reapplying a reverted commit

So I made a booboo and already pushed a merge commit.
The merged branch had a few commits that where not ready for develop.
After reverting the merge one commit needed to be reapplied.
But a merge wont work, because it already is merged (and reverted).
What you can do is a cherry pick.

How I created the problem

git merge branch
git push origin develop

Here there was no way back, accept rebasing but that’s also not very easy.

How I solved it.

git revert eaf8c471 -m2
git cherry-pick fa9a6b0

Cherry pick just straight up applies the changes made in the files.
Where a merge applies the git changes.

Keep in mind this will only help if you need a handfull of commits reapplied. Otherwise you will need to find an otherway.
Or cherry pick a lot…

Setup Letsencrypt SSL on raspberry pi

I love letsencrypt. It’s free SSL, it’s saver because of the auto-renewal and it’s so easy to setup. No more emailing around validating company name and whatnot.

If you’ve followed the previous steps you would not have installed git, check with git --version When it gives an error install git first with sudo apt-get install -y git

Now get the letsencrypt software and prepare the folder which letsencrypt will use.

sudo git clone /opt/letsencrypt
sudo mkdir /var/www/letsencrypt
sudo chown www-data:www-data /var/www/letsencrypt

Add the first part of the letsencrypt config to nginx sudo nano /etc/nginx/sites-enabled/
Before the final } add this:

location /.well-known/acme-challenge {
    root /var/www/letsencrypt;

And reload nginx sudo nginx -t && sudo service nginx reload

Getting the ssl certificate

So now we can generate and validate the ssl certificates. With the command below.
The email-address is used only for checks and warnings so I recommend an email which you do check. And of course change the domain. We will get a certificate for both www and non-www domain.

sudo /opt/letsencrypt/certbot-auto certonly -a webroot --webroot-path=/var/www/letsencrypt/ --rsa-key-size=4096 -m -d -d

When running this the first time It might take a long time, just be patient. When it is done we add the certificates to the nginx configuration: sudo nano /etc/nginx/sites-enabled/

listen 443 ssl default_server;

ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

sudo service nginx reload

Test if ssl is working on both www and non-www. If it’s working then the next step is forcing ssl all the time.


server {
    listen 80;

And replace it with:

server {
    listen      80;
    rewrite     ^   https://$server_name$request_uri? permanent;
server {
    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

As usual reload sudo nginx -t && sudo service nginx reload


certbot renew

Installing Mysql/MariaDB on a Rapsberry Pi

Here we will install MariaDB. The performance is better and it’s more open source. There are a few differences but nothing you will notice during normal daily use.

Installing mariadb:

sudo apt-get install -y mariadb-server-10.1

Alternative if you don’t want to get out of your comfort zone use mysql:

sudo apt-get install -y mysql-server

During this install you will get asked for a SQL root password. Choose a long secure password. You will need it later to make a database so also store it somewhere save.
If the root password wasn’t asked for run sudo mysql_secure_installation

After it’s done check the version with mysql --version. It should be 10.0.30-MariaDB or higher.

Creating a database and user

To create a database we are going to login to MySQL with the following command.

sudo mysql -uroot -p/etc/mysql/my.cnf

It will ask for the mysql password. After that the commandline will be different. We are going to create a database and a user and connect them.

CREATE DATABASE raspimain_db;

Next we create a user, be sure to replace the password!

CREATE USER 'raspimain_user'@'localhost' IDENTIFIED BY '%%SAFE_PASSWORD%%';

Then we need to connect the user to that database.

GRANT ALL PRIVILEGES ON `raspimain_db`.* TO `raspimain_user`@`localhost`;

Next we 2 commands are pretty self explanatory.


To test if it worked login in to mysql with that user.

mysql -u raspimain_user raspimain_db -p

This time use the password you used to create the user. Check if the raspimain_db is in the list of databases.


If it is use EXIT; to exit the mysql promt.

Installing Nginx on a Rapsberry Pi

In this step we are going to install a webserver (nginx). For those who are bit familiar with webservers you might wonder why we are not using apache? I myself are far more familiar with Apache but Nginx just has better performance. And on the not that powerful pi that is important.

Install Nxing

Like with php we want a newer version. So again we will use the buster source. It should install 1.13 (although 1.13 is the newest) To install nginx run the command:

sudo apt-get install -y -t buster nginx

Check the version nginx -v it should be version nginx/1.13.3 or higher

To test if it works enter the IP address in the browser. You should see this page. nginx-default-page

If you see an error most likely IPv6 isn’t supported. Open the nginx config file.

sudo nano /etc/nginx/sites-enabled/default

At the top you should see these lines

    listen 80 default_server;
    listen [::]:80 default_server;

Change them to:

    listen 80 default_server;
    #listen [::]:80 default_server;

Save then restart nginx.

sudo nginx -t && sudo service nginx reload

Then test the page again in the browser.

Setting up a site with php and url

First we will do some global settings open: sudo nano /etc/nginx/nginx.conf
At this part add the last line.

http {

        # Basic Settings

        client_max_body_size 64M;

Next open: sudo nano /etc/nginx/sites-enabled/default
Add at the end

upstream php {
    server unix:/tmp/php-cgi.socket;

Note: for the example I use replace that with the url you want to use. If you don’t have the url setup yet you can add it to you own host file. Or instead of the url use the IP-address of the Pi.

We will create our own vhost files. PS I’ll be using but use whatever you intend to use. Create the vhost file: sudo nano /etc/nginx/sites-enabled/

server {
    listen 80;

    root /var/www/;

    index index.php index.html;

    location / {
        try_files $uri $uri/ =404;

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;

Next create the folders needed. Set the rights of those files and add a test page.

sudo mkdir /var/www/
sudo mkdir /var/www/
sudo touch /var/www/
sudo chown www-data:www-data /var/www/ -R
sudo nginx -t && sudo service nginx reload

In that file add sudo nano /var/www/


Save and reload the webpage you should see this:

Now we have a basic and functioning webserver with php.
For security sake delete the index.php file

sudo rm /var/www/ 

Next we will install mysql and configure a database.

Installing PHP7.1 on a Rapsberry Pi

To get a big performance boost we will use PHP 7.1 instead of the older 5.6 which Rasbian still uses by default. But because this is the default we will need to do a few extra tweaks.

In the file sudo nano /etc/apt/sources.list at the end we add:

deb buster main contrib non-free rpi

After saving create the next file sudo nano /etc/apt/preferences. With the content:

Package: *
Pin: release n=jessie
Pin-Priority: 600

Again save. Make the system aware of this source list with

sudo apt-get update

Now we are ready to install PHP7 with all it’s modules:

sudo apt-get install -y -t buster php7.1-fpm php7.1-curl php7.1-gd php7.1-intl php7.1-mcrypt php7.1-mbstring php7.1-mysql php7.1-opcache php7.1-sqlite3 php7.1-xml php7.1-zip php-apcu

When done check it with php -v it should show a PHP 7.1.8 (or higher).
Now we need to add a few fpm things for nginx to work properly.

sudo nano /etc/php/7.1/fpm/conf.d/90-pi-custom.ini

And add:




Save and next open sudo nano /etc/php/7.0/fpm/pool.d/www.conf Search for $HOSTNAME and change.

;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

remove the ‘;’ at the start

env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp


Apply these changes sudo service php7.1-fpm reload

Now PHP is ready to use

RaspberryPi, Only allow ssh key login

This is the followup of Opening a Raspberry Pi to the outside world On the internet bots constantly try to hack servers. The Raspberry Pi is popular target. That’s why by default ssh is disabled nowadays.
To make this more secure we will only allow login by ssh key instead of a password. Ssh keys are a lot safer and you also won’t need to type/paste the password on login.

Open file: sudo nano /etc/ssh/sshd_config

Look for PasswordAuthentication
remove the # at the front and change the value to no.

PasswordAuthentication no

As a fall-back we will allow login in from the home network. So at the bottom of the file add. (the 4 spaces in front of the line matter)

Match address 192.168.*.*
    PasswordAuthentication yes

Restart the ssh service. sudo service ssh restart

ssh keys

Generate keys on the raspberry pi: ssh-keygen -t rsa -b 4096 -C "pi-webserver"
Just press enter for both the location and password.
Add your local key. Form your own machine mac/linux/windows.

Open File: sudo nano .ssh/authorized_keys

Paste your public key in this file.
For linux/mac you can find your public key with: cat ~/.ssh/

In a new terminal tab/window, try to login again. This way you can change things in the current tab. If something went wrong. You should login without needing to type the password. To check if the password is disabled you should try login in from a different computer and a different ip.

Opening a Raspberry Pi to the outside world

This part is a bit tricky. Because it’s depending on third parties. And they all work a bit different. The big stokes are the same for everyone but the how will differ a bit. This step can also be done later.

Opening the router to the outside world.

You need to login into your modem which your ISP provided to you. How to do that might differ per modem. But usually it will be an ip which start with 192.168.. To help you get started. A few pointers.

  • Inspect the modem. Look for passwords and model type.
  • Google the modem type, this will help with the ip and maybe the default login credentials.
  • Some still have default passwords, instead of random generated.
  • Call your ISP, it’s there modem they should be able to help.

Once you are in the modem settings we are going to do a thing called port-forwarding. I had a lot of problems figuring this out. Because of that I’m going to refer you else where. Keep in mind the following.

  • You will need to forward it to the hostname or the internal IP used by the Pi. If you need the IP see below to give a static IP. The hostname you can get with hostname.
  • The ports we are talking about should be 80 for http and 443 for https.
  • If you want too login to ssh remote secure your remote and forward port 22 for ssh.
  • You might need something called “TCP”
  • I needed to fiddle with a setting “DMZ Host”network
  • If you are struggling google port-forwarding with your modem

As I said this is really not my piece of pi, so here is a better guide: HowToGeek guide

Adding a domain name

First you will need to register a domain name. There are a lot of these registrars as they are called. I’m not going to recommend any because I registered all my domains at a Dutch company. One registered you will need to add a DNS A-record that will point to your home IP.

You can get your home network IP with the following command:

wget --timeout=3 --tries=1  -qO -

To test if your url is working run: ping -c 5
It should return something like this, with your home IP:

5 packets transmitted, 5 received, 0% packet loss, time 1000ms

Giving the raspberry a static IP

Your modem probably needs a ip for port-forwarding. You will want a static IP so you don’t need to change the IP after a power outage or whatever. First we need to collect some IP addresses. Be sure to make note them while collecting them.

netstat -nr


The interesting line is the second. Note all 3 of those. The first one is the one I’m changing in this example.

inet addr:  Bcast:  Mask:

Also note the destination ‘’ and Gateway ‘’.

I will change the current to The last digit can be changed to anything between from 0 to 255. But It is better to use a big number. Lets say we would change it to ‘’. But your desktop uses that same IP address. Then neither will be able to connect. So change it to a higher number, which is less likely to be used.

We now have all information, let’s apply the changes.
open file: sudo nano /etc/network/interfaces

This will open the file

Switch these lines

auto lo


#auto lo
auto eth0

Put a # in front of the line:

iface eth0 inet manual

Below that add:

iface eth0 inet static

My final interfaces file:

Now reboot and login with the new IP address


  • If for some reason you can’t login, try the old IP.
  • Go directly to the Pi hookup a screen and keyboard and check the IP ifconfig
  • Else open the interfaces file again directly on the pi itself.
    sudo nano /etc/network/interfaces
    And undo all changes.