Centralizing Certificate Management of LetsEncrypt with a Raspberry PI

Lets Encrypt is a new Certificate Authority (CA), run for the public’s benefit by the Internet Security Research Group (ISRG). At the time of writing it’s currently in Beta and is due to go public in December 2015.

Update: Lets Encrypt went into public -beta on December 3 2015. I have updated this article with the minor change needed to work with the live servers.

Now in the default mode, the standard Lets Encrypt client (it’s not the only one) can manage this automatically – however it’s not ideal if you have more than one server.

What I describe here is how to centralize managing certificate registration (& later renewal) on a central machine. When a certificate is then registered or renewed we can then copy the certs to the remote servers.

Continue reading “Centralizing Certificate Management of LetsEncrypt with a Raspberry PI”

Fixing HTTPS mixed content issues in Chrome

I’ve been beta testing the new Lets Encrypt Certificate Authority so have been adding HTTPS to various services however I hit on a problem where Chrome wasn’t showing the green padlock for a specific application. Instead it was showing the broken padlock because it was saying there was mixed content.

In https, mixed content is usually where you have a resource (css, image etc) thats being served in http instead.

So first I went in to developer tools to find that resource. Now it can be difficult to find, however one first tip is to go to the network tab and right click on any of the columns (e.g. Name) and ensure that scheme is ticked. This now adds a new column which should show https for everything. The one that shows http is the culprit.

Except in this case it didn’t. Everything was https. So what’s happening?

Well in Chrome it caches the https state with each resource, and in this instance I had https originally working with a test certificate. Now I have a real one, so chrome was being confused.

The solution was to restart chrome by opening a new tab and entering the url: chrome://restart

Once chrome restarts (it will restart every tab/window you have open) the problem was fixed.

Installing Java 7 on Debian Squeeze

For all of my servers I use Debian, however that distribution has a few problems, mainly the packages can be a bit behind the cutting edge.

Now this is usually a good thing if you are looking for stability – cutting edge software can have issues, especially from new features etc, so for a live environment you want something thats stable.

However, there does come a time when this can bite back. You either need a feature thats not in the standard repositories or in this case the version is now unsupported.

In Debian Squeeze it has Java 6 – but that was EOL’d a couple of months ago so is no longer supported by Oracle. The current version is Java 7 update 17.

So how do we get Java 7 installed?

Well it’s pretty easy to do, we just need to add another repository into apt and install it.

First the repository:

sudo su -
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" | tee -a /etc/apt/sources.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" | tee -a /etc/apt/sources.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886
apt-get update
exit

What that does is to install the ubuntu ppa repository into apt, setup the public keys and then load the package lists.

Next we need to install it:

sudo apt-get install oracle-java7-installer

This will now download Oracle Java 7 and present you with a couple of screens about licensing. Just ok and accept it and it will now install.

That’s it. You now have Java 7 installed – but it’s not the default JDK (if you already had Java 6 installed). If you want it to be the default then there’s just one more thing to do:

sudo apt-get install oracle-java7-set-default

That’s a dummy package but it will make Java 7 the default on that machine. If you want to check then you can check:

peter@titan ~ $ java -version
java version "1.7.0_17"
Java(TM) SE Runtime Environment (build 1.7.0_17-b02)
Java HotSpot(TM) 64-Bit Server VM (build 23.7-b01, mixed mode)

Setting up a Weather WebCam on Linux

Weather webcams are always popular and it is easy and free to set one up yourself.  This article will show how to setup a simple USB webcam to produce still images and serve them on a local apache webserver.

Continue reading “Setting up a Weather WebCam on Linux”

Formatting xml in emacs

I had this problem of debugging some xml but when reading the output of some log4j it was almost impossible to read so I needed some way of prettifying the xml quickly.

For this example I have the following xml:

<?xml version="1.0"?><xml><iq xmlns="jabber:component:accept" from="test1@temp.retep.org/client" id="iq_257" to="service.retep.org" type="get"><query xmlns="some:namespace"/></iq></xml>

So how do we pretify this in emacs?

Well the first thing to do is to write an extension function & place it into your ~/.emacs file. Placing it here means that when you open emacs the extension is available:

(defun xml-format ()
  (interactive)
  (save-excursion
    (shell-command-on-region (mark) (point) "xmllint --format -" (buffer-name) t)
  )
)

Now this works by passing the buffer to the xmllint utility and replaces it with the output – in this case nicely formatted xml.

Now we need to install xmllint:

pi@lindesfarne: ~$ sudo apt-get install libxml2-utils

Ok so now open emacs and open the xml. To format first select the xml you want to format then Press Escape then x followed by xml-format & press return. You should then get the xml nicely formatted:

<?xml version="1.0"?>
<xml>
  <iq xmlns="jabber:component:accept" from="test1@temp.retep.org/client" id="iq_257" to="service.retep.org" type="get">
    <query xmlns="some:namespace"/>
  </iq>
</xml>

Compiling a Kernel on the Raspberry PI

The reason I had to do this was because I needed video4linux to get a webcam working for a forcoming series of posts connecting a telescope to the pi. Although the connection to the telescope wasn’t a problem, the customized webcam I have needed it.

Here I compile the kernel on a more powerful linux box to save time then transfer the kernel over to the PI.

Also this article is mainly my personal notes on compiling a new kernel rather than a tutorial on how to do it. Writing it here makes sense to keep things together & maybe it’s useful for anyone else.

These instructions are based on the RPI Kernel Compilation available at elinux.org.
Continue reading “Compiling a Kernel on the Raspberry PI”

Using NFS to provide extra disk to a Raspberry PI

As the Raspberry PI uses an SD Card for it’s boot device there are times when you need either more space than is available on that device or a device that’s faster – writing to flash is slow and flash cards do have a limited number of writes that can be made to them.

Now there’s several ways to accomplish this:

  • Use an external USB drive (the common route)
  • Use a network shared drive

Using a USB drive is simple and is the faster option but it means it’s dedicated to the PI whilst it’s in use, hence this article on using a network drive – in this instance a directory on another Linux box in the network.

Also having it shared on the network means that multiple machines could use it at the same time. Imagine if you are a teacher with a collection of PI’s being used by your students. You could setup a central read-only directory with your class work which they can all access as if it’s installed locally.
Continue reading “Using NFS to provide extra disk to a Raspberry PI”