User Tools

Site Tools


raspberry-pi
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


Previous revision
Next revision
raspberry-pi [2020/02/02 11:24] – [Problem: Jessie Backports is gone.] dblume
Line 1: Line 1:
 +====== Raspberry Pi ======
  
 +From [[http://www.raspberrypi.org/phpBB3/viewtopic.php?p=137164|this thread on SD cards]], the comment from by carlosfm on Mon Aug 27, 2012 9:46 pm suggests that the **16GB Sandisk Extreme Class 10 45MB/s** working fine on my Pi might be a good card to use.
 +
 +Also, highly recommended: **Samsung 32GB Class 10 Model Code: MB-SSBGA/US**
 +
 +Partway down the page, it says there's a debian package to download:
 +
 +<code>
 +$ wget https://dl.dropbox.com/u/15710882/iozone3_397-2_armhf.deb
 +$ sudo dpkg -i iozone3_397-2_armhf.deb
 +$ iozone -e -I -a -s 50M -r 4k -r 512k -r 16M -i 0 -i 1 -i 2 | tee iozone_out.txt
 +</code>
 +
 +> I was reading the manual for iozone and it said to make sure, for accurate results, to make the -s switch size be TWICE your ram size. My Pi has 512mb so figured minus the 16mb gpu share I'd make it 1000M (for 1gb test file)
 +
 +Still, there's more to learn.  Something about:
 +
 +<code>
 +just apt-get install bonnie++ 
 +</code>
 +
 +===== Debian OS Installation Essentials =====
 +
 +([[http://blog.philippklaus.de/2012/05/raspberry-pi/|Source]])
 +
 +<code>
 +passwd
 +sudo dpkg-reconfigure tzdata
 +sudo apt-get update && sudo apt-get upgrade
 +sudo apt-get install vim
 +sudo apt-get install screen
 +</code>
 +
 +<code>
 +sudo apt-get install ca-certificates
 +sudo apt-get install git-core
 +sudo wget http://goo.gl/1BOfJ -O /usr/bin/rpi-update && sudo chmod +x /usr/bin/rpi-update
 +sudo rpi-update
 +sudo shutdown -r now
 +</code>
 +
 +To be able to listen to audio via the headphone jack. See [[http://www.raspberrypi.org/phpBB3/viewtopic.php?f=6&t=5490|here]], and do this:
 +
 +<code>
 +sudo apt-get install alsa-utils; sudo modprobe snd_bcm2835; sudo amixer cset numid=3 1
 +</code>
 +
 +Playing m3u playlists:
 +
 +<code>
 +mpg123 -@ http://streams.br-online.de/bayern3_2.m3u
 +</code>
 +
 +Text-based browsing: Either lynx or links
 +
 +<code>
 +sudo apt-get install lynx
 +sudo apt-get install links
 +</code>
 +
 +Maybe ''sudo vim /etc/lynx-cur/lynx.cfg'' and change "#ACCEPT_ALL_COOKIES:FALSE" to "ACCEPT_ALL_COOKIES:TRUE"
 +===== Logs =====
 +
 +Consider [[https://github.com/azlux/log2ram|installing log2ram]] to extend the life of your SDCard by writing logs to RAM first.
 +
 +When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''.
 +
 +I think we need to update ''/etc/systemd/system/log2ram.service'' to make log2ram come after nginx, like so...
 +
 +<file bash log2ram.service>
 +[Unit]
 +Description=Log2Ram
 +DefaultDependencies=no
 +Before=basic.target rsyslog.service syslog.target systemd-journald.service sysinit.target shutdown.target apache2.service nginx.service
 +After=local-fs.target
 +Conflicts=shutdown.target reboot.target halt.target
 +RequiresMountsFor=/var/log /var/hdd.log
 +IgnoreOnIsolate=yes
 +
 +[Service]
 +Type=oneshot
 +ExecStart= /usr/local/bin/log2ram start
 +ExecStop= /usr/local/bin/log2ram stop
 +ExecReload= /usr/local/bin/log2ram write
 +RemainAfterExit=yes
 +
 +[Install]
 +WantedBy=sysinit.target
 +</file>
 +
 +Otherwise, it turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following...
 +
 +<file bash todo_after_powercycle.sh>
 +#!/usr/bin/env bash
 +
 +# The tool we use to save flash affects the startup of nginx
 +if [ ! -d "/var/log/nginx" ]; then
 +  sudo mkdir /var/log/nginx
 +fi
 +
 +# if service --status-all | grep -Fq '[ - ]  nginx'; then
 +if ! service nginx status | grep -Fq 'active (running)'; then
 +  sudo /etc/init.d/nginx start > /dev/null
 +  # systemctl start nginx
 +fi
 +</file>
 +===== Keyboard Repeat Problem =====
 +
 +[[http://elinux.org/R-Pi_Troubleshooting#R-Pi_does_not_respond_to_key_presses_.2F_Keyboard_randomly_repeats_key_presses|They claim it's often a power problem.]]
 +
 +> Forum user MrEngman reported some keyboard repeats and wireless hangs until upgrading to the debian6-19-04-2012 kernel, which he reports stable with no problems even with a low TP1-TP2 voltage of 4.65 - 4.68 volts.
 +
 +To see which version you have:
 +<code>
 +$ cat /proc/version
 +</code>
 +
 +Try plugging the keyboard and mouse directly into the Raspberry Pi, and see what happens.
 +
 +===== Camera =====
 +
 +A list of [[http://elinux.org/RPi_USB_Webcams|tested webcams]].
 +Here's a [[http://www.raspberrypi.org/phpBB3/viewtopic.php?f=46&t=39470|Python script for saving jpg images]].
 +Here's [[https://medium.com/p/2d5a2d61da3d|a tutorial that suggests using motion]].
 +
 +Video Tutorials:
 +
 +  * [[https://www.youtube.com/watch?v=NVrqNaLxU_g|Raspberry Pi Webcam Server Tutorial (Live Stream)]]
 +  * [[https://www.youtube.com/watch?v=H1jSudsIJfA|Raspberry Pi as a Webcam Server]]
 +===== Headless Xwin =====
 +
 +How to [[http://jeffskinnerbox.wordpress.com/2012/09/09/raspberry-pi-has-arrived/|run X Windows on the Raspberry Pi and use the PC as your X Terminal]].
 +
 +===== Apache vs Cherokee vs Nginx Webserver =====
 +
 +[[http://www.wikihow.com/Make-a-Raspberry-Pi-Web-Server]]
 +
 +Looks like [[http://www.jeremymorgan.com/blog/programming/raspberry-pi-web-server-comparison/|I should use Nginx]].
 +
 +How to [[http://en.joscandreu.com/blog/install-php-raspberrypi/|Install nginx and PHP]].  And should I need to do something that'd require .htaccess or mod_rewrite, here's a [[http://blog.martinfjordvald.com/2011/02/nginx-primer-2-from-apache-to-nginx/|Nginx Primer from Apache to Nginx]].
 +
 +It'd be interesting to see [[http://docs.getpelican.com/en/latest/getting_started.html|Pelican]] [[http://www.instructables.com/id/Host-your-own-blog-from-a-25-Raspberry-Pi-compute/|work on a Raspberry Pi]] running Nginx.
 +
 +**Note**: See history-of-nginx-start.txt, and note that the web server files are at /var/www
 +
 +===== Backup =====
 +
 +(Old link: [[http://lifehacker.com/how-to-clone-your-raspberry-pi-sd-card-for-super-easy-r-1261113524|How to Clone Your Raspberry Pi SD Card for Super Easy Reinstallations]])
 +
 +I put the microSD in the SamSung SD Adaptor, and [[https://thepihut.com/blogs/raspberry-pi-tutorials/17789160-backing-up-and-restoring-your-raspberry-pis-sd-card|used Win32 Disk Imager]] to make a backup at H:\RasberryPi2.img
 +
 +==== Reading from Device to Image File ====
 +
 +  * Specify a new Image File name. (On a big disk.)
 +  * Select "Read" to read form the Raspberry Pi's card to the file on disk.
 +
 +
 +==== Writing from Image File to SD Card ====
 +
 +  * Specify an existing Image File.
 +  * Select "Write" to write from the file on disk to the Raspberry Pi's card.
 +
 +My Raspberry Pi is up-to-date as of 2017-02-05.
 +===== Cert Bot =====
 +
 +  - https://certbot.eff.org/#debianjessie-nginx
 +  - Fix it with this recipe: https://github.com/certbot/certbot/issues/2673 (Maybe not needed!)
 +
 +This seems useful: https://bjornjohansen.no/letsencrypt-nginx
 +
 +In detail:
 +
 +1. Add Backports to /etc/apt/sources.list as per https://backports.debian.org/Instructions/
 +
 +2. Do the apt-get
 +
 +  sudo apt-get install certbot -t jessie-backports
 +
 +3. Run certbot
 +
 +  sudo certbot certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com
 +  
 +You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1
 +  
 +4. Renew (and reload if successful) with 
 +
 +  sudo certbot renew && /usr/sbin/service nginx reload
 + 
 +5. Consider using a root cronjob
 +
 +   sudo crontab -e
 +   0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /home/pi/letsencrypt-renew.log
 +
 +<code>
 +IMPORTANT NOTES:
 + - Congratulations! Your certificate and chain have been saved at
 +   /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will
 +   expire on 2017-09-31. To obtain a new or tweaked version of this
 +   certificate in the future, simply run certbot again. To
 +   non-interactively renew *all* of your certificates, run "certbot
 +   renew"
 + - If you lose your account credentials, you can recover through
 +   e-mails sent to david.blume@gmail.com.
 + - Your account credentials have been saved in your Certbot
 +   configuration directory at /etc/letsencrypt. You should make a
 +   secure backup of this folder now. This configuration directory will
 +   also contain certificates and private keys obtained by Certbot so
 +   making regular backups of this folder is ideal.
 + - If you like Certbot, please consider supporting our work by:
 +
 +   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 +   Donating to EFF:                    https://eff.org/donate-le
 +</code>
 +
 +6. Port forward ports 80 and 443.  At the local router:
 +
 +http://router.asus.com/Advanced_VirtualServer_Content.asp
 +
 +WAN -> Virtual Server / Port Forwarding
 +
 +7. Update nginx
 +
 +https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04
 +
 +Update /etc/nginx/sites-available/default as per this [[https://www.nginx.com/blog/nginx-https-101-ssl-basics-getting-started/|Getting Started guide from Nginx]].
 +
 +  server {
 +          listen 80 default_server;
 +          listen [::]:80 default_server;
 +          server_name pi.dlma.com;
 +          return 301 https://$server_name$request_uri;
 +  }
 +  
 +  server {
 +        # SSL configuration
 +        #
 +        listen 443 ssl default_server;
 +        listen [::]:443 ssl default_server;
 +        
 +        ssl_certificate /etc/letsencrypt/live/pi.dlma.com/fullchain.pem;
 +        ssl_certificate_key /etc/letsencrypt/live/pi.dlma.com/privkey.pem;
 +        ssl_trusted_certificate /etc/letsencrypt/live/pi.dlma.com/chain.pem;
 +        ...
 +
 +**TODO**: Maybe figure out [[https://www.nginx.com/blog/nginx-https-101-ssl-basics-getting-started/|how to redirect http://wopr.dlma.com to https://wopr.dlma.com]].
 +
 +Then check and restart nginx:
 +
 +  $ sudo nginx -t
 +  $ sudo systemctl restart nginx
 +  
 +**TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]].
 +
 +===== Updating CertBot to use ACMEv2 =====
 +
 +Got an email from the EFF saying my current CertBot client uses ACMEv1 and it needs to be upgraded. Followed some instructions here:[[https://certbot.eff.org/lets-encrypt/debianother-nginx|Debian Jessie instructions from the EFF]].
 +
 +  sudo apt-get remove certbot
 +  wget https://dl.eff.org/certbot-auto
 +  sudo mv certbot-auto /usr/local/bin/certbot-auto
 +  sudo chown root /usr/local/bin/certbot-auto
 +  sudo chmod 0755 /usr/local/bin/certbot-auto
 +
 +But the next step,
 +
 +  sudo /usr/local/bin/certbot-auto certonly --nginx
 +  
 +is broken because it does an apt-get and Jessie Backports is gone.
 +
 +==== Problem: Jessie Backports is gone. ====
 +
 +Follow the instructions here: [[https://www.lucas-nussbaum.net/blog/?p=947|Removal of Jessie-Updates and Jessie-Backports from Debian Mirrors]]
 +
 +Remove "<nowiki>deb http://ftp.debian.org/debian jessie-backports main</nowiki>" from ''/etc/apt/sources.list'' and add:
 +
 +  deb http://archive.debian.org/debian/ jessie-backports main contrib non-free
 +  deb-src http://archive.debian.org/debian/ jessie-backports main contrib non-free
 +
 +And then essentially (I did it with a sudo vim session):
 +
 +  echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
 +  
 +
 +===== PiHole =====
 +
 +**Note**: I've currently got an incompatibility between PiHole and HTTPS redirecting. So I'm not using CertBot at the moment. Will have to figure that out.
 +
 +PiHole connects to FTL over port 4711.  If FTL were running, it'd have a logfile you could view like so:
 +
 +<code bash>
 +$ cat /var/log/pihole-FTL.log
 +</code>
 +
 +You could also do the following:
 +
 +<code bash>
 +telnet 127.0.0.1 4711
 +>stats
 +</code>
 +
 +or
 +
 +<code bash>
 +echo ">stats" | nc 127.0.0.1 4711
 +</code>
 +
 +If you can't connect, you can see which services are listening like so:
 +
 +<code bash>
 +$ sudo netstat -tulpn
 +$ sudo netstat -tulpn | grep FTL
 +</code>
 +
 +I eventually clued in to my problem here:
 +
 +<code bash>
 +$ pihole-FTL running
 +FATAL: Opening of FTL log (/var/log/pihole-FTL.log) failed!
 +       Make sure it exists and is writeable by user pi
 +raspberrypi:~$ ls -l /var/log/pihole*
 +-rw-r--r-- 1 pihole  pihole        0 Nov 24 20:42 /var/log/pihole-FTL.log
 +-rw-r--r-- 1 pihole  pihole      312 Sep  4 00:00 /var/log/pihole-FTL.log.1
 +-rw-r----- 1 dnsmasq root   18538496 Nov 24 12:46 /var/log/pihole.log
 +-rw-r----- 1 dnsmasq root   15273984 Sep 12 00:00 /var/log/pihole.log.1
 +...
 +raspberrypi:~$ cat /var/log/pihole-FTL.log.1
 +[2017-09-03 15:17:05.038] FATAL: Opening of /var/log/pihole.log failed!
 +[2017-09-03 15:17:05.038]        Make sure it exists and is readable by user pihole
 +$ sudo chmod +r /var/log/pihole.log
 +$ sudo service pihole-FTL restart
 +$ sudo netstat -tulpn | grep FTL
 +tcp        0      0 127.0.0.1:4711          0.0.0.0:              LISTEN      11082/pihole-FTL
 +</code>
 +
 +And eventually discovered that my actual problem was that my log2ram mount was full. After fixing /var/log, I still had to ask pihole to restart its DNS.
 +
 +<code>
 +$ pihole restartdns
 +</code>
 +
 +==== Example PiHole API ====
 +
 +<code>
 +curl "http://pi.hole/admin/api.php?summary" | python -m json.tool
 +</code>
 +
 +===== Jessie or earlier: Add piwheels for fast Python pip installations =====
 +
 +If you're not installing Stretch or later, here's [[https://www.piwheels.hostedpi.com/|info on piwheels]]. Add the following to ''/etc/pip.conf'':
 +<file bash /etc/pip.conf>
 +[global]
 +extra-index-url=https://www.piwheels.org/simple
 +</file>
 +
 +====== Keywords ======
 +
 +Keywords: Lets Encrypt, LetsEncrypt, Hole
raspberry-pi.txt · Last modified: 2023/04/12 20:44 by 127.0.0.1