list followed by Save settings:

+

+

On the Status tab, information about your installed provider CLI and current connection status are displyed:

+

+

You may perform the same operations with any of the supported VPN providers.

+
+

Tip

+

Many VPN providers have firewalls enabled by default that can disrupt access to your system via SSH. For this reason, it's recommended to perform these basic CLI functions from your terminal before using them with RaspAP. If your SSH session is disrupted, a reboot will usually restore the connection. Consult your VPN provider's documentation for more advice.

+
+

If a configured provider's CLI is not found, RaspAP will detect this and give you a helpful pointer to the CLI's installation instructions:

+

+

Likewise, if the CLI binary exists but RaspAP is unable to execute it, a diagnostic message will be displayed.

+

Control scope

+

Each VPN provider's CLI offers different command sets to control various aspects of their service. For this beta release, RaspAP may be used to administer basic functions including connect, disconnect, status, account information and country (or city) selection for the remote VPN server.

+
nordvpn settings
+Technology: NORDLYNX
+Firewall: disabled
+Firewall Mark: 0xe1f1
+Routing: enabled
+Analytics: enabled
+Kill Switch: disabled
+Threat Protection Lite: disabled
+Notify: disabled
+Auto-connect: disabled
+IPv6: disabled
+Meshnet: disabled
+DNS: disabled
+LAN Discovery: disabled
+Allowlisted ports:
+       22 (UDP|TCP)
+
+

More advanced CLI settings such as whitelists, kill switches, firewalls, protocols and so on (shown above) should be administered with your CLI directly.

+

Public IP

+

After a VPN connection is established, your public IPv4 address will be displayed next to a globe icon below your provider name on the Settings tab. Click or tap on the external link icon to see details about your IP location.

+

AP clients

+

If your device is connected to the internet via Ethernet (eth0), clients connected on the AP interface (wlan0 for example) will have their traffic automatically routed through the VPN connection.

+

Troubleshooting

+

RaspAP uses each CLI to fetch the most detailed available connection information and display this on the Status tab. The level of detail varies from one provider to the next. If you suspect a problem with your VPN service, it's recommended to check this output and use it for troubleshooting purposes with your VPN provider.

+

Whitelisting services

+

Additionally, you might want to consider whitelisting other ports that are commonly used for essential network services. For instance, with NordVPN's CLI you may whitelist TCP port 53 and UDP port 67 with the following commands:

+
nordvpn whitelist add port 53
+nordvpn whitelist add port 67
+
+

This will allow devices connecting to your AP to obtain an IP address. Refer to your provider's CLI documentation for more information.

+

Discussions

+

Questions or comments about using VPN providers? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/quick/index.html b/quick/index.html new file mode 100644 index 00000000..06c1b172 --- /dev/null +++ b/quick/index.html @@ -0,0 +1,1677 @@ + + + + + + + + + + + + + + + + + + + + + + + Quick installer - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Quick installer

+

Overview

+

The Quick installer has been designed to assist users with creating an instance of RaspAP both quickly and with a great deal of flexibility. +The install loader will respond to several command line arguments, or switches, to customize your installation in a variety of ways, or install one of RaspAP's optional helper tools.

+

Alternatives

+

The installer gives you the greatest level of flexibility for creating an instance of RaspAP. However, if your goal is to use RaspAP as a component of a larger project, or wish to isolate its dependencies from existing software on your system, consider deploying RaspAP in a Docker container instead.

+

Usage

+

The Quick installer has several options for configuring a RaspAP installation. You can get usage notes from your command shell by requesting the installer like so:

+
curl -sL https://install.raspap.com | bash -s -- --help
+
+

Appending -s -- [option] to the Quick Install directive will activate one or more options. Several options may be chained together to customize an installation. Examples are given below.

+

Examples

+

The installer may be invoked locally or remotely via curl. Examples with both cases and various options are given below.

+

Invoke installer remotely, run non-interactively with option flags: +

curl -sL https://install.raspap.com | bash -s -- --yes --wireguard 1 --adblock 0
+

+

Invoke remotely, uprgrade an existing install to the Insiders Edition. The --name and --token arguments are optional; if they are not specified the user will be prompted to authenticate with GitHub: +

curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders --name <name> --token <token>
+

+

Invoke remotely, perform an unattended update to the latest release version: +

curl -sL https://install.raspap.com | bash -s -- --yes --update --path /var/www/html
+

+

Run locally specifying a GitHub repo and branch: +

raspbian.sh --repo foo/bar --branch my/branch
+

+

Run locally requesting release info: +

raspbian.sh --version
+

+

Switches

+

-y, --yes, --assume-yes

+

This option enables unattended installations, such that the installer assumes "yes" as an answer to all user prompts. This behavior is identical to how the same option with the apt-get package handler works.

+

-c, --cert, --certificate

+

This option installs an SSL certificate with mkcert and configures lighttpd for HTTPS support. It does not (re)install RaspAP. Details are provided here.

+

-o, --openvpn <flag>

+

Used with the -y, --yes option above, this sets the OpenVPN install option (0 = don't install OpenVPN). Given that OpenVPN support is an optional extra, this enables an unattended setup without installing it.

+

-a, --adblock <flag>

+

Used with the -y, --yes option above, this sets the Ad Blocking install option (0 = don't install Adblock). Given that Adblock support is an optional extra, this enables an unattended setup without installing it.

+

-w, --wireguard <flag>

+

Used with the -y, --yes option above, this sets the WireGuard install option (0 = don't install WireGuard). Given that WireGuard support is an optional extra, this enables an unattended setup without installing it.

+

-e, --provider <value>

+

Used with the -y, --yes option above, this sets the VPN provider install option. Valid numeric option values are: +

  1 = ExpressVPN
+  2 = Mullvad VPN
+  3 = NordVPN
+  0 = None
+

+

-r, --repo, --repository <name>

+

If you have forked this project to your own GitHub repo, this option lets you override the default GitHub repo (RaspAP/raspap-webgui) used to install RaspAP. An alternate repository name is a required parameter.

+

-b, --branch <name>

+

Similarly, this option overrides the default git branch. This is useful if you have created a feature branch (my-feature) and wish to perform an installation using the Quick Installer. An alternate branch name is a required parameter.

+

An example combining the -r, --repo and -b, --branch options is given below: +

curl -sL https://install.raspap.com | bash -s -- --repo foo/bar --branch my-feature
+

+

-t, --token <accesstoken>

+

Specify a GitHub personal access token to authenticate with a private repository. Used together with the -n, --name option (below).

+

-n, --name <username>

+

Specify a GitHub username to access a private repository. An example combining the --token and --name options is given below:

+
curl -sL https://install.raspap.com | bash -s -- --name billz --token [my-token]
+
+

-u, --upgrade

+

Upgrades an existing RaspAP installation to the latest release version.

+

-d, --update

+

Performs a minimal update of an existing installation to the latest release version. This differs from the -u, --upgrade option in several ways. The user is not prompted to install optional RaspAP components, and several steps used for an initial installation are not performed. Existing configuration files remain intact.

+

-p, --path <path>

+

Sets the application path for an existing RaspAP installation.

+

It may be combined with the -d, --update and -y, --yes options to perform an unattended update. An example is given below:

+
curl -sL https://install.raspap.com | bash -s -- --update --path /var/www/html --yes
+
+

-i, --insiders

+

Installs from the Insiders Edition (RaspAP/raspap-insiders).

+

-m, --minwrite

+

Configures a microSD card for minimum write operation.

+

-v, --version

+

Queries the Github API, outputs the latest RaspAP release version and exits.

+

-n, --uninstall

+

Loads and executes the uninstaller.

+

-h, --help

+

Outputs these usage notes and exits.

+

Discussions

+

Questions or comments about using RaspAP's Quick installer? Join the discussions here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/repeater/index.html b/repeater/index.html new file mode 100644 index 00000000..5bc09d4c --- /dev/null +++ b/repeater/index.html @@ -0,0 +1,1485 @@ + + + + + + + + + + + + + + + + + + + + + + + WiFi repeater - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

WiFi repeater

+

+

Overview

+

A popular use case for RaspAP is to connect to your wireless network and rebroadcast an existing wireless signal. Often known as a wireless repeater, this setup is particularly useful if you are +experiencing problems with "dead spots" in your WiFi network. This step-by-step walkthrough will assist you in creating this configuration.

+

How a WiFi repeater works

+

A WiFi repeater receives an existing WiFi signal, amplifies it and then transmits the boosted signal. With this arrangment you can effectively double the coverage area of your WiFi network — reaching far corners of your home or office, different floors, or even extend coverage outside to a yard or garage. A repeater effectively contains two wireless routers and a minimum of two antennas. One of these wireless routers picks up the existing WiFi network. It then transfers the signal to the other wireless router, which retransmits the boosted signal.

+
+Note +

A wireless repeater will restrict your maximum throughput. This is because WiFi is a half-duplex system, meaning only one device may transmit data at any given time. The repeater must accept incoming and outgoing packets from clients and forward those packets on to the next WiFi router and accept replies. In practice, you can expect half the bandwidth as a non-boosted signal, as each packet must go over the air twice.

+
+

We will create this setup with a WiFi-capable Raspberry Pi (or similar device) and an external USB wireless adapter, or dongle.

+

Steps to create a repeater

+

+

Refer to the diagram above as we walk through the steps of creating this configuration.

+

Connect a USB WiFi dongle

+

Begin by connecting an external wireless adapter to a USB port on your device. Your choice of adapter is important — external WiFi adapters (ie, "dongles") vary greatly in terms of hardware capabilities and driver support. Many do not have support for AP mode, require a powered USB hub, manual driver and/or firmware installation or are otherwise not well suited for this application.

+

To determine if your USB WiFi adapter is capable of hosting an AP, execute the following:

+
$ iw list
+...
+    Supported interface modes:
+         * IBSS
+         * managed
+         * AP
+         * P2P-client
+         * P2P-GO
+         * P2P-device
+
+

If "AP" does not appear in the list above, save yourself some time and find another adapter.

+

You should also pair an adapter with the wireless mode you intend to operate from your device's onboard wireless chipset. For example, if you wish to use a Raspberry Pi 4's 802.11ac 5 GHz wireless mode, make sure your adpater also supports this mode.

+

We strongly recommend this resource which lists USB WiFi adapters with in-kernel Linux drivers. These will work out of the box on Debian-based devices without +installing third-party drivers. You may also wish to skip directly to this short list of "superstar" USB WiFi adapters for Linux. Pay special attention to those that are excellent choices for 5 GHz AP mode, if this +is desired.

+

Create the access point

+

After installing RaspAP your device will broadcast an 802.11g 2.4 GHz access point with the SSID raspap-webgui. By default, this uses your device's onboard wireless adapter and the wlan0 interface. Your AP configuration may be changed at any time, however it's recommended to change the default password at minimum before proceeding. You may also wish to change the SSID and wireless mode.

+
+

Note

+

The 802.11ac 5 GHz option is disabled until you configure your device's wireless regulatory domain. See this FAQ for more information.

+
+

Connect device to WiFi

+

With your USB dongle connected and AP active, use RaspAP's WiFi client interface to select and authenticate with your existing wireless router.

+

+

Alternatively, if you've used software such as the Raspberry Pi imager to install an OS on your microSD card, you may choose the "Configure wireless LAN" option +before booting your device for the first time. This will configure your wpa_supplicant.conf and your device should already be connected to your WLAN. In this case, you may skip this step.

+

Configure routing

+

Your current network configuration will display two default routes. This may be confirmed by checking the Routing table output on RaspAP's Networking interface. In the example below, wlan0 is the +AP interface and has a default route (identified by the default label) and a metric value of 303:

+

+

Note that our USB adapter is on the wlan1 interface and has a higher metric value of 304. It also has a default route. Until we configure these metrics, our WiFi repeater does not know how to route +packets from wlan1 (the client interface) to wlan0 (the AP interface) and vice versa. Clients connected to the AP will not have internet connectivity. Fortunately, this is easily fixed.

+

Metrics and default routes are used by dhcpcd, the DHCP daemon. Contrary to popular belief, RaspAP does not manipulate the IP routing table or set interface priorities without user input. The Linux kernel sets default metric values when +the interface is brought up and will usually choose the network routes it decides is best. The DHCP daemon uses these metrics to prioritize interfaces, where lower values are given a higher priority.

+

To configure routing for our repeater, select wlan0 (the AP interface, in this example) from the DHCP Server settings interface. Be sure that the "Install a default route for this interface" option is disabled.

+

+

Scroll to the bottom and set a metric value of 305 for this interface, then choose Save settings:

+

+

This instructs the DHCP daemon to treat the wlan0 interface with a lower priority than the wlan1 interface. There's nothing magic about the value "305" in this example — the important thing is that the AP interface has a higher value, and thus a lower priorty, than the wlan1 interface.

+

For your changes to take effect, choose Restart hotspot from the Hotspot interface.

+

Behind the scenes, RaspAP has configured the wlan0 interface in /etc/dhcpcd.conf like so:

+
# RaspAP wlan0 configuration
+interface wlan0
+static ip_address=10.3.141.1/24
+static routers=10.3.141.1
+metric 305
+nogateway
+
+

This is reflected in the updated routing table, visible on the Networking interface. In the example below, the wlan0 interface hosting the AP no longer has a default route and shows a higher metric +value (lower priority) than the wlan1 interface:

+

+

If you don't see these changes in the routing table, be sure to restart the hotspot.

+

Alternate routing method

+

Experimental ยท Insiders only

+

As a convenience, Insiders are able to configure routing automatically by enabling the WiFi repeater mode toggle on the Hotspot > Advanced tab.

+

WiFi repeater mode

+

Save settings and choose Start hotspot or Restart hotspot to activate the wireless repeater. As with AP-STA mode this option is disabled or "greyed out" until a wireless client is configured.

+

Connecting clients

+

At this stage, you may connect clients to the AP as you would normally. Two different methods are described here.

+

Switching interfaces

+

If you would like to switch the wlan interfaces, select a different interface for the AP on the Hotspot > Basic tab, then choose Save settings. Reverse the DHCP settings in the previous step, then restart the AP or reboot your device. In order to still be able to access the web UI, connect your device via an ethernet cable.

+

Troubleshooting

+

If your clients do not have internet connectivity, start by following these troubleshooting steps. In most cases, problems may be diagosed and fixed by checking the service +logs and RaspAP's Networking interface. Help is available from the sources mentioned here.

+

Speed testing

+

RaspAP hosts a fast, open source and privacy-focused public speed test server that you can use to evaluate your WiFi repeater's performance. The remote host is RaspAP's public speedtest server located in the United States. Additional speedtest hosts distributed in other geographic centers are forthcoming.

+

Discussions

+

Questions or comments about configuring a WiFi repeater? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/search/search_index.json b/search/search_index.json new file mode 100644 index 00000000..052e380b --- /dev/null +++ b/search/search_index.json @@ -0,0 +1 @@ +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Overview","text":"

Simple AP setup & WiFi management for Debian-based devices

"},{"location":"#about","title":"About","text":"

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. Our popular Quick installer and Docker container create a known-good default configuration in minutes on all current Raspberry Pis with onboard wireless.

"},{"location":"#quick-start","title":"Quick start","text":"

Start with a clean install of the latest release of Raspberry Pi OS Lite. Both the 32- and 64-bit release versions are supported. The Raspberry Pi OS Desktop distro is currently unsupported.

Tip

Be sure to use an official power supply with your device. Power supply requirements differ by Raspberry Pi model. Inadequate voltage is the source of many WiFi issues.

Update RPi OS to its latest version, including the kernel and firmware, followed by a reboot:

sudo apt-get update\nsudo apt-get full-upgrade\nsudo reboot\n
Set the WiFi country in raspi-config's Localisation Options: sudo raspi-config.

Important

Failure to perform this step will prevent the RPi from enabling wireless operation. When this happens, you will see the warning Wi-Fi is currently blocked by rfkill in the console.

Install RaspAP from your device's shell prompt: 

curl -sL https://install.raspap.com | bash\n
The Quick installer will complete the steps in the manual installation for you.

After the reboot at the end of the installation the wireless AP network will be configured as follows:

IP address: 10.3.141.1 Username: admin Password: secret DHCP range: 10.3.141.50 to 10.3.141.254 SSID: raspi-webgui Password: ChangeMe

Your AP's basic settings and many advanced options are now ready to be modified by RaspAP.

Tip

If this is not a clean install or you are configuring a device with a non-standard integration it's strongly recommended to follow the manual installation instructions or deploy RaspAP in a Docker container.

"},{"location":"#get-insiders","title":"Get Insiders","text":"

RaspAP is free software, but powered by your support. If you find RaspAP useful for your personal or commercial projects, become a sponsor and get access to exclusive features in the Insiders Edition.

"},{"location":"#compatible-operating-systems","title":"Compatible operating systems","text":"

RaspAP was originally made for Raspbian, but now also installs on the following Debian-based distros.

Distribution Release Architecture Support Raspberry Pi OS (64-bit) Lite Bookworm ARM Official Raspberry Pi OS (32-bit) Lite Bookworm ARM Official Raspberry Pi OS (64-bit) Lite Bullseye ARM Official Raspberry Pi OS (32-bit) Lite Bullseye ARM Official Armbian 23.11 (Jammy) ARM Beta Debian Bookworm ARM / x86_64 Beta Ubuntu Server 23.04 (Lunar) ARM / x86_64 Beta

You are also encouraged to use RaspAP's community-led Docker container.

Please note that \"supported\" is not a guarantee. If you are able to improve support for your preferred distro, we encourage you to actively contribute to the project.

"},{"location":"#get-involved","title":"Get involved","text":"

We welcome all users of RaspAP to contribute to the project. This can take the form of issue reports, discussions, or pull requests. Developers can get started by following these steps:

  1. Fork the project in your account and create a new branch: your-great-feature.
  2. Open an issue in the repository describing the feature contribution you'd like to make.
  3. Commit changes in your feature branch.
  4. Open a pull request and reference the initial issue in the pull request message.

Find out more about our coding style guidelines and recommended tools.

"},{"location":"#discussions","title":"Discussions","text":"

Questions or comments about the Quick start? Join the discussion here.

"},{"location":"adblock/","title":"Ad blocking","text":"

RaspAP has introduced a new DNS based filter to stop ads, trackers, malware and other undesirable hosts in their tracks.

In the best of times, ads are usually just annoying. When access to online services served by our AP is hampered by ads, malware and trackers, the best tool in our arsenal is DNS blacklisting. RaspAP already uses dnsmasq to manage both DHCP and DNS, so we have the foundation for a highly effective ad blocking facility.

"},{"location":"adblock/#quick-installer","title":"Quick installer","text":"

To install ad blocking with DNS blacklists, simply respond with Y or press Enter when prompted by the installer:

Install ad blocking and enable list management? [Y/n]\n

The installer will download the blocklists, configure RaspAP to use them and enable the Ad blocking management page.

Ad blocking is enabled and active for clients connected to your AP. You may update the blocklists or disable ad blocking with the management page. These actions are described below.

"},{"location":"adblock/#manual-installation","title":"Manual installation","text":"

Ad blocking may also be installed manually. Refer to the detailed installation steps.

"},{"location":"adblock/#blocklist-sources","title":"Blocklist sources","text":"

Blocklists are sourced from multiple, continuously updated open source projects. These are divided into two groups: hosts and domain blocklists. By default, RaspAP's ad block facility uses StevenBlack's hosts as the primary hosts blocklist. This repository is a hosts file aggregator that consolidates several reputable hosts files and merges them into a unified, optimized hosts file with duplicates removed.

Alternatively, users may choose from a number of host blocklist sources maintained by the badmojr/1Hosts GitHub project. These lists are compiled daily into Mini, Lite, Pro and Xtra versions depending on specific user needs. Refer to the GitHub project for an explanation of these different blocklists.

In addition to blocking hosts, domain blocking gives us the ability to use wildcards with dnsmasq to block an entire domain (for example, baddomain.org) with a single rule. This includes all known and unknown subdomains, such as *.baddomain.org. Domain blocklists are provided by the OISD project. Similar to hosts lists, these are continuously updated and curated into several lists: Small, Big and NSFW. Refer to the OISD project for an explanation of these lists.

"},{"location":"adblock/#updating-lists","title":"Updating lists","text":"

Each of the hosts and domains blocklists are updated daily, so it's a good practice to refresh them periodically. You can do this from the Ad Blocking management page in RaspAP. Simply select the list from the dropdown and choose Update now.

Next to the update button, a gear icon will appear to indicate that the selected list is being downloaded. Thereafter, a timestamp after each list will indicate when it was last updated.

Note

To apply the latest blocklists, be sure to Restart Ad Blocking.

"},{"location":"adblock/#automatic-updates","title":"Automatic updates","text":"

Alternatively, you may wish to automate the process of keeping the ad block source lists up-to-date. A method to achieve this is described in this FAQ.

"},{"location":"adblock/#custom-blocklist","title":"Custom blocklist","text":"

In addition to the notracking blocklists, you may create your own host blocklist by adding entries on the Custom blocklist tab. Define custom hosts to be blocked by entering an IPv4 or IPv6 address followed by any whitespace (spaces or tabs) and the host name. An IPv4 example would take the form 0.0.0.0 badhost.com. Choose Save settings and Restart Ad Blocking.

Note

As the name suggests, this is effective at blocking individual hosts, but not entire domains (or subdomains).

"},{"location":"adblock/#enabling-logging","title":"Enabling logging","text":"

By default, DNS logging is disabled. If you'd like to see which hosts are being blocked, enable it on the DHCP Server > Logging tab by selecting the Log DNS queries toggle. Save settings and Restart Ad Blocking. The Logging tab on the Ad Blocking page will display blacklisted DNS queries with host addresses of 0.0.0.0. A sample of blocked ad/tracker requests is below.

dnsmasq[9633]: config static.ads-twitter.com is 0.0.0.0\ndnsmasq[9633]: config tag.bounceexchange.com is 0.0.0.0\ndnsmasq[9633]: config cdn.boomtrain.com is 0.0.0.0\ndnsmasq[9633]: config securepubads.g.doubleclick.net is 0.0.0.0\ndnsmasq[9633]: config c.amazon-adsystem.com is 0.0.0.0\ndnsmasq[9633]: config pixel.adsafeprotected.com is 0.0.0.0\ndnsmasq[9633]: config ad.doubleclick.net is 0.0.0.0\ndnsmasq[9633]: config www.summerhamster.com is 0.0.0.0\ndnsmasq[9633]: config c2.taboola.com is 0.0.0.0\ndnsmasq[9633]: config ads.servebom.com is 0.0.0.0\ndnsmasq[9633]: config s.cpx.to is 0.0.0.0\ndnsmasq[9633]: config pixel.quantserve.com is 0.0.0.0\ndnsmasq[9633]: config cdn.taboola.com is 0.0.0.0\ndnsmasq[9633]: config sdk.iad-01.braze.com is 0.0.0.0\n
"},{"location":"adblock/#disabling-ad-block","title":"Disabling ad block","text":"

To disable the ad blocking service, slide the Enable blocklists toggle to its off position, then choose Save settings. You may then restart your hotspot for the changes to take effect.

"},{"location":"adblock/#about-blocklist-policies","title":"About blocklist policies","text":"

The blocklist sources chosen for RaspAP adhere to these policies:

  • Should not break useful websites or apps
  • Blocks tracking servers
  • Blocks advertising servers
  • Blocks analytics servers
  • Blocks scam websites
  • Blocks malware servers
  • Blocks webminers
  • Blocks phishing servers

Users may tailor RaspAP's ad blocking to suit their needs by selecting from multiple blocklist sources. Furthermore, domain blocklists enable full use of domain name based wildcard filtering (for example, *.baddomain.org). This reduces the chance of missing any new subdomains and significantly reduces the size of the blocklists.

"},{"location":"adblock/#discussions","title":"Discussions","text":"

Questions or comments about using Ad blocking? Join the discussion here.

"},{"location":"ap-basics/","title":"Access point settings","text":""},{"location":"ap-basics/#basics","title":"Basics","text":"

After running the Quick installer, Docker setup or following the manual installation steps, RaspAP will start up a routed wireless access point (AP) with a default configuration. As part of this initial setup, the hostapd service broadcasts an AP with the following settings:

Interface: wlan0 SSID: raspi-webgui Wireless Mode: 802.11n - 2.4GHz Channel: 1 Security Type: WPA2 Encryption Type: CCMP Passphrase: ChangeMe

Each of these settings may be changed on the Hotspot > Basic and Security tabs to any values you wish. Your changes will be applied and made visible on the broadcasted AP by choosing Save settings followed by Restart hotspot.

At this point, a dialog will appear to indicate the progress of the RaspAP service. This is a Linux systemd process that is responsible for starting up several network services in a specific order and timing.

"},{"location":"ap-basics/#connecting-clients","title":"Connecting clients","text":"

When the AP is operational, you may connect clients to it by using one of two methods:

  1. Select the SSID from the list of available networks on your device and enter the passphrase.
  2. Scan the QR code displayed on the Hotspot > Security tab and join the AP.

By default, clients are assigned IP addresses from the DHCP range 10.3.141.50 \u2014 10.3.141.254. These values may be changed in the DHCP options section of the DHCP server settings UI. If for some reason a client is unable to obtain an IP address from your AP, consult this FAQ.

"},{"location":"ap-basics/#80211ac-5-ghz","title":"802.11ac 5 GHz","text":"

For devices with compatible wireless hardware, RaspAP version 3.0 largely removes the guesswork in creating a 5 GHz access point. It achieves this by being tightly integrated with the wireless regulatory database used by the Linux kernel. Behind the scenes, RaspAP queries iw and intelligently matches its output with the 5 GHz channels allowed by hostapd, the user space daemon access point software.

From the Hotspot > Advanced tab, select your country from the dropdown then choose Save settings. This sets the wireless regulatory domain for your device. Now, on the Hotspot > Basic tab choose an interface and select the 802.11ac - 5 GHz wireless mode option. RaspAP will automatically populate the available 5 GHz channels for your country. Select a channel followed by Save settings, then Start or Restart hotspot.

Tip

Not all AC channels may be compatible with your hardware. If your hotspot fails to start, enable hostapd service logging by sliding the Logfile output toggle on the Hotspot > Logging tab, followed by Save settings, then Restart hotspot. See this FAQ for more assistance.

If the Channel dropdown and Save settings button are disabled, refer to this FAQ.

"},{"location":"ap-basics/#security-settings","title":"Security settings","text":"

WPA2 is currently the most secure standard utilizing AES (Advanced Encryption Standard) and a pre-shared key for authentication. WPA2 is also backwards compatible with TKIP to allow interoperability with legacy devices. AES uses the CCMP encryption protocol which is a stronger algorithm for message integrity and confidentiality.

By default, RaspAP's access point is configured with WPA2 and CCMP encryption. You may of course change this to allow legacy clients (older mobile devices, for example) by selecting TKIP+CCMP as the encryption type. Choose Save settings and Restart hotspot for your changes to take effect.

"},{"location":"ap-basics/#wpa3-personal","title":"WPA3-Personal","text":"

Experimental \u00b7 Insiders only

WPA3 is an improved encryption standard, thanks to Simultaneous Authentication of Equals (SAE) which replaces the Pre-Shared Key (PSK) authentication method used in prior WPA versions. WPA3-Personal allows for better password-based authentication even when using simple passphrases. In general, WPA3-Personal networks with simple passphrases are more difficult to crack by using brute-force, dictionary-based methods, as with WPA/WPA2.

WPA3 also requires the use of Protected Management Frames (PMFs) to increase network security. If you wish to connect AP clients that may not have support for WPA3-Personal or PMFs, a transitional security mode is also available.

Note

The Raspberry Pi's onboard wireless chipsets do not currently support the WPA3 standard. For this reason, in order to use this setting you will need to configure your AP with an external wireless adapter that supports WPA3.

"},{"location":"ap-basics/#80211w","title":"802.11w","text":"

Experimental \u00b7 Insiders only

The 802.11w amendment was introduced as a way to secure Wi-Fi management frames against attacks by ensuring that these frames are legitimately exchanged between an AP and its clients, rather than a malicious third-party. These 802.11w Protected Management Frames (PMFs) can mitigate common types of \"deauthentication\" and \"disassociation\" attacks.

Similar to WPA3-Personal, 802.11w may be configured in one of two modes: enabled and required. Enabled allows for mixed operation by allowing legacy devices that do not support 802.11w to associate while also allowing devices that support 802.11w to use the PMF features. Required will prevent clients that do not support 802.11w from associating with the SSID.

"},{"location":"ap-basics/#drag-drop-widgets","title":"Drag & drop widgets","text":"

Experimental \u00b7 Insiders only

The default dashboard layout may be customized to suit your needs. Enable this option from the System > Theme menu by selecting the Dynamic widgets toggle. Next, from the Dashboard click or tap the icon to modify the widgets. Each widget may be resized, dragged and repositioned. Release the widget to drop it into a new location.

Tip

This option works best for large displays. The default dashboard widgets are optimized for mobile devices and smaller displays.

Click or tap the icon a second time when you're done making changes. The new responsive dashboard layout will be saved to your browser's local storage.

"},{"location":"ap-basics/#printable-signs","title":"Printable signs","text":"

Experimental \u00b7 Insiders only

Beneath the QR code on the Hotspot > Security tab, you will find a link to open a \"Wi-Fi connect\" sign suitable for printing. Click or tap the link after the printer icon to open a new window with your hotspot's QR code, SSID and password neatly formatted.

To print, select File > Print from your browser's toolbar and adjust print preferences as needed. This feature can be especially useful if you operate a public wireless access point. You may also opt to integrate a captive portal for your visitors.

"},{"location":"ap-basics/#advanced-options","title":"Advanced options","text":"

The above sections cover everything you will need for a basic routed AP. The Hotspot > Advanced tab has several options that allow you to control advanced settings for the Linux hostapd service. These are discussed in the following sections.

"},{"location":"ap-basics/#bridged-ap-mode","title":"Bridged AP mode","text":"

If you wish to configure RaspAP as a bridged AP, this may be done by sliding the Bridged AP mode toggle, saving settings and restarting the hotspot. Be aware that when the hotspot restarts you will no longer be able to access the web interface from the default 10.1.141.1 address. Refer to this explanation and tips for administering your bridged AP.

"},{"location":"ap-basics/#wifi-repeater-mode","title":"WiFi repeater mode","text":"

Experimental \u00b7 Insiders only

RaspAP is capable of acting as a wireless repeater to connect to your wireless network and rebroadcast an existing signal. This requires configuring interface metrics and default routes with DHCP. Alternatively, enabling the WiFi repeater mode toggle will create these settings for you automatically.

Save settings and choose Restart hotspot to active the wireless repeater. As with AP-STA mode, described below, this option is disabled or \"greyed out\" until a wireless client is configured.

"},{"location":"ap-basics/#wifi-client-ap-mode","title":"WiFi client AP mode","text":"

RaspAP has support for this special mode, also known as a micro-AP or simply AP-STA. Typically this can be difficult to configure manually, but RaspAP performs most of the config work behind the scenes for you.

Note

This option is disabled or \"greyed out\" until a wireless client is configured. This can be done via the WiFi client UI, or by manually configuring a valid wpa_supplicant.conf.

Before using this mode, it is recommended that users familiarize themselves with how AP-STA works. Users of AP-STA mode should also be aware of its limitations, and understand that performance and stability of this AP mode will not be equal to using a second wireless adapter bound to a separate interface. For the latter, refer to this FAQ.

"},{"location":"ap-basics/#beacon-interval","title":"Beacon interval","text":"

Wireless APs continuously send beacon frames to indicate their presence, traffic load, and capabilities. The default hostapd beacon interval is 100ms. If desired, you may change this to any value between 15 and 65535.

"},{"location":"ap-basics/#disable-disassoc_low_ack","title":"Disable disassoc_low_ack","text":"

An AP may disassociate a client due to inactivity, transmission failures or other indications of connection loss. This phenomenon can usually be observed in the hostapd logs like so:

wlan0: AP-STA-DISCONNECTED 24:62:ab:fd:24:34\nwlan0: STA 24:62:ab:fd:24:34 IEEE 802.11: disassociated\nwlan0: STA 24:62:ab:fd:24:34 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)\n

This option sets the disassoc_low_ack boolean value for hostapd. Be aware that this value is dependent on driver capabilities. Moreover, hostapd may disassociate a client (or station) for a variety of reasons, so this is not a silver bullet.

"},{"location":"ap-basics/#transmit-power","title":"Transmit power","text":"

RaspAP allows you to control the transmit power of the configured AP interface. The default \"auto\" setting will suffice for the vast majority of APs. A lower txpower value can be useful to mitigate WiFi radio interference, for example if you are hosting multiple APs in a given area. It can also be advantageous to set txpower to a lower value in IoT or similar applications where reduced power consumption is needed.

Set the transmit power by selecting a value from the dropdown and choosing Save settings. The transmit power setting is expressed as dBm, or decibels (dB) with reference to one milliwatt (mW). It is not necessary to restart the AP for this to take effect.

"},{"location":"ap-basics/#maximum-number-of-clients","title":"Maximum number of clients","text":"

This option sets the max_num_sta value for hostapd, and is effective for placing a limit on the number of clients (stations) that can connect to your AP. When the limit is reached, new client connections will be rejected.

Note

The default setting is 2007, but this is merely the value set by hostapd from the IEEE 802.11 specification. It should not be interpreted as a guarantee that RaspAP can support this many simultaneous clients. In practice, this number depends on several factors and is a much lower value, as discussed in this FAQ.

"},{"location":"ap-basics/#troubleshooting","title":"Troubleshooting","text":"

RaspAP gives you advanced control over several Linux networking-related services. As a result, your AP may fail to start for a variety of reasons. You may also encounter errors connecting clients to the AP, have no internet on AP clients, or observe clients being disconnected from the AP for no apparent reason.

If any of the above happens, one of the best diagnostic tools at your disposal is RaspAP's built-in service logging facility. You may enable the hostapd service log by sliding the Logfile output toggle on the Hotspot > Logging tab and choosing Save settings. Finally, choose Restart hotspot and check the log output.

Similarly, you may also enable DHCP server activity by sliding either of the two logging options on the DHCP server > Logging tab.

"},{"location":"ap-basics/#debug-log","title":"Debug log","text":"

In some situations, you may need more comprehensive information to self-diagnose a problem. RaspAP lets you generate a debug log with a detailed summary of your system including the installed OS, Linux kernel version, attached USB devices, RaspAP settings, network configuration and current state of several AP-related services.

To create this log, simply click or tap on the Generate debug log button from the System > Tools tab. You will be prompted to choose a location to store the generated raspap_debug.log file on your local computer or mobile device. An example portion of RaspAP's debug log is shown below:

System Info\n===========\nHardware: Raspberry Pi 3 Model B Rev 1.2\nDetected OS: Debian GNU/Linux 12 (bookworm) 64-bit\nKernel: Linux raspberrypi 6.1.0-rpi4-rpi-v8 (2023-10-05) aarch64 GNU/Linux\nSystem Uptime: 4 days, 20 hours, 45 minutes\nMemory Usage: 29.0749%\n\nInstalled Packages\n==================\nPHP Version: 8.2.7 (cli) (built: Jun  9 2023 19:37:27) (NTS)\nDnsmasq Version: 2.89\ndhcpcd Version: 9.4.1\nlighttpd Version: 1.4.69\nvnStat Version: 2.10\n\nRaspAP Install\n==============\nRaspAP Version: 2.9.9\nRaspAP Installation Directory: /var/www/html\nRaspAP hostapd.ini contents:\nWifiInterface = wlan0\n

Tip

If you are unable to perform a self-diagnosis and would like to share your debug log (or a portion of it) with another party, upload it to Pastebin or Ubuntu Pastebin. Please don't paste the log in its entirety to RaspAP's discussions, issues or other support channels.

RaspAP's debug log contains information about your system and local network configuration. However, no passwords or other senstive data are included.

"},{"location":"ap-basics/#diagnosing-problems","title":"Diagnosing problems","text":"

Look for any reported errors logged by the hostapd, dhcpcd or dnsmasq services. In most cases, errors thrown by one or more of these services have been discussed in various online forums. Start by searching the official Raspberry Pi forums or Raspberry Pi on Stack Exchange. Chances are the problems with your AP have been discussed and answered before.

For additional help and advice, the FAQ is a rich source of troubleshooting info that is continuously updated with answers to the most commonly asked questions. For issues not covered in the FAQ, you may find many topics in RaspAP discussions and the RaspAP subreddit.

Tip

Capture output from the Linux kernel's message buffer with dmesg to help diagnose failure events. Read the last 100 lines with dmesg | tail -100 and look for any anomalies.

The performance of WiFi radios may be impacted by many factors, including, but not limited to:

  1. Undervoltage due to inadequate power or too many peripherals connected to the USB bus
  2. Interference from a poorly shielded HDMI cable or using a specific HDMI screen resolution
  3. RF interference from overlapping WiFi networks on a crowded 2.4 GHz band.

Bear these things in mind if your AP exhibits unexpected behavior and do your best to mitigate them.

"},{"location":"ap-basics/#reverting-to-base-settings","title":"Reverting to base settings","text":"

It is generally advisable to begin with RaspAP's default configuration, which has been rigorously tested and validated with the project's supported operating systems. If, after modifying RaspAP's default settings, your AP no longer functions as expected, you may perform a system reset to restore these defaults.

"},{"location":"ap-basics/#accessing-backups","title":"Accessing backups","text":"

Each time you revert to RaspAP's base settings, your existing service configuration files are automatically backed up to /etc/raspap/backups. In this way, you can compare differences between your files and the default configuration, if needed. There are many ways to do this in Linux, such as using the built-in GNU diff tool. Another option is to install colordiff, a wrapper for diff that produces the same output but with colored syntax highligting. Install colordiff with sudo apt-get install colordiff.

Similarly, the web files located in the default /var/www/html root are backed up to /var/www in a directory named with a timestamp. Therefore, any changes you've made to RaspAP's internals are preserved.

"},{"location":"ap-basics/#discussions","title":"Discussions","text":"

Questions or comments about using access point settings? Join the discussion here.

"},{"location":"ap-sta/","title":"AP-STA mode","text":""},{"location":"ap-sta/#overview","title":"Overview","text":"

Experimental (Unsupported)

This walkthrough describes an installation of RaspAP on the Raspberry Pi Zero W or Zero 2 W models. However, the same steps apply to any device with a chipset capable of supporting this mode.

A managed mode AP, variously known as WiFi client AP mode, a micro-AP or simply AP-STA, usually works with the Quick Installer if the steps below are followed carefully. This feature was added to RaspAP specifically to support Internet of Things (IoT) and embedded applications for the Pi Zero W, however it is equally useful for a broad range of projects.

Disclaimer

This mode is completely unsupported and should be used for educational purposes only. If you need a reliable solution with an access point (AP) and wireless client (STA) on the same device, buy a second Wi-Fi adapter and follow this FAQ instead.

Before proceeding with the installation, it's important to have a basic understanding of how AP-STA works.

"},{"location":"ap-sta/#what-is-ap-sta-mode","title":"What is AP-STA mode?","text":"

Many wireless devices support simultaneous operation as both an access point (AP) and as a wireless client/station (STA). This is sometimes called Wi-Fi AP/STA concurrency. In this configuration, it is possible to create a software AP acting as a wireless repeater for an existing network, using a single wireless device. This capability is listed in the following section in the output of iw list:

$ iw list | grep -A 4 'valid interface'\n    valid interface combinations:\n    * #{ managed } <= 1, #{ P2P-device } <= 1, #{ P2P-client, P2P-GO } <= 1,\n      total <= 3, #channels <= 2\n    * #{ managed } <= 1, #{ AP } <= 1, #{ P2P-client } <= 1, #{ P2P-device } <= 1,\n      total <= 4, #channels <= 1\n

The second valid interface combination indicates that both a managed and AP configuration is possible. The constraint #channels <= 1 means that your software AP must operate on the same channel as your Wi-Fi client connection.

Note

If you have a second wireless adapter bound to wlan1 on a Pi Zero W (or other device), refer to this FAQ.

"},{"location":"ap-sta/#use-cases","title":"Use cases","text":"

There are many scenarios in which AP-STA mode might be useful. These are some of the more popular ones:

  1. A device that connects to a wireless AP but needs an admin interface to configure the network and/or other services.
  2. A hub for Internet of Things devices, while also creating a bridge between them and the internet.
  3. A guest interface to your home wireless network.

Security is an important consideration with IoT and it can be beneficial to keep your devices on a separate network, for safety\u2019s sake. No one wants a random internet user turning your lights on and off.

"},{"location":"ap-sta/#how-does-ap-sta-work","title":"How does AP-STA work?","text":"

In this configuration, we create a virtual network interface (here uap0) and add it as the AP to the physical wlan0 device. This virtual interface is used by several of the services needed to operate a software access point. RaspAP manages these configurations in the background for you. Relevant sections are displayed below as examples.

dhcpcd.conf: 

# RaspAP uap0 configuration\ninterface uap0\nstatic ip_address=192.168.50.1/24\nnohook wpa_supplicant\n

hostapd.conf: 

# RaspAP wireless client AP mode\ninterface=uap0\n

dnsmasq.conf: 

# RaspAP uap0 configuration\ninterface=lo,uap0               # Use interfaces lo and uap0\nbind-interfaces                 # Bind to the interfaces\ndomain-needed                   # Don't forward short names\nbogus-priv                      # Never forward addresses in the non-routed address spaces\n

On AP-STA startup and system reboots, RaspAP's service control script adds the virtual uap0 interface and brings it up, like so:

iw dev wlan0 interface add uap0 type __ap\nifconfig uap0 up\n

After the virtual uap0 interface is added to the wlan0 physical device, we can then start up hostapd. It is important that the virtual interface is brought up first, otherwise it will fail with the message \"could not configure driver mode\". We also need to be sure that the interface is not managed by systemd-networkd, so this service should be disabled. These steps are handled by the RaspAP daemon.

With a basic understanding of AP-STA mode, we can proceed with the installation.

"},{"location":"ap-sta/#installation","title":"Installation","text":"
  1. Begin by flashing an SD card with the latest release of Raspberry Pi OS (32- or 64-bit) Lite.
  2. Prepare the SD card to connect to your WiFi network in headless mode according to this FAQ.
  3. Enable ssh access by creating an empty file called \"ssh\" (no extension) in the SD card's root.
  4. Insert the SD card into the Pi Zero W and connect it to power. Note: the standard power supply for the Raspberry Pi is 5.1V @ 2.5A. Other power sources may result in undervoltage or other issues. Do not use the micro USB connection.
  5. Connect to your Pi via ssh. ssh pi@raspberrypi.local is typical.
  6. Follow the project prerequisites exactly. Do not skip any of these steps.
  7. Invoke the Quick Installer as normal: curl -sL https://install.raspap.com | bash.
  8. The installer automatically detects a Pi (or other device) without an active eth0 interface. In this case, you will not be prompted to reboot your Pi.
  9. Open the RaspAP admin interface in your browser, usually http://raspberrypi.local.
  10. The status widget should indicate that hostapd is inactive. This is expected.
  11. Confirm that the Wireless Client dashboard widget displays an active connection.
  12. Choose Hotspot > Advanced and enable the WiFi client AP mode option.
  13. Optionally, enable Logfile output as this is often helpful for troubleshooting.
  14. Choose Save settings and Start hotspot.
  15. Wait a few moments and confirm that your AP has started.

Note

The WiFi client AP mode option will be disabled, or \"greyed out\", until a wireless client is configured.

"},{"location":"ap-sta/#when-to-reboot","title":"When to reboot?","text":"

Rebooting before configuring AP-STA mode is likely the main cause of problems for users with the Pi Zero W. The reason is the default configuration is designed for a wired (ethernet) AP.

Once the Pi Zero W is configured in AP-STA mode, RaspAP will store several values in /etc/raspap/hostapd.ini: 

LogEnable = 1\nWifiAPEnable = 1\nBridgedEnable = 0\nWifiManaged = wlan0\n
These are used by RaspAP's systemd control service raspapd to determine that a managed mode AP is enabled for the Pi and restore the connection after subsequent reboots.

"},{"location":"ap-sta/#changing-hostapd-settings","title":"Changing hostapd settings","text":"

Changes to the hotspot configuration should be applied to the wlan0 physical device, not uap0 (a virtual interface). In other words, if you wish to change hostapd settings, stop the hotspot, disable AP-STA, make your config changes on wlan0, re-enable AP-STA and finally restart hostapd. An explanation is available here.

"},{"location":"ap-sta/#discussions","title":"Discussions","text":"

Questions or comments about using AP-STA mode? Join the discussion here.

"},{"location":"bridged/","title":"Bridged AP mode","text":""},{"location":"bridged/#overview","title":"Overview","text":"

By default RaspAP configures a routed AP as its hotspot, where your device creates a subnet and assigns IP addresses to connected clients. If you would rather have your upstream router assign IP addresses, RaspAP lets you change the hotspot configuration to an alternative bridged AP. This is also useful if you want your device and its hotspot clients to be visible to other devices in your router's network.

"},{"location":"bridged/#enabling-bridged-ap-mode","title":"Enabling bridged AP mode","text":"

From RaspAP's Hotspot > Advanced tab, select the Bridged AP mode option. Choose Save settings and then Restart hotspot.

At this stage, you will no longer be able to access RaspAP's web interface from the default 10.3.141.1 address. See accessing the web interface, below.

"},{"location":"bridged/#limitations","title":"Limitations","text":"

Bridged AP mode operates under some constraints as compared to RaspAP's default routed AP mode. These are discussed below.

"},{"location":"bridged/#wifi-client-mode","title":"WiFi client mode","text":"

On the Hotspot > Advanced tab the Wifi Client AP mode option is disabled or \"greyed out\". The reason for this is your device cannot connect as a client to another wireless network while simultaneously hosting its own bridged access point.

"},{"location":"bridged/#dhcp-server","title":"DHCP server","text":"

The DHCP Server page is disabled and hidden from the adminstration interface. This is because in bridged AP mode all DHCP functions are delegated to your upstream router. To configure DHCP settings for your network, access your router's web interface.

"},{"location":"bridged/#vpn-considerations","title":"VPN considerations","text":"

Clients connected to a bridged AP with OpenVPN enabled will not have their traffic routed through the VPN server. Your device itself will still have its own traffic routed through the VPN server, however.

Note

Bridged AP mode is not currently supported on Ubuntu Server. This is because Ubuntu has standardized on Netplan, which differs considerably from other Linux distributions supported by RaspAP.

"},{"location":"bridged/#accessing-the-web-interface","title":"Accessing the web interface","text":"

In bridged AP mode, you will no longer be able to access RaspAP's web interface using the default 10.3.141.1 address. This is because your device no longer creates its own 10.3.141.0/24 subnet for its access point. Instead, access RaspAP's web interface by entering your device's hostname followed by .local. On Raspberry Pi devices running the avahi daemon, this will look like raspberrypi.local.

Some browsers have trouble resolving .local addresses. You may also need to modify the address depending on your browser. For example, try entering http://raspberrypi.local or raspberrypi.local/ in your browser's address field.

If the above methods don't work, the nmap command (Network Mapper) can be used to scan your subnet for devices connected to your network. For example, invoke nmap with the -sn flag (ping scan) on your subnet range:

nmap -sn 192.168.1.0/24\n

This scan pings all the IP addresses in a subnet to see if they respond. For each device that responds to the ping, the output will show the hostname and IP address like so:

Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-23 10:04 CET\nNmap scan report for iPhone 192.168.1.31\nHost is up (0.037s latency).\nNmap scan report for raspberrypi 192.168.1.8\nHost is up (0.031s latency).\nNmap scan report for Chromecast 192.168.1.45\nHost is up (0.0015s latency).\nNmap scan report for mbp15 192.168.1.48\nHost is up (0.074s latency).\nNmap done: 256 IP addresses (4 hosts up) scanned in 6.08 seconds\n

More information on finding your device's IP address can be found here.

"},{"location":"bridged/#troubleshooting","title":"Troubleshooting","text":"

If you are unable to connect clients to your bridged AP, start by following the recommendations in this FAQ. Client connectivity issues in bridged AP mode are most often the result of your upstream router, not RaspAP. For this reason, please check your router's web interface and DHCP settings before reporting a bug.

"},{"location":"bridged/#discussions","title":"Discussions","text":"

Questions or comments about RaspAP's bridged AP mode? Join the discussion here.

"},{"location":"captive/","title":"Captive portal setup","text":""},{"location":"captive/#overview","title":"Overview","text":"

The nodogsplash project is a lightweight, highly configurable captive portal solution. It integrates nicely with RaspAP and is recommended over other methods. No configuration changes are needed with RaspAP, however you will need to modify some default settings in the nodogsplash config. This step-by-step guide assumes you have already installed RaspAP, either with the Quick Installer or manual setup instructions.

Note

This walkthrough is provided as a courtesy only; there is no support for NDS or any integration with this project.

"},{"location":"captive/#installing-the-software","title":"Installing the software","text":"

Begin by updating your RPi with the latest package information: 

sudo apt-get update\n

With our package manager up to date, install a dependency required by nodogsplash: 

sudo apt-get install libmicrohttpd-dev\n

Next, clone the nodogsplash GitHub repository to your home directory: 

cd ~/\ngit clone https://github.com/nodogsplash/nodogsplash.git\n

We can now compile nodogsplash from the source: 

cd nodogsplash\nmake\nsudo make install\n

"},{"location":"captive/#configuration-changes","title":"Configuration changes","text":"

With nodogsplash installed in the Pi's system, we will make two small changes to its configuration. The nodogsplash GatewayInterface should be set to the interface RaspAP runs on (wlan0 is the default). You will also need to change the GateWayAddress to 10.3.141.1.

Note

If you have modified RaspAP's default configuration, be sure this setting reflects your changes, otherwise the captive portal will not work correctly.

sudo nano /etc/nodogsplash/nodogsplash.conf\n

# GatewayInterface is not autodetected, has no default, and must be set here.\n# Set GatewayInterface to the interface on your router\n# that is to be managed by Nodogsplash.\n# Typically br-lan for the wired and wireless lan.\n#\nGatewayInterface wlan0\n#\n# Parameter: GatewayAddress\n# Default: Discovered from GatewayInterface\n#\n# This should be autodetected on an OpenWRT system, but if not:\n# Set GatewayAddress to the IP address of the router on\n# the GatewayInterface.  This is the address that the Nodogsplash\n# server listens on.\nGatewayAddress 10.3.141.1\n
Save and quit out of the editor by pressing Ctrl+X and then pressing Y and finally Enter.

"},{"location":"captive/#starting-the-captive-portal","title":"Starting the captive portal","text":"

We are now ready to start up the software. This can be done by simply executing the binary with sudo nodogsplash. However, we'll make things a bit easier by adding a systemd service provided by the project. Copy the service control file and enable it: 

sudo cp ~/nodogsplash/debian/nodogsplash.service /lib/systemd/system/\nsudo systemctl enable nodogsplash.service \n

Next, start the service and check its status: 

sudo systemctl start nodogsplash.service \nsudo systemctl status nodogsplash.service\n

You should see output similar to the following: 

\u25cf nodogsplash.service - NoDogSplash Captive Portal\n   Loaded: loaded (/lib/systemd/system/nodogsplash.service; enabled; vendor preset: enabled)\n   Active: active (running) since Tue 2020-02-11 09:19:44 GMT; 34min ago\n Main PID: 10539 (nodogsplash)\n    Tasks: 4 (limit: 1599)\n   Memory: 1.7M\n   CGroup: /system.slice/nodogsplash.service\n           \u2514\u250010539 /usr/bin/nodogsplash\n\nFeb 11 09:19:44 raspberrypi systemd[1]: Starting NoDogSplash Captive Portal...\nFeb 11 09:19:44 raspberrypi nodogsplash[10538]: [5][Tue Feb 11 09:19:44 2020][10538](src/main.c:496) Starting as daemon, forking to background\nFeb 11 09:19:44 raspberrypi nodogsplash[10538]: [5][Tue Feb 11 09:19:44 2020][10539](src/main.c:271) Detected gateway wlan0 at 10.3.141.1 (dc:a6:32:3d:ff:9d)\nFeb 11 09:19:44 raspberrypi nodogsplash[10538]: [5][Tue Feb 11 09:19:44 2020][10539](src/main.c:275) MHD Unescape Callback is Disabled\nFeb 11 09:19:44 raspberrypi nodogsplash[10538]: [5][Tue Feb 11 09:19:44 2020][10539](src/main.c:305) Created web server on 10.3.141.1:2050\nFeb 11 09:19:44 raspberrypi nodogsplash[10538]: [5][Tue Feb 11 09:19:44 2020][10539](src/main.c:319) Using config options for FAS or Templated Splash.\nFeb 11 09:19:44 raspberrypi systemd[1]: Started NoDogSplash Captive Portal.\nFeb 11 09:19:46 raspberrypi nodogsplash[10538]: [5][Tue Feb 11 09:19:46 2020][10539](src/fw_iptables.c:382) Initializing firewall rules\n

Note

The captive portal may be stopped with sudo systemctl stop nodogsplash.service or disabled completely with sudo systemctl disable nodogsplash.service.

"},{"location":"captive/#connecting-clients","title":"Connecting clients","text":"

Connect a client to RaspAP's hotspot. You should now see nodogsplash's captive portal screen:

Optional: you can customize the captive portal screen by modifying the files located in /etc/nodogsplash/htdocs/.

"},{"location":"captive/#more-information","title":"More information","text":"

Full documentation of nodogsplash is available here.

"},{"location":"captive/#discussions","title":"Discussions","text":"

Questions or comments about using nodogsplash with RaspAP? Join the discussion here.

"},{"location":"defaults/","title":"Default settings","text":""},{"location":"defaults/#overview","title":"Overview","text":"

Creating a software routed access point (AP) requires the installation and setup of several related Linux services. RaspAP uses a known-good default configuration as a starting point. This facilitates a faster setup by not prompting the user for various network settings during the installation. More importantly, it eliminates guesswork that can lead to conflicts down the road. When the manual or quick installation is completed, you will have a functional AP that you may then administer with RaspAP's web interface.

While this project handles every facet of this process for you, it's still recommended that users familiarize themselves with the steps involved in building a software AP from start to finish.

"},{"location":"defaults/#configuration-directory","title":"Configuration directory","text":"

To every extent possible, RaspAP's default settings are contained within the project's /config folder. The networking defaults, DNS servers, wireless regulatory data and so on are found here. In this way, the user may modify RaspAP's baseline application settings without touching code.

The exception to this is hostapd.conf which is managed by includes/hostapd.php and effectively rewritten depending on user input. This is due to the complexity of this configuration relative to other services managed by the project. For this reason, manual edits to this file will not be preserved.

Baseline configurations for dhcpcd, dnsmasq (described below) and bridged AP configurations are contained here.

"},{"location":"defaults/#managing-config-values","title":"Managing config values","text":"

The interface itself, default Linux file paths and so on may be changed by modifying the project's configuration file config.php.

Note

The file config/config.php is copied during the installation to includes/config.php and ignored by Git. This way, users can modify includes/config.php without git pull or upgrades complaining about local changes. The file includes/defaults.php loads corresponding default values if they are not set.

For example, you can change the brand text that appears in the interface header simply by modifying the value of this constant:

define('RASPI_BRAND_TEXT', 'RaspAP');\n

RaspAP's interface may be further customized by changing the following values:

// Optional services, set to true to enable.\ndefine('RASPI_WIFICLIENT_ENABLED', true);\ndefine('RASPI_HOTSPOT_ENABLED', true);\ndefine('RASPI_NETWORK_ENABLED', true);\ndefine('RASPI_DHCP_ENABLED', true);\ndefine('RASPI_ADBLOCK_ENABLED', false);\ndefine('RASPI_OPENVPN_ENABLED', false);\ndefine('RASPI_VPN_PROVIDER_ENABLED', false);\ndefine('RASPI_WIREGUARD_ENABLED', false);\ndefine('RASPI_TORPROXY_ENABLED', false);\ndefine('RASPI_CONFAUTH_ENABLED', true);\ndefine('RASPI_CHANGETHEME_ENABLED', true);\ndefine('RASPI_VNSTAT_ENABLED', true);\ndefine('RASPI_SYSTEM_ENABLED', true);\ndefine('RASPI_MONITOR_ENABLED', false);\n

The constants defined for Linux configuration file paths are typical and needn't be changed, in most cases. However, you could easily do so simply by modifying this file.

"},{"location":"defaults/#networking-defaults","title":"Networking defaults","text":"

The default AP interface used by RaspAP is wlan0. This is a typical setting if you are using the RPi's onboard wireless adapter. You can change this to a different interface by modifying the following value in config.php:

define('RASPI_WIFI_AP_INTERFACE', 'wlan0');\n

Tip

If a second wireless adapter is configured for your device, for example bound to the wlan1 interface, RaspAP will automatically detect it and assign it as the default wireless client interface. You may change this setting simply by selecting wlan1 as the AP interface in the Hotspot > Basic panel. After restarting the hotspot, RaspAP will use wlan0 as the client interface.

Default values for the dnsmasq and dhcpcd services can be modified as well. The file config/defaults.json was introduced with the version 2.6 release. This file is copied during the installation to /etc/raspap/networking/, so any changes to it must be made at this location.

The defaults.json file uses the standard JSON data-interchange format. For example, the default dhcp settings for wlan0 are displayed below:

\"dhcp\": {\n    \"wlan0\": { \n      \"static ip_address\": [ \"10.3.141.1/24\" ],\n      \"static routers\": [ \"10.3.141.1\" ],\n      \"static domain_name_server\": [ \"1.1.1.1 8.8.8.8\" ],\n      \"subnetmask\": [ \"255.255.255.0\" ]\n    }\n

Likewise, the DHCP ranges for both wlan0 and the virtual uap0 interface are shown below:

\"dnsmasq\": {\n    \"wlan0\": {\n      \"dhcp-range\": [ \"10.3.141.50,10.3.141.254,255.255.255.0,12h\" ]\n    },\n    \"uap0\": {\n      \"dhcp-range\": [ \"192.168.50.50,192.168.50.150,12h\" ]\n    }\n

These default settings are defined as fallback values. That is, if a user-defined value is missing these will be used in their place.

"},{"location":"defaults/#dns-servers","title":"DNS servers","text":"

The list of hosted DNS servers available in the Upstream DNS servers panel in DHCP > Advanced may be modified to suit your needs. The file config/dns-servers.json contains a JSON formatted collection of hostnames and IPv4 addresses, like so:

\"Google\": [\n    \"8.8.4.4\",\n    \"8.8.8.8\"\n  ],\n  \"OpenDNS\": [\n    \"208.67.220.220\",\n    \"208.67.222.222\"\n  ],\n  \"Quad9\": [\n    \"9.9.9.9\"\n  ],\n

Edits to this file in place will immediately be reflected in the user interface.

"},{"location":"defaults/#vpn-providers","title":"VPN providers","text":"

RaspAP version 3.0 introduced beta support for a select number of VPN providers. These services are largely defined in the config/vpn-providers.json file. An example provider definiton is shown below:

\"id\": 1,\n\"name\": \"ExpressVPN\",\n\"bin_path\": \"/usr/bin/expressvpn\",\n\"install_page\": \"https://www.expressvpn.com/support/vpn-setup/app-for-linux/\",\n\"account_page\": \"https://www.expressvpn.com/subscriptions\",\n\"cmd_overrides\": {\n   \"countries\": \"list all\",\n   \"log\": \"diagnostics\",\n   \"version\": \"-v\"\n}\n

It is not necessary to modify these definitions, unless you would like to experiment by adding a provider not currently supported by RaspAP.

"},{"location":"defaults/#restoring-settings","title":"Restoring settings","text":"

If you've modified RaspAP's default configuration and the AP no longer works as expected, the defaults may be restored by performing a system reset. From the System > Tools tab, click or tap the Perform reset button. A dialog will appear to confirm this action.

Alternatively, you may follow the steps described in the manual installation.

"},{"location":"defaults/#discussions","title":"Discussions","text":"

Questions or comments about RaspAP's defaults? Join the discussions here.

"},{"location":"docker/","title":"Docker support","text":""},{"location":"docker/#overview","title":"Overview","text":"

As an alternative to the Quick installer or manual installation steps, you may also deploy RaspAP in an isolated and portable Docker container.

A container is an isolated environment for code. This means that a container has no knowledge of the host operating system, dependencies, or its files. It runs on the environment provided to you by either Docker Desktop or the Docker Engine. Containers have everything needed to run an application, down to a base operating system.

Here, we'll focus on using Docker Engine to deploy and manage a containerized RaspAP application stack.

"},{"location":"docker/#why-a-container","title":"Why a container?","text":"

Docker containers have several advantages over other methods of deploying code. As a sandboxed process, containers are isolated from all other processes running on a host machine. That isolation leverages things like kernel namespaces and cgroups, features that have been in Linux for a long time.

A RaspAP Docker container is a runnable instance of an image. This container can be started, stopped, moved or deleted using the Docker CLI. It can be run on a local device, virtual machines or deployed to the cloud. Isolation from other containers also means that it runs its own software, binaries and so on.

"},{"location":"docker/#installing-docker-engine","title":"Installing Docker Engine","text":"

Since RaspAP is built for Debian-based systems, the instructions here will focus on this OS family. To get started with Docker Engine on Debian, make sure you meet the prerequisites, and then follow the installation steps.

"},{"location":"docker/#prerequisites","title":"Prerequisites","text":"

To install Docker Engine, begin with the 64-bit version of one of these Debian versions:

  • Debian Bookworm 12 (stable)
  • Debian Bullseye 11 (oldstable)

Docker Engine for Debian is compatible with x86_64 (or amd64), armhf, arm64, and ppc64le (ppc64el) architectures.

"},{"location":"docker/#uninstall-old-versions","title":"Uninstall old versions","text":"

Before installing Docker Engine, we must first uninstall any conflicting packages.

Distro maintainers provide unofficial distributions of Docker packages in their repositories. These packages must be uninstalled prior to installing the official version of Docker Engine.

The unofficial packages to uninstall are:

  • docker.io
  • docker-compose
  • docker-doc
  • podman-docker

Run the following command to uninstall these packages and their dependencies:

for pkg in docker.io \\\n    docker-doc \\\n    docker-compose \\\n    podman-docker \\\n    containerd \\\n    runc; do \\\n    sudo apt-get remove $pkg;\ndone\n

Note

apt-get might report that you have none of these packages installed.

"},{"location":"docker/#using-the-convenience-script","title":"Using the convenience script","text":"

Docker provides a convenience script at https://get.docker.com/ to install Docker non-interactively. Prior to executing it, be sure to familiarize yourself with the potential risks and limitations associated with this script.

Tip

You can run the script with the --dry-run option to learn what steps the script will run when invoked: 

curl -fsSL https://get.docker.com -o get-docker.sh\nsudo sh ./get-docker.sh --dry-run\n

  1. Begin by changing into your home directory, then download and execute the convenience script to install the latest stable release of Docker: 
    cd ~/\ncurl -fsSL https://get.docker.com -o get-docker.sh\nsudo sh get-docker.sh\n
  2. Verify that the installation is successful by running the hello-world image: 
    sudo docker run hello-world\n
    This command downloads a test image and runs it in a container. When the container runs, it prints a confirmation message and exits. The output should appear similar to the example below: 
    Unable to find image 'hello-world:latest' locally\nlatest: Pulling from library/hello-world\n478afc919002: Pull complete\nDigest: sha256:4bd78111b6914a99dbc560e6a20eab57ff6655aea4a80c50b0c5491968cbc2e6\nStatus: Downloaded newer image for hello-world:latest\n\nHello from Docker!\nThis message shows that your installation appears to be working correctly.\n

You have now successfully installed and tested Docker Engine. The docker service starts automatically on Debian based distributions.

Note

If the test container fails to run or you encounter any errors, refer to the Docker Engine documentation for troubleshooting tips.

"},{"location":"docker/#post-installation-steps","title":"Post-installation steps","text":"

The Docker daemon binds to a Unix socket, not a TCP port. By default it's the root user that owns the Unix socket, and other users can only access it using sudo. The Docker daemon always runs as the root user.

If you don't want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.

To create the docker group and add your user:

  1. Create the docker group. 
    sudo groupadd docker\n
  2. Add your user to the docker group. 
    sudo usermod -aG docker $USER\n
  3. Log out and log back in so that your group membership is re-evaluated.

With these steps completed, you have successfully installed and started Docker Engine. We're now ready to deploy RaspAP.

"},{"location":"docker/#deploying-raspap","title":"Deploying RaspAP","text":"

With Docker Engine installed, you have two ways of deploying RaspAP in a Docker container. Each of these methods is described in the sections below.

"},{"location":"docker/#using-docker-compose","title":"Using Docker compose","text":"

This method lets us deploy the entire RaspAP application stack with a single command (docker compose up) as well as configure things like environment variables, network settings and so on in a centralized manner. Advanced users may also use this option to define a multi-container environment of which RaspAP is one component. This may be done with the docker-compose.yml file.

Begin by cloning the raspap-docker GitHub repository into your home directory, then change into it:

cd ~/\ngit clone https://github.com/RaspAP/raspap-docker.git\ncd raspap-docker\n

For ARM devices, such as the Raspberry Pi, we must uncomment the cgroup: host line in the docker-compose.yaml file:

version: \"3.8\"\nservices:\n  raspap:\n    container_name: raspap\n    image: ghcr.io/raspap/raspap-docker:latest\n    #build: .\n    privileged: true\n    network_mode: host\n    cgroup: host # uncomment when using an ARM device \n    cap_add:\n      - SYS_ADMIN\n    volumes:\n      - /sys/fs/cgroup:/sys/fs/cgroup:rw\n    restart: unless-stopped\n

Edit this file with nano docker-compose.yaml, change the line to appear as above, then use Ctrl+O and press Enter to save and exit the file.

Important

Do not use docker-compose but rather docker compose. If the latter isn't present on your system, refer to Docker's installation steps.

With this configuration done, execute Docker compose like so:

docker compose up -d\n

You should see output similar to below to indicate the progress of RaspAP's Docker image being built: 

docker compose up -d\n[+] Running 2/8\n \u2807 raspap 7 layers [\u2800\u2840\u28ff\u28ff\u2800\u2800\u2800] 12.83MB/337.8MB Pulling\n   \u280b 5665c1f9a9e1 Downloading [===>                        ]  3.547MB/49.59MB\n   \u280b 4311202aff18 Downloading [=========>                  ]   4.98MB/24.95MB\n   \u2714 ac4d205394f0 Download complete\n   \u2714 baf57b850085 Download complete\n   \u280b 18a1ed9b4ba8 Downloading [=>                          ]  4.307MB/263.3MB\n   \u280b 5bed08c889b9 Waiting\n   \u280b 09ed3fdeed88 Waiting\n

During this process, a Docker image containing RaspAP's application stack will be created on your system. This build always pulls the latest RaspAP release from the main GitHub repository.

Behind the scenes, Docker has used the image it created to start a containerized RaspAP application stack. You may confirm this by executing the following:

docker container ls\nCONTAINER ID   IMAGE           COMMAND                  CREATED        STATUS        PORTS     NAMES\n8d7b32b8373a   raspap:latest   \"/bin/bash -c '/home\u2026\"   2 hours ago    Up 2 hours             raspap\n

At this stage, the RaspAP application is running and you may access the web interface as you would normally. This will depend on the method you use to access your device, but is usually one of the following:

  • http://raspberrypi.local
  • http://10.3.141.1
  • http://localhost

Take note that RaspAP and all its dependencies are wholly contained within the running Docker container. That is, the host system does not have any of the apt packages or application files used by RaspAP, unless you've explicitly installed them.

"},{"location":"docker/#using-the-container-registry","title":"Using the container registry","text":"

As an alternative to docker compose, described above, you may also deploy RaspAP using its hosted Docker container image. This is available as a raspap-docker package hosted on the GitHub Container registry. With this method, a single container is defined from its base image, the environment is setup and the application is configured within the container.

Given that everything needed to deploy RaspAP is stored within this package, it isn't necessary to clone the raspap-docker respository. Instead, you may simply execute one of the following docker run commands:

  1. For ARM devices, the cgroups must be made writable. 
    docker run --name raspap -it -d --privileged --network=host --cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cap-add SYS_ADMIN ghcr.io/raspap/raspap-docker:latest\n
  2. For non-ARM devices, execute the following. 
    docker run --name raspap -it -d --privileged --network=host -v /sys/fs/cgroup:/sys/fs/cgroup:ro --cap-add SYS_ADMIN ghcr.io/raspap/raspap-docker:latest\n

With either of the above commands, you should see output as below followed by progress indicating the state of the various package components as they are downloaded to your system:

Unable to find image 'ghcr.io/raspap/raspap-docker:latest' locally\nlatest: Pulling from raspap/raspap-docker\n

When the container image download is completed, you may verify its operational state like so: 

docker container ls\nCONTAINER ID   IMAGE                                 COMMAND                  CREATED          STATUS          PORTS     NAMES\n4257b8aa3c7e   ghcr.io/raspap/raspap-docker:latest   \"/bin/bash -c '/home\u2026\"   32 minutes ago   Up 32 minutes             raspap\n

At this stage, the RaspAP application stack is running and you may access the web interface as you would normally. This will depend on the method you use to access your device, but is usually one of the following:

  • http://raspberrypi.local
  • http://10.3.141.1
  • http://localhost

Take note that RaspAP and all its dependencies are wholly contained within the running Docker container. That is, the host system does not have any of the apt packages or application files used by RaspAP, unless you've explicitly installed them.

"},{"location":"docker/#tips-and-tricks","title":"Tips and tricks","text":"

The following section has some general advice that users of RaspAP's Docker container have found useful. If you have a tip or trick to contribute, feel free to join our discussions.

"},{"location":"docker/#allocating-a-terminal","title":"Allocating a terminal","text":"

While RaspAP's Docker container is running, you may obtain an interactive pseudo-TTY, or Linux terminal, connected to standard input. Do so by executing the following:

docker exec -it raspap bash\n

The above command combines the -i (interactive) and -t (tty) options together with the raspap named container. The bash command starts an interactive Bash shell within the running container. From here you can perform most of the same shell operations and commands within Docker's pseudo-TTY as you would in a regular Linux environment.

"},{"location":"docker/#iptables-rules-and-nat","title":"iptables rules and NAT","text":"

With either of the above methods, iptables Network Address Translation (NAT) rules will automatically be applied on the Docker host. It's necessary to add these rules on the host device due to Docker's network isolation and security defaults.

If your host's network interfaces are anything other than wlan0 and eth0, you may customize these rules to suit your own specific needs. After editing this file on your device, set execute permissions and run it like so:

sudo chmod +x firewall-rules.sh\n./firewall-rules.sh\n
"},{"location":"docker/#installer-options","title":"Installer options","text":"

The goal of the initial Docker rollout for RaspAP is to have a \"one shot\" command to get a container up quickly with minimal user input. For this reason, the RaspAP application stack is installed with some common options enabled by default. These optional components are Ad blocking, OpenVPN and WireGuard.

You may change this behavior by removing any or all of the Quick installer flags from RaspAP's Dockerfile. For example, to skip the WireGuard install option, remove the --wireguard 1 flag on the line below:

VOLUME [ \"/sys/fs/cgroup\" ]\n\nRUN curl -sL https://install.raspap.com | bash -s -- --yes --wireguard 1 --openvpn 1 --adblock 1\nCOPY firewall-rules.sh /home/firewall-rules.sh\nCOPY wpa_supplicant.conf /etc/wpa_supplicant/\n

With this done, you may proceed with building your Docker image as usual.

Tip

Alternatively, you may choose to install these optional components and disable them in RaspAP's configuration file, config.php.

"},{"location":"docker/#environment-variables","title":"Environment variables","text":"

Several environment variables are made available in RaspAP's Docker image to aid in configuration. These are summarized in the table below:

Environment Variable Description Default RASPAP_SSID SSID name raspap-webgui RASPAP_SSID_PASS SSID password ChangeMe RASPAP_COUNTRY SSID country code GB RASPAP_WEBGUI_USER Admin username admin RASPAP_WEBGUI_PASS Admin password secret RASPAP_WEBGUI_PORT Web user interface port 80

More fine-grained configuration is also possible through the use of the following prefixed environment variables, in the form RASAPAP_[target]_[key]:

Environment Variable Prefix Target File RASPAP_hostapd_ /etc/hostapd/hostapd.conf RASPAP_raspap_ /etc/dnsmasq.d/090_raspap.conf RASPAP_wlan0_ /etc/dnsmasq.d/090_wlan0.conf

For example, RASPAP_hostapd_driver would set the driver value in /etc/hostapd/hostapd.conf.

"},{"location":"docker/#troubleshooting","title":"Troubleshooting","text":"

The docker logs command shows information logged by a running container and is generally the best starting point for troubleshooting. To obtain logs for the raspap container, execute docker logs raspap.

The Docker daemon logs may also help you diagnose problems. Use the command journalctl -xu docker.service (or read /var/log/syslog or /var/log/messages, depending on your Linux Distribution).

For issues related to Docker Engine, refer to Docker's troubleshooting section.

"},{"location":"docker/#discussions","title":"Discussions","text":"

Questions or comments about using RaspAP's Docker container? Join the discussions here.

"},{"location":"dynamicdns/","title":"Dynamic DNS","text":""},{"location":"dynamicdns/#overview","title":"Overview","text":"

Experimental \u00b7 Insiders only

Accessing your device from anywhere in your local network is great, but there are times when you might want it to be reachable from remote locations. This is particularly true for projects such as media servers, network attached storage (NAS) and VPNs such as those provided by RaspAP. However, due to the shortage of IPv4 addresses, it's likely that you will receive a new and different external IP address from your ISP each time your router is rebooted.

Some ISPs offer a static external IP address, although often at an additional cost above a basic subscription. This is where using a Dynamic DNS (or DDNS) service on your home network can be extremely useful.

"},{"location":"dynamicdns/#solution","title":"Solution","text":"

Dynamic DNS solves this problem by providing a domain name that always points to the current IP address of your device, regardless of how often it changes. With DDNS, the IP assigned to your domain name is automatically updated by a piece of software (known as a daemon) running on your device. This means that you can access the server using the same domain name, without having to constantly update settings each time the IP address changes.

The daemon running on your device resolves your external IP address using one of several methods, then reports this to your DDNS provider. There are a number of different providers that offer Dynamics DNS free of charge. If you currently own a custom domain name, chances are your registrar provides DDNS or has a partner to support this.

"},{"location":"dynamicdns/#installation","title":"Installation","text":"

The Quick installer will give you the option to add the required packages to your system, and enable the configuration page in RaspAP. Simply press Enter at the prompt to accept the default \"Y\" (yes) response:

Install ddclient and enable DDNS configuration? [Y/n]:\n

When the installer completes, you will be able to administer the ddclient service as described in the sections below.

"},{"location":"dynamicdns/#basic-settings","title":"Basic settings","text":"

All the configuration settings needed to enable Dynamic DNS on your device are available on the Basic settings tab. These are described in the next section.

"},{"location":"dynamicdns/#service-provider","title":"Service provider","text":"

RaspAP makes use of the proven ddclient open source software for Linux to update dynamic DNS entries. The ddclient software is highly configurable and provides a daemon that updates your external IP at scheduled intervals. Many popular Dynamic DNS services are supported by ddclient and RaspAP.

Instructions on how to setup your domain for DDNS vary by provider, but the process is generally similar. Begin by selecting a Service provider from the dropdown. RaspAP will assist you by automatically populating the Protocol and Server fields. You may also manually configure the details for your service if so desired.

Note

Some DDNS providers, such as NoIP, distribute their own Linux client to use with their service. It isn't necessary to install this software because the ddclient daemon already includes this functionality.

"},{"location":"dynamicdns/#method-to-obtain-ip","title":"Method to obtain IP","text":"

There are a variety of different methods to determine your external IP address. A popular one involves a discovery page on the web that resolves your IP. If you choose this method, enter it in the Web address field after selecting this option from the Method to obtain IP select.

Tip

There are many freely available external IP discovery pages you can use. Examples include ChangeIP and this one from Namecheap. Each of these pages perform the same basic function.

Alternatively, you may want to use an IP address from a network interface, your router's firewall status page, or an external command. Each of these options can be specified, thereby giving you a great deal of flexibility.

"},{"location":"dynamicdns/#login-and-domain","title":"Login and domain","text":"

Enter your DDNS service credentials in the Username and Password fields. Finally, specify the Domain to be updated that will be associated with your device. DDNS providers may also refer to this as a \"zone\" or \"host\". These definitions may take several forms, for example:

myhost.dyndns.org\nmydomain.com\n@.mydomain.com\n

Check with your DDNS service provider to determine which entry is best for your configuration. To complete your setup, choose Save settings now or proceed with advanced options.

"},{"location":"dynamicdns/#advanced-settings","title":"Advanced settings","text":"

A subset of advanced options are provided for your configuration. These are not required for the DDNS service to be functional, but may be adjusted to suit your needs.

"},{"location":"dynamicdns/#enable-ssl","title":"Enable SSL","text":"

You may wish to Enable SSL to ensure that your credentials are not sent over the internet unencrypted. Not all providers support this, however, so this option is disabled by default. Enabling this option for a non-SSL supported provider may result in a connection timeout. Errors such as these have been reported: 

WARNING:  cannot connect to checkip.dyndns.org:443 socket: Connection timed out SSL connect attempt failed\nWARNING:  found neither IPv4 nor IPv6 address\nDEBUG:    get_ip: using web, http://checkip.dyndns.org/ reports <undefined>\nWARNING:  unable to determine IP address\n

For this reason, it's recommended to check with your DDNS service provider before enabling this.

"},{"location":"dynamicdns/#daemon-check-interval","title":"Daemon check interval","text":"

Finally, you may define the Daemon check interval to control the length of time between updates performed by ddclient in the background. This value is specified in milliseconds and defaults to 300.

When you've completed your configuration, choose Save settings and Start Dynamic DNS.

"},{"location":"dynamicdns/#troubleshooting","title":"Troubleshooting","text":"

Behind the scenes, the ddclient daemon will determine your external IP using the method you've defined and send this to your DDNS provider. Your provider will then update the IP address corresponding to the DNS \"A\" (or \"address\") record for your domain.

If your DDNS provider fails to report your current IP address, or you suspect there might be a problem with the ddclient configuration on your device, you may generate a detailed debug log.

From the Logging tab, use the Generate log button to invoke the ddclient daemon and output a troubleshooting log:

This will provide a verbose output of everything ddclient is doing. If it ends with a SUCCESS message this indicates that the daemon successfully checked and updated the DNS \"A\" record with your provider, if neccessary. An example of this is shown below: 

RECEIVE:  140.82.121.3\nDEBUG:    get_ip: using web\n dynamicdns.park-your-domain.com/getip reports 140.82.121.3\nSUCCESS:  @.mydomain.com: skipped: IP address was already set to 140.82.121.3.\n

If the daemon doesn\u2019t reply with SUCCESS, the debug output should give you some clues as to what the problem is.

"},{"location":"dynamicdns/#port-forwarding","title":"Port forwarding","text":"

If ddclient has successfully updated your DDNS provider's \"A\" record with your IP address, but you are unable to access your device remotely, it's likely your router needs to be configured for port forwarding. This instructs the router to send, or forward, data packets from the external WAN interface to the internal IP address belonging to your device.

You can enable this by using your router's port mapping/forwarding setup. This procedure allows remote computers to connect to a specific device within your internal LAN's private address space. Specifics are highly dependent on the router you have, although the steps are generally straightforward. Consult your router's documentation for details.

"},{"location":"dynamicdns/#demilitarized-zone","title":"Demilitarized zone","text":"

An alternative to forwarding specific ports to an internal IP is using a demilitarized zone (DMZ). A home router DMZ is a host on an internal network that has all UDP and TCP ports open and exposed, except those ports otherwise forwarded. By using this method, all the ports (and services) of your device will be directly accessible from the internet, with the attendant security risks that this implies.

This setup is often desirable when a host is running multiple public-facing services that need to be accessed over the internet. In this context, a DMZ provides greater isolation and granular control than is possible with port forwarding. It's also possible to configure different security policies for various DMZ segments. For these reasons, a properly configured DMZ can be a more secure way to expose services to the internet than port forwarding.

The specifics of creating a DMZ are beyond the scope of this document, although at minimum a firewall is strongly advised.

"},{"location":"dynamicdns/#discussions","title":"Discussions","text":"

Questions or comments about using Dynamic DNS? Join the discussion here.

"},{"location":"faq/","title":"FAQ","text":"

This guide was written to address some frequently asked questions among users of RaspAP. FAQ items are organized into thematic sections, below, for easier reference.

If you would like to see a new FAQ that you feel would assist other users, start a discussion or open an issue.

"},{"location":"faq/#general","title":"General","text":"
  • Why isn't there support for Desktop distributions?
  • What do all these settings in the UI do? Changing them seems to have no effect.
  • How do I prepare the SD card to connect to WiFi in headless mode?
  • Can I use wlan0 and wlan1 rather than eth0 for my AP?
  • Can I use RaspAP as a monitor only, without changing my configuration?
  • Can I use RaspAP with my custom dnsmasq configuration?
  • What is the maximum number of simultaneous clients that I can connect to my AP?
  • Where can I find a list of USB WiFi adapters that use in-kernel drivers?
  • What are the passphrase requirements used by RaspAP?
  • Can I remove the AP password to create an open WiFi network?
  • How do I prevent WAN access to RaspAP's web administration?
  • Can I reduce the risk of SD card corruption and extend a card's lifespan?
"},{"location":"faq/#troubleshooting","title":"Troubleshooting","text":"
  • After a clean install, RaspAP does nothing or can't save settings
  • My 802.11ac 5 GHz hotspot failed to start. What now?
  • Clients cannot obtain an IP address from the hotspot.
  • My WiFi network disappeared and I can't access the web UI.
  • My custom hostapd.conf / php.ini is gone.
  • I changed the admin password and forgot what it was.
  • RaspAP control panel works but there is no WiFi after reboot.
  • Bridged AP mode is unstable or clients can't connect.
  • Managed mode AP doesn't work on the Pi Zero W.
  • WiFi scanning doesn't work or I get the error \"cannot execute wpa_cli reconfigure\".
  • I started the hotspot but it shows \"hostapd down\". What's happening?
  • Pinging the AP from a client computer (or vice versa) results in an intermittent failure. Can I troubleshoot this?
  • My wlan1 keeps being disabled and/or clients are repeatedly disconnected.
  • RaspAP web UI fails to start or unable to save settings.
  • Why do I receive an 'Invalid CSRF token' message and a blank screen?
  • Can I restore RaspAP's default settings?
"},{"location":"faq/#integrations","title":"Integrations","text":"
  • How do I integrate RaspAP with Pi-hole?
  • Can I integrate RaspAP with Adguard Home?
  • Can I configure RaspAP to work with a captive portal?
  • How do I create an AP activation schedule?
  • Can I schedule the WiFi password to change automatically?
  • Can I configure a managed mode AP without using the UI?
  • Can I configure an alternate port for RaspAP's web service?
  • What breaks RaspAP when Docker is installed on the same system and how I can fix it?
  • Can I integrate RaspAP with OpenMediaVault?
  • Can I use RaspAP to share Speedify's aggregated connections?
  • How do I serve custom pages from RaspAP?
  • Can I automatically update RaspAP's adblock lists?
"},{"location":"faq/#openvpn","title":"OpenVPN","text":"
  • OpenVPN fails to start and/or I have no internet.
  • OpenVPN works but I have partial or no internet access.
  • OpenVPN is enabled but I am still blocked from country restricted websites.
"},{"location":"faq/#wireguard","title":"WireGuard","text":"
  • Uploading my WireGuard config results in \"MIME type not allowed\".
  • I think my traffic isn't being routed through the WireGuard VPN. Can I debug this?
  • How can I clear RaspAP's WireGuard log?
"},{"location":"faq/#networking","title":"Networking","text":"
  • Why can't I access wireless mode 'N' (802.11n)?
  • How do I exclude NAT rules from IP traffic on localhost?
  • Why is the channel dropdown disabled on the Hotspot page?
  • 802.11ac is supposed to operate at 433 Mbps. Why is my AP's throughput so much less?
  • Why is the maximum throughput of my 802.11n AP reduced by half?
  • Can I connect the WiFi client to a WEP network?
  • Can I turn the hotspot on/off over SSH?
  • Can I share internet from a wireless LAN with Ethernet clients?
"},{"location":"faq/#install-upgrade","title":"Install & upgrade","text":"
  • Can I isolate RaspAP from other software on my system?
  • How do I upgrade RaspAP?
  • Do I need the RaspAP service to run at boot?
  • Can the Quick Installer accept the default options without prompting me?
  • Can I restore RaspAP's default settings?
  • How do I uninstall RaspAP?
"},{"location":"faq/#why-isnt-there-support-for-desktop-distributions","title":"Why isn't there support for Desktop distributions?","text":"

A desktop distribution (or \"distro\") usually has a very different set of programs that handles various underlying OS functions and wraps it with a pretty GUI. Since RaspAP does quite a bit of configuration on top of a known default starting point, the more distros a project supports the bigger the task of handling these variations.

It becomes increasingly difficult for a small team of developers to support a wide variety of targets. The RaspAP team could spend their precious and rare development time troubleshooting one-offs and edge cases, or work on new features and bug fixes. For this reason, we've chosen to include support for a narrow, but diverse, subset of compatible operating systems.

"},{"location":"faq/#what-do-all-these-settings-in-the-ui-do-changing-them-seems-to-have-no-effect","title":"What do all these settings in the UI do? Changing them seems to have no effect.","text":"

RaspAP manipulates several daemons, services and helper programs behind the scenes for you. In the footer of each management panel is a helpful \"Information provided by...\" label. These indicate which Linux daemon and/or program is being modified by the UI. Learning what these services are and how they work will go a long way toward demystifying things.

For example, two of the best starting points for understanding hostapd (the service that implements 802.11 AP management) include the hostapd Linux documentation page and hostapd Wifi homepage.

Info

After you choose Save settings for hostapd or dhcpcd, these services must be restarted for your changes to take effect. If you're not sure if your AP is behaving as expected, enable logging in the Logging tab of Hotspot and check the output.

"},{"location":"faq/#how-do-i-prepare-the-sd-card-to-connect-to-wifi-in-headless-mode","title":"How do I prepare the SD card to connect to WiFi in headless mode?","text":"

Since May 2016, Raspbian has been able to copy wifi details from /boot/wpa_supplicant.conf into /etc/wpa_supplicant/wpa_supplicant.conf to automatically configure wireless network access.

An example wpa_supplicant.conf file is shown below. Replace the fields with your settings:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev\nupdate_config=1\ncountry=your_ISO-3166_two-letter_country_code\n\nnetwork={\n    ssid=\"my_SSID\"\n    psk=\"my_PSK\"\n    key_mgmt=WPA-PSK\n}\n
"},{"location":"faq/#can-i-use-wlan0-and-wlan1-rather-than-eth0-for-my-ap","title":"Can I use wlan0 and wlan1 rather than eth0 for my AP?","text":"

Yes, this is supported by RaspAP. In this scenario, you may wish to use the wlan0 interface as the AP interface with wlan1 as the wireless client interface. Refer to the dedicated WiFi repeater walkthrough for steps to enable this configuration.

"},{"location":"faq/#can-i-use-raspap-as-a-monitor-only-without-changing-my-configuration","title":"Can I use RaspAP as a monitor only, without changing my configuration?","text":"

Yes, RaspAP has support for a so-called \"monitor mode\". In config.php change the setting RASPI_MONITOR_ENABLED to true. This disables the ability to modify settings, start/stop daemons, shutdown or reboot the RPi. RaspAP will continue to report interface statistics, service settings and data usage as normal. See this for more information.

"},{"location":"faq/#can-i-use-raspap-with-my-custom-dnsmasq-configuration","title":"Can I use RaspAP with my custom dnsmasq configuration?","text":"

Yes, RaspAP supports this through the use of dnsmasq.d. The primary /etc/dnsmasq.d/090_raspap.conf managed by the UI includes the following directive to enable your custom .conf files:

conf-dir=/etc/dnsmasq.d\n

Configuration files placed in this directory will be used by the dnsmasq service and are untouched by the UI.

"},{"location":"faq/#what-is-the-maximum-number-of-simultaneous-clients-that-i-can-connect-to-my-ap","title":"What is the maximum number of simultaneous clients that I can connect to my AP?","text":"

Short answer: it depends.

Longer answer: there are several factors that come into play including, but not limited to, the specific RPi model, firmware version, available RAM and so on.

Every update to the RPi's firmware takes up more of the limited RAM reserved for WiFi, resulting in less space to host AP clients. Users of RaspAP have reported up to 19 simultaneous clients with a RPi 3B, but a smaller number with a newer RPi model. If you are willing to modify your device's firmware and replace the brcmfmac driver with a specific version, a maximum of 20 simultaneous WiFi clients is theoretically possible.

Bottom line: if maximizing AP clients is your primary goal, you will have to either use a specific firmware version or purchase an external wireless adapter.

See also: https://github.com/raspberrypi/linux/issues/3010.

"},{"location":"faq/#where-can-i-find-a-list-of-usb-wifi-adapters-that-use-in-kernel-drivers","title":"Where can I find a list of USB WiFi adapters that use in-kernel drivers?","text":"

There are many USB WiFi adapters that work without the need to install a driver in Linux. The term \"in-kernel\" refers to drivers that are packaged and maintained by the Linux kernel.

This GitHub list currently has 60 links to USB WiFi adapters that work without installing drivers (ie., \"plug and play\") on devices like the Raspberry Pi.

With adapters that use in-kernel drivers, you may simply plug the adapter in and it will work. Many people find that using adapters with in-kernel drivers is a better solution than buying an adapter that requires drivers to be found, downloaded, compiled, installed, fixed and reinstalled.

"},{"location":"faq/#what-are-the-passphrase-requirements-used-by-raspap","title":"What are the passphrase requirements used by RaspAP?","text":"

The requirements are based on IEEE standard 802.11i-2004 which defines a passphrase as a sequence of between 8 and 63 ASCII-encoded characters. Furthermore, each character in the passphrase must have a decimal encoding in the range of 32 to 126 (IEEE Std. 802.11i-2004, Annex H.4.1). These are often known as printable characters that represent letters, digits, punctuation marks and a few miscellaneous symbols.

This means that so-called special characters, or extended ASCII codes, are not permitted in a passphrase. For example, the Euro sign \"\u20ac\", German \"\u00e4\" and British pound symbol \"\u00a3\" fall outside this range.

RaspAP will automatically generate a secure passphrase, or PSK, for you. On the Hotspot > Security tab, click or tap the magic icon next to the PSK input. Choose Save settings and Restart hotspot for the changes to take effect.

"},{"location":"faq/#can-i-remove-the-ap-password-to-create-an-open-wifi-network","title":"Can I remove the AP password to create an open WiFi network?","text":"

Yes. On the Hotspot > Security tab, select 'None' for Security type. Choose Save settings and Restart hotspot for the changes to take effect.

"},{"location":"faq/#how-do-i-prevent-wan-access-to-raspaps-web-administration","title":"How do I prevent WAN access to RaspAP's web administration?","text":"

There are two ways to do this. The simplest method is to set the web server's bind address in RaspAP's System > Advanced tab to the IPv4 address you wish to grant access to. Choose Save settings and Restart lighttpd. After this is done, the web server will refuse connections to all IP addresses other than the one you've defined.

A somewhat cleaner method with a \"403 Forbidden\" response can be done manually with lighttpd. You could modify lighttpd's main config directly, but to keep things neater we can use RaspAP's own configuration in lighttpd's /conf-available directory. Edit it like so:

sudo nano /etc/lighttpd/conf-available/50-raspap-router.conf\n

Add the following to the end, substituting the 192.168.0.0/16 private IPv4 address range (192.168.0.0 \u2013 192.168.255.255) for your own network:

# deny access to RaspAP admin for users that\n# are not in the 192.168.0.0/16 network\n$HTTP[\"remoteip\"] != \"192.168.0.0/16\" {\n    url.access-deny = ( \"\" )\n}\n

Save and exit the file, then restart the lighttpd service:

sudo systemctl restart lighttpd.service\n

Clients outside of your defined network range will receive a '403' response when accessing the web UI.

"},{"location":"faq/#can-i-reduce-the-risk-of-sd-card-corruption-and-extend-a-cards-lifespan","title":"Can I reduce the risk of SD card corruption and extend a card's lifespan?","text":"

Yes. RaspAP has developed a minimal write mode that substantially reduces disk I/O activity and helps to extend the life of microSD cards.

"},{"location":"faq/#after-a-clean-install-raspap-does-nothing-or-cant-save-settings","title":"After a clean install, RaspAP does nothing or can't save settings.","text":"

Issues like this are frequently reported. Chances are you haven't discovered a strange fatal bug with this project that needs immediate attention. In every case where this is reported, the issue stems from one (or several) of the following: 1) the install was not performed on a clean OS, 2) a faulty, corrupt, fake, poor quality and/or otherwise unsuitable SD card was used, or 3) the SD card has insufficient storage space.

If you observe RaspAP behaving unpredictably, save yourself (and the project maintainers) some time by performing a clean install with a known-good SD card from a reputable manufacturer before reporting an issue or starting a disussion. Failure to do so will result in the issue or discussion being immediately closed. No hard feelings.

"},{"location":"faq/#my-80211ac-5-ghz-hotspot-failed-to-start-what-now","title":"My 802.11ac 5 GHz hotspot failed to start. What now?","text":"

RaspAP uses iw and the wireless-regdb to determine which channels are allowed for your configured country. However, not all channels may be supported by your device's wireless adapter or firmware. If your 5 GHz access point fails to start, use the steps below to troubleshoot the problem.

Begin by enabling hostapd service logging by sliding the Logfile output toggle on the Hotspot > Logging tab. Choose Save settings followed by Restart hotspot and check the log output. The logs will often indicate when a selected channel is not supported by the hardware. For example:

wlan0: IEEE 802.11 Hardware does not support configured channel\nCould not select hw_mode and channel. (-3)\n

This may occur with the Raspberry Pi or another device's onboard wireless chipset, or an external wireless adapter. To mitigate this, select one of the following 5 GHz channels: 36, 40, 44 or 48, then choose Save settings. Click or tap the Clear log button on the Hotspot > Logging tab, if needed, and finally choose Restart hotspot. Check the logs again and see if the error persists.

If the 802.11ac AP still fails to start, an external AC wireless adapter with in-kernel drivers is an option worth considering.

"},{"location":"faq/#clients-cannot-obtain-an-ip-address-from-the-ap","title":"Clients cannot obtain an IP address from the AP.","text":"

Clients may receive a \"failed to obtain IP address\" or similar error message when connecting to your AP. These are the most frequent reasons for this error: 1. A poor WiFi signal from the access point. In this event, reduce the distance between your device and the AP. 2. Your device does not operate properly with the encryption method set by the AP. 3. The access point is misconfigured.

The first and simplest fix is to reconnect the client to your WiFi network. When you do this, the AP forgets the previous attempt and initiates a new process to assign an IP address to your device. Exact methods vary between devices, however most will have a 'Forget this network' option or similar in the WiFi settings. This is shown in iOS, below:

If clients still fail to connect, restart the AP. You may do this by choosing Restart hotspot from RaspAP. This reinitializes several related services in a predictable order and timing. Assuming these services are configured to restart automatically on reboot (the default behavior when RaspAP's installer is used) you may also simply reboot your Pi.

RaspAP gives you control over many aspects of your WiFi network, including DHCP. With its default settings, RaspAP has been rigorously tested and validated to provide connectivity in routed AP mode. If you suspect that RaspAP is misconfigured and not providing IP addresses to clients, you may troubleshoot this yourself.

Clients connecting to your AP are assigned, or leased, an IP address with dnsmasq. You can see how this process works by enabling the Log DHCP requests option in the DHCP Server > Logging tab. When a client connects to your AP, a typical dnsmasq-dhcp exchange follows this pattern:

dnsmasq-dhcp[2516]: DHCPDISCOVER(wlan0) [MAC address] \ndnsmasq-dhcp[2516]: DHCPOFFER(wlan0) 10.3.141.249 [MAC address] \ndnsmasq-dhcp[2516]: DHCPREQUEST(wlan0) 10.3.141.249 [MAC address] \ndnsmasq-dhcp[2516]: DHCPACK(wlan0) 10.3.141.249 [MAC address] iPhone\n

If one or more steps in this exchange are missing, either your device is unable to respond to the server's DHCPOFFER or the AP itself is misconfigured.

Tip

By default, the dnsmasq service listens on TCP/UDP port 53 and UDP port 67. If you have configured firewall software such as ufw or iptables to filter traffic on these ports, the service may not be able to respond to DHCP requests.

As a last resort, you can assign a static IP address to your device. Copy the MAC address for your device as it appears above and create a new entry in RaspAP's DHCP Server > Static Leases tab. Save settings, restart dnsmasq and try connecting your client again.

"},{"location":"faq/#my-wifi-network-disappeared-and-i-cant-access-the-web-ui","title":"My WiFi network disappeared and I can't access the web UI","text":"

If you are running your Pi headless and are unable to access RaspAP's web interface from the default http://10.3.141.1/ address, do the following:

  1. Be sure your browser isn't forcing SSL by appending https:// to the address, which can result in misleading errors. This may sound obvious but it's reported frequently. (Related: add SSL support for RaspAP.
  2. Connect your device to wired ethernet and access it via the browser or SSH on the eth0 interface using one of the methods described below. Check the logs for hostapd errors and reconfigure the service, or run the installer again to restore the default configuration.
  3. There are several methods you can use to determine your Pi's IP address. RaspAP's installer only configures a static IP address for the AP interface on wlan0. If the AP has entered a failed state, you may still be able to connect on an alternate interface.
  4. Recent versions of the RPi OS kernel include the avahi-daemon which facilitates local network discovery via multicast DNS (mDNS). On client computers with the Bonjour service installed (all macOS machines and Windows PCs with Apple iTunes), try accessing your Pi by entering http://raspberrypi.local/ in the browser or via SSH with ssh pi@raspberrypi.local.
  5. If you don't have access to wired ethernet or the above methods fail, configure your Pi for USB-OTG, also known as \"on-the-go\" or gadget mode. Instructions for enabling USB-OTG vary between various models and not all Pi hardware has support for this.
"},{"location":"faq/#my-custom-hostapdconf-phpini-is-gone","title":"My custom hostapd.conf / php.ini is gone.","text":"

The installer applies a \"known good\" default configuration to some services, including hostapd. It will also, optionally, optimize PHP by changing a very limited number of settings. Your custom configurations haven't been lost however; they've been moved to the backups directory in /etc/raspap/backups.

You are free to SSH in to restore those files to their rightful position. However, you may need to ensure that the RaspAP modifications are applied to your own custom configurations.

"},{"location":"faq/#i-changed-the-admin-password-and-forgot-what-it-was","title":"I changed the admin password and forgot what it was.","text":"

Login credentials are stored in /etc/raspap/raspap.auth. The password is encrypted and cannot be edited manually. However, deleting this file with sudo rm /etc/raspap/raspap.auth will restore the default admin password.

"},{"location":"faq/#raspap-control-panel-works-but-there-is-no-wifi-after-reboot","title":"RaspAP control panel works but there is no WiFi after reboot.","text":"

This problem often occurs when another program tries to reconfigure hostapd at startup. It can also happen when your RPi is configured as both a WiFi client and access point, also known as a managed mode AP. To address this, RaspAP has added a systemd init service to bring up networking services in a predictable order and timing after the Linux kernel is booted. You can check the status of this service with:

sudo systemctl status raspapd.service\n

The raspapd.service is optionally installed and enabled by the Quick Installer. It is also included in the manual setup steps.

"},{"location":"faq/#bridged-ap-mode-is-unstable-or-clients-cant-connect","title":"Bridged AP mode is unstable or clients can't connect.","text":"

RaspAP delegates all DHCP control to your router in bridged AP mode. If you have trouble connecting clients, start with this project's default configuration in routed AP mode first and try connecting a client. Enable logging for DHCP and hostapd to help you identify any problems. If you have no issues with client connectivity with the default routed AP, but cannot connect clients in bridged AP mode, in most cases the problem lies with your router\u2014not RaspAP. Check your router's web interface and DHCP settings.

If clients disconnect intermittently, this often indicates an undervoltage issue with your RPi. Check the kernel log for any Under-voltage detected! errors. Be sure you are using an official 5.1V power supply (each model has different power requirements) and detach any USB devices. Executing dmesg | grep br0 can also offer clues. Execute sudo dhclient -v to gain insights into DHCP requests between your device and router. A typical DHCP exchange follows this pattern:

CLIENT -> DHCPDISCOVER\nSERVER -> DHCPOFFER\nCLIENT -> DHCPREQUEST\nSERVER -> DHCPACK\n

If your device (the client) broadcasts DHCPDISCOVER, but there is no DHCPOFFER response from your router, you have a misconfiguration or other issue with your network. Troubleshooting client connectivity in bridged AP mode is not supported. No hard feelings.

"},{"location":"faq/#managed-mode-ap-doesnt-work-on-the-pi-zero-w","title":"Managed mode AP doesn't work on the Pi Zero W.","text":"

See this walkthrough where the installation is described in detail.

"},{"location":"faq/#wifi-scanning-doesnt-work-or-i-get-the-error-cannot-execute-wpa_cli-reconfigure","title":"WiFi scanning doesn't work or I get the error cannot execute \"wpa_cli reconfigure\".","text":"

On some configurations, the Configure WiFi client panel may appear empty. This project uses the wpa_supplicant command line client wpa_cli to populate a list of available wireless networks. If you can't execute this from the shell, neither can the web UI. For example, the results of this command:

sudo wpa_cli -i wlan0 scan_results\nFailed to connect to non-global ctrl_ifname: wlan0  error: No such file or directory\n
...indicate a problem with the socket used to communicate with wpa_supplicant. You may also encounter errors such as \"Could not connect to wpa_supplicant: wlan0 - re-trying\".

If this happens, first check the contents of wpa_supplicant with sudo cat /etc/wpa_supplicant/wpa_supplicant.conf. You should see, at minimum, the following:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev\nupdate_config=1\n

The above is present on clean installs of Raspbian. If you've made changes to this file, ensure that these lines appear first. Next, reinitialize the socket with:

sudo wpa_supplicant -B -Dnl80211,wext -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0\n

substituting wlan0 with your wireless interface, if necessary. You should then be able to perform scans as expected.

Tip

If you are using wpa_suplicant.conf to connect to your device with SSH on a wireless interface, do not reboot after running the Quick Installer. More information on this topic is available here.

"},{"location":"faq/#i-started-the-hotspot-but-it-shows-hostapd-down-whats-happening","title":"I started the hotspot but it shows \"hostapd down\". What's happening?","text":"

Hostapd, the Linux service that creates the access point, can fail to start for a variety of reasons. The following are common causes, with troubleshooting advice:

  1. If you've attached an external wireless adapter (bound to wlan1, for example) and have selected this as the AP interface, be sure that it either uses an in-kernel driver, also known as \"plug and play\" support, or that you have installed the correct driver for it.
  2. Confirm that the 802.11 wireless mode you've selected is supported by the adapter you've chosen in the list of available interfaces. For example, if you've selected the 802.11ac 5 GHz wireless mode with incompatible hardware, RaspAP will create the configuration for you but hostapd will fail to start.

In each of these cases, the hostapd service will report errors that can be useful for troubleshooting. Enable logging by selecting Logfile output on the Hostapd > Logging tab, choose Save settings then Restart hotspot.

Refer to this FAQ and this FAQ for more info.

"},{"location":"faq/#pinging-the-ap-from-a-connected-client-computer-or-vice-versa-results-in-an-intermittent-failure-can-i-troubleshoot-this","title":"Pinging the AP from a connected client computer (or vice versa) results in an intermittent failure. Can I troubleshoot this?","text":"

An intermittent ping failure on the wireless interface could indicate any number of things; a poor wireless signal, co-channel interference and disassociated client being among the most common. The following are methods for troubleshooting this:

  1. Get a signal strength report. A signal of -80 dBm or less from your AP is unreliable. If your client computer supports Linux, use sudo iw dev wlan0 scan | awk '/signal:/{sta=$2$3} /SSID:/{print $0\" \"sta}' and check your AP's dBm value. Alternatively, use any one of several graphical WiFi explorer type tools and obtain your signal strength this way.

  2. Use wavemon on the AP to scan for overlapping channels from nearby APs. Install it with sudo apt install wavemon. If it shows an AP with a strong signal on the same channel as your AP, you are likely experiencing co-channel interference. Select a different channel or band for your AP, restart it and compare the results.

  3. Use mtr to run a continuous scan that reports on latency and percentage packet loss. Install it with sudo apt install mtr-tiny. Obtain your client's IPv4 address from the dashboard or DHCP Server > Client list and start the utility, for example mtr 10.3.141.151. While the scan is running, reposition your client computer and/or your AP and observe the results.

  4. Enable hostapd service logging from RaspAP with Hotspot > Logging > Logfile output, followed by Save settings and restart your AP. Look for errors that indicate clients are being disassociated from the AP. Refer to this FAQ for more info.

"},{"location":"faq/#my-wlan1-keeps-being-disabled-andor-clients-are-repeatedly-disconnected","title":"My wlan1 keeps being disabled and/or clients are repeatedly disconnected.","text":"

Issues such as this can be tricky to diagnose. In this case, an AP is started with an external USB wireless adapter, but client devices are continuously authenticated and disconnected (or \"disassociated\"). This may appear in hostapd service logs like so:

wlan1: STA 24:62:ab:fd:24:34 IEEE 802.11: authenticated\nwlan1: STA 24:62:ab:fd:24:34 IEEE 802.11: associated (aid 1)\nwlan1: AP-STA-CONNECTED 24:62:ab:fd:24:34\nwlan1: STA 24:62:ab:fd:24:34 RADIUS: starting accounting session 1D0030DD3176A315\nwlan1: STA 24:62:ab:fd:24:34 WPA: pairwise key handshake completed (RSN)\nwlan1: AP-STA-DISCONNECTED 24:62:ab:fd:24:34\nwlan1: STA 24:62:ab:fd:24:34 IEEE 802.11: disassociated\nwlan1: STA 24:62:ab:fd:24:34 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)\n

The AP itself may also fail repeatedly with errors like the following:

wlan1: INTERFACE-ENABLED \nFailed to set beacon parameters\nwlan1: INTERFACE-DISABLED \nwlan1: INTERFACE-ENABLED \nFailed to set beacon parameters\nwlan1: interface state ENABLED->DISABLED\nwlan1: AP-DISABLED \nwlan1: CTRL-EVENT-TERMINATING \n

If you see messages indicating \"deauthenticated due to inactivity\", you can try the \"Disable disassoc_low_ack\" setting on the Hotspot > Advanced tab. Choose Save settings then restart your AP. Monitor the hostapd service logs and see if your clients are able to remain connected.

In this specific case, the user determined that the external RT3070 WiFi adapter was at fault.

"},{"location":"faq/#raspap-web-ui-fails-to-start-or-unable-to-save-settings","title":"RaspAP web UI fails to start or unable to save settings.","text":"

After performing a clean install of RaspAP or upgrading an existing installation, the web UI may fail to start or the admin panel may behave in unexpected ways. For example, pages may load but any attempt to save settings will fail. In other cases, the lighttpd web server may fail to respond completely. Errors such as these in /var/log/lighttpd/error.log are common:

(gw_backend.c.503) bind failed for: unix:/run/lighttpd/php.socket-0: No such file or directory\n(gw_backend.c.601) gw-backend failed to start: /usr/bin/php-cgi\n(gw_backend.c.1655) [ERROR]: spawning gw failed\n

These signs point to a corrupted filesystem on the SD card. If during a power disconnection the memory card is in a write operation, there is a high chance that one or more sectors will be damaged. In these cases, a fresh install on a new SD card can save you time and frustration. RaspAP's minimal SD card write mode can help in this case.

Tip

Be sure to use genuine MicroSD cards from a reputable manufacturer. Card clones are common and hard to distinguish from legitimately made ones, but certainly not subject to the same quality standards. Neither fake nor cheap cards are typically suitable for an entire OS to run from.

"},{"location":"faq/#why-do-i-receive-an-invalid-csrf-token-message-and-a-blank-screen","title":"Why do I receive an 'Invalid CSRF token' message and a blank screen?","text":"

A cross-site request forgery (CSRF) is a type of exploit where unauthorized commands are executed against a website on behalf of a trusted user. To guard against this, RaspAP generates a one-time token that is unique for every user and stored in the PHP session object. This token value is inserted into a hidden field on every form in the RaspAP application. If the token doesn\u2019t exist in the submitted form data or fails to match with the token on the server, the form will reject the submission and return an error.

The most common cause for this error message is when your PHP session expires. By default, the PHP session timeout is defined as 24 minutes (1440 seconds). When this timeout is reached stored data will be seen as \"garbage\" and cleaned up by the garbage collection process.

If you submit a form in RaspAP 24 minutes after the page was loaded, the application will return a CSRF token error. When this occurs, simply refresh the page to generate a new session token.

"},{"location":"faq/#can-i-restore-raspaps-default-settings","title":"Can I restore RaspAP's default settings?","text":"

Yes, two methods are described here.

"},{"location":"faq/#how-do-i-integrate-raspap-with-pi-hole","title":"How do I integrate RaspAP with Pi-hole?","text":"

There have been several discussions around integrating RaspAP with Pi-hole, with the end goal of hosting a complete AP and ad-blocker on a single device. Both projects rely on dnsmasq, so integration between them is tricky. There are now several options available to users of RaspAP.

  1. The first option is to configure RaspAP to use a Pi-Hole installation on a separate device. Go to RaspAP's DHCP Server > Advanced page and enable the \"Upstream DNS Server\" option, add your Pi-Hole's DNS, save settings and restart dnsmasq.

  2. Install RaspAP in an isolated Docker container together with Pi-Hole. You will need to configure Pi-Hole's dnsmasq service to listen on a port other than 53.

  3. Install Pi-Hole in a Docker container and proceed with a normal installation of RaspAP on the same device.

  4. Alternatively, you may use RaspAP's own ad blocking facility with support for custom blocklists.

"},{"location":"faq/#can-i-integrate-raspap-with-adguard-home","title":"Can I integrate RaspAP with Adguard Home?","text":"

Yes, you can run RaspAP and Adguard Home on the same device. Change Adguard Home\u2019s listening port to 5300 and bind to 127.0.0.1, then go to RaspAP's > DHCP Server > Advanced page and enable the \"Upstream DNS Server\". Add 127.0.0.1#5300 as an upstream DNS Server. Save settings and restart dnsmasq. Tip via @firestrife23

"},{"location":"faq/#can-i-configure-raspap-to-work-with-a-captive-portal","title":"Can I configure RaspAP to work with a captive portal?","text":"

Yes. The nodogsplash project works just fine with RaspAP and is recommended over other methods. A detailed setup guide is available here.

"},{"location":"faq/#how-do-i-create-an-ap-activation-schedule","title":"How do I create an AP activation schedule?","text":"

This is a common function in consumer wireless routers. For example, let's assume you want to disable your AP on Monday through Friday between 02:00 and 08:00. You can implement this with cron to stop/start RaspAP's service control script at certain times. Run sudo crontab -e and add entries like so:

# Stop RaspAP services at 02:00 on Monday through Friday\n0 2 * * 1-5 sudo /etc/raspap/hostapd/servicestart.sh --action stop\n\n# Start RaspAP services at 08:00 on Monday through Friday\n0 8 * * 1-5 sudo /etc/raspap/hostapd/servicestart.sh --seconds 3\n

For help with crontab, head over to crontab.guru.

"},{"location":"faq/#can-i-schedule-the-wifi-password-to-change-automatically","title":"Can I schedule the WiFi password to change automatically?","text":"

Yes. Here's one way to do it using bash. Save the script to your home directory (/home/pi for example) and set the execution bit with sudo chmod +x genpassphrase.sh. When executed, the script will automatically generate a strong password (or a weaker, pronounceable one), update the wpa_passphrase setting in hostapd.conf and finally restart the raspapd.service. The new passphrase and QR code will be visible on the Hotspot > Security tab.

This can be useful if you're using RaspAP to serve WiFi to clients in a public place, and need to update the passphrase regularly. Similar to creating an AP activation schedule, you can have this execute at specific intervals by using cron. Run sudo crontab -e and add an entry like so:

# Generate a new passphrase and restart RaspAP everyday at midnight\n@midnight /home/pi/genpassphrase.sh\n

For help with crontab, head over to crontab.guru.

"},{"location":"faq/#can-i-configure-a-managed-mode-ap-without-using-the-ui","title":"Can I configure a managed mode AP without using the UI?","text":"

Yes. Let's assume you are creating an RPi OS image (or other supported OS) with scripts that setup RaspAP at first startup. In this scenario, to configure a managed mode AP you must manually connect via a browser, make some changes via the UI and then save your settings. This can be also be done programmatically. Assuming you have wpa_supplicant.conf fully populated and a valid hostapd.conf, set the following values in /etc/raspap/hostapd.ini:

LogEnable = 0\nWifiAPEnable = 1\nBridgedEnable = 0\nWifiManaged = wlan0\n

substituting wlan0 for your AP interface, if necessary. You may then restart the raspap daemon with sudo systemctl restart raspapd.service.

"},{"location":"faq/#can-i-configure-an-alternate-port-for-raspaps-web-service","title":"Can I configure an alternate port for RaspAP's web service?","text":"

Yes. You can now do this from the Advanced tab in System. Manual steps for changing lighttpd's default port are included below.

Edit /etc/lighttpd/lighttpd.conf and change the following line:

server.port                 = 8080\n
then give the service a kick... 
sudo systemctl restart lighttpd.service\n
You can then access RaspAP as before with the new port number in the URI, for example, http://raspberrypi.local:8080. This will allow you run another web server alongside lighttpd, if that is your goal.

"},{"location":"faq/#what-breaks-raspap-when-docker-is-installed-on-the-same-system-and-how-i-can-fix-it","title":"What breaks RaspAP when Docker is installed on the same system and how I can fix it?","text":"

Installing RaspAP after installing Docker often results in connected clients not having internet access from the AP. The reason for this is Docker manipulates iptables rules to provide network isolation. Docker installs two custom iptables chains named DOCKER-USER and DOCKER, and it ensures that incoming packets are always checked by these two chains first. Docker also sets the policy for the FORWARD chain to DROP.

When RaspAP is started in its default router mode, this will result in the AP not forwarding traffic anymore. If you want RaspAP to continue functioning as a router, you can add explicit ACCEPT rules to the DOCKER-USER chain to allow it:

sudo iptables -I DOCKER-USER -i src_if -o dst_if -j ACCEPT

When Docker is correctly installed after RaspAP, the following iptables chain should be present:

Chain INPUT (policy ACCEPT) target prot opt source destination\nChain FORWARD (policy ACCEPT)\ntarget prot opt source destination DOCKER-USER all -- anywhere anywhere\nDOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere\nACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere\nACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere\nChain OUTPUT (policy ACCEPT) target prot opt source destination\nChain DOCKER (1 references) target prot opt source destination\n

Additional info here and here.

tl;dr: Install RaspAP first, followed by Docker, adding the explicit iptables rule sudo iptables -I DOCKER-USER -i src_if -o dst_if -j ACCEPT.

"},{"location":"faq/#can-i-integrate-raspap-with-openmediavault","title":"Can I integrate RaspAP with OpenMediaVault?","text":"

Yes, you can run RaspAP alongside OpenMediaVault for a complete media center and wireless hotspot on a single device. In this way, you are able to share the media storage in your local network via a wireless hotspot while connected to a router via ethernet. This is illustrated in the schematic below:

[Router] <---- eth ----> [Pi] (RaspAP + OMV5)\n   |                      |\n WiFi 1              WiFi 2 (subnet)\n

Follow these steps to create this configuration:

  1. Follow RaspAP's Quick start guide and set up your network as you wish.
  2. Change the default Web server port to 8080 (so that it doesn't conflict with OMV5), from RaspAP's System > Advanced panel.
  3. Install OMV5 skipping network configuration.
  4. Configure your OMV5 install without changing the network settings.
  5. To make your OMV5 drives accessible from the subnet (WiFi 2), add the following settings at the end of OMV Control panel > Menu > SMB/CIFS > Settings Tab > Extra Options: 
    bind interfaces only = yes\ninterfaces = lo eth0\n

Source: openmediavault forums.

"},{"location":"faq/#can-i-use-raspap-to-share-speedifys-aggregated-connections","title":"Can I use RaspAP to share Speedify's aggregated connections?","text":"

Yes, RaspAP is compatibile with Speedify's connection bonding. In this scenario, you may want to combine several internet connections (for example, a DSL connection, 4G cellphone and an LTE router) and share these via RaspAP.

Begin by running Speedify's one step install, login with your credentials and connect Speedify. Next, configure Speedify for WiFi sharing by editing the following file:

sudo nano /etc/speedify/speedify.conf\n

Make sure to uncomment the following lines (remove the \"#\" symbol). To share over the Wi-Fi interface wlan0, set:

ENABLE_SHARE=1 \nSHARE_INTERFACE=\"wlan0\"\nWIFI_INTERFACE=\"wlan0\" \n

Once you have configured the sharing settings, save the file (if you are using nano, use Ctrl+O and press Enter to save). Exit the text editor and then execute:

sudo service speedify-sharing restart\n

Refer to Speedify's support article for additional tips and troubleshooting.

"},{"location":"faq/#how-do-i-serve-custom-pages-from-raspap","title":"How do I serve custom pages from RaspAP?","text":"

Several users have asked if they can extend RaspAP or otherwise serve their own custom directory with the existing lighttpd web service. Broadly, there are two approaches to achieve this. In the examples below, we will add support for a custom directory called \"admin\".

Option 1. Create a subdirectory of RaspAP's default install location (/var/www/html) called \"admin\": /var/www/html/admin. Now, modify RaspAP's application routing rules by adding this directory to the exclusion list. You may do this with sudo nano /etc/lighttpd/conf-available/50-raspap-router.conf. Next, modify the following line like so: 

$HTTP[\"url\"] =~ \"^/(?!(dist|app|ajax|config|admin)).*\" {\n

Note that \"admin\" is appended above \"config\", above. This instructs lighttpd not to rewrite URLs that match this pattern. Reload the lighttpd service with sudo systemctl reload lighttpd.service.

You may now create your own index.php file in this folder and request it from the browser as http://10.3.141.1/admin/ or http://raspberrypi.local/admin.

Option 2. Reinstall RaspAP and specify a custom install destination, for example /var/www/html/raspap. This will leave the default web root free for you to create any files you wish, without attempting to rewrite the URLs (the installer will only apply routing rules to your custom RaspAP root).

"},{"location":"faq/#can-i-automatically-update-raspaps-adblock-lists","title":"Can I automatically update RaspAP's adblock lists?","text":"

RaspAP's adblock feature uses several blocklists that are aggregated and updated daily. In a typical setup, you may use the Ad blocking management page to manually update these lists. Alternatively, this user-contributed script will automatically fetch the latest blocklists on the schedule of your choosing (for example, daily, weekly, etc.) and reload dnsmasq. 

#!/bin/sh\n#\nsleep $(shuf -i 0-3600 -n1)\ncurl -L https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts > /etc/raspap/adblock/hostnames.tmp\ncurl -L https://big.oisd.nl/dnsmasq > /etc/raspap/adblock/domains.tmp\n\nmv /etc/raspap/adblock/hostnames.tmp /etc/raspap/adblock/hostnames.txt\nmv /etc/raspap/adblock/domains.tmp /etc/raspap/adblock/domains.txt\nchown root:www-data /etc/raspap/adblock/hostnames.txt\nchown root:www-data /etc/raspap/adblock/domains.txt\n\nsudo systemctl reload dnsmasq.service\n
Credit to DanielLester83.

"},{"location":"faq/#openvpn-fails-to-start-andor-i-have-no-internet","title":"OpenVPN fails to start and/or I have no internet.","text":"

RaspAP supports OpenVPN clients by uploading a valid .ovpn file to /etc/openvpn/client and, optionally, creating a login.conf file with your client auth credentials. Additionally, in line with the project's default configuration, the following iptables rules are added to forward traffic from OpenVPN's tun0 interface to your configured wireless interface (wlan0 is the default):

-A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT\n-A FORWARD -i wlan0 -o tun0 -j ACCEPT\n

After starting the OpenVPN service, you may check and validate these rules like so:

$ sudo iptables -L FORWARD -v -n\nChain FORWARD (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target     prot opt in     out     source               destination         \n 1955 1493K ACCEPT     all  --  tun0   wlan0   0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED\n 1715  194K ACCEPT     all  --  wlan0  tun0    0.0.0.0/0            0.0.0.0/0\n

It is your responsibility to provide a valid .ovpn file. RaspAP does not attempt to validate the settings or RSA keys contained in this file. If OpenVPN fails to start, check for errors with sudo systemctl status openvpn-client@client and journalctl --identifier openvpn.

"},{"location":"faq/#openvpn-works-but-i-have-partial-or-no-internet-access","title":"OpenVPN works but I have partial or no internet access.","text":"

Issues like this are frequently reported. Begin by confirming the status of your connection:

$ sudo systemctl status openvpn-client@client\n\u25cf openvpn-client@client.service - OpenVPN tunnel for client\n   Loaded: loaded (/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: enabled)\n   Active: active (running) since Fri 2020-06-12 15:45:41 CDT; 1min 39s ago\n     Docs: man:openvpn(8)\n           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage\n           https://community.openvpn.net/openvpn/wiki/HOWTO\n Main PID: 2689 (openvpn)\n   Status: \"Initialization Sequence Completed\"\n    Tasks: 1 (limit: 2200)\n   Memory: 1.1M\n   CGroup: /system.slice/system-openvpn\\x2dclient.slice/openvpn-client@client.service\n           \u2514\u25002689 /usr/sbin/openvpn --suppress-timestamps --nobind --config client.conf\n
You can also use journalctl --identifier openvpn to identify any errors. If your internet access is intermittent or otherwise degraded with the openvpn-client active, the next step is to test your connection for packet loss and latency. There are many Linux tools you can use to diagnose your network. mtr is a good choice as it combines functionality of the traceroute and ping programs. Install and use it to perform your own evaluation:

sudo apt install mtr -y\nsudo mtr -rwc 50 -i 0.2 -rw duckduckgo.com\n\nStart: 2021-06-13T11:42:26+0100\nHOST: raspberrypi                                Loss%   Snt   Last   Avg  Best  Wrst StDev\n  1.|-- 192.168.1.254                              0.0%    50   26.8  27.1  26.5  31.4   0.8\n  2.|-- somerouter.net                            88.0%    50   392.0 390.4 362.1 596.7  1.2\n

The results are reported as round-trip response times in milliseconds and the percentage of packet loss. If you see loss and/or latency like the above example, report it to your VPN provider or find another one. Read this for more on interpreting mtr results.

Protip: free VPNs are frequently oversubscribed and usually not worth the trouble.

"},{"location":"faq/#openvpn-is-enabled-but-i-am-still-blocked-from-country-restricted-websites","title":"OpenVPN is enabled but I am still blocked from country restricted websites.","text":"

Remote hosts use a variety of methods to defeat VPNs, some more aggressively than others. Many VPN providers will advise you to configure custom DNS servers to mitigate DNS leaks, which you can do from RaspAP's DHCP > Advanced tab. Others have specific VPN nodes to use with popular streaming services.

Several users have reported that Firefox's DNS-over-HTTPS (DoH) has created problems with their VPN, in effect creating a DNS leak from the browser that circumvents RaspAP's DNS settings. Be sure to disable this \"feature\" when using a VPN service.

If you suspect network traffic is not being routed through tun0 (or any other interface) for some reason, you can monitor this directly from your RPi with iftop:

sudo apt install iftop\nsudo iftop -i [interface]\n
"},{"location":"faq/#uploading-my-wireguard-config-results-in-mime-type-not-allowed","title":"Uploading my WireGuard config results in \"MIME type not allowed\".","text":"

For security reasons, your OpenVPN or WireGuard .conf files must have a Linux MIME type of text/plain. Windows ignores MIME types, relying instead on extensions. To avoid errors, be sure your file has a text/plain MIME type embedded in it before uploading.

Most OpenVPN and WireGuard service providers give you the option of downloading a file formatted for Linux. Alternatively, you may convert your Windows config file for use with Linux with dos2unix or one of several online tools made for this purpose.

"},{"location":"faq/#i-think-my-traffic-isnt-being-routed-through-the-wireguard-vpn-can-i-debug-this","title":"I think my traffic isn't being routed through the WireGuard VPN. Can I debug this?","text":"

There are several things you can do to troubleshoot this. First, with the WireGuard service active, verify your public IPv4 address and check the external link, as shown below:

Next, you may check the WireGuard service status by executing sudo systemctl status wg-quick@wg0.service from the shell, like so:

$ sudo systemctl status wg-quick@wg0.service\n\u25cf wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0\n     Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)\n     Active: active (exited) since Wed 2021-12-29 15:31:03 GMT; 1 day 18h ago\n       Docs: man:wg-quick(8)\n             man:wg(8)\n             https://www.wireguard.com/\n             https://www.wireguard.com/quickstart/\n             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8\n             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8\n   Main PID: 1450 (code=exited, status=0/SUCCESS)\n      Tasks: 0 (limit: 1438)\n        CPU: 0\n     CGroup: /system.slice/system-wg\\x2dquick.slice/wg-quick@wg0.service\n

You may also use RaspAP's built-in WireGuard logging facility. On the WireGuard > Logging tab, enable the \"Display WireGuard debug log\" option and choose Save settings. Check the log output in the tab and look for any errors.

Tip

The debug log facility queries the systemd journal with a one-time execution of journalctl --identifier wg-quick. If you want to update this log output, simply enable the option again. You may also execute this command directly from the shell, if you wish.

Finally, you may check and verify the WireGuard config itself, including PostUp / PostDown rules, by executing sudo cat /etc/wireguard/wg0.conf.

As a last piece of advice, be sure to test more than one client device connection with your WireGuard-enabled AP. Some users have reported traffic not routing as expected with one device, while a different device behaves normally.

Please note that RaspAP provides a front-end to the WireGuard service only. It has no way of validating your WireGuard configuration. For this reason, bug reports such as \"WireGuard not working\" won't be considered.

"},{"location":"faq/#how-can-i-clear-raspaps-wireguard-log","title":"How can I clear RaspAP's WireGuard log?","text":"

WireGuard doesn't do any logging by default. The quasi-logging done by RaspAP executes sudo journalctl --identifier wg-quick. The Linux journal is not something you usually clear by yourself, however you can use journalctl's self maintenance to retain only the past two days:

sudo journalctl --vacuum-time=2d\n

See man journalctl for more information.

"},{"location":"faq/#why-cant-i-access-wireless-mode-n-80211n","title":"Why can't I access wireless mode 'N' (802.11n)?","text":"

On the Configure hotspot > Security tab, be sure to select CCMP for the Encryption Type. Save the settings and restart the hotspot. The wireless mode should be reported on clients as 802.11b/g/n.

RaspAP:\n  PHY Mode:     802.11n\n  Channel:      1\n  Network Type:     Infrastructure\n  Security:     WPA2 Personal\n  Signal / Noise:   -49 dBm / -86 dBm\n  Transmit Rate:    73\n

If using TKIP for encryption with WPA, you will be restricted to 54 Mb/s. This is because the IEEE 802.11n draft prohibits using high throughput with WEP or TKIP ciphers.

"},{"location":"faq/#how-do-i-exclude-nat-rules-from-ip-traffic-on-localhost","title":"How do I exclude NAT rules from IP traffic on localhost?","text":"

RaspAP's Quick Installer configures network-address-translation (NAT) with iptables rules, so that the RPi can act as an internet gateway to multiple hosts on a local network with a single public IP address. This is done by rewriting the addresses of IP packets as they pass through the NAT system. Many access points, including RaspAP, use a combination of IP forwarding and masquerading to achieve this.

In some cases, NAT rules applied to localhost can interfere with other services running on an RPi. An example is the Plex Media Server, which has an API that listens on localhost. As of this writing, the Plex API has been built to not authenticate communication between service processes of the server. This can cause a failure to communicate with the Plex API or similar add-on services on your RPi.

The solution is to add a NAT rule ahead of the rule RaspAP installs to not apply NAT to connections destined to 127.0.0.0/8:

$ sudo iptables -t nat -I POSTROUTING -d 127.0.0.0/8 -j ACCEPT\n
The resulting iptables chain should look something like this:

$ sudo iptables -t nat -L -n -v\nChain PREROUTING (policy ACCEPT 31 packets, 4810 bytes)\n pkts bytes target prot opt in out source destination\n\nChain INPUT (policy ACCEPT 31 packets, 4810 bytes)\n pkts bytes target prot opt in out source destination\n\nChain OUTPUT (policy ACCEPT 23 packets, 1338 bytes)\n pkts bytes target prot opt in out source destination\n\nChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination\n   17 999 ACCEPT all -- * * 0.0.0.0/0 127.0.0.0/8\n   2422 158K MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0\n
Refer to this issue.

"},{"location":"faq/#why-is-the-channel-dropdown-disabled-on-the-hotspot-page","title":"Why is the channel dropdown disabled on the Hotspot page?","text":"

RaspAP is capable of detecting the frequencies (channels) supported by each of your device's wireless interfaces. If an interface is selected that is not capable of broadcasting on the 5 GHz band, the associated channels and the Save settings button are disabled. Next to the Wireless Mode selector, a tooltip will provide a brief explanation.

In this case, selecting a compatible 2.4 GHz wireless mode will populate the list of available channels for that interface. Alternatively, select another interface or connect a 5 GHz capable external wireless adapter. RaspAP will automatically detect the adapter and add it to the list of available interfaces.

"},{"location":"faq/#80211ac-is-supposed-to-operate-at-433-mbps-why-is-my-aps-throughput-so-much-less","title":"802.11ac is supposed to operate at 433 Mbps. Why is my AP's throughput so much less?","text":"

The 802.11ac wireless standard uses 433 Mbps per spatial stream in the 5GHz band. Therefore, the theoretical maximum speed for a single-stream device is 433 Mbps when using an 80 MHz wide channel. However, real-world speeds are often significantly less due to a number of factors.

In the Raspberry Pi's case, its onboard wireless chipset is connected to the primary System on a Chip (SoC) with a 4-bit SDIO link that runs at 41.7 MHz. 4 bits x 41.7 suggests about 160 Mbps should be possible with 802.11ac on this device. In practice, iPerf tests won't get close to this figure because SDIO is a simplex link (that is, half-duplex) with overhead in each of the protocol and transport layers. Given these restrictions, real-world iPerf tests in the range of 90-100 Mbps are actually quite good for this hardware.

"},{"location":"faq/#why-is-the-maximum-throughput-of-my-80211n-ap-reduced-by-half","title":"Why is the maximum throughput of my 802.11n AP reduced by half?","text":"

In order to achieve optimal throughput with 802.11n, the wireless stream must operate at a 40 MHz wide channel on the 2.4 GHz band. A 20 MHz channel will restrict you to 72 Mbps. Your hostapd.conf might have the required settings, but this is no guarantee of a 40 MHz channel.

In practice, this can be quite difficult due to interference on the 2.4 GHz band. There are many things that will cause an AP to fallback to 20 MHz. The most common reason is if an AP detects another wireless network within 40 MHz, i.e. two channels, of its own channel. For example, if an AP is set to channel 6, another network operating anywhere from channel 4 to 8 will trigger a fallback. hostapd will usually report a fallback like so:

20/40 MHz operation not permitted on channel pri=3 sec=7 based on overlapping BSSes\n

For more information on optimizing 802.11n, refer to this resource.

Generally speaking, the 5 GHz band has substantially greater capacity due to more non-overlapping radio channels and less radio interference as compared to the 2.4 GHz band.

"},{"location":"faq/#can-i-connect-the-wifi-client-to-a-wep-network","title":"Can I connect the WiFi client to a WEP network?","text":"

Wired Equivalent Privacy (WEP) has been deprecated for quite awhile but old routers still exist in the wild. Not all routers accept hex passwords, but you can try converting an ASCII password using an online tool like this one. A valid WEP key should be 5 or 13 characters or a 10- or 26-digit hexadecimal value. Be sure the hex values are unpadded and there are no trailing spaces. For example, 52617370415069734772656174 is a valid hex passphrase.

Paste your converted hex value into RaspAP's WiFi client passphrase field and try connecting.

If you're not able to connect with a hex passphrase, you can also try this alternate manual configuration method.

"},{"location":"faq/#can-i-turn-the-hotspot-onoff-over-ssh","title":"Can I turn the hotspot on/off over SSH?","text":"

Yes, RaspAP provides a front-end to several Linux systemd services, including hostapd. From the terminal, check the status of the hostapd.service like so:

$ sudo systemctl status hostapd.service \n\u25cf hostapd.service - Access point and authentication server for Wi-Fi and Ethernet\n     Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)\n

Stop the service with sudo systemctl stop hostapd.service and start it with sudo systemctl start hostapd.service.

If you're curious about which other services and Linux tools RaspAP controls for you, take a look at raspap.sudoers.

"},{"location":"faq/#can-i-share-internet-from-a-wireless-lan-with-ethernet-clients","title":"Can I share internet from a wireless LAN with Ethernet clients?","text":"

Yes, RaspAP simplifies this with an intuitive and easy-to-use WLAN routing solution.

"},{"location":"faq/#can-i-isolate-raspap-from-other-software-on-my-system","title":"Can I isolate RaspAP from other software on my system?","text":"

Yes, you have the option of installing RaspAP in an isolated and portable Docker container.

"},{"location":"faq/#how-do-i-upgrade-raspap","title":"How do I upgrade RaspAP?","text":"

Upgrading an existing install without changing your configuration is very straightforward. Several different methods are described below.

The version 3.0.2 release introduced a new feature to upgrade your RaspAP installation. To use this, simply navigate to the About page and click or tap on the Check for update button. This queries the GitHub API for the latest release version, compares it with your current install and prompts you to upgrade if a newer release is available.

No other actions are required on your behalf. Alternatively, you may also use the Quick installer to upgrade to the latest release version. This is done with the --upgrade option, as shown below:

curl -sL https://install.raspap.com | bash -s -- --upgrade\n

The installer upgrade is idempotent, meaning it can be repeated an arbitrary number of times and the result will be as if it had been done only once. If you choose this method, you're done! Confirm the upgrade by checking the release version on the About page.

If you want to install a specific version, you may do so by referencing a tag using git:

sudo git fetch -v --tags\nsudo git checkout 3.0.8\n

A tag is a pointer that isn't connected to the main development tree that git knows about. As a result, git will reply that you're in a \"detached HEAD\" state. This isn't a big deal, it just means that you have a specific version of the code that isn't connected to the git tree.

Alternatively, if you want the latest bleeding edge commits from the master branch, use the following:

sudo git checkout -b master\nsudo git pull origin master\n

If you've customized your installation by editing config.php, update the release version in this file: 

sudo nano /var/www/html/includes/config.php\n
Change the value in this line to the release version, save the file and exit.

define('RASPI_VERSION', '3.0.8');\n

Whichever method you choose (about page button, installer upgrade, specific release or latest updates), your RaspAP configuration won't be changed.

"},{"location":"faq/#do-i-need-the-raspap-service-to-run-at-boot","title":"Do I need the RaspAP service to run at boot?","text":"

If you are using your RPi as a client on a WiFi network (also known as managed mode) and hosting an access point simultaneously, the raspapd.service will ensure that your hotspot is active after a reboot. It does this by detecting WiFi client AP mode, adding the uap0 interface and starting up networking services in a specific order.

If your RPi is configured with wired ethernet (eth0) or you haven't experienced problems with the AP starting on boot, you can disable the RaspAP daemon like so:

sudo systemctl disable raspapd.service\n
"},{"location":"faq/#can-the-quick-installer-accept-the-default-options-without-prompting-me","title":"Can the Quick Installer accept the default options without prompting me?","text":"

Yes, the Quick Installer has a non-interactive mode that lets you perform unattended setups. This mode assumes \"yes\" as an answer to all prompts. You can do an unattended install of RaspAP by appending the --yes command line option, like so:

curl -sL https://install.raspap.com | bash -s -- --yes\n

The options -y or --assume-yes are also accepted and have the same result.

"},{"location":"faq/#how-do-i-uninstall-raspap","title":"How do I uninstall RaspAP?","text":"

An uninstaller is provided to remove RaspAP cleanly, and also restore any backups of your configuration that were created before RaspAP was installed. Start the uninstaller with the following:

curl -sL https://install.raspap.com | bash -s -- --uninstall\n

Alternatively, you may execute the uninstaller directly from the project folder (default location is /var/www/html):

cd /var/www/html\nsource installers/uninstall.sh\n_remove_raspap\n

Whichever method you choose, the result is the same. Check your network configuration before rebooting to ensure you can still access your device.

"},{"location":"firewall/","title":"Firewall","text":""},{"location":"firewall/#overview","title":"Overview","text":"

Experimental \u00b7 Insiders only

If your device is exposed to the outside world, firewall rules can provide a layer of security against intruders to your network. A firewall also gives us granularity in terms of what is allowed to be forwarded across interfaces. Using the rule sets described below, we can effectively control which packets are allowed to be inputted to, and outputted from, the RaspAP router itself.

Insiders have access to a UI designed for this purpose.

"},{"location":"firewall/#basic-rule-set","title":"Basic rule set","text":"

As with every other aspect of RaspAP's default settings, the application iptables rules are stored in an external JSON file, so they may be modified without touching code. During the install, the file iptables_rules.json is copied from /config to /etc/raspap/networking/firewall. Thereafter, they may be administered from the UI, shown below.

By default, the firewall will only allow outgoing and already established traffic. There are no restrictions to the currently configured AP interface (wlan0 is the default). The remaining firewall rules are grouped into four distinct classes. These are described below.

"},{"location":"firewall/#pre-rules","title":"Pre-rules","text":"

These rules define pre- and post-routing network address translation (NAT) policies, allow ping requests (IPv4 and IPv6), the loopback device, NTP requests via UDP and DNS requests via TCP and UDP.

"},{"location":"firewall/#main-rules","title":"Main rules","text":"

Main rules cover many functions, including allowing unrestricted traffic over the AP interface, rules for client interfaces including the tunnel device (tun0 for OpenVPN) and WireGuard (wg0, for example). RaspAP will check for the presence of an active OpenVPN or WireGuard connection and automatically apply these rules.

"},{"location":"firewall/#exception-rules","title":"Exception rules","text":"

These types of rules include service exceptions, such as allowing ssh access on port 22 and http or https on ports 80 and 443, respectively. In addition, user-defined exception rules may be added to allow incoming or outgoing traffic from specific IP addresses or interfaces. These exception values may be entered in the UI, separated by a blank character or comma.

This rule type is required for OpenVPN via UDP and WireGuard. A list of currently active VPN server IP addresses is provided in the firewall UI.

"},{"location":"firewall/#restriction-rules","title":"Restriction rules","text":"

By contrast, restriction rules allow the user to block access from specific IP addresses.

"},{"location":"firewall/#json-rules-syntax","title":"JSON rules syntax","text":"

Most entries in iptables_rules.json are descriptive and should be straightforward. An optional entry for each set of rules called dependson allows for creation of rules that depend on device names and whether a service is active.

Each dependency refers to an entry in the firewall config file. For example, ap-device or openvpn-enabled, followed by a type definition (bool, string or list). The replace tag defines which variable in the actual iptables rule should be replaced. To illustrate this, the wireguard rule set is shown below:

\"name\": \"wireguard\",\n    \"comment\": \"Rules for wireguard device (wg)\",\n    \"ip-version\": 4,\n    \"dependson\": [\n        { \"var\": \"wireguard-enable\", \"type\": \"bool\" },\n        { \"var\": \"wireguard-serverip\", \"type\": \"string\", \"replace\": \"$IPADDRESS$\" },\n        { \"var\": \"client-device\", \"type\": \"string\", \"replace\": \"$INTERFACE$\" }\n    ],\n    \"rules\": [\n        \"-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT\",\n        \"-A FORWARD -i wg+ -j ACCEPT\",\n        \"-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE\"\n    ]\n

In this way, interdependent firewall rules may be defined and administered by RaspAP.

"},{"location":"firewall/#discussions","title":"Discussions","text":"

Questions or comments about using RaspAP's firewall? Join the discussion here.

"},{"location":"insiders/","title":"Insiders","text":"

Development of RaspAP is made possible thanks to a sponsorware release model. This means that new features are first exclusively released to sponsors as part of Insiders. Read on to learn what sponsorships achieve, how to become a sponsor and what's in it for you!

Paying it forward

We donate a percentage of all proceeds from Insiders to the Raspberry Pi Foundation each quarter, to help inspire future generations of makers together with their educators.

"},{"location":"insiders/#what-is-insiders","title":"What is Insiders?","text":"

RaspAP Insiders is a private fork of RaspAP, hosted as a private GitHub repository. Almost all new features are developed as part of this fork, which means that they are immediately available to all eligible sponsors, as they are made collaborators of this repository.

Every feature is tied to a funding goal in monthly subscriptions. When a funding goal is hit, the features that are tied to it are merged back into the RaspAP public repo and released for general availability, making them available to all users. Bugfixes are always released in tandem.

Sponsorships start as low as $10 per month.

"},{"location":"insiders/#what-sponsorships-achieve","title":"What sponsorships achieve","text":"

Sponsorships make this project sustainable, as they buy the maintainers of this project time \u2014 a very scarce resource \u2013 which is spent on the development of new features, bug fixes, stability improvement, issue triage and community support.

If you're unsure if you should sponsor this project, check out the list of completed funding goals to learn whether you're already using features that were developed with the help of sponsorships. You're most likely using at least a handful of them, thanks to our awesome sponsors!

"},{"location":"insiders/#whats-in-it-for-me","title":"What's in it for me?","text":"

The moment you become a sponsor, you'll get immediate access to the additional features below that you can start using right away, and which are currently exclusively available to sponsors:

Network device management Firewall settings WPA3-Personal AP security 802.11w Protected Management Frames Printable Wi-Fi signs Drag & drop dashboard widgets MAC address cloning Network diagnostics WireGuard kill switch Dynamic DNS Multiple WireGuard configs Wireless LAN routing Custom user avatars WiFi repeater mode

A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through Insiders' access to discussions, feature requests, issues and pull requests in the private GitHub repository.

Look for the list above to grow as we add more exclusive features. Be sure to visit this page from time to time to learn about what's new, or follow @RaspAP on Twitter to stay updated.

"},{"location":"insiders/#how-to-become-a-sponsor","title":"How to become a sponsor","text":"

Thanks for your interest in sponsoring! You can become a sponsor using your individual or organization's GitHub account. Just pick any tier from $10/month and complete the checkout. You will be automatically granted access to the private GitHub repository containing the Insiders edition, which has all exclusive features. In addition, you will be added as a team member with access to Insiders-only team discussions and content.

Join our awesome sponsors

Info

If you're sponsoring RaspAP through a GitHub organization, please send a short email to sponsors@raspap.com with the name of your organization and the account that should be added as a collaborator.2

You can cancel your sponsorship anytime.3

"},{"location":"insiders/#funding-targets","title":"Funding targets","text":"

Below is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.

"},{"location":"insiders/#goals","title":"Goals","text":"

The following section lists all funding goals. Each goal contains a list of features prefixed with a checkmark symbol, denoting whether a feature is already available or planned, but not yet implemented. When the funding goal is hit, the features are released for general availability.

"},{"location":"insiders/#1000-2nd-insiders-edition","title":"$1,000 - 2nd Insiders Edition","text":"

Network device management Firewall settings WPA3-Personal AP security 802.11w Protected Management Frames Printable Wi-Fi signs Drag & drop dashboard widgets MAC address cloning Network diagnostics

"},{"location":"insiders/#1500-3rd-insiders-edition","title":"$1,500 - 3rd Insiders Edition","text":"

WireGuard kill switch Dynamic DNS Multiple WireGuard configs Wireless LAN routing Custom user avatars eocticons-check-circle-fill-24:{: .check } WiFi repeater mode

"},{"location":"insiders/#completed-goals","title":"Completed goals","text":""},{"location":"insiders/#500-1st-insiders-edition","title":"$500 - 1st Insiders Edition","text":"

Multiple OpenVPN client configs OpenVPN certificate authentication OpenVPN service logging Night mode toggle Restrict network to static clients WireGuard support Set AP transmit power

"},{"location":"insiders/#transparency","title":"Transparency","text":"

We've chosen OpenCollective as the fiscal host for our GitHub sponsors organization. This means that our budget is completely transparent \u2014 financial contributions, expenses and payouts to project team members are automatically reported. Everyone can see where money comes from and what it's spent on. This committent to full transparency was central in our decision to implement Insiders.

"},{"location":"insiders/#quarterly-giving","title":"Quarterly giving","text":"

Beginning in 2022, each quarter 15% of all proceeds from Insiders will be donated directly to the Raspberry Pi Foundation. The Raspberry Pi Foundation is a UK-based charity that works to put the power of computing and digital making into the hands of people all over the world.

The Foundation supports initiatives like Coder Dojo, Astro Pi, Coolest Projects and much more.

When you become an Insider, not only do you support development of RaspAP but you also help inspire young people by harnessing the power of computing to solve problems and express themselves creatively.

"},{"location":"insiders/#support-for-educators","title":"Support for educators","text":"

We are big believers in the role that computing and digital technologies can play in shaping a better world. Many engineers, including members of the RaspAP team, got their first introduction to computing at an early age. This can take the form of a structured curriculum in a school setting, or less-formally through clubs, competitions and partnerships with youth organizations. Equally important is university, vocational and research training in digital technologies at all levels.

To this end, we have pledged to make Insiders freely available to all educators, their students, club participants and staff.

"},{"location":"insiders/#criteria","title":"Criteria","text":"

Educators, teacher trainers, researchers and club organizers engaged in digital and computing technologies for students of all ages are eligible. The only requirement is a GitHub account and a domain email address associated with an educational institution or organization with a focus on digital learning. Send a mail to sponsors@raspap.com with your GitHub account details and we'll get you started with Insiders.

"},{"location":"insiders/#frequently-asked-questions","title":"Frequently asked questions","text":""},{"location":"insiders/#repository-access","title":"Repository access","text":"

When you become a sponsor, GitHub will send you an invitation to the private Insiders repo. You must accept this invite before performing an upgrade or new install, as described below. Until you accept this invitation, running the Quick installer with the --insiders switch will result in the following:

RaspAP Install: Cloning latest files from GitHub\nCloning into '/tmp/raspap-webgui'...\nremote: Repository not found.\nfatal: repository 'https://github.com/RaspAP/raspap-insiders' not found\n

In this event, check your mail folders for an invitation from GitHub and accept it. You may also verify access to the Insiders repo with your token beforehand.

"},{"location":"insiders/#installing","title":"Installing","text":"

How do I install Insiders?

Invoke the Quick Installer with the --insiders switch, like so:

curl -sL https://install.raspap.com | bash -s -- --insiders\n

Tip

During the Insiders install, GitHub will ask you for your username and password in order to clone the private repository. You must enter a GitHub Personal Access Token at the password prompt. This is explained in the Authentication section below.

Alternatively, you may skip the GitHub authentication step by specifying your GitHub credentials with the --name and --token parameters: 

curl -sL https://install.raspap.com | bash -s -- --insiders --name [username] --token [my-token]\n
"},{"location":"insiders/#upgrading","title":"Upgrading","text":"

I have an existing RaspAP installation. How do I upgrade to Insiders?

Upgrading is easy. Simply invoke the Quick Installer with the --upgrade switch, specifying the private Insiders option, like so:

curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders\n

Tip

When upgrading to Insiders, GitHub will ask you for your username and password in order to clone the private repository. You must enter a GitHub Personal Access Token at the password prompt. This is explained in the Authentication section below.

As with a fresh Insiders install, you may also skip the GitHub authentication step by specifying your GitHub credentials with the --name and --token parameters: 

curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders --name [username] --token [my-token]\n
"},{"location":"insiders/#authentication","title":"Authentication","text":"

As of August 2021 GitHub removed support for password authentication, so you will need to generate a Personal Access Token and use this in place of your password. The process of creating a token is straightforward and described here.

Tip

Be sure to create a \"classic\" personal access token, rather than a fine-grained one. The latter has resulted in errors when cloning the private GitHub repository. Before invoking the Quick installer to perform an upgrade or new Insiders install, it's recommended to verify your token using the method described below.

If this is your first time using a GitHub personal access token, you can verify it by using curl and the GitHub API. Substitute your token value for MY_TOKEN below:

curl -sS -f -I -H \"Authorization: token MY_TOKEN\" https://api.github.com\n

If successful, GitHub should reply with HTTP/2 200 and a x-oauth-scopes: repo value in the response. If you receive a HTTP 401 or other error from curl, check your token and try again.

You will be asked to authenticate with GitHub when the installer clones the private Insiders repo. In this case, simply enter your GitHub username and token when prompted.

Note

Your token is sent securely via SSH to GitHub. The installer does not have access to or store your token.

If you're using GitHub with 2FA enabled the same process above applies.

"},{"location":"insiders/#scope-of-support","title":"Scope of support","text":"

Individual sponsors may use the main RaspAP repository for non-bug related discussions, including troubleshooting. If you've found a bug with an Insiders feature, please review our issue policy and create a report in the Insiders repository.

The RaspAP team will prioritize issues and feature requests for sponsors at the Business tier. Please create a report in the Insiders repository or contact us via email to discuss your requirements.

"},{"location":"insiders/#terms","title":"Terms","text":"

We're using RaspAP for a commercial project. Can we use Insiders under the same terms and conditions?

Yes. Whether you're an individual or a company, you may use RaspAP Insiders precisely under the same terms as RaspAP, which are defined by the GNU GPL 3.0 license. However, we kindly ask you to respect the following guidelines:

  • Please don't distribute the source code of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
  • If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may use the latest version that's available to you as long as you like. Just remember that GitHub deletes private forks.
"},{"location":"insiders/#discussions","title":"Discussions","text":"

Questions or comments about Insiders? Join the discussion here.

  1. You may be wondering if the sponsorware model contradicts the ethos of Open Source software. It's true that some features are locked behind a payment, which means they are only accessible after pledging a small amount of money. However, these features are only exclusive until specific funding targets are reached. Making an Open Source project sustainable is exceptionally difficult. Maintainers invest significant time and energy developing software, testing, responding to issues, writing documentation and so on. Too often, this leads to burnout and abandoned projects. The sponsorware model ensures that if you decide to use RaspAP, you can be sure that the project remains healthy, bugs are fixed quickly and new features are added regularly.\u00a0\u21a9

  2. It's currently not possible to grant access to each member of an organization, as GitHub only allows for adding users. Thus, after sponsoring, please send an email to sponsors@raspap.com, stating which account should become a collaborator of the Insiders repository. We're working on a solution which will make access to organizations much simpler.\u00a0\u21a9

  3. If you cancel your sponsorship, GitHub schedules a cancellation request which will become effective at the end of the billing cycle, which ends at the 22nd of the month for monthly sponsorships. This means that even though you cancel your sponsorship, you will keep your access to Insiders as long as your cancellation isn't effective. All charges are processed by GitHub through Stripe. As we don't receive any information regarding your payment, and GitHub doesn't offer refunds, sponsorships are non-refundable.\u00a0\u21a9

"},{"location":"issues/","title":"Reporting issues","text":""},{"location":"issues/#overview","title":"Overview","text":"

RaspAP is free software. It is delivered to you, at no cost, and with no warranty of any kind. The community of developers who contribute to this project make every effort to deliver defect-free code. That said, no software is perfect. You can help us improve this project by accurately describing your issue.

"},{"location":"issues/#issue-policy","title":"Issue policy","text":"

This project is currently led by one developer (@billz) in his very limited spare time. Please respect our developers' time by using issues for reporting bugs only. RaspAP is not a boxed product with a free troubleshooting hotline. If your issue is of a general nature and not directly related to a defect with this project, try searching the official Raspberry Pi forums, RaspAP's GitHub discussions, or Raspberry Pi on Stack Exchange. Chances are your question has been discussed and answered before.

Issues are only valid for clean installs of this project's compatible operating systems. If you observe RaspAP behaving strangely and you did not begin with a clean install, be sure to test it on a fresh SD card before reporting an issue.

The project FAQ is continuously updated with answers to many common questions. Refer to this first before creating a new issue.

"},{"location":"issues/#guidelines","title":"Guidelines","text":"

You can help us improve this project by accurately describing defects. To that end, these guidelines have been established to streamline the reporting process:

  1. Please read and follow the Code of Conduct.
  2. Provide useful detail to reproduce your issue. \"Doesn't work\" or \"not working\" is not a valid report. Here's an example model issue.
  3. Generate a debug log and upload the contents to Pastebin.
  4. If an issue is unclear or needs further information, it will be labeled with question and awaiting-user.
  5. Issues that becomes stale due to inactivity are automatically managed by stale-bot.
"},{"location":"issues/#supported-devices","title":"Supported devices","text":"

RaspAP functions very well \"out of the box\" on fresh installs of the latest RPi OS Lite 32-bit distribution on recent hardware like the RPi 4, 3B+ and Zero W. The version 2.3.1 release extends beta support to additional Debian-based distros, including Armbian and Ubuntu Server. Please note that \"supported\" is not a guarantee.

If you have installed other software packages on top of RaspAP, particularly those related to networking such as Pi-hole, please test RaspAP first on a clean install before reporting an issue. You may also use RaspAP's Docker container to mitigate conflicts with other software packages.

"},{"location":"issues/#external-hardware","title":"External hardware","text":"

RaspAP has been rigorously tested on the above supported distros and devices using the onboard wireless chipsets. While many good external wireless USB adapters, or \"dongles\", are available, a substantial number lack in-kernel driver support or are otherwise unsuitable for this project. It is not practical, or even possible, to individually test every dongle on the market with this project. For this reason, issues that concern external wireless adapters, or request troubleshooting of these devices, will not be considered.

If you suspect a driver problem with your USB adapter, RaspAP tools can assist you with installing missing WLAN driver modules. Beyond this, your best avenue for troubleshooting are the public forums mentioned above.

"},{"location":"issues/#default-settings","title":"Default settings","text":"

One of RaspAP's most popular features is the Quick Installer, which gets an AP up and running quickly and with a minimum of hassle. This works by applying a known-good default configuration that has been validated in testing with the project's supported devices. When the project prerequisites are followed, an AP with wired ethernet (eth0) or managed mode (wlan0) Wifi client AP will be functional with the default settings.

Important

RaspAP gives you control over many of the settings for hostapd, dhcpcd and dnsmasq. Once these default settings are changed, it's possible that one or all of the above services will enter a failed state.

"},{"location":"issues/#will-raspap-let-me-create-a-configuration-that-breaks-my-hotspot","title":"Will RaspAP let me create a configuration that \"breaks\" my hotspot?","text":"

In a word, yes. While the Quick Installer automates most of the work of creating an AP, RaspAP does not automagically validate your custom configurations. As a result, you may observe anomalous behavior when restarting these services and/or rebooting your device.

When in doubt, you may perform a system reset to restore the default settings.

Because of this, issues such as \"hotspot isn't working\" or \"gui doesn't work\" won't be considered. No hard feelings.

"},{"location":"issues/#submitting-an-issue","title":"Submitting an issue","text":"

If, after searching these community forums, consulting the FAQ and understanding the default settings, your issue still persists, please provide as much detailed information as possible. Use the provided issue template. Incomplete issue reports will not be considered. Thanks.

"},{"location":"manual/","title":"Manual installation","text":""},{"location":"manual/#overview","title":"Overview","text":"

These steps apply to the latest release of RaspAP, Raspberry Pi OS Lite, Debian and Armbian. Notes for previous versions, Ubuntu Server 18.04 TLS and 19.10 are provided, where applicable. Please refer to this regarding operating systems support.

"},{"location":"manual/#alternatives","title":"Alternatives","text":"

If your goal is to use RaspAP as a component of a larger project, or wish to isolate its dependencies from existing software on your system, consider deploying RaspAP in a Docker container instead.

"},{"location":"manual/#prerequisites","title":"Prerequisites","text":"

Start off by updating your system's package list, then upgrade the kernel, firmware and installed packages to their latest versions:

sudo apt-get update\nsudo apt-get full-upgrade\n

Note that full-upgrade is used rather than a simple upgrade, as this also picks up any dependency changes that may have been made. The kernel and firmware are installed as a Debian package, and so will also get updates when using the procedure above. These packages are updated infrequently and after extensive testing.

"},{"location":"manual/#enable-wireless-operation","title":"Enable wireless operation","text":"

Telecommunications radio bands are subject to regulatory restrictions to ensure interference-free operation. The Linux OS complies with these rules by requiring users to configure a two-letter \"WiFi country code\". In RPi OS, 5 GHz wireless networking is disabled until this country code has been set, usually as part of the initial installation process. If you have not set your country code or are unsure, check the \"WLAN Country\" setting in raspi-config's Localisation Options: 

sudo raspi-config\n

To ensure the WiFi radio is not blocked on the Raspberry Pi, execute the following command:

sudo rfkill unblock wlan\n
"},{"location":"manual/#non-rpi-os-dependencies","title":"Non-RPi OS dependencies","text":"

Operating systems other than RPi OS have some additional dependencies. If you are using RPi OS Lite, skip this section. On Ubuntu Server, add a dependency and the ppa:ondrej/php apt package:

sudo apt-get install software-properties-common \nsudo add-apt-repository ppa:ondrej/php\n

On Debian, Armbian and Ubuntu, install dhcpcd5 with the following:

sudo apt-get install dhcpcd5\n

On Raspberry Pi OS Lite 32-bit (bookworm), install dhcpcd5 with a dependency:

sudo apt-get install dhcpcd dhcpcd-base\n
"},{"location":"manual/#ubuntu-specific-steps","title":"Ubuntu-specific steps","text":"

Note

This section concerns manual pre- and post-install steps required for the latest Ubuntu 23.04 (Lunar Lobster) and Armbian 23.11 (Jammy) releases. They are not necessary with other distributions.

RaspAP's installer will prompt you to stop and disable the systemd-resolved service listening on port 53 before installing dnsmasq. On Ubuntu 23.04 and Armbian 23.11 this results in a name resolution failure and the installation cannot continue. To resolve this, perform the following pre-install steps:

  1. Stop systemd-resolved with sudo systemctl stop systemd-resolved.service.
  2. Edit the systemd-resolved config file: sudo nano /etc/systemd/resolved.conf, un-hash and specify DNS=9.9.9.9 (for example) and set DNSStubListener=no. Save and exit the file.
  3. Symlink /etc/resolv.conf with sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf.
  4. Proceed with RaspAP install as normal. Disable systemd services when prompted by the installer.

Post-install: The dnsmasq service will report errors such as \"config error is REFUSED (EDE: not ready)\". DNS 'A' record queries will fail and the AP will not be usable for clients. This is easily resolved with the following steps:

  1. Edit the dnsmasq configuration with sudo nano /etc/default/dnsmasq and un-hash IGNORE_RESOLVCONF=yes. Save and exit the file.
  2. Restart the dnsmasq service with sudo systemctl restart dnsmasq.service.

Your RaspAP install on Ubuntu should now function as expected.

"},{"location":"manual/#install-packages","title":"Install packages","text":"

Install git, lighttpd, php8, hostapd, dnsmasq and some extra packages with the following:

sudo apt-get install lighttpd git hostapd dnsmasq iptables-persistent vnstat qrencode php8.2-cgi jq isoquery\n

Note

For Raspberry Pi OS Lite (bullseye), Debian 11 and Ubuntu Server 22.04, replace php8.2-cgi with php7.4-cgi. For Ubuntu Server 23.04, you may use php8.1-cgi.

"},{"location":"manual/#enable-php","title":"Enable PHP","text":"

Next, enable PHP for lighttpd and restart the service for the settings to take effect: 

sudo lighttpd-enable-mod fastcgi-php    \nsudo service lighttpd force-reload\nsudo systemctl restart lighttpd.service\n

"},{"location":"manual/#create-the-web-application","title":"Create the web application","text":"

In these steps we will prepare the web destination and git clone the files to /var/www/html.

Caution

If this is not a clean installation, be sure you do not have existing files or directories in the web root before executing the rm -rf command.

sudo rm -rf /var/www/html\nsudo git clone https://github.com/RaspAP/raspap-webgui /var/www/html\n

Copy an extra lighttpd config file to support application routing. This step requires some text substitutions to support user changes to lighttpd's server.document-root setting:

WEBROOT=\"/var/www/html\"\nCONFSRC=\"$WEBROOT/config/50-raspap-router.conf\"\nLTROOT=$(grep \"server.document-root\" /etc/lighttpd/lighttpd.conf | awk -F '=' '{print $2}' | tr -d \" \\\"\")\n\nHTROOT=${WEBROOT/$LTROOT}\nHTROOT=$(echo \"$HTROOT\" | sed -e 's/\\/$//')\nawk \"{gsub(\\\"/REPLACE_ME\\\",\\\"$HTROOT\\\")}1\" $CONFSRC > /tmp/50-raspap-router.conf\nsudo cp /tmp/50-raspap-router.conf /etc/lighttpd/conf-available/\n

Link it into conf-enabled and restart the web service:

sudo ln -s /etc/lighttpd/conf-available/50-raspap-router.conf /etc/lighttpd/conf-enabled/50-raspap-router.conf\nsudo systemctl restart lighttpd.service\n

Now comes the fun part. For security reasons, the www-data user which lighttpd runs under is not allowed to start or stop daemons, or run commands like ip link, all of which we want our app to do. So we will add the www-data user to sudoers, but with restrictions on what commands the user can run. Copy the sudoers rules to their destination:

cd /var/www/html\nsudo cp installers/raspap.sudoers /etc/sudoers.d/090_raspap\n
"},{"location":"manual/#configuration-directories","title":"Configuration directories","text":"

RaspAP uses several directories to manage its own configuration. Create these with the following commands:

sudo mkdir /etc/raspap/\nsudo mkdir /etc/raspap/backups\nsudo mkdir /etc/raspap/networking\nsudo mkdir /etc/raspap/hostapd\nsudo mkdir /etc/raspap/lighttpd\nsudo mkdir /etc/raspap/system\n
"},{"location":"manual/#set-permissions","title":"Set permissions","text":"

Next, set the files ownership to the www-data user for the web files and RaspAP config:

sudo chown -R www-data:www-data /var/www/html\nsudo chown -R www-data:www-data /etc/raspap\n
"},{"location":"manual/#control-scripts","title":"Control scripts","text":"

RaspAP uses several shell scripts to manage various aspects of the application, including hostapd logging and raspapd, the RaspAP control service. Move these scripts to their destinations with the following:

sudo mv installers/enablelog.sh /etc/raspap/hostapd\nsudo mv installers/disablelog.sh /etc/raspap/hostapd\nsudo mv installers/servicestart.sh /etc/raspap/hostapd\nsudo mv installers/debuglog.sh /etc/raspap/system\n

Set ownership and permissions for the logging and service control scripts:

sudo chown -c root:root /etc/raspap/hostapd/*.sh\nsudo chmod 750 /etc/raspap/hostapd/*.sh\n\nsudo chown -c root:root /etc/raspap/system/*.sh\nsudo chmod 750 /etc/raspap/system/*.sh\n

Copy and set ownership of the lighttpd control scripts: 

sudo cp installers/configport.sh /etc/raspap/lighttpd\nsudo chown -c root:root /etc/raspap/lighttpd/*.sh\n

Next, move the raspapd service file to the correct location and enable it:

sudo mv installers/raspapd.service /lib/systemd/system\nsudo systemctl daemon-reload\nsudo systemctl enable raspapd.service\n
"},{"location":"manual/#default-configuration","title":"Default configuration","text":"

To facilitate a faster setup, RaspAP uses a \"known-good\" default configuration as a starting point. Copy the configuration files for dhcpcd, dnsmasq, hostapd and defaults.json. Optionally, backup your existing hostapd.conf:

sudo mv /etc/default/hostapd ~/default_hostapd.old\nsudo cp /etc/hostapd/hostapd.conf ~/hostapd.conf.old\nsudo cp config/hostapd.conf /etc/hostapd/hostapd.conf\nsudo cp config/090_raspap.conf /etc/dnsmasq.d/090_raspap.conf\nsudo cp config/090_wlan0.conf /etc/dnsmasq.d/090_wlan0.conf\nsudo cp config/dhcpcd.conf /etc/dhcpcd.conf\nsudo cp config/config.php /var/www/html/includes/\nsudo cp config/defaults.json /etc/raspap/networking/\n

Tip

If you wish to modify RaspAP's default configuration for dnsmasq and dhcp, you may do so by changing these files and editing config/defaults.json.

Next, disable systemd-networkd and copy the bridge configuration with the following:

sudo systemctl stop systemd-networkd\nsudo systemctl disable systemd-networkd\nsudo cp config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev\nsudo cp config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network \n
"},{"location":"manual/#optimize-php","title":"Optimize PHP","text":"

Optionally, you may optimize PHP with the following, replacing php8.2-cgi with your installed version:

sudo sed -i -E 's/^session\\.cookie_httponly\\s*=\\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\\s*$/session.cookie_httponly = 1/' /etc/php/8.2/cgi/php.ini\nsudo sed -i -E 's/^;?opcache\\.enable\\s*=\\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\\s*$/opcache.enable = 1/' /etc/php/8.2/cgi/php.ini\nsudo phpenmod opcache\n
"},{"location":"manual/#routing-and-ip-masquerading","title":"Routing and IP masquerading","text":"

These steps allow WLAN clients to access computers on the main wired eth0 network, and from there the internet. Begin by enabling IP forwarding with the following commands:

echo \"net.ipv4.ip_forward=1\" | sudo tee /etc/sysctl.d/90_raspap.conf > /dev/null\nsudo sysctl -p /etc/sysctl.d/90_raspap.conf\nsudo /etc/init.d/procps restart\n

To enable traffic between clients on the WLAN and the internet, we add two iptables network address translation (NAT) \"masquerade\" firewall rules. Create these rules and persist them with the following:

sudo iptables -t nat -A POSTROUTING -j MASQUERADE\nsudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE\nsudo iptables-save | sudo tee /etc/iptables/rules.v4\n
"},{"location":"manual/#enable-hostapd","title":"Enable hostapd","text":"

The hostapd service is disabled by default, as there is no configuration for it after its initial installation. Unmask and enable it with the following:

sudo systemctl unmask hostapd.service\nsudo systemctl enable hostapd.service\n
"},{"location":"manual/#optional-components","title":"Optional components","text":"

The following components are not required to operate RaspAP, but extend its usefulness in several ways. Each is independent of the others, so you may choose to add whichever one you need.

"},{"location":"manual/#openvpn","title":"OpenVPN","text":"

Install OpenVPN, enabling the option in RaspAP's config and the openvpn-client service, like so:

sudo apt-get install openvpn\nsudo sed -i \"s/\\('RASPI_OPENVPN_ENABLED', \\)false/\\1true/g\" /var/www/html/includes/config.php\nsudo systemctl enable openvpn-client@client\n

Copy the OpenVPN auth control script to its destination, setting ownership and permissions with the following:

sudo mkdir /etc/raspap/openvpn/\nsudo cp installers/configauth.sh /etc/raspap/openvpn/\nsudo chown -c root:root /etc/raspap/openvpn/*.sh\nsudo chmod 750 /etc/raspap/openvpn/*.sh\n
"},{"location":"manual/#wireguard","title":"WireGuard","text":"

Adding support for WireGuard is straightforward. The application files are already present in RaspAP, so you may simply install and enable the service, then activate the management option:

sudo apt-get install wireguard\nsudo sed -i \"s/\\('RASPI_WIREGUARD_ENABLED', \\)false/\\1true/g\" /var/www/html/includes/config.php\nsudo systemctl enable wg-quick@wg\n
"},{"location":"manual/#ad-blocking","title":"Ad blocking","text":"

There are several steps to enable Ad blocking, including downloading the blocklists, setting permissions and adding a dnsmasq configuration: 

sudo mkdir /etc/raspap/adblock\nwget https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -O /tmp/hostnames.txt\nwget https://big.oisd.nl/dnsmasq -O /tmp/domains.txt\nsudo cp /tmp/hostnames.txt /etc/raspap/adblock\nsudo cp /tmp/domains.txt /etc/raspap/adblock \nsudo cp installers/update_blocklist.sh /etc/raspap/adblock/\nsudo chown -c root:www-data /etc/raspap/adblock/*.*\nsudo chmod 750 /etc/raspap/adblock/*.sh\nsudo touch /etc/dnsmasq.d/090_adblock.conf\necho \"conf-file=/etc/raspap/adblock/domains.txt\" | sudo tee -a /etc/dnsmasq.d/090_adblock.conf > /dev/null \necho \"addn-hosts=/etc/raspap/adblock/hostnames.txt\" | sudo tee -a /etc/dnsmasq.d/090_adblock.conf > /dev/null\nsudo sed -i '/dhcp-option=6/d' /etc/dnsmasq.d/090_raspap.conf\nsudo sed -i \"s/\\('RASPI_ADBLOCK_ENABLED', \\)false/\\1true/g\" includes/config.php\n
"},{"location":"manual/#restart","title":"Restart","text":"

Finally, restart your device and verify that the wireless access point is available:

sudo systemctl reboot\n

After your device has restarted, search for wireless networks with your wireless client. The default SSID is raspi-webgui. The default username is \"admin\" and the default password is \"secret\".

Important

It is strongly recommended that you change these default login credentials in RaspAP's Authentication panel. APs managed by RaspAP in the wild have been administered by third parties with the default login.

"},{"location":"manual/#discussions","title":"Discussions","text":"

Questions or comments about RaspAP's manual install? Join the discussions here.

"},{"location":"minwrite/","title":"Minimal SD card write","text":""},{"location":"minwrite/#overview","title":"Overview","text":"

Linux, and indeed most substantial operating systems, is frequently writing logs files, cache files and temporary data to disk (or the microSD card with the Raspberry Pi). Performing a shutdown puts these files away into a known valid state. If power is unexpectedly cut to a Raspberry Pi, these unwritten system files can become corrupted and render a card unbootable.

What is more, most microSD cards were not designed with 24/7 operation in mind. Continuous writing to the card's flash memory shortens its lifespan. They often accumulate bad sectors rather quickly after a period of extended use. This is particularly true of so-called \"budget\" microSD cards.

Using a Raspberry Pi as an access point requires reliable operation over a long period of time. While \"read-only mode\" operation for the SD card is one approach to prolong its use, this prevents user settings from being persisted to storage \u2014 meaning that any changes will be lost if the device is disconnected from power. This makes it less than ideal for RaspAP, or indeed any application such as a web server or database that depends on persistent storage.

"},{"location":"minwrite/#solution","title":"Solution","text":"

Rather than force the system into a read-only mode, RaspAP has an alternative \"minimal write mode\" that substantially reduces the risk of SD card corruption and also helps to extend the card's lifespan.

This solution involves moving logging, cache and temporary data to a RAM-based file system. The default system log processor rsyslog is replaced with an in-memory logger and several log-related services are disabled. The tmpfs filesystem is used for most processes that require write access, such as sessions used by php-cgi, as well as paths for transient and cache data including /var/cache and /var/tmp.

In addition, the system's boot options are modified to disable swap and file system checks. A tangible side benefit of retaining a read/write boot partition is that your system will behave otherwise normally \u2014 you may install packages, add services and perform most operations as before.

"},{"location":"minwrite/#enabling-minimal-write","title":"Enabling minimal write","text":"

The minimal microSD card write utility, minwrite, may be invoked by using RaspAP's Quick installer. This does not (re)install RaspAP \u2014 only the minwrite shell script is loaded and executed. Users of this method are informed of which operations are performed at each step. Alternatively, manual configuration steps are also provided. Notes specific to Armbian are given where applicable.

Warning

These methods have been used successfully with many Debian-based systems. However, you still use this at your own risk. We recommend either creating a backup image of your SD card before proceeding, or begin with a baseline setup that you can easily recreate if needed.

Both methods are reasonably straightforward. Bear in mind that RAM usage on your device will necessarily increase, since we'll be migrating the disk I/O activity of several system processes to the tmpfs ramdisk. For this reason, it's recommended to review the memory considerations before proceeding.

After we've enabled minwrite we'll look at a technique to evaluate its effectiveness.

"},{"location":"minwrite/#quick-install","title":"Quick install","text":"

The minwrite utility may be invoked remotely from the Quick installer like so:

curl -sL https://install.raspap.com | bash -s -- --minwrite\n

Alternatively, if you have a local install of RaspAP you may execute it from the /installers directory like so:

./raspbian.sh --minwrite.sh\n

You will be prompted at each step during the minwrite script's execution. As a final step, be sure to reboot your system.

$ curl -sL https://install.raspap.com | bash -s -- --minwrite\n\n\n 888888ba                              .d888888   888888ba\n 88     8b                            d8     88   88     8b\na88aaaa8P' .d8888b. .d8888b. 88d888b. 88aaaaa88a a88aaaa8P\n 88    8b. 88    88 Y8ooooo. 88    88 88     88   88\n 88     88 88.  .88       88 88.  .88 88     88   88\n dP     dP  88888P8  88888P  88Y888P  88     88   dP\n                             88\n                             dP      version 2.8.8\n\nThe Quick Installer will guide you through a few easy steps\n\n\nRaspAP Minwrite: Modify the OS to minimize microSD card write operation\nDetected OS: Debian GNU/Linux 11 (bullseye)\nRaspAP Minwrite: Removing packages\nThe following packages will be removed: dphys-swapfile logrotate\nProceed? [Y/n]:\nThe following packages will be REMOVED:\n  dphys-swapfile* logrotate*\n0 upgraded, 0 newly installed, 3 to remove and 65 not upgraded.\nAfter this operation, 351 kB disk space will be freed.\n(Reading database ... 65355 files and directories currently installed.)\nRemoving dphys-swapfile (20100506-7+rpt1) ...\nRemoving logrotate (3.18.0-2+deb11u1) ...\nProcessing triggers for man-db (2.9.4-2) ...\n(Reading database ... 65313 files and directories currently installed.)\nPurging configuration files for logrotate (3.18.0-2+deb11u1) ...\nPurging configuration files for dphys-swapfile (20100506-7+rpt1) ...\n[ \u2713 ok ]\nRaspAP Minwrite: Disabling services\nThe following services will be disabled: bootlogd.service bootlogs console-setup apt-daily\nProceed? [Y/n]:\n
"},{"location":"minwrite/#manual-steps","title":"Manual steps","text":"

These steps perform the same actions as the Quick install method. Details are provided so that you may choose to customize or skip some steps, if desired.

"},{"location":"minwrite/#remove-packages","title":"Remove packages","text":"

The goal here is to only remove packages that actively write to the filesystem, and that we intend to replace or disable entirely. In a subsequent step, logrotate will be replaced with busybox-syslogd. Additionally, dphys-swapfile, which manages a swapfile in the root filesystem on the SD card, is removed as it won\u2019t be able to work.

Remove these packages with the following:

sudo apt-get remove --purge dphys-swapfile logrotate\nsudo apt-get autoremove --purge\n
"},{"location":"minwrite/#disable-services","title":"Disable services","text":"

Linux is able to update packages autonomously without an external command. This task is scheduled by the apt-daily.service, which triggers the system to start apt tasks and scan installed packages for available updates. If updates are found, the apt-daily-upgrade.service downloads and installs them without user intervention. While useful for keeping your system updated, these are intensive processes in terms of disk I/O that we can safely disable and handle manually.

Disable the bootlogd.service, apt-daily and related services like so:

sudo systemctl unmask bootlogd.service\nsudo systemctl disable bootlogs\nsudo systemctl disable apt-daily.service apt-daily.timer apt-daily-upgrade.timer apt-daily-upgrade.service\n

Note

By disabling these services, you will need to manually check for package updates periodically with sudo apt-get update && sudo apt-get upgrade.

"},{"location":"minwrite/#replace-logger","title":"Replace logger","text":"

In this step we'll replace the default system logger rsyslog with an in-memory logger, busybox-syslogd. BusyBox combines tiny versions of many common Linux utilities into a single small executable. It provides a fairly complete POSIX environment for any small or embedded system, including a minimal write Raspberry Pi.

Install it like so and remove rsyslog:

sudo apt-get install busybox-syslogd\nsudo dpkg --purge rsyslog\n

Be aware that because busybox-syslogd writes system logs to RAM, these logs will be lost if your device is disconnected from power.

"},{"location":"minwrite/#disable-swap","title":"Disable swap","text":"

Next we'll modify system boot options to disable swap and filesystem checks, as these are both intensive disk I/O processes. Edit this file with sudo nano /boot/cmdline.txt and append the following to the end:

fsck.mode=skip noswap\n

The resulting file will look something like this (copied from a Pi 3 Model B+):

console=serial0,115200 console=tty1 root=PARTUUID=bddffae9-02 rootfstype=ext4 fsck.repair=yes rootwait fsck.mode=skip noswap\n

Save your changes and quit out of the editor with Ctrl+X followed by Y and finally Enter.

Note

By default Armbian does not use any SD card-based swap, so unless you\u2019ve customized your installation there\u2019s nothing to disable.

"},{"location":"minwrite/#move-directories-to-ram","title":"Move directories to RAM","text":"

As a final step, we'll move several directories to the tmpfs filesystem. By storing these directories on a ramdisk instead of the SD card, we can substantially reduce the volume of I/O operations on the card's flash memory. Writing to tmpfs also provides fast sequential read/write speeds. The tradeoff is that tmpfs is volatile storage \u2014 meaning that you will lose all data stored on the filesystem if you lose power.

We'll select paths to migrate to tmpfs for transient and cache data, as well as those required for RaspAP's operation that are associated with disk I/O activity. Moving these directories to tmpfs is done by editing fstab with sudo nano /etc/fstab. Append the following lines to the end:

tmpfs /tmp tmpfs  nosuid,nodev 0 0\ntmpfs /var/log tmpfs  nosuid,nodev 0 0\ntmpfs /var/tmp tmpfs  nosuid,nodev 0 0\ntmpfs /var/lib/misc tmpfs  nosuid,nodev 0 0\ntmpfs /var/cache tmpfs  nosuid,nodev 0 0\ntmpfs /var/lib/vnstat tmpfs  nosuid,nodev 0 0\ntmpfs /var/php/sessions tmpfs  nosuid,nodev 0 0\n

Save your changes and quit out of the editor with Ctrl+X followed by Y and finally Enter.

Note

Armbian puts /tmp in RAM by default, while Raspberry Pi OS does not. On both Armbian and Raspberry Pi OS, /run is stored in RAM already and /var/run symlinks to it.

The /var/tmp directory is made available for programs that require temporary files or directories that are preserved between system reboots. Therefore, data stored in /var/tmp is more persistent than data in /tmp. In practice, however, few programs in common use with Raspberry Pi OS write to this directory so we can safely move it to RAM.

"},{"location":"minwrite/#reboot","title":"Reboot","text":"

A reboot is required for the above steps to take effect: sudo reboot.

"},{"location":"minwrite/#memory-considerations","title":"Memory considerations","text":"

The minwrite configuration migrates as much as possible from SD card storage to the tmpfs ramdisk. As a result, a concomitant increase in memory utilization is expected. To benchmark this, we can compare the change in memory usage on a Pi 3 Model B+ with 1GB of RAM with a typical RaspAP installation.

Here we use the following to return the amount of free system memory expressed as a percentage of total available:

free -m | awk '/Mem:/ { total=$2 ; used=$3 } END { print used/total*100}'\n
Pre-minwrite Post-minwrite 11.88% 29.70%

While this is a noticable increase in RAM usage, it's still well within the margin for reliable operation of the OS. If you have a higher rate of RAM utilization on your device, or have limited available system memory to begin with, bear this in mind before proceeding.

Note

Recall that we've disabled swap, so if the system runs out of physical memory (RAM) there is no partition available for the kernel to allocate virtual memory in its place. This will cause the kernel to throw an out of memory (OOM) error. Normally this causes the kernel to panic and stop functioning.

"},{"location":"minwrite/#file-system-metrics","title":"File system metrics","text":"

We can evaluate a minwrite configuration by using iotop, a utility that watches I/O usage information output by the Linux kernel. Install it like so:

sudo apt-get install iotop\n

Execute it with the following switches to monitor accumulated activity of processes doing actual I/O:

sudo iotop -aoP\n

After a period of time, you will see disk I/O activity reported for a number of processes. Returning to our Pi 3 Model B+ test bench, we can compare the before and after results:

Pre-minwrite I/O 

Total DISK READ:         0.00 B/s | Total DISK WRITE:       191.31 B/s\nCurrent DISK READ:       0.00 B/s | Current DISK WRITE:      22.52 K/s\n    PID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND\n     95 ?sys root          0.00 B    860.00 K                 [jbd2/mmcblk0p2-]\n    145 ?sys root          0.00 B      3.03 M                 systemd-journald\n    412 ?sys root          0.00 B    112.00 K                 rsyslogd -n -iNONE\n    529 ?sys vnstat        0.00 B    264.00 K                 vnstatd -n\n   1080 ?sys www-data    800.00 K     48.00 K                 lighttpd -D -f /etc/lighttpd/lighttpd.conf\n   1186 ?sys www-data      2.25 M      0.00 B                 php-cgi\n   1187 ?sys www-data      4.00 K      0.00 B                 php-cgi\n   1188 ?sys www-data     52.00 K      0.00 B                 php-cgi\n   4752 ?sys root          0.00 B      4.00 K                 dhcpcd -w -q\n   5402 ?sys dnsmasq       0.00 B    140.00 K                 dnsmasq -x /run/dnsmasq/dnsmasq.pid\n

Post-minwrite I/O 

Total DISK READ:         0.00 B/s | Total DISK WRITE:         0.00 B/s\nCurrent DISK READ:       0.00 B/s | Current DISK WRITE:       0.00 B/s\n    PID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND\n    101 ?sys root          0.00 B      8.00 K                 [jbd2/mmcblk0p2-8]\n    837 ?sys www-data     24.00 K      0.00 B                 lighttpd -D -f /etc/lighttpd/lighttpd.conf\n    890 ?sys www-data    170.00 K      0.00 B                 php-cgi\n    891 ?sys www-data      4.00 K      0.00 B                 php-cgi\n    892 ?sys www-data      4.00 K      0.00 B                 php-cgi\n    893 ?sys www-data     80.00 K      0.00 B                 php-cgi\n

Notice that in the latter iotop output, logging to disk is nearly absent and vnstatd now writes data to RAM. The remaining disk write activity originates mainly from the ext4 journal update process jbd2.

At the same time, RaspAP settings may be modified and persisted to the microSD card and the system otherwise operated normally.

"},{"location":"minwrite/#discussions","title":"Discussions","text":"

Questions or comments about using minwrite mode? Join the discussion here.

"},{"location":"multiple/","title":"Multiple APs","text":""},{"location":"multiple/#overview","title":"Overview","text":"

Experimental

Many users have asked if it's possible to create a second wireless access point on the same device. The answer is \"yes\" with an AP-capable external wireless adapter and the correct settings. The Edimax EW-7811Un USB adapter works without additional drivers on many devices, including the Raspberry Pi. For this reason it is used in this walkthrough.

Tip

We strongly recommend this resource which lists USB WiFi adapters with in-kernel Linux drivers. These will work out of the box on Debian-based devices without installing third-party drivers. You may also wish to skip directly to this short list of \"superstar\" USB WiFi adapters for Linux. Pay special attention to those that are excellent choices for 5 GHz AP mode, if this is desired.

"},{"location":"multiple/#scenario","title":"Scenario","text":"

In this setup, we will use an external Edimax 2.4GHz USB adapter together with the onboard wireless chipset of the Raspberry Pi 4 operating on the 5GHz band. The end result is displayed in the WiFi network scan below.

It is not currently possible to create this setup with RaspAP's UI, so these manual steps are provided below. We can, however, leverage the web UI to create the hostapd configurations we'll need.

"},{"location":"multiple/#prerequisites","title":"Prerequisites","text":"

This tutorial assumes that you have followed the Quick start or manual installation instructions. If an 802.11 AC 5GHz wireless mode is desired with the RPi's onboard chipset, you must first configure a country that permits wireless operation on the 5GHz band. Refer to this FAQ for more information.

"},{"location":"multiple/#create-the-hostapd-configs","title":"Create the hostapd configs","text":"

The simplest method to achieve this is to use RaspAP's Hotspot > Basic tab to create the base configurations. Configure an AP for the onboard wlan0 interface with the settings shown below. Choose Save settings to write this to the filesystem.

Open your preferred terminal program and enter the following command to copy this as a new wlan0 configuration:

sudo cp /etc/hostapd/hostapd.conf /etc/hostapd/wlan0.conf\n

Next, configure a second AP for the external wlan1 interface with the settings shown below. Again, choose Save settings to write this to the filesystem.

Enter the following command to copy this as a new wlan1 configuration:

sudo cp /etc/hostapd/hostapd.conf /etc/hostapd/wlan1.conf\n

Tip

If you decide to create two APs on the same band, for example 802.11n 2.4GHz, be sure to select two different channels for each interface.

"},{"location":"multiple/#configure-dnsmasq","title":"Configure dnsmasq","text":"

RaspAP's default settings includes a preconfigured wlan0 file for the dnsmasq service. Execute cat /etc/dnsmasq.d/090_wlan0.conf to display its contents:

# RaspAP wlan0 configuration\ninterface=wlan0\ndomain-needed\ndhcp-range=10.3.141.50,10.3.141.254,255.255.255.0,12h\n

Next, we will copy this file and make some modfications to it:

sudo cp /etc/dnsmasq.d/090_wlan0.conf /etc/dnsmasq.d/090_wlan1.conf\nsudo nano /etc/dnsmasq.d/090_wlan1.conf\n

Edit this file so it looks like the example below, then save it and exit your editor.

# RaspAP wlan1 configuration\ninterface=wlan1\ndomain-needed\ndhcp-range=10.4.141.50,10.4.141.254,255.255.255.0,12h\n
"},{"location":"multiple/#configure-dhcpcd","title":"Configure dhcpcd","text":"

Similar to dnsmasq, the dhcpcd service is preconfigured with RaspAP's default settings. Open this file in an editor by executing sudo nano /etc/dhcpcd.conf, then add a wlan1 block to the end of the file:

# RaspAP default configuration\nhostname\nclientid\npersistent\noption rapid_commit\noption domain_name_servers, domain_name, domain_search, host_name\noption classless_static_routes\noption ntp_servers\nrequire dhcp_server_identifier\nslaac private\nnohook lookup-hostname\n\n# RaspAP wlan0 configuration\ninterface wlan0\nstatic ip_address=10.3.141.1/24\nstatic routers=10.3.141.1\nstatic domain_name_server=9.9.9.9 1.1.1.1\n\n# RaspAP wlan1 configuration\ninterface wlan1\nstatic ip_address=10.4.141.1/24\nstatic routers=10.4.141.1\nstatic domain_name_server=9.9.9.9 1.1.1.1\n

Note

RaspAP only manipulates /etc/hostapd/hostapd.conf so your custom hostapd configs won't be touched. The version 2.6 release lets you manage the dhcpcd and dnsmasq configs from the UI, while also preserving any manual changes.

Finally, enable the Log DHCP requests toggle on RaspAP's DHCP Server > Logging tab. Be sure to restart the dnsmasq service.

"},{"location":"multiple/#starting-the-hotspots","title":"Starting the hotspots","text":"

Ensure that hostapd is not already running before proceeding. You may stop the service with sudo systemctl stop hostapd.service or by using the Stop hotspot button in RaspAP's UI. Now we are ready to run hostapd interactively with the configurations we've created above. The debug switch -dd is optional but useful for troubleshooting:

sudo hostapd -dd /etc/hostapd/wlan0.conf /etc/hostapd/wlan1.conf\n

Connect clients to each AP and monitor the output. You may stop hostapd from the terminal with the Ctrl+C keystroke. Alternatively, you may send the process to the background with Ctrl+Z and restore it to the foreground with fg.

"},{"location":"multiple/#troubleshooting","title":"Troubleshooting","text":"

With RaspAP's DHCP logging option enabled, it can be useful to monitor this service's activity from the terminal. Execute tail -f /tmp/dnsmasq.log and try associating and disconnecting client devices from each AP.

"},{"location":"multiple/#discussions","title":"Discussions","text":"

Questions or comments about multiple APs? Join the discussion here.

"},{"location":"net-devices/","title":"Network devices","text":""},{"location":"net-devices/#overview","title":"Overview","text":"

Experimental \u00b7 Insiders only

Insiders are able to manage a variety of physical network devices as a source of data connectivity for RaspAP. Broadly, this includes devices such as tethered phones, USB modems/routers, WLAN adapters and so on. This expands the practicality of RaspAP as a truly mobile AP for travel and/or field applications.

"},{"location":"net-devices/#supported-device-types","title":"Supported device types","text":"

The following network devices are supported:

  • Ethernet interface (eth)
  • Wireless adapter (wlan)
  • Mobile data modem (ppp)
  • Mobile data adapter with built-in router
  • USB connected smartphone (USB tethering)

All devices require a driver in order to be available for use with RaspAP.

"},{"location":"net-devices/#listing-detected-devices","title":"Listing detected devices","text":"

The Networking > Devices tab displays a list of available devices with their attributes and assumed adapter type. The adapter type as well as the device name may be changed. Incorrect device types might appear for some devices, which advertise themselves to the system as an ethernet (e.g. eth0) or usb (e.g. usb0) device. This often happens for USB connected phones and external routers.

"},{"location":"net-devices/#changing-the-device-name","title":"Changing the device name","text":"

Changing the name helps to distinguish different devices. This is especially important if, for example, the Access Point device is connected via USB and the automatically assigned name is changed. This can sometimes occur when devices are connected in varying order.

To modify a device's name, enter a value in the Fixed name field and choose Change.

The only restriction for the device name is that it must only contain lowercase letters and numbers. The maximal length is limited to 20 characters. Devices names are automatically filtered accordingly.

"},{"location":"net-devices/#changing-the-mac-address","title":"Changing the MAC address","text":"

Sometimes you might need to set the MAC address of the WLAN interface to be the same as your PC or some other device on your network. This is known as MAC address cloning.

For example, some ISPs register your computer's MAC address when the service is first installed. When you place a router behind the cable or ADSL modem, the MAC address from the device WLAN port will not be recognized by the ISP.

External networking devices, like a Raspberry Pi, also have their own MAC addresses which can create authentication problems. This often occurs on guest Wi-Fi networks.

You can clone the MAC address of the WLAN interface (or any other valid interface) to be the same as your computer's MAC address. To create this configuration, follow the steps below:

  1. Open the Networking > Devices tab.
  2. Choose a MAC address for the interface you wish to clone.
  3. Enter a valid address in the MAC field and click or tap Change.
  4. The new MAC address will be configured immediately.

Note

Virtual interfaces such as OpenVPN's tun0 or WireGuard's wg0 do not have this capability. To avoid potential conflicts, change the MAC address and reconnect the device before modifying any other settings.

"},{"location":"net-devices/#ethernet-interfaces","title":"Ethernet interfaces","text":"

The built-in ethernet adapter as well as USB adapters are usually detected automatically. In these cases no configuration is required. Devices such as USB tethered phones might appear as an ethernet device as well. The same applies to mobile data adapters that also contain a router.

In these cases, the type may be adjusted in the device list and a name assigned to the device. This will have an effect on the network device widget shown on the dashboard.

"},{"location":"net-devices/#wireless-network-devices","title":"Wireless network devices","text":"

These devices are usually listed with the automatically assigned device name prefix wlan, for example wlan0. If multiple wlan interfaces are used, it can be advantageous to assign a unique name to the device.

Wireless devices will only appear if a supported driver exists in the currently installed OS. If your device does not appear in the list, this usually indicates that a required device driver is missing. The helper script install_wlan_driver_modules.sh available in RaspAP/raspap-tools can be used to search for and install existing driver modules.

"},{"location":"net-devices/#mobile-data-modems","title":"Mobile data modems","text":"

Modems or Point-to-Point Protocol (ppp) devices require login data. This includes a PIN number to unlock the SIM card, the Access Point Name (APN) and login data of your mobile network provider. These values may be entered under the Networking > Mobile Data tab.

Values entered here are stored in the file /etc/wvdial.conf. This configuration file contains the basic configuration needed to unlock the SIM card and connect to the network. This has been tested with a Huawei E1550. If your device requires different AT-commands, you will need to manually change this configuration.

When a connected modem is attached, the connection mode, signal quality and network provider will be displayed on the dashboard.

Note

The names of modems cannot be changed. The reason is that the device name ppp0 is directly coupled with the required system services.

"},{"location":"net-devices/#what-if-my-modem-device-doesnt-appear","title":"What if my modem device doesn't appear?","text":"

In this case your connected modem device is not recognized by the OS, or it has not been switched into modem mode by usb_modeswitch. Check the log file (journalctl) for problems with the device.

"},{"location":"net-devices/#mobile-data-adapters-with-built-in-routers","title":"Mobile data adapters with built-in routers","text":"

Mobile data USB devices which provide router functionality will usually appear as an ethernet device, for example eth1. This implies that the device has to be pre-configured to work without a PIN for the SIM card and without login data. Typically, this can be done via a browser based administration interface on any computer.

"},{"location":"net-devices/#huawei-hilink-device","title":"Huawei Hilink Device","text":"

A special case are Huawei Hilink devices (e.g. Huawei E3372h-320). RaspAP can communicate directly with these devices. Be sure that the administration interface is not locked with a user/password. The PIN number entered on the Networking > Mobile Data tab will be used to unlock the SIM card. In addition, connection information (mode, signal quality and network provider) are extracted from the device and displayed on the dashboard. The dashboard button to stop/start the device is active and will disconnect/connect the mobile network.

The model E3372h-320 will be detected as a Hilink device and appears with the name hilink0. Other Hilink devices require a corresponding assignment on the Networking > Devices tab.

"},{"location":"net-devices/#usb-tethered-phones","title":"USB tethered phones","text":"

A phone connected via USB and with USB tethering enabled will appear as either an ethernet device (e.g. eth1), or as a USB network device (e.g. usb0). Changing the device type to phone will result in a corresponding display on the dashboard. In this case the default name is phone0.

"},{"location":"net-devices/#configuration-files","title":"Configuration files","text":"
  • All device specific settings are stored as UDEV rules in the file /etc/udev/rules.d/80-raspap-net-devices.rules.
  • The templates for the UDEV rules are stored in /etc/raspap/networking/client_udev_prototypes.json. This file contains the list of recognized device types.
  • Mobile data settings are stored in: /etc/raspap/networking/mobiledata.ini
  • Modem AT-commands and login data are stored in: /etc/wvdial.conf
"},{"location":"net-devices/#diagnostics","title":"Diagnostics","text":"

A built-in tool to evaluate network performance is available on the Networking > Diagnostics tab. This permits testing of both local network throughput (that is, data transfer over a wired or wireless interface between RaspAP and a connected client) and internet speed (data transfer between a RaspAP instance and remote host). Ping, jitter download and upload metrics are included in the test.

The remote host is RaspAP's public speedtest server located in the United States. Additional speedtest hosts distributed in other geographic centers are forthcoming.

"},{"location":"net-devices/#discussions","title":"Discussions","text":"

Questions or comments about network devices support? Join the discussion here.

"},{"location":"openvpn/","title":"OpenVPN","text":""},{"location":"openvpn/#overview","title":"Overview","text":"

OpenVPN may be optionally installed by the Quick Installer. Once this is done, you can create a client configuration and manage the openvpn-client service with RaspAP.

"},{"location":"openvpn/#enabling-openvpn","title":"Enabling OpenVPN","text":"

To configure an OpenVPN client, upload a valid .ovpn file from your provider and, optionally, specify your login credentials. For clarity, these steps are described below:

  1. Enter your credentials, if needed, into the Username and Password fields.
  2. Browse to your provider's .ovpn file and choose Save settings.
  3. Confirm that the OpenVPN client.conf uploaded successfully.
  4. Choose Start OpenVPN.

The video walkthrough below illustrates the steps of configuring an OpenVPN client from start to finish.

Your browser does not support the video tag."},{"location":"openvpn/#tunneling-traffic","title":"Tunneling traffic","text":"

RaspAP will store your client configuration and add firewall rules to forward traffic from OpenVPN\u2019s tun0 interface to your configured wireless interface. In the example below, the default AP interface wlan0 is used: 

iptables -A POSTROUTING -o tun0 -j MASQUERADE\niptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT\niptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT\n
"},{"location":"openvpn/#public-ip-address","title":"Public IP address","text":"

After a page reload, your new public IPv4 address will be indicated. Click or tap the icon to open a new window with details about your public IP.

"},{"location":"openvpn/#multiple-client-configs","title":"Multiple client configs","text":"

RaspAP lets you manage multiple OpenVPN client configurations. This includes the ability to upload, activate and delete any number of valid .ovpn files and associated login credentials. Thereafter, switching between them is done by simply activating the desired profile. Traffic is automatically routed to clients connected on the AP interface.

Activating a profile will restart the openvpn-client service automatically. Additionally, openvpn-service activity may be tracked in the Logging tab.

"},{"location":"openvpn/#certificate-authentication","title":"Certificate authentication","text":"

Alternatively, you may also authenticate with a signing certification authority (CA) certificate. This is an alternative to the default username and password authentication, and is often used with a private or self-hosted OpenVPN server.

To use this method, upload an OpenVPN configuration file (.ovpn) with the certificate authority (CA) certficate, client certificate and client private key enclosed in tags as described above.

"},{"location":"openvpn/#mitigating-dns-leaks","title":"Mitigating DNS leaks","text":"

Remote hosts use a variety of methods to defeat VPNs, some more aggressively than others. Many VPN providers will advise you to configure custom DNS servers to mitigate DNS leaks, which you can do from RaspAP's DHCP > Advanced tab. You can also test for this with https://dnsleaktest.com/.

Other providers have specific VPN nodes to use with popular streaming services. It's recommended to check with your provider and follow their suggestions.

When an OpenVPN client is configured, RaspAP adds NAT rules with iptables to forward all packets from the AP interface to tun0. If you suspect network traffic is not being routed through tun0 (or any other interface) for some reason, you can monitor this directly from your RPi with iftop:

sudo apt install iftop\nsudo iftop -i [interface]\n
"},{"location":"openvpn/#browser-considerations","title":"Browser considerations","text":"

The Mozilla Foundation recently added a DNS over HTTPS (DoH) proprietary service to its Firefox browser. As of this writing, this \"feature\" is enabled by default for users in the United States. A consequence of DoH is that DNS requests will be resolved by Mozilla's DNS servers, instead of your VPN provider's. Instructions for disabling this DoH may be found here.

"},{"location":"openvpn/#troubleshooting","title":"Troubleshooting","text":"

See the FAQ section for OpenVPN.

"},{"location":"openvpn/#discussions","title":"Discussions","text":"

Questions or comments about using OpenVPN? Join the discussion here.

"},{"location":"providers/","title":"VPN Providers","text":""},{"location":"providers/#overview","title":"Overview","text":"

Experimental

Several popular VPN providers include a Linux Command Line Interface (CLI) for interacting with their services. As a new beta feature, you may optionally control these VPN services from within RaspAP. In this way, after your preferred CLI is installed on your system you may administer it thereafter by using RaspAP's UI.

"},{"location":"providers/#installation","title":"Installation","text":"

To configure VPN provider support, respond by pressing Enter to accept the default Y option when prompted by the Quick installer:

RaspAP Install: Configure VPN provider support (Beta)\nEnable VPN provider client configuration? [Y/n]:\n

Next, select an available VPN provider from the list. For the initial beta, we've identified three of the most popular VPN services that have Debian compatible Linux CLIs. Enter a number corresponding to your desired VPN provider followed by the Enter key.

Select an option from the list:\n  1) ExpressVPN\n  2) Mullvad VPN\n  3) NordVPN\n  0) None\nChoose an option: 3\nConfiguring support for NordVPN\nAdding /usr/bin/nordvpn to raspap.sudoers\nEnabling administration option for NordVPN\nAdding VPN provider to /etc/raspap/provider.ini\n[ \u2713 ok ]\n

The installer will configure RaspAP to administer the corresponding Linux CLI. Choosing 0 (None) followed by Enter will exit the VPN provider option and continue with the installer.

"},{"location":"providers/#provider-clis","title":"Provider CLIs","text":"

RaspAP provides a visual interface to interact with your chosen VPN provider's CLI. To facilitate this, you must first install and configure the CLI on your system. Specific steps will depend on your VPN provider; consult the online documentation for your chosen VPN service.

Note

The RaspAP project has no affiliation whatsoever with the supported VPN providers. Each provider was selected solely based on availability of their Debian compatible CLIs.

NordVPN is demonstrated in the following example. Begin by executing the install script: 

sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)\n

After the installer completes, verify the CLI by checking its version:

nordvpn --version\nNordVPN Version 3.16.6\n

Next, activate your account. The --callback and --token methods are useful for headless setups. The latter is shown below:

nordvpn login --token [myToken]\nWelcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.\n

Before establishing a VPN connection with the CLI, add a rule to whitelist port 22. This will prevent the VPN from disrupting access to the shell via SSH: 

nordvpn whitelist add port 22\nPort 22 (UDP|TCP) is allowlisted successfully.\n

Now, execute the following to connect to a recommended VPN server: 

nordvpn connect\nConnecting to France #817 (fr817.nordvpn.com)\nYou are connected to France #817 (fr817.nordvpn.com)!\n

With these setps completed, you are now ready to begin administering your VPN provider with RaspAP.

"},{"location":"providers/#administer-your-provider","title":"Administer your provider","text":"

Continuing from the above example, access your VPN provider's UI page from RaspAP. From the Settings page, you can view your account status, connect to a recommended VPN server or choose a specific country from the select list.

Below, RaspAP displays the CLI output when a country is selected from the list followed by Save settings:

On the Status tab, information about your installed provider CLI and current connection status are displyed:

You may perform the same operations with any of the supported VPN providers.

Tip

Many VPN providers have firewalls enabled by default that can disrupt access to your system via SSH. For this reason, it's recommended to perform these basic CLI functions from your terminal before using them with RaspAP. If your SSH session is disrupted, a reboot will usually restore the connection. Consult your VPN provider's documentation for more advice.

If a configured provider's CLI is not found, RaspAP will detect this and give you a helpful pointer to the CLI's installation instructions:

Likewise, if the CLI binary exists but RaspAP is unable to execute it, a diagnostic message will be displayed.

"},{"location":"providers/#control-scope","title":"Control scope","text":"

Each VPN provider's CLI offers different command sets to control various aspects of their service. For this beta release, RaspAP may be used to administer basic functions including connect, disconnect, status, account information and country (or city) selection for the remote VPN server. 

nordvpn settings\nTechnology: NORDLYNX\nFirewall: disabled\nFirewall Mark: 0xe1f1\nRouting: enabled\nAnalytics: enabled\nKill Switch: disabled\nThreat Protection Lite: disabled\nNotify: disabled\nAuto-connect: disabled\nIPv6: disabled\nMeshnet: disabled\nDNS: disabled\nLAN Discovery: disabled\nAllowlisted ports:\n       22 (UDP|TCP)\n

More advanced CLI settings such as whitelists, kill switches, firewalls, protocols and so on (shown above) should be administered with your CLI directly.

"},{"location":"providers/#public-ip","title":"Public IP","text":"

After a VPN connection is established, your public IPv4 address will be displayed next to a globe icon below your provider name on the Settings tab. Click or tap on the external link icon to see details about your IP location.

"},{"location":"providers/#ap-clients","title":"AP clients","text":"

If your device is connected to the internet via Ethernet (eth0), clients connected on the AP interface (wlan0 for example) will have their traffic automatically routed through the VPN connection.

"},{"location":"providers/#troubleshooting","title":"Troubleshooting","text":"

RaspAP uses each CLI to fetch the most detailed available connection information and display this on the Status tab. The level of detail varies from one provider to the next. If you suspect a problem with your VPN service, it's recommended to check this output and use it for troubleshooting purposes with your VPN provider.

"},{"location":"providers/#whitelisting-services","title":"Whitelisting services","text":"

Additionally, you might want to consider whitelisting other ports that are commonly used for essential network services. For instance, with NordVPN's CLI you may whitelist TCP port 53 and UDP port 67 with the following commands:

nordvpn whitelist add port 53\nnordvpn whitelist add port 67\n

This will allow devices connecting to your AP to obtain an IP address. Refer to your provider's CLI documentation for more information.

"},{"location":"providers/#discussions","title":"Discussions","text":"

Questions or comments about using VPN providers? Join the discussion here.

"},{"location":"quick/","title":"Quick installer","text":""},{"location":"quick/#overview","title":"Overview","text":"

The Quick installer has been designed to assist users with creating an instance of RaspAP both quickly and with a great deal of flexibility. The install loader will respond to several command line arguments, or switches, to customize your installation in a variety of ways, or install one of RaspAP's optional helper tools.

"},{"location":"quick/#alternatives","title":"Alternatives","text":"

The installer gives you the greatest level of flexibility for creating an instance of RaspAP. However, if your goal is to use RaspAP as a component of a larger project, or wish to isolate its dependencies from existing software on your system, consider deploying RaspAP in a Docker container instead.

"},{"location":"quick/#usage","title":"Usage","text":"

The Quick installer has several options for configuring a RaspAP installation. You can get usage notes from your command shell by requesting the installer like so:

curl -sL https://install.raspap.com | bash -s -- --help\n

Appending -s -- [option] to the Quick Install directive will activate one or more options. Several options may be chained together to customize an installation. Examples are given below.

"},{"location":"quick/#examples","title":"Examples","text":"

The installer may be invoked locally or remotely via curl. Examples with both cases and various options are given below.

Invoke installer remotely, run non-interactively with option flags: 

curl -sL https://install.raspap.com | bash -s -- --yes --wireguard 1 --adblock 0\n

Invoke remotely, uprgrade an existing install to the Insiders Edition. The --name and --token arguments are optional; if they are not specified the user will be prompted to authenticate with GitHub: 

curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders --name <name> --token <token>\n

Invoke remotely, perform an unattended update to the latest release version: 

curl -sL https://install.raspap.com | bash -s -- --yes --update --path /var/www/html\n

Run locally specifying a GitHub repo and branch: 

raspbian.sh --repo foo/bar --branch my/branch\n

Run locally requesting release info: 

raspbian.sh --version\n

"},{"location":"quick/#switches","title":"Switches","text":""},{"location":"quick/#-y-yes-assume-yes","title":"-y, --yes, --assume-yes","text":"

This option enables unattended installations, such that the installer assumes \"yes\" as an answer to all user prompts. This behavior is identical to how the same option with the apt-get package handler works.

"},{"location":"quick/#-c-cert-certificate","title":"-c, --cert, --certificate","text":"

This option installs an SSL certificate with mkcert and configures lighttpd for HTTPS support. It does not (re)install RaspAP. Details are provided here.

"},{"location":"quick/#-o-openvpn-flag","title":"-o, --openvpn <flag>","text":"

Used with the -y, --yes option above, this sets the OpenVPN install option (0 = don't install OpenVPN). Given that OpenVPN support is an optional extra, this enables an unattended setup without installing it.

"},{"location":"quick/#-a-adblock-flag","title":"-a, --adblock <flag>","text":"

Used with the -y, --yes option above, this sets the Ad Blocking install option (0 = don't install Adblock). Given that Adblock support is an optional extra, this enables an unattended setup without installing it.

"},{"location":"quick/#-w-wireguard-flag","title":"-w, --wireguard <flag>","text":"

Used with the -y, --yes option above, this sets the WireGuard install option (0 = don't install WireGuard). Given that WireGuard support is an optional extra, this enables an unattended setup without installing it.

"},{"location":"quick/#-e-provider-value","title":"-e, --provider <value>","text":"

Used with the -y, --yes option above, this sets the VPN provider install option. Valid numeric option values are: 

  1 = ExpressVPN\n  2 = Mullvad VPN\n  3 = NordVPN\n  0 = None\n

"},{"location":"quick/#-r-repo-repository-name","title":"-r, --repo, --repository <name>","text":"

If you have forked this project to your own GitHub repo, this option lets you override the default GitHub repo (RaspAP/raspap-webgui) used to install RaspAP. An alternate repository name is a required parameter.

"},{"location":"quick/#-b-branch-name","title":"-b, --branch <name>","text":"

Similarly, this option overrides the default git branch. This is useful if you have created a feature branch (my-feature) and wish to perform an installation using the Quick Installer. An alternate branch name is a required parameter.

An example combining the -r, --repo and -b, --branch options is given below: 

curl -sL https://install.raspap.com | bash -s -- --repo foo/bar --branch my-feature\n

"},{"location":"quick/#-t-token-accesstoken","title":"-t, --token <accesstoken>","text":"

Specify a GitHub personal access token to authenticate with a private repository. Used together with the -n, --name option (below).

"},{"location":"quick/#-n-name-username","title":"-n, --name <username>","text":"

Specify a GitHub username to access a private repository. An example combining the --token and --name options is given below:

curl -sL https://install.raspap.com | bash -s -- --name billz --token [my-token]\n
"},{"location":"quick/#-u-upgrade","title":"-u, --upgrade","text":"

Upgrades an existing RaspAP installation to the latest release version.

"},{"location":"quick/#-d-update","title":"-d, --update","text":"

Performs a minimal update of an existing installation to the latest release version. This differs from the -u, --upgrade option in several ways. The user is not prompted to install optional RaspAP components, and several steps used for an initial installation are not performed. Existing configuration files remain intact.

"},{"location":"quick/#-p-path-path","title":"-p, --path <path>","text":"

Sets the application path for an existing RaspAP installation.

It may be combined with the -d, --update and -y, --yes options to perform an unattended update. An example is given below:

curl -sL https://install.raspap.com | bash -s -- --update --path /var/www/html --yes\n
"},{"location":"quick/#-i-insiders","title":"-i, --insiders","text":"

Installs from the Insiders Edition (RaspAP/raspap-insiders).

"},{"location":"quick/#-m-minwrite","title":"-m, --minwrite","text":"

Configures a microSD card for minimum write operation.

"},{"location":"quick/#-v-version","title":"-v, --version","text":"

Queries the Github API, outputs the latest RaspAP release version and exits.

"},{"location":"quick/#-n-uninstall","title":"-n, --uninstall","text":"

Loads and executes the uninstaller.

"},{"location":"quick/#-h-help","title":"-h, --help","text":"

Outputs these usage notes and exits.

"},{"location":"quick/#discussions","title":"Discussions","text":"

Questions or comments about using RaspAP's Quick installer? Join the discussions here.

"},{"location":"repeater/","title":"WiFi repeater","text":""},{"location":"repeater/#overview","title":"Overview","text":"

A popular use case for RaspAP is to connect to your wireless network and rebroadcast an existing wireless signal. Often known as a wireless repeater, this setup is particularly useful if you are experiencing problems with \"dead spots\" in your WiFi network. This step-by-step walkthrough will assist you in creating this configuration.

"},{"location":"repeater/#how-a-wifi-repeater-works","title":"How a WiFi repeater works","text":"

A WiFi repeater receives an existing WiFi signal, amplifies it and then transmits the boosted signal. With this arrangment you can effectively double the coverage area of your WiFi network \u2014 reaching far corners of your home or office, different floors, or even extend coverage outside to a yard or garage. A repeater effectively contains two wireless routers and a minimum of two antennas. One of these wireless routers picks up the existing WiFi network. It then transfers the signal to the other wireless router, which retransmits the boosted signal.

Note

A wireless repeater will restrict your maximum throughput. This is because WiFi is a half-duplex system, meaning only one device may transmit data at any given time. The repeater must accept incoming and outgoing packets from clients and forward those packets on to the next WiFi router and accept replies. In practice, you can expect half the bandwidth as a non-boosted signal, as each packet must go over the air twice.

We will create this setup with a WiFi-capable Raspberry Pi (or similar device) and an external USB wireless adapter, or dongle.

"},{"location":"repeater/#steps-to-create-a-repeater","title":"Steps to create a repeater","text":"

Refer to the diagram above as we walk through the steps of creating this configuration.

"},{"location":"repeater/#connect-a-usb-wifi-dongle","title":"Connect a USB WiFi dongle","text":"

Begin by connecting an external wireless adapter to a USB port on your device. Your choice of adapter is important \u2014 external WiFi adapters (ie, \"dongles\") vary greatly in terms of hardware capabilities and driver support. Many do not have support for AP mode, require a powered USB hub, manual driver and/or firmware installation or are otherwise not well suited for this application.

To determine if your USB WiFi adapter is capable of hosting an AP, execute the following:

$ iw list\n...\n    Supported interface modes:\n         * IBSS\n         * managed\n         * AP\n         * P2P-client\n         * P2P-GO\n         * P2P-device\n

If \"AP\" does not appear in the list above, save yourself some time and find another adapter.

You should also pair an adapter with the wireless mode you intend to operate from your device's onboard wireless chipset. For example, if you wish to use a Raspberry Pi 4's 802.11ac 5 GHz wireless mode, make sure your adpater also supports this mode.

We strongly recommend this resource which lists USB WiFi adapters with in-kernel Linux drivers. These will work out of the box on Debian-based devices without installing third-party drivers. You may also wish to skip directly to this short list of \"superstar\" USB WiFi adapters for Linux. Pay special attention to those that are excellent choices for 5 GHz AP mode, if this is desired.

"},{"location":"repeater/#create-the-access-point","title":"Create the access point","text":"

After installing RaspAP your device will broadcast an 802.11g 2.4 GHz access point with the SSID raspap-webgui. By default, this uses your device's onboard wireless adapter and the wlan0 interface. Your AP configuration may be changed at any time, however it's recommended to change the default password at minimum before proceeding. You may also wish to change the SSID and wireless mode.

Note

The 802.11ac 5 GHz option is disabled until you configure your device's wireless regulatory domain. See this FAQ for more information.

"},{"location":"repeater/#connect-device-to-wifi","title":"Connect device to WiFi","text":"

With your USB dongle connected and AP active, use RaspAP's WiFi client interface to select and authenticate with your existing wireless router.

Alternatively, if you've used software such as the Raspberry Pi imager to install an OS on your microSD card, you may choose the \"Configure wireless LAN\" option before booting your device for the first time. This will configure your wpa_supplicant.conf and your device should already be connected to your WLAN. In this case, you may skip this step.

"},{"location":"repeater/#configure-routing","title":"Configure routing","text":"

Your current network configuration will display two default routes. This may be confirmed by checking the Routing table output on RaspAP's Networking interface. In the example below, wlan0 is the AP interface and has a default route (identified by the default label) and a metric value of 303:

Note that our USB adapter is on the wlan1 interface and has a higher metric value of 304. It also has a default route. Until we configure these metrics, our WiFi repeater does not know how to route packets from wlan1 (the client interface) to wlan0 (the AP interface) and vice versa. Clients connected to the AP will not have internet connectivity. Fortunately, this is easily fixed.

Metrics and default routes are used by dhcpcd, the DHCP daemon. Contrary to popular belief, RaspAP does not manipulate the IP routing table or set interface priorities without user input. The Linux kernel sets default metric values when the interface is brought up and will usually choose the network routes it decides is best. The DHCP daemon uses these metrics to prioritize interfaces, where lower values are given a higher priority.

To configure routing for our repeater, select wlan0 (the AP interface, in this example) from the DHCP Server settings interface. Be sure that the \"Install a default route for this interface\" option is disabled.

Scroll to the bottom and set a metric value of 305 for this interface, then choose Save settings:

This instructs the DHCP daemon to treat the wlan0 interface with a lower priority than the wlan1 interface. There's nothing magic about the value \"305\" in this example \u2014 the important thing is that the AP interface has a higher value, and thus a lower priorty, than the wlan1 interface.

For your changes to take effect, choose Restart hotspot from the Hotspot interface.

Behind the scenes, RaspAP has configured the wlan0 interface in /etc/dhcpcd.conf like so:

# RaspAP wlan0 configuration\ninterface wlan0\nstatic ip_address=10.3.141.1/24\nstatic routers=10.3.141.1\nmetric 305\nnogateway\n

This is reflected in the updated routing table, visible on the Networking interface. In the example below, the wlan0 interface hosting the AP no longer has a default route and shows a higher metric value (lower priority) than the wlan1 interface:

If you don't see these changes in the routing table, be sure to restart the hotspot.

"},{"location":"repeater/#alternate-routing-method","title":"Alternate routing method","text":"

Experimental \u00b7 Insiders only

As a convenience, Insiders are able to configure routing automatically by enabling the WiFi repeater mode toggle on the Hotspot > Advanced tab.

Save settings and choose Start hotspot or Restart hotspot to activate the wireless repeater. As with AP-STA mode this option is disabled or \"greyed out\" until a wireless client is configured.

"},{"location":"repeater/#connecting-clients","title":"Connecting clients","text":"

At this stage, you may connect clients to the AP as you would normally. Two different methods are described here.

"},{"location":"repeater/#switching-interfaces","title":"Switching interfaces","text":"

If you would like to switch the wlan interfaces, select a different interface for the AP on the Hotspot > Basic tab, then choose Save settings. Reverse the DHCP settings in the previous step, then restart the AP or reboot your device. In order to still be able to access the web UI, connect your device via an ethernet cable.

"},{"location":"repeater/#troubleshooting","title":"Troubleshooting","text":"

If your clients do not have internet connectivity, start by following these troubleshooting steps. In most cases, problems may be diagosed and fixed by checking the service logs and RaspAP's Networking interface. Help is available from the sources mentioned here.

"},{"location":"repeater/#speed-testing","title":"Speed testing","text":"

RaspAP hosts a fast, open source and privacy-focused public speed test server that you can use to evaluate your WiFi repeater's performance. The remote host is RaspAP's public speedtest server located in the United States. Additional speedtest hosts distributed in other geographic centers are forthcoming.

"},{"location":"repeater/#discussions","title":"Discussions","text":"

Questions or comments about configuring a WiFi repeater? Join the discussion here.

"},{"location":"speedtest/","title":"Speed testing","text":""},{"location":"speedtest/#overview","title":"Overview","text":"

An internet speed test measures the connection speed and quality of your connected device to a remote host. Many speed test services perform multiple consecutive tests that evaluate different aspects of your internet connection, including ping (latency), download and upload speed. A fourth metric, known as jitter, measures variation in the latency of a flow of packets between two systems. Jitter is said to occur when some packets take longer to travel from one system to the other. The most common causes of jitter are network congestion, timing drift and changes in packet routing.

"},{"location":"speedtest/#troubleshooting","title":"Troubleshooting","text":"

Speed tests can be useful in diagnosing many issues, such as a fault with a service provider or a misconfigured device on your network. The speed of your connection may also vary due to factors such as the time of day. This is especially true of places such as educational or work environments where many users may be sharing the same internet connection. Known as a contention ratio, this refers to how many other users are contending for their share of available bandwidth. The higher the contention the more likely you are to experience a slow connection at peak times.

Periodic speed tests can help you identify the best time of day to perform your tasks. They are also useful for sharing diagnostic results with an ISP or network engineer.

"},{"location":"speedtest/#raspaps-speedtest-server","title":"RaspAP's speedtest server","text":"RaspAP Speedtest - https://speedtest.raspap.com/

RaspAP provides a simple, fast and mobile-friendly public speedtest server that evaluates your internet speed using the criteria mentioned above. In addition, it reports your public IP address, ISP and distance from the speedtest server. When the test is complete, you can share the results of your test with a generated image and a link to results.

Importantly, and notably different from other services, RaspAP's Speedtest is completely open source and privacy focused \u2014 meaning we do not share your data with third-parties or attempt to monetize results in any way.

"},{"location":"speedtest/#wifi-speed-test","title":"WiFi speed test","text":"

Experimental \u00b7 Insiders only

A tool to evaluate your local WiFi network's performance is available on the Networking > Diagnostics tab. This permits testing of both local WiFi network throughput (that is, data transferred between the device hosting RaspAP and your wireless clients) and internet speed (data transfer between wireless clients and a remote host). A WiFi speed test is a useful diagnostic tool to determine if connectivity issues are due to your ISP, your wireless connection or an issue with the device hosting your AP.

The WiFi speed test uses a local speedtest instance hosted by your RaspAP installation. The test is performed on a device connected to RaspAP's wireless access point. The remote host is RaspAP's public speedtest server located in the United States. Additional speedtest hosts distributed in other geographic centers are forthcoming.

"},{"location":"speedtest/#discussions","title":"Discussions","text":"

Questions or comments about RaspAP's speed test? Join the discussion here.

"},{"location":"ssl/","title":"SSL certificates","text":""},{"location":"ssl/#overview","title":"Overview","text":"

HTTPS prevents network attackers from observing or injecting page contents. This is desirable for server applications like RaspAP \u2014 or indeed any locally hosted web application. But HTTPS requires TLS certificates, and while deploying public websites is largely a solved issue thanks to the ACME protocol and Let's Encrypt, local web servers still mostly use HTTP because no one can get a universally valid certificate for localhost.

"},{"location":"ssl/#locally-trusted-certificates","title":"Locally trusted certificates","text":"

Managing your own Certificate Authority (CA) is the best solution, but this usually requires an involved manual setup routine. An excellent solution for local websites is mkcert. This is a zero-config tool for making locally-trusted certificates with any name you like. mkcert automatically creates and installs a local CA in the system root store and generates locally-trusted certificates. It also works perfectly well with RaspAP. This allows you to generate a trusted certificate for a hostname (for example, raspap.local) or IP address because it only works for you.

Here's the twist: it doesn't generate self-signed certificates, but certificates signed by your own private CA. This tool does not automatically configure servers or mobile clients to use the certificates, though \u2014 that's up to you. These steps are covered in detail below.

Read more about mkcert here and follow the project on GitHub.

"},{"location":"ssl/#creating-a-certificate","title":"Creating a certificate","text":"

There are two options to go about creating a self-signed certificate with mkcert: 1) manually, or 2) with the Quick installer. Both methods are described below.

"},{"location":"ssl/#manual-steps","title":"Manual steps","text":"

Follow the steps below to generate and install a locally-trusted certificate for RaspAP. The local domain raspap.local is used in the examples below. You may substitute this with the default raspberrypi.local or your own hostname.

Tip

If you've changed your hostname prior to starting this process, be sure to reboot your device for the change to take effect.

Start by installing the pre-built binary for Arch Linux ARM on your Raspberry Pi: 

sudo wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-arm -O /usr/local/bin/mkcert\nsudo chmod +x /usr/local/bin/mkcert\nmkcert -install\n
You should see output like the following: 
Using the local CA at \"/home/pi/.local/share/mkcert\" \u2728\nThe local CA is now installed in the system trust store! \u26a1\ufe0f\n
Generate a certificate for raspap.local: 
cd /home/pi\nmkcert raspap.local \"*.raspap.local\" raspap.local\n
You should see output like the following: 
Using the local CA at \"/home/pi/.local/share/mkcert\" \u2728\n\nCreated a new certificate valid for the following names \ud83d\udcdc\n - \"raspap.local\"\n - \"*.raspap.local\"\n - \"raspap.local\"\n\nReminder: X.509 wildcards only go one level deep, so this won't match a.b.raspap.local \u2139\ufe0f\nThe certificate is at \"./raspap.local+2.pem\" and the key at \"./raspap.local+2-key.pem\" \u2705\n
Next, combine the private key and certificate: 
cat raspap.local+2-key.pem raspap.local+2.pem > raspap.local.pem\n
Create a directory for the combined .pem file in lighttpd: 
sudo mkdir /etc/lighttpd/ssl\n
Set permissions and move the .pem file: 
chmod 400 /home/pi/raspap.local.pem\nsudo mv /home/pi/raspap.local.pem /etc/lighttpd/ssl\n
Edit the lighttpd configuration with sudo nano /etc/lighttpd/lighttpd.conf. Add the following block to enable SSL with your new certificate:

server.modules += (\"mod_openssl\")\n$SERVER[\"socket\"] == \":443\" {\n  ssl.engine = \"enable\"\n  ssl.pemfile = \"/etc/lighttpd/ssl/raspap.local.pem\"\n  ssl.ca-file = \"/home/pi/.local/share/mkcert/rootCA.pem\"\n  server.name = \"raspap.local\"\n  server.document-root = \"/var/www/html\"\n}\n

Optionally, you can redirect all HTTP requests to HTTPS like so: 

$SERVER[\"socket\"] == \":80\" {\n  $HTTP[\"host\"] =~ \"(.*)\" {\n    url.redirect = ( \"^/(.*)\" => \"https://%1/$1\" )\n  }\n}\n
Save your changes and quit out of the editor with Ctrl+X followed by Y and finally Enter.

Restart the lighttpd service: 

sudo systemctl restart lighttpd\n
Verify that lighttpd has restarted without errors: 
sudo systemctl status lighttpd\n
You should see a response like the following: 
\u25cf lighttpd.service - Lighttpd Daemon\n     Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)\n     Active: active (running) since Sun 2023-03-26 10:09:46 CEST; 5 days ago\n   Main PID: 1080 (lighttpd)\n      Tasks: 6 (limit: 779)\n        CPU: 5min 17.332s\n     CGroup: /system.slice/lighttpd.service\n             \u251c\u25001080 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf\n             \u251c\u25001168 /usr/bin/php-cgi\n             \u251c\u25001185 /usr/bin/php-cgi\n             \u251c\u25001186 /usr/bin/php-cgi\n             \u251c\u25001187 /usr/bin/php-cgi\n             \u2514\u25001188 /usr/bin/php-cgi\n\nMar 30 18:23:38 raspap lighttpd[1433]: Syntax OK\nMar 30 18:23:38 raspap systemd[1]: Started Lighttpd Daemon.\n
Now, copy rootCA.pem to your lighttpd web root: 
sudo cp /home/pi/.local/share/mkcert/rootCA.pem /var/www/html\n

Important

Do not share the rootCA-key.pem file.

Finish by following the client configuration steps below.

"},{"location":"ssl/#quick-installer","title":"Quick installer","text":"

The Quick Installer may also be used to generate SSL certs with mkcert. The installer automates the manual steps described above, including configuring lighttpd with SSL support. It's recommended to review these steps to have an idea of what is happening behind the scenes.

Invoke the Quick installer and specify the -c or --cert option, like so:

curl -sL https://install.raspap.com | bash -s -- --cert\n

Note

Executing the Quick installer only installs mkcert and generates an SSL certificate with the input you provide. It does not (re)install RaspAP.

The installer will walk you through the steps of creating a certificate. Complete the installation by following the client configuration steps below.

"},{"location":"ssl/#client-configuration","title":"Client configuration","text":"

Open a browser and enter the following address, substituting the domain name you chose in the steps above: http://raspap.local/rootCA.pem. Download the root certificate to your client and add it to your system keychain. Examples below illustrate this process on macOS:

Be sure to set this certificate to \"Always trust\" to avoid browser warnings.

Finally, enter the address https://raspap.local in your browser. Enjoy an encrypted SSL connection to RaspAP.

"},{"location":"ssl/#mobile-devices","title":"Mobile devices","text":"

For the certificates to be trusted on mobile devices and remote clients, you will have to install the root CA using the method described above. Alternatively, on iOS, you can either use AirDrop or email the CA to yourself. After installing it, be sure to enable full trust.

More advanced topics are covered at mkcert.

"},{"location":"ssl/#discussions","title":"Discussions","text":"

Questions or comments about using SSL certificates? Join the discussion here.

"},{"location":"translations/","title":"Translations","text":""},{"location":"translations/#overview","title":"Overview","text":"

Owing to its utility and low cost, the Raspberry Pi's reach extends to all corners of the globe. As our way of honoring this, we've made an effort to support internationalization (often abbreviated i18n) with RaspAP. Given the response from this issue it became obvious that translations are something that the community both wanted and were willing to contribute to.

"},{"location":"translations/#about-locales","title":"About locales","text":"

On Linux systems, GNU's Gettext provides a standardized way of managing multi-lingual messages. In order for Gettext to work with different languages, you must configure a language package on your RPi corresponding to one of our supported translations.

To list languages currently installed on your system, use locale -a at the shell prompt. On a fresh install of Raspbian, this should return a list like the one below:

$ locale -a\nC\nC.UTF-8\nen_GB.utf8\nPOSIX\n

To generate new locales, run sudo dpkg-reconfigure locales and select any other desired locales. Here is a useful list of ISO 639 language codes. Important: be sure to select UTF-8 as this is the preferred encoding.

For example, on an RPi with many locales installed, locale -a would output something like this:

$ locale -a\nC           # fall-back, ASCII encoding, same as POSIX\nde_DE.utf8      # German language,     Germany,     UTF-8 encoding\nfr_FR.utf8      # French language,     France,      UTF-8 encoding\nit_IT.utf8      # Italian language,    Italy,       UTF-8 encoding\nja_JP.utf8      # Japanese language,   Japan,       UTF-8 encoding\nen_GB.utf8      # English language,    GB,          UTF-8 encoding\nen_US.utf8      # English language,    USA,         UTF-8 encoding\npt_BR.utf8      # Portuguese language, Brazil,      UTF-8 encoding\nPOSIX           # fall-back, ASCII encoding, same as C\n

Once you've configured a locale on your system, RaspAP will read the HTTP_ACCEPT_LANGUAGE string and use this to load your desired language in the UI. Alternatively, you can also select a different language from the Language tab in the System menu.

Important: If you configured a new locale after installing RaspAP, you must restart lighttpd for the changes to take effect:

sudo systemctl restart lighttpd.service\n
"},{"location":"translations/#supported-languages","title":"Supported languages","text":"

The following translations are currently maintained by the project:

Language Locale Deutsch de_DE.UTF-8 Dansk da_DK.UTF-8 Fran\u00e7ais fr_FR.UTF-8 Italiano it_IT.UTF-8 Portugu\u00eas pt_BR.UTF-8 Svenska sv_SE.UTF-8 Nederlands nl_NL.UTF-8 \u6b63\u9ad4\u4e2d\u6587 (Chinese traditional) zh_TW.UTF-8 \u7b80\u4f53\u4e2d\u6587 (Chinese simplified) zh_CN.UTF-8 Indonesian id_ID.UTF-8 \ud55c\uad6d\uc5b4 (Korean) ko_KR.UTF-8 \u65e5\u672c\u8a9e (Japanese) ja_JP.UTF-8 Ti\u1ebfng Vi\u1ec7t vi_VN.UTF-8 \u010ce\u0161tina cs_CZ.UTF-8 \u0420\u0443\u0441\u0441\u043a\u0438\u0439 ru_RU.UTF-8 Polskie pl_PL.UTF-8 Rom\u00e2n\u0103 ro_RO.UTF-8 Espa\u00f1ol es_MX.UTF-8 Finnish fi_FI.UTF-8 T\u00fcrk\u00e7e tr_TR.UTF-8 \u03b5\u03bb\u03bb\u03b7\u03bd\u03b9\u03ba\u03cc el_GR.UTF-8

We are certainly not limited to the above. If you are willing and able to translate RaspAP in your language, you will be credited as the original translator.

"},{"location":"translations/#contributing-to-a-translation","title":"Contributing to a translation","text":"

RaspAP now has a translation project home at Crowdin. This is the place to go for all volunteers who would like to contribute to our ongoing translation efforts.

"},{"location":"translations/#how-to-become-a-translator","title":"How to become a translator","text":"

The process is very straightforward. Start by signing up for a free account at Crowdin. Once you are logged in, head over to our project home.

Here you will find our supported translations, recent activity, discussions and so on. You can get started by simply choosing the language you'd like to contribute to. For more info, see Crowdin's detailed walkthrough of the translation process.

"},{"location":"translations/#discussions","title":"Discussions","text":"

Questions or comments about RaspAP's translations? Join the discussion here.

"},{"location":"wireguard/","title":"WireGuard","text":""},{"location":"wireguard/#overview","title":"Overview","text":"

WireGuard\u00ae is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be considerably more performant than OpenVPN, and is generally regarded as the most secure, easiest to use, and simplest VPN solution for modern Linux distributions.

WireGuard may be optionally installed by the Quick Installer. Once this is done, you can manage both local and remote server settings, create a peer configuration and control the wg-quick service with RaspAP.

"},{"location":"wireguard/#securing-your-wireless-network","title":"Securing your wireless network","text":"

RaspAP gives you two ways to create a secure WireGuard tunnel: 1) by uploading a .conf file from your VPN provider, or 2) by creating a manual configuration. Each method is described and demonstrated with a short video below.

"},{"location":"wireguard/#file-upload","title":"File upload","text":"

This method may be used if you are using a commerical WireGuard VPN provider, a self-hosted or other remote WG server. In these cases, it's assumed you have an existing WireGuard .conf file and wish to upload this to RaspAP.

Note

The term \"server\" is used here as a convenience. WireGuard does not make a distinction between client and server roles. Instead, each node is considered a \"peer\" in a WireGuard network.

To do this, select the Upload file option under Configuration Method, select a valid WireGuard configuration file and choose Save settings. If your .conf file does not contain iptables PostUp or PostDown rules and you wish to route traffic through the active AP interface, select the Apply iptables rules for AP interface option before uploading your configuration file.

Attention

For security reasons, your WireGuard .conf file must have a Linux MIME type of text/plain. Windows ignores MIME types, relying instead on extensions. To avoid errors, be sure your file has a text/plain MIME type embedded in it before uploading.

The complete process of creating a WireGuard configuration with Mullvad and activating it with RaspAP is demonstrated in the video below.

It should be noted that RaspAP has no affiliation whatsoever with Mullvad. In fact, Mullvad does not use affiliates or pay for reviews. Members of RaspAP's Insiders community have requested support for this VPN provider.

"},{"location":"wireguard/#starting-wireguard","title":"Starting WireGuard","text":"

RaspAP will handle uploading your .conf file and, optionally, applying any iptables rules. To enable the tunnel, choose Start WireGuard. The WireGuard protocol is extremely fast, so in most cases your new public IPv4 address will be indicated almost immediately. Click or tap the icon to open a new window with details about your public IP.

"},{"location":"wireguard/#verifying-client-connections","title":"Verifying client connections","text":"

If you have chosen to route traffic from the wg0 interface to the AP interface, you may verify that your clients are secured by the WireGuard VPN. Start by connecting a client to your AP while WireGuard is enabled. Again, using Mullvad as an example, visit their connection check page on your client device. If the tunnel is working correctly, you should see a result like the following:

If any of the above checks fail, enable WireGuard service logging in RaspAP and check the output. You may also consult your VPN provider's support.

"},{"location":"wireguard/#ipv6-considerations","title":"IPv6 considerations","text":"

RaspAP currently handles routing of IPv4 traffic only. For this reason, WireGuard server connections and traffic tunneled on IPv6 are incompatible. The solution is to specify IPv4 in your WireGuard VPN provider's advanced options (Mullvad is shown below):

Alternatively, open your .conf file in a text editor and ensure that the Address and AllowedIPs settings use IPv4 addresses only, like so:

[Interface]\nPrivateKey = \u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\u2591\nAddress = 10.64.171.100/32\nDNS = 193.138.218.74\n\n[Peer]\nPublicKey = /pS3lXg1jTJ7I58GD/s/4GNL2B0U8JNbjbH9Ddh0myw=\nAllowedIPs = 0.0.0.0/0\nEndpoint = 185.254.75.3:51820\n

When this is done, you are ready to upload your configuration to RaspAP.

"},{"location":"wireguard/#manual-configuration","title":"Manual configuration","text":"

Alternatively, RaspAP gives you full control over creating a manual WireGuard configuration. This method is useful if you wish to secure your local wireless network\u2014that is, between your device running RaspAP and the clients connected to it.

WireGuard requires a public and private keypair for each device you wish to have access to the VPN tunnel. RaspAP simplifies this process with a magic button associated with each public key input field. Simply click or tap this button to securely generate a cryptographic keypair for both the server and peer.

Several default values are provided for you as a starting point. These are intended to get a VPN tunnel up and running quickly. They may be modified to suit your needs.

After the keypairs are generated, simply choose Save settings followed by Start WireGuard.

The video walkthrough below illustrates the steps of configuring a WireGuard tunnel from start to finish.

Your browser does not support the video tag.

Due to WireGuard\u2019s design, both computers on either end of the VPN tunnel will need to have each other's public key. This is discussed below.

Note

For security reasons, the local (server) private key is not displayed in the UI. The peer private key is encoded in the QR code and available to download in the client.conf file.

If you wish to regenerate local or peer keypairs (or both), simply tap or click the magic button and choose Save settings. Alternatively, to remove a server or peer configuration entirely, disable the desired toggle and Save settings. This will delete the public/private keypair and the associated configuration.

"},{"location":"wireguard/#peer-configuration","title":"Peer configuration","text":"

RaspAP processes the values in the WireGuard Settings and Peer tabs and creates two configurations for you: wg0.conf and client.conf. The former is used to configure the local (server) side of the VPN tunnel. The latter peer configuration is generated as a QR code on the Peer tab. Clients such as mobile devices may scan the QR code to transfer client.conf and import it into an associated WireGuard client application.

Note

For this experimental release, a single peer configuration may be created. The ability to manage multiple peer configurations is on the project roadmap.

Your peer will need to have WireGuard installed as well. For installing WireGuard on other systems, please see Wireguard's website.

"},{"location":"wireguard/#tunneling-traffic","title":"Tunneling traffic","text":"

RaspAP uses WireGuard's PostUp and PostDown firewall rules to forward traffic from the wg0 interface to your configured wireless interface. In the example below, the default AP interface wlan0 is used: 

iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT\niptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT\niptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE\n

These iptables rules are defined in WireGuard's default settings and may be modified if you wish.

Note

If your VPN server is behind a NAT, you will need to open a UDP port of your choosing (51820 is the default).

"},{"location":"wireguard/#kill-switch","title":"Kill switch","text":"

Experimental \u00b7 Insiders only

In the event that the WireGuard tunnel accidentally goes down, unencrypted traffic may reveal your real IP address. To prevent this from happening, additional PostUp and PreDown rules may be added to the firewall. Simply choose the Enable kill switch option when uploading your WireGuard configuration:

These rules are automatically appended to your configuration.

Note

Some VPN providers give you the option of adding these rules to their Linux configurations. Skip this option as RaspAP needs to add an exclusion rule for your AP interface.

"},{"location":"wireguard/#multiple-configs","title":"Multiple configs","text":"

Experimental \u00b7 Insiders only

RaspAP lets you manage multiple WireGuard configurations. This includes the ability to upload, activate and delete any number of valid wg .conf files. Select the Apply iptables rules for AP interface option when uploading your .conf file to automatically route traffic to connected peers on the AP interface.

Thereafter, switching between your saved configurations is done by simply activating the desired profile. Activating a profile will restart the wg-quick service automatically. Additionally, WireGuard service activity may be tracked on the Logging tab.

"},{"location":"wireguard/#low-overhead","title":"Low overhead","text":"

Due to its low overhead compared with OpenVPN, WireGuard is well-suited for applications where battery longevity is a concern. As described by its developer, WireGuard isn't a chatty protocol. For the most part, it only transmits data when a peer wishes to send packets. When it's not being asked to send packets, it stops sending packets until it is asked again.

As a result, your wireless adapter has a higher likelihood of being able to idle down, which leads to better battery life.

"},{"location":"wireguard/#troubleshooting","title":"Troubleshooting","text":"

See the FAQ section for WireGuard.

"},{"location":"wireguard/#discussions","title":"Discussions","text":"

Questions or comments about using WireGuard? Join the discussion here.

"},{"location":"wlanrouting/","title":"Wireless LAN routing","text":""},{"location":"wlanrouting/#overview","title":"Overview","text":"

Experimental \u00b7 Insiders only

RaspAP is often used to share internet from an Ethernet connection or other network device through a wireless access point (AP), or act as a wireless repeater. However, in certain scenarios, it can be extremely useful to share internet from a wireless LAN (WLAN) with clients connected via an Ethernet or USB-Ethernet connection. Many RaspAP users have requested this functionality, so an easy-to-use solution was developed to fulfill this need.

"},{"location":"wlanrouting/#solution","title":"Solution","text":"

To create this setup, the target interface must be configured with a static IP address and have DHCP enabled. This is similar to how RaspAP's default wireless access point is configured. To simplify this process, RaspAP uses predefined subnets for the eth0 and predictable enx interfaces. The relevant portions of this configuration are shown below:

\"dhcp\": {\n    ...\n    \"eth0\": {\n      \"static ip_address\": [ \"192.168.55.1/24\" ],\n      \"static routers\": [ \"192.168.55.1\" ],\n      \"static domain_name_server\": [ \"1.1.1.1 8.8.8.8\" ],\n      \"subnetmask\": [ \"255.255.255.0\" ]\n    },\n    \"enx\": {\n      \"static ip_address\": [ \"192.168.60.1/24\" ],\n      \"static routers\": [ \"192.168.60.1\" ],\n      \"static domain_name_server\": [ \"1.1.1.1 8.8.8.8\" ],\n      \"subnetmask\": [ \"255.255.255.0\" ]\n    }\n
\"dnsmasq\": {\n    ...\n    \"eth0\": {\n      \"dhcp-range\": [ \"192.168.55.50,192.168.55.150,12h\" ]\n    },\n    \"enx\": {\n      \"dhcp-range\": [ \"192.168.60.50,192.168.60.150,12h\" ]\n    }\n  }\n

These default settings are applied automatically, however you may modify them as you wish from the DHCP Server administration page.

In addition to these settings, Network Address Translation (NAT) rules must be applied to enable packet routing between the desired interfaces. These iptables rules also need to be added when the connection is active, and removed when the connection is deactivated. This is roughly analogous to how WireGuard's PostUp and PostDown rules function.

"},{"location":"wlanrouting/#steps-to-enable-wlan-routing","title":"Steps to enable WLAN routing","text":""},{"location":"wlanrouting/#configure-wireless-client","title":"Configure wireless client","text":"

To create this configuration, begin by configuring your device as a wireless client, or station, with RaspAP's WiFi client page or by preconfiguring your OS for wireless LAN operation. Optionally, connect an external wireless adapter to an available USB port.

"},{"location":"wlanrouting/#check-wireless-connectivity","title":"Check wireless connectivity","text":"

Ensure that you have a stable wireless connection to your router. The Wireless Client widget on RaspAP's dashboard will indicate its status and link quality.

"},{"location":"wlanrouting/#attach-ethernet-or-usb-ethernet-adapter","title":"Attach Ethernet or USB-Ethernet adapter","text":"

Next, attach an Ethernet cable or a USB-Ethernet adapter to an available port, and connect a device you wish to provide internet connectivity to. This could be a laptop, hub or other Ethernet-capable network device. This device will typically be assigned a network interface name by the operating system, such as eth0 or eth1. If your system is configured to use predictable interface names, it may incorporate the interfaces's MAC address (for example, enx78e7d1ea46da).

Verify your attached device by checking the output on RaspAP's Networking > Summary tab.

Tip

Many USB-Ethernet adapters are available at low cost. If you choose this option, buy one from a reputable brand. When in doubt, verify your adapter by testing it with a laptop or other device. Note that a regular USB cable, rather than a USB-Ethernet adapter, is not designed for direct Ethernet communication.

"},{"location":"wlanrouting/#configure-raspaps-settings","title":"Configure RaspAP's settings","text":"

Now, from RaspAP's Networking > WLAN Routing tab, choose your wireless client interface and output interface (typically, eth0 or enx). Select the \"Configure a static IP address and DHCP for output interface\" option toggle, choose Save settings and lastly Start WLAN routing.

A system configured with predictable interface names is shown, above.

Note

If a wireless client connection is not detected on your system, it will be indicated as \"not configured\" in the interface. The Start WLAN routing button will also be disabled until an active wireless client connection is present.

"},{"location":"wlanrouting/#check-ethernet-connectivity","title":"Check ethernet connectivity","text":"

Finally, confirm internet connectivity on your Ethernet-equipped client device. Optionally, you may wish to perform a speed test. If you want to stop wireless LAN routing, simply choose Stop WLAN routing. The iptables NAT rules added by RaspAP will be removed from your system. The associated DHCP and dnsmasq configurations will be removed as well.

Tip

RaspAP's default subnets are added for convenience. If you wish to create a custom configuration for your clients, you may do so from the DHCP Server page. Be sure to Save settings and restart dsnmasq to apply your changes. If your interface is named something other than eth0 or enx you must create your own DHCP configuration.

"},{"location":"wlanrouting/#troubleshooting","title":"Troubleshooting","text":"

If clients do not have internet connectivity, ensure that the attached Ethernet device appears on the Networking > Summary tab. Faulty Ethernet cables and USB-Ethernet adapters are common culprits.

Be sure that you've selected the option to configure a static IP address and DHCP for the output interface on the Networking > WLAN Routing tab. If you've configured your own subnet for this purpose, ensure that the settings are correct on the DHCP server page and that the dnsmasq service was restarted after saving them.

Finally, while wireless LAN routing is active, you may confirm that the iptables NAT rules are active by executing the following:

sudo iptables -t nat -L -v\n

This should output the POSTROUTING, MASQUERADE and FORWARD rules for the interfaces you've selected. If not, confirm that this option is active on the Networking > WLAN Routing tab, then choose Restart WLAN routing.

"},{"location":"wlanrouting/#discussions","title":"Discussions","text":"

Questions or comments about using wireless LAN routing? Join the discussion here.

"}]} \ No newline at end of file diff --git a/sitemap.xml b/sitemap.xml new file mode 100644 index 00000000..0f8724ef --- /dev/null +++ b/sitemap.xml @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/sitemap.xml.gz b/sitemap.xml.gz new file mode 100644 index 00000000..9c7d1006 Binary files /dev/null and b/sitemap.xml.gz differ diff --git a/speedtest/index.html b/speedtest/index.html new file mode 100644 index 00000000..0e5778ea --- /dev/null +++ b/speedtest/index.html @@ -0,0 +1,1266 @@ + + + + + + + + + + + + + + + + + + + + + + + Speed testing - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Speed testing

+

+

Overview

+

An internet speed test measures the connection speed and quality of your connected device to a remote host. Many speed test services perform multiple consecutive tests that evaluate different aspects of your internet connection, including ping (latency), download and upload speed. A fourth metric, known as jitter, measures variation in the latency of a flow of packets between two systems. Jitter is said to occur when some packets take longer to travel from one system to the other. The most common causes of jitter are network congestion, timing drift and changes in packet routing.

+

Troubleshooting

+

Speed tests can be useful in diagnosing many issues, such as a fault with a service provider or a misconfigured device on your network. The speed of your connection may also vary due to factors such as the time of day. This is especially true of places such as educational or work environments where many users may be sharing the same internet connection. Known as a contention ratio, this refers to how many other users are contending for their share of available bandwidth. The higher the contention the more likely you are to experience a slow connection at peak times.

+

Periodic speed tests can help you identify the best time of day to perform your tasks. They are also useful for sharing diagnostic results with an ISP or network engineer.

+

RaspAP's speedtest server

+
+

RaspAP Speedtest +

+
RaspAP Speedtest - https://speedtest.raspap.com/
+
+

RaspAP provides a simple, fast and mobile-friendly public speedtest server that evaluates your internet speed using the criteria mentioned above. In addition, it reports your public IP address, ISP and distance from the speedtest server. When the test is complete, you can share the results of your test with a generated image and a link to results.

+

Importantly, and notably different from other services, RaspAP's Speedtest is completely open source and privacy focused — meaning we do not share your data with third-parties or attempt to monetize results in any way.

+

WiFi speed test

+

Experimental ยท Insiders only

+

A tool to evaluate your local WiFi network's performance is available on the Networking > Diagnostics tab. This permits testing of both local WiFi network throughput (that is, data transferred between the device hosting RaspAP and your wireless clients) and internet speed (data transfer between wireless clients and a remote host). A WiFi speed test is a useful diagnostic tool to determine if connectivity issues are due to your ISP, your wireless connection or an issue with the device hosting your AP.

+ + +

The WiFi speed test uses a local speedtest instance hosted by your RaspAP installation. The test is performed on a device connected to RaspAP's wireless access point. The remote host is RaspAP's public speedtest server located in the United States. Additional speedtest hosts distributed in other geographic centers are forthcoming.

+

Discussions

+

Questions or comments about RaspAP's speed test? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/ssl/index.html b/ssl/index.html new file mode 100644 index 00000000..21c30a77 --- /dev/null +++ b/ssl/index.html @@ -0,0 +1,1432 @@ + + + + + + + + + + + + + + + + + + + + + + + SSL certificates - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

SSL certificates

+

+

Overview

+

HTTPS prevents network attackers from observing or injecting page contents. This is desirable for server applications like RaspAP — or indeed any locally hosted web application. But HTTPS requires TLS certificates, and while deploying public websites is largely a solved issue thanks to the ACME protocol and Let's Encrypt, local web servers still mostly use HTTP because no one can get a universally valid certificate for localhost.

+

Locally trusted certificates

+

Managing your own Certificate Authority (CA) is the best solution, but this usually requires an involved manual setup routine. An excellent solution for local websites is mkcert. This is a zero-config tool for making locally-trusted certificates with any name you like. mkcert automatically creates and installs a local CA in the system root store and generates locally-trusted certificates. It also works perfectly well with RaspAP. This allows you to generate a trusted certificate for a hostname (for example, raspap.local) or IP address because it only works for you.

+

raspap.local

+

Here's the twist: it doesn't generate self-signed certificates, but certificates signed by your own private CA. This tool does not automatically configure servers or mobile clients to use the certificates, though — that's up to you. These steps are covered in detail below.

+

Read more about mkcert here and follow the project on GitHub.

+

Creating a certificate

+

There are two options to go about creating a self-signed certificate with mkcert: 1) manually, or 2) with the Quick installer. Both methods are described below.

+

Manual steps

+

Follow the steps below to generate and install a locally-trusted certificate for RaspAP. The local domain raspap.local is used in the examples below. You may substitute this with the default raspberrypi.local or your own hostname.

+
+

Tip

+

If you've changed your hostname prior to starting this process, be sure to reboot your device for the change to take effect.

+
+

Start by installing the pre-built binary for Arch Linux ARM on your Raspberry Pi: +

sudo wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-arm -O /usr/local/bin/mkcert
+sudo chmod +x /usr/local/bin/mkcert
+mkcert -install
+
+You should see output like the following: +
Using the local CA at "/home/pi/.local/share/mkcert" โœจ
+The local CA is now installed in the system trust store! โšก๏ธ
+
+Generate a certificate for raspap.local: +
cd /home/pi
+mkcert raspap.local "*.raspap.local" raspap.local
+
+You should see output like the following: +
Using the local CA at "/home/pi/.local/share/mkcert" โœจ
+
+Created a new certificate valid for the following names ๐Ÿ“œ
+ - "raspap.local"
+ - "*.raspap.local"
+ - "raspap.local"
+
+Reminder: X.509 wildcards only go one level deep, so this won't match a.b.raspap.local โ„น๏ธ
+The certificate is at "./raspap.local+2.pem" and the key at "./raspap.local+2-key.pem" โœ…
+
+Next, combine the private key and certificate: +
cat raspap.local+2-key.pem raspap.local+2.pem > raspap.local.pem
+
+Create a directory for the combined .pem file in lighttpd: +
sudo mkdir /etc/lighttpd/ssl
+
+Set permissions and move the .pem file: +
chmod 400 /home/pi/raspap.local.pem
+sudo mv /home/pi/raspap.local.pem /etc/lighttpd/ssl
+
+Edit the lighttpd configuration with sudo nano /etc/lighttpd/lighttpd.conf. Add the following block to enable SSL with your new certificate:

+
server.modules += ("mod_openssl")
+$SERVER["socket"] == ":443" {
+  ssl.engine = "enable"
+  ssl.pemfile = "/etc/lighttpd/ssl/raspap.local.pem"
+  ssl.ca-file = "/home/pi/.local/share/mkcert/rootCA.pem"
+  server.name = "raspap.local"
+  server.document-root = "/var/www/html"
+}
+
+

Optionally, you can redirect all HTTP requests to HTTPS like so: +

$SERVER["socket"] == ":80" {
+  $HTTP["host"] =~ "(.*)" {
+    url.redirect = ( "^/(.*)" => "https://%1/$1" )
+  }
+}
+
+Save your changes and quit out of the editor with Ctrl+X followed by Y and finally Enter.

+

Restart the lighttpd service: +

sudo systemctl restart lighttpd
+
+Verify that lighttpd has restarted without errors: +
sudo systemctl status lighttpd
+
+You should see a response like the following: +
โ— lighttpd.service - Lighttpd Daemon
+     Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
+     Active: active (running) since Sun 2023-03-26 10:09:46 CEST; 5 days ago
+   Main PID: 1080 (lighttpd)
+      Tasks: 6 (limit: 779)
+        CPU: 5min 17.332s
+     CGroup: /system.slice/lighttpd.service
+             โ”œโ”€1080 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
+             โ”œโ”€1168 /usr/bin/php-cgi
+             โ”œโ”€1185 /usr/bin/php-cgi
+             โ”œโ”€1186 /usr/bin/php-cgi
+             โ”œโ”€1187 /usr/bin/php-cgi
+             โ””โ”€1188 /usr/bin/php-cgi
+
+Mar 30 18:23:38 raspap lighttpd[1433]: Syntax OK
+Mar 30 18:23:38 raspap systemd[1]: Started Lighttpd Daemon.
+
+Now, copy rootCA.pem to your lighttpd web root: +
sudo cp /home/pi/.local/share/mkcert/rootCA.pem /var/www/html
+

+
+

Important

+

Do not share the rootCA-key.pem file.

+
+

Finish by following the client configuration steps below.

+

Quick installer

+

The Quick Installer may also be used to generate SSL certs with mkcert. The installer automates the manual steps described above, including configuring lighttpd with SSL support. It's recommended to review these steps to have an idea of what is happening behind the scenes.

+

Invoke the Quick installer and specify the -c or --cert option, like so:

+
curl -sL https://install.raspap.com | bash -s -- --cert
+
+
+

Note

+

Executing the Quick installer only installs mkcert and generates an SSL certificate with the input you provide. It does not (re)install RaspAP.

+
+

+

The installer will walk you through the steps of creating a certificate. Complete the installation by following the client configuration steps below.

+

Client configuration

+

Open a browser and enter the following address, substituting the domain name you chose in the steps above: http://raspap.local/rootCA.pem. Download the root certificate to your client and add it to your system keychain. Examples below illustrate this process on macOS:

+

+

Be sure to set this certificate to "Always trust" to avoid browser warnings.

+

+

Finally, enter the address https://raspap.local in your browser. Enjoy an encrypted SSL connection to RaspAP.

+

Mobile devices

+

For the certificates to be trusted on mobile devices and remote clients, you will have to install the root CA using the method described above. Alternatively, on iOS, you can either use AirDrop or email the CA to yourself. After installing it, be sure to enable full trust.

+

More advanced topics are covered at mkcert.

+

Discussions

+

Questions or comments about using SSL certificates? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/stylesheets/extra.css b/stylesheets/extra.css new file mode 100644 index 00000000..1dc5fa80 --- /dev/null +++ b/stylesheets/extra.css @@ -0,0 +1,28 @@ +@keyframes heart { + 0%, 40%, 80%, 100% { + transform: scale(1); + } + 20%, 60% { + transform: scale(1.15); + } +} +.heart { + color: #e91e63; + animation: heart 1000ms infinite; +} +.check { + color: #32cd32; +} +.twitter { + color: #1DA1F2; +} + +:fontawesome-brands-twitter:{: .twitter } +:octicons-heart-fill-24:{: .heart } +:octicons-check-circle-fill-24:{: .check } + +:root > * { + --md-primary-fg-color: #2b8080; + --md-primary-fg-color--light: #2b8080; + --md-primary-fg-color--dark: #90030C; +} diff --git a/translations/index.html b/translations/index.html new file mode 100644 index 00000000..fda32907 --- /dev/null +++ b/translations/index.html @@ -0,0 +1,1408 @@ + + + + + + + + + + + + + + + + + + + + + + + Translations - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Translations

+

Overview

+

Owing to its utility and low cost, the Raspberry Pi's reach extends to all corners of the globe. As our way of honoring this, we've made an effort to support internationalization (often abbreviated i18n) with RaspAP. Given the response from this issue it became obvious that translations are something that the community both wanted and were willing to contribute to.

+

About locales

+

On Linux systems, GNU's Gettext provides a standardized way of managing multi-lingual messages. In order for Gettext to work with different languages, you must configure a language package on your RPi corresponding to one of our supported translations.

+

To list languages currently installed on your system, use locale -a at the shell prompt. On a fresh install of Raspbian, this should return a list like the one below:

+
$ locale -a
+C
+C.UTF-8
+en_GB.utf8
+POSIX
+
+

To generate new locales, run sudo dpkg-reconfigure locales and select any other desired locales. Here is a useful list of ISO 639 language codes. Important: be sure to select UTF-8 as this is the preferred encoding.

+

For example, on an RPi with many locales installed, locale -a would output something like this:

+
$ locale -a
+C           # fall-back, ASCII encoding, same as POSIX
+de_DE.utf8      # German language,     Germany,     UTF-8 encoding
+fr_FR.utf8      # French language,     France,      UTF-8 encoding
+it_IT.utf8      # Italian language,    Italy,       UTF-8 encoding
+ja_JP.utf8      # Japanese language,   Japan,       UTF-8 encoding
+en_GB.utf8      # English language,    GB,          UTF-8 encoding
+en_US.utf8      # English language,    USA,         UTF-8 encoding
+pt_BR.utf8      # Portuguese language, Brazil,      UTF-8 encoding
+POSIX           # fall-back, ASCII encoding, same as C
+
+

Once you've configured a locale on your system, RaspAP will read the HTTP_ACCEPT_LANGUAGE string and use this to load your desired language in the UI. Alternatively, you can also select a different language from the Language tab in the System menu.

+

+

Important: If you configured a new locale after installing RaspAP, you must restart lighttpd for the changes to take effect:

+
sudo systemctl restart lighttpd.service
+
+

Supported languages

+

The following translations are currently maintained by the project:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
LanguageLocale
Deutschde_DE.UTF-8
Danskda_DK.UTF-8
Franรงaisfr_FR.UTF-8
Italianoit_IT.UTF-8
Portuguรชspt_BR.UTF-8
Svenskasv_SE.UTF-8
Nederlandsnl_NL.UTF-8
ๆญฃ้ซ”ไธญๆ–‡ (Chinese traditional)zh_TW.UTF-8
็ฎ€ไฝ“ไธญๆ–‡ (Chinese simplified)zh_CN.UTF-8
Indonesianid_ID.UTF-8
ํ•œ๊ตญ์–ด (Korean)ko_KR.UTF-8
ๆ—ฅๆœฌ่ชž (Japanese)ja_JP.UTF-8
Tiแบฟng Viแป‡tvi_VN.UTF-8
ฤŒeลกtinacs_CZ.UTF-8
ะ ัƒััะบะธะนru_RU.UTF-8
Polskiepl_PL.UTF-8
Romรขnฤƒro_RO.UTF-8
Espaรฑoles_MX.UTF-8
Finnishfi_FI.UTF-8
Tรผrkรงetr_TR.UTF-8
ฮตฮปฮปฮทฮฝฮนฮบฯŒel_GR.UTF-8
+

We are certainly not limited to the above. If you are willing and able to translate RaspAP in your language, you will be credited as the original translator.

+

Contributing to a translation

+

RaspAP now has a translation project home at Crowdin. This is the place to go for all volunteers who would like to contribute to our ongoing translation efforts.

+

How to become a translator

+

The process is very straightforward. Start by signing up for a free account at Crowdin. Once you are logged in, head over to our project home.

+

Crowdin

+

Here you will find our supported translations, recent activity, discussions and so on. You can get started by simply choosing the language you'd like to contribute to. For more info, see Crowdin's detailed walkthrough of the translation process.

+

Discussions

+

Questions or comments about RaspAP's translations? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/wireguard/index.html b/wireguard/index.html new file mode 100644 index 00000000..503871c6 --- /dev/null +++ b/wireguard/index.html @@ -0,0 +1,1557 @@ + + + + + + + + + + + + + + + + + + + + + + + WireGuard - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

WireGuard

+

+

Overview

+

WireGuardยฎ is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be considerably more performant than OpenVPN, +and is generally regarded as the most secure, easiest to use, and simplest VPN solution for modern Linux distributions.

+

WireGuard may be optionally installed by the Quick Installer. Once this is done, you can manage both local and remote server settings, create a peer configuration and control the wg-quick service with RaspAP.

+

Securing your wireless network

+

RaspAP gives you two ways to create a secure WireGuard tunnel: 1) by uploading a .conf file from your VPN provider, or 2) by creating a manual configuration. Each method is described and demonstrated with a short video below.

+

File upload

+

This method may be used if you are using a commerical WireGuard VPN provider, a self-hosted or other remote WG server. In these cases, it's assumed you have an existing WireGuard .conf file and wish +to upload this to RaspAP.

+
+

Note

+

The term "server" is used here as a convenience. WireGuard does not make a distinction between client and server roles. Instead, each node is considered a "peer" in a WireGuard network.

+
+

To do this, select the Upload file option under Configuration Method, select a valid WireGuard configuration file and choose Save settings. If your .conf +file does not contain iptables PostUp or PostDown rules and you wish to route traffic through the active AP interface, select the Apply iptables rules for AP interface option before uploading your +configuration file.

+
+

Attention

+

For security reasons, your WireGuard .conf file must have a Linux MIME type of text/plain. Windows ignores MIME types, relying instead on extensions. To avoid errors, be sure your file has a text/plain MIME type embedded in it before uploading.

+
+

The complete process of creating a WireGuard configuration with Mullvad and activating it with RaspAP is demonstrated in the video below.

+ + +

It should be noted that RaspAP has no affiliation whatsoever with Mullvad. In fact, Mullvad does not use affiliates or pay for reviews. +Members of RaspAP's Insiders community have requested support for this VPN provider.

+

Starting WireGuard

+

RaspAP will handle uploading your .conf file and, optionally, applying any iptables rules. To enable the tunnel, choose Start WireGuard. The WireGuard protocol is extremely fast, so in most cases +your new public IPv4 address will be indicated almost immediately. Click or tap the icon to open a new window with details about your public IP.

+

Verifying client connections

+

If you have chosen to route traffic from the wg0 interface to the AP interface, you may verify that your clients are secured by the WireGuard VPN. Start by connecting a client to your AP while +WireGuard is enabled. Again, using Mullvad as an example, visit their connection check page on your client device. If the tunnel is working correctly, you should see +a result like the following:

+

+

If any of the above checks fail, enable WireGuard service logging in RaspAP and check the output. You may also consult your VPN provider's support.

+

IPv6 considerations

+

RaspAP currently handles routing of IPv4 traffic only. For this reason, WireGuard server connections and traffic tunneled on IPv6 are incompatible. The solution is to specify IPv4 in your +WireGuard VPN provider's advanced options (Mullvad is shown below):

+

+

Alternatively, open your .conf file in a text editor and ensure that the Address and AllowedIPs settings use IPv4 addresses only, like so:

+
[Interface]
+PrivateKey = โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘
+Address = 10.64.171.100/32
+DNS = 193.138.218.74
+
+[Peer]
+PublicKey = /pS3lXg1jTJ7I58GD/s/4GNL2B0U8JNbjbH9Ddh0myw=
+AllowedIPs = 0.0.0.0/0
+Endpoint = 185.254.75.3:51820
+
+

When this is done, you are ready to upload your configuration to RaspAP.

+

Manual configuration

+

Alternatively, RaspAP gives you full control over creating a manual WireGuard configuration. This method is useful if you wish to secure your local wireless network—that is, between your +device running RaspAP and the clients connected to it.

+

WireGuard requires a public and private keypair for each device you wish to have access to the VPN tunnel. RaspAP simplifies this process with a +magic button associated with each public key input field. Simply click or tap this button to securely generate a cryptographic keypair for both the server and peer.

+

Several default values are provided for you as a starting point. These are intended to get a VPN tunnel up and running quickly. They may be modified to suit your needs.

+

After the keypairs are generated, simply choose Save settings followed by Start WireGuard.

+

The video walkthrough below illustrates the steps of configuring a WireGuard tunnel from start to finish.

+ + +

Due to WireGuardโ€™s design, both computers on either end of the VPN tunnel will need to have each other's public key. This is discussed below.

+
+

Note

+

For security reasons, the local (server) private key is not displayed in the UI. The peer private key is encoded in the QR code and available to download in the client.conf file.

+
+

If you wish to regenerate local or peer keypairs (or both), simply tap or click the magic button and choose Save settings. Alternatively, to +remove a server or peer configuration entirely, disable the desired toggle and Save settings. This will delete the public/private keypair and the associated configuration.

+

Peer configuration

+

RaspAP processes the values in the WireGuard Settings and Peer tabs and creates two configurations for you: wg0.conf and client.conf. +The former is used to configure the local (server) side of the VPN tunnel. The latter peer configuration is generated as a QR code on the Peer tab. Clients such as mobile devices +may scan the QR code to transfer client.conf and import it into an associated WireGuard client application.

+
+

Note

+

For this experimental release, a single peer configuration may be created. The ability to manage multiple peer configurations is on the project roadmap.

+
+

Your peer will need to have WireGuard installed as well. For installing WireGuard on other systems, please see Wireguard's website.

+

Tunneling traffic

+

RaspAP uses WireGuard's PostUp and PostDown firewall rules to forward traffic from the wg0 interface to your configured wireless interface. +In the example below, the default AP interface wlan0 is used:

+
iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT
+iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE
+
+

These iptables rules are defined in WireGuard's default settings and may be modified if you wish.

+
+

Note

+

If your VPN server is behind a NAT, you will need to open a UDP port of your choosing (51820 is the default).

+
+

Kill switch

+

Experimental ยท Insiders only

+

In the event that the WireGuard tunnel accidentally goes down, unencrypted traffic may reveal your real IP address. To prevent this from happening, additional PostUp and PreDown rules may be +added to the firewall. Simply choose the Enable kill switch option when uploading your WireGuard configuration:

+

+

These rules are automatically appended to your configuration.

+
+

Note

+

Some VPN providers give you the option of adding these rules to their Linux configurations. Skip this option as RaspAP needs to add an exclusion rule for your AP interface.

+
+

Multiple configs

+

Experimental ยท Insiders only

+

RaspAP lets you manage multiple WireGuard configurations. This includes the ability to upload, activate and delete any number of valid wg .conf files. Select the Apply iptables rules for AP interface option when uploading your .conf file to automatically route traffic to connected peers on the AP interface.

+

+

Thereafter, switching between your saved configurations is done by simply activating the desired profile. Activating a profile will restart the wg-quick service automatically. Additionally, WireGuard service activity may be tracked on the Logging tab.

+

Low overhead

+

Due to its low overhead compared with OpenVPN, WireGuard is well-suited for applications where battery longevity is a concern. As described by its developer, +WireGuard isn't a chatty protocol. For the most part, it only transmits data when a peer wishes to send packets. When it's not being asked to send packets, it stops sending packets until it is asked again.

+

As a result, your wireless adapter has a higher likelihood of being able to idle down, which leads to better battery life.

+

Troubleshooting

+

See the FAQ section for WireGuard.

+

Discussions

+

Questions or comments about using WireGuard? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/wlanrouting/index.html b/wlanrouting/index.html new file mode 100644 index 00000000..327762a5 --- /dev/null +++ b/wlanrouting/index.html @@ -0,0 +1,1398 @@ + + + + + + + + + + + + + + + + + + + + + Wireless LAN routing - RaspAP Documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + +

Wireless LAN routing

+

wlan-routing

+

Overview

+

Experimental ยท Insiders only

+

RaspAP is often used to share internet from an Ethernet connection or other network device through a wireless access point (AP), or act as a wireless repeater. However, in certain scenarios, it can be extremely useful to share internet from a wireless LAN (WLAN) with clients connected via an Ethernet or USB-Ethernet connection. Many RaspAP users have requested this functionality, so an easy-to-use solution was developed to fulfill this need.

+

Solution

+

To create this setup, the target interface must be configured with a static IP address and have DHCP enabled. This is similar to how RaspAP's default wireless access point is configured. To simplify this process, RaspAP uses predefined subnets for the eth0 and predictable enx interfaces. The relevant portions of this configuration are shown below:

+
"dhcp": {
+    ...
+    "eth0": {
+      "static ip_address": [ "192.168.55.1/24" ],
+      "static routers": [ "192.168.55.1" ],
+      "static domain_name_server": [ "1.1.1.1 8.8.8.8" ],
+      "subnetmask": [ "255.255.255.0" ]
+    },
+    "enx": {
+      "static ip_address": [ "192.168.60.1/24" ],
+      "static routers": [ "192.168.60.1" ],
+      "static domain_name_server": [ "1.1.1.1 8.8.8.8" ],
+      "subnetmask": [ "255.255.255.0" ]
+    }
+
+
"dnsmasq": {
+    ...
+    "eth0": {
+      "dhcp-range": [ "192.168.55.50,192.168.55.150,12h" ]
+    },
+    "enx": {
+      "dhcp-range": [ "192.168.60.50,192.168.60.150,12h" ]
+    }
+  }
+
+

These default settings are applied automatically, however you may modify them as you wish from the DHCP Server administration page.

+

In addition to these settings, Network Address Translation (NAT) rules must be applied to enable packet routing between the desired interfaces. These iptables rules also need to be added when the connection is active, and removed when the connection is deactivated. This is roughly analogous to how WireGuard's PostUp and PostDown rules function.

+

Steps to enable WLAN routing

+

wlan-routing-diagram

+

Configure wireless client

+

To create this configuration, begin by configuring your device as a wireless client, or station, with RaspAP's WiFi client page or by preconfiguring your OS for wireless LAN operation. Optionally, connect an external wireless adapter to an available USB port.

+

Check wireless connectivity

+

Ensure that you have a stable wireless connection to your router. The Wireless Client widget on RaspAP's dashboard will indicate its status and link quality. +wifi-client

+

Attach Ethernet or USB-Ethernet adapter

+

Next, attach an Ethernet cable or a USB-Ethernet adapter to an available port, and connect a device you wish to provide internet connectivity to. This could be a laptop, hub or other Ethernet-capable network device. This device will typically be assigned a network interface name by the operating system, such as eth0 or eth1. If your system is configured to use predictable interface names, it may incorporate the interfaces's MAC address (for example, enx78e7d1ea46da).

+

Verify your attached device by checking the output on RaspAP's Networking > Summary tab.

+
+

Tip

+

adapter Many USB-Ethernet adapters are available at low cost. If you choose this option, buy one from a reputable brand. When in doubt, verify your adapter by testing it with a laptop or other device. Note that a regular USB cable, rather than a USB-Ethernet adapter, is not designed for direct Ethernet communication.

+
+

Configure RaspAP's settings

+

Now, from RaspAP's Networking > WLAN Routing tab, choose your wireless client interface and output interface (typically, eth0 or enx). Select the "Configure a static IP address and DHCP for output interface" option toggle, choose Save settings and lastly Start WLAN routing.

+

wlan-routing

+

A system configured with predictable interface names is shown, above.

+
+

Note

+

If a wireless client connection is not detected on your system, it will be indicated as "not configured" in the interface. The Start WLAN routing button will also be disabled until an active wireless client connection is present.

+
+

Check ethernet connectivity

+

Finally, confirm internet connectivity on your Ethernet-equipped client device. Optionally, you may wish to perform a speed test. If you want to stop wireless LAN routing, simply choose Stop WLAN routing. The iptables NAT rules added by RaspAP will be removed from your system. The associated DHCP and dnsmasq configurations will be removed as well.

+
+

Tip

+

RaspAP's default subnets are added for convenience. If you wish to create a custom configuration for your clients, you may do so from the DHCP Server page. Be sure to Save settings and restart dsnmasq to apply your changes. If your interface is named something other than eth0 or enx you must create your own DHCP configuration.

+
+

Troubleshooting

+

If clients do not have internet connectivity, ensure that the attached Ethernet device appears on the Networking > Summary tab. Faulty Ethernet cables and USB-Ethernet adapters are common culprits.

+

Be sure that you've selected the option to configure a static IP address and DHCP for the output interface on the Networking > WLAN Routing tab. If you've configured your own subnet for this purpose, ensure that the settings are correct on the DHCP server page and that the dnsmasq service was restarted after saving them.

+

Finally, while wireless LAN routing is active, you may confirm that the iptables NAT rules are active by executing the following:

+
sudo iptables -t nat -L -v
+
+

This should output the POSTROUTING, MASQUERADE and FORWARD rules for the interfaces you've selected. If not, confirm that this option is active on the Networking > WLAN Routing tab, then choose Restart WLAN routing.

+

Discussions

+

Questions or comments about using wireless LAN routing? Join the discussion here.

+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file

The Foundation supports initiatives like Coder Dojo, Astro Pi, Coolest Projects and much more.