PiBakery

A great way to configure a Raspberry Pi from scratch is PiBakery. After struggling a while with setting up a VNC server and some other things on a fresh Pi connected only via Ethernet (no display, keyboard, or mouse), finding PiBakery was very helpful.

Here’s my configuration:

The long string in the second Run Command step is:

 

Installing a Tor Relay from Source on a Raspberry Pi

The other day I learned on Twitter that I should update the Tor relay software on my Raspberry Pi as the Tor project had introduced a new Bridge Authority. So I lazily ran sudo apt-get update  followed by sudo apt-get upgrade only to notice that no new version of the tor package was available via the package manager. Bummer.

Waiting for the package manager to provide a new version seemed futile so I decided to build Tor from scratch. I found a very helpful answer on StackOverflow that listed all the steps required  for my setup.

  1. Make sure to have all dependencies needed for compiling the sources:
  2. Clone Tor from git.torproject.org:
  3. Switch to the latest release branch:
  4. Run  ./autogen.sh
  5. Run  ./configure  or  ./configure --disable-asciidoc  if you don’t want to build the manpages.
  6. Run  make
  7. (Optional): run  make install

This last step installed the new tor binary in /usr/local/bin/ whereas the existing tor binary was still located in /usr/bin/ from where it was picked up by /etc/init.d/tor (I want to run my tor relay as a service whenever the Raspberry reboots). Luckily, this problem had been solved by someone else who shared his findings on a mailing list.

  1. If you’re using service tor {start, stop, reload, etc.}:
  2. The latter will likely point to /usr/bin/tor, which might be outdated.
    If that’s the case, change that line in /etc/init.d/tor to point to the new Tor executable /usr/local/bin/tor – that’s where it should be; if you don’t like that, change BINDIR = /usr/local/bin  in Tor’s Makefile and make install  again.
  3. The Debian Tor packages seem to like to assume torrc will be placed in /etc/tor/torrc . If that’s where your torrc resides, make a symlink to it from /usr/local/etc/tor , which is where the new Tor executable will look for it:
  4. Stop the running tor service:
  5. Reload the tor daemon:
  6. Restart the tor service:

Renewal of Let’s Encrypt Certificates Using Plesk

Note to self: If the Let’s Encrypt extension for Plesk fails to renew a certificate (when triggered manually), disable the automatic forwarding to an SSL connection in the Apache settings. This forced secure connection seems to disturb the renewal script.

The error I got was something like this:

Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: 2016-01-19 13:56:07,885:WARNING:letsencrypt.cli:Root (sudo) is required to run most of letsencrypt functionality. Failed authorization procedure. removed.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://removed.domain.com/.well-known/acme-challenge/REMOVED-ID [REMOVED IP]: 401 IMPORTANT NOTES: - The following errors were reported by the server: Domain: removed.domain.com Type: urn:acme:error:unauthorized Detail: Invalid response from http://removed.domain.com /.well-known/acme- challenge/REMOVED-ID [REMOVED IP]: 401

See also this bug report on Github.

Let’s hope the extension is going to renew all certificates automatically every month from now on, as it should.

Owncloud with Apache 2.4, PHP FPM, and Plesk

After about two weeks of fiddling around, I finally managed to get my own instance of owncloud up and running with Apache behind Plesk. Here’s how I did it:

  1. Set up a sub-domain in Plesk, e.g. owcloud.mydomain.com
  2. Set up a database for owncloud using Plesk.
  3. Make sure to use HTTP strict transport security by adding the following Apache HTTPS directive:
  4. Create a directory for your owncloud data, e.g. /var/oc_data
  5. Give sufficient permissions to your HTTP user on the data directory:

    In my case, user1 is the the name of the Plesk user with which I had created the sub-domain. psacln is the group assigned to this user by Plesk.
  6. Update PHP to version 5.6.x. There is this bug in version 5.5.x which makes owncloud unusable if you don’t want to use mod_php (which is discouraged).
  7. Configure PHP in Plesk and Apache as follows:
    • Run PHP as an FPM application
    • Set open_basedir to {WEBSPACEROOT}{/}{:}{TMP}{/}{:}/dev/urandom{:}/var/oc_data{/}
    • Set memory_limit to 256M (or something like that)
    • Set max_execution_time to 120 (or something like that)
    • Set max_input_time to 120 (or something like that)
    • Set post_max_size to 128M (or something like that)
    • Set upload_max_filesize to 64M (or something like that)
  8. Check this owncloud documentation page for potential additional PHP settings when running in FPM mode.
  9. Download the setup-owncloud.php web installer as described here and run it from your browser.
  10. Have fun.