User Tools

Site Tools

Trace:
raspberry-pi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
raspberry-pi [2017/09/03 19:12] – [Logs] dblumeraspberry-pi [2021/10/25 10:59] dblume
Line 67: Line 67:
 When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''. When there are problems, check for logs in ''/var/log/syslog'' or ''/var/log/messages''.
  
-It turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following...+I think we need to update ''/etc/systemd/system/log2ram.service'' to make log2ram come after nginx, like so... 
 + 
 +<file bash log2ram.service> 
 +[Unit] 
 +Description=Log2Ram 
 +DefaultDependencies=no 
 +Before=basic.target rsyslog.service syslog.target systemd-journald.service sysinit.target shutdown.target apache2.service nginx.service 
 +After=local-fs.target 
 +Conflicts=shutdown.target reboot.target halt.target 
 +RequiresMountsFor=/var/log /var/hdd.log 
 +IgnoreOnIsolate=yes 
 + 
 +[Service] 
 +Type=oneshot 
 +ExecStart= /usr/local/bin/log2ram start 
 +ExecStop= /usr/local/bin/log2ram stop 
 +ExecReload= /usr/local/bin/log2ram write 
 +RemainAfterExit=yes 
 + 
 +[Install] 
 +WantedBy=sysinit.target 
 +</file> 
 + 
 +Otherwise, it turns out that log2ram does screw up nginx's ability to start on power-cycle. Maybe need something like the following...
  
 <file bash todo_after_powercycle.sh> <file bash todo_after_powercycle.sh>
Line 168: Line 191:
  
    sudo crontab -e    sudo crontab -e
-   0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /var/log/letsencrypt-renew.log+   0 5 * * 0 certbot renew --post-hook "service nginx reload" >> /home/pi/letsencrypt-renew.log
  
 <code> <code>
Line 191: Line 214:
 </code> </code>
  
-5. Port forward ports 80 and 443.  At the local router:+6. Port forward ports 80 and 443.  At the local router:
  
 http://router.asus.com/Advanced_VirtualServer_Content.asp http://router.asus.com/Advanced_VirtualServer_Content.asp
Line 197: Line 220:
 WAN -> Virtual Server / Port Forwarding WAN -> Virtual Server / Port Forwarding
  
-6. Update nginx+7. Update nginx
  
 https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04 https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04
Line 229: Line 252:
      
 **TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]]. **TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]].
 +
 +===== Updating CertBot to use ACMEv2 =====
 +
 +Got an email from the EFF saying my current CertBot client uses ACMEv1 and it needs to be upgraded. Followed some instructions here:[[https://certbot.eff.org/lets-encrypt/debianother-nginx|Debian Jessie instructions from the EFF]].
 +
 +  sudo apt-get remove certbot
 +  wget https://dl.eff.org/certbot-auto
 +  sudo mv certbot-auto /usr/local/bin/certbot-auto
 +  sudo chown root /usr/local/bin/certbot-auto
 +  sudo chmod 0755 /usr/local/bin/certbot-auto
 +
 +But the next step (they suggested''sudo /usr/local/bin/certbot-auto certonly --nginx''), but I tried:
 +
 +  sudo /usr/local/bin/certbot-auto certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com
 +  
 +is broken because it first  an apt-get and Jessie Backports is gone, and then because the pip installation failed Hash verification.
 +
 +==== Problem: Jessie Backports is gone. ====
 +
 +Follow the instructions here: [[https://www.lucas-nussbaum.net/blog/?p=947|Removal of Jessie-Updates and Jessie-Backports from Debian Mirrors]]
 +
 +Remove "<nowiki>deb http://ftp.debian.org/debian jessie-backports main</nowiki>" from ''/etc/apt/sources.list'' and add:
 +
 +  deb http://archive.debian.org/debian/ jessie-backports main contrib non-free
 +  deb-src http://archive.debian.org/debian/ jessie-backports main contrib non-free
 +
 +And then essentially (I did it with a sudo vim session):
 +
 +  echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
 +  
 +==== Problem pip install hash verification ====
 +
 +[[https://community.letsencrypt.org/t/certbot-auto-certificates-fails-while-installing-phyton-packages-with-these-packages-do-not-match-the-hashes/90363/5|Certbot fails when installing Python packages]]. This can be resolved by deleting the ''/etc/pip.conf'' file:
 +
 +<file bash /etc/pip.conf>
 +[global]
 +extra-index-url=https://www.piwheels.org/simple
 +</file>
 +
 +===== Upgrading Distros =====
 +
 +When upgrading from Jessie to Stretch, I followed this recipe: [[https://pimylifeup.com/upgrade-raspbian-jessie-to-raspbian-stretch/|How to Upgrade Raspbian Jessie to Raspbian Stretch]].
 +
 +I didn't keep PiHole working, as I would get occasional network drops when working from home, and it was resolved when taking PiHole out of the mix. Will probably have to do a fresh install.
 +
 +===== PiHole =====
 +
 +**Note**: I've currently got an incompatibility between PiHole and HTTPS redirecting. So I'm not using CertBot at the moment. Will have to figure that out.
 +
 +PiHole connects to FTL over port 4711.  If FTL were running, it'd have a logfile you could view like so:
 +
 +<code bash>
 +$ cat /var/log/pihole-FTL.log
 +</code>
 +
 +You could also do the following:
 +
 +<code bash>
 +telnet 127.0.0.1 4711
 +>stats
 +</code>
 +
 +or
 +
 +<code bash>
 +echo ">stats" | nc 127.0.0.1 4711
 +</code>
 +
 +If you can't connect, you can see which services are listening like so:
 +
 +<code bash>
 +$ sudo netstat -tulpn
 +$ sudo netstat -tulpn | grep FTL
 +</code>
 +
 +I eventually clued in to my problem here:
 +
 +<code bash>
 +$ pihole-FTL running
 +FATAL: Opening of FTL log (/var/log/pihole-FTL.log) failed!
 +       Make sure it exists and is writeable by user pi
 +raspberrypi:~$ ls -l /var/log/pihole*
 +-rw-r--r-- 1 pihole  pihole        0 Nov 24 20:42 /var/log/pihole-FTL.log
 +-rw-r--r-- 1 pihole  pihole      312 Sep  4 00:00 /var/log/pihole-FTL.log.1
 +-rw-r----- 1 dnsmasq root   18538496 Nov 24 12:46 /var/log/pihole.log
 +-rw-r----- 1 dnsmasq root   15273984 Sep 12 00:00 /var/log/pihole.log.1
 +...
 +raspberrypi:~$ cat /var/log/pihole-FTL.log.1
 +[2017-09-03 15:17:05.038] FATAL: Opening of /var/log/pihole.log failed!
 +[2017-09-03 15:17:05.038]        Make sure it exists and is readable by user pihole
 +$ sudo chmod +r /var/log/pihole.log
 +$ sudo service pihole-FTL restart
 +$ sudo netstat -tulpn | grep FTL
 +tcp        0      0 127.0.0.1:4711          0.0.0.0:              LISTEN      11082/pihole-FTL
 +</code>
 +
 +And eventually discovered that my actual problem was that my log2ram mount was full. After fixing /var/log, I still had to ask pihole to restart its DNS.
 +
 +<code>
 +$ pihole restartdns
 +</code>
 +
 +==== Example PiHole API ====
 +
 +<code>
 +curl "http://pi.hole/admin/api.php?summary" | python -m json.tool
 +</code>
 +
 +===== New ACMEv2 Certbot overwrites /etc/nginx/sites-enabled/default =====
 +
 +We keep backups at ''~/etc_nginx_sites-enabled_default_pihole.backup''.
 +
 +  sudo service nginx restart
 +
 +===== Jessie or earlier: Add piwheels for fast Python pip installations =====
 +
 +If you're not installing Stretch or later, here's [[https://www.piwheels.hostedpi.com/|info on piwheels]]. Add the following to ''/etc/pip.conf'':
 +<file bash /etc/pip.conf>
 +[global]
 +extra-index-url=https://www.piwheels.org/simple
 +</file>
 +
 +====== Keywords ======
 +
 +Keywords: Lets Encrypt, LetsEncrypt, Hole
raspberry-pi.txt · Last modified: 2023/04/12 20:44 by 127.0.0.1