reapplying a reverted commit

So I made a booboo and already pushed a merge commit.
The merged branch had a few commits that where not ready for develop.
After reverting the merge one commit needed to be reapplied.
But a merge wont work, because it already is merged (and reverted).
What you can do is a cherry pick.

How I created the problem

git merge branch
git push origin develop

Here there was no way back, accept rebasing but that’s still out of my comfort zone (update dec-2019: still is).

How I solved it.

git revert eaf8c471 -m2
git cherry-pick fa9a6b0

Cherry pick just straight up applies the changes made in the files.
Where a merge applies the git changes.

Keep in mind this will only help if you need a handful of commits reapplied. Otherwise you will need to find an other way.
Or cherry pick a lot…

Setup Letsencrypt SSL on raspberry pi

I love letsencrypt. It’s free SSL, it’s safer because of the auto-renewal and it’s so easy to setup. No more emailing around validating company name and whatnot.

If you’ve followed the previous steps you would not have installed git, check with git --version When it gives an error install git first with sudo apt-get install -y git

Now get the letsencrypt software and prepare the folder which letsencrypt will use.

sudo git clone https://github.com/certbot/certbot /opt/letsencrypt
sudo mkdir /var/www/letsencrypt
sudo chown www-data:www-data /var/www/letsencrypt

Add the first part of the letsencrypt config to nginx sudo nano /etc/nginx/sites-enabled/example.com
Before the final } add this:

location /.well-known/acme-challenge {
    root /var/www/letsencrypt;
}

And reload nginx sudo nginx -t && sudo service nginx reload

Getting the ssl certificate

So now we can generate and validate the ssl certificates. With the command below.
The email-address is used only for checks and warnings so I recommend an email which you do check. And of course change the domain. We will get a certificate for both www and non-www domain.

sudo /opt/letsencrypt/certbot-auto certonly -a webroot --webroot-path=/var/www/letsencrypt/ --rsa-key-size=4096 -m letsencrypt@example.com -d example.com -d www.example.com

When running this the first time It might take a long time, just be patient. When it is done we add the certificates to the nginx configuration: sudo nano /etc/nginx/sites-enabled/example.com

listen 443 ssl default_server;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

sudo service nginx reload

Test if ssl is working on both www and non-www. If it’s working then the next step is forcing ssl all the time.

replace:

server {
    listen 80;
    server_name example.com www.example.com;

And replace it with:

server {
    listen      80;
    server_name home.janw.me www.home.janw.me;
    rewrite     ^   https://$server_name$request_uri? permanent;
}
server {
    listen 443 ssl;
    server_name home.janw.me www.home.janw.me;

    ssl_certificate /etc/letsencrypt/live/home.janw.me/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/home.janw.me/privkey.pem;

As usual reload sudo nginx -t && sudo service nginx reload

Autorenewel

certbot renew
https://caatest.co.uk/home.jwon.nlhttps://michael.lustfield.net/nginx/getting-a-perfect-ssl-labs-score

Installing Mysql/MariaDB on a Rapsberry Pi

Here we will install MariaDB. The performance is better and it’s more open source. There are a few differences but nothing you will notice during normal daily use.

Installing mariadb:

sudo apt install -y mariadb-server-10.3

Alternative if you don’t want to get out of your comfort zone use mysql.
Keep in mind the rest of these steps might vary a bit.

sudo apt install -y mysql-server

After it’s done check the version with mysql --version. It should be 10.3.17-MariaDB or higher.

Securing the installation

The biggest thing we need is a root password. We will do that and some other things.

sudo mysql_secure_installation

This will give the following steps.

  1. Set a long safe password.
  2. Remove anonymous users Yes
  3. Disallow root login remotely Yes
  4. Remove test database and access to it Yes
  5. Reload privilege tables now Yes

Creating a database and user

To create a database we are going to login to MySQL with the following command.
Because we use sudo and root we will not need to enter a password.

sudo mysql -uroot

We are going to create a database and a user and connect them.

CREATE DATABASE raspimain_db;

Next we create a user, be sure to replace the password!

CREATE USER 'raspimain_user'@'localhost' IDENTIFIED BY '%%SAFE_PASSWORD%%';

Then we need to connect the user to that database.

GRANT ALL PRIVILEGES ON `raspimain_db`.* TO `raspimain_user`@`localhost`;

Next we 2 commands are pretty self explanatory.

FLUSH PRIVILEGES;
EXIT;

To test if it worked login in to mysql with that user.

mysql -u raspimain_user raspimain_db -p

This time use the password you used to create the user. Check if the raspimain_db is in the list of databases.

SHOW DATABASES;

If it is use EXIT; to exit the mysql promt.

Opening a Raspberry Pi to the outside world

This part is a bit tricky. Because it’s depending on third parties. And they all work a bit different. The big stokes are the same for everyone but the how will differ a bit. This step can also be done later.

Opening the router to the outside world.

You need to login into your modem which your ISP provided to you. How to do that might differ per modem. But usually it will be an ip which start with 192.168.x.x To help you get started. A few pointers.

  • Inspect the modem. Look for passwords and model type.
  • Google the modem type, this will help with the ip and maybe the default login credentials.
  • Some still have default passwords, instead of random generated.
  • Call your ISP, it’s there modem they should be able to help.

Once you are in the modem settings we are going to do a thing called port-forwarding. I had a lot of problems figuring this out. Because of that I’m going to refer you else where. Keep in mind the following.

  • You will need to forward it to the hostname or the internal IP used by the Pi. If you need the IP see below to give a static IP. The hostname you can get with hostname.
  • The ports we are talking about should be 80 for http and 443 for https.
  • If you want too login to ssh remote secure your remote and forward port 22 for ssh.
  • You might need something called “TCP”
  • I needed to fiddle with a setting “DMZ Host”network
  • If you are struggling google port-forwarding with your modem

As I said this is really not my piece of pi, so here is a better guide: HowToGeek guide

Adding a domain name

First you will need to register a domain name. There are a lot of these registrars as they are called. I’m not going to recommend any because I registered all my domains at a Dutch company. One registered you will need to add a DNS A-record that will point to your home IP.

You can get your home network IP with the following command:

wget http://ipinfo.io/ip --timeout=3 --tries=1  -qO -

To test if your url is working run: ping example.com -c 5
It should return something like this, with your home IP:

5 packets transmitted, 5 received, 0% packet loss, time 1000ms

This blogs blueprint

Update dec-2019:

This article is now completely outdated.

Original:

I’ve had the idea for a blog for years. But actually bloging keeping it up is hard. So here is another go. This blog had no restrictions for me. So when setting this up I did some things I would(/could) never do anywhere else.
The biggest sin I commit is not having a development environment.
So how I this blog (being?) build:

Continue reading This blogs blueprint