This page (revision-50) was last changed on 24-Apr-2023 15:25 by Harry Metske

This page was created on 23-Apr-2022 17:05 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
50 24-Apr-2023 15:25 12 KB Harry Metske to previous
49 21-May-2022 08:40 11 KB Harry Metske to previous | to last
48 23-Apr-2022 19:00 11 KB Harry Metske to previous | to last
47 23-Apr-2022 18:56 10 KB Harry Metske to previous | to last
46 23-Apr-2022 18:14 10 KB Harry Metske to previous | to last
45 23-Apr-2022 17:48 10 KB Harry Metske to previous | to last
44 23-Apr-2022 17:46 10 KB Harry Metske to previous | to last
43 23-Apr-2022 17:06 10 KB Harry Metske to previous | to last
42 23-Apr-2022 17:05 9 KB Harry Metske to previous | to last
41 23-Apr-2022 17:05 9 KB Harry Metske to previous | to last

Page References

Incoming links Outgoing links
Raspberry Pi setup...nobody
Raspberry Pi setup

Version management

Difference between version and

At line 9 changed one line
- apt install iotop apache2 docker.io mariadb-server mariadb-client knockd golang jq tcpdump sqlite3 certbot iptraf
- apt install iotop vim apache2 libapache2-mod-jk docker.io mariadb-server mariadb-client knockd golang jq tcpdump sqlite3 certbot iptraf
At line 11 changed one line
- a2enmod sslc
- a2enmod ssl
At line 13 changed 2 lines
- /etc/dhcpcd.conf : static IP naar 192.168.2.19 (192.168.2.3 wil niet, kan router al niet pingen)
- create /etc/systemd/system/iptables-setup.service => pointing to /home/pi/iptables-setup.service ==> de uptimerobot IPs zitten in eigen chain, zie verder
- /etc/dhcpcd.conf : static IP naar 192.168.2.99 (192.168.2.3 wil niet, kan router al niet pingen)
- create /etc/systemd/system/iptables-setup.service => pointing to /home/pi/iptables-setup.service ==> werkt nog niet goed, de uptimerobot IPs komen niet
At line 21 changed one line
- go to www.computerhok.nl:8081 ==> setup dialog =: 192.168.2.19 piwigo_user piwigopswd .....
- go to www.computerhok.nl:8081 ==> setup dialog =: 192.168.2.399 piwigo_user piwigopswd .....
At line 24 changed 2 lines
- curl -sSL https://install.pi-hole.net | bash # ==> edit port80 to 81 in /etc/lighttpd/lighttpd.conf
- go to http://192.168.2.19:2080/admin/
- docker run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 2080:80 -p 2443:443 -e "IPv6=False" -e "TZ=Europe/Amsterdam" -e "ServerIP=192.168.2.99" -e "VIRTUAL_HOST=www.computerhok.nl:2080" -e "WEBPASSWORD=<see keepass>" -v "$(pwd)/etc-pihole/:/etc/pihole/" -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" --restart=unless-stopped --cap-add=NET_ADMIN pihole/pihole:latest
- go to http://192.168.2.99:2080/admin/
At line 84 changed one line
see [Backup laptop and Pi]
For now I run the following script from my MacOS (and upload to stack after that).
At line 86 added 11 lines
{{{
#!/bin/sh
#
#
ssh pi@apollo sudo tar cf - /appl/piwigo/config/www/gallery/galleries > /Users/metskem/Downloads/backup-apollo-fotos.tar
ssh pi@apollo sudo tar czf - --exclude=/var/jspwiki/logs --exclude=/usr/local/tomcat/logs --exclude=/usr/local/tomcat/work --exclude=/usr/local/tomcat/temp /home/pi /etc /var/jspwiki /usr/local > /Users/metskem/Downloads/backup-apollo-rest.tar
# upload to STACK:
sftp metskem@metskem@metskem.stackstorage.com <<< $'put /Users/metskem/Downloads/backup-apollo-rest.tar'
}}}
Then manually upload this backup file to [https://metskem.stackstorage.com/]
At line 162 removed one line
Have the following in ''/etc/apache2/sites-enabled/005-www.computerhok.nl.conf''
At line 164 changed 16 lines
<VirtualHost *:80>
ServerName www.computerhok.nl
ProxyPass /wiki http://localhost:8080/wiki
ProxyPassReverse /wiki http://localhost:8080/wiki
RewriteEngine On
Alias /.well-known/acme-challenge/ "/var/www/.well-known/acme-challenge/"
RewriteRule "^/.well-known/acme-challenge/" - [L]
<Directory "/var/www/.well-known/acme-challenge/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!monitorrequest
LogFormat "%h %l %t %D \"%{Host}i\" \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
</VirtualHost>
certbot --apache -d www.computerhok.nl
At line 182 changed one line
Then create a directory named ''/var/www/.well-known/acme-challenge/'' .
Then open up the firewall, because letsencrypt comes in to verify: {{iptables -F}}
At line 189 changed one line
If this succeeds, we can do the real one, put this one in /etc/cron.weekly/certbot:
If this succeeds, we can do the real one:
At line 191 changed one line
certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'www.computerhok.nl' --webroot-path /var/www/ -d 'www.computerhok.nl' --keep-until-expiring --email harry.metske@gmail.com --pre-hook 'iptables -I INPUT 3 -p tcp --match multiport --dports 80,443 -j ACCEPT' --post-hook '/home/ubuntu/iptables-setup.sh && systemctl restart apache2'
certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'www.computerhok.nl' --webroot-path /var/www/ -d 'www.computerhok.nl' --keep-until-expiring --email harry.metske@gmail.com
At line 203 changed one line
/home/ubuntu/iptables-setup.sh
/home/pi/iptables-setup.sh
At line 211 changed 3 lines
curl -L https://github.com/prometheus/prometheus/releases/download/v2.25.2/prometheus-2.25.2.linux-arm64.tar.gz -O
tar -xzf prometheus-2.25.2.linux-arm64.tar.gz
mv prometheus-2.25.2.linux-arm64 /usr/local
curl -L https://github.com/prometheus/prometheus/releases/download/v2.25.2/prometheus-2.25.2.linux-armv7.tar.gz -O
tar -xzf prometheus-2.25.2.linux-armv7.tar.gz
mv prometheus-2.25.2.linux-armv7 /usr/local
At line 215 changed one line
ln -s prometheus-2.25.2.linux-arm64 prometheus
ln -s prometheus-2.25.2.linux-armv7 prometheus
At line 248 changed 3 lines
curl -L https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-arm64.tar.gz -O
tar -xzf node_exporter-1.1.2.linux-arm64.tar.gz
mv node_exporter-1.1.2.linux-arm64 /usr/local
curl -L https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-armv7.tar.gz -O
tar -xzf node_exporter-1.1.2.linux-armv7.tar.gz
mv node_exporter-1.1.2.linux-armv7 /usr/local
At line 252 changed one line
ln -s node_exporter-1.1.2.linux-arm64 node-exporter
ln -s node_exporter-1.1.2.linux-armv7 node-exporter
At line 272 removed 52 lines
!! Install prometheus pushgateway
See [instructions here|https://sysadmins.co.za/install-pushgateway-to-expose-metrics-to-prometheus/].\\
{{{
curl -sLO https://github.com/prometheus/pushgateway/releases/download/v1.4.2/pushgateway-1.4.2.linux-arm64.tar.gz
tar -xf pushgateway-1.4.2.linux-arm64.tar.gz
cp pushgateway-1.4.2.linux-arm64/pushgateway /usr/local/bin/
# install unit file:
cat > /etc/systemd/system/pushgateway.service << EOF
[Unit]
Description=Pushgateway
Wants=network-online.target
After=network-online.target
[Service]
User=pushgateway
Group=pushgateway
Type=simple
ExecStart=/usr/local/bin/pushgateway \
--web.listen-address=":9091" \
--web.telemetry-path="/metrics" \
--persistence.file="/tmp/metric.store" \
--persistence.interval=5m \
--log.level="info" \
--log.format="logfmt"
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start pushgateway
}}}
Add this to /usr/local/prometheus/prometheus.yml:
{{{
- job_name: 'pushgateway'
honor_labels: true
static_configs:
- targets: [['localhost:9091']
}}}
Testing pushgateway:
{{{
echo -e "# TYPE temperature gauge\n# HELP temperature The temperature in Celsius\ntemperature 5.9" | curl --data-binary @- http://localhost:9091/metrics/job/openweather
}}}
And checkout [http://www.computerhok.nl:9091]
At line 273 added 2 lines
systemctl enable grafana-server
systemctl start grafana-server
At line 334 changed one line
!! Install Pihole
!! Remove large apt packages
At line 337 removed 32 lines
git clone https://github.com/pi-hole/pi-hole.git
cd pi-hole/automated\ install
export PIHOLE_SKIP_OS_CHECK=true # 22.04 was officially not yet supported, but it just works
./basic-install.sh
}}}
Change /etc/lighttpd/lighttpd.conf : port to 81 # conflict with apache httpd \\
Set password with {{pihole -a -p}}
!! Set static IP for Ubuntu 22.04:
Create file {{{/etc/netplan/01-network-manager-all.yaml}}} :
{{{
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
eth0:
dhcp4: false
addresses: [192.168.2.19/24]
gateway4: 192.168.2.254
nameservers:
addresses: [8.8.8.8,8.8.4.4,192.168.2.254]
version: 2
}}}
!! Remove large apt packages (only for desktop pi-os, not for server install)
{{{
At line 376 removed 12 lines
!! Uptime Robot own iptables chain
Because uptimerobot has quite a list of IPs where it can come from, we want it in a separate chain:
{{{
iptables -N UPTIME-ROBOT
for H in $(curl -s https://uptimerobot.com/inc/files/ips/IPv4.txt | sed 's/\r$//'); do
/sbin/iptables -A UPTIME-ROBOT -s "${H}"/32 -j ACCEPT
done
iptables -I INPUT -j UPTIME-ROBOT
}}}
This page (revision-50) was last changed on 24-Apr-2023 15:25 by Harry MetskeTop