Well, Raspberry PI is not an OS but a small hardware.  Because of the memory (512 MBytes) and the OS being a special version of Debian (currently Debian "wheezy"),
I created this page.  I just bought the kit (CanaKit Raspberry Pi Ultimate Starter Kit) from amazon.
Updated 9/19/2020Index
How can I fix 'The connection is not fully secure'?After 1. I put the certificate, 2.nginx configuration for ssl (/etc/nginx/site-enabled/default) and 3. use port-forward 443 on the Verizon router, I was able to see my web site using https. The problem is that I see Lock icon with ! (Connection not secure). I used a Content-Security-Policy directive in all pages in my site to fix this problem right after head tag. <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">This method is one of the two method described in https://www.a2hosting.com/kb/security/ssl/secure-and-insecure-content-on-a-web-page How can I set up https?My RaspberryPI lives inside the Verizon router and I have to set up Port-Forward 443 to RaspberryPI on the router. I forgot this setting initially and https was not working until I did this. You then have to get SSL certificate. You usually pay to get the certificate. Fortunately, LetsEncrypt allows you to get the certificate for free. The instruction for Raspberry Pi is https://pimylifeup.com/raspberry-pi-ssl-lets-encrypt/. Since my Pi does not have apache installed but nginx installed, I follow the direction for nginx. After trying LetsEncrypt, I paid the fee to get the certificate from COMODOSSLSore. I used http file based validation (i.e. they send me a file and put it in to the root directory of the web page. The CA will verify this file.) I generated CSR using SSL on RaspberryPI. I received the certificate issued by Sectigo Limited. Here is how to generate CSR on RaspberryPI. openssl req -new -newkey rsa:2048 -nodes -keyout (server).key -out (server).csr Note that (server) must be replaced by the site you want to have https. After issuing the command you have to input several items. You send CSR file. The key file is needed to install the certificate on RaspberryPI. In order to install the certificate, you need to link two certificates from the zip file I received from the CA. It turned out that my zip file contained four files. Which one? My certificate is certified by Sectigo and thus you do cat your_domain_name.crt SectigoRSADomainValidationSecureServerCA.crt >> bundle.crtNow you edit /etc/nginx/site-enabled/default file (I'm using nginx-light on RaspberryPI). You will find server section as
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/bundle.crt
ssl_certificate_key /etc/ssl/your_domain_name.key
...
After you edit the file, you have to restart nginx service as
sudo service nginx restartIf there is an error in configuration, it will tell you what to do. In my case the error message was very clear in how to fix the problem. How to set up light-weight mail server?I used nullmailer. When you install nullmailer by "sudo apt-get install nullmailer mailutils",it will ask you about mail server host. I tried to use smtp.gmail.com but did not work.It turned out that you have to generate the application specific password at https://support.google.com/accounts/answer/185833 to generate if you use two-part authentication. Once you generate, you use -pass=(generated passwrd). How to set up a static IP address?sudo nano /etc/dhcpcd.conf How to set up firewall?I set up the port forwarding on the router (after setting up a static address).I was recommended to setup a firewall. I used "ufw".For reference, see https://help.ubuntu.com/community/UFW. Install ufw: sudo apt-get install ufw Incoming setting sudo ufw allow ssh ... port 22 sudo ufw allow http ... port 80 sudo ufw allow https ... port 443 Outgoing setting for DNS sudo ufw allow out 53/tcp sudo ufw allow out 53/udp Verification of the firewall rules sudo ufw status verbose This is what I got: Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ----- ---- 22/tcp ALLOW IN Anywhere 80/tcp ALLOW IN Anywhere 443/tcp ALLOW IN Anywhere 22/tcp (v6) ALLOW IN Anywhere (v6) 80/tcp (v6) ALLOW IN Anywhere (v6) 443/tcp (v6)ALLOW IN Anywhere (v6) 53/tcp ALLOW OUT Anywhere 53/udp ALLOW OUT Anywhere 53/tcp (v6) ALLOW OUT Anywhere (v6) 53/udp (v6) ALLOW OUT Anywhere (v6) Another example is to enable the following port addresses HCP Access - Ports 67 and 68 UDP Web Access - Ports 80 and 443 Protocol TCP Email Access - Ports 25 and 110 , 143 Protocol TCP DNS Access - Port 53 Protocol TCP and UDP (This is absolutely required) sudo ufw allow out 25,53,80,110,443/tcp sudo ufw allow out 53,67,68/udp sudo ufw disable && sudo ufw enable How can I change loglevel?I noticed that the console emitted "undervoltage detected" so many times. It may be due to the cell phone power supply. I was using 5V/1A from my old LG cellphone power supply. It is nice to know that you can ignore this log by changing loglevel. You modify /boot/cmdline.txt. Add loglevel=1. The possible values are 0 (KERN_EMERG) system is unusable 1 (KERN_ALERT) action must be taken immediately 2 (KERN_CRIT) critical conditions 3 (KERN_ERR) error conditions 4 (KERN_WARNING) warning conditions 5 (KERN_NOTICE) normal but significant condition 6 (KERN_INFO) informational 7 (KERN_DEBUG) debug-level messages How can I add usb drive to the system?This web page Ben Garrett page has a tons of information on adding various file system to Rasberry PI. How can I install Apache web server?I needed Raspberry PI2 to run web server for my Remote control project. sudo apt-get install apache2 -yAfter installation, open a browser and go to http://localhost/. The default web page is located at /var/www.index.html. How can I install Node.js for RaspberryPI?There are several server languages are available on Raspberry PI (PHP, Java, Ruby, Python, etc). I just want to use Javascript for everything. Here is the site explaining how to installNode.js for Raspberry PI: https://learn.adafruit.com/raspberry-pi-hosting-node-red/setting-up-node-dot-js. 1. sudo apt-get update 2. sudo apt-get upgrade 3. sudo wget http://node-arm.herokuapp.com/node_latest_armhf.deb 4. sudo dpkg -i node_latest_armhf.deb 5. test by issuing "node -v". Currently I get "v.0.10.31". How can I secure Raspberry PI which is to be exposed to outside?Due to the hackers, exposing an internet device needs a lot of care. Fortunately, I got a Japanese magazine called"Anybody can do it! Fun with Raspberry PI" (in Japanese) (Nikkei BP, 2013) which had the section on how to secure. I summarized it in an attached document at the bottom of this page. How can I configure NGINX-LIGHT?After installing "nginx-light", I wanted to edit the default file. I had a hard time finding the appropriate page on the internet
and thus I have to write it down here. The default "index.html" is located in /usr/share/nginx/www.
However, this is inconvenient that you always have to do "sudo".You can move the root directory by editing a configuration file
/etc/nginx/sites-available/default.You change one line in server section : change "root" to point to wherever convenient
place to you and create the directory, owned by user "pi". In my case, "root"points to /var/www/default and create index.html there.Â
Restart nginx by sudo service nginx restart. How can I see the web page on the Raspberry PI from outside?After securing the Raspberry PI with the static address of my Verizon router, I like to see the web page from outside. Unfortunately, my IP address is assigned by the provider using DHCP (dynamic host configuration protocol) so that there is no fixed IP address you can talk to from outside. Fortunately there is a method called "DynamicDNS" and there are several available for free. Here is the link to review these sites. http://www.gnutomorrow.com/best-free-dynamic-dns-services-in-2013/ (it is updated for 2014). The trick is to send to the dynamic dns provider a notice from the Raspberry PI so often so that it can register the updated IP address. The notice can be done by sending a mail/or request a mail (fetchmail) by cron. Because the provider is doing it for free, you usually get the subdomain of the provider specified address. I'm happy to report that it is working for me. How can I acquire images on the Raspberry PI?Install fswebcam or uvccapture which allows to acquire images. Install motion if you want to motion detect images. Make sure that you reboot the system after installing software. Otherwise you get a weird error. In my case I use USB camera "Logitech C310". It produced the error that it supports YUYV and MJPG but unknown pixel format. How can I set up a web server on PI?I found a very detailed explanation using nginx in here: http://www.ducky-pond.com/posts/2013/Sep/setup-a-web-server-on-rpi/. The distinction between /etc/nginx/sites-available vs. /etc/nginx/site-enabled is important. The file in /etc/nginx/site-enabled is actually a link to a file in sites-availableso that you can manage multiple sites in nginx.  The default html directory is specified by /etc/nginx/sites-enabled/default specifies the location.  Currently /var/www/html. |
OSes‎ > ‎