Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
rpi_nimbus [2019/04/14 14:22] – [Activate gzip module] Júne Park | rpi_nimbus [2019/08/03 04:41] – [Let's Encrypt via repository] Júne Park |
---|
{{:rpi_nimbus.jpg?nolink&250|}} | {{:rpi_nimbus.jpg?nolink&250|}} |
| |
* Name: {{material>assignment_turned_in}} NiMBUS deBlanc (official) | {{material>create}} 구운몽 (korean) | Name: {{material>assignment_turned_in}} NiMBUS deBlanc (official) | {{material>create}} ''구운몽'' (korean) |
| |
---- | ---- |
==== Specification ==== | ==== Specification ==== |
| |
* Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]] | {{material>developer_board?32&color=#14281D}} Model: [[https://www.raspberrypi.org/products/raspberry-pi-3-model-b/|Raspberry Pi 3 Model B]] [[wp>Raspberry_Pi#Model_B|Raspbierry Pi Model B]] |
* {{fa>database?color=#522B47}}: 240G on ''/var/www'' & 500G on ''~/storage'' - {{fa>plug}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{fa>lock}} | |
* {{fa>wifi?color=#7B0828}}: Wireless (''wlan0'') & Wired (''eth0'') - {{fa>wifi}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Júne's home network]] {{fa>lock}} | {{material>sd_storage?32&color=#355834}} {{fa>database}} 240G on ''/var/www'' & {{fa>database}} 500G on ''~/storage'' --- {{fa>plug}} [[SECURED:JUNE_HARDWARE#data_storage|Storage in details]] {{fa>lock}} |
* {{fa>globe?color=#0F0E0E}} Web service and web resources including [[wp>WebDAV]] | |
| === Live status of storages === |
| |
| <code ini> |
| Mounted on Type Size Used Avail Use% |
| /home/meson/storage ext4 458G 44G 391G 11% |
| /var/www ext4 220G 18G 191G 9% |
| </code> |
| |
| {{material>network_wifi?32&color=#6E633D}} Wired (''eth0''), {{fa>wifi}} Wireless (''wlan0'') & Wired {{fa>usb?color=#000000}} (''eth1'') --- {{fa>wifi}} [[SECURED:HOME_NETWORK#dhcp_assigned_ip|Júne's home network]] {{fa>lock}} |
| |
| {{material>https?32&color=#C2A878}} Web service and web resources including [[wp>WebDAV]] |
| |
---- | ---- |
==== +Work logs ==== | ==== +Work logs ==== |
| |
* ''Renew SSL certificates'' (Let's Encrypt) done <sub> --- Updated on //2019/03/13 20:08//</sub> | * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub> --- Updated on //2019/08/01 18:48// </sub> |
* ''configure'' access.log and error.log separately <sub> --- Updated on //2018/09/20 11:12//</sub> | * ''configure'' access.log and error.log separately <sub> --- Updated on //2018/09/20 11:12//</sub> |
* ''create'' server block for {{fa>folder-open}} [ ''dav.meson.in'' ] <sub> --- Updated on //2018/08/14 15:35//</sub> | * {{fa>folder-open}} ''create'' server block for [ ''dav.meson.in'' ] <sub> --- Updated on //2018/08/14 15:35//</sub> |
* ''Optimize'' Nginx configuration for **''Dokuwiki''** [[https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|reference content]] | * ''Optimize'' Nginx configuration for **''Dokuwiki''** [[https://www.nginx.com/resources/wiki/start/topics/recipes/dokuwiki/|reference content]] |
* ''create'' server block for {{fa>book}} [ ''lib.meson.one'' ] library project <sub> --- Updated on //2018/04/11 18:22//</sub> | * {{fa>book}} ''create'' server block for [ ''lib.meson.one'' ] library project <sub> --- Updated on //2018/04/11 18:22//</sub> |
* Activate gzip module in Nginx <sub> --- Updated on //2018/02/27 06:10//</sub> | * Activate gzip module in Nginx <sub> --- Updated on //2018/02/27 06:10//</sub> |
* Configured HTTP/2 for all sites <sub> --- Updated on //2018/02/15 19:45//</sub> | * Configured HTTP/2 for all sites <sub> --- Updated on //2018/02/15 19:45//</sub> |
<hidden> | <hidden> |
■ For archived history of SSL renewal | ■ For archived history of SSL renewal |
| * {{fa>certificate}} ''Renew SSL certificates'' (Let's Encrypt) done <sub> --- Updated on //2019/05/23 01:57// </sub> |
| * ''Renew SSL certificates'' (Let's Encrypt) done <sub> --- Updated on //2019/03/13 20:08//</sub> |
* ''Renew SSL certificates'' (Let's Encrypt) done --- <sub>Updated on</sub> //2018/10/21 00:29// | * ''Renew SSL certificates'' (Let's Encrypt) done --- <sub>Updated on</sub> //2018/10/21 00:29// |
* ''Renew SSL certificates'' (Let's Encrypt) done --- Updated on //2018/08/13 21:11// | * ''Renew SSL certificates'' (Let's Encrypt) done --- Updated on //2018/08/13 21:11// |
./certbot-auto delete | ./certbot-auto delete |
</code> | </code> |
| |
| ---- |
| |
| ==== Let's Encrypt via repository ==== |
| |
| <code bash> |
| sudo apt update |
| sudo apt install certbot python-certbot-nginx |
| </code> |
| |
| command is same as ''certbot-auto'' by ''root'' privilege. |
| |
| === Create certificate(s) === |
| |
| <code bash> |
| certbot certonly --webroot -w /var/www/mydomain -d www.mydomain.com |
| </code> |
| |
| === Renew certificate(s) === |
| |
| <code bash> |
| certbot renew |
| </code> |
| |
| === Delete certificate(s) === |
| |
| <code bash> |
| certbot delete --cert-name delete.mydomain.com |
| </code> |
| |
| |
| === Renew certificate(s) using systemd === |
| |
| Check renewal executes without error, |
| |
| <code bash> |
| sudo certbot renew --dry-run |
| </code> |
| |
| == Service unit file == |
| |
| If no error, edit **service unit file** typically stored in ''/etc/systemd/system/''. Edit ''/etc/systemd/system/certbot-renewal.service'' |
| |
| <code ini> |
| [Unit] |
| Description=Certbot Renewal |
| |
| [Service] |
| ExecStart=/usr/bin/certbot renew --post-hook "systemctl restart nginx.service" |
| </code> |
| |
| Which restarts web service after renewing certificate(s). |
| |
| == Timer unit file == |
| |
| Modify ''/etc/systemd/system/certbot-renewal.timer'' to adjust timer for certbot renewal. |
| |
| <code ini> |
| [Unit] |
| Description=Timer for Certbot Renewal |
| |
| [Timer] |
| OnBootSec=300 |
| OnUnitActiveSec=2w |
| |
| [Install] |
| WantedBy=multi-user.target |
| </code> |
| |
| The configuration below will activate the service biweekly, and 300 seconds after boot-up. |
| |
| == Using systemctl and journalctl == |
| |
| To start the timer |
| <code bash> |
| sudo systemctl start certbot-renewal.timer |
| </code> |
| |
| To enable the timer to be started on boot-up |
| <code bash> |
| sudo systemctl enable certbot-renewal.timer |
| </code> |
| |
| To show status information for the timer |
| <code bash> |
| systemctl status certbot-renewal.timer |
| </code> |
| |
| To show journal entries for the timer |
| <code bash> |
| journalctl -u certbot-renewal.service |
| </code> |
| |
---- | ---- |
| |
---- | ---- |
==== Backup & archive veb resources ==== | ==== Backup & archive web resources ==== |
| |
Using ''rsync'', backup and archive web resource into another location. | Using ''rsync'', backup and archive web resource into another location. |
| |
---- | ---- |
==== Exclude logging ==== | |
| |
Add ''map'' in Nginx configuration files, | ==== Disable build-in bluetooth ==== |
| |
Exclude logging from specific IP | Add configuration string in ''config.txt'' |
| |
<code nginx> | |
map $remote_addr $log_ip { | |
| |
"127.0.0.1" 0; | |
"10.0.0.2" 0; | |
"10.0.0.3" 0; | |
| |
default 1; | <code bash> |
| echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt |
| |
} | echo "dtoverlay=pi3-disable-bt" | sudo tee -a /boot/config.txt |
| </code> |
| |
| Disable systemd service that initializez Bluetooth Modems connected by UART. |
| |
| <code bash> |
| sudo systemctl disable hciuart |
</code> | </code> |
| |
Exclude logging from specific User-Agent | ---- |
| ==== Solved Problems ==== |
<code nginx> | |
map $http_user_agent $log_ua { | |
| |
~Pingdom 0; | === symbol lookup error === |
~Googlebot 0; | |
~Baiduspider 0; | |
| |
default 1; | <text type="warning">{{fa>exclamation}} **Problem**</text>: Error during ''sudo apt update'' |
} | |
| <text type="danger">{{fa>bug}} **Symptom**</text> |
| <code text> |
| apt-get: symbol lookup error: /usr/lib/arm-linux-gnueabihf/libapt-pkg.so.4.12: undefined symbol: |
| </code> |
| |
| <text type="info">{{fa>lightbulb-o}} **Solution**</text>: reinstall package |
| <code bash> |
| # Download the current version of libapt-pkg4.12 |
| wget http://mirrordirector.raspbian.org/raspbian/pool/main/a/apt/libapt-pkg4.12_0.9.7.9+rpi1+deb7u7_armhf.deb |
| |
| # Install it |
| sudo dpkg -i libapt-pkg4.12_0.9.7.9+rpi1+deb7u7_armhf.deb |
</code> | </code> |
| |
<text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log. | <text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log. |
| |
<text type="info">{{fa>lightbulb-o}} **Solution**</text>: | <text type="info">{{fa>lightbulb-o}} **Solution**</text>: [[https://www.digitalocean.com/community/questions/nginx-error-111-connection-refused|Solution #1]] |
| |
---- | ---- |
<text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log. | <text type="danger">{{fa>bug}} **Symptom**</text>: No symptom while running website. Only found in error log. |
| |
<text type="info">{{fa>lightbulb-o}} **Solution**</text>: | <text type="info">{{fa>lightbulb-o}} **Solution**</text>: |
| |
| |