Raspberry Pi Home Server v2: Network UPS Tools

Posted on December 11, 2016 by Mel Grubb

Note: This post is part of a series. Each post builds on the previous ones. If you are just trying to add one thing to an existing system that was not built following this series, then I cannot promise that these instructions will work for you, although they probably will. If you’ve started from something other than a non-NOOBS Raspbian image, then you’ll probably need to adjust for that.

Please refer to the series Introduction for a list of all the different posts in the series.

Self-Promotion: I have recorded this series as a screencast for Pluralsight:
(http://www.pluralsight.com/courses/raspberry-pi-home-server)
If you have a Pluralsight subscription, please consider watching it. Reading the instructions is one thing, but watching it done demystifies the whole process.

Thank you!

My previous home “server” before embarking on this series was just an old laptop of mine. It wasn’t particularly strong, but it could run CrashPlan and serve files. One advantage it had was that, being a laptop, it had a built-in battery and knew how to shut itself down if the power went out. Of course, I had to go downstairs and start it back up once the power was restored, but at least nothing got corrupted.

If you have a desktop computer at home or at work, you may also have an Uninterruptable Power Supply (UPS) under your desk. This is basically a battery big enough to power your computer and monitor long enough for you to save what you are doing and shut down gracefully. Most modern UPS units also have a USB port on them and come with software so that when the power goes out, the UPS can tell the computer to automatically suspend, hibernate, or shut itself down depending on how you’ve configured it.

It shouldn’t surprise you that there are UPS options available for the Raspberry Pi as well. Take the CW2 “Pi UPS” (http://www.piups.net), for example. This product will work fine for most simple Raspberry Pi projects running off of an SD card, but my particular installation has a RAID enclosure hooked up to it. I don’t think AA batteries are going to cut it. What I need is something that will keep the hard drives spinning long enough for the Pi to shut down safely.

I’ve had my Raspberry Pi Home Server plugged into a UPS for well over a year now, and it survives power outages just fine, shutting itself down safely, and restarting automatically. My Raspberry Pi Home Server is attached to a CyberPower SX550G. I chose this model because:

It has a USB connection to the computer.
It was on sale for $40.
I’m cheap.

It’s a 550VA battery backup, which probably wouldn’t get you very far with a full-sized desktop computer, but it should be more than adequate for a Router, a Raspberry Pi, and a couple of drives. It could probably run those devices for a good couple of hours if needed, actually. I haven’t done the math, but if not for the external drives, it could probably run the Pi for days.

So how can we get the Pi to use it intelligently? It certainly didn’t come with a ready-made software package for the Pi, although Linux software is available for it.

Network UPS Tools (NUT)

The Network UPS Tools package, aka “NUT” (http://www.networkupstools.org), is a collection of programs meant to make UPS hardware from different manufacturers work in roughly the same way. It’s available for a wide variety of platforms, one of which happens to be Debian Linux, of which Raspbian is a variant.

NUT consists of three major components

A driver to communicate with your particular UPS using whatever protocol it supports, and translate that into a common API.
A daemon (service) that connects via the driver and acts as a communication hub.
A client program that can perform various tasks such as shutting down the computer when the power state reported by the daemon own sitechanges.

There are a few other components, such as command-line utilities that can tell you about the current state of the UPS, or allow you to make changes to the UPS configuration. For the most part though, we’re only concerned with the three components I just mentioned.

Note: NUT works with a wide range of UPSes, but without owning one from each different manufacturer and/or vintage, I can’t create instructions specific to each model. Questions about how to get NUT working with your particular UPS are best addressed on the project’s own site, or its GitHub site. For the most part, though, they should all work the same way.

If your UPS is older, and doesn’t have a USB port, but has a 9-pin serial port, you are totally on your own. I tried to make an older serial-ported UPS work through an RS232/USB adapter, but as it turns out, the UPS didn’t actually communicate over the serial port. It just shorted two pins together to mean that everything was okay. Maybe you could hack something together using the GPIO pins. If so, you’re a better man than me.

Installing Network UPS Tools (NUT)

Simplicity itself. Like most things we’ve installed in this series, NUT is available through apt-get

sudo apt-get install nut

Select your driver

Find the driver for your particular UPS by looking at the compatibility list on the NUT site (http://www.networkupstools.org/stable-hcl.html). If you can purchase a UPS that’s on the list, then that’s great. If you don’t find your UPS on the list, that doesn’t mean it won’t work, though. For instance, my UPS isn’t on the list, but a ton of other devices from the same company are, and they all seem to use the same driver (usbhid-ups). I gave it a shot, and it works just fine. YMMV

Configure the UPS

Once you’ve identified the driver for your UPS, you’ll need to edit the ups configuration file.

sudo nano /etc/nut/ups.conf

This file, like all of the NUT configuration files, is very well documented inline, and explains all of its different options. At the bottom of the file, you’ll add an entry for your UPS. You’ll need to give it a name, specify a driver, and give it a description. There is also an option to specify a port. For units that connect via a USB cable, this is meaningless, but it’s still required, so use the value “auto”.

[RPHS]
    driver = usbhid-ups
    port = auto
    desc = "CyberPower SX550G"

The name in square brackets is so you can tell multiple UPS devices apart in case you have one NUT server monitoring multiple devices. Unless you’re building something really esoteric, you probably only have one UPS like me, so for lack of anything better to call it, I’ve named mine “RPHS” after the computer it serves. You can put anything you want in the description, so I just put the make and model of the device for reference. The end result should look something like this:

RPHS2016.12.01-UPS Config.PNG

That’s it for configuring the UPS itself. Close and save the file (ctrl-x, y, enter).

Configure the daemon

A daemon is the Unix/Linux term for any invisible background process. Windows folks call these “services”. For NUT, there is a daemon that is in charge of listening to the UPS via the driver, and telling the client applications what to do. Edit its configuration file like this:

sudo nano /etc/nut/nut.conf

For this simple application, where both the client and the server programs will be on the same computer (the Pi), go to the bottom of the file and set the MODE to “standalone”.

RPHS2016.12.02-NUT Config.PNG

Close and save the file.

Verify hardware configuration

To check whether the driver and daemon are configured correctly, you can simply start up the service.

sudo upsdrvctl start

The first time I tried to connect to the UPS I got the error “could not detach kernel driver from interface 0: Operation not permitted”. I rebooted and tried again, and everything was fine.

RPHS2016.12.03-NUT start.PNG

Notice that this time I got a message about “Duplicate driver instance detected”. This is because now that I have things configured correctly, the driver started up automatically when I rebooted. Not only that, but the daemon should be running now as well. Check it like this:

sudo service nut-server status

You should get a message that the NUT server is running. You can now ask the NUT server questions about the status of the UPS using “upsc”, one of several command line utilities that apt-get installed. Substitute the name you gave your UPS above as needed.

upsc rphs

You’ll get quite a long list of information about the configuration and status of your UPS.

RPHS2016.12.04-NUT info.PNG

Depending on the make and model, you’ll get more or less detailed information.

Configure the monitor

That’s two out of the three layers. Last but certainly not least is the “upsmon” client. This is the part that will actually shut down the computer when the NUT server says so.

Define credentials that the monitor client program will use to connect to the server.

sudo nano /etc/nut/upsd.users

Go to the bottom and define two users, one called “admin” and one called “upsmon”. You can actually name them anything you want, but naming the “monitor” user after the program that will use it (upsmon), seems to be the convention. You give the “admin” user rights to issue commands and change configurations with the “actions” and “instcmds” settings. The “upsmon” user has no such rights, it’s just there to listen and shut the computer down when the power goes out.

[admin]
    password = mypasswd
    actions = SET
    instcmds = ALL

[upsmon]
    password = mypasswd
    upsmon master

Since this is the computer that’s actually in charge of monitoring the UPS, set the “upsmon” setting to “master”.

Next, edit the configuration file for the upsmon client program.

sudo nano /etc/nut/upsmon.conf

This configuration file is pretty long, and has a lot of options. The one we’re interested in is about five pages down. Look for the example lines that start with “MONITOR”, and create a new entry on the blank line below that section. There are six parts to this setting.

The keyword “MONITOR”. It does have to be all uppercase, by the way.
The “system” name in the format UpsName@HostName. I called my UPS “RPHS”, and since we’re running in standalone mode, we can just use “localhost” for the host name, so the resulting “system name” is “RPHS@localhost”.
The “power value”. This only applies to big servers with multiple redundant power supplies. Just set it to “1”.
The user name that you established in the upsd.users file (upsmon) .
The password that you established in the upsd.users file (mypasswd).
A value indicating whether this computer is the master or slave. You can read about the distinction in the upsmon.conf file itself, but for a standalone system like this, use “master”.

When you’re done, it should look something like this.

RPHS2016.12.05-NUT upsmon.PNG

This next part is optional, but handy for testing that your system is working. Scroll down a bit further, and look for the NOTIFYFLAG section. There are two entries there, “ONLINE” and “ONBATT”, but they seem to be commented out by default in the current installation. Remove the pound sign from the beginning of these two lines, so that NUT can tell us about the state of the UPS when it changes.

RPHS2016.12.02-NUT Config Messages.PNG

Close and save the file.

Next up, a little permissions wrangling. You need to set up the various configuration files to be readable by the NUT components that use them, but not by other users. This prevents anyone from reading the password, and sending unauthorized commands to the server to shut everything down. It may be overkill for a simple home network, but it’s also really simple to do.

sudo chown nut:nut /etc/nut/*
sudo chmod 640 /etc/nut/upsd.users /etc/nut/upsmon.conf

You should get no complaints

RPHS2016.12.06-NUT permissions.PNG

UPS Commands

Depending on the sophistication of your particular UPS, you may be able to send it commands to do things like initiate a self-test, or simulate a power failure. You can get a list of what your particular UPS supports with

sudo upscmd -l rphs

RPHS2016.12.07-NUT commands.PNG

The number and type of commands will vary by manufacturer and model, so your output may not match mine. There are a few commands here worth mentioning, though. The “load.off” command will shut down the UPS immediately. Think of it as the “goodbye world” command. You generally don’t want to mess with that one. You could actually use this command to turn a second UPS on and off, allowing your Pi to control the power to something else. I’ll leave that one up to your imagination, but there are certainly cheaper ways to automate things.

The “beeper.mute” command will temporarily silence the warning beep that my UPS makes when the power goes out. This will make testing the system a bit less annoying here in the next section. The “beeper.disable” command would probably have the same effect, but on a more permanent basis.

Testing the system

Restart the NUT service and client daemons to ensure that they load all of the configuration changes we’ve made.

sudo service nut-server restart
sudo service nut-client restart

At this point, you can unplug your UPS from the wall and, after a short delay, you should get a message that the system is now running on battery power.

IMPORTANT: Wall messages like this don’t seem to show up in Terminal windows on the desktop. If you want to test this part for yourself, connect via SSH using a program like PuTTY on Windows.

RPHS2016.12.08-NUT ONBATT.PNG

If you plug it back in, you’ll get another message that power has been restored.

RPHS2016.12.09-NUT ONLINE.PNG

So far, so good. Now for the real test. Unplug the UPS from the wall and leave it unplugged. If your UPS supports it, now is a good time to issue that “beeper.mute” command. In my case, I issued the “upscmd rphs beeper.mute” command, and was prompted for a user name and password. We established the user name “admin” in the config file above.

RPHS2016.12.10-NUT mute.PNG

You can sit and stare at the screen, wondering when it will shut down, or you can periodically check on the status to see how fast you’re using up the battery. I plugged my laptop charger and a television into the UPS to speed things along. A good, old-fashioned 100-Watt bulb would help, too.

Eventually, when the battery gets low enough, the system should shut itself down.

Plug the UPS back in, and if you’re lucky, everything will start back up again. For some models, even after the power is restored, you may have to physically press a button on the UPS to start everything back up. Mine starts up on its own, so a few minutes later I was back up and running.

Email notifications (optional)

Wall messages are just fine if you’re connected via SSH or looking at a monitor connected directly to the Pi, but if your server is headless or you’re running the desktop, you won’t see them. We need a way to be notified when something goes wrong. NUT can be configured to call any arbitrary command when it has something to say, so we’re going to set it up to send out email messages. This can inform you of power issues even when you’re not connected to the Pi at all.

We’re going to need to install a couple utilities to make this happen. I’ll be using ssmtp because it’s the simplest thing that works. Because it only knows how to send emails, it doesn’t leave any services running in the background using up CPU time. If you’ve already configured some other kind of mail agent on your system, then you’ll need to adjust accordingly.

sudo apt-get install ssmtp mailutils

Next, we’ll edit ssmtp’s configuration:

sudo nano /etc/ssmtp/ssmtp.conf

For this demonstration, I’ll be configuring ssmtp to work with gmail. If you want to use your ISP’s email services, then check out the ssmtp documentation, but most of the concepts should be the same.

Change the “mailhub” setting to point to your email server. For gmail, that will be “smtp.gmail.com:587”. For gmail, you’ll also need to add the “UseSTARTTLS=YES” setting. Scroll to the bottom of the file and add settings for “AuthUser”, “AuthPass”, and uncomment the “FromLineOverride”. The result should look something like this:

Note: If you have two-factor authentication set up with gmail, then the AuthPass setting will need to be an application-specific password. You can read more about that here.

Test your email setup by sending yourself an email from the command line.

echo "Test body" | mail -s "Test subject" [YOUREMAILADDRESS]

Check your inbox for the email. If you get it, then you’re ready to configure NUT to use ssmtp. Some wireless providers have special email addresses you can use to send texts to your phone. I have configured my NUT installation to send me texts rather than plain old emails, so I’ll notice them immediately.

Next, edit the NUT client configuration one more time to set up the email notifications.

sudo nano /etc/nut/upsmon.conf

Scroll down to find the NOTIFYCMD section, and add a line that says

NOTIFYCMD /etc/nut/upssched-cmd.sh

You presumably don’t want to be notified about every single power event that happens, so scroll down to the NOTIFYFLAGS section again, and add “+EXEC” to the end of the messages you want to receive emails for. I’m going to enable emails for the ONLINE and ONBATT events. The end result looks like this:

All that’s left is to create the script that we named in the NOTIFYCMD setting, “upssched-cmd.sh”.

sudo nano /etc/nut/upssched-cmd.sh

Paste in the following, substituting the email address where you want the notifications to go.

#!/bin/sh
echo "$*" | mail -s "Message from RPHS" [YOUREMAILADDRESS]

Exit Nano, saving the file (Ctrl-X,Y), and make it executable.

sudo chown nut:nut /etc/nut/upssched-cmd.sh
sudo chmod 700 /etc/nut/upssched-cmd.sh

Test the new script by calling it in the same way that NUT will in the event of a power event.

sudo /etc/nut/upssched-cmd.sh "This is a test message"

If you got that message, then everything is configured. Restart the NUT client so that it will pick up on the configuration changes.

sudo service nut-client restart

And now you can test the system again by unplugging the UPS from the wall. If everything is configured correctly, you should get an email (or text message) telling you that the power has gone out. Plug the UPS back in, and you should get another message telling you about it. Now you’ll know about power problems even when you’re not at home.

Adding more Pis to the same UPS (optional)

With Raspberry Pis being so cheap, you may very well have more than one. Perhaps you’ve split CrashPlan or MiniDLNA off onto a Pi all by itself. Maybe you went a little crazy and built a Pi-powered super-computer cluster. If, for any of these reasons, you have multiple Pis, and you’d like them to share the same UPS, how will they all know when the power’s gone out? After all, you can only plug the USB cable into one of them, and buying a separate UPS for each Pi would be overkill, right?

The great thing about NUT being split up into layers is that you can run multiple client instances against one server. Normally, this is the sort of thing you’d only see in a large server rack, where you’ve assigned one computer to watch the battery and tell all the others when the power goes out. It’s not the sort of thing regular home users usually care about, but Raspberry Pi owners are not regular home users.

If you do happen to have multiple Pis, getting them all to share a single UPS and shut down gracefully is actually really simple.

Reconfigure NUT on the server

Earlier, we configured NUT in “standalone” mode, which means that the server and client were on the same machine. It also means that the server isn’t expecting any other clients to be talking to it, so it simply isn’t listening for them. With a little bit of reconfiguration, we can tell the NUT server to listen for clients other than itself.

Edit the NUT configuration file.

sudo nano /etc/nut/nut.conf

Scroll down to the bottom, and change the mode from “standalone” to “netserver” (not “nutsever”, mind you).

RPHS2016.12.11-netserver.PNG

Close and save the file (ctrl-x, y, enter)

Next, you’ll need to configure credentials for the remote machines to use when connecting to the server.

sudo nano /etc/nut/upsd.users

Add a new user at the bottom. You can call it anything you like, but I’ve chosen “upsmon-remote”. Give it a password, and specify that it is a upsmon slave.

RPHS2016.12.12-users.PNG

Next, you need to tell the NUT server to listen for client connections. Edit the UPS daemon configuration file.

sudo nano /etc/nut/upsd.conf

Find the “listen” section, and add a listen directive using the IP address of your server. If you don’t configure anything, the NUT server will listen only to the computer that it’s on, which is localhost, or IP address 127.0.0.1. Since you now want NUT to listen for clients on other systems as well, you’ll need to specify a real IP address.

Adding the server’s own IP address might seem a little redundant, but remember that NUT is made to work on all kinds of equipment, and it’s very common for larger-scale servers to have multiple network interface cards, and you’d only want it to listen for NUT traffic on the “inward” facing one.

Because you will still want to run a ups monitoring client locally on the server itself, and you’ve now overridden the defaults by specifying one IP address, you’ll need to explicitly add an entry for localhost (127.0.0.1) back in as well, otherwise the local ups monitor will stop working. The result should look something like this:

RPHS2016.12.13-listen

Note: You’ll need to substitute your own Pi’s address in place of 192.168.1.11. That’s just the address where my own Pi server lives. The default port that NUT listens to is 3493. If you wanted to change that, for some reason, you would do that here. I’m going to leave it at the default port, though.

Reboot the server to get things reconfigured and restarted.

sudo reboot

Double check that you can still communicate with the NUT locally:

sudo upsc rphs

You should get the same kind of listing of UPS settings and status as you did in standalone mode:

RPHS2016.12.14-reboot

If you get some kind of error instead, make sure that you added an entry for localhost (127.0.0.1) in addition to the Pi’s regular IP address.

You can actually run NUT configured this way, but without any clients connected, and it will behave in pretty much the same way as it did in standalone mode, but it will still be listening for additional clients over the network.

Configure the client machines

Install NUT on each additional Pi that you intend to run from the UPS.

sudo apt-get install nut

For these additional client-only installations, you can skip configuring a UPS driver and proceed directly to configuring the client.

sudo nano /etc/nut/nut.conf

Go to the bottom of the file, and set MODE to “netclient”.

Next, edit the upsmon configuration file.

sudo nano /etc/nut/upsmon.conf

This time, configure the client to talk to the remote server for information, and configure it as a slave. This time, the “system name” will not be “RPHS@localhost”, but “RPHS@192.168.1.11” (again, substitute your server’s IP address).

If you remember from earlier, the first part of this “system name” is the name you gave your UPS, and the second part is the address of the server it’s attached to. The name and password should match the “upsmon-remote” name and password from above, and the final parameter will be “slave” instead of “master”. The result should look like this:

RPHS2016.12.15-slave.PNG

Note: My other Pis are all busy right now, so I’m doing the edits (but not saving them) on my original server for these screenshots. Please ignore the name in the title bar.

The difference between “master” and “slave” has to do with when each one will shut down. When the UPS says the power has dipped below the safe threshold (20% for my UPS), the server (the master), will tell all of the clients (the slaves) to shut down first before shutting down itself.

Like on the server, you’ll need to set up the permissions so that the NUT configuration files are readable by the nut user. Unlike the server, however, you don’t need to touch the upsd.users file because users are defined on the server, not the client.

sudo chown nut:nut /etc/nut/*
sudo chmod 640 /etc/nut/upsmon.conf

Check connectivity

From the slave system, you can issue the same kinds of commands you could run from the master system. Use this to verify that everything is communicating properly.

sudo upsc RPHS@192.168.1.11

I’ve used the IP address because name resolution didn’t work for me. It’s one of those things I’ll probably learn to set up someday, just not today.

RPHS2016.12.16-slave-upsc.PNG

Test the system

Once again, unplug the UPS, and you should see warning messages appear on both the server and client(s) right away. Again, you may want to mute the beeper if your hardware supports it, and plug something in to help the battery drain faster.

Apart from the name of the server sending the message, and the fact that the client shut down first, you wouldn’t be able to tell the difference between the client and server installations, even though only the server is actually attached to the UPS.

Lather, Rinse, Repeat

Repeat as necessary for each additional Raspberry Pi you are plugging in to the same UPS. That’s all there is to it. When the power goes out, all your Pis can now shut themselves down safely.

Wrapping up

You know the drill by now. Shut down the server, and back up the SD card.

What’s Next?

In the next post, we’ll reconfigure the Pi to boot from the hard drive instead of the SD card.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 60 Comments

Raspberry Pi Home Server v2: Resilio Sync

Posted on December 11, 2016 by Mel Grubb

Please refer to the series Introduction for a list of all the different posts in the series.

Thank you!

Update – Replacing Expired Signing Keys

Apparently, the Resilio signing keys have a habit of expiring every December. You’ll first notice it when you go to do an apt-get update, and receive an error that says something like “EXPKEYSIG 05CD43032484414B Resilio, Inc.”.

Take note of the signature. That’s the seemingly random string of letters and numbers in the error message. You’ll want to remove the old signing key because apt-get is going to go on complaining about it forever if you don’t. You’ll still be able to update Resilio Sync with a new key, which we’ll install in a moment, but unless you clear out the old one, you can expect to keep seeing the error.

Fortunately this is easy to do. Copy down the key signature from the error message, and substitute it in the following comment. In my case, it was “05CD43032484414B”, so the command to clear it out is:

sudo apt-key del 05CD43032484414B

Next, you’ll need to install an up-to-date signing key before apt will be happy again. You can install the new key in exactly the same way you installed it originally.

wget -qO - https://linux-packages.resilio.com/resilio-sync/key.asc | sudo apt-key add -

That’s it. You can keep Resilio Sync up to date again… until the next time their key expires… sometime next December.

Introduction

There are plenty of cloud sync solutions out there. You have Microsoft’s OneDrive, Google Drive, DropBox, and SpiderOak just to name a few. One thing they all have in common is that a copy of your stuff is on someone else’s system. Perhaps you’re uncomfortable with that, even if they’ve promised that they won’t peek at it. Or maybe you’re just looking for yet another thing for your Raspberry Pi to do.

The same people that brought you BitTorrent, the peer-to-peer file sharing application, have created Resilio Sync (formerly BitTorrent Sync). It’s a file synchronization application based on the BitTorrent protocol. Think of it as a peer-to-peer network where all of the peers belong to you (Your desktop, laptop, tablet, phone, etc). If you put something in a sync folder on one computer, it shows up in the sync folder on all of the other computers.

The trouble is that in order for a file to travel from one computer to another, they both have to be up and running at the same time so that they can talk to each other. You may want to share files between work and home, but by the time you get to work, your home computer will have fallen asleep and vice versa. What you need is a node in your network that’s always on. The Raspberry Pi can be that node.

This post is going to be pretty short because, to be honest, the installation is dead simple.

Note: You may want to check out the Syncthing post in this series as well. Look at both options and decide which you like better. It seems that running both Resilio Sync and Syncthing at the same time works just fine, but you probably won’t need both.

Install Resilio Sync

There is an apt-get package available for Resilio sync, but it’s not listed on the well-known public repositories yet, so we’ll need to edit apt-get’s list of sources to add the new repository.

As with some of the other posts, we’re going to create a separate file to contain the sources needed for Resilio Sync. This is the preferred way to keep everything organized so you don’t lose track of which source was added to support which package. This new file must be in the /etc/apt/sources.list.d folder, and must have the extension .list. Name the file something that lets others know what package it was created to support.

Although the product’s official name has changed from “BitTorrent Sync” to “Resilio Sync”, the package name is still “btsync”. Since the previous version of this post was published, an official package has been released. Create a new APT source file using nano.

sudo nano /etc/apt/sources.list.d/btsync.list

Add the following line to the file. This will let APT know where to get the files it needs to install. If you followed the previous version of this article, and already have a btsync.list file, make sure you clear out any existing entries so that this is the only line in the file.

deb http://linux-packages.getsync.com/btsync/deb btsync non-free

Close and save the file (ctrl-x, y, enter).

You’ll need to import the signing key used by the new repository before you can use apt-get to install things from it. This time, the key is available from a public key server, so the commands are going to be quite different.

Import the repository’s signing key with the following commands:

sudo apt-get install apt-transport-https
wget -qO - https://linux-packages.resilio.com/resilio-sync/key.asc | sudo apt-key add -

Note: You may already have https support for apt-get installed as part of installing other components, in which case the first command won’t find anything to do, but I’m including it here just to be sure.

Now you can update apt-get’s list of available packages to take the new repository into account and install BitTorrent Sync the same as any other software package in this series.

sudo apt-get update
sudo apt-get install btsync

That’s it, BitTorrent Sync is installed, and should already be started automatically. You can check on the status of the service like any other daemon.

sudo service btsync status

All configuration is done using the web interface, but you can’t see it yet. At the time I’m writing this, btsync will only show its web interface to the local computer, meaning we’ll need to either hook the Pi up to a monitor, or connect via the remote desktop using VNC.

This is good for security, and you might consider leaving it this way if you don’t mind opening up a VNC window whenever you want to make changes. If you’d prefer the convenience of connecting from any computer in the house, then you can make a small configuration change to allow for that. Open btsync’s configuration file using nano.

sudo nano /etc/btsync/config.json

In the “webui” section, change the “listen” value from “127.0.0.1:8888” to “0.0.0.0:8888”, and then restart the btsync service.

sudo service btsync restart

Configuring BitTorrent Sync

The rest of the configuration will be done from the browser. If you left the web interface locked down, then you’ll need to open the browser on the Pi’s desktop, and go to “localhost:8888”. If you opened it up, then you can use a browser on your regular computer and go to “http://rphs:8888”, substituting the name of your server.

You’ll get a prompt to name this instance.

Once again, I’ll call mine RPHS. Dismiss the dialog, and you’ll be taken to the main Sync interface. You can start adding folders to sync, but first we should address some security concerns. If you left btsync configured to only work directly from the Pi, then this isn’t as much of an issue, but if you set it to be accessible from any computer on the network, then you’ll want to give the admin user a password.

Click on the gear icon in the upper-right, and then “Preferences”

Next, go to the Login tab, and fill your new password in twice.

Since you just changed the admin password, your existing browser session is no longer trusted, so you should be prompted immediately to re-authenticate.

Type the user name “admin” and your new password to continue”. Next, go back to the General tab, and lets make sure that btsync is storing our stuff on the hard drive, not on the tiny SD card. Click on the Change button next to the “Default folder location” button, and choose a new location for your stuff. This could be inside the public share if you want. I’m going to put mine in a new top-level folder outside the public share. You can create this folder yourself, or let btsync do it for you from the dialog. Close the configuration dialog when you’re done.

At the “Link Devices” page, you have a decision to make. If you’re already using Sync 2.0 on other computers, then click “Link a device already running Sync 2.0”, and follow the prompts to link up with your existing devices. I’ll be setting this device up as my first, so I’ll click “This is my first Sync 2.0 device”.

RPHS2016.11.06-Link

Choose a name for this btsync instance. I usually name mine after the computer I’m installing it on, so I’ll call mine “RPHS”.

Creating a Sync folder

Click on the “Add Folder” link in the upper-left to create your first Sync folder. The browser window will open. Navigate your way to the folder you wish to synchronize, or click the “New Folder” link in the lower left of the dialog to create a new folder. I’ve created a “public” folder inside the btsync folder.

In the next dialog, you get to set permissions for this share. Since this is my public share (at least to those I share the key with), I will choose “Read & Write”, and leave the other options alone.

Now, click on the “Copy” button in the lower-right, and copy out the text from the dialog. You’ll need this to set up the other computers that will sync to this folder. Close the copy dialog, and then the share dialog to return to the main btsync interface.

Set up other computers

Now that we’ve created a sync folder on the Pi, we just need to install BitTorrent Sync on another computer, and start syncing. BitTorrent Sync clients exist for Windows, Mac, Linux (obviously), and all major mobile platforms. Instructions for installing and configuring the clients will vary by platform, so I won’t cover them all here, but they should all be straightforward.

For this demo, I’ve installed BitTorrent Sync on my main Windows 10 computer. From the main menu, click “Enter a key or link”.

You’ll be prompted for the key that identifies the folder on another computer (the Pi) that you want to synchronize with.

Paste in the text you copied from the dialog on the btsync admin interface, and click “Next”. You’ll get a summary of the folder you are about to connect to, what your rights will be, and you’ll get to choose where those files should be stored on this computer. You’ll also get a reminder that some features, like “Selective Sync” are only available if you upgrade to the Pro version, which is actually pretty cheap.

Click the “Connect” button, and you’re almost there. Back on the browser, you should now see a notice that there is an approval pending.

Click the check mark to approve the connect request, and you’re all set. Files dropped into the folder on either computer will now synchronize to the other.

Wrapping up

As usual, shut down and take a backup of the SD card once you’re happy with the way things are working.

Unlike other “cloud sync” technologies, you own the cloud in this case, and you can do pretty much whatever you want with it. There are no size limits other than your available storage, and you can create as many individual shares as you want. Because of the granular way in which BitTorrent Sync shares your stuff between computers, you can choose to share individual folders with friends and family, and control whether they get full control, or read-only access.

BitTorrent Sync gives you total control of your own private cloud.

Troubleshooting

Files aren’t syncing

If files from one system aren’t showing up on the other, or files only seem to be syncing in one direction, make sure that you’ve shared the right kind of link. Sending a read-only link to your other computer will result in a one-way sync. You may add or edit files on the other computer, but their changes will never make it back to the Pi. When you copy the link, make sure you selected “Read/Write”.

What’s next?

The core functionality of the server is just about done now. In the next post, I’ll show you how to set up an uninterruptible power supply (UPS) using “Network UPS Tools”, or NUT.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 24 Comments

Raspberry Pi Home Server v2: OpenVPN

Posted on December 11, 2016 by Mel Grubb

Please refer to the series Introduction for a list of all the different posts in the series.

Thank you!

Update: If you want to know what’s going on under the covers, or want tighter control over your exact configuration, then by all means, read this post in its entirety. I encourage you to do so just to gain an understanding of what’s going on. If, however, you’re just looking for the fastest way to set up a home VPN on a Raspberry Pi, then you should check out PiVPN. It’s basically everything in this article, completely automated. That means that everything you’re about to read can be condensed down to a single command.

curl -L https://install.pivpn.io | bash

After recently having my cable modem upgraded (and finding that it out-performed my own wireless router), I was having some trouble getting my VPN working again. Rather than go through all the steps of my own post, I thought I’d give PiVPN a shot at it. Ten minutes later, most of which was eaten up by generating Diffie-Hellman keys, I had new ovpn files for my various devices, and everything just worked. PiVPN is awesome. It makes me wish there were similar scripts for the other aspects of running a Raspberry Pi Home Server.

Introduction

Now that the whole house is humming along, sharing files, downloading things, and backing everyone up, you might be wondering if there’s anything left that the Raspberry can do for you. The answer is yes. In this article, we’ll set up the Raspberry Pi to act as an OpenVPN server, allowing you to securely access your home network from anywhere. OpenVPN is an open-source, cross-platform, virtual private networking (VPN) application. VPNs let you route internet traffic through a secure, encrypted channel, back to a network that you trust and/or control. You may have used one in order to securely access resources on the network at your office when you’re on the road. Developers sometimes use them to simulate traffic coming into their network from outside for testing. You can add these same abilities to your home network so that you can get to your stuff from work, or a hotel, or anywhere else with internet access. Running your own VPN means that no matter where you get an internet connection from, you are effectively “at home”. You don’t need to worry about fellow patrons at the coffee shop listening in on your network traffic because the traffic between you and your VPN is highly encrypted.

Acknowledgements

Once again, I didn’t invent this stuff. Most of the information about how to set up OpenVPN comes from a whitepaper by Eric Jodoin of the SANS institute. That whitepaper was later paraphrased and simplified in a pair of posts by Lauren Orsini. Both are excellent reading, and go into far more depth about how all this stuff works than I plan to. I’m just putting it into the same format as the other posts in the series, and organizing them in a logical progression, building on top of the previous posts in this series.

Prerequisites

In order to connect to your home network’s VPN when you are away from home, you are going to need either a static IP address, or a dynamic IP resolution service like www.no-ip.org. My home router updates no-ip automatically, so I have not set up a program on the Raspberry Pi to do this. Other tutorials exist out there to handle this part.

Internet security

Warning: The explanation that follows is super-non-technical™, and probably wildly inaccurate in many important ways. I am not a security or cryptography expert, but this is, in layman’s terms, how internet security works. When you visit your bank’s website, and something in your address bar turns green, or grows a little lock, it means that someone at the bank went to some authority that we’ve all agreed to trust, and got a certificate that says “Yup these guys are the bank alright”, and installed it on the web server you’re talking to. As long as you trust the people that made the certificate to only give it to the company that paid for it, and as long as you trust the bank to only install the certificate on their own servers, then you have a way to prove that the server you’re talking to belongs to the company you think it does, or at least a company that the authority vouched for.

Although I’m sure you trust your own word that the Raspberry Pi Home Server that you’ve been building is your own, your other computers are still going to want proof that the thing on the other side of the internet is, in fact, your server, and not someone else pretending to be your server. That’s kind of the whole point of this exercise, after all. Since you trust yourself, you can act as your own “certificate authority” and make your own certificates. You then install your homemade certificates on both the server and the client machines, and they can use that certificate to encrypt traffic back and forth between them.

Install OpenVPN

First things first, you’ll need to install the OpenVPN software onto the Raspberry Pi. You’ll also need the OpenSSL and EasyRSA packages in order to secure your connection later on. Installing them is as simple as…

sudo apt-get install openvpn openssl easy-rsa

That’s the easy part. Now comes the configuration. The EasyRSA installer has created some sample configuration files for us, and they’ll form the skeleton of the real configuration. Copy the entire directory of sample configuration files like this:

sudo cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa

Open the “vars” file for editing.

sudo nano /etc/openvpn/easy-rsa/vars

Find the “export EASY_RSA” entry, set it as follows:

export EASY_RSA="/etc/openvpn/easy-rsa"

A little further down, you’ll see a line that begins with “export KEY_SIZE”. In current installations, this should already be set to 2048, so you shouldn’t need to change it. Previous installations used 1024 bit keys, but the current recommendataions are to use 2048 for increased security.

Move to the bottom of the file, and change the defaults that are defined there to match your location and network. This will save you some time later on when you are asked to provide this information again for each user you set up. Mine looks like this:

export KEY_COUNTRY="US"
export KEY_PROVINCE="OH"
export KEY_CITY="Columbus"
export KEY_ORG="Home"
export KEY_EMAIL="melgrubb@…"
export KEY_OU="RPHS"

KEY_NAME affects the name of the resulting key file, but is otherwise arbitrary. The organization unit (OU) setting is not important for a small home network, so I’ve just gone ahead and used the server name.

export KEY_NAME="RPHS"

You can leave the other settings at their defaults. Close Nano, saving the file (ctrl-x, y, enter)

Become a certificate authority

In order to create certificates, you’ll need… wait for it… a certificate. In this case, it’s a “root certificate”. This is the kind of thing that one of the trusted authorities out on the web would have. The “easy-rsa” package you installed earlier can generate such a certificate for you. Run the following commands to set up a key server. Notice that the “sudo su” command is being used here. You’re going to stay in “god mode” for pretty much the remainder of this post.

sudo su
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca

This last command will prompt you for a lot of values, fortunately, you set up reasonable default values above, so you can just hit enter to accept them. When prompted for “Common Name”, I’ve used the server’s name again (RPHS). When you create certificates for other computers or users, you’ll want to use their names here.

When that finished, enter the following command, substituting the name of your server, and accepting the defaults again. You’ll get a couple extra questions this time. Make sure the challenge password and company name are left blank, and accept any other defaults.

./build-key-server RPHS

Answer yes to the “Sign the certificate?” and “commit?” prompts.

RPHS2016.10.02-Key Server.PNG

Next, we’ll build the Diffie-Hellman parameters file.

./build-dh

Go get some coffee or something, this step is likely to take a very long time. Sometimes it does, sometimes it doesn’t. It’s pretty random what kind of wait you’ll have, but since the change from 1024 bit keys to 2048 bit keys, the likelihood of this taking a long time has definitely increased.

The screen will fill up with a lot of dots and plus signs while it works to let you know that it hasn’t gone to sleep or locked up. As long as the symbols keep coming, let it keep doing its thing.

RPHS2016.10.04-Diffie-Helman.PNG

When it’s done, generate a hash-based message authentication code (HMAC). This is yet another layer of protection, and helps to prevent denial of service (DOS) attacks without taxing the Pi’s processor too much with decryption of bogus data.

openvpn --genkey --secret keys/ta.key

Configure the OpenVPN Server

Now it’s finally time to edit the OpenVPN configuration and tie up the loose ends.

nano /etc/openvpn/server.conf

You’ll notice that the editor is totally blank. That’s because this file doesn’t exist yet. Paste in the following text, substituting your own values for the highlighted values. You’ll need your Raspberry Pi’s IP address, the IP address of your router, and the name you used above when calling build-key-server.

Note: I’ve also highlighted the protocol (udp) and port (1194). You can change these to something else if needed. I’ll talk about this more in the troubleshooting section at the end.

local 192.168.1.XXX # YOUR PI'S IP ADDRESS
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/RPHS.crt
key /etc/openvpn/easy-rsa/keys/RPHS.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints 
ifconfig 10.8.0.1 10.8.0.2 
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255" 
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0" 
# your local subnet 
push "route 192.168.1.0 255.255.255.0" # YOUR PI'S IP SUBNET
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.1.1" # YOUR ROUTER'S IP ADDRESS
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of 
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1" 
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

Exit nano, saving your changes (ctrl-x, y, enter) Next, you need to allow the Raspberry Pi to forward IP traffic, which it does not do by default.

nano /etc/sysctl.conf

Find the line that says “Uncomment the next line to enable packet forwarding for IPv4”, and uncomment the line immediately after it.

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Exit Nano, saving your changes (ctrl-x,y,enter), and force a reload of the settings.

sysctl -p

Configure Firewall

The Raspberry Pi has its own firewall, which must be configured to allow the VPN traffic through. Create a script file to automate the opening of the appropriate ports.

nano /etc/firewall-openvpn-rules.sh

Copy in the following text, substituting your own Raspberry PI’s IP address where highlighted.

#!/bin/sh

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.XXX

Change the permissions on the file you just created so that it can be executed, and assign ownership to the root user.

chmod 700 /etc/firewall-openvpn-rules.sh
chown root /etc/firewall-openvpn-rules.sh

This script file needs to run every time the Raspberry Pi boots up in order to do us any good. Edit the /etc/network/interfaces file.

nano /etc/network/interfaces

Find the line that configures the wired ethernet port. If you are running your server wirelessly, then you’ll need to adjust accordingly. Insert a new line, indented underneath so that the result looks like this:

...
iface eth0 inet dhcp
    pre-up /etc/firewall-openvpn-rules.sh
...

This will ensure that the firewall rules are applied to that network interface even before it has started up.

One last thing, and this is new with the Jessie release. As commenter Craig pointed out in the previous version of this post, we need to stop OpenVPN from starting TOO soon. Edit the OpenVPN service file.

sudo nano /lib/systemd/system/openvpn@.service

Add the followling line at the end of the first section (Unit).

After=multi-user.target

Finally, reboot in order to apply the changes, and everything should be up and running.

sudo reboot

Generate keys

You may be able to just take your bank’s word for it that they are who they say they are, but VPN servers like the one we’re building want proof of the client’s identity as well. They won’t let just anyone in. You need to give a key to each device or user you want to allow to connect to the VPN server. You have a decision to make at this point. You could generate a unique key for each individual device that you want to connect via VPN, or you could take a shortcut and generate a key for each user. The difference is whether you expect to need to connect more than one device at the same time. If you don’t need to connect more than one device per user at the same time, generate a key named for the user. If you think users will need more than one device connected at the same time, I’d suggest naming the key after the device. Whichever you decide, generate a key like this, substituting the name of the user or computer that will use this key to connect:

sudo su
cd /etc/openvpn/easy-rsa
source ./vars
./build-key-pass NAME

The PEM password is a password you’ll need in order to use the resulting key file. Pick something nice and strong, but also something you won’t forget. If you want to be really paranoid, you could randomly generate one and keep it in a password safe. The choice is yours.

Accept the remaining defaults again, again leaving the challenge password and company name blank. Sign and commit the certificate when prompted.

RPHS2016.10.03-User Key.PNG

Almost done. Next we need to convert the user/computer’s key into a format usable by OpenVPN.

cd keys
openssl rsa -in NAME.key -des3 -out NAME.3des.key

Use the same password as you did before. You’ll have to enter it three times. Technically, the first time is a different password, but how are you supposed to keep them straight?

Generating client keys

Connecting a VPN client to a remote server takes a bit of configuration, too. The OpenVPN client has to know where the server is, and it has to have a copy of the keys we generated earlier. All of this configuration gets wrapped up into a file with a .ovpn extension. You can create these by hand if you like, but Eric Jodoin, the author of the original SANS.org article was kind enough to write a script to do it for us. Create the script file.

nano /etc/openvpn/easy-rsa/keys/MakeOVPN.sh

This is a new file, so it will be totally blank. Paste in the following:

#!/bin/bash

# Default Variable Declarations 
DEFAULT="Default.txt" 
FILEEXT=".ovpn" 
CRT=".crt" 
KEY=".3des.key" 
CA="ca.crt" 
TA="ta.key" 
 
#Ask for a Client name 
echo "Please enter an existing Client Name:"
read NAME 
 
#1st Verify that client's Public Key Exists 
if [ ! -f $NAME$CRT ]; then 
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT" 
exit 
fi 
echo "Client's cert found: $NAME$CR" 
 
#Then, verify that there is a private key for that client 
if [ ! -f $NAME$KEY ]; then 
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY" 
exit 
fi 
echo "Client's Private Key found: $NAME$KEY"

#Confirm the CA public key exists 
if [ ! -f $CA ]; then 
echo "[ERROR]: CA Public Key not found: $CA" 
exit 
fi 
echo "CA public Key found: $CA" 

#Confirm the tls-auth ta key file exists 
if [ ! -f $TA ]; then 
echo "[ERROR]: tls-auth Key not found: $TA" 
exit 
fi 
echo "tls-auth Private Key found: $TA" 
 
#Ready to make a new .opvn file - Start by populating with the default file 
cat $DEFAULT > $NAME$FILEEXT 
 
#Now, append the CA Public Cert 
echo "<ca>" >> $NAME$FILEEXT 
cat $CA >> $NAME$FILEEXT 
echo "</ca>" >> $NAME$FILEEXT

#Next append the client Public Cert 
echo "<cert>" >> $NAME$FILEEXT 
cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT 
echo "</cert>" >> $NAME$FILEEXT 
 
#Then, append the client Private Key 
echo "<key>" >> $NAME$FILEEXT 
cat $NAME$KEY >> $NAME$FILEEXT 
echo "</key>" >> $NAME$FILEEXT 
 
#Finally, append the TA Private Key 
echo "<tls-auth>" >> $NAME$FILEEXT 
cat $TA >> $NAME$FILEEXT 
echo "</tls-auth>" >> $NAME$FILEEXT 
 
echo "Done! $NAME$FILEEXT Successfully Created."

Exit Nano, saving your changes (ctrl-x,y,enter) Once again, because this is a script, permissions will have to be altered to allow it to run. Make sure you match the casing of the script name here.

chmod 700 /etc/openvpn/easy-rsa/keys/MakeOVPN.sh

Create the Default.txt file to hold the default values the script will use. The casing isn’t important, but it must match what was specified at the top of the script file. I’m keeping the capitalized “D” just to keep it the same as anyone else who followed Eric’s instructions.

nano /etc/openvpn/easy-rsa/keys/Default.txt

Paste in the following, substituting your public IP address for the highlighted text. If you don’t have a static public IP address, you can use a dynamic name from a service like DynDNS or no-ip here as well. The “1194” is the standard port number OpenVPN uses, adjust as needed to match your network configuration.

Note: Once again, I’ve highlighted the protocol (udp) and port (1194), which you can change if needed. See the troubleshooting section at the end for more information.

client
dev tun
proto udp
remote YOUR_PUBLIC_IP_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1 
cipher AES-128-CBC
comp-lzo
verb 1
mute 20

Exit Nano, saving your changes (ctrl-x,y,enter) Execute the script to create a .ovpn file. Remember to use the user or device name you chose earlier when creating the client key.

cd /etc/openvpn/easy-rsa/keys
./MakeOVPN.sh

The result is a NAME.ovpn file in the /etc/openvpn/easy-rsa/keys folder on the Raspberry Pi. That’s great, but we need the key on the client machine. You can copy the file using a secure copy program like WinSCP, copy it to a flash drive and move it by hand, or any other number of ways to move a file around. Since this is my own private home server, I’m going to put the file on the data share, at least temporarily. Once the key is installed and working on the client, I’ll delete it from the server.

cp /etc/openvpn/easy-rsa/keys/NAME.ovpn /mnt/data/

Keys like this aren’t something you should leave lying around. On the other hand, you should probably have a backup of them somewhere. If you put them on a flash drive, go put it in a safe or something. Don’t let anyone get a hold of your keys, or they have a free pass into your home network, and you may not even notice it. You can always go back and generate new keys, delete the compromised ones, and continue on, of course.

Port forwarding

Before you’ll be able to connect to your home network from outside, you’ll need to set up your router to forward all traffic on port 1194 to the Raspberry Pi. I can’t tell you how to configure the firewall on your router at home because I don’t know what kind of router you have. An excellent resource that may have information specifically for your router is http://portforward.com/.

Client configuration

I’m using the OpenVPN client for Windows, but the instructions should be similar for other platforms. You can download open-source clients for Windows, and source tarballs for other systems from here.

Note: Don’t try to download client software from the links on the front page of the OpenVPN site or you’ll just end up with “SecureTunnel”, a paid-subscription-based system that lets you do exactly what you’re already set up to do on your own. Get the .ovpn file that you generated on the Raspberry Pi over to the computer you’re going to connect from, and put it in the OpenVPN config folder. For Windows users, this should be C:\Program Files\OpenVPN\config.

Connecting the client

You’ll need to be somewhere other than on your own network for this next part. Otherwise you’re seriously crossing the streams, shutting down the containment grid, etc. Disconnect from your home network and tether yourself to a phone or something before continuing. Run the OpenVPN GUI application. It should have created a shortcut in your start menu for Windows 7 users, or on your app list for Windows 8 users. Run it, and it should pick up on the .ovpn file and open a connection. Right-click on the notification area icon (for Windows users), and select “Connect”.

You’ll be prompted for the password you created earlier, and if everything is configured correctly, the OpenVPN icon should turn green, and you’ll be effectively connecting to the outside world as part of your home network. There are, of course, many issues you could run into when using a VPN. Most of them are explained pretty well on the HowTo page of the OpenVPN site. One of the more vexing problems is that of disambiguating IP addresses between your home network, and the network you are connected to. See “Numbering Private Subnets” for more information.

Troubleshooting

“I can’t connect from work”
This one got me, too. If you’ve tested your VPN, and you know it works, but it doesn’t work from a specific network, then port 1194 might be blocked on that network. I couldn’t connect from work when I was using udp port 1194, although it would work find when I tethered my computer to my phone. If that’s the case, then you can change the server.conf and .ovpn files to use a different protocol and port. Changing “udp” to “tcp” and “1194” to “443” will usually work from anywhere, as long as you’re not using that port for something else already. TCP port 443 is what https traffic uses, so the odds of it being blocked are pretty slim. Remember to update your router’s port-forwarding rules, update BOTH files, and restart the OpenVPN server (sudo service openvpn restart) as well as your OpenVPN client, and it should connect just fine.

What’s next

In the next post, we’ll add Resilio Sync, allowing you to build your own private synchronization “cloud”.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 37 Comments

Raspberry Pi Home Server v2: Sharing Media with MiniDLNA

Posted on December 11, 2016 by Mel Grubb

Important: This post is part of a series. Each post builds on the previous ones. If you are trying to add just one thing to an existing system that was not built by following this series in order then I cannot promise that these instructions will work for you. In most cases they will, though. Please refer to the Introduction for a list of all the different posts in the series.

Thank you!

Now that the Raspberry Pi is on the network, and sitting on top of a (hopefully) massive pile of your media on its external drive, it would be nice to have it share that media in a form other than simple file shares. File shares are great for a lot of things, but Media can be done a little better.

DLNA (Digital Living Network Alliance… what a horrible acronym) is the technology standard that lets you play songs from your phone and have them come out of the stereo in your living room. It’s not ubiquitous yet, but it’s catching on. It also lets programs like Windows Media Player play music and video “libraries” that are being shared by other computers on the network.

The Raspberry Pi is about to become one of those libraries.

Note: It is also possible for a Raspberry Pi 2 or above to run Plex Media Server, which is a nicer experience overall, but as of the time of this writing, still doesn’t get along with Windows Media Player. WMP will see a Plex server, but can’t seem to play any media off of it. A walkthrough of installing and configuring Plex Media Server is included in my Pluralsight course, but I’m not including it in the blog just yet because of the compatibility issues with WMP, and because MiniDLNA is a smaller, leaner package which I think works a bit better on the Raspberry Pi. I’ll be adding a separate post about Plex Media Server later on, at which time I’ll revise this note.

Installing MiniDLNA

This installation will be done from the command line, and involves a bit more configuration than some of the other features in this series. Get yourself logged in to a command line as “pi”, and start by installing MiniDLNA. The version in the repositories isnt always totally up to date, but it has worked well for me so far.

sudo apt-get install minidlna

As installs go, this one’s pretty quick, but there is a bit of configuration to be done before it’s ready to go. Start by editing the MiniDLNA defaults:

sudo nano /etc/default/minidlna

Find the line that says “#USER=”minidlna””, and remove the pound sign / hash mark from the beginning, so that if just says “USER=”minidlna””. Do the same for the “GROUP=” line right below it. Close and save the file (ctrl-x,y,enter).

Next, edit the main MiniDLNA configuration file.

sudo nano /etc/minidlna.conf

There are several things to be done here. The first is to set up the folders that will hold the various kinds of media you want shared. A little way down the file, find the first line that isn’t a comment. It should say something like “media_dir=/var/lib/minidlna”. On my drive, there are separate folders for Music, Pictures, and Videos, so I’ll add multiple media_dir lines, one for each kind of media. The comments in the file do a pretty good job explaining the syntax, but for reference, here’s what mine says:

media_dir=A,/mnt/data/public/Music
media_dir=P,/mnt/data/public/Pictures
media_dir=V,/mnt/data/public/Videos

Note that the paths are case sensitive, so while my “Public” share is capitalized, the actual folder is not. The folders within my public folder are, however. This is more for demonstration purposes than anything. Feel free to capitalize your folders however you like.

The letters A, P, and V indicate what kind of content each folder contains (audio, pictures, or video). Next, change the database and log folders to go to the data partition as well. This will conserve space on the relatively small OS partition. The lines to configure this are just below the media_dir lines modified above. Remove the pound signs, and change the folder paths:

db_dir=/mnt/data/MiniDLNA
log_dir=/mnt/data/MiniDLNA/log

The result should look something like this:

RPHS2016.08.01-MiniDLNA.conf.PNG

Further down the file, uncomment the two settings “inotify” and “notify_interval”. This will allow MiniDLNA to update its database approximately every fifteen minutes with new or updated files.

Close and save the file (ctrl-x,y,enter).

If you were to start MiniDLNA and check its logs right now, you would find that it complains that the number of “watches” is too low. This is how many folders and files it can be watching for changes at a time, and currently its default value is too low in its opinion. It will probably work just fine as is, but we can shut the error up easily enough before continuing. Edit the sysctl.conf file.

sudo nano /etc/sysctl.conf

At the bottom of the file, add a line that says

fs.inotify.max_user_watches = 65536

This is the smallest number that MiniDLNA won’t complain about. Close and save the file.

Next, you need to set up MiniDLNA to run automatically at boot time.

sudo update-rc.d minidlna defaults

And finally, reboot the Pi to take both of these changes into account.

sudo reboot

When everything has restarted, you should have a working MiniDLNA installation, with no complaints in the log file.

Warning: Depending on the size of your media collection, it may take the poor little Raspberry Pi quite a while to index everything (mine took almost two days). If you look at your CPU usage, you’ll see that it stays pretty much pegged for as long as it takes. Don’t worry, you haven’t reached the Pi’s limit, at least not permanently. When it has finished indexing, you’ll see its usage drop back to almost nothing.

You should now be able to open something like Windows Media Player, and see an entry for “RPHS: minidlna” in the list on the left. Drilling down into this entry will show you the media that has been indexed so far.

RPHS2016.08.02-Windows Media Player.PNG

I am not a MiniDLNA expert, by any means, so you might want to look elsewhere for more configuration information. Also, MiniDLNA has recently changed names to become “ReadyMedia”, but the Raspberry Pi version still calls itself “MiniDLNA”, at least for now.

Forcing a re-scan

As commenter Ivelin Tenev points out, MiniDLNA may not notice files that you add when it’s not running. If you have disconnected your data drive from the Pi, loaded files on it, and then re-connected it, MiniDLNA may not notice the new files because it wasn’t “watching” at the time the files were added. You can force a re-scan by typing:

sudo minidlna -R

and then restart the minidlna service like this

sudo service minidlna restart

What’s next?

In the next post, we’ll add an OpenVPN server, allowing you to securely connect to your home network when you’re away.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 16 Comments

Raspberry Pi Home Server v2: Sharing Files with Samba

Posted on December 11, 2016 by Mel Grubb

Please refer to the series Introduction for a list of all the different posts in the series.

Thank you!

Now that the Raspberry Pi has the space to hold your stuff, it’s about time it started doing something useful around the house. Its first task will be to share files from the hard drive. In the previous post we added a hard drive with two partitions, one ext4 partition for the operating system, and one NTFS partition to hold data. If you decided to format your data partition using the ext4 filesystem, then you’ll need to keep that in mind as we proceed.

Prerequisites

A Raspberry Pi
A mounted, USB hard drive with space for the stuff you want to share
Mine is the second hard drive partition, mounted at /mnt/data

Install Samba

The “Samba” package creates network file shares in a way that Mac, Windows, and other Linux computers on the network will understand. Install Samba as follows:

sudo apt-get install samba samba-common-bin

That’s all there is to the installation, but there’s a bit of configuration before there will be anything to see over the network.

Set up shares

In the previous version of this article, I used Webmin to do the heavy lifting of setting up the shares. In all the time I’ve been running my Raspberry Pi Home Server, I’ve found that this is the only thing I ever really used Webmin for, though. As a result, this version of the series will set up the shares manually, and the Webmin article has been moved to the end as an optional step.

To create a share, you first create a folder that you want to share, tell Samba to share it, and set up the permissions correctly so that users connecting to the share through Samba will be able to write to it.

You can get into all kinds of detail about who can and can’t write what and where, but I’ll leave that up to you to explore on your own. What I’ll be setting up is a simple public share to be used by the family members in my house. The permissions will be wide open on this share.

Create the folder to be shared

First, create a folder to be shared. I’ll call mine “public”, and put it in the root of the hard drive I mounted in a previous post.

mkdir /mnt/data/public

Take a look at the permissions for the newly-created folder

ls -l /mnt/data

You’ll see that the new folder belongs to the “root” user and group even though we created it without using “sudo”. This is because my filesystem is NTFS, and it doesn’t support Linux’s file system permission system. If you made your data partition ext4, then this is going to cause problems for the Samba user. Assign the folder’s ownership to the “nobody” user and the “nogroup” group.

sudo chown nobody:nogroup /mnt/data/public

Check out the result

ls -l /mnt/data

If your filesystem is NTFS, this will have had no effect. If your filesystem is ext4 though, you should see that the public folder is now owned by “nobody” and “nogroup”. Now let’s share this folder with the network.

Open the Samba configuration file using nano

sudo nano /etc/samba/smb.conf

This file is pretty well documented, and will explain most things that you need inline. We’ll be making a number of changes.

Enable WINS support

Windows Internet Name Service (WINS) is kind of like the Domain Name System (DNS) that turns web addresses into IP addresses when you use a browser. WINS does this inside of your own network so that instead of having to remember your server’s IP address, you can refer to it by name.

Scroll down in the file a little until you see the “Global Settings” section. If your home network is using a different workgroup name than “WORKGROUP”, you’ll want to change that here. If you don’t know what that means, then you probably haven’t changed your workgroup name, so you can just leave it alone.

Just below that is a commented-out line that says “wins support = no”. Uncomment this by removing the pound sign from the beginning of the line, and change “no” to “yes”.

Scroll down a little, and just before the Networking section, add a line that says

guest account = nobody

Scroll down to the bottom of the file, and add a new section that defines the new public share.

[public]
   path = /mnt/data/public
   public = yes
   writeable = yes

Close and save the file (Ctrl-X,Y), and then restart the Samba service

sudo service smbd restart

That should do it. You should now be able to see the public share from the other computers on your network. You should also be able to refer to your server by name now instead of by address, and that includes when connecting via RealVNC.

Give it a try now. Open a file manager, and navigate to “\\rphs\public”. You should be able to create and edit files in this share without any restrictions.

Disclaimer

This is a wide-open file share. Anyone on the local network can add, edit, or delete the files it contains. I’m more interested in having a place to put stuff than in controlling access to it. Controlling access to the drive contents is beyond the scope of this post, but may be a subject for a future post.

Make some folders

Create some file folders in the Public share to hold your stuff, and copy it in. Music, Pictures, Videos, anything you want. For this server, I’ve created the following folder structure.

Documents
Downloads
Music
Pictures
Videos

You don’t have to use the same structure as me, of course, but this is the one I’ll be using in future posts, so if you structure your differently, just remember to adjust any paths in future posts accordingly.

Load it up

When it comes to copying the files in, you can save some time, and skip the network bottleneck by moving the external hard drive to the computer that currently has the data. Because the data partition was formatted as NTFS in the previous post, when you plug it in to your Windows or Mac computer, you’ll just see a drive called “Data”, or whatever you named it.

Remember to shut down the Raspberry Pi before removing the hard drive, of course. Just put it back when you’re done copying files, and start up the Raspberry Pi as usual.

Wrapping up

You now have a public share that exposes the data partition on the hard drive attached to the Raspberry Pi Home Server. You can use this to store your media and documents on the network so that they are accessible to your other computers and devices.

You’ve finished another article, so it’s time to shut down the Pi, and take a backup of the SD card.

What’s next?

In the next post, we’ll get a media server up and running so that you can stream music and movies all over your house from the hard drive share.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 36 Comments

Raspberry Pi Home Server v2: Adding a Hard Drive

Posted on December 11, 2016 by Mel Grubb

Please refer to the series Introduction for a list of all the different posts in the series.

Thank you!

At this point in the previous version of this series, I demonstrated both mounting a hard drive and booting from it. After building and rebuilding this server many times as part of maintaining this series, I found that booting from the hard drive this early in the process makes the rest of the series inconvenient because you can no longer take backups of the whole system by simply taking an image of the SD card.

As a result, booting from the hard drive is now a separate post, and one of the last in the series. I found this to be much more user friendly, and simplifies things if you mess something up and want to rewind to your last “save point”. We’ll get everything set up and working first, and then transfer the OS to the hard drive in this version of the series.

Gather your tools

This post uses some software packages that are not included by default in the Raspbian distribution. You’re going to need NTFS filesystem support, and the gdisk tool. Install them before continuing. One or more of these tools may already be installed on your system, but telling apt-get to install something that’s already there won’t hurt anything.

sudo apt-get install ntfs-3g ntfs-config gdisk

Pick a hard drive

Pretty much any external USB hard drive will do. For my own server at home these days, I’m using a 120GB SSD for my OS drive, and a dual-drive 2TB RAID enclosure (Cavalry CADA-SA2) for my data. This might seem like overkill for a Raspberry Pi, but one of my home server’s jobs is to centralize and share my music collection. It took me four solid weeks to rip every CD I own, and I do not plan to repeat that process. My family photos and videos are on the RAID drive as well. Basically, this is all stuff I don’t want to lose due to a hard drive failure.

Note: Yes, I have a separate offline backup too, but swapping out a dead drive in a RAID array is easier (and faster) than rebuilding the whole thing by hand from a backup.

Linux device names

Before we start, lets take a moment to discuss the way in which Linux refers to devices in general, and more specifically the way it refers to hard drives. Windows users are used to seeing multiple drives show up with different letters. You have your “C” drive, where Windows and all of your programs are installed. Maybe you also have a second hard drive called “D”, or maybe “D” is CD or DVD drive on your computer. “A” and “B” used to refer to floppy drives, and are reserved for historical purposes. Each of these devices is completely separate island of stuff.

Linux has no drive letters. Linux uses what’s called a “unified file system”, meaning that files, folders, and even entire drives appear together under one root. You can see all of these different devices in the “/dev” folder. Take a look:

ls /dev

RPHS2016.06.01-Devices.PNG

I won’t go into what all of these entries mean, but you can see that there are a lot of them. If I were to plug in an external hard drive, or perhaps a flash drive, I would see new entries pop up in the list. Here’s another screen shot after I’ve plugged in a flash drive.

RPHS2016.06.02-Devices.PNG

Look about halfway down the third column, and you’ll see new entries called “sda”, “sda1”, and “sda2”. These represent the flash drive, and the two partitions it contains, respectively. You’ll most likely only see one partition on a typical flash drive, but this one has two partitions for demonstration purposes.

Storage devices like a flash drive or a hard drive can be divided up into multiple sections called partitions that can make it appear to be multiple physical drives. This list of where each partition begins and ends is called the “partition table”, and every drive has one.

That explains the “1” and the “2”, but where did that “a” come from? On a computer where drives are connected via SCSI (Small Computer System Interface), “a” would be the first device, “b” would be the second, etc. Drives connected via IDE (Integrated Drive Electronics), or SATA (Serial AT Attachment) have similar concepts of “first”, “second”, etc.

This is not the case with USB. USB devices have no concept of “first” or “second”. The USB ports on your computer aren’t numbered, at least not externally. You could plug the same device into any USB port and it should work just the same. USB device names are assigned on a first-come, first-served basis. The first drive to be ready gets to be “sda”, the next one “sdb” and so on. If you plug in a third device, you could expect it to be called “sdc”.

If you only have one drive, then it would obviously always be called “sda”, and there’s no problem, but since you’re building a server, it’s conceivable, and even likely that you will eventually end up with more than one hard drive attached to it. Perhaps one drive will house videos, and another one will have music on it.

Even if you don’t see a need for that yet, you’ll end up filling up a drive eventually, and you’ll want to add another one. As soon as you add more USB drives, however, you can’t count on their names being the same every time the machine starts up. As a result, drives may end up mounted in the wrong places, and programs won’t find their files where they expect them to be because the drive that used to be “sda” was a little slower off the line one morning and got stuck with the name “sdb” instead.

Let’s take care of that particular problem before going any further.

Format the hard drive

If the drive you’re planning to use already has stuff on it, then back its contents up somewhere. and restore them when you’re done. This approach calls for nuking and repaving the whole hard drive.

Caution: Even if you wanted to live dangerously and manipulate the partitions in place, I wouldn’t do it without a backup copy first. There are just too many things that could go wrong. What if the power went out partway through the process? Don’t risk it. Just copy your stuff to another drive, and copy it back when you’re done.

The key to fixing the device naming problem requires us to have a specific kind of partition table called a GUID Partition Table. This is different than the older Master Boot Record which is used by most smaller drives or older Windows machines.

In order to create a GPT, you’ll need to use Linux’s Partition Editor (parted) application. Raspbian already includes parted, so there’s nothing to install. Without hooking up the hard drive just yet, run it with the following command:

sudo parted

You should see something almost, but not quite entirely unlike a command line. To see a list of all the known devices and partitions, type “print all”. Parted should print out a table with two rows similar to this:

RPHS2016.06.03-Parted.PNG

The rows in the table represent the partitions. The columns will tell you where each partition begins and ends, how large it is, and what kind of filesystem it contains.

If you see more than one table at this point, then you probably have another drive plugged in somewhere. I strongly advise shutting down and removing all drives other than the SD card before continuing.

The SD card in the image above was created using the Raspbian image file, and has two partitions on it, a small “boot” partition, and the root filesystem partition. If you started by using NOOBS, which you really shouldn’t, then you probably have five partitions. Future releases could divide things up differently, so don’t worry if your output doesn’t look like the example.

I’ll say it again here, but I really don’t recommend building a server from a NOOBS image. NOOBS is convenient for experimentation and classroom use, but it complicates a server build without adding anything of value.

Attach the hard drive

Shut down, plug your external drive into a free USB port on the Raspberry Pi, and restart.

Note: You could try plugging in the drive with the Pi running, but unless the drive has its own power supply, this might draw too much power and cause the Pi to restart involuntarily.

If you’re booting to the desktop, then there’s one more thing you need to do. When running the desktop, the Pi will auto-mount devices in a folder called “media” under the root. Take a look at what’s there now.

ls /media/pi

You’ll see different stuff depending on what the drive used to be used for. The point is that the drive is “mounted”, and that’s going to prevent us from formatting it easily. If your drive has more than one partition on it, you can expect to see more than one thing in the /media/pi folder.

Un-mount the devices one at a time like this:

sudo umount /media/pi/NAME

Where “NAME” is the name you saw listed above.

You can also do this from the desktop using the “File Manager” application. Open it by clicking the Menu icon, then “Accessories”, and then “File Manager”. At the top of the left pane should be a drop-down labelled “Directory Tree”. Switch that to “Places”, and any mounted devices should show up at the bottom. Right-click on your devices and then “Unmount”.

Run parted again

sudo parted

List the known partitions again.

print all

This time, you should see two tables like this:

RPHS2016.06.04-Parted.PNG In my example, the second one is the external drive, although the order is not guaranteed here.

Notice the headers above the tables. The header tells you information about the drive in general. In this case, the header tells us that the hard drive I’m using for this demo was assigned the name “/dev/sda”, that it’s 120GB in size, and that its partition table type is “msdos”. That means it’s using the old MBR-style partition table, and that’s not going to work for this server.

Select the external drive by typing “select /dev/sda”. Type “print” all by itself to make sure. You should see the second table from above again. Read the header carefully, and make sure it’s referring to the external drive, because you’re about to blow away the partition table.

Create a new partition table with the command “mklabel gpt”. Read the warning carefully, and make sure it refers to “/dev/sda”.

RPHS2016.06.05-Parted.PNG

Answer “y” to the prompt, and in a few seconds, you will have a nice blank slate to work with. Check the results with another “print”. The header should now say that the partition table type is “gpt”, and there should be no partitions on it.

RPHS2016.06.06-Parted.PNG

Create new partitions

Next, you’ll need to create two new partitions; one to hold the root filesystem, which I will cover later on in the series, and one to hold your data. You could make one big partition, combining the root filesystem and data storage in one, but there are some benefits to keeping the data partition separate. The root filesystem must be formatted using Linux’s native filesystem, ext4. The data partition, however, can be any type you want, which means you can pick something that other, non-Linux computers will understand.

Root Partition

This is where Linux and your programs will go later on in the series. You can think of it as Windows’ C: drive. The size is up to you, but 16GB is probably fine for the simple server described in this series. If your existing SD card is larger, or you are planning to install a lot of programs, go bigger. Just make sure the partition is at least as large as the SD card you are currently using.

Create a new, partition starting at the beginning of the drive:

mkpart os 0gb 16gb

Substitute your own value for 16gb so that it matches or exceeds the size of your SD card. I recommend going slightly larger than your SD card, myself, just to be sure everything fits. I typically build on an 8GB card, but create a 16GB partition on the drive.

Data Partition

This is where you’ll put your “stuff”, and it should take up the rest of the available drive space. The mkpart command can interpret the beginning and ending parameters in a variety of different formats. Use this ability to create a second partition that begins where the first partition ends, and takes up all the rest of the space on the drive:

mkpart data 16GB 100%

Finally, use the “print” command again to see the results.

RPHS2016.06.07-Parted.PNG

That’s it for the partitions, so type “q” and press enter to exit parted. You can ignore the warning about updating /etc/fstab for now. We’ll get to that soon enough. You now have two partitions, but they’re completely blank at this point.

Format the data partition

Before you can store anything on a partition, you need to format it. Choosing NTFS as the filesystem will allow you to simply plug the drive into any Windows, MAC, or Linux desktop computer and manipulate the drive contents. This can be especially helpful for loading up large amounts of data, such as the family’s music and photo collection, without having to squeeze it all through the network connection. If your main computer is a Mac or another Linux machine, then this may not matter as much to you since those systems understand ext4.

Format the second partition as follows, filling in whatever name you want the partition to have. I’ve called mine “Data”.

sudo mkfs.ntfs -Q -L Data /dev/sda2

Note: Don’t forget the –Q (Quick) or you’ll be waiting around a while.

At this point, I would shut down the Pi, attach the hard drive to your regular computer, and make sure you can read the partition. In some recent versions of Windows, partitions formatted as NTFS on a Linux system may fail to mount. This has happened to me on some drives and not others, so make sure you check yours before moving forward. If the drive doesn’t show up in Windows, start up Disk Management (Windows key, type “disk”, and click on “Create and format hard disk partitions”). Find the data partition you created above, right-click on it, and let Windows format it itself. This will ensure you have the best compatibility moving forward.

Uniquely identifying a filesystem

Warning: Because the next section involves copying around large strings of unmemorizable data, I recommend performing the steps through a remote SSH window, or from a terminal window on the desktop either directly or via VNC. The Ids you’ll need to copy need to be copied verbatim, letter for letter, or you’ll find yourself unable to boot, and you’ll have to start over again from your last backup.

As I mentioned earlier, just because the data partition is called /dev/sda2 right now doesn’t mean that it will have that name in the future if you add more drives to the system. What we need is a way to uniquely refer to this drive no matter what letter it get assigned on any given day.

This was why we built the drive with a GUID Partition Table. Each partition on a GPT device is assigned a universally-unique identifier (UUID).

Note: The difference between GUID and UUID is not important here, they are, for all intents and purposes, the same thing; a very long, randomly-assigned number.

Instead of identifying the filesystem’s partition by location, we want to refer to it by Id so that it can be found no matter what order the drives were discovered in. Use the “blkid” comman to find out more about /dev/sda2 (the data partition):

sudo blkid

You should see a listing of information about all of your drives and their partitions, like this:

RPHS2016.06.08-blkid

The piece of information we’re interested is the “UUID” of sda2. In my case that’s on the next to last line of the above screenshot, not the “PARTUUID” on the last line. If you partitioned your drive differently, for instance putting the big partition first, then you’ll need to adjust accordingly. You can double check this using parted and the “print all” command again to be sure.

Note: PARTUUID uniquely identifies the partition, and will come into play later on when we boot from the hard drive. “UUID” identifies the filesystem on that partition, and it’s what we need for mounting.

Take a picture, write it down very carefully, or select and copy the text if you are doing this through a remote terminal connection like I am. If you’re on the desktop directly or through VNC, you could also open up the built-in desktop text editor, and paste the UUID there. You can find it at Menu -> Accessories -> Text Editor.

Mounting filesystems

Linux has assigned the name /dev/sda2 to our data partition, but you can’t just use that name to refer to it. In the Linux world, you first need to tell the OS where that filesystem belongs in the grand scheme of things. To do this, you’ll need to edit the filesystem table. This file controls what gets mounted where, and in what order. Take a look at the current contents.

cat /etc/fstab

RPHS2016.06.09-fstab.PNG

The second line is the boot partition, where things like config.txt and cmdline.txt live. The third line is the root filesystem, which you can tell by the “/” in the second column. At this point, it’s loading from the 2nd partition on the SD card (mmcblk0p2). We’ll come back to this in a later post and change it to the OS partition on the hard drive.

Edit the fstab file:

sudo nano /etc/fstab

Add a new line after /dev/mmcblk0p2, but before the comments. The first column identifies the partition. You’ll need to use the format “/dev/disk/by-uuid/” and then the UUID you copied down above. Press TAB, and the path to the location in the filesystem where you would like the partition to mount. I recommend /mnt/data. Tab again, and specify the filesystem type. If you’re using NTFS, just put the letters “ntfs”, if you’re using ext4, type that. Tab again and type the word “defaults”. Tab again and type a zero, then another tab and another zero.

The end result should look like this:

RPHS2016.06.10-fstab.PNG

NOTE: I’ve replaced the tabs with spaces to fit it on one screen, either one works just as well. You can pretty up the columns so they line up if you like.

Exit Nano, saving your changes (ctrl-x,y,enter)

The next time the system reboots, it will try to mount the hard drive at /mnt/data. Before that can succeed, you need to create a folder in that location. You can think of it as a placeholder where the actual drive will appear later on.

sudo mkdir /mnt/data

To prove that the drive mounts successfully, create a file in the new folder using the “touch” command.

sudo touch /mnt/data/placeholder

Look at the folder’s contents

ls /mnt/data

You should see a file called “placeholder”. If you ever look in this folder and see that file, it should act as a warning that the drive has not mounted properly.

That’s it. you’re ready to reboot the Pi, and start using your new data drive.

sudo reboot

When the system has rebooted, look at the contents of /mnt/data again.

ls /mnt/data

Instead of the placeholder file, you should see an empty drive. If you formatted the drive as ext4, you’ll see a lost+found folder, but nothing else. If you see the placeholder file, then something has gone wrong. Verify your changes to fstab, and see if you skipped a step, or used the wrong UUID above.

Wrapping up

You now have an external drive to store your stuff in, and it should mount in a predictable place every time the server reboots. The next few posts will start taking advantage of this new storage space.

Shut down the Pi, and take a backup of the SD card.

What’s next?

In the next post, we’ll put the new drive to work sharing files over the local network.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 46 Comments

Raspberry Pi Home Server v2: Remote Desktop

Posted on December 11, 2016 by Mel Grubb

Please refer to the series Introduction for a list of all the different posts in the series.

Thank you!

So far in this series, we’ve set up the Raspberry Pi for remote login via SSH. Sometimes, though, you just want to see a desktop, and that’s not easy when the computer you’re trying to see has no monitor, keyboard, or mouse.

Adding remote desktop abilities to the Raspberry Pi is now trivially easy. Since the introduction of the Pixel desktop, Raspbian images have had a RealVNC server built right in. All you have to do is enable it.

If, for some reason, you don’t like RealVNC, or don’t want to use the latest version of Raspbian, you can still go back and read my instructions for installing X11VNC in the previous version of this post.

Enabling RealVNC

First things first. You can’t remote in to the desktop if it’s not running. For servers, I usually like to leave the desktop disabled, and set the computer to boot to the command line (CLI). This frees up resources for the other programs that I’m running. With the Pi 2 and 3, this becomes less of an issue, and the desktop environment really isn’t that much of a drag. The choice is yours, but I’m going to leave my Pi booting to the desktop for the moment, but I’ll walk you through two different ways to enable the RealVNC server.

Method 1 (if you’re booting to the command-line)

If your Pi is set to boot straight to the desktop, then you can skip this section and move on to Method 2.

If the Pi is still hooked up to a monitor and keyboard, you can do this directly from the Pi itself. Mine is not, so I’ll be connecting via SSH using PuTTY. Either way, log in, get to a command line, and run raspi-config.

Note: With the November 2016 release of Raspbian, SSH is disabled by default. If you want to log in remotely via SSH, make sure you run raspi-config and enable it before removing the monitor and keyboard,

sudo raspi-config

Go to “Advanced Options”, and then select the “VNC” option.

At the prompt, select “Yes” to enable the VNC server. You’ll get an acknowledgement that the server was enabled, which you can dismiss, and then select “Finish” to exit raspi-config.

If you’re reading this section, then I assume your pi boots to the command line, so there’s no desktop to see right now. You need to get the desktop running before there will be anything to look at. Interestingly, the RealVNC server’s background process (or daemon in *nix terms) is running even though the desktop isn’t. If I try to connect the VNC viewer now, it’ll connect just fine, but I’ll see nothing but black.

To start up the desktop, I’ll need to run it manually from the command line like this:

sudo startx

This will start up the desktop, and suspend the command-line window until I shut down the desktop. It should look something like this:

Don’t worry about that “FATAL” message at the bottom. It says that to everyone.

At this point, the desktop should be up and running, and you can skip ahead to the “Connecting a Viewer” section.

Method 2 (if you’re booting to the desktop)

If you’ve left the Pi booting to the desktop, the process is pretty much the same except that we’ll be using the desktop version of raspi-config.

Note: You could still open a terminal window and run the command-line raspi-config as well, if you like.

The RealVNC server can be turned on from the desktop by clicking on the Menu button, then “Preferences”, and then “Raspberry Pi Configuration”.

Go to the “Interfaces” tab, and select “Enable” on the row labelled “VNC”.

Click OK to exit the configuration tool, and that’s it. Your VNC server is ready to go. Notice that my screenshots above have a “VNC” logo in the upper-right. I’m using VNC to get my screenshots at this point because it’s just easier that way.

Connecting a Viewer

Now that the Pi is set up to share its screen, and the desktop is running, you’ll need a “viewer” in order to see it. Since the Pi is running a RealVNC viewer, the most painless way to connect is with a RealVNC viewer application, which you can download here. Download the version appropriate for your regular computer.

I can’t make observations about all of the platforms the viewer is available for, but I’m a Windows user, and the Windows version of the RealVNC viewer is a portable application that requires no installation. You just download it, run it, and tell it what to connect to.

The first time you run the VNC viewer, you’ll need to give it the address of the Pi. You’ll then be prompted to provide a name and password.

Use the same values you would to log in directly on the Pi, and a new viewer window should open up showing yet another login prompt. This time, it’s the same one you’d see if you were looking at a monitor connected directly to the Pi. It’s a little weird logging in twice, but if you check off “Remember password” in the “Authentication” dialog above, you can skip over the first of these two prompts in the future.

You can resize this window, or tell it to go full-screen. If you move it to a second monitor and go full-screen, you can hardly tell the difference between the VNC window and the real thing.

There’s a slight hiccup, though. If the Raspberry Pi wasn’t plugged into a monitor when it booted up, it will assume that since there’s nothing on the other end of the HDMI connection, you must be using the composite video output, and it will go into a low resolution mode that looks like this:

Cute, but not very useful. Fortunately, we can simply tell the Raspberry Pi what resolution to use, and it won’t try to negotiate the best resolution with the monitor anymore. Edit the main configuration file like this:

sudo nano /boot/config.txt

Look for the line that says “hdmi_force_hotplug=1”, and uncomment it by removing the pound sign from the beginning of the line. Do the same for the “hdmi_group” and “hdmi_mode” lines. You’ll need to provide values for them, though. You can find a pretty exhaustive list on the eLinux site. Pick something that fits comfortable on your primary computer’s monitor. I’m using group 1, mode 4, which is 720p. It gives enough space to read, but fits on my monitor without taking over the whole screen.

Just to prove the point, I made these edits while connected to the too-small virtual desktop, and you can see from this screenshot that the default resolution is waaaay too small to be very useful.

Save your changes and exit nano by pressing Ctrl-X-Y.

Shut down the server, and if you haven’t done so already, unplug it from the monitor. Restart the server by reconnecting the power. Now, when you connect via VNC, the virtual screen will be a much more reasonable size.

When you’re done, you can log out of the Pi by clicking on the Menu button, then “Shutdown”. Depending on whether you boot to the desktop or the command line, the dialog you get will be slightly different. For those that boot to the desktop, the last option will say “Logout” like this:

Clicking on “Logout” will log you out of the Pi, but won’t close your connection to it. You should see the login prompt again. At this point, it’s safe to just close the VNC viewer window.

If you have your Pi configured to boot to the command line, and had to manually start up the desktop, then the last option on the Shutdown dialog will say “Exit to Command Line” instead.

Clicking on “Exit to command line” may not look like anything has happened because the VNC viewer window will just keep showing that last image of the desktop it ever got, but if you try to interact with anything on the desktop now, you’ll find that it’s no longer listening. You’re can just go ahead and close the VNC viewer window. You’ll notice that your command prompt in your SSH windows has come back now, though.

You can continue using the command line via SSH, or disconnect from there as usual.

Wrapping up

You’ve reached another milestone, and I strongly recommend politely shutting down the Raspberry Pi (sudo shutdown –h now), and taking another backup of the SD card.

What’s next?

In the next post, we’ll add a hard drive, so we have a place to keep stuff.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 6 Comments

Raspberry Pi Home Server v2: Network Configuration

Posted on December 11, 2016 by Mel Grubb

Please refer to the series Introduction for a list of all the different posts in the series.

Thank you!

Now that you’ve turned your Raspberry Pi into a working computer, it’s time to get connected.

Prerequisites

A Raspberry Pi with the Raspbian Linux distribution installed as described in the “Installing the OS” post earlier in this series.
You should be logged in as the “pi” user account.
You need to be at a command prompt. If you set your Pi up to boot to the command line, then you’re already there. If you set it up to boot to the desktop, then you’ll need to open the Terminal program.

Assigning a static IP address

Since this series is about turning the Raspberry Pi into a server, it’s important that it have a consistent IP address so that you can connect to it, and so that you can tell your router where to redirect traffic for things like web traffic or other services. There are two ways to accomplish this.

Method 1: Let the Router Do it

You can use your router’s configuration to permanently “lease” an IP address to a specific device. In other words, you tell your router to always hand out the same IP address to the same device when asked. There are definite advantages to letting your router handle the IP assignments. It centralizes the management of network resources in one place, rather than distributing that configuration across the various devices on the network. Also, there are certain Universal Plug and Play (UPnP) functions that work better if the router is in charge of handling out the IP addresses.

This is the method I use, personally. Instructions for how to configure an individual router vary by manufacturer and model, so I won’t cover them in detail here, but the gist of it is that you associate an IP address with the hardware MAC address of the network card built into the Raspberry Pi.

To get the MAC address, type the following at the command prompt:

ifconfig

The result should look something like this:

The MAC address appears on the first line, next to the label “HWaddr”. Follow the directions for your specific router, and assign a permanent IP lease to this MAC address. Make sure it’s not in the range that the DHCP server uses as it’s “pool”. For my router, everything from 100-255 is the DHCP pool, so anything below 100 is fair game for leasing or static assignment.

Method 2: Let the Pi Do it

The second method is to configure the IP address directly on the Raspberry Pi itself. Here is where you will first start to see the difference in attitude from the Windows world to the Linux world. Windows is about convenience and ease of use for the average non-technical user. Linux is all about highly-knowledgeable users tweaking things exactly the way they want them. Linux settings are stored in plain text files in ordinary folders. The trick is mostly in knowing which settings go in which file, and where it lives.

The Jessie release of Raspbian changed how static IP addresses are configured, so this part is a bit different than in the previous version of this series.

Just like with the router’s DHCP lease-based example above, you’ll need some information first. Type the following at the command prompt.

route -n

You’ll see something like this:

RPHS0302-route

Write down the Gateway address. It’s on the line with the “Flags” value of “UG”. This is usually the address of your home network router. In my case it’s 192.168.1.1

Next, edit the “dhcpcd” file. If you have been building Raspberry Pi servers for a while, you’ll notice that this process is different than it was under the older “Wheezy” release of Raspbian.

sudo nano /etc/dhcpcd.conf

“nano” is a text editor that is included in Raspbian, and is convenient for making configuration changes. You need “sudo” to run it with elevated privileges because regular users aren’t allowed to edit system configuration files, and while it’s certainly above average, the “pi” user is just a regular user at the end of the day.

The dhcp configuration file will open in the editor, and should look like this.

Scroll all the way to the bottom of the file and insert the following lines, substituting the values from above, and the IP address you want the Pi to have where appropriate. For the last value (domain_name_servers), you have a few different choices.

For Google, use the value “8.8.8.8 8.8.4.4”
(Note the space between the first and second addresses)

For OpenDNS, use “208.67.222.222 208.67.220.220”
(again, with a space between the addresses)

If you don’t want to use either of those, you can use whatever your ISP provides you. You can find these addresses in the admin pages of your router, or you can just use the command “ipconfig /all” from a windows machine on your network to retrieve it.

interface eth0
static ip_address={DESIRED IP ADDRESS}/24
static routers={GATEWAY ADDRESS}
static domain_name_servers={DNS ADDRESSES}

Hold down Ctrl, and press “x” to exit nano. It will prompt you to save your changes, press “y” to save them, and accept the default filename, which is the same as the file you loaded to begin with.

Before these changes will take effect, you’ll need to reboot the Raspberry Pi. Type the following and press enter to restart the server.

sudo reboot

Note: If you had just typed “reboot” without the “sudo” you would have been denied. Regular users are not allowed to reboot a Linux machine. Remember that, like Unix, Linux can have multiple users logged in at the same time, and letting one of them reboot the machine when the others might be in the middle of something would be… rude.

Once the machine has rebooted, type “ifconfig” again to see the new configuration. You should see the IP address you assigned listed as the first item on the second row. In this example, the Pi has the IP address of 192.168.1.9.

Going headless

Now that the Raspberry Pi Home Server is located at a known address, you could disconnect the Raspberry Pi from its monitor and keyboard and do everything remotely. Actually, you could have done this a few steps ago, but it’s easier to connect when you know the IP address will be the same each time.

Find an SSH client program that you like, and use it to connect to the raspberry Pi. The particulars of configuring a connection will vary by program, but in Putty, all I need to do is provide the IP address of the computer I want to connect to and click “Open”.

At this point, you could disconnect the Raspberry Pi from your monitor and keyboard, hide it in a closet somewhere, and do the rest of your configuration remotely. I’d recommend leaving it hooked up, though, at least for now. You’ll be setting up a remote desktop a little later on, and it’s nice to have the visual feedback on the monitor to let you know things are working.

I’ll be performing the remaining configuration steps in this series remotely. It makes for better screenshots and is how I intend to interact with the server from now on anyway.

Wrapping up

You’ve reached another milestone, and I strongly recommend politely shutting down the Raspberry Pi (sudo shutdown –h now), and taking another backup image of the SD card.

What’s next?

In the next post, we’ll add remote desktop capabilities.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 3 Comments

Raspberry Pi Home Server v2: Trimming the Fat

Posted on December 11, 2016 by Mel Grubb

Please refer to the series Introduction for a list of all the different posts in the series.

Thank you!

Raspbian comes with a lot of applications pre-installed that make it ideal for its intended educational purpose, but are not needed for a server. This isn’t so much about space. All told, these packages don’t really take up that much room, but they do clog up the update/upgrade pipeline. You can just leave this stuff there, but eventually a large package like Wolfram or LibreOffice will have an update, and you’ll get stuck waiting longer than you’d like for an “apt-get upgrade” to complete. We can remove some of the items which will never be used on the server by using apt-get to remove the unneeded packages.

Note: You can pick and choose from the following items to remove one at a time, or you can cram them all together in one line. Skip ahead to the “everything” section near the end for an example.

Wolfram / Mathematica

sudo apt-get purge wolfram-engine

This one might take a little while, so be patient.

LibreOffice

LibreOffice actually consists of several different packages; Base, Calc, Draw, Impress, Math, and Writer. Fortunately, apt-get supports wildcards. Remove all of LibreOffice like this.

sudo apt-get purge libreoffice*

Minecraft

sudo apt-get purge minecraft-pi

Programming tools

If you’re not planning to use them, sonic-pi and scratch can go as well.

sudo apt-get purge sonic-pi scratch

Everything

If you want to get rid of all of these packages at once, all you need to do is add them one after another onto the end of the remove command. The following example is all one line, although it’s probably going to wrap on-screen.

sudo apt-get purge wolfram-engine libreoffice* minecraft-pi sonic-pi scratch

Cleaning up

Now that we’ve uninstalled unneeded packages, we can tell apt to remove the downloaded packages. I know it seems like the same thing, but it’s not. The downloaded packages are basically the installers. Not only don’t we want these packages, but we don’t want to keep their installers around, taking up space either.

sudo apt-get clean
sudo apt-get autoremove

Clean gets rid of the extra top-level packages, the ones you actually ask for when you say “apt get install foo”, and autoremove gets rid of their dependencies which are the supporting packages that you didn’t explicitly ask for, but were needed to support something that you did install.

Fixing the Menu

Now that some of these programs are gone, we’re left with “dead” icons in the menu bar, and within the menu itself. We’ll need to clean them up. Fortunately this is a lot easier than it was in the past. The Pixel desktop release of Raspbian seems to have learned to self-prune dead icons, so all you have to do is

sudo reboot

That’s certainly a lot better than the last time I tried this.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 1 Comment

Raspberry Pi Home Server v2: Installing the OS

Posted on December 11, 2016 by Mel Grubb

Please refer to the series Introduction for a list of all the different posts in the series.

Thank you!

Getting Started

The first thing any computer needs is an operating system. There are several Linux distributions (distros) to choose from. You can think of a distribution as an “Edition” of Linux. Just like Windows comes in Home, Business, and Enterprise editions (or whatever they’re called this week), each Linux distribution consists of the same core OS “kernel”, but with different combinations of additional features added. In the Linux world, these “features” could include things like the entire windowing system, so the differences between distros are a little more drastic than Windows editions, but you get the point.

In this series we’ll be building on top of Raspbian, which is a Raspberry Pi variation of the Debian Linux distribution. It is available from the Raspberry Pi Foundation’s download page as an image file.

Note: At this point, you can follow the directions at the Raspberry Pi Foundation’s own help pages. The tutorial there is very complete, and has videos to explain the process in greater detail than I’ll be going into here. In the interest of being complete, I’m going to summarize the instructions here as part of the series.

Prerequisites

A Raspberry Pi, power supply, etc.
An HDMI or composite monitor, keyboard, and a mouse (optional)
A wired network connection
An SD card of at least 8GB. If you plan to boot from a hard drive, as covered later in the series, then you don’t need anything bigger than this.

Create the SD card

Go to the Raspberry Pi Foundation’s download page, and get the current Raspbian image. You can download this directly, or you can save the foundation some bandwidth costs and download via BitTorrent.

Get a copy of Win32DiskImager or HDD Raw Copy, and use that to write the image file to your SD card. These days I prefer HDD Raw Copy because it can create compressed backups of an SD card in one step.

More detailed instructions for multiple operating systems are available from the Raspberry Pi Foundation’s site. When you’re done, eject or “safely remove” the SD card from your computer.

First Boot

Hook the Raspberry Pi up to your monitor, network, keyboard, and mouse. Insert the SD card you prepared above. Finally, plug the power supply into the Raspberry Pi. You’ll see a screen with some Raspberries in the top-left corner, and some text beneath them.

Pretty quickly, the whole screen will be replaced by a splash screen like this.

The splash screen is new as of the 2016/09/23 release, and gives us some useful information about the version of the OS in the lower-right corner, as well as a kind of one-at-a-time series of status messages in the lower left. After a while, this screen will be replaced with the Desktop.

Your wallpaper may be different than mine depending on the release you’ve installed. Also, if you don’t like the image, you can always change it. Use the “Appearance” application under Start -> Preferences -> Appearance Settings. You could right-click the desktop and choose preferences from there, but that’s actually a separate, older program, and your wallpaper won’t carry over to the login screen. Using the Appearance application will keep everything in sync. If you want your old Raspberry logo wallpaper back, you can find it at /usr/share/raspberrypi-artwork/raspberry-pi-logo-small.png

Update All the Things

Before you start getting moved in, you should update the software that’s on the Pi so far. Depending on how long it’s been since your image file was created, many of the pre-installed programs may have already released updates and/or bug fixes. Lets get them all up to date. This is easily done from the command line.

We’re going to use APT to update the installed software. APT stands for “Advanced Packaging Tool”. APT is actually a suite of different tools, but the one we’ll be concerned with the most is apt-get, and its job is to install and maintain software packages along with any other packages that they depend on. Throughout this series, we’ll use apt-get to install nearly everything we need.

Open a command prompt by clicking on the Menu button in the top-left corner of the screen, then hover over “Accessories”, and then click on “Terminal”. You should see a black window with a prompt in it like this:

Note: The Terminal program is also available from the toolbar at the top of the screen. In my screenshot above, it’s the fourth icon from the left, including the menu button itself.

The first apt-get command we’ll use tells apt-get to update its list of available software packages by downloading fresh lists of packages from a variety of sources over the internet. It’s important to do this first so that apt-get has an accurate picture of what the most recent version of each package is. Even if your OS image was made fresh yesterday, the software packages included in it are being constantly and independently updated on their own schedules.

At the prompt, type the following:

sudo apt-get update

Wait for this command to complete. Depending on the speed of your Pi, and the speed of your internet connection, this might take a few minutes. When you’re done, it should look something like this:

The next command, “upgrade” tells apt-get to take the version information it just retrieved using the update command, and figure out what changes to make in order to bring everything up to date. Even if the image you just burned was released this morning, many of the packages it contains may have been updated since the image was locked down for release.

Note: This is actually an ideal time to take a side-trip to the supplemental post “Trimming the Fat”. You may want to go read and complete that task before continuing in order to prevent upgrading a lot of packages you won’t even end up using.

sudo apt-get upgrade -y

The “-y” tells apt-get not to stop and ask before continuing. Without the “-y”, apt-get would list out the proposed changes, and ask you to confirm them before actually making any changes. Again, depending on how long it has been since your OS image was created, this step might take a while. My upgrade took quite a long time. Be patient, it’s worth it.

Some of these changes will require a reboot before they become effective, so we’ll do that now. You can do this from the desktop menu, but since we’re already at a command prompt, let’s just do it from there.

sudo reboot

Once the system has rebooted, it’s time to start configuring and customizing the Pi. Click the Menu button in the top left, and select Preferences -> Raspberry Pi Configuration.

This will open a modern, graphical, and more convenient version of the command-line “raspi-config” program that we used in the past. This program allows you to make changes to the configuration of the OS itself, and certain hardware settings. We’ll use it to start “moving in” to the fresh OS.

Expand Filesystem

OS Image files are typically shrunken down to their bare minimum in order to take up less room, so if you put a 4GB image on a 16GB SD card, you’ll need to expand the file system to get the other 12GB of space on the card back. As of the 2016-09-23 release, this resizing should be done automatically the first time you boot the system, but we’ll do it just to be sure, and also because this behavior could possibly change in later releases.

Click on the “Expand Filesystem” button, and you should see a confirmation dialog like this.

Click OK to dismiss the dialog. We won’t be rebooting the server just yet, though. We’ll finish the initial configuration first, and then reboot when we’re done.

Before we set the rest of the system options, and especially before setting a password, let’s make sure the localization settings are right, otherwise you may have trouble with the password, especially if your password contains special characters. Certain key combinations on the default British English keyboard may not match your preferred settings, and you might not be able to get in if you don’t do this first. For instance, if I hit the backslash key on my keyboard right now, it will type the # character instead. You can see how this would be a problem if I wanted a backslash in my password.

Localization Options

The last tab is for setting various language and keyboard options. Click the “Locale” button, and change the drop-downs in the resulting dialog to match where you live. I live in the United States, so my settings look like this:

Next, set your time zone. The Pi doesn’t have a battery-backed clock onboard, so it needs to sync up with an internet time server every time it boots up. It needs to know its location in order to get the offset correct.

Next, you’ll need to tell the Pi what kind of keyboard layout you’re using. If you don’t set this up correctly, you’ll find that some of the keys on your keyboard won’t work the way you expect. I’m using a US layout keyboard, so my settings look like this:

Type your intended password in the box, just to make sure it comes out the way you intended, and then click OK to dismiss the Keyboard Layout dialog.

There’s one last option on the Localization tab, and that’s “Wi-Fi Country”. This was added after the release of the Raspberry Pi 3, which has on-board Wi-Fi. If you plan to use the on-board Wi-Fi, then you’ll need to set up a country for that as well since the standards vary slightly from country to country. I don’t recommend running a server over Wi-Fi if you can help it, but the option is there if you need it.

Now head back to the “System” tab, and we’ll pick up where we left off.

Change password

By default, the Raspbian OS defines a user named “pi”, which we’ll be using to do all of the configuration and setup in this series. The pi user’s default password is “raspberry”, but since “pi” is an all-powerful administrative user, you’ll want it to have a different password than everyone else’s, right? Click the “Change Password” button, and enter the default password once and your new password twice in the dialog.

Important: If you’re planning to use any “special characters” in your password, make sure you’re gotten the keyboard localization squared away before changing your password. In fact, open up the text editor (Menu -> Accessories -> Text Editor) and try typing your password there first, just to make sure it comes out the way you intended. Not all the keys map to the same symbols on the different keyboard mappings.

Note: You may or may not be prompted for the current password, depending on the specific image you burned. In this screenshot, I was not prompted for the existing password.

Other “System” options.

There are several other options that can be set up on the “System” tab of the configuration dialog. Let’s walk through them one at a time.

By default, every Raspberry Pi is named “raspberrypi”. Since you may end up with multiple Pis on your home network, you will need a way to tell them apart. Fill in a new name for your server in the “Hostname” box. I call my own server “RPHS”. You are, of course, free to call yours whatever you want, but you’ll need to adjust configuration settings accordingly later on in this series.

The Raspberry Pi Home Server will spend most of its life disconnected from any kind of monitor, so there’s no need to boot to the desktop every time the machine starts up. A Raspberry Pi 2 or 3 has plenty of horsepower though, and booting to the desktop makes it much easier to “remote into” the server later on for maintenance, so I’m going to leave my Pi booting to the desktop for now. You can always change this setting later on if you like. Just remember that when future articles tell you to type a command, you’ll need to do that from the Terminal.

You can continue to let the Pi automatically log in as the “pi” user if you want, but since this is a server you should probably disable this option. There usually won’t be anyone using the Pi directly anyway. Uncheck the “Login as user ‘pi'” option to tell the Pi to prompt for a name and password rather than just logging in automatically.

Out of the box, the Pi will try to boot as fast as possible, without waiting for the network connection to be complete. A server isn’t much use without a network, so it’s probably better to tell the Pi to wait for the network connection to come up before continuing. Check the “Wait for network” checkbox to tell the Pi to wait until it has established a network connection before performing most of its boot-up routine.

The Underscan setting won’t affect anything once the Pi is no longer attached to a monitor, but I have disabled it in order to get better looking screenshots. If the image on your monitor has black bars all the way around it, then you might want to try toggling this setting and see if you like the resulting image better. If not, you can always set it back again.

That’s everything you need on the “System” tab. The end result should look something like this:

Performance Options

There are only two settings on the Performance tab. The “Overclock” setting lets you squeeze a little more speed out of your system.

CAUTION: The ability to overclock varies from board to board, and is affected by your power supply as well. If you are using some old leftover cell-phone charger you happen to have lying around in a drawer, this may not work for you. If you’ve invested extra money in a high-quality power supply, you’ll probably have better luck. Until you know how your particular combination of components will behave, it’s probably safest to leave it running at its default. You can always come back and change it later on, once you have everything stabilized.

My particular board and power supply have proven themselves to be a reliable pair, so I’m going to turn it up to the maximum of 1000 MHz. I’ve also turned the “GPU Memory” down to 32 since I don’t plan to use the graphical desktop very often. In fact, after this initial configuration, the only part of this course that will require the desktop is CrashPlan. I could probably go even lower than 32, but this setting has worked well for me.

Note: If you’re using a Pi 3 or Zero, then the overclocking option will be grayed out and unavailable.

Interfaces

Starting with the November 2016 release of Raspbian, SSH has been disabled by default in an effort to tighten security. If you’re intending to go headless and connect remotely, you might want to turn SSH back on. If you think you’re only going to use the full remote desktop, then you can leave SSH turned off. It’s up to you, but I always enable SSH and give the Pi user a new password.

If you want to be able to use the remote desktop functionality, then make sure you enable VNC. We’ll come back to this in a later post.

Finished

Click the “OK” button on the Configuration dialog, and you’ll be prompted to reboot the system:

Click “Yes” to reboot the Raspberry Pi and apply the new settings.

Second Boot

When the Raspberry Pi reboots this time, it will be ready to use. It doesn’t have a lot of programs installed so far, but it’s a starting point. If you disabled “Logon as user ‘pi'” like you should have, then you’ll need to type the user’s password when prompted.

If you disabled booting to the desktop, then you should see a login prompt similar to this:

RPHS login:

Log in using the user name “pi”, and the password you set up earlier, or “raspberry” if you skipped that step… which you shouldn’t have.

A Quick Primer on “sudo”

In a Linux system, the main administrative user is called “root”, and root can do pretty much anything it wants, no questions asked. The “pi” user is a specially-privileged account, capable of doing things an ordinary user account can’t, but it isn’t as all-powerful as root.

You’ll see the command “sudo” used a lot in this series. It stands for “substitute user do”, and lets you run other commands as if you were a different user. If you don’t specify a particular user to impersonate, the “root” user is assumed. Only user accounts that have been specifically allowed can perform actions as the root user. The pi user is one of those accounts. Using “sudo”, the pi user can perform individual actions as if it were root.

Unlike the Windows world, which occasionally displays a “User Account Control” (UAC) prompt to make sure you really mean it before letting you do something potentially dangerous, Linux systems take a different approach, and require you to say up-front that you know what you’re doing by running those potentially dangerous commands as root by using the sudo command.

You could also log in as root, or give “pi” root privileges, but that’s way more dangerous. The use of “sudo” acts to stop you from doing dangerous things without at least acknowledging that you know they are dangerous.

Wrapping up

You’ve reached the first major milestone. The Raspberry Pi is now a fully-functioning computer. It has been localized, personalized, and brought up to date with the latest software releases. Now is the ideal time to take a backup.

Shut down the Raspberry Pi “politely” by using the menu, or with the following command at a terminal window.

sudo shutdown –h now

This tells the compute to shut down “hard”, and to do it immediately. There are a few different shutdown options, including the ability to schedule a shutdown for a specified time and date in the future. This is the command you’ll use most often, though. After the screen turns off, wait a few more seconds for the Raspberry Pi to finish up any last-minute tasks, make sure all the lights have stopped blinking, unplug the power, and transfer the SD card to your regular computer.

You can use any number of different programs to create a backup. The first, and most common, is Win32DiskImager. This is the program used earlier to write the Raspbian OS image to the SD card in the first place. Use Win32 Disk Imager, “Read” the contents of the SD card into a backup file for safekeeping.

I have been using a different program lately called HDD Raw Copy. It functions a lot like Win32DiskImager, but has the ability to compress the resulting image file as it goes. The raw image files created by Win32DiskImager are the full size of the SD card being backed up, even though the SD card contains a lot of empty space right now. A compressed image file will be much smaller, allowing you to keep more of them around.

I personally keep backups of each step in this build process so that when something changes or breaks, and I’m trying to update this series for my readers, I can jump right to the step I need. If you only intend to keep around one recent backup for safety, then compressing it won’t help you nearly as much as it helps me.

The steps for using HDD Raw Copy are pretty similar to Win32DiskImager. First, select the source of the data to be backed up. That would be your SD card.

Click the “Continue” button, and select the destination for the backup. This would be a file somewhere on your hard drive. Double-click the “FILE” option from the list, and pick somewhere to put the file.

Make sure to pick “Compressed Image” from the “Save as type” drop-down to save space. HDD Raw Copy can create raw .img files just like Win32DiskImager, but my 8GB card was backed up into an image that’s only 4GB.

Click “Continue” again to get to the next screen which will show a summary of the proposed backup operation. This is your last chance to double-check the settings. Once you are satisfied, click “Start” and wait for the backup to complete. When it is finished, exit HDD Raw Copy, eject the SD card, and return it to your Raspberry Pi.

I’ll recommend making these checkpoint saves after pretty much each post in this series. You can refer back to this post for the instructions if needed.

What’s next?

In the next post, we’ll configure the network so that your Pi stays put, allowing you to find and connect to it later on.

Posted in Computers and Internet, Home Server, Raspberry Pi | Tagged Computers, Home, Raspberry Pi, RPHS | 10 Comments