Home
Welcome
About This Wiki
sandbox (play here)
This shows you the differences between two versions of the page.
raspberry-pi [2017/02/05 13:31] dblume [Backing-up And Restoring the SD Card] |
raspberry-pi [2018/10/06 08:51] (current) dblume [Jessie or earlier: Add piwheels for fast Python pip installations] |
||
---|---|---|---|
Line 67: | Line 67: | ||
When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''. | When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''. | ||
+ | I think we need to update ''/etc/systemd/system/log2ram.service'' to make log2ram come after nginx, like so... | ||
+ | |||
+ | <file bash log2ram.service> | ||
+ | [Unit] | ||
+ | Description=Log2Ram | ||
+ | DefaultDependencies=no | ||
+ | Before=basic.target rsyslog.service syslog.target systemd-journald.service sysinit.target shutdown.target apache2.service nginx.service | ||
+ | After=local-fs.target | ||
+ | Conflicts=shutdown.target reboot.target halt.target | ||
+ | RequiresMountsFor=/var/log /var/hdd.log | ||
+ | IgnoreOnIsolate=yes | ||
+ | |||
+ | [Service] | ||
+ | Type=oneshot | ||
+ | ExecStart= /usr/local/bin/log2ram start | ||
+ | ExecStop= /usr/local/bin/log2ram stop | ||
+ | ExecReload= /usr/local/bin/log2ram write | ||
+ | RemainAfterExit=yes | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=sysinit.target | ||
+ | </file> | ||
+ | |||
+ | Otherwise, it turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following... | ||
+ | |||
+ | <file bash todo_after_powercycle.sh> | ||
+ | #!/usr/bin/env bash | ||
+ | |||
+ | # The tool we use to save flash affects the startup of nginx | ||
+ | if [ ! -d "/var/log/nginx" ]; then | ||
+ | sudo mkdir /var/log/nginx | ||
+ | fi | ||
+ | |||
+ | # if service --status-all | grep -Fq '[ - ] nginx'; then | ||
+ | if ! service nginx status | grep -Fq 'active (running)'; then | ||
+ | sudo /etc/init.d/nginx start > /dev/null | ||
+ | # systemctl start nginx | ||
+ | fi | ||
+ | </file> | ||
===== Keyboard Repeat Problem ===== | ===== Keyboard Repeat Problem ===== | ||
Line 145: | Line 184: | ||
You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1 | You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1 | ||
- | 4. Renew with | + | 4. Renew (and reload if successful) with |
- | certbot renew | + | sudo certbot renew && /usr/sbin/service nginx reload |
+ | |||
+ | 5. Consider using a root cronjob | ||
+ | |||
+ | sudo crontab -e | ||
+ | 0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /var/log/letsencrypt-renew.log | ||
<code> | <code> | ||
Line 153: | Line 197: | ||
- Congratulations! Your certificate and chain have been saved at | - Congratulations! Your certificate and chain have been saved at | ||
/etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will | /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will | ||
- | expire on 2017-01-31. To obtain a new or tweaked version of this | + | expire on 2017-09-31. To obtain a new or tweaked version of this |
certificate in the future, simply run certbot again. To | certificate in the future, simply run certbot again. To | ||
non-interactively renew *all* of your certificates, run "certbot | non-interactively renew *all* of your certificates, run "certbot | ||
Line 186: | Line 230: | ||
listen [::]:80 default_server; | listen [::]:80 default_server; | ||
server_name pi.dlma.com; | server_name pi.dlma.com; | ||
- | return 302 https://$server_name$request_uri; | + | return 301 https://$server_name$request_uri; |
} | } | ||
Line 208: | Line 252: | ||
**TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]]. | **TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]]. | ||
+ | |||
+ | ===== PiHole ===== | ||
+ | |||
+ | **Note**: I've currently got an incompatibility between PiHole and HTTPS redirecting. So I'm not using CertBot at the moment. Will have to figure that out. | ||
+ | |||
+ | PiHole connects to FTL over port 4711. If FTL were running, it'd have a logfile you could view like so: | ||
+ | |||
+ | <code bash> | ||
+ | $ cat /var/log/pihole-FTL.log | ||
+ | </code> | ||
+ | |||
+ | You could also do the following: | ||
+ | |||
+ | <code bash> | ||
+ | telnet 127.0.0.1 4711 | ||
+ | >stats | ||
+ | </code> | ||
+ | |||
+ | or | ||
+ | |||
+ | <code bash> | ||
+ | echo ">stats" | nc 127.0.0.1 4711 | ||
+ | </code> | ||
+ | |||
+ | If you can't connect, you can see which services are listening like so: | ||
+ | |||
+ | <code bash> | ||
+ | $ sudo netstat -tulpn | ||
+ | $ sudo netstat -tulpn | grep FTL | ||
+ | </code> | ||
+ | |||
+ | I eventually clued in to my problem here: | ||
+ | |||
+ | <code bash> | ||
+ | $ pihole-FTL running | ||
+ | FATAL: Opening of FTL log (/var/log/pihole-FTL.log) failed! | ||
+ | Make sure it exists and is writeable by user pi | ||
+ | raspberrypi:~$ ls -l /var/log/pihole* | ||
+ | -rw-r--r-- 1 pihole pihole 0 Nov 24 20:42 /var/log/pihole-FTL.log | ||
+ | -rw-r--r-- 1 pihole pihole 312 Sep 4 00:00 /var/log/pihole-FTL.log.1 | ||
+ | -rw-r----- 1 dnsmasq root 18538496 Nov 24 12:46 /var/log/pihole.log | ||
+ | -rw-r----- 1 dnsmasq root 15273984 Sep 12 00:00 /var/log/pihole.log.1 | ||
+ | ... | ||
+ | raspberrypi:~$ cat /var/log/pihole-FTL.log.1 | ||
+ | [2017-09-03 15:17:05.038] FATAL: Opening of /var/log/pihole.log failed! | ||
+ | [2017-09-03 15:17:05.038] Make sure it exists and is readable by user pihole | ||
+ | $ sudo chmod +r /var/log/pihole.log | ||
+ | $ sudo service pihole-FTL restart | ||
+ | $ sudo netstat -tulpn | grep FTL | ||
+ | tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 11082/pihole-FTL | ||
+ | </code> | ||
+ | |||
+ | And eventually discovered that my actual problem was that my log2ram mount was full. After fixing /var/log, I still had to ask pihole to restart its DNS. | ||
+ | |||
+ | <code> | ||
+ | $ pihole restartdns | ||
+ | </code> | ||
+ | |||
+ | ==== Example PiHole API ==== | ||
+ | |||
+ | <code> | ||
+ | curl "http://pi.hole/admin/api.php?summary" | python -m json.tool | ||
+ | </code> | ||
+ | |||
+ | ===== Jessie or earlier: Add piwheels for fast Python pip installations ===== | ||
+ | |||
+ | If you're not installing Stretch or later, here's [[https://www.piwheels.hostedpi.com/|info on piwheels]]. Add the following to ''/etc/pip.conf'': | ||
+ | <file bash /etc/pip.conf> | ||
+ | [global] | ||
+ | extra-index-url=https://www.piwheels.org/simple | ||
+ | </file> | ||
+ | |||
+ | ====== Keywords ====== | ||
+ | |||
+ | Keywords: Lets Encrypt, LetsEncrypt, Hole |