SwimAdmin on Raspberry Pi

SwimAdmin can be installed on a Pi 4B with 2Gbytes of RAM. If you try on any other model, you're on your own. Note, in particular, that you're likely to have problems if you have only 1GB of SDRAM. The size of your SD card is not relevant: the image was created for a 16GB card, but the OS will run on an 8GB card, if you can still find one.

There are two ways to run SwimAdmin on your Pi: the easy way (Option 1), or the not-so-easy way (Option 2).

  1. Option 1: I call this a 'local' installation below, because SwimAdmin runs only on your local (home) network. Your Pi should always be able to 'dial out' from your local network (you do this when you're running a browser, for example), but no-one else can 'dial in' from the wider internet. This means that you can't use the Pi as a mail server, and no-one else from the club can access SwimAdmin on your Pi. This is clearly of fairly limited value, but does at least let you try out most of SwimAdmin.
  2. Option 2: A full installation requires you to set up in such a way that an external computer can connect directly to the Pi on your home network. In other words, the external computer has to be able to look up your IP address, and then connect through your ISP, and then through your router, direct to the Pi. The complication here is persuading your ISP, and your router, to let you do this. This is the standard 'How do I set up a mail server on my Pi' issue.

Option 1: local SwimAdmin installation

(1) Download and flash

Download and flash an image, and power up the Pi.

You'll find flashing instructions in README-RPI, together with any release notes. The image you're downloading is a modified Ubuntu 22.04 Server. This means that it doesn't have a graphical interface; after inserting the flashed SD card, your only access will be on the network, using ssh or a web browser. Note that you must ssh to port 7901, not port 22 (this is covered in the installation document).

(2) Addressing

Before starting, you'll need to find some way to address your Pi on the network. The configuration requires you to have a domain name, so you'll need to make one up (you would have to do this properly, instead of just making it up, in Option 2 below). For the sake of argument, we'll use myswimclub.uk. By default, the image will get a dynamic IP address from your router, so we need some way to 'bind' the current IP address to myswimclub.uk. If you've installed a DNS server (bind, or dnsmasq, for instance) elsewhere on your network then you can skip the rest of this section. If not, the simplest way to carry out the binding is to edit your 'hosts' file. You'll first need to set up your router to give your Pi a fixed IP address, so the full procedure is:

  1. Go to the router's admin page, and find the section that deals with binding a fixed IP address to a given MAC address. Find the Pi in this list, and make sure that the router always gives it the same IP address (let's say, for the sake of argument, 192.168.1.42)
  2. Find the hosts file on the computer you want to access SwimAdmin from. On Linux, this is /etc/hosts; on Windows, this is probably C:\Windows\System32\drivers\etc\hosts. Add this to your hosts file:
      192.168.1.42 swimvps.myswimclub.uk swimvps
      192.168.1.42 myswimclub.uk         myswimclub
    
    You can now browse to your local SwimAdmin installation as http://myswimclub.uk, or simply http://swimvps.
(3) Network test

You should now confirm that you can access the image on the network. You can do this with either ping or ssh:

 $ ping swimvps
 $ ssh -p7901 swimadmin@swimvps

If you use ssh, remember to use port 7901, and to exit when you're done. The default password is 4ptqR56Q.

This confirms that the Pi is alive, and that you have correctly set up your hosts file.

(4) Stage 1 configuration

Now carry out 'Stage 1 site configuration' (see section 7 of the installation document). You can ignore the remarks about not having completed DNS setup. However, you must still use the IP address to carry out the configuration (http://192.168.1.42/configure), rather than your new domain name (if you use the domain name, the software will attempt to carry out Stage 2 configuration). You can leave the 'Name servers' field empty. On completion, you will be asked to download a zone file. If you intend to carry out an Option 2 install at a later time you will need to save the zone file for future use (although you should always be able to find it at http://swimvps/data/zonefile.txt).

(5) Edit your club configuration

You can skip sections 8 and 9. You can't carry out Stage 2 Configuration (section 9) because this requires the Certificate Authority to talk directly to your Pi, which isn't possible unless you're carrying out an Option 2 install. This isn't a problem, but means that you must access the Pi with the http protocol, rather than https.

You now have to configure SwimAdmin for your specific club, from the administration menu. See the last part of Section 9, which gives you instructions on logging in as the admin user.

Option 2: full installation

The main issues here are that you need your ISP to give you a fixed IP address, and to allow traffic to port 25 on that IP address, and that you have to set up your router to pass the relevant traffic through to the Pi. I can't give specific instructions; you'll need to talk to your ISP, and check your router documentation. However, I have included a general checklist below.

The port 25 problem

If you know that your ISP does not block port 25, you can skip this section.

Some background might be helpful before you carry out a connection test. SwimAdmin includes a mail server, which both receives and sends emails. Mail servers have to listen on port 25. This is essentially a deficiency of the DNS system (a mail sender does a DNS lookup to get the the IP address of the destination server, but there's no mechanism to get a specific port number, so 25 is universally used). You could tell your own mail server to listen on a different port, but then no-one would know how to send mails to you, so there's no point. There are limited work-arounds for this issue, but they're not practical in general.

Your ISP scans any network packets which pass through its servers. If it detects an incoming packet (to you) which is labelled with a destination port of 25, then it knows that you are receiving emails. There's no conceivable reason for the ISP to block these packets, but apparently some will.

If, on the other hand, it detects an outgoing packet (from you) which is labelled with a destination port of 25, then it knows that you are sending emails. This is of interest to the ISP, because it means that you might be running a spambot that's sending emails (when you send 'normal' emails, you use a different mechanism to connect to the ISP's own mail server). However, a less charitable (and probably more correct) view is that the ISP doesn't want you to use someone else's mail server, because it can't charge for it. Whatever the reason actually is, your ISP has an interest in not allowing you to do this. Some ISPs will block these packets; I have no idea how common this is.

If port 25 is blocked, you'll have to ask your ISP to open it. It does seem that at least some will if you ask nicely. To find out whether or not port 25 is blocked, you can use telnet.

To check outgoing emails, find a computer on your home network that has telnet installed (SwimAdmin does, if you have already flashed it). Now find a publicly-accessible SMTP server. The most obvious one is the gmail one, at smtp.gmail.com. This listing shows the expected output when you attempt to connect to gmail, if you have a route out on port 25:

$ telnet smtp.gmail.com 25
Trying 142.250.27.109...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 smtp.gmail.com ESMTP

If you see this, you can send emails. Type quit to close the connection. If you can't see this (the output will stop at the 'Trying' line) then you can't send emails, and should contact your ISP. However, you should first try another public SMTP server in case the gmail one is temporarily down.

How do you check incoming emails? In principle, you can use exactly the same procedure: find an external computer with telnet installed (not one on your local network), and attempt to connect to port 25 on your Pi. However, you can only do this after you have set up your router to allow traffic through to the Pi, so this isn't a great test.

Connection checklist

This is simply a list of various things you will need to think about to make your Pi accessible from the outside world. If you can manage to get through this checklist, and you have an always-on internet connection with a reasonable bandwidth, and you can ensure that the Pi is also always on, then you have created your own (albeit very primitive) data centre, and your don't need a VPS. Needless to say, this is not recommended practice.

  1. You'll be running a public-facing server on your private home network, which isn't really a great idea. If you can, put the Pi in your router's DMZ zone. This protects your home network. SwimAdmin is fully firewalled, so can directly face the internet from the DMZ.
  2. You will (probably) need a fixed IP address, and not the variable one assigned by your ISP (which changes frequently - possibly every day, or every couple of weeks). Some ISPs won't give you a fixed IP address. If they do, they'll charge for it; you'll have to ask them. If you can't get, or can't afford, a fixed IP address, it may actually be possible to get things running using your variable address, and a dynamic DNS service such as DynDNS. I have no idea how realistic this is; I've never had a need to try it.
  3. SwimAdmin requires ports 80 and 443 (for http and https) and 25 (for the mail server). You'll need to make sure that your router passes accesses to these ports through to the Pi without blocking them. Your ISP may, or may not, block port 25. See above.
  4. Ports 587 and 993 are required for the mail server. If you intend to access your emails from the outside world then you must open these ports on the router.
  5. Port 7901 is required for ssh. If you intend to ssh to the Pi from the outside world then you must open this port on the router.