Main menu

Using DDclient on a Raspberry Pi (Debian)

DDclient is used to update your IP-address when you use a DDNS-provider.

Step 1. Setting up the Raspberry

If you havent yet set up your Raspberry Pi  my step 1-3 in my earlier article can help you:

LAMP with Raspberry Pi

Step 2. Installing DDclient (if using for example dyndns, noip)

 sudo apt-get install ddclient

You will be guided through a installation. Use your dynamic DNS-information from your provider.

Step 2. Installing DDclient (if using other providers added after DDclient 3.8.0)

Browse wget http://plugwash.raspbian.org/jessietest/private/pool/main/d/ddclient/ to check for lastest ddclient.

sudo wget http://plugwash.raspbian.org/jessietest/private/pool/main/d/ddclient/ddclient_3.8.2-4_all.deb
sudo dpkg -i ddclient_3.8.2-4_all.deb

You will be guided through a installation. Use your dynamic DNS-information from your provider. Leave blank when network interface is asked or else your local address instead of your global adress will be used. In my case dtdns wasn´t a choice so I had to edit the ddclient.conf file with the below (use your favorite editor, in my case nano):

nano /etc/ddclient.conf

Change the protocol line to:

protocol=dtdns

Add the following after the comments in top of file:

daemon=300
syslog=yes
use=web, web=checkip.dyndns.org/, web-skip='IP Address'

Restart ddclient:

service ddclient restart

You can check that ddclient is working by:

ddclient -daemon=0 -noquiet -debug

All done!

 

Nginx redirect from public URL to internal IP

Welcome to this turorial on how to config Nginx redirects from a public URL to an internal IP.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi and step 1-7 om my tutorial Install Owncloud 7.01 on Raspberry Pi (Debian).

Login in as root (su) so you don't have to use sudo.

Step 1 - Edit nginx site-config

cd /etc/nginx/sites-enabled

Here you find your config for your site, could be named default or something else (owncloud if you followed my tutorial)

nano owncloud

In this case I will add a camera which is on the internal IP 192.168.0.210.

Add the following in the used server-directive (starts with server { )(Don't forget all the slashes below)

location ^~ /camera1/ {
        proxy_pass http://192.168.0.210/ ;
}

Save and exit nano.

Restart Nginx by

service nginx restart

All done.

Remotestick-server on a Raspberry Pi (Debian)

Welcome to this turorial on how to install Remotestick-server on a Raspberry Pi.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi.

Login in as root so you don't have to use sudo.

 

Background

I have used a very good source in Raspberry Pi + Tellstick Duo + Nexa = Awsome! How to set it up!

I will use the IP-address 192.168.0.200. Change the below IP-address if you are using another.

 

Step 1 - Install  telldus-core

Add the source-list /etc/apt/sources.list.d/telldus.list

sudo nano /etc/apt/sources.list.d/telldus.list
deb-src http://download.telldus.com/debian/ stable main

Download key

wget http://download.telldus.se/debian/telldus-public.key

Add key

sudo apt-key add telldus-public.key

Update packetlist

apt-get update

Check that build-essentials is installed

apt-get install build-essential

Install dependencies

apt-get build-dep telldus-core

Install more dependencies

sudo apt-get install cmake libconfuse-dev libftdi-dev help2man

Create temporary folder

mkdir -p ~/telldus-temp
cd ~/telldus-temp

Download and compile sourcecode

sudo apt-get --compile source telldus-core

Install package

sudo dpkg --install *.deb

Remove temporary folder

cd 
rm ~/telldus-temp

You should have telldus-core installed and a deamon that aoutostarts in /etc/init.d/telldusd

 

Step 2 - Connect your tellstick duo

Connect your tellstick to the raspberry Pi. You probably have to use a USB-hub to provide sufficient power.

 

Step 3 - Configure /etc/tellstick.conf

Below you have my config-file with a few Kjell&Co-switches combined with Nexa-switches. You can read more on the config file here.

sudo nano /etc/tellstick.conf
## Start tellstick.conf
user = "nobody"
group = "plugdev"
deviceNode = "/dev/tellstick"
ignoreControllerConfirmation = "false"

device {
  id = 1
  name = "Huset"
  controller = 0
  protocol = "fuhaote"
  model = "codeswitch"
  parameters {
    # devices = ""
    # house = ""
    # unit = ""
    code = "0001010000"
    # system = ""
    # units = ""
    # fade = ""
  }

device {
 id = 2
 name = "Fontän"
 protocol = "arctech"
 model = "selflearning-switch"
 parameters {
  house = "1" # You can use a random number here
  unit = "1"
 }
}

device {
 id = 3
 name = "Motorvärmare"
 protocol = "arctech"
 model = "selflearning-switch"
 parameters {
  house = "1" # You can use a random number here
  unit = "2"
 }
}

controller {
  id = 1
  # name = ""
  type = 1
  serial = "A900I885"
}
}
## EOF

When you are done editing you have to restart the deamon.

sudo /etc/init.d/telldusd restart

 

Step 4 - Syncronize your assessories to tellstick

How to learn tellstick about assessories, example unit 1 in tellstick.conf file:

tdtool -e 1

Do the above for all your assessories

How to list all configured units. Example text below:

tdtool -l
Number of devices: 3
1 Huset ON
2 Fontän OFF
3 Motorvärmare OFF

 

Step 5 - Install prerequisites for remotestick-server

Install python-bottle

apt-get install python-bottle

 

Step 6 - Download and configure remotestick-server

Go to the remote-stick server-webpage here. I downloaded remotestick-server-v0.4.1-with-webgui-v0.2.zip to get the web-GUI.

Create a folder in your home-director. Transfer and unpack the files.

mkdir ~/remotestick-server
cd ~/remotestick-server
wget https://github.com/downloads/pakerfeldt/remotestick-server/remotestick-server-v0.4.1-with-webgui-v0.2.zip -O remotestick-server.zip
unzip /etc/remotestick-server/remotestick-server.zip

Start server

python remotestick-server.py ––host=192.168.0.200 ––port=8422 ––user=tellstick ––pass=tellstick

Output

     Bottle server starting up (using WSGIRefServer())…
Listening on http://192.168.0.200:8422/
Use Ctrl-C to quit.

You can now access the web-GUI with your RasPi IP-address, for example:

http://192.168.0.200:8422/s/ 

(You have to add the last / for the page to work)

bild.PNG

With this GUI you can turn individual assessories on and off and also on/off on all assessories.

Now abort the python script with CTRL+C.

 

Step 7 - Run remotestick-server in background

Make a new file

nano start-remotestick.sh

And add the following

#!/bin/bash
cd ~/remotestick-server/
./remotestick-server.py ––host=192.168.0.200 > /dev/null 2>&1 &
##EOF##

 Save and exit and make it executable

chmod +x start-remotestick.sh 

Run script

./start-remotestick.sh

There are apps on Google Market, for example Remotestick Lite, to control the tellstick.

 

Step 8 - Start remotestick-server at boot

Make a new file

nano /etc/init.d/start-remotestick.sh

And add the following

#!/bin/bash
### BEGIN INIT INFO
# Provides: remotestick-server
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 2 3 4 5
# Short-Description: Remotestick-server services
### END INIT INFO
cd ~/remotestick-server/ &&
./remotestick-server.py ––host=192.168.0.200 > /dev/null 2>&1 &

Save. Make executable and add to bootsequence.

sudo chmod +x /etc/init.d/start-remotestick.sh
sudo update-rc.d start-remotestick.sh defaults

Test service

ps aux | grep python

Probable output

pi 737 0.0 0.1 3540 800 pts/0 S+ 20:09 0:00 grep python
pi 2007 0.0 1.6 12744 8456 pts/0 S Nov30 6:56 python remotestick-server.py –h=192.168.0.200

 

Optional Step 9 - Cronjob

crontab -e

Add the following (example)

# m h dom mon dow command
## Hallen
# Power on 12:00
00 12 * * * tdtool -n 1 > /dev/null 2>&1
# Power off 21:59
59 21 * * * tdtool -f 1 > /dev/null 2>&1
## Vrum
# Power on 18:33
33 18 * * * tdtool -n 2 > /dev/null 2>&1
# Power off 23:32
32 23 * * * tdtool -f 2 > /dev/null 2>&1
## Kok
# Power on 17:19
19 17 * * * tdtool -n 3 > /dev/null 2>&1
# Power off 21:55
55 21 * * * tdtool -f 3 > /dev/null 2>&1

Example when turning on/off at the same minute (you have to use sleep):

# Power on 18:33
33 18 * * * sleep 1; tdtool -n 2 > /dev/null 2>&1
# Power on 18:33
33 18 * * * sleep 3; tdtool -n 3 > /dev/null 2>&1

 

Optional Step 10 - Make the Web-GUI more fancy

Henrik Löwenhamn has made some improvements on the web-GUI.

Download the web-GUI here.

Transfer the files to the Raspberry and replace the static map in ~/remotestick-server with the new one.

Edit the index.html-file

Search for "welcome" and change the text as appropriate.

 

Sources

Raspberry Pi
http://www.raspberrypi.org/

Telldus forum / site
http://www.telldus.com/forum/viewtopic.php?f=8&t=1998
http://www.telldus.com/forum/viewtopic.php?p=13857#p13857
http://developer.telldus.com/wiki/TellStick_conf

Remotestick-Server
https://github.com/pakerfeldt/remotestick-server

Install Windows 10 on a Raspberry Pi 2

Step 0

Get  an account for Microsoft connect.

Step 1 .

Get your hands on a windows 10 install (so an iso for PC), i used en_windows_10_pro_technical_preview_10074_x64_dvd.iso (download it from http://windows.microsoft.com/en-us/windows/preview-iso )

Step 2

Open the iso with 7zip (or any other program that can look into ISO's)

Step 3

From the folder "sources" copy everything except the subfolders and the 2 biggest files (you can copy them ofcourse, but it will take less time if you skip them) to a folder on your PC. I put everything in C:\w10install . I am not sure which files are actually needed but just copying dism.exe and some dll's didnt work. So thats why I copy the whole directory.

I had to install Windows 10 ADK to get the file ffuprovider.dll which is not supplied in the latest Windows 10 ISO. Just install the ADK and then seach for ffuprovider.dll and copy this to the same location.

Step 4

Copy the file Flash.ffu that you downloaded from the Microsoft site to this same folder. (this file is within Windows_IoT_Core_RPI2_BUILD.zip, that can be downloaded from https://connect.microsoft.com/windowsembeddedIoT/Downloads )

Step 5

Start a command prompt (run as administrator)
Type the following commands:
diskpart
list disk
exit

And note the number of your SD card

Step 6

Type:
dism.exe /Apply-Image /ImageFile:flash.ffu /ApplyDrive:\\.\PhysicalDriveN /SkipPlatformCheck
Where the N in PhysicalDriveN is the drive number from the previous step.
The image will now be written to the SD card

Step 7

Thats it, now put the SD card in the Pi 2 and wait a while, it will boot up to Windows 10 IoT. The first boot will take quite some time, so have a bit of patience

Install a VPN Server and Client on Raspberry Pi (Debian)

Welcome to this turorial on how to install VPN Server and client software on a Raspberry Pi.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi.

Login in as root so you don't have to use sudo.

Background

Free, unencrypted wireless is everywhere, but you shouldn't be checking your bank account on it unless you don’t mind somebody else snooping. The solution? A virtual private network, or VPN.

A VPN extends your own private network into public places, so even if you’re using a public Wi-Fi connection, your Internet browsing stays encrypted and secure.

There are plenty of ways to set up a VPN, both with free and paid services, but each solution has its own pros and cons, determined by the way the VPN provider operates and charges and the kinds of VPN options it provides.

Step 1 – Network configuration

Either you config a static address on your Pi by editing

/etc/network/interfaces 

with (for example)(change text below with your actual values):

auto eth0
iface eth0 inet static
        address [YOUR_PI_LOCAL_IP_ADDRESS]
        netmask 255.255.255.0
        gateway 192.168.0.1
        dns-nameserver 192.168.0.1
        dns-search [YOUR_DNS_NAME]

Or setup your router to always assign the same IP-address to your Pi.

You'll need to forward port 1194 (UDP traffic) to your Raspberry Pi’s internal IP address, but the way you do this will vary depending on your router, so check with your router manufacturer’s information. If you want to use another port or TCP, that’s fine, but just be sure to change 1194 in the tutorial to the correct number for you, and anywhere it says "UDP" to "TCP."

Step 2 - Install OpenVPN

We need the open source software. Type: 

sudo apt-get install openvpn

Step 3 - Generating Keys

You don’t want anyone who finds your VPN server address to be able to connect. So next, we’re going to make a key for the server address. It’s just like keeping the door to your house locked. 

OpenVPN comes with Easy_RSA, a light and easy package for using the RSA encryption method. Developed in 1977, RSA was one of the first usable cryptosystems that is still used today. The encryption key is public, while the decryption key is secret.

With Easy_RSA, you run an algorithm that comes with the software to generate a new unique key. 

We type:

cp –r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa 
cd /etc/openvpn/easy-rsa 
nano vars

Now, find and change EASY_RSA variable to: 

export EASY_RSA=”/etc/openvpn/easy-rsa” 

Type Control+X to save your changes and exit the nano editor. 

Step 4 - Getting Cryptographic

It’s time to build the CA Certificate and Root CA certificate. 

In cryptography, a certificate authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key.

cd /etc/openvpn/easy-rsa  
source ./vars 
./clean-all  

This will remove any previous keys, if there are any. If you have keys you don’t want to remove in this folder (like you’re doing this tutorial a second time), skip this command. 

./build-ca 

Now you can name the server (change below to a name of your choice).

./build-key-server [Server_Name] 

Press enter or whatever you want, but pay attention to these three fields:  

Common Name MUST be the server name you picked. It should default to this.

A challenge password? MUST be left blank.

Sign the certificate? [y/n] Obviously, you must type “y.”

1 out of 1 certificate requests certified, commit? [y/n] Obviously, type “y.”

That’s the server side setup.

Now it’s time to build keys for each user, or "client". It’s possible to be lazy and create just one client key for all of them, but in that case, only one device would be able to access the VPN at a time.  

./build-key-pass [User_Name] 

I found it simplest to make the usernames Client1, Client2, Client3… or the names of your employees.

And after that, more prompts! 

Enter PEM pass phrase Make it a password you will remember! It asks you to input this twice, so there’s no danger of ruining it. 

A challenge password? MUST be left blank.

Sign the certificate? [y/n] Signing certifies it for 10 more years.

cd keys
openssl rsa -in Client1.key -des3 -out Client1.3des.key 

Use the same passphrase as before. And then two more times, as shown.

Now that we’ve created a server certificate and (at least one) client certificate, type the following: 

cd .. 

Now let’s generate the Diffie-Hellman key exchange. This is the central code that makes your VPN server tick, an exchange that lets two entities with no prior knowledge of one another share secret keys over a public server. 

./build-dh

This could take a while, longer if you’re on 2048-bit encryption. There’s no way really to predict how long it will take because it is using random numbers and looking for some specific relationships. In fact, while I was making this tutorial, it only took 5 minutes with 1024-bit encryption.

Generate the static HMAC key with the following line:

openvpn --genkey --secret keys/ta.key

Step 5 - Putting It All Together

We have to actually create a .conf (configuration) file in the nano editor. 

nano /etc/openvpn/server.conf 

Fill it in with this:

local 192.168.0.200 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
#ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
#push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
#push "route 10.8.0.0 255.255.255.0"
# your local subnet
#push "route 192.168.0.200 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.0.1" # This should already match your router address and not need to be changed.
push "dhcp-option DNS 8.8.8.8" # Googles DNS
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

I commented in all caps where you absolutely need to change numbers and titles to your own IP address/names. Hit Control+X to save your changes. 

Let’s edit another configuration file.

nano /etc/sysctl.conf

Near the top it says, “Uncomment the next line to enable packet forwarding for IPv4.”

To uncomment the line, remove the # immediately in front of it.

Hit Control+X to save your changes. Apply these changes by typing the following command:

sysctl -p 

We just made a functioning server that can access the Internet. But we can’t use it yet because Raspbian has a built-in firewall that will block incoming connections. 

Additionally, Raspbian’s firewall configuration resets by default when you reboot the Pi. We want to make sure it remembers the OpenVPN connection is always permitted, so what we’re going to do is create a simple script which runs on boot:

nano /etc/firewall-openvpn-rules.sh

This is currently a blank shell executable file. Fill it with this:

#!/bin/sh 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.0.200

Don’t forget to change the IP address 192.168.0.200 to your Pi’s IP address!

Let’s break this down: 10.8.0.0 is the default address for Raspberry Pi for clients that are connected to the VPN. "eth0" stands for ethernet port. Switch this to "wlan0" if you’re on a wireless connection, which is not recommended. Hit Control+X to save your changes.  

I had problem with my iptables because of old firmware on the RPi. Run to update:

sudo rpi-update

Set permissions:

chmod 700 /etc/firewall-openvpn-rules.sh 
chown root /etc/firewall-openvpn-rules.sh

We’ve created the script that punches an OpenVPN-shaped hole in the firewall. Now we just need to inject it into the interfaces setup code so it runs on boot. 

nano /etc/network/interfaces

Find the line that goes: “iface eth0 inet dhcp”. We want to add a line below it and at an indent. So this is what the two lines, existing and new, will look like when you’re done:

iface eth0 inet dhcp
pre-up /etc/firewall-openvpn-rules.sh

Hit Control+X to save your changes (as you should be doing whenever you use nano). 

Finally reboot your Pi. 

sudo reboot

Congratulations! That's the server!

Step 6 - The Script

The script will access our default settings to generate files for each client. The first thing we need to do, then, is create a blank text file in which those default settings can be read. 

nano /etc/openvpn/easy-rsa/keys/Default.txt 

Fill in the blank text file with the following: 

client 
dev tun
proto udp
remote <YOUR_PUBLIC_IP_ADDRESS_HERE> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20 

Now, if you don’t have a static public IP address, you need to use a dynamic domain name system (DDNS) service to give yourself a domain name to put in place of the IP address. I recommend using the free service DTDNS, which lets you pick a name of your choice. Then on your Pi, you need to run DDclient to update your DDNS registry automatically. I wrote a full tutorial for how to do this here

As always, press Control+X to save and exit the nano editor. 

Next, we need to create the actual script file.

nano /etc/openvpn/easy-rsa/keys/MakeOVPN.sh 

Here’s the script. Copy and paste it into your blank shell file:

#!/bin/bash 
# Default Variable Declarations
DEFAULT="Default.txt"
FILEEXT=".ovpn"
CRT=".crt"
KEY=".3des.key"
CA="ca.crt"
TA="ta.key"
#Ask for a Client name
echo "Please enter an existing Client Name:"
read NAME
#1st Verify that client’s Public Key Exists
if [ ! -f $NAME$CRT ]; then
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
exit
fi
echo "Client’s cert found: $NAME$CR"
#Then, verify that there is a private key for that client
if [ ! -f $NAME$KEY ]; then
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
exit
fi
echo "Client’s Private Key found: $NAME$KEY"
#Confirm the CA public key exists
if [ ! -f $CA ]; then
echo "[ERROR]: CA Public Key not found: $CA"
exit
fi
echo "CA public Key found: $CA"
#Confirm the tls-auth ta key file exists
if [ ! -f $TA ]; then
echo "[ERROR]: tls-auth Key not found: $TA"
exit
fi
echo "tls-auth Private Key found: $TA"
#Ready to make a new .opvn file - Start by populating with the default file
cat $DEFAULT > $NAME$FILEEXT
#Now, append the CA Public Cert
echo "<ca>" >> $NAME$FILEEXT
cat $CA >> $NAME$FILEEXT
echo "</ca>" >> $NAME$FILEEXT
#Next append the client Public Cert
echo "<cert>" >> $NAME$FILEEXT
cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT
echo "</cert>" >> $NAME$FILEEXT
#Then, append the client Private Key
echo "<key>" >> $NAME$FILEEXT
cat $NAME$KEY >> $NAME$FILEEXT
echo "</key>" >> $NAME$FILEEXT
#Finally, append the TA Private Key
echo "<tls-auth>" >> $NAME$FILEEXT
cat $TA >> $NAME$FILEEXT
echo "</tls-auth>" >> $NAME$FILEEXT
echo "Done! $NAME$FILEEXT Successfully Created."
#Script written by Eric Jodoin

You still need to give this script permission to run.

cd /etc/openvpn/easy-rsa/keys/

And then give it root privileges.

chmod 700 MakeOVPN.sh

Finally, execute the script with: 

./MakeOVPN.sh

As the script runs, it'll ask you to input the names of the existing clients for whom you generated CA keys earlier. Example: “Client1”. Be sure to name only clients that already exist.

If all goes well, you should see this line appear:

Done! Client1.ovpn Successfully Created.

Repeat this step for each existing client. 

The last thing to do is connect to your Raspberry Pi so you can download files from it. You need to use a SCP (Secure Copy Protocol) client in order to do this. For Windows, I recommend WinSCP. For Mac,use Fugu

Note: if you cannot get permission to connect to your SCP client, you’ll need to grant yourself read/write access to the folder. Back on the Raspberry Pi, write: 

chmod 777 -R /etc/openvpn

Be sure to undo this when you’re done copying files, so others can’t do it! Put the permission back to 600 when you’re done, so only the Pi user can read/write files:

chmod 600 -R /etc/openvpn

Put it into your client and you’re done. 

Step 7 - Working With Client Software

Okay, the hard part is over. From here, we need to input the scripts we generated earlier into a Graphical User Interface. For your PC, Android, or iOS mobile device, you can download OpenVPN Connect. There isn't one for your Mac computer, but the free Tunnelblick is a good choice.

Download the version of Tunnelblick that works for your version of OS X. I'm using Mavericks, so I downloaded the beta. The fact that it popped up in a bunch of languages looked funny to me, but that's the legitimate download. 

Then, it'll ask if you already have a file you want to use. I did—my Client5.ovpn file.

It will then ask if your configuration file is in .ovpn format or .tblk. If you select .ovpn, it'll walk you through changing the file type to Tunnelblick's native type. I did this by transferring Client5.ovpn into a folder Tunnelblick provided, and then changing the name of the folder to Client5.tblk.

Now you're all set to connect. Click the Tunnelblick icon on the top right of your screen and select Client5. 

It will ask you for a pass phrase. This is the same pass phrase we generated last tutorial, back when we were generating keys for each client.

If you get the password right, it'll look like this! 

Try out your new connection at coffee shop, the local library, anywhere there's unencrypted Wi-Fi. You may still be using the public connection, but over VPN, your data is anything but out in the open.

Install Owncloud 7.01 on Raspberry Pi (Debian)

Welcome to this turorial on how to install Owncloud on a Raspberry Pi.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi.

Login in as root (su) so you don't have to use sudo.

 

Step 1 - Installing the packages

apt-get install nginx openssl ssl-cert php5-cli php5-sqlite php5-gd php5-common php5-cgi sqlite3 php-pear php-apc curl libapr1 libtool curl libcurl4-openssl-dev php-xml-parser php5 php5-dev php5-gd php5-fpm memcached php5-memcache varnish

 

Step 2 - Make sure php5-curl is not installed

apt-get --purge remove php5-curl

Step 3 - Creating your SSL certificates for 2 years

You can leave all fields blank besides Common Name which must be your domainname/ddns-name.

openssl req $@ -new -x509 -days 730 -nodes -out /etc/nginx/cert.pem -keyout /etc/nginx/cert.key 
chmod 600 /etc/nginx/cert.pem
chmod 600 /etc/nginx/cert.key

 

Step 4 - Configuring Ngnix web server

nano /etc/nginx/sites-available/owncloud
Add the entire content below:   
Note: You'll have to replace mydomain.com with the local IP of your Raspberry Pi or the domain name (make sure it matches with the details you have provided to create the certificate, else ownCloud won't work). If you have planned instead to use any Dynamic DNS domain, then use your  domain name instead of the local IP address. 
upstream php-handler {
server 127.0.0.1:9000;
}

server {
listen 80;
server_name mydomain.com;
return 301 https://$server_name$request_uri; # enforce https
}

server {
listen 443 ssl;
server_name mydomain.com;

ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert.key;

# Path to the root of your installation
root /var/www/owncloud;

client_max_body_size 1000M; # set max upload size
fastcgi_buffers 64 4K;

rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}

location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

try_files $uri $uri/ index.php;
}

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}

# Optional: set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}

Step 5 - Configuring max upload limit in php

 nano /etc/php5/fpm/php.ini

Tip: Use ctrl+w to search below lines and update if needed:

upload_max_filesize = 1000M
post_max_size = 1000M

 

Step 6 - Configuring PHP 

nano /etc/php5/fpm/pool.d/www.conf
Change the following line, if needed, from:
listen = /var/run/php5-fpm.sock 
to
listen = 127.0.0.1:9000

Edit file /etc/dphys-swapfile

nano /etc/dphys-swapfile
Change the following line, if needed, from:
CONF_SWAPSIZE=100 
to 
CONF_SWAPSIZE=512
 Enable the owncloud site and disable the default site
ln -s /etc/nginx/sites-available/owncloud /etc/nginx/sites-enabled/owncloud
unlink /etc/nginx/sites-enabled/default

Step 7 - Restart web server and Php

/etc/init.d/php5-fpm restart
/etc/init.d/nginx restart

Step 8 - Install ownCloud

mkdir -p /var/www/owncloud
cd /var/www/
wget https://download.owncloud.org/community/owncloud-7.0.1.tar.bz2
tar xvf owncloud-7.0.1.tar.bz2
chown -R www-data:www-data /var/www
rm -rf owncloud-7.0.1.tar.bz2

Step 9. Portforward

You probably have to port forward port 80 and 443 on tour router to your Raspberry Pi. How you do it differs from router to router.

Step 10. Setup admin account

While setting up the admin account you should provide the path to your data folder. You can ideally set this to your NAS drive or external drive which you may have mounted. Owncloud will complain and not proceed with admin account if the data directory path is not readable & writable by the user www-data. Also it should not be readable by "others".
Now in the browser, login to the ip address of Raspberry Pi or if you have configured your domain name then use that and set up the admin account.
    https://mydomain.com    or    https://192.168.XXX.XX

Step 11. Problem upgrading?

If your owncloud stays in maintenance mode then:

Stop the upgrade process this way:

cd /var/www/owncloud/
sudo -u www-data php occ maintenance:mode --off

And start the manual process:

sudo -u www-data php occ upgrade

If this does not work properly, try the repair function:

sudo -u www-data php occ maintenance:repair

ActiveDirectory Domain Controller with Samba4 on Raspberry Pi

Welcome to this turorial on how to install Samba with AD-functionality on a Raspberry Pi.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi.

Login in as root so you don't have to use sudo.

Step 1 – Network configuration

Either you config a static address on your Pi by editing

/etc/network/interfaces 

with (for example):

auto eth0
iface eth0 inet static
        address 192.168.0.200
        netmask 255.255.255.0
        gateway 192.168.0.1
        dns-nameserver 192.168.0.200
        dns-search mydomain.com

Or setup your router to always assign the same IP-address to your Pi.

 

Step 2 - Install prerequisites

I installed the following packages and toos Samba installation has a list under “OS requiremants” (http://wiki.samba.org/index.php/Samba_4/OS_Requirements)

apt-get install git-core python-dev libacl1-dev libblkid-dev
apt-get install build-essential libacl1-dev libattr1-dev \
   libblkid-dev libgnutls-dev libreadline-dev python-dev \
   python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
   dnsutils libbsd-dev attr krb5-user docbook-xsl

I use the following settings:

  • Kerberos and samba realm: AD.MYDOMAIN.COM
  • Kerberos hostname: PISERVER
  • Password server: PISERVER
  • NetBIOS name (hostname): PISERVER
  • Domain: AD

 

Step 3- Install Samba4

cd /home/pi/
mkdir samba-master
git clone git://git.samba.org/samba.git samba-master
cd samba-master

Configure and make samba4, this will take some time....

./configure  --enable-debug --enable-selftest
make
make install

Update your $PATH variables

nano /etc/profile

add

PATH=$PATH:/usr/local/samba/bin/:/usr/local/samba/sbin

before "export PATH".

Reload bash

source /etc/profile

Test client and server installation

samba -V
smbclient -V

Start provisioning. Remember to use the same realm/domain as above and use "complex" password (info by looking in section administrator password).

samba-tool domain provision --use-rfc2307 --interactive --host-name=PISERVER

There is no script for starting samba but it can be downloaded. Create the init script:

wget "http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=blob_plain;f=debian/samba.samba-ad-dc.init;h=3132d2e367675f822342a5b7bc2e50c046aa3b8f;hb=HEAD" -O /etc/init.d/samba4

You have to edit the file

nano /etc/init.d/samba4

and change all references /usr/sbin/samba to /usr/local/samba/sbin/samba (three places). You can also change the usage text "..... samba-ad-dc....." to "..... samba4....." to reflect the name of the file.

Make it executable and include it in the normal init sequence

chmod 755 /etc/init.d/samba4
update-rc.d samba4 defaults

Edit /etc/resolv.conf

nano /etc/resolv.conf

By editing/adding

domain ad.mydomain.com
search ad.mydomain.com
nameserver 192.168.0.200   # <--- this is rapi's ip
nameserver 192.168.0.1        # <-- this is the router

 

Step 4 - Testing Your Samba Domain Controller

Start samba

service samba4 start

Test samba version

smbclient -L localhost -U%
smbclient //localhost/netlogon -UAdministrator -c 'ls'

 And use your newly made password.

 From now on you can connect to your AD.

I'm using the Windows client LDAP Admin to connect. In this case you shall use the following settings:

  • Host: 192.168.0.200
  • Base: dc=ad,dc=mydomain,dc=com
  • Account/Username: cn=Administrator,cn=users,dc=ad,dc=mydomain,dc=com

You can also use LDAPExplorerTool 2. In ths case you shall use the following settings:

  • Server/Server name or IP: 192.168.0.200
  • Connection/User DN: cn=Administrator,cn=users,dc=ad,dc=mydomain,dc=com
  • Connection/Base DN: dc=ad,dc=mydomain,dc=com

 

Step 5 - Kerberos

Create the Kerberos configuration by copying it from the template in the samba directory

cd /etc
cp /usr/local/samba/share/setup/krb5.conf .

Then edit the file

nano krb5.conf

and replace ${REALM} with your domain-name. Realm must be in uppercase letters

[libdefaults]
default_realm = AD.MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true

Check Kerberos, get a ticket with kinit and display it. Use the realm name in upper case after the @.

kinit administrator@AD.MYDOMAIN.COM
klist

 

Step 6 - Add users and join domain

Add a smbuser (in this case user), and remember to use a complex password.

smbpasswd -a user

Add test the user

smbclient //localhost/netlogon -Uuser -c 'ls'

You can check the existing smbusers:

pdbedit -L

Now you can goto on a Windows system and join domain by by command -line or GUI:

1. Go to Start and enter cmd

In the command-window

netdom join %computername% /Domain:MYDOMAIN /UserD:Administrator /PasswordD:YOURADMINPASSWORD

2. Right-click Computer and choose properties. In "Computer name, domain, and workgroup settings" choose Change settings. Next, next and next. Enter Administrator, your password and Mydomain in the fields. Choose not to add an account.

Check the name of your Local account before restart if you are having problem logging into your domain by:

1. net users-command

2. Control Panel/User Accounts/User Accounts

 

You have to restart the Windows client to be able to join.

 

Optional Step 7 - Install PhpLDAPAdmin (Problem retrieving DN)

apt-get install php5-fpm php5-cli php5-ldap php-apc phpldapadmin nginx

Now we need to crack open /etc/phpldapadmin/config.php and change a couple lines so that it matches the domain we just setup.

nano /etc/phpldapadmin/config.php

We need to look for the following lines and modify them slightly.

//Original line
$servers->setValue('server','base',array('dc=example,dc=com'));
//Change to this domain so it matches yours like below
$servers->setValue('server','base',array('dc=ad, dc=mydomain,dc=com'));

//Original line
$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');
//Change the line so it matches your LDAP admin user, my example below
$servers->setValue('login','bind_id','cn=Administrator,cn=users,dc=ad, dc=mydomain,dc=com');

Now we're first going to disable the default Nginx virtual host configuration.

sudo unlink /etc/nginx/sites-enabled/default

Next start a new file at /etc/nginx/sites-available/phpldapadmin

nano /etc/nginx/sites-available/phpldapadmin

and let's the put the following in it.

server {

        root /usr/share/phpldapadmin/htdocs;
        index index.php index.html;

        server_name localhost;

        location ~ \.php$ {
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }
}

Save and exit

sudo ln -s /etc/nginx/sites-available/phpldapadmin /etc/nginx/sites-enabled/phpldapadmin
sudo service nginx restart

I had to kill a earlier running apache2 with

sudo fuser -k 80/tcp

before the Nginx could start.

Now point your browser to the server's IP and you should be presented with the login screen.

 

Optional Step 8 - Install Webmin

apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python
nano /etc/apt/sources.list

Add these lines to the end of the file

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

Save and exit

cd /root
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc 
apt-get update
apt-get install webmin

Open webbrowser and point it to your Raspi ip-address (in my case 192.168.0.200:10000)

Optional Step 9 - Create share

In the /home directory let's create a directory that the user will be able to access and a test file.

mkdir /home/share
sh -c 'echo "Hello World" > /home/share/hello.txt'

I had trouble with chown so I had to use /find UID:GID instead of chownuser:"domain users":

wbinfo -i user
chown 3000018:100 /home/share 

If you are having trouble with the chown command check existing users and groups with (this may return all users and groups)

wbinfo -u
wbinfo -g

Then let's open /usr/local/samba/etc/smb.conf with

nano /usr/local/samba/etc/smb.conf

and add the following lines to the end. This will setup the share.

[SHARE]
        path = /home/share
        browseable = yes
        valid users = user

Then restart Samba by doing

service samba4 restart

You could also create this share in webmin.

If you are uncertain of the NetBIOS-name of your server run this command and compare to your servers ip-address:

nmblookup -S __SAMBA__

After that you should be able to navigate to \\PISERVER\share and then enter AD\user with the password and you should be able to see the hello.txt file we created.

Or you could map a networkdrive by using the commandline in Windows

net use X: \\PISERVER\SHARE /user:AD\user <userPassWord> /persistent:yes

Optional Step 10 - Unjoin domain

If you have to remove the Windows 7 client from the domain issue

netdom remove %computername% /Domain:MYDOMAIN /UserD:Administrator /PasswordD:YOURADMINPASSWORD /force

 

 

 

Installing a TFTP-server on Raspberry Pi

Welcome to this turorial on how to install a TFTP-server on a Raspberry Pi.

This can be used to distribute your IOS-images to your cisco-equipment.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi.

Step 1 – Network configuration
Either you config a static address on your Pi by editing

/etc/network/interfaces 

with (for example):

auto eth0
iface eth0 inet static
        address 192.168.0.200
        netmask 255.255.255.0
        gateway 192.168.0.1

Or setup your router to always assign the same IP-address to your Pi.

Step 2 – Install TFTP-server

Install necessary package

apt-get install atftpd

The TFTP server uses /srv/tftp as its home directory by default. You need to put your IOS imagefiles in this directory before your TFTP server is able to serve them to your cisco-equipment.

Step 3 – Transfer IOS-files to the Raspberry Pi

You can use, for example, Filezilla to transfer the IOS-images from the computer that has downloaded the images to the Raspberry Pi.

Step 4 – Download IOS-images to router

We will perform the basic IP configuration on the cisco-equipment first. The interface FastEthernet0/0 of the router is assigned the IP address 192.168.0.10 and subnet mask 255.255.255.0.

Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.0.10 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#end
Router#

You can use the copy tftp flash command to download an IOS image stored on the SD card of your Raspberry Pi. Make sure you have a steady connection between your cisco-equipment and your Raspberry Pi.

Router#copy tftp flash

Address or name of remote host []? 192.168.0.200
Source filename []? c181x-adventerprisek9-mz.151-4.M9.bin
Destination filename [c181x-adventerprisek9-mz.151-4.M9.bin]?
Accessing tftp://192.168.1.2/c181x-adventerprisek9-mz.151-4.M9.bin
Loading c181x-adventerprisek9-mz.151-4.M9.bin from 192.168.0.200 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 27641828 bytes]
27641828 bytes copied in 90.600 secs (305097 bytes/sec)
Router#

All done.

Installing Drupal on Raspberry Pi

This guide will teach you how to install Drupal 7 on a Raspberry Pi

Prerequisites

Before you get started with this guide, you will need Raspbian installed and updated. You will also need to have Apache, PHP, and MySQL configured on your server. Follow my LAMP guide here.

Once you have fulfilled the above requirements, continue on with this guide.

Step-by-Step Install Drupal 7 via Software Repositories

Step 1.  Install latest version of drupal (drupal7) from the repositories with following commands:

sudo apt-get update
sudo apt-get install drupal7

Step 2. Registering Drupal to apache with following command:

sudo cp /etc/drupal/7/apache2.conf /etc/apache2/mods-enabled/drupal.conf
sudo /etc/init.d/apache2 restart

Step 3. Create database with command below,in case we’ll create database with name “dbdrupal”

mysql -u root -p
CREATE DATABASE dbdrupal;

Logout from mysql server

quit

Step 4. Install drupal from your favorite browser by typing http://host/drupal7/install.php

Step-by-step Installing Drupal 7 Manually

Step 1. Download and extract all drupal files into /var/www/ directory:

sudo -i
cd /var/www
wget http://ftp.drupal.org/files/projects/drupal-7.36.tar.gz
tar xvf drupal-7.36.tar.gz
mv drupal-7.36/ drupal

Step 2. Change an ownership of all Drupal installation files to www-data user.

chown -R www-data.www-data /var/www/drupal/

Step 3. Create a MySQL database to be used by our new Drupal 7 installation, Let’s create and use following credentials:

  • Database: dbdrupal
  • User: drupaluser
  • Password: drupalpass
mysql -u root -p
create database dbdrupal;
CREATE USER drupaluser;

Create password: “drupalpass” for user: “drupaluser”

SET PASSWORD FOR drupaluser = PASSWORD("drupalpass");

Grant user drupaluser all permissions on the database.

GRANT ALL PRIVILEGES ON dbdrupal.* TO drupaluser@localhost IDENTIFIED BY "drupalpass";

Logout from mysql server

quit

Step 4. Navigate your browser to Apache’s hostname or IP address and follow Drupal 7 installer (http://hostname/drupal) to complete your own Drupal  installation.

 

Good luck!

Install multiple CMS for development on your apache server

This guide will show you how to install multiple CMS on your apache server. This can be used for development or customer presentations.

Step 1. Create directory and copy CMS

We are going to create a directory called ‘joomla1‘ under DocumentRoot of Apache directory.

sudo mkdir /var/www/joomla1
cd /var/www/joomla1

Now follow my guide to copy a Joomla CMS in your newly created directory at /var/www/joomla1 but substituting /var/www in my guide to /var/www/joomla1.

Now next CMS-directory

sudo mkdir /var/www/joomla2
cd /var/www/joomla2

Now follow my guide to copy another Joomla CMS in your newly created directory at /var/www/joomla2 but substituting /var/www in my guide to /var/www/joomla2

Dont forget to make apache owner of the www-directory

cd /var
sudo chown -R www-data:www-data www

Step 2. Change Apache-configuration

We have to make changes in apache ports.conf-file to listen to a few more ports.

sudo nano /etc/apache2/ports.conf

Add this after Listen 80:

NameVirtualHost *:8080
Listen 8080
NameVirtualHost *:8081
Listen 8080

You can add more ports if you like.

Next, create a separate Virtualhost-file in your Apache sites-available-directory.

cd /etc/apache2/sites-available/
cp default joomla1
sudo nano joomla1

Change the following Virtualhost entries:

port to, for example, 8080 in joomla1-file and 8081 in joomla2-file and so on, ServerName to your local ip-address, DocumentRoot to match exact location of your files, the same to Directory and :

<VirtualHost *:port>
ServerName 'your-ip-address-of-your-server' DocumentRoot /var/www/joomla1 <Directory /var/www/joomla1>

You have to to the exact same thing to your joomla2-file but change the port entry to 8081.

You need to enable the newly created virtualhost entries using following command

sudo a2ensite joomla1
sudo a2ensite joomla2

Finally, restart the Apache service to reflect new changes.

sudo service apache2 restart

Now  you can access your different CMS-sites at http://your-ip-address-of-your-server:8080 and http://your-ip-address-of-your-server:8081

Good luck

Cloning your Joomla 3.x site

I discovered a great extension which can clone or backup your Joomla 3.x site.

It is called Akeeba Backup and the extension is found here.

Just upload it to your existing Joomla 3.x site and you can then access it through Components on your admin site.

If you make a copy of your, for example, development site you can easily transfer the jpa-backupfile to your new site. Just upload this file to the root of your webserver installationfolder, for example /var/www on a apache webserver. You also have to transer a few files which are included in Akeeba Kickstart found here. Just place the required files from the kickstart-zipfile at the same folderlevel as the jpa-file.

Good luck!

Removing existing Joomla installation on Raspberry Pi

Remove all folders insida /var/www.

And use the command:

sudo apt-get remove --purge mysql\*

to delete anything related to packages named mysql. Those commands is only valid on debian / debian based linux distributions (for eg. Raspian).

For more cleanup for package cache you can:

sudo apt-get clean

Remember to:

sudo updatedb

Otherwise the "locate" command will display old data.

Install Joomla on Raspberry Pi

Joomla is a content managment system (CMS) used my many people around the globe to manage their web sites.

Step 1. Setting up the Raspberry with LAMP

If you havent yet set up your Raspberry Pi as a web server my earlier article can help you:

LAMP with Raspberry Pi

Step 2. Download and transfer files

Next, we need a copy of Joomla. ALWAYS use the latest available – you can get it from here:

http://www.joomla.org/download.html

once downloaded, you need to unpack it to the directory /var/www on your Raspberry Pi

I usually use Filezilla to transfer files from my Windows PC to my Raspberry Pi.

To extract locally, open a terminal window and type (change 'joomla.zip' below to the appropiate filename):

sudo unzip joomla.zip -d /var/www

Remove the zip-file with

sudo rm joomla.zip

You can also download an quickstart package from one of the companies who makes templates for Joomla. Just use the quickstart package instead of the above package.

Step 3. Edit config files

Now we need to change a couple of settings in your php.ini file to reduce the load on the Raspberry Pi:

cd /etc/php5/apache2
sudo nano php.ini

then press CTRL w to search for a string, and search for output_buffering

now change it to look like this:

output buffering
Default Vaule: Off
Development Value: 0
Production Value: 0b

now press CTRL o then CTRL x to save the file and exit.

Next, we need to create and make sure your configuration.php is writeable:

sudo bash
cd /var/www
touch configuration.php
chmod 777 configuration.php

and make apache owner of the www-directory

cd /var
sudo chown -R www-data:www-data www

Step 4. Install Joomla

Once done, point your browser at http://your-raspberrypi-ip/ or http://localhost if you are on the device.

(if you get the standard Apache welcome screen, delete the index.html from /var/www)

You should get the Joomla installation screen.

Just go through all the steps.

If you cant remove the installationdirectory you have to remove it by:

cd /var/www
sudo rm -rf installation

Now you are done and you can reach your website at http://your-raspberrypi-ip/ or http://localhost if you are on the device. Your adminpages are on http://your-raspberrypi-ip/administrator or http://localhost/administrator if you are on the device