Home
Welcome
About This Wiki
sandbox (play here)
[[Raspberry Pi]]
Differences
This shows you the differences between two versions of the page.
|
raspberry-pi [2017/02/05 13:31] dblume [Backing-up And Restoring the SD Card] |
raspberry-pi [2018/10/06 08:51] (current) dblume [Jessie or earlier: Add piwheels for fast Python pip installations] |
||
|---|---|---|---|
| Line 67: | Line 67: | ||
| When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''. | When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''. | ||
| + | I think we need to update ''/etc/systemd/system/log2ram.service'' to make log2ram come after nginx, like so... | ||
| + | |||
| + | <file bash log2ram.service> | ||
| + | [Unit] | ||
| + | Description=Log2Ram | ||
| + | DefaultDependencies=no | ||
| + | Before=basic.target rsyslog.service syslog.target systemd-journald.service sysinit.target shutdown.target apache2.service nginx.service | ||
| + | After=local-fs.target | ||
| + | Conflicts=shutdown.target reboot.target halt.target | ||
| + | RequiresMountsFor=/var/log /var/hdd.log | ||
| + | IgnoreOnIsolate=yes | ||
| + | |||
| + | [Service] | ||
| + | Type=oneshot | ||
| + | ExecStart= /usr/local/bin/log2ram start | ||
| + | ExecStop= /usr/local/bin/log2ram stop | ||
| + | ExecReload= /usr/local/bin/log2ram write | ||
| + | RemainAfterExit=yes | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=sysinit.target | ||
| + | </file> | ||
| + | |||
| + | Otherwise, it turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following... | ||
| + | |||
| + | <file bash todo_after_powercycle.sh> | ||
| + | #!/usr/bin/env bash | ||
| + | |||
| + | # The tool we use to save flash affects the startup of nginx | ||
| + | if [ ! -d "/var/log/nginx" ]; then | ||
| + | sudo mkdir /var/log/nginx | ||
| + | fi | ||
| + | |||
| + | # if service --status-all | grep -Fq '[ - ] nginx'; then | ||
| + | if ! service nginx status | grep -Fq 'active (running)'; then | ||
| + | sudo /etc/init.d/nginx start > /dev/null | ||
| + | # systemctl start nginx | ||
| + | fi | ||
| + | </file> | ||
| ===== Keyboard Repeat Problem ===== | ===== Keyboard Repeat Problem ===== | ||
| Line 145: | Line 184: | ||
| You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1 | You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1 | ||
| - | 4. Renew with | + | 4. Renew (and reload if successful) with |
| - | certbot renew | + | sudo certbot renew && /usr/sbin/service nginx reload |
| + | |||
| + | 5. Consider using a root cronjob | ||
| + | |||
| + | sudo crontab -e | ||
| + | 0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /var/log/letsencrypt-renew.log | ||
| <code> | <code> | ||
| Line 153: | Line 197: | ||
| - Congratulations! Your certificate and chain have been saved at | - Congratulations! Your certificate and chain have been saved at | ||
| /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will | /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will | ||
| - | expire on 2017-01-31. To obtain a new or tweaked version of this | + | expire on 2017-09-31. To obtain a new or tweaked version of this |
| certificate in the future, simply run certbot again. To | certificate in the future, simply run certbot again. To | ||
| non-interactively renew *all* of your certificates, run "certbot | non-interactively renew *all* of your certificates, run "certbot | ||
| Line 186: | Line 230: | ||
| listen [::]:80 default_server; | listen [::]:80 default_server; | ||
| server_name pi.dlma.com; | server_name pi.dlma.com; | ||
| - | return 302 https://$server_name$request_uri; | + | return 301 https://$server_name$request_uri; |
| } | } | ||
| Line 208: | Line 252: | ||
| **TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]]. | **TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]]. | ||
| + | |||
| + | ===== PiHole ===== | ||
| + | |||
| + | **Note**: I've currently got an incompatibility between PiHole and HTTPS redirecting. So I'm not using CertBot at the moment. Will have to figure that out. | ||
| + | |||
| + | PiHole connects to FTL over port 4711. If FTL were running, it'd have a logfile you could view like so: | ||
| + | |||
| + | <code bash> | ||
| + | $ cat /var/log/pihole-FTL.log | ||
| + | </code> | ||
| + | |||
| + | You could also do the following: | ||
| + | |||
| + | <code bash> | ||
| + | telnet 127.0.0.1 4711 | ||
| + | >stats | ||
| + | </code> | ||
| + | |||
| + | or | ||
| + | |||
| + | <code bash> | ||
| + | echo ">stats" | nc 127.0.0.1 4711 | ||
| + | </code> | ||
| + | |||
| + | If you can't connect, you can see which services are listening like so: | ||
| + | |||
| + | <code bash> | ||
| + | $ sudo netstat -tulpn | ||
| + | $ sudo netstat -tulpn | grep FTL | ||
| + | </code> | ||
| + | |||
| + | I eventually clued in to my problem here: | ||
| + | |||
| + | <code bash> | ||
| + | $ pihole-FTL running | ||
| + | FATAL: Opening of FTL log (/var/log/pihole-FTL.log) failed! | ||
| + | Make sure it exists and is writeable by user pi | ||
| + | raspberrypi:~$ ls -l /var/log/pihole* | ||
| + | -rw-r--r-- 1 pihole pihole 0 Nov 24 20:42 /var/log/pihole-FTL.log | ||
| + | -rw-r--r-- 1 pihole pihole 312 Sep 4 00:00 /var/log/pihole-FTL.log.1 | ||
| + | -rw-r----- 1 dnsmasq root 18538496 Nov 24 12:46 /var/log/pihole.log | ||
| + | -rw-r----- 1 dnsmasq root 15273984 Sep 12 00:00 /var/log/pihole.log.1 | ||
| + | ... | ||
| + | raspberrypi:~$ cat /var/log/pihole-FTL.log.1 | ||
| + | [2017-09-03 15:17:05.038] FATAL: Opening of /var/log/pihole.log failed! | ||
| + | [2017-09-03 15:17:05.038] Make sure it exists and is readable by user pihole | ||
| + | $ sudo chmod +r /var/log/pihole.log | ||
| + | $ sudo service pihole-FTL restart | ||
| + | $ sudo netstat -tulpn | grep FTL | ||
| + | tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 11082/pihole-FTL | ||
| + | </code> | ||
| + | |||
| + | And eventually discovered that my actual problem was that my log2ram mount was full. After fixing /var/log, I still had to ask pihole to restart its DNS. | ||
| + | |||
| + | <code> | ||
| + | $ pihole restartdns | ||
| + | </code> | ||
| + | |||
| + | ==== Example PiHole API ==== | ||
| + | |||
| + | <code> | ||
| + | curl "http://pi.hole/admin/api.php?summary" | python -m json.tool | ||
| + | </code> | ||
| + | |||
| + | ===== Jessie or earlier: Add piwheels for fast Python pip installations ===== | ||
| + | |||
| + | If you're not installing Stretch or later, here's [[https://www.piwheels.hostedpi.com/|info on piwheels]]. Add the following to ''/etc/pip.conf'': | ||
| + | <file bash /etc/pip.conf> | ||
| + | [global] | ||
| + | extra-index-url=https://www.piwheels.org/simple | ||
| + | </file> | ||
| + | |||
| + | ====== Keywords ====== | ||
| + | |||
| + | Keywords: Lets Encrypt, LetsEncrypt, Hole | ||
