Category: Computer

Computer is miraculous!

Install a NextCloud server using old MacBook Pro

Posted on by Bian Xi Leave a Comment on Install a NextCloud server using old MacBook Pro

Install a NextCloud server using old MacBook Pro

The plan is to install ubuntu OS on MacBook Pro with core 2 due CPU, then install NextCloud as docker container.

Install Ubuntu Server

The installation had been done on MacBook Pro with iSCSI root partition.

Refer to Ubuntu with UEFI iSCSI root on x86_64 for details.

Install NextCloudPi docker

The NextCloudPi docker image has all necessary components to run NextCloud server, and it is easy for start up.

Steps

Installation

Run following command, IP is the IP address of the server itself.

docker run -d -p 4443:4443 -p 443:443 -p 80:80 -v /app/nc/data:/data --name nextcloudpi ownyourbits/nextcloudpi-x86 $IP

Activate

Access URL https://$IP:4443/, record two pair of user id and password

  • NextCloudPi web interface at port 4443
  • NextCloud at port 443

Update patches

Login to NextCloudPi web interface (port 4443), execute tasks under Updates.

Set Maintenance Mode off

If there was a failure, server went to maintenance mode, then update config/config.php accordingly.

'maintenance' => false,

Another method is using NextCloudPi web interface (port 4443), Tools -> nc-maintenance to disable.

Configure incoming access

Enable new trust domain

Add the newly registered domain name in NGINX and Let's Encrypt in config/config.php

'trusted_domains' =>
array (
  0 => '192.168.0.29',
  1 => 'cloud.example.com',
),

Another method is using NextCloudPi web interface (port 4443), config -> nc-trusted-domains to configure.

Clients' configuration

Using CalDAV to add account for Calendar and Contacts.
Install Password Manager App

Local by pass proxy

To by pass proxy, the internal DNS server needs to point the IP address of nextcloud server to internal server IP. For example, add alias for nextcloud server IP in dnsmasq host entry.

After that, needs to install same certificates in proxy into nextcloudpi server. There are quite number of answers in Internet, but none of them works.

End up, I changed the certificates used in apache2 configuration using following steps

Change Apache SSL certificate

References

NextCloudPi dockers for x86 and ARM
NextCloudPi docker for Raspberry Pi
How to get started with NCP docker
HowTo: Add a new trusted domain
Synchronizing with iOS
Synchronizing with macOS

BerryBoot on Raspberry Pi

Posted on by Bian Xi Leave a Comment on BerryBoot on Raspberry Pi

BerryBoot on Raspberry Pi

Raspberry Pi 2/3/4 requires SD card to be used for booting, which saves OS filesystems. There are some issues with SD card with OS boot.

  • Limited size
  • Hard to backup

I was thinking a solution to move root filesystem to iSCSI, but grub is not used in OS of Raspberry Pi. As the design of BerryBoot, it can install various OSes on iSCSI disk with multi-boot environment. So started testing it with Ubuntu OS.

Hardware

Although, BerryBoot declares supporting Raspberry Pi 1/2/3/4, I tried Pi 3B+, but very slow and hanging. End up used Pi 4 (8GB).

Boot up error

After installation completed, got following error. It is caused iSCSI LUN import requires time, at time of error reported, LUN had not detected by iSCSI driver.

iSCSI target does not have any partitions

The solution give is changing iscsi.sh file in boot partition (the SD card), adding loop for delay.

IP address and VNC

The BerryBoot interface used same IP as ubuntu OS, but it doesn't configure DNS. So after bootup, the ubuntu OS has no DNS setting, then manual update of file /etc/systemd/resolv.conf is required.

In order to remotely control BerryBoot, add following command to enable VNC. Then when booting error or like to select another OS, VNC viewer can be used to connect to BerryBoot.

Wired network headless installation

  • Append following at end of line in cmdline.txt (same line append)
... vncinstall ipv4=192.168.88.88/255.255.255.0/192.168.88.1

Wireless headless installation

  • Append following at end of line in cmdline.txt (same line append)
vncinstall ipv4=192.168.88.88/255.255.255.0/192.168.88.1/wlan0
  • Create a file called wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
ap_scan=1

network={
    ssid="ssid-of-accesspoint"
    psk="wpa-password"
}

Update error

The most important task is update, which includes package update and kernel update

Package update

It is quite smooth during update, but complaining /boot doesn't exist. I checked the OS structure, there is a /boot folder, with one kernel, and a filesystem /media/user_id/boot, which saves SD contents.

Kernel update

Kernel update was totally failed with following error

Can't find /boot/vmlinuz- (see /tmp/flash-kernel-no-kernel-error.log)

The solution given by other is removing two packages

sudo apt remove u-boot-rpi:arm64
sudo apt remove flash-kernel

Note: According to internet, BerryBoot uses its own kernel, meaning it can not be updated using package update command.

do-release-update

This is a very strange action I took. The OS I installed via BerryBoot is Ubuntu 20.10 Desktop, but the OS still can perform do-release-update to same version. The even more strange thing is, after I upgrade, it still appear as can perform do-release-update, then I spent another upgrade, another few hours upgrade, then it can fininally upgraded.

I think the package was not at the correct release stage, but don't know why got 980+ packages to upgrade after first run. Felt like perform exactly the same action once more.

The output of uname after patched ubuntu screen as below

  • BerryBoot ubuntu
root@camel:~# uname -a
Linux camel 5.10.43v64 #1 SMP PREEMPT Tue Jun 15 00:52:48 CEST 2021 aarch64 aarch64 aarch64 GNU/Linux
root@camel:~#
  • Normal ubuntu
root@ubuntupi:/usr/lib# uname -a
Linux ubuntupi 5.13.0-1009-raspi #10-Ubuntu SMP PREEMPT Mon Oct 25 13:58:43 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
root@ubuntupi:/usr/lib#

Filesystem structure

The BerryBoot ubuntu has different filesystem structure, the root filesystem is mapped to none, and no entry in /etc/fstab, I think the reason behind, is root filesystem is mounted via kernel, which is the iSCSI disk, and cannot be changed.

Output of df

root@camel:~# df
Filesystem     1K-blocks    Used Available Use% Mounted on
none            16646144 6422360   8396520  44% /
tmpfs            3957172       0   3957172   0% /dev/shm
tmpfs            1582872    1404   1581468   1% /run
tmpfs               5120       4      5116   1% /run/lock
tmpfs            3957172       0   3957172   0% /run/qemu
tmpfs             791432      72    791360   1% /run/user/126
tmpfs             791432      64    791368   1% /run/user/1000
root@camel:~#

Output of mount

root@camel:~# mount | grep -w /
none on / type overlay (rw,relatime,lowerdir=/mnt/shared:/squashfs,upperdir=/mnt/data/Ubuntu_20.10_Desktop.img192,workdir=/mnt/data/Ubuntu_20.10_Desktop.img192.work,redirect_dir=on)
root@camel:~#

The normal ubuntu installed has same structure of other distributions, using /etc/fstab for root filesystem as well. So the normal operations can be taken on root filesystem

Output of df

root@ubuntupi:/usr/lib# df
Filesystem     1K-blocks     Used Available Use% Mounted on
tmpfs             794548    12732    781816   2% /run
/dev/mmcblk0p2  30358480 24453720   4573672  85% /
tmpfs            3972736        0   3972736   0% /dev/shm
tmpfs               5120        4      5116   1% /run/lock
tmpfs            3972736        0   3972736   0% /run/qemu
tmpfs            3972736     8364   3964372   1% /var/log
tmpfs            3972736        8   3972728   1% /tmp
tmpfs            3972736        0   3972736   0% /var/tmp
/dev/mmcblk0p1    258095    97201    160894  38% /boot/firmware
tmpfs             794544       92    794452   1% /run/user/126
tmpfs             794544       84    794460   1% /run/user/1000
root@ubuntupi:/usr/lib#

Output of mount

root@ubuntupi:/usr/lib# mount | grep -w /
/dev/mmcblk0p2 on / type ext4 (rw,noatime,nobarrier)
root@ubuntupi:/usr/lib#

Pros

Following advantages over normal ubuntu

  • Root filesystem type can be selected during installation. (Normal ubuntu on Raspberry Pi can not)
  • The iSCSI module is loaded by default.
    Note: Recent update of my normal ubuntu caused iSCSI module missing issue.
  • OS multiboot

Cons

Duo to BerryBoot has different filesystem structure and kernel, some diffculties would be facing later.

  • Specific Kernel
    • No kernel upgrade can cause package incompatible, for example, docker was mentioned by others
    • Auto rebuild kernel is almost impossible
  • Filesystem
    • Unable to verify root filesystem, scrubbing wasn't allowed during my testing
    • Unable to know root filesystem type even mounted
    • Cannot increase root filesystem size easily

Conclusion

The way BerryBoot manage the system is highly customized, which might not be adapted anywhere else. The customization also leads system compatibility issues later, and migration, backup, restore, etc., cannot be implemented in common way. So there could be no future-proof for this implemenation.

Compare local boot partition solution, which only holds root partition on iSCSI, the advantage of BerryBoot is iSCSI dependency issue reduced and multiboot OS capability. But the root on iSCSI uses bootload, which reduced OS compatibility issue.

My decision is still use normal bootload way for future systems to achieve maintennance free system.

References

Headless installation
Problems with update/upgrade Ubuntu 20.10 on Raspberry pi 4 with SSD
Raspberry Pi iSCSI Root on Ubuntu 20.04
How to Dual Boot a Raspberry Pi Using BerryBoot
BerryBoot v2.0 - bootloader / universal operating system installer
Storing your files on a Synology NAS (using iSCSI)

Configure different target based on incoming domain in NGINX

Posted on by Bian Xi Leave a Comment on Configure different target based on incoming domain in NGINX

Configure different target based on incoming domain in NGINX

NGINX can divert incoming request to different server based on domain name given in browser.

Usage

If there are a few application, such as 192.168.1.1 for faq.example.com, 192.168.1.2 for www.example.com, etc.

Configuration

Following configuration can be used for diverting request for faq requests.

server {
    server_name  faq.example.com;

    # SSL configuration
    listen 443 ssl;

    ssl_certificate     conf.d/www.example.com.crt;
    ssl_certificate_key conf.d/www.example.com.key;

    location / {
        proxy_pass  'https://192.168.1.1:443';
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Proxy "";
    }

    client_max_body_size 64M;
}

server {
    listen       80;
    server_name  faq.example.com;

    return 301 https://$host$request_uri;
}

Application Stopped due to upstream unreachable

Posted on by Bian Xi Leave a Comment on Application Stopped due to upstream unreachable

Application Stopped due to upstream unreachable

During Chef Server troubleshooting time, found chef is unreachable from localhost

Description

  • Nginx was shown as started in chef-server-ctl status command, pid could be found
  • TCP port 443 was inaccessable from localhost.
  • Reboot server, but still the same issue
  • Used ps -ef | grep nginx, found nginx is running without indication of master
  • Run nginx command line which found in ps
  • Shows upstream server and port was not reachable, which is automate server

Result

  • Can not find IP address, then add IP and host into /etc/host file, result shows

    • NGINX running with master indicator
    • TCP port 443 was listening

  • Still can not reach upstream server

Consolution

The problem could be related to following issues caused application stopped due to no IP can be found for upstream servers.

  • Routing issue
  • Firewall issue

ROCKPro64 with SATA card

Posted on by Bian Xi Leave a Comment on ROCKPro64 with SATA card

ROCKPro64 with SATA card

ROCKPro64 is single board computer (SBC) equipped with a PCIe x4 open ended slot. I'm planing to replace my Buffalo NAS mother board, and reuse the Buffalo NAS case.

SATA card

According to compatibility list, ROCKPro64 supports 6 ports SATA card, Ziyituod SATA Card ASM 1062+1093 6-Port.

But I purchased one 10 ports SATA card, 10port 4x 1xJMB575 + 1xASM1166.

References

ROCKPro64 Hardware Accessory Compatibility
ROCKPro64

Synology vi modify file ACL unintentionally

Posted on by Bian Xi Leave a Comment on Synology vi modify file ACL unintentionally

Synology vi modify file ACL unintentionally

When using vi editor in Synology SSH session, the ACL changed upon saving. This causes issue for permission sensitive application, such as SSH.

Cause

The vi command creates a new file, and write new contents into that file, and the new file doesn't follow the ACL of original file.

Update ACL using GUI

If SSH is not available, for example, the permission authorized_keys changed, and only public key access was opened. If the file was shared, GUI is allowed to change ACL in user's home directory.

The ACL page can be accessed using following steps.

  • Login DSM webpage
  • Right click on the file
  • Select Properties
  • Click on Permission Tab

View ACL from command line

In Synology, use following command to check file ACL

/usr/syno/bin/synoacltool -get <PATH>

Remove ACL from command line

To remove ACL, using following command

/usr/syno/bin/synoacltool -del <PATH>

Edit ACL from command line

For example, remove @users group from usbshare1

/usr/syno/sbin/synoshare --setuser usbshare1 RW - "@users"

Other options

More options can be found using following command

/usr/syno/bin/synoacltool -h

References

Manage Windows ACL with Command Line Interface ?

Turn off iMac Display Only

Posted on by Bian Xi Leave a Comment on Turn off iMac Display Only

Turn off iMac Display Only

The iMac might not auto sleep sometimes, so what do you like to do before you go for quick snack? Turn off iMac display only. But there is not switch on monitor, luckily there are some ways to do.

Keyboard with Eject key

  • Control + Shift + Eject

Keyboard with Power key

  • Control + Shift + Power

Keyboard without Eject/Power

Go to login screen

  • Control + Command + Q

Then at the login screen

  • Escape

Keyboard with Touch Bar

Configure

  • Select System Preferences
  • Open Keyboard
  • Click Customize Control Strip...
  • Drag Screen Lock icon into the Touch Bar
  • Click Done.

Perform

Go to login screen

  • Tap the the Screen Lock icon on your Touch Bar

Then at the login screen

  • Escape to turn off the display immediately.

Mouse

Configure

  • Select System Preferences
  • Open Mission Control
  • Click Hot Corners
  • Choose Put Display to Sleep for one of the corner

Perform

  • Move your mouse to the corner configured

Terminal

Run the following command:

pmset displaysleepnow

References

[How to Turn Off Your Mac's Display Without Putting Your Computer to Sleep}(https://www.iclarified.com/76166/how-to-turn-off-your-macs-display-without-putting-your-computer-to-sleep)

Reconfigure iCloud in MacOS

Posted on by Bian Xi Leave a Comment on Reconfigure iCloud in MacOS

Reconfigure iCloud in MacOS

Many days headache was fixed this morning...

Story

The problem with iCloud on my newly installed MacOS, which is High Sierra, 10.13.6, out of support by Apple.

The machine was installed via Internet, and the MacOS was Mountain Lion, then upgraded to High Sierra, the lastest can be installed in this 2011 iMac.

Issue

When connecting to iCloud at beginning, the iCloud can not sync Keychains, it is quite an issue for me, because I need to register all credentials to this iMac separately.

Then I decided to reconfigure iCloud by re-login to iCloud again.

But iCloud could not be registered any more after logout, I thought it could be issue with my unsupported OS.

Symptom

The symptom was repeating asking for iCloud user and password, no matter which iCloud I like to use. In the email account list, the account is just appear in very short period, then closed immediately.

Fix

This morning I tried to send email, found out that I could not add iCloud account, I decided to search solution in Internet.

The solution works for delete all files related to iCloud and system configuration. It is works for my newly configured iMac, because I have nothing in it.

Steps

Run following commands in terminal

rm ~/Library/Application Support/iCloud
rm ~/Library/Preferences/com.apple.systempreferences.plist01
rm ~/Library/Keychains

Then reboot

sudo reboot

References

Mac Can’t Connect to iCloud? Here Are 7 Ways to Fix It