Archive for the ‘Raspberry Pi’ Category

Raspberry Pi – how to setup Apache Guacamole with Docker & Portainer

Samstag, Januar 15th, 2022
root@rpi-iot-jsho-2FA-01:~# curl -sSL https://get.docker.com | sh
# Executing docker install script, commit: 93d2499759296ac1f9c510605fef85052a2c32be
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
+ sh -c curl -fsSL „https://download.docker.com/linux/raspbian/gpg“ | gpg –dearmor –yes -o /usr/share/keyrings/docker-archive-keyring.gpg
+ sh -c echo „deb [arch=armhf signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/raspbian bullseye stable“ > /etc/apt/sources.list.d/docker.list
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq –no-install-recommends docker-ce-cli docker-ce >/dev/null
+ version_gte 20.10
+ [ -z ]
+ return 0
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce-rootless-extras >/dev/null
+ sh -c docker version
Client: Docker Engine – Community
Version: 20.10.12
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:45:28 2021
OS/Arch: linux/arm
Context: default
Experimental: true
Server: Docker Engine – Community
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.12
Git commit: 459d0df
Built: Mon Dec 13 11:43:45 2021
OS/Arch: linux/arm
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
===============================================
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:
dockerd-rootless-setuptool.sh install
Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.
To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/
WARNING: Access to the remote API on a privileged Docker daemon is equivalent
to root access on the host. Refer to the ‚Docker daemon attack surface‘
documentation for details: https://docs.docker.com/go/attack-surface/
===============================================
root@rpi-iot-jsho-2FA-01:~#
root@rpi-iot-jsho-2FA-01:~# usermod -aG docker pi
root@rpi-iot-jsho-2FA-01:~# docker pull portainer/portainer-ce:linux-arm
linux-arm: Pulling from portainer/portainer-ce
0ea73420e2bb: Pull complete
c367f59be2e1: Pull complete
4bb294c1afcb: Pull complete
Digest: sha256:8297a8a6d055b12b998f4fcb1fb8c8cd34340d4eb1b963a7b4db4981613b1d99
Status: Downloaded newer image for portainer/portainer-ce:linux-arm
docker.io/portainer/portainer-ce:linux-arm
root@rpi-iot-jsho-2FA-01:~#
root@rpi-iot-jsho-2FA-01:~# docker run –restart always -d -p 9000:9000 -v /var/ run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer -ce:linux-arm
d82bfe696e54a760f542ac9fa6ad06d52f207a431b6655a22e91faeb4c527888
root@rpi-iot-jsho-2FA-01:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d82bfe696e54 portainer/portainer-ce:linux-arm „/portainer“ 13 seconds ago Up 10 seconds 8000/tcp, 9443/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp exciting_antonelli
root@rpi-iot-jsho-2FA-01:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d82bfe696e54 portainer/portainer-ce:linux-arm „/portainer“ 33 seconds ago Up 29 seconds 8000/tcp, 9443/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp exciting_antonelli
root@rpi-iot-jsho-2FA-01:~#
http://192.168.1.159:9000

Banana Pi BPI-M1 – practical example with an S3-compatible object storage server with MinIO on Armbian Bullseye

Donnerstag, Januar 13th, 2022

root@rpi-iot-jsho-cam-02:~# vi MinIoMotioneyeBackup.sh
#!/bin/bash
#FileName: MinIoMotioneyeBackup.sh
LocalBackupPath=“/var/lib/motioneye“
MinioBucket=“myminio/worm-with-versioning-and-retention/motioneye“
MCPATH=“/root/mc“
$MCPATH mirror –json –overwrite –remove –preserve $LocalBackupPath $MinioBucket
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# crontab -l
00 * * * * /root/MinioMotioneyeBackup.sh >> /dev/null 2>&1
00 * * * * /root/MinioMotioneyeBackup2.sh >> /dev/null 2>&1
00 * * * * /root/MinioMotioneyeBackup3.sh >> /dev/null 2>&1
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# date
Wed 05 Jan 2022 04:36:38 PM CET
root@rpi-iot-jsho-cam-02:~#

root@rpi-iot-jsho-cam-02:~# date
Thu 06 Jan 2022 09:21:59 AM CET
root@rpi-iot-jsho-cam-02:~#

root@rpi-iot-jsho-cam-02:~# date
Fri 07 Jan 2022 01:37:18 PM CET

root@rpi-iot-jsho-cam-02:~#

root@rpi-iot-jsho-cam-02:~# date
Sun 09 Jan 2022 12:37:55 PM CET

root@rpi-iot-jsho-cam-02:~#

root@rpi-iot-jsho-cam-02:~# vi MinioMotioneyeBackup.sh
#!/bin/bash
#FileName: MinIoMotioneyeBackup.sh
LocalBackupPath=“/var/lib/motioneye“
MinioBucket=“myminio/worm-with-versioning-and-retention/motioneye“
MCPATH=“/root/mc“
$MCPATH mirror –json –overwrite –remove –preserve $LocalBackupPath $MinioBucket
$MCPATH rm –force –versions –recursive –older-than 7d $MinioBucket
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# vi MinioMotioneyeBackup2.sh
!/bin/bash
#FileName: MinIoMotioneyeBackup2.sh
LocalBackupPath=“/var/lib/motioneye“
MinioBucket=“myminio/noworm-with-versioning-and-noretention/motioneye“
MCPATH=“/root/mc“
$MCPATH mirror –json –overwrite –remove –preserve $LocalBackupPath $MinioBucket
$MCPATH rm –force –versions –recursive –older-than 7d $MinioBucket
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# vi MinioMotioneyeBackup3.sh
!/bin/bash
#FileName: MinIoMotioneyeBackup3.sh
LocalBackupPath=“/var/lib/motioneye“
MinioBucket=“myminio/noworm-with-noversioning-and-noretention/motioneye“
MCPATH=“/root/mc“
$MCPATH mirror –json –overwrite –remove –preserve $LocalBackupPath $MinioBucket
root@rpi-iot-jsho-cam-02:~#

root@rpi-iot-jsho-cam-02:~# ./mc rm –force –versions –recursive –older-than 6d myminio/worm-with-versioning-and-retention/motioneye
Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera1/.keep` (versionId=23026458-6652-4139-985d-ad4068cc5f26, modTime=2022-01-04 22:00:25.386 +0000 UTC).
Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera1/.keep` (versionId=2eee588f-343a-4844-a14c-f5d1522430c6, modTime=2022-01-04 10:00:20.937 +0000 UTC).
Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera1/2022-01-04/17-12-19.jpg` (versionId=ee2b64ce-f03b-4bb0-b0a2-034d5e9dd217, modTime=2022-01-04 17:00:17.052 +0000 UTC).
Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera2/2022-01-04/15-26-20.jpg` (versionId=e076f7e7-0a3e-4026-84ad-f0345be0769a, modTime=2022-01-04 15:04:00.74 +0000 UTC).
Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera2/2022-01-04/15-26-21.jpg` (versionId=2a7c2ee3-b46a-4d5c-8375-556743e8c404, modTime=2022-01-04 15:04:00.669 +0000 UTC).
Removing `myminio/worm-with-versioning-and-retention/motioneye/Camera2/2022-01-04/15-26-22.jpg` (versionId=500b4e3a-2138-4a0a-bd08-778e816cef70, modTime=2022-01-04 15:04:00.733 +0000 UTC).
mc: <ERROR> Failed to remove `/worm-with-versioning-and-retention/motioneye/Camera2/2022-01-04/15-26-22.jpg`. Object is WORM protected and cannot be overwritten
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# date
Wed 12 Jan 2022 12:04:08 PM CET
root@rpi-iot-jsho-cam-02:~#

root@rpi-iot-jsho-cam-02:~# ./mc rb –force myminio/worm-with-versioning-and-retention5d
mc: <ERROR> Failed to remove `myminio/worm-with-versioning-and-retention5d`. Object is WORM protected and cannot be overwritten.
root@rpi-iot-jsho-cam-02:~#
root@rpi-iot-jsho-cam-02:~# ./mc du –versions myminio/worm-with-versioning-and-retention5d
332MiB worm-with-versioning-and-retention5d
root@rpi-iot-jsho-cam-02:~#

Raspberry Pi OS (Legacy) – we’ve decided to create a legacy version of the Raspberry Pi OS based on the Debian Buster release (or, to be more specific, the Debian oldstable release)

Dienstag, Januar 11th, 2022

Ein immutable Backup ist eine Datensicherung – die nicht verändert oder gelöscht werden kann

Dienstag, Januar 11th, 2022

Praspberry Pi – Alpine Linux vs Raspberry Pi OS vs DietPi

Montag, Januar 3rd, 2022

MSP360 Managed Backup 5.2 – new backup format GFS restore verification deduplication and more

Samstag, Januar 1st, 2022

   MSP360 Managed Backup – Backup and IT Management Software Simplified

Banana Pi BPI-M1 – Let’s Encrypt SSL how to use a private key and public certificate with an S3-compatible object storage server with MinIO on Armbian Bullseye

Donnerstag, Dezember 30th, 2021

root@bpi-iot-jsho-minio-03:~# apt-get install certbot
root@bpi-iot-jsho-minio-03:~# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‚c‘ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‚c‘
to cancel): bpi-iot-jsho-minio-03.ddnss.eu
Requesting a certificate for bpi-iot-jsho-minio-03.ddnss.eu
Performing the following challenges:
http-01 challenge for bpi-iot-jsho-minio-03.ddnss.eu
Waiting for verification…
Cleaning up challenges
Subscribe to the EFF mailing list (email: josef.schuster@dpsolution.de).
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/privkey.pem
Your certificate will expire on 2022-03-27. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run „certbot renew“
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@bpi-iot-jsho-minio-03:~#
root@bpi-iot-jsho-minio-03:/# find . -name fullchain.pem -print
./etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/fullchain.pem
root@bpi-iot-jsho-minio-03:/#
root@bpi-iot-jsho-minio-03:~# cp /etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/fullchain.pem $HOME/.minio/certs/public.crt
root@bpi-iot-jsho-minio-03:~# cp /etc/letsencrypt/live/bpi-iot-jsho-minio-03.ddnss.eu/privkey.pem $HOME/.minio/certs/private.key

If your TLS certificates do not have the IP SAN for the MinIO server host the MinIO Console may fail to validate the connection to the server use the MINIO_SERVER_URL environment variable and specify the proxy-accessible hostname of the MinIO server to allow the Console to use the MinIO server API using the TLS certificate

root@bpi-iot-jsho-minio-03:/# MINIO_SERVER_URL=“https://bpi-iot-jsho-minio-03.ddnss.eu:9000″ MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=<password> ./minio server –console-address „:9001“ /data/data{0…3}
https://bpi-iot-jsho-minio-03.ddnss.eu:9001

root@bpi-iot-jsho-minio-02:~# ./mc alias set myminio https://bpi-iot-jsho-minio-03.ddnss.eu:9000 admin <password>
Added `myminio` successfully.
root@bpi-iot-jsho-minio-02:~#
root@bpi-iot-jsho-minio-02:~# ./mc –version myminio
mc version RELEASE.2021-12-20T23-43-34Z
root@bpi-iot-jsho-minio-02:~# ./mc admin update myminio
Server `myminio` updated successfully from 2021-12-20T22:07:16Z to 2021-12-29T06-49-06Z
root@bpi-iot-jsho-minio-02:~#

IT Grundlagen Azubi Training 4/4 – Docker Portainer NGINX Vaultwarden Pi-Hole and more

Mittwoch, Dezember 29th, 2021

Zabbix 5.4.8 – distributed monitoring with a lightweight Zabbix SQLite proxy

Dienstag, Dezember 28th, 2021

MinIO – has also added the ability to auto-extract .tar files after upload

Montag, Dezember 27th, 2021
# mc mb play/mybucket
# mc cp <path-to-archive>.tar play/mybucket –disable-multipart –attr „X-Amz-Meta-Snowball-Auto-Extract=true“
# mc ls play/mybucket

Banana Pi BPI-M1 – OpenSSL SSL how to use a private key and public certificate with an S3-compatible object storage server with MinIO on Armbian Bullseye

Montag, Dezember 27th, 2021
root@bpi-iot-jsho-minio-03:~# cd .minio/certs
root@bpi-iot-jsho-minio-03:~/.minio/certs# openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out public.crt -keyout private.key
Generating a RSA private key
……………………………………………..++++
……………………………………………..++++
writing new private key to ‚private.key‘
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‚.‘, the field will be left blank.
—–
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Bavarian
Locality Name (eg, city) []:St.Wolfgang
Organization Name (eg, company) [Internet Widgits Pty Ltd]:JSHO
Organizational Unit Name (eg, section) []:JSHO
Common Name (e.g. server FQDN or YOUR name) []:bpi-iot-jsho-minio-03.fritz.box
Email Address []:josef.schuster@dpsolution.de
root@bpi-iot-jsho-minio-03:~/.minio/certs#

MinIO Object Retention Modes ‚GOVERNANCE‘ – lifts the lock automatically after the configured retention rule duration has passed

Montag, Dezember 27th, 2021

IT Grundlagen Azubi Training 2/4 – Docker Portainer NGINX Vaultwarden Pi-Hole and more

Montag, Dezember 27th, 2021

Docker Apache Guacamole – is a clientless remote desktop gateway it supports standard protocols like VNC RDP and SSH

Sonntag, Dezember 26th, 2021

   Docker Apache Guacamole – using this image will require an existing running Docker container with the guacd image and another Docker container providing either a PostgreSQL or MySQL database image

# docker pull guacamole/guacamole
# docker pull guacamole/guacd
# docker pull postgres
# docker pull mysql

MinIO – collect MinIO Metrics using Prometheus

Sonntag, Dezember 26th, 2021