install Apache2 on Rasperry PI

APACHE installation

Update RPI

Install Owncloud

enabele APACHE mod’s

proxy multicast stream over apache proxy with authentication

i configured an proxy for multicast to http

this you need for example for proxying traffic form Telekom home entertainment

add to crontab

initial creation for authentication

add an addtional user

add to vhost

enable mod’s on apache if not already done

modify the channel list like for telekom

 

WordPress autoupdater

install wp-cli -> http://wp-cli.org/

use this script

Funksteckdosen via Raspberry Pi via the terminal, Web Interface or control Siri – 433 mHz

occupancy

rpi2-pins

RaspberryPi Transmitter Receiver
Pin 2 / 4 (5V) VCC VCC
Pin 6 / 9 (GND) GND GND
Pin 11 (GPIO17) – RPi Nr.1 ATAD
Pin 13 (GPIO27) – RPi Nr.2 DATA (to the left of GND)

Software

We come now to the software. For this purpose, you must first start your Raspberry Pi, where everything has been assembled as described above. Connecting you should only times

perform. This your repositories are updated. Then git-core must be installed (if not already done anyway):

In order to realize the control of the transmitter, there is a project calledWiringPi. This it installed you on your Raspberry Pi as follows:

For our purposes,, to control the outlets there is already a project. This comes from xkonni and called Raspberry-Remote. Your installed it you so:

It's running, you have to you, nor the compile send.cpp, So type the following:

install a sniffer

For the pin assignment

test sniffers

Web Interface

Of course it is a bit awkward and uncomfortable, the whole always having to worry about the terminal / SSH. But no problem! Raspberry remote also provides the same Web interface with a matching. So you can use the, should her first time Apache and PHP install on your Raspberry:

Here we go to the Web Interface, what mitliefert xkonni directly. In addition I have the folder

a subfolder remote created. Then the contents of ~ / raspberry-remote / webinterface moved there:

Now still has in

File the IP address of Raspberry Pis to be adjusted: to simply use nano.

Deamon

Now is still missing, the daemon, accessed by the PHP script the web interface. For this we go back to the Raspberry remote directory: cd ~/raspberryremote and compile the daemon: make daemon
Now we can start this:

The & causes, that the process running in the background.

Now we can try our luck with the Web Interface: Therefore we call from another computer / mobile web interface via http://192.168.11.44/remote/ (Insert your IP) on. If it works and there are various outlets visible, then you have to now only in the config.php sockets named and possibly. the codes, etc. to adjust. The configuration should be self-explanatory.screenshot_webinterface

If you receive an error message such as "Switch out of range: GET /:XY "gets, do not worry! In the daemon.cpp are by default only the House Codes 00000 & 00001 & 00010 covered. This can, however, easily change. Go to back to the directory of Raspberry Remote (with me /home/pi/raspberry-remote/, also via

and opens the daemon.cpp with nano. Inside is the entry "nPlugs = 10;“, which you simply "nPlugs = 1110;“. then onsudo make daemon recompile and sudo ./daemon & start again. Now should work with you the web interface.

 

sources:

Let Raspberry Pi’s communicate with each other per 433MHz wireless signals

https://alexbloggt.com/funksteckdosen-raspberry-pi-teil1/

https://alexbloggt.com/funksteckdosen-raspberry-pi-teil2/

 

Further still have some other great projects found

OK Google, Switch to list -> https://blog.medienman.de/blog/2017/08/20/google-home-steuert-433-mhz-funksteckdosen/

letsencrypt on apache and linux

this is a small guide how to setup letsencrypt on apache and on linux

first we need to download a letsencrypt tool and move the sample config to the right position

configure the letsencrypt config file

/opt/letsencrypt.sh/config.sh

 

configure theletsencrypt alias for apache

/etc/apache2/conf.d/letsencrypt

configure the hook.sh file for reloading the apache

/etc/letsencrypt.sh/hook.sh

change the mod of this file

configure the domain file

/opt/letsencrypt.sh/domains

run letsencrypt

create a crontjob that the certs will be generated every week

vhost

rewrites

proxy pass

Errors

Create a Public Key Infrastructure Using the easy-rsa Scripts

The first step when setting up OpenVPN is to create a Public Key Infrastructure (PKI). The PKI consists of:

  • A public master Certificate Authority (CA) certificate and a private key.
  • A separate public certificate and private key pair (hereafter referred to as a certificate) for each server and each client.

To facilitate the certificate creation process, OpenVPN comes with a collection of RSA key manangement scripts (based on the openssl command line tool) known as easy-rsa.

Note: Only .key files need to be kept secret, .crt and .csr files can be sent over insecure channels such as plaintext email.

In this article the needed certificates are created by root in root’s home directory. This ensures that the generated files have the right ownership and permissions, and are safe from other users.

Note: The certificates can be created on any machine. For the highest security, generate the certificates on a physically secure machine disconnected from any network, and make sure that the generated ca.key private key is backed up and never accessible to anyone.
Warning: Make sure that the generated files are backed up, especially the ca.key and ca.crt files, since if lost you will not be able to create any new, nor revoke any compromised certificates, thus requiring the generation of a new Certificate Authority (CA) certificate, invalidating the entire PKI infrastructure.

Installing the easy-rsa scripts

Install the scripts by doing the following:

Creating certificates

Change to the directory where you installed the scripts.

To ensure the consistent use of values when generating the PKI, set default values to be used by the PKI generating scripts. Edit /root/easy-rsa/vars and at a minimum set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters (do not leave any of these parameters blank). Change the KEY_SIZE parameter to 2048 for the SSL/TLS to use 2048bit RSA keys for authentication.

Export the environment variables.

Delete any previously created certificates.

Note: Entering a . (dot) when prompted for a value, blanks out the parameter.

The build-ca script generates the Certificate Authority (CA) certificate.

The build-key-server script # ./build-key-server <server name> generates a server certificate. Make sure that the server name (Common Name when running the script) is unique.

Note: Do not enter a challenge password or company name when the script prompts you for one.

The build-dh script generates the Diffie-Hellman parameters .pem file needed by the server.

Note: It would be better to generate a new one for each server, but you can use the same one if you want to.

The build-key script # ./build-key <client name> generates a client certificate. Make sure that the client name (Common Name when running the script) is unique.

Note: Do not enter a challenge password or company name when the script prompts you for one.

Generate a secret Hash-based Message Authentication Code (HMAC) by running: # openvpn --genkey --secret /root/easy-rsa/keys/ta.key

This will be used to add an additional HMAC signature to all SSL/TLS handshake packets. In addition any UDP packet not having the correct HMAC signature will be immediately dropped, protecting against:

  • Portscanning.
  • DOS attacks on the OpenVPN UDP port.
  • SSL/TLS handshake initiations from unauthorized machines.
  • Any eventual buffer overflow vulnerabilities in the SSL/TLS implementation.

All the created keys and certificates have been stored in /root/easy-rsa/keys. If you make a mistake, you can start over by running the clean-all script again.

Warning: This will delete any previously generated certificates stored in /root/easy-rsa/keys, including the Certificate Authority (CA) certificate.

Converting certificates to encrypted .p12 format

Some software (such as Android) will only read VPN certificates that are stored in a password-encrypted .p12 file. These can be generated with the following command:

Checking Using OpenSSL

If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.

  • Check a Certificate Signing Request (CSR)
  • Check a private key
  • Check a certificate
  • Check a PKCS#12 file (.pfx or .p12)

HTTP: disabled connection for (xxx)

[Wed Nov 26 12:11:53.835820 2014] [proxy:error] [pid 25184:tid 139835276719872] AH00940: HTTP: disabled connection for (xxx)

That is because of SE Linux.

To fix it:

Or you can also set the security settings,

-> Go to Security Level configurations and Change Tab to SELinux

And modify SELinux policy Check

under HTTPD service