Table of Contents

Raspberry Pi

From this thread on SD cards, the comment from by carlosfm on Mon Aug 27, 2012 9:46 pm suggests that the 16GB Sandisk Extreme Class 10 45MB/s working fine on my Pi might be a good card to use.

Also, highly recommended: Samsung 32GB Class 10 Model Code: MB-SSBGA/US

Partway down the page, it says there's a debian package to download:

$ wget https://dl.dropbox.com/u/15710882/iozone3_397-2_armhf.deb
$ sudo dpkg -i iozone3_397-2_armhf.deb
$ iozone -e -I -a -s 50M -r 4k -r 512k -r 16M -i 0 -i 1 -i 2 | tee iozone_out.txt
I was reading the manual for iozone and it said to make sure, for accurate results, to make the -s switch size be TWICE your ram size. My Pi has 512mb so figured minus the 16mb gpu share I'd make it 1000M (for 1gb test file)

Still, there's more to learn. Something about:

just apt-get install bonnie++ 

Debian OS Installation Essentials

(Source)

passwd
sudo dpkg-reconfigure tzdata
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install vim
sudo apt-get install screen
sudo apt-get install ca-certificates
sudo apt-get install git-core
sudo wget http://goo.gl/1BOfJ -O /usr/bin/rpi-update && sudo chmod +x /usr/bin/rpi-update
sudo rpi-update
sudo shutdown -r now

To be able to listen to audio via the headphone jack. See here, and do this:

sudo apt-get install alsa-utils; sudo modprobe snd_bcm2835; sudo amixer cset numid=3 1

Playing m3u playlists:

mpg123 -@ http://streams.br-online.de/bayern3_2.m3u

Text-based browsing: Either lynx or links

sudo apt-get install lynx
sudo apt-get install links

Maybe sudo vim /etc/lynx-cur/lynx.cfg and change “#ACCEPT_ALL_COOKIES:FALSE” to “ACCEPT_ALL_COOKIES:TRUE”

Logs

Consider installing log2ram to extend the life of your SDCard by writing logs to RAM first.

When there are problems, check for logs in /var/log/syslog or /var/log/messages.

I think we need to update /etc/systemd/system/log2ram.service to make log2ram come after nginx, like so…

log2ram.service
[Unit]
Description=Log2Ram
DefaultDependencies=no
Before=basic.target rsyslog.service syslog.target systemd-journald.service sysinit.target shutdown.target apache2.service nginx.service
After=local-fs.target
Conflicts=shutdown.target reboot.target halt.target
RequiresMountsFor=/var/log /var/hdd.log
IgnoreOnIsolate=yes
 
[Service]
Type=oneshot
ExecStart= /usr/local/bin/log2ram start
ExecStop= /usr/local/bin/log2ram stop
ExecReload= /usr/local/bin/log2ram write
RemainAfterExit=yes
 
[Install]
WantedBy=sysinit.target

Otherwise, it turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following…

todo_after_powercycle.sh
#!/usr/bin/env bash
 
# The tool we use to save flash affects the startup of nginx
if [ ! -d "/var/log/nginx" ]; then
  sudo mkdir /var/log/nginx
fi
 
# if service --status-all | grep -Fq '[ - ]  nginx'; then
if ! service nginx status | grep -Fq 'active (running)'; then
  sudo /etc/init.d/nginx start > /dev/null
  # systemctl start nginx
fi

Keyboard Repeat Problem

They claim it's often a power problem.

Forum user MrEngman reported some keyboard repeats and wireless hangs until upgrading to the debian6-19-04-2012 kernel, which he reports stable with no problems even with a low TP1-TP2 voltage of 4.65 - 4.68 volts.

To see which version you have:

$ cat /proc/version

Try plugging the keyboard and mouse directly into the Raspberry Pi, and see what happens.

Camera

A list of tested webcams.
Here's a Python script for saving jpg images.
Here's a tutorial that suggests using motion.

Video Tutorials:

Headless Xwin

How to run X Windows on the Raspberry Pi and use the PC as your X Terminal.

Apache vs Cherokee vs Nginx Webserver

http://www.wikihow.com/Make-a-Raspberry-Pi-Web-Server

Looks like I should use Nginx.

How to Install nginx and PHP. And should I need to do something that'd require .htaccess or mod_rewrite, here's a Nginx Primer from Apache to Nginx.

It'd be interesting to see Pelican work on a Raspberry Pi running Nginx.

Note: See history-of-nginx-start.txt, and note that the web server files are at /var/www

Backup

(Old link: How to Clone Your Raspberry Pi SD Card for Super Easy Reinstallations)

I put the microSD in the SamSung SD Adaptor, and used Win32 Disk Imager to make a backup at H:\RasberryPi2.img

Reading from Device to Image File

Writing from Image File to SD Card

My Raspberry Pi is up-to-date as of 2017-02-05.

Cert Bot

  1. Fix it with this recipe: https://github.com/certbot/certbot/issues/2673 (Maybe not needed!)

This seems useful: https://bjornjohansen.no/letsencrypt-nginx

In detail:

1. Add Backports to /etc/apt/sources.list as per https://backports.debian.org/Instructions/

2. Do the apt-get

sudo apt-get install certbot -t jessie-backports

3. Run certbot

sudo certbot certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com

You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1

4. Renew (and reload if successful) with

sudo certbot renew && /usr/sbin/service nginx reload

5. Consider using a root cronjob

 sudo crontab -e
 0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /home/pi/letsencrypt-renew.log
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will
   expire on 2017-09-31. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you lose your account credentials, you can recover through
   e-mails sent to david.blume@gmail.com.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

6. Port forward ports 80 and 443. At the local router:

http://router.asus.com/Advanced_VirtualServer_Content.asp

WAN → Virtual Server / Port Forwarding

7. Update nginx

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04

Update /etc/nginx/sites-available/default as per this Getting Started guide from Nginx.

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name pi.dlma.com;
        return 301 https://$server_name$request_uri;
}

server {
      # SSL configuration
      #
      listen 443 ssl default_server;
      listen [::]:443 ssl default_server;
      
      ssl_certificate /etc/letsencrypt/live/pi.dlma.com/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/pi.dlma.com/privkey.pem;
      ssl_trusted_certificate /etc/letsencrypt/live/pi.dlma.com/chain.pem;
      ...

TODO: Maybe figure out how to redirect http://wopr.dlma.com to https://wopr.dlma.com.

Then check and restart nginx:

$ sudo nginx -t
$ sudo systemctl restart nginx

TODO: Renew with certbot renew –quiet as per certbot or manually.

Updating CertBot to use ACMEv2

Got an email from the EFF saying my current CertBot client uses ACMEv1 and it needs to be upgraded. Followed some instructions here:Debian Jessie instructions from the EFF.

sudo apt-get remove certbot
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

But the next step (they suggestedsudo /usr/local/bin/certbot-auto certonly –nginx), but I tried:

sudo /usr/local/bin/certbot-auto certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com

is broken because it first an apt-get and Jessie Backports is gone, and then because the pip installation failed Hash verification.

Problem: Jessie Backports is gone.

Follow the instructions here: Removal of Jessie-Updates and Jessie-Backports from Debian Mirrors

Remove “deb http://ftp.debian.org/debian jessie-backports main” from /etc/apt/sources.list and add:

deb http://archive.debian.org/debian/ jessie-backports main contrib non-free
deb-src http://archive.debian.org/debian/ jessie-backports main contrib non-free

And then essentially (I did it with a sudo vim session):

echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until

Problem pip install hash verification

Certbot fails when installing Python packages. This can be resolved by deleting the /etc/pip.conf file:

/etc/pip.conf
[global]
extra-index-url=https://www.piwheels.org/simple

Upgrading Distros

When upgrading from Jessie to Stretch, I followed this recipe: How to Upgrade Raspbian Jessie to Raspbian Stretch.

I didn't keep PiHole working, as I would get occasional network drops when working from home, and it was resolved when taking PiHole out of the mix. Will probably have to do a fresh install.

PiHole

Note: I've currently got an incompatibility between PiHole and HTTPS redirecting. So I'm not using CertBot at the moment. Will have to figure that out.

PiHole connects to FTL over port 4711. If FTL were running, it'd have a logfile you could view like so:

$ cat /var/log/pihole-FTL.log

You could also do the following:

telnet 127.0.0.1 4711
>stats

or

echo ">stats" | nc 127.0.0.1 4711

If you can't connect, you can see which services are listening like so:

$ sudo netstat -tulpn
$ sudo netstat -tulpn | grep FTL

I eventually clued in to my problem here:

$ pihole-FTL running
FATAL: Opening of FTL log (/var/log/pihole-FTL.log) failed!
       Make sure it exists and is writeable by user pi
raspberrypi:~$ ls -l /var/log/pihole*
-rw-r--r-- 1 pihole  pihole        0 Nov 24 20:42 /var/log/pihole-FTL.log
-rw-r--r-- 1 pihole  pihole      312 Sep  4 00:00 /var/log/pihole-FTL.log.1
-rw-r----- 1 dnsmasq root   18538496 Nov 24 12:46 /var/log/pihole.log
-rw-r----- 1 dnsmasq root   15273984 Sep 12 00:00 /var/log/pihole.log.1
...
raspberrypi:~$ cat /var/log/pihole-FTL.log.1
[2017-09-03 15:17:05.038] FATAL: Opening of /var/log/pihole.log failed!
[2017-09-03 15:17:05.038]        Make sure it exists and is readable by user pihole
$ sudo chmod +r /var/log/pihole.log
$ sudo service pihole-FTL restart
$ sudo netstat -tulpn | grep FTL
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      11082/pihole-FTL

And eventually discovered that my actual problem was that my log2ram mount was full. After fixing /var/log, I still had to ask pihole to restart its DNS.

$ pihole restartdns

Example PiHole API

curl "http://pi.hole/admin/api.php?summary" | python -m json.tool

New ACMEv2 Certbot overwrites /etc/nginx/sites-enabled/default

We keep backups at ~/etc_nginx_sites-enabled_default_pihole.backup.

sudo service nginx restart

Jessie or earlier: Add piwheels for fast Python pip installations

If you're not installing Stretch or later, here's info on piwheels. Add the following to /etc/pip.conf:

/etc/pip.conf
[global]
extra-index-url=https://www.piwheels.org/simple

Keywords

Keywords: Lets Encrypt, LetsEncrypt, Hole