[[Raspberry Pi]]
 
Trace:

Home

Welcome
About This Wiki
sandbox (play here)

Trippy the Lizard

To Do
Projects

C++

Wikis Reviewed
Wikis Analyzed

Zeitcode

RSS feed (help)

External Links

My Blog
My Lifestream
My Dilemma

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

raspberry-pi [2017/02/05 13:31]
dblume [Backing-up And Restoring the SD Card] 		raspberry-pi [2018/01/07 22:33] (current)
dblume [Logs]
Line 67: Line 67:
 When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''. When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''.
  
 +I think we need to update ''/etc/systemd/system/log2ram.service'' to make log2ram come after nginx, like so...
 +
 +<file bash log2ram.service>
 +[Unit]
 +Description=Log2Ram
 +DefaultDependencies=no
 +Before=basic.target rsyslog.service syslog.target systemd-journald.service sysinit.target shutdown.target apache2.service nginx.service
 +After=local-fs.target
 +Conflicts=shutdown.target reboot.target halt.target
 +RequiresMountsFor=/var/log /var/hdd.log
 +IgnoreOnIsolate=yes
 +
 +[Service]
 +Type=oneshot
 +ExecStart= /usr/local/bin/log2ram start
 +ExecStop= /usr/local/bin/log2ram stop
 +ExecReload= /usr/local/bin/log2ram write
 +RemainAfterExit=yes
 +
 +[Install]
 +WantedBy=sysinit.target
 +</file>
 +
 +Otherwise, it turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following...
 +
 +<file bash todo_after_powercycle.sh>
 +#!/usr/bin/env bash
 +
 +# The tool we use to save flash affects the startup of nginx
 +if [ ! -d "/var/log/nginx" ]; then
 +  sudo mkdir /var/log/nginx
 +fi
 +
 +# if service --status-all | grep -Fq '[ - ]  nginx'; then
 +if ! service nginx status | grep -Fq 'active (running)'; then
 +  sudo /etc/init.d/nginx start > /dev/null
 +  # systemctl start nginx
 +fi
 +</file>
 ===== Keyboard Repeat Problem ===== ===== Keyboard Repeat Problem =====
  
Line 145: Line 184:
 You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1 You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1
      
-4. Renew with +4. Renew (and reload if successful) with 
  
-  certbot renew+  sudo certbot renew && /usr/sbin/service nginx reload 
 +  
 +5. Consider using a root cronjob 
 + 
 +   sudo crontab -e 
 +   0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /var/log/letsencrypt-renew.log
  
 <code> <code>
Line 153: Line 197:
  - Congratulations! Your certificate and chain have been saved at  - Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will    /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will
-   expire on 2017-01-31. To obtain a new or tweaked version of this+   expire on 2017-09-31. To obtain a new or tweaked version of this
    certificate in the future, simply run certbot again. To    certificate in the future, simply run certbot again. To
    non-interactively renew *all* of your certificates, run "certbot    non-interactively renew *all* of your certificates, run "certbot
Line 186: Line 230:
           listen [::]:80 default_server;           listen [::]:80 default_server;
           server_name pi.dlma.com;           server_name pi.dlma.com;
-          return 302 https://$server_name$request_uri;+          return 301 https://$server_name$request_uri;
   }   }
      
Line 208: Line 252:
      
 **TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]]. **TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]].
 +
 +===== PiHole =====
 +
 +**Note**: I've currently got an incompatibility between PiHole and HTTPS redirecting. So I'm not using CertBot at the moment. Will have to figure that out.
 +
 +PiHole connects to FTL over port 4711.  If FTL were running, it'd have a logfile you could view like so:
 +
 +<code bash>
 +$ cat /var/log/pihole-FTL.log
 +</code>
 +
 +You could also do the following:
 +
 +<code bash>
 +telnet 127.0.0.1 4711
 +>stats
 +</code>
 +
 +or
 +
 +<code bash>
 +echo ">stats" | nc 127.0.0.1 4711
 +</code>
 +
 +If you can't connect, you can see which services are listening like so:
 +
 +<code bash>
 +$ sudo netstat -tulpn
 +$ sudo netstat -tulpn | grep FTL
 +</code>
 +
 +I eventually clued in to my problem here:
 +
 +<code bash>
 +$ pihole-FTL running
 +FATAL: Opening of FTL log (/var/log/pihole-FTL.log) failed!
 +       Make sure it exists and is writeable by user pi
 +raspberrypi:~$ ls -l /var/log/pihole*
 +-rw-r--r-- 1 pihole  pihole        0 Nov 24 20:42 /var/log/pihole-FTL.log
 +-rw-r--r-- 1 pihole  pihole      312 Sep  4 00:00 /var/log/pihole-FTL.log.1
 +-rw-r----- 1 dnsmasq root   18538496 Nov 24 12:46 /var/log/pihole.log
 +-rw-r----- 1 dnsmasq root   15273984 Sep 12 00:00 /var/log/pihole.log.1
 +...
 +raspberrypi:~$ cat /var/log/pihole-FTL.log.1
 +[2017-09-03 15:17:05.038] FATAL: Opening of /var/log/pihole.log failed!
 +[2017-09-03 15:17:05.038]        Make sure it exists and is readable by user pihole
 +$ sudo chmod +r /var/log/pihole.log
 +$ sudo service pihole-FTL restart
 +$ sudo netstat -tulpn | grep FTL
 +tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      11082/pihole-FTL
 +</code>
 +
 +And eventually discovered that my actual problem was that my log2ram mount was full. After fixing /var/log, I still had to ask pihole to restart its DNS.
 +
 +<code>
 +$ pihole restartdns
 +</code>
 +
 +==== Example PiHole API ====
 +
 +<code>
 +curl "http://pi.hole/admin/api.php?summary" | python -m json.tool
 +</code>
 +
 +Keywords: Lets Encrypt, LetsEncrypt, Hole
raspberry-pi.1486330264.txt.gz · Last modified: 2017/02/05 13:31 by dblume
 
Recent changes RSS feed Driven by DokuWiki