Table of Contents
Raspberry Pi
From this thread on SD cards, the comment from by carlosfm on Mon Aug 27, 2012 9:46 pm suggests that the 16GB Sandisk Extreme Class 10 45MB/s working fine on my Pi might be a good card to use.
Also, highly recommended: Samsung 32GB Class 10 Model Code: MB-SSBGA/US
Partway down the page, it says there's a debian package to download:
$ wget https://dl.dropbox.com/u/15710882/iozone3_397-2_armhf.deb $ sudo dpkg -i iozone3_397-2_armhf.deb $ iozone -e -I -a -s 50M -r 4k -r 512k -r 16M -i 0 -i 1 -i 2 | tee iozone_out.txt
I was reading the manual for iozone and it said to make sure, for accurate results, to make the -s switch size be TWICE your ram size. My Pi has 512mb so figured minus the 16mb gpu share I'd make it 1000M (for 1gb test file)
Still, there's more to learn. Something about:
just apt-get install bonnie++
Debian OS Installation Essentials
(Source)
passwd sudo dpkg-reconfigure tzdata sudo apt-get update && sudo apt-get upgrade sudo apt-get install vim sudo apt-get install screen
sudo apt-get install ca-certificates sudo apt-get install git-core sudo wget http://goo.gl/1BOfJ -O /usr/bin/rpi-update && sudo chmod +x /usr/bin/rpi-update sudo rpi-update sudo shutdown -r now
To be able to listen to audio via the headphone jack. See here, and do this:
sudo apt-get install alsa-utils; sudo modprobe snd_bcm2835; sudo amixer cset numid=3 1
Playing m3u playlists:
mpg123 -@ http://streams.br-online.de/bayern3_2.m3u
Text-based browsing: Either lynx or links
sudo apt-get install lynx sudo apt-get install links
Maybe sudo vim /etc/lynx-cur/lynx.cfg
and change “#ACCEPT_ALL_COOKIES:FALSE” to “ACCEPT_ALL_COOKIES:TRUE”
Logs
Consider installing log2ram to extend the life of your SDCard by writing logs to RAM first.
When there are problems, check for logs in /var/log/syslog
or /var/log/messages
.
I think we need to update /etc/systemd/system/log2ram.service
to make log2ram come after nginx, like so…
- log2ram.service
[Unit] Description=Log2Ram DefaultDependencies=no Before=basic.target rsyslog.service syslog.target systemd-journald.service sysinit.target shutdown.target apache2.service nginx.service After=local-fs.target Conflicts=shutdown.target reboot.target halt.target RequiresMountsFor=/var/log /var/hdd.log IgnoreOnIsolate=yes [Service] Type=oneshot ExecStart= /usr/local/bin/log2ram start ExecStop= /usr/local/bin/log2ram stop ExecReload= /usr/local/bin/log2ram write RemainAfterExit=yes [Install] WantedBy=sysinit.target
Otherwise, it turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following…
- todo_after_powercycle.sh
#!/usr/bin/env bash # The tool we use to save flash affects the startup of nginx if [ ! -d "/var/log/nginx" ]; then sudo mkdir /var/log/nginx fi # if service --status-all | grep -Fq '[ - ] nginx'; then if ! service nginx status | grep -Fq 'active (running)'; then sudo /etc/init.d/nginx start > /dev/null # systemctl start nginx fi
Keyboard Repeat Problem
They claim it's often a power problem.
Forum user MrEngman reported some keyboard repeats and wireless hangs until upgrading to the debian6-19-04-2012 kernel, which he reports stable with no problems even with a low TP1-TP2 voltage of 4.65 - 4.68 volts.
To see which version you have:
$ cat /proc/version
Try plugging the keyboard and mouse directly into the Raspberry Pi, and see what happens.
Camera
A list of tested webcams.
Here's a Python script for saving jpg images.
Here's a tutorial that suggests using motion.
Video Tutorials:
Headless Xwin
Apache vs Cherokee vs Nginx Webserver
http://www.wikihow.com/Make-a-Raspberry-Pi-Web-Server
Looks like I should use Nginx.
How to Install nginx and PHP. And should I need to do something that'd require .htaccess or mod_rewrite, here's a Nginx Primer from Apache to Nginx.
It'd be interesting to see Pelican work on a Raspberry Pi running Nginx.
Note: See history-of-nginx-start.txt, and note that the web server files are at /var/www
Backup
(Old link: How to Clone Your Raspberry Pi SD Card for Super Easy Reinstallations)
I put the microSD in the SamSung SD Adaptor, and used Win32 Disk Imager to make a backup at H:\RasberryPi2.img
Reading from Device to Image File
- Specify a new Image File name. (On a big disk.)
- Select “Read” to read form the Raspberry Pi's card to the file on disk.
Writing from Image File to SD Card
- Specify an existing Image File.
- Select “Write” to write from the file on disk to the Raspberry Pi's card.
My Raspberry Pi is up-to-date as of 2017-02-05.
Cert Bot
- Fix it with this recipe: https://github.com/certbot/certbot/issues/2673 (Maybe not needed!)
This seems useful: https://bjornjohansen.no/letsencrypt-nginx
In detail:
1. Add Backports to /etc/apt/sources.list as per https://backports.debian.org/Instructions/
2. Do the apt-get
sudo apt-get install certbot -t jessie-backports
3. Run certbot
sudo certbot certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com
You should find that /etc/letsencrypt/live is populated with files like pi.dlma.com/cert1
4. Renew (and reload if successful) with
sudo certbot renew && /usr/sbin/service nginx reload
5. Consider using a root cronjob
sudo crontab -e 0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /home/pi/letsencrypt-renew.log
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/pi.dlma.com/fullchain.pem. Your cert will expire on 2017-09-31. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you lose your account credentials, you can recover through e-mails sent to david.blume@gmail.com. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
6. Port forward ports 80 and 443. At the local router:
http://router.asus.com/Advanced_VirtualServer_Content.asp
WAN → Virtual Server / Port Forwarding
7. Update nginx
Update /etc/nginx/sites-available/default as per this Getting Started guide from Nginx.
server { listen 80 default_server; listen [::]:80 default_server; server_name pi.dlma.com; return 301 https://$server_name$request_uri; } server { # SSL configuration # listen 443 ssl default_server; listen [::]:443 ssl default_server; ssl_certificate /etc/letsencrypt/live/pi.dlma.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pi.dlma.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/pi.dlma.com/chain.pem; ...
TODO: Maybe figure out how to redirect http://wopr.dlma.com to https://wopr.dlma.com.
Then check and restart nginx:
$ sudo nginx -t $ sudo systemctl restart nginx
TODO: Renew with certbot renew –quiet
as per certbot or manually.
Updating CertBot to use ACMEv2
Got an email from the EFF saying my current CertBot client uses ACMEv1 and it needs to be upgraded. Followed some instructions here:Debian Jessie instructions from the EFF.
sudo apt-get remove certbot wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
But the next step (they suggestedsudo /usr/local/bin/certbot-auto certonly –nginx
), but I tried:
sudo /usr/local/bin/certbot-auto certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com
is broken because it first an apt-get and Jessie Backports is gone, and then because the pip installation failed Hash verification.
Problem: Jessie Backports is gone.
Follow the instructions here: Removal of Jessie-Updates and Jessie-Backports from Debian Mirrors
Remove “deb http://ftp.debian.org/debian jessie-backports main” from /etc/apt/sources.list
and add:
deb http://archive.debian.org/debian/ jessie-backports main contrib non-free deb-src http://archive.debian.org/debian/ jessie-backports main contrib non-free
And then essentially (I did it with a sudo vim session):
echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
Problem pip install hash verification
Certbot fails when installing Python packages. This can be resolved by deleting the /etc/pip.conf
file:
- /etc/pip.conf
[global] extra-index-url=https://www.piwheels.org/simple
Upgrading Distros
When upgrading from Jessie to Stretch, I followed this recipe: How to Upgrade Raspbian Jessie to Raspbian Stretch.
I didn't keep PiHole working, as I would get occasional network drops when working from home, and it was resolved when taking PiHole out of the mix. Will probably have to do a fresh install.
PiHole
Note: I've currently got an incompatibility between PiHole and HTTPS redirecting. So I'm not using CertBot at the moment. Will have to figure that out.
PiHole connects to FTL over port 4711. If FTL were running, it'd have a logfile you could view like so:
$ cat /var/log/pihole-FTL.log
You could also do the following:
telnet 127.0.0.1 4711 >stats
or
echo ">stats" | nc 127.0.0.1 4711
If you can't connect, you can see which services are listening like so:
$ sudo netstat -tulpn $ sudo netstat -tulpn | grep FTL
I eventually clued in to my problem here:
$ pihole-FTL running FATAL: Opening of FTL log (/var/log/pihole-FTL.log) failed! Make sure it exists and is writeable by user pi raspberrypi:~$ ls -l /var/log/pihole* -rw-r--r-- 1 pihole pihole 0 Nov 24 20:42 /var/log/pihole-FTL.log -rw-r--r-- 1 pihole pihole 312 Sep 4 00:00 /var/log/pihole-FTL.log.1 -rw-r----- 1 dnsmasq root 18538496 Nov 24 12:46 /var/log/pihole.log -rw-r----- 1 dnsmasq root 15273984 Sep 12 00:00 /var/log/pihole.log.1 ... raspberrypi:~$ cat /var/log/pihole-FTL.log.1 [2017-09-03 15:17:05.038] FATAL: Opening of /var/log/pihole.log failed! [2017-09-03 15:17:05.038] Make sure it exists and is readable by user pihole $ sudo chmod +r /var/log/pihole.log $ sudo service pihole-FTL restart $ sudo netstat -tulpn | grep FTL tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 11082/pihole-FTL
And eventually discovered that my actual problem was that my log2ram mount was full. After fixing /var/log, I still had to ask pihole to restart its DNS.
$ pihole restartdns
Example PiHole API
curl "http://pi.hole/admin/api.php?summary" | python -m json.tool
New ACMEv2 Certbot overwrites /etc/nginx/sites-enabled/default
We keep backups at ~/etc_nginx_sites-enabled_default_pihole.backup
.
sudo service nginx restart
Jessie or earlier: Add piwheels for fast Python pip installations
If you're not installing Stretch or later, here's info on piwheels. Add the following to /etc/pip.conf
:
- /etc/pip.conf
[global] extra-index-url=https://www.piwheels.org/simple
Keywords
Keywords: Lets Encrypt, LetsEncrypt, Hole