Category: Articles

Raspberry Pi 4 with Pihole, Pivpn and PADD

admin

Another project during the isolation at home. I got a Raspberry Pi 4 with 2GB RAM. Nice little thing. Not as powerful as other SBCs out there but Raspberries have a huge community to support and myriad of projects. On the plus side it was the quickest to have in my hands.

I used Tiendatec to buy it online. Nice very fast shop. On top of that I got a 3.5 inch TFT screen. The brand is Wavesharethe brand is not important any Raspbian supported screen will work.

So what I wanted to do is to have another Pi-Hole DNS/Ad blocker server and to show statistics in the screen using PADD

How to get started? Grab imager from Raspberry Site or use the good old Etcher and copy Raspbian Lite in a good quality micro SD card. 16Gb Should be enough.

After you finish with the installation and you have done the initial configuration you can install Pihole (https://docs.pi-hole.net/main/basic-install/) after that I installed Unbound DNS server which I strongly recommend.https://docs.pi-hole.net/guides/unbound/

It is quite simple so far. I also installed PiVPN (I prefer watchguard over openvpn) which also was very straight forward. At that point I had a fully capable DNS/Ad Blocking server that is accessible from anywhere through VPN. I have a vpn client on my mobile for ad free browsing.

After that I installed the TFT screen following the instructions here nothing complicated. I had small terminal up and running. Finally I installed PADD following their wiki and although everything should go fine I had trouble with displaying correctly the info. I tested different fonts but with no luck. In the end after reading a post somewhere I edited the PADD script and removed 1-2 “=” characters that fixed the issue. Apparently it was adding a line or two and breaking the display. So all good in the end.

And here it is the final outcome. (Yes I know I need a nice box). Also I have to say that Raspberry Pi 4 gets really hot!

 

Nextcloud @ Debian 10

admin

On a clean Debian 10 install type the following

apt-get install apache2 mariadb-server libapache2-mod-php7.2
apt-get install php7.2-gd php7.2-json php7.2-mysql php7.2-curl php7.2-mbstring
apt-get install php7.2-intl php-imagick php7.2-xml php7.2-zip

download the latest versnion from https://nextcloud.com/install/#instructions-server for example:

wget https://download.nextcloud.com/server/releases/nextcloud-17.0.1.tar.bz2

after just decompress the file

tar -xjf nextcloud-17.0.1.tar.bz2

Then copy the installation files to the root of the webserver

cp -r nextcloud /var/www

Please note when you are running the Apache HTTP server you may safely install Nextcloud in your Apache document root!

Give read/write access to web server on the new folder

chown -R www-data:www-data /var/www/nextcloud/

create a configuration file for nextcloud in Apache

pico /etc/apache2/sites-available/nextcloud.conf

with the following content

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Require all granted
  Options FollowSymlinks MultiViews
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud

</Directory>

enable it by issuing

a2ensite nextcloud.conf

enable some needed modules

a2enmod rewrite
a2enmod headers
a2enmod env 
a2enmod dir 
a2enmod mime

and do not forget to restart Apache

systemctl reload apache2

Now before we go ahead lets prepare MariaDB

systemctl start mariadb
mysql_secure_installation

and after that

mysql
MariaDB> use mysql;
MariaDB> update user set plugin='' where User='root';
MariaDB> flush privileges;
MariaDB> quit

Now you can login to mysql only with the -p option and the password you setup in the previous step. I strongly suggest to setup a user for nextcloud database. Do not use root to create the database.

mysql -u root -p 
CREATE USER 'next'@'localhost' IDENTIFIED BY 'YourPassword';
CREATE DATABASE nextcloud;
GRANT ALL ON press.* TO next@localhost; FLUSH PRIVILEGES; exit;

After that you are pretty much ready to go. Head to the http://IP/nextcloud and follow the steps.

An optional but important step (which I strongly advice to follow is to enable https by default. This will encrypt the communication. To do that we will use Let’sEncrypt.

a2enmod rewrite ssl
nano /etc/apache2/sites-available/default-ssl.conf
 SSLProtocol all -SSLv2 -SSLv3
 Add SSL Cipher in one long line
 SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 SSLHonorCipherOrder     on
 SSLOptions +StrictRequire
 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
 Header always set X-Frame-Options DENY
 Header always set X-Content-Type-Options nosniff

This will enable ssl on Apache and then you have to add the ciphers to support along with some more security enhancements

Install the certbot. It will do most of the job for you.

apt-get -y install certbot
apt-get -y install python-certbot-apache
certbot --authenticator webroot --installer apache

 crontab -e
 0 2 * * * certbot renew >> /var/log/letsencrypt.log

That’s it! You are done.

 

Blockchain as answer to democracy.

admin
Blockchain as an answer to luck of direct democracy.
Voting or e-voting is struggling because of trust or the luck of it. Blockchain could solve this since it is all about trust and transparency.
Giving a tool to people able to directly affecting the decisions is the epitome of democracy. Direct democracy. Scary and exciting at the same time.
Is it possible? It is.
Is it worthy? Definitely if you believe in democracy.
We have all the ingredients to achieve direct democracy through blockchain we need to put the together.
Who is against? All who do not want transparency, who do not want people to have such a power and all buerocratic state of minds

HP ProLiant MicroServer N40L + OpenMediaVault

admin

Αγορασα χθες το HP ProLiant N40L MicroServer . Ειναι ενα καταπληκτικο και αθορυβο μηχανακι. Απο οτι καταλαβα ειναι πολυ διαδεδομενο εδω στο UK.  Ηθελα ενα μικρο NAS μετα το τελευταιο ατυχημα με τους δισκους κυριως για τις photo της οικογενιας που πλεον εχουν φτασει τα 48GB.
Κατεληξα σε αυτο οταν το ειδα στο http://www.hotukdeals.com/. Το κοστος του ειναι 239 λιρες – 10 λιρες εκπτωση – 100 λιρες cashback απο την HP – 3 λιρες topcashback.co.uk = 126 λιρες! Πολυ καλη τιμη. Απο dabs.com .

Τα χαρακτηριστικα του
Processor:
AMD Turion™ II Neo N40L (1.5GHz)
AMD RS785E/SB820M chipset
Memory:
Two (2) DIMM slots
2GB (1x2GB) Standard or 4GB (1x4GB)/8GB Maximum, using PC3-10600E DDR3 Unbuffered (UDIMM) ECC memory, operating at max. 800MHz
Storage Controller:
Embedded AMD SATA controller with RAID 0, 1
Embedded AMD eSATA controller for connecting external storage devices via the eSATA connector in the rear of the server
Internal Drive Support:
4 Internal HDD Support
Maximum internal SATA storage capacity of up to 8.0TB (4 x 2TB 3.5″ SATA drives)
Network Controller:
Embedded NC107i PCI Express Gigabit Ethernet Server Adapter
Expansion Slots:

Slot 1: PCI-Express Gen 2 x16 connector with x16 link
Slot 2: PCI-Express Gen 2 x1 connector with x1 Link
Slot 2-2: PCI-Express x4 slot for optional management card

USB 2.0 Ports:
Seven (7) USB 2.0 ports: 4 front , 2 rear, 1 internal (for tape)
Power Supply:
150 Watts Non-Hot Plug, Non Redundant Power Supply

Δυστηχως οι τιμες των σκληρων ειναι ακομα πολυ ηψηλες και προς το παρων δε θα το γεμισω. Οταν πεσουν θα βαλω 4 χ 2 TB. Για τα data + 250gb για το λειτουργικο.

Αποφασισα να βαλω το OpenMediaVault http://www.openmediavault.org/
 Καταπληκτικο! Debian based. Αφηνει πισω του freeNAS και αλλα πολλα. Ισως το βαλω να τρεχει απο usb stick…

Την μονη αλλαγη που εκανα ειναι να βαλω τον δισκο που ερχετε στο Optical Bay (χρειαστηκε ενα sata καλωδιο και ενα molex + sata power) ωστε να ειναι ελευθερα τα 4 SATA bay για δισκους.

 

Veeam Backup and Replication

admin

I like virtualization a lot. I have tried various diferent solutions. And for server enviroments I think Vmware is far ahead from the rest! Still when it comes to virtualization default definitions and practises changes a lot. One of them is backup.
When it comes to backing up my Virtual Machines I use Veeam Backup & Replication from a company called Veeam. Nice company, nice people and more over a very usefull tool! Although I do not like their licencing scheme… Thumbs up for Veeam