Protecting the Server
The server we are setting up needs to be protected. My goal
is to open as little as ports as possible. Specially, I would prefer that most services use http i.e. port 80 and
to be secure https (port 443).
To achieve this goal, we need a certificate proving that
our server is what it prenteds to be. This make be a big
mess with certifying authorities but fortunately, there
letsencrypt that provides 3-month long certificates but there are bots to renew them.
Requirement
Doing this require (1) a domain name, celled thereafter $DOMAIN and (2) to open port 80 of your box. With FreeBox,
we need to pass in full-stack mode (from the customer configuration page).
The configuration of the port retargetting:
- Destination IP: 192.$SERVER
- Source IP: all
- Protocol: TCP
- Port range: 80-80
- Port destination: 80
Setting up the certificate
First, we install the bot:
sudo apt install certbot python3-certbot-apache
And we can run it:
$ sudo certbot --apache -d $DOMAIN
It will install itself in the Apache 2 configuration files
Redirecting port 443
In orerto access your web pages at address: http://$DOMAIN, you have to redirect port 443 in your preferred box:
- Destination IP: 192.$SERVER
- Source IP: all
- Protocol: TCP
- Port range: 443-443
- Port destination: 443
Final Words
It is important that all this software is free (from freedom) but not free (for price). Peoples are implementing it and maintaining convenient websites as letsencrypt. From time to time, it could helpfull to donate to organization supporting them. In this case,
RaspberryPi storage
My Raspberry Pi 2 uses its SD-Card as main storage for the OS and the user data, usually called home directory. This won't be enough for the data I want to put (service web sites, PIM, saving, photos, movies, etc).
So I need another storage and I buy an external …
Read More
LDAP Server
After a long break, I come back to my home server with, finally,a working version of LDAP, tadam! It is so much complex, such a mess but I finally get a working version of my LDAP and I will explain now how.
All along the presentation below, I will …
Read More
Lists
This page is not really a page blog but provides miscellenaous lists that are useful to set up EHome.
The list of configuration files:
/etc/radicale/config -- PIM server/etc/systemd/system/radicale.service -- PIM server
The list of data directories and files:
/var/lib/radicale/collections -- PIM server/var …
Read More
Installing my PIM Server
Package installation
Radicale is a free Python-based PIM server. We need first to have Python 3.5 (at least) and PIP installed:
$ sudo apt install python3
$ sudo apt install pi
Then we can install Radicale:
$ pip install --upgrade radicale
Server side
We will install Radicale as a service. So we …
Read More
Opening Ehome to the World
Ok now it is time to open my EHome to the world: mainly to make a bridge between my Internet box (a FreeBox Revolution) and the internet. We have to:
- Install an HTTPD server on EHome.
- Redirect port from the Freebox to the port 80 of EHome.
- Publish some content …
Read More
Restarting my Raspberry Pi
This is the second version of this article after a long break ( Life is not a long quiet river ).
Ok, first I to give life back to my old Raspberry Pi 3B+.
I will use an image for Ubuntu Server 64-bit. Why? For a lot of reasons:
Read More
Birth of a Project
It's decided, I'm fed up with Google and equivalent commercial of emails and other PIMs (Personnal Info Managers). I need to share calendars, contacts, etc with my family and Google solution seemed to be promising. In fact, it perfectly worked for several years but, since one year, I encounter some …
Read More