User Tools

Site Tools


raspberry-pi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
raspberry-pi [2014/10/26 17:50] dblumeraspberry-pi [2023/04/12 20:44] (current) – external edit 127.0.0.1
Line 63: Line 63:
 ===== Logs ===== ===== Logs =====
  
-Consider [[http://people.virginia.edu/~ll2bf/docs/nix/rpi_server.html#_install_ramlog|installing Ramlog]] to extend the life of your SD card by writing logs only to RAM, then flushing them to disk There's talk of having to reboot twice, and I definitely had to add the following two lines to /etc/init.d/ramlog because rsyslogd had kept /var/log open. (I could determine this by looking at the results of ''sudo service ramlog start''):+Consider [[https://github.com/azlux/log2ram|installing log2ram]] to extend the life of your SDCard by writing logs to RAM first.
  
-<code bash> +When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''.
-# X-Start-Before: rsyslog +
-# X-Stop-After: rsyslog +
-</code>+
  
-And then+I think we need to update ''/etc/systemd/system/log2ram.service'' to make log2ram come after nginx, like so...
  
-<code+<file bash log2ram.service
-$ sudo insserv +[Unit] 
-</code>+Description=Log2Ram 
 +DefaultDependencies=no 
 +Before=basic.target rsyslog.service syslog.target systemd-journald.service sysinit.target shutdown.target apache2.service nginx.service 
 +After=local-fs.target 
 +Conflicts=shutdown.target reboot.target halt.target 
 +RequiresMountsFor=/var/log /var/hdd.log 
 +IgnoreOnIsolate=yes
  
-When there are problemscheck for logs in ''/var/log/syslog'' or ''/var/log/messages''.+[Service] 
 +Type=oneshot 
 +ExecStart= /usr/local/bin/log2ram start 
 +ExecStop= /usr/local/bin/log2ram stop 
 +ExecReload= /usr/local/bin/log2ram write 
 +RemainAfterExit=yes 
 + 
 +[Install] 
 +WantedBy=sysinit.target 
 +</file> 
 + 
 +Otherwiseit turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following... 
 + 
 +<file bash todo_after_powercycle.sh> 
 +#!/usr/bin/env bash 
 + 
 +# The tool we use to save flash affects the startup of nginx 
 +if [ ! -d "/var/log/nginx" ]; then 
 +  sudo mkdir /var/log/nginx 
 +fi
  
 +# if service --status-all | grep -Fq '[ - ]  nginx'; then
 +if ! service nginx status | grep -Fq 'active (running)'; then
 +  sudo /etc/init.d/nginx start > /dev/null
 +  # systemctl start nginx
 +fi
 +</file>
 ===== Keyboard Repeat Problem ===== ===== Keyboard Repeat Problem =====
  
Line 115: Line 143:
 It'd be interesting to see [[http://docs.getpelican.com/en/latest/getting_started.html|Pelican]] [[http://www.instructables.com/id/Host-your-own-blog-from-a-25-Raspberry-Pi-compute/|work on a Raspberry Pi]] running Nginx. It'd be interesting to see [[http://docs.getpelican.com/en/latest/getting_started.html|Pelican]] [[http://www.instructables.com/id/Host-your-own-blog-from-a-25-Raspberry-Pi-compute/|work on a Raspberry Pi]] running Nginx.
  
-===== Backing-up And Restoring the SD Card =====+**Note**: See history-of-nginx-start.txt, and note that the web server files are at /var/www 
 + 
 +===== Backup ===== 
 + 
 +(Old link: [[http://lifehacker.com/how-to-clone-your-raspberry-pi-sd-card-for-super-easy-r-1261113524|How to Clone Your Raspberry Pi SD Card for Super Easy Reinstallations]]) 
 + 
 +I put the microSD in the SamSung SD Adaptor, and [[https://thepihut.com/blogs/raspberry-pi-tutorials/17789160-backing-up-and-restoring-your-raspberry-pis-sd-card|used Win32 Disk Imager]] to make a backup at H:\RasberryPi2.img 
 + 
 +==== Reading from Device to Image File ==== 
 + 
 +  * Specify a new Image File name. (On a big disk.) 
 +  * Select "Read" to read form the Raspberry Pi's card to the file on disk. 
 + 
 + 
 +==== Writing from Image File to SD Card ==== 
 + 
 +  * Specify an existing Image File. 
 +  * Select "Write" to write from the file on disk to the Raspberry Pi's card. 
 + 
 +My Raspberry Pi is up-to-date as of 2017-02-05. 
 +===== Cert Bot ===== 
 + 
 +  - https://certbot.eff.org/#debianjessie-nginx 
 +  - Fix it with this recipe: https://github.com/certbot/certbot/issues/2673 (Maybe not needed!) 
 + 
 +This seems useful: https://bjornjohansen.no/letsencrypt-nginx 
 + 
 +In detail: 
 + 
 +1. Add Backports to /etc/apt/sources.list as per https://backports.debian.org/Instructions/ 
 + 
 +2. Do the apt-get 
 + 
 +  sudo apt-get install certbot -t jessie-backports 
 + 
 +3. Run certbot 
 + 
 +  sudo certbot certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com 
 +   
 +You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1 
 +   
 +4. Renew (and reload if successful) with  
 + 
 +  sudo certbot renew && /usr/sbin/service nginx reload 
 +  
 +5. Consider using a root cronjob 
 + 
 +   sudo crontab -e 
 +   0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /home/pi/letsencrypt-renew.log 
 + 
 +<code> 
 +IMPORTANT NOTES: 
 + - Congratulations! Your certificate and chain have been saved at 
 +   /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will 
 +   expire on 2017-09-31. To obtain a new or tweaked version of this 
 +   certificate in the future, simply run certbot again. To 
 +   non-interactively renew *all* of your certificates, run "certbot 
 +   renew" 
 + - If you lose your account credentials, you can recover through 
 +   e-mails sent to david.blume@gmail.com. 
 + - Your account credentials have been saved in your Certbot 
 +   configuration directory at /etc/letsencrypt. You should make a 
 +   secure backup of this folder now. This configuration directory will 
 +   also contain certificates and private keys obtained by Certbot so 
 +   making regular backups of this folder is ideal. 
 + - If you like Certbot, please consider supporting our work by: 
 + 
 +   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate 
 +   Donating to EFF:                    https://eff.org/donate-le 
 +</code> 
 + 
 +6. Port forward ports 80 and 443.  At the local router: 
 + 
 +http://router.asus.com/Advanced_VirtualServer_Content.asp 
 + 
 +WAN -> Virtual Server / Port Forwarding 
 + 
 +7. Update nginx 
 + 
 +https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04 
 + 
 +Update /etc/nginx/sites-available/default as per this [[https://www.nginx.com/blog/nginx-https-101-ssl-basics-getting-started/|Getting Started guide from Nginx]]. 
 + 
 +  server { 
 +          listen 80 default_server; 
 +          listen [::]:80 default_server; 
 +          server_name pi.dlma.com; 
 +          return 301 https://$server_name$request_uri; 
 +  } 
 +   
 +  server { 
 +        # SSL configuration 
 +        # 
 +        listen 443 ssl default_server; 
 +        listen [::]:443 ssl default_server; 
 +         
 +        ssl_certificate /etc/letsencrypt/live/pi.dlma.com/fullchain.pem; 
 +        ssl_certificate_key /etc/letsencrypt/live/pi.dlma.com/privkey.pem; 
 +        ssl_trusted_certificate /etc/letsencrypt/live/pi.dlma.com/chain.pem; 
 +        ... 
 + 
 +**TODO**: Maybe figure out [[https://www.nginx.com/blog/nginx-https-101-ssl-basics-getting-started/|how to redirect http://wopr.dlma.com to https://wopr.dlma.com]]. 
 + 
 +Then check and restart nginx: 
 + 
 +  $ sudo nginx -t 
 +  $ sudo systemctl restart nginx 
 +   
 +**TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]]. 
 + 
 +===== Updating CertBot to use ACMEv2 ===== 
 + 
 +Got an email from the EFF saying my current CertBot client uses ACMEv1 and it needs to be upgraded. Followed some instructions here:[[https://certbot.eff.org/lets-encrypt/debianother-nginx|Debian Jessie instructions from the EFF]]. 
 + 
 +  sudo apt-get remove certbot 
 +  wget https://dl.eff.org/certbot-auto 
 +  sudo mv certbot-auto /usr/local/bin/certbot-auto 
 +  sudo chown root /usr/local/bin/certbot-auto 
 +  sudo chmod 0755 /usr/local/bin/certbot-auto 
 + 
 +But the next step (they suggested''sudo /usr/local/bin/certbot-auto certonly --nginx''), but I tried: 
 + 
 +  sudo /usr/local/bin/certbot-auto certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com 
 +   
 +is broken because it first  an apt-get and Jessie Backports is gone, and then because the pip installation failed Hash verification. 
 + 
 +==== Problem: Jessie Backports is gone. ==== 
 + 
 +Follow the instructions here: [[https://www.lucas-nussbaum.net/blog/?p=947|Removal of Jessie-Updates and Jessie-Backports from Debian Mirrors]] 
 + 
 +Remove "<nowiki>deb http://ftp.debian.org/debian jessie-backports main</nowiki>" from ''/etc/apt/sources.list'' and add: 
 + 
 +  deb http://archive.debian.org/debian/ jessie-backports main contrib non-free 
 +  deb-src http://archive.debian.org/debian/ jessie-backports main contrib non-free 
 + 
 +And then essentially (I did it with a sudo vim session): 
 + 
 +  echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until 
 +   
 +==== Problem pip install hash verification ==== 
 + 
 +[[https://community.letsencrypt.org/t/certbot-auto-certificates-fails-while-installing-phyton-packages-with-these-packages-do-not-match-the-hashes/90363/5|Certbot fails when installing Python packages]]. This can be resolved by deleting the ''/etc/pip.conf'' file: 
 + 
 +<file bash /etc/pip.conf> 
 +[global] 
 +extra-index-url=https://www.piwheels.org/simple 
 +</file> 
 + 
 +===== Upgrading Distros ===== 
 + 
 +When upgrading from Jessie to Stretch, I followed this recipe: [[https://pimylifeup.com/upgrade-raspbian-jessie-to-raspbian-stretch/|How to Upgrade Raspbian Jessie to Raspbian Stretch]]. 
 + 
 +I didn't keep PiHole working, as I would get occasional network drops when working from home, and it was resolved when taking PiHole out of the mix. Will probably have to do a fresh install. 
 + 
 +===== PiHole ===== 
 + 
 +**Note**: I've currently got an incompatibility between PiHole and HTTPS redirecting. So I'm not using CertBot at the moment. Will have to figure that out. 
 + 
 +PiHole connects to FTL over port 4711.  If FTL were running, it'd have a logfile you could view like so: 
 + 
 +<code bash> 
 +$ cat /var/log/pihole-FTL.log 
 +</code> 
 + 
 +You could also do the following: 
 + 
 +<code bash> 
 +telnet 127.0.0.1 4711 
 +>stats 
 +</code> 
 + 
 +or 
 + 
 +<code bash> 
 +echo ">stats" | nc 127.0.0.1 4711 
 +</code> 
 + 
 +If you can't connect, you can see which services are listening like so: 
 + 
 +<code bash> 
 +$ sudo netstat -tulpn 
 +$ sudo netstat -tulpn | grep FTL 
 +</code> 
 + 
 +I eventually clued in to my problem here: 
 + 
 +<code bash> 
 +$ pihole-FTL running 
 +FATAL: Opening of FTL log (/var/log/pihole-FTL.log) failed! 
 +       Make sure it exists and is writeable by user pi 
 +raspberrypi:~$ ls -l /var/log/pihole* 
 +-rw-r--r-- 1 pihole  pihole        0 Nov 24 20:42 /var/log/pihole-FTL.log 
 +-rw-r--r-- 1 pihole  pihole      312 Sep  4 00:00 /var/log/pihole-FTL.log.1 
 +-rw-r----- 1 dnsmasq root   18538496 Nov 24 12:46 /var/log/pihole.log 
 +-rw-r----- 1 dnsmasq root   15273984 Sep 12 00:00 /var/log/pihole.log.1 
 +... 
 +raspberrypi:~$ cat /var/log/pihole-FTL.log.1 
 +[2017-09-03 15:17:05.038] FATAL: Opening of /var/log/pihole.log failed! 
 +[2017-09-03 15:17:05.038]        Make sure it exists and is readable by user pihole 
 +$ sudo chmod +r /var/log/pihole.log 
 +$ sudo service pihole-FTL restart 
 +$ sudo netstat -tulpn | grep FTL 
 +tcp        0      0 127.0.0.1:4711          0.0.0.0:              LISTEN      11082/pihole-FTL 
 +</code> 
 + 
 +And eventually discovered that my actual problem was that my log2ram mount was full. After fixing /var/log, I still had to ask pihole to restart its DNS. 
 + 
 +<code> 
 +$ pihole restartdns 
 +</code> 
 + 
 +==== Example PiHole API ==== 
 + 
 +<code> 
 +curl "http://pi.hole/admin/api.php?summary" | python -m json.tool 
 +</code> 
 + 
 +===== New ACMEv2 Certbot overwrites /etc/nginx/sites-enabled/default ===== 
 + 
 +We keep backups at ''~/etc_nginx_sites-enabled_default_pihole.backup''
 + 
 +  sudo service nginx restart 
 + 
 +===== Jessie or earlier: Add piwheels for fast Python pip installations ===== 
 + 
 +If you're not installing Stretch or later, here's [[https://www.piwheels.hostedpi.com/|info on piwheels]]. Add the following to ''/etc/pip.conf'': 
 +<file bash /etc/pip.conf> 
 +[global] 
 +extra-index-url=https://www.piwheels.org/simple 
 +</file>
  
-[[http://lifehacker.com/how-to-clone-your-raspberry-pi-sd-card-for-super-easy-r-1261113524|How to Clone Your Raspberry Pi SD Card for Super Easy Reinstallations]]+====== Keywords ======
  
-My Raspberry Pi is up-to-date as of Oct 262014.+Keywords: Lets EncryptLetsEncrypt, Hole
raspberry-pi.1414371035.txt.gz · Last modified: 2023/04/12 20:44 (external edit)