This page (revision-50) was last changed on 24-Apr-2023 15:25 by Harry Metske

This page was created on 23-Apr-2022 17:05 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
50 24-Apr-2023 15:25 12 KB Harry Metske to previous
49 21-May-2022 08:40 11 KB Harry Metske to previous | to last
48 23-Apr-2022 19:00 11 KB Harry Metske to previous | to last
47 23-Apr-2022 18:56 10 KB Harry Metske to previous | to last
46 23-Apr-2022 18:14 10 KB Harry Metske to previous | to last
45 23-Apr-2022 17:48 10 KB Harry Metske to previous | to last
44 23-Apr-2022 17:46 10 KB Harry Metske to previous | to last
43 23-Apr-2022 17:06 10 KB Harry Metske to previous | to last
42 23-Apr-2022 17:05 9 KB Harry Metske to previous | to last
41 23-Apr-2022 17:05 9 KB Harry Metske to previous | to last

Page References

Incoming links Outgoing links
Raspberry Pi setup...nobody
Raspberry Pi setup

Version management

Difference between version and

At line 9 changed one line
- apt install iotop vim apache2 libapache2-mod-jk docker.io mariadb-server mariadb-client knockd golang jq tcpdump sqlite3 certbot
- apt install iotop apache2 docker.io mariadb-server mariadb-client knockd golang jq tcpdump sqlite3 certbot iptraf
At line 11 changed one line
- a2enmod ssl
- a2enmod sslc
At line 13 changed 2 lines
- /etc/dhcpcd.conf : static IP naar 192.168.2.99 (192.168.2.3 wil niet, kan router al niet pingen)
- create /etc/systemd/system/iptables-setup.service => pointing to /home/pi/iptables-setup.service ==> werkt nog niet goed, de uptimerobot IPs komen niet
- /etc/dhcpcd.conf : static IP naar 192.168.2.19 (192.168.2.3 wil niet, kan router al niet pingen)
- create /etc/systemd/system/iptables-setup.service => pointing to /home/pi/iptables-setup.service ==> de uptimerobot IPs zitten in eigen chain, zie verder
At line 21 changed one line
- go to www.computerhok.nl:8081 ==> setup dialog =: 192.168.2.399 piwigo_user piwigopswd .....
- go to www.computerhok.nl:8081 ==> setup dialog =: 192.168.2.19 piwigo_user piwigopswd .....
At line 24 changed 2 lines
- docker run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 2080:80 -p 2443:443 -e "IPv6=False" -e "TZ=Europe/Amsterdam" -e "ServerIP=192.168.2.99" -e "VIRTUAL_HOST=www.computerhok.nl:2080" -e "WEBPASSWORD=<see keepass>" -v "$(pwd)/etc-pihole/:/etc/pihole/" -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" --restart=unless-stopped --cap-add=NET_ADMIN pihole/pihole:latest
- go to http://192.168.2.99:2080/admin/
- curl -sSL https://install.pi-hole.net | bash # ==> edit port80 to 81 in /etc/lighttpd/lighttpd.conf
- go to http://192.168.2.19:2080/admin/
At line 84 changed one line
For now I run the following script from my MacOS (and upload to stack after that).
see [Backup laptop and Pi]
At line 86 removed 11 lines
{{{
#!/bin/sh
#
#
ssh pi@apollo sudo tar cf - /appl/piwigo/config/www/gallery/galleries > /Users/metskem/Downloads/backup-apollo-fotos.tar
ssh pi@apollo sudo tar czf - --exclude=/var/jspwiki/logs --exclude=/usr/local/tomcat/logs --exclude=/usr/local/tomcat/work --exclude=/usr/local/tomcat/temp /home/pi /etc /var/jspwiki > /Users/metskem/Downloads/backup-apollo-rest.tar
# upload to STACK:
sftp metskem@metskem@metskem.stackstorage.com <<< $'put /Users/metskem/Downloads/backup-apollo-rest.tar'
}}}
Then manually upload this backup file to [https://metskem.stackstorage.com/]
At line 111 changed 3 lines
curl -LO https://golang.org/dl/go1.15.5.linux-arm64.tar.gz
tar -xzf go1.15.5.linux-arm64.tar.gz
mv go /usr/share/go-1.15.5
curl -LO https://golang.org/dl/go1.16.4.linux-armv6l.tar.gz
tar -xzf go1.16.4.linux-armv6l.tar.gz
mv go /usr/share/go-1.16.3
At line 116 changed one line
ln -s go-1.15.5 go
ln -s go-1.16.3 go
At line 162 added one line
Have the following in ''/etc/apache2/sites-enabled/005-www.computerhok.nl.conf''
At line 174 changed one line
certbot --apache -d www.computerhok.nl
<VirtualHost *:80>
ServerName www.computerhok.nl
ProxyPass /wiki http://localhost:8080/wiki
ProxyPassReverse /wiki http://localhost:8080/wiki
RewriteEngine On
Alias /.well-known/acme-challenge/ "/var/www/.well-known/acme-challenge/"
RewriteRule "^/.well-known/acme-challenge/" - [L]
<Directory "/var/www/.well-known/acme-challenge/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!monitorrequest
LogFormat "%h %l %t %D \"%{Host}i\" \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
</VirtualHost>
At line 177 changed one line
Then open up the firewall, because letsencrypt comes in to verify: {{iptables -F}}
Then create a directory named ''/var/www/.well-known/acme-challenge/'' .
At line 184 changed one line
If this succeeds, we can do the real one:
If this succeeds, we can do the real one, put this one in /etc/cron.weekly/certbot:
At line 186 changed one line
certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'www.computerhok.nl' --webroot-path /var/www/ -d 'www.computerhok.nl' --keep-until-expiring --email harry.metske@gmail.com
certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'www.computerhok.nl' --webroot-path /var/www/ -d 'www.computerhok.nl' --keep-until-expiring --email harry.metske@gmail.com --pre-hook 'iptables -I INPUT 3 -p tcp --match multiport --dports 80,443 -j ACCEPT' --post-hook '/home/ubuntu/iptables-setup.sh && systemctl restart apache2'
At line 201 added one line
sleep 1
At line 197 changed one line
/home/pi/iptables-setup.sh
/home/ubuntu/iptables-setup.sh
apachectl restart
At line 204 changed 3 lines
curl -L https://github.com/prometheus/prometheus/releases/download/v2.25.2/prometheus-2.25.2.linux-armv7.tar.gz -O
tar -xzf prometheus-2.25.2.linux-armv7.tar.gz
mv prometheus-2.25.2.linux-armv7 /usr/local
curl -L https://github.com/prometheus/prometheus/releases/download/v2.25.2/prometheus-2.25.2.linux-arm64.tar.gz -O
tar -xzf prometheus-2.25.2.linux-arm64.tar.gz
mv prometheus-2.25.2.linux-arm64 /usr/local
At line 208 changed one line
ln -s prometheus-2.25.2.linux-armv7 prometheus
ln -s prometheus-2.25.2.linux-arm64 prometheus
At line 227 changed one line
--storage.tsdb.path=/usr/local/prometheus/data
--storage.tsdb.path=/usr/local/prometheus/data \
--storage.tsdb.retention.time=720d
At line 237 added one line
At line 239 changed 3 lines
curl -L https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-armv7.tar.gz -O
tar -xzf node_exporter-1.1.2.linux-armv7.tar.gz
mv node_exporter-1.1.2.linux-armv7 /usr/local
curl -L https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-arm64.tar.gz -O
tar -xzf node_exporter-1.1.2.linux-arm64.tar.gz
mv node_exporter-1.1.2.linux-arm64 /usr/local
At line 243 changed one line
ln -s node_exporter-1.1.2.linux-armv7 node-exporter
ln -s node_exporter-1.1.2.linux-arm64 node-exporter
At line 271 added 117 lines
!! Install prometheus pushgateway
See [instructions here|https://sysadmins.co.za/install-pushgateway-to-expose-metrics-to-prometheus/].\\
{{{
curl -sLO https://github.com/prometheus/pushgateway/releases/download/v1.4.2/pushgateway-1.4.2.linux-arm64.tar.gz
tar -xf pushgateway-1.4.2.linux-arm64.tar.gz
cp pushgateway-1.4.2.linux-arm64/pushgateway /usr/local/bin/
# install unit file:
cat > /etc/systemd/system/pushgateway.service << EOF
[Unit]
Description=Pushgateway
Wants=network-online.target
After=network-online.target
[Service]
User=pushgateway
Group=pushgateway
Type=simple
ExecStart=/usr/local/bin/pushgateway \
--web.listen-address=":9091" \
--web.telemetry-path="/metrics" \
--persistence.file="/tmp/metric.store" \
--persistence.interval=5m \
--log.level="info" \
--log.format="logfmt"
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start pushgateway
}}}
Add this to /usr/local/prometheus/prometheus.yml:
{{{
- job_name: 'pushgateway'
honor_labels: true
static_configs:
- targets: [['localhost:9091']
}}}
Testing pushgateway:
{{{
echo -e "# TYPE temperature gauge\n# HELP temperature The temperature in Celsius\ntemperature 5.9" | curl --data-binary @- http://localhost:9091/metrics/job/openweather
}}}
And checkout [http://www.computerhok.nl:9091]
!! Install Grafana
{{{
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list
apt-get update && apt-get install -y grafana
}}}
And go to [http://www.computerhok.nl:3000]
!! Install Pihole
{{{
git clone https://github.com/pi-hole/pi-hole.git
cd pi-hole/automated\ install
export PIHOLE_SKIP_OS_CHECK=true # 22.04 was officially not yet supported, but it just works
./basic-install.sh
}}}
Change /etc/lighttpd/lighttpd.conf : port to 81 # conflict with apache httpd \\
Set password with {{pihole -a -p}}
!! Set static IP for Ubuntu 22.04:
Create file {{{/etc/netplan/01-network-manager-all.yaml}}} :
{{{
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
eth0:
dhcp4: false
addresses: [192.168.2.19/24]
gateway4: 192.168.2.254
nameservers:
addresses: [8.8.8.8,8.8.4.4,192.168.2.254]
version: 2
}}}
!! Remove large apt packages (only for desktop pi-os, not for server install)
{{{
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n
}}}
Search at the bottom which can be uninstalled, and then (sample):
{{{
sudo apt-get remove --auto-remove --purge wolfram-engine libgl1-mesa-dri guile-2.2-libs vlc-l10n realvnc-vnc-server mesa-vdpau-drivers
}}}
!! Uptime Robot own iptables chain
Because uptimerobot has quite a list of IPs where it can come from, we want it in a separate chain:
{{{
iptables -N UPTIME-ROBOT
for H in $(curl -s https://uptimerobot.com/inc/files/ips/IPv4.txt | sed 's/\r$//'); do
/sbin/iptables -A UPTIME-ROBOT -s "${H}"/32 -j ACCEPT
done
iptables -I INPUT -j UPTIME-ROBOT
}}}
This page (revision-50) was last changed on 24-Apr-2023 15:25 by Harry MetskeTop