Backup All-Inkl Webserver via SSH (Files and database)

Login to the user you want to use for backing up at target system (in my case backupnc):
Change to its home ~ folder.

Generate SSH Private/Public Key:
ssh-keygen -t rsa -b 4096

(Find public key in ~/.ssh/id_rsa.pub)

Copy public Key into All-Inkl KAS:
see step 5 here: https://all-inkl.com/wichtig/anleitungen/kas/ssh/dateiverwaltung/verbindung-mit-terminal-auf-mac-aufbauen-public-key-verfahren_432.html

Connect manually and accept servers signature:
ssh remoteuser@remotehost -i /home/backupnc/.ssh/id_rsa

Bash Script with daily cron:

# Database
ssh user@webserver -i /home/backupnc/.ssh/id_rsa -v 'mysqldump DATABASE -uUSER -pPASSWORD > /www/htdocs/w123/backup-database/database.sql'

rsync -avztP --delete user@webserver:/www/htdocs/w123/backup-database/ -e "ssh -i /home/backupnc/.ssh/id_rsa" /mnt/net/smb/backupnc/database/

# Files
rsync -avztP --delete user@webserver:/www/htdocs/w123/www/ -e "ssh -i /home/backupnc/.ssh/id_rsa" /mnt/net/smb/backupnc/www/ --exclude ".DS_Store" --exclude "@eaDir" --exclude ".apdisk"

Advertisements

OpenVPN on QNAP TS-251 VM Debian

Virtual net Interface is ens3

https://www.df.eu/de/support/df-faq/cloudserver/anleitungen/openvpn-server-installieren-debian-ubuntu/

plus

nano /etc/openvpn/server.conf
dev tun
proto tcp6-server
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/client1.crt
key /etc/openvpn/easy-rsa/keys/client1.key
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
#client-to-client
push "redirect-gateway def1 bypass-dhcp"
push "route 10.8.0.0 255.255.255.0"
push "route 0.0.0.0 0.0.0.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
duplicate-cn
keepalive 10 120
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
script-security 2

#--client-connect /usr/local/bin/openvpn_connect.sh

nano /etc/sysctl.conf
net.ipv4.ip_forward=1

apt-get install iptables-persistent
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
iptables-save > /etc/iptables/rules.v4

Tablet Photo Frame with FTP Sync and Automated Start&Stop

I was searching for a Photo Frame to be placed at the grandparents of my little daughter with the following features:

  • Synchronisation with a FTP server to allow remote update of photos
  • Automated stop in the evening and start in the morning to prevent the photo frame from illuminating the room

As I could not find a turnkey solution I deceided to build it on my own based on an old Samsung Galaxy Tab 3 8.0 (T310). Note: The tablet needs to be rooted to allow automated stopping of the photo frame in the evening.

Step 1: FTP Synchronisation

  • Create FTP server login (I used my hosted webspace to create a ftp subaccount)
  • Create local folder for pictures on tablet (e.g. /sdcard/fotos_bilderrahmen)
  • Install FolderSync lite app (Play Store)
  • In FolderSync create “Account” using your FTP login data
  • In FolderSync create “Folderpair”. Select the FTP-Account and the local folder. Define scheduling e.g. hourly, activate deleting files on local side if deleted on server.

Step 2: Photo Frame app

  • Install Photo Frame app Premium (Play Store)
  • Start app and configure (e.g. refresh folder content e.g. 15min, orientation, transition between photos, …)
  • Select local photo folder (SD) and create startpage shortcut to start photoshow directly from this folder (use button top right)

Step 3: Automate start and stop of photo frame app

  • Install Automate app (Play Store)
  • Start app and activate app start after boot (in app properties)
  • Create new flow (see screenshots, take care on values for app start block)

    Step 4: Integrate in wooden photo frame

    • Fix tablet with double sided mirror tape (e.g. Tesa)
    • Glue additional wooden spacers to stabilize
    • Optional: Order (or DIY) taylored passepartout (e.g. art&more)

    Jdownloader Seedbox on Debian vServer

    The last ~1 year, I used my Raspi to run Jdownloader in headless mode (see post) and store/extract files on my local NAS.
    As I wanted to have high bandwith access to that files from several locations, I deceided to set up a private server with some storage and access via CIFS/FTPS/SFTP/Webdavs for Kodi.
    I figured out a hosting provider which offers a vServer monthly for about 5€ and additional storage for about 6€ (for 500GB). This storage can be accessed internally as well as externally via CIFS/FTPS/SFTP/Webdavs, which makes it very easy for me, because I do not need to care about setting up external access to the storage via the vServer.
    All I had to to do is to set up JDownloader headless on the Debian minimal and to mount the storage (I am using CIFS):

    Based on:
    https://kaistech.wordpress.com/2016/01/31/jdownloader-headless-on-raspberry-pi/
    https://misterunknown.de/blog/2016/05/jdownloader-headless-auf-debian-ubuntu-server-installieren.html

    Login as root

    mkdir /home/jd
    useradd -g users -d /home/jd -s /bin/bash jd
    chown -hvR jd /home/jd

    apt-get install openjdk-7-jre-headless

    su jd
    mkdir /home/jd/jdownloader
    cd /home/jd/jdownloader
    wget http://installer.jdownloader.org/JDownloader.jar
    java -jar JDownloader.jar
    reboot

    su jd
    cd /home/jd/jdownloader
    java -jar JDownloader.jar
    (then press y to enter MyJdownloader Logins)
    Exit with Strg-C

    Exit su jd with “exit” (now you are root again)

    touch /home/jd/jdownloader/JDownloader.pid
    nano /etc/init.d/jdownloader
    (insert from: https://gist.github.com/WtfJoke/45796a5cfb0e746c84eb0d5b4650e11c)

    #! /bin/sh
    ### BEGIN INIT INFO
    # Provides: JDownloader2
    # Required-Start: networking
    # Required-Stop:
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: JDownloader2 server daemon
    # Description: JDownloader2 server daemon
    ### END INIT INFO
    
    DIR="/home/jd/jdownloader"
    PIDFILE="$DIR/JDownloader.pid"
    JAVA="/usr/bin/java"
    PARAM="-Djava.awt.headless=true -jar $DIR/JDownloader.jar"
    USER="jd"
    
    start_daemon () {
    start-stop-daemon --start --background --oknodo --chuid $USER --make-pidfile --pidfile $PIDFILE --exec $JAVA -- $PARAM
    }
    
    stop_daemon () {
    start-stop-daemon --stop --pidfile $PIDFILE
    }
    
    # Switch case
    case "$1" in
    start)
    # On start
    echo "Start JDownloader"
    start_daemon
    ;;
    
    stop)
    # On stop
    echo "Stop JDownloader"
    stop_daemon
    ;;
    
    restart)
    # On restart
    echo "Restart JDownloader"
    start_daemon
    stop_daemon
    ;;
    *)
    # Default action
    echo "(start|stop|restart)"
    ;;
    esac
    
    exit 0
    

    chmod 755 /etc/init.d/jdownloader
    systemctl daemon-reload
    systemctl enable jdownloader
    reboot

    Storage connected with CIFS like this: https://anteru.net/blog/2014/09/20/2480/

    Login as root

    apt-get install autofs cifs-utils

    For safety reasons disable some server services which came with autofs and cifs-utils:
    systemctl disable rpcbind
    (portmapper server which came with autofs)
    systemctl disable smbd
    (SAMBA server which came with cifs-utils)
    systemctl disable nmbd
    (Netbios server which came with cifs-utils)
    reboot

    check with “netstat -tuplen”
    it should only show sshd listening on port 22 (IPv4 and IPv6), dhclient and systemd-timesyn.

    mkdir /mnt/net
    mkdir /mnt/net/smb
    nano /etc/auto.master
    -> insert: /mnt/net/smb /etc/auto.cifs-shares
    su jd
    nano /home/jd/.smbcredentials
    -> insert:
    username=
    password=

    exit

    find id for user jd
    cut -d: -f1,3 /etc/passwd
    -> e.g. id=1000

    nano /etc/auto.cifs-shares
    -> insert: storage -fstype=cifs,rw,credentials=/home/jd/.smbcredentials,uid=1000 ://cifspathtoyourstorage/subfolder

    service autofs restart

    su jd
    cd /mnt/net/smb/storage
    touch test.txt

    change JDownloader path via MyJdownloader to /mnt/net/smb/storage

    In Expert settings change MyJDownloaderSettings: Direct Connect Mode to “Disable direct connections” (this will change Jdownloader not to open a public tcp port on your server!).

    Set up IPv4 to IPv6 portforwarder on vServer

    To be used of you are behind a DS-Lite Cable/DSL-Connection and only have a fixed IPV6 (and a floating NATed IPv4).
    Same service like offered by Universal Portmapper from e.g. feste-ip.net

    Login as root
    apt-get install 6tunnel

    e.g. for OpenVPN running on remote host
    6tunnel localport remotehost remoteport
    6tunnel 1194 homeserver.remote 1194
    or
    6tunnel 10000 homeserver.remote 1194

    Show running processes of 6tunnel
    ps aux | grep 6tunnel

    Create bootup-start/stop-script:
    nano /etc/init.d/6tunnel
    Insert:

    #! /bin/sh
    ### BEGIN INIT INFO
    # Provides: 6tunnel
    # Required-Start: networking
    # Required-Stop:
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: 6tunnel server daemon
    # Description: 6tunnel server daemon
    ### END INIT INFO

    PARAM="/usr/bin/6tunnel 10000 homeserver.remote 1194"
    USER="root"

    start_daemon () {
    start-stop-daemon --start --background --oknodo --chuid $USER --exec $PARAM
    }

    stop_daemon () {
    start-stop-daemon --stop --name 6tunnel
    }

    # Switch case
    case "$1" in
    start)
    # On start
    echo "Start 6tunnel"
    start_daemon
    ;;

    stop)
    # On stop
    echo "Stop 6tunnel"
    stop_daemon
    ;;

    restart)
    # On restart
    echo "Restart 6tunnel"
    start_daemon
    stop_daemon
    ;;
    *)
    # Default action
    echo "(start|stop|restart)"
    ;;
    esac

    exit 0

    chmod +x /etc/init.d/6tunnel

    Test with:
    /etc/init.d/6tunnel start
    netstat -tulpen
    /etc/init.d/6tunnel stop

    systemctl daemon-reload
    systemctl enable 6tunnel

    OpenVPN on Unitymedia DS-Lite Cable DSL

    Install OpenVPN on Raspi and create Login-Certificate for 1 User (Client1)

    http://www.feste-ip.net/fip-box/basic/fip-box-vpn/
    (https://jankarres.de/2013/05/raspberry-pi-openvpn-vpn-server-installieren/)

    Install required packages and upgrade system based on bash-script from feste-ip.net
    (optional: modify sh-Script for your own demands)

    sudo su
    cd /tmp
    wget http://www.portmapper.de/fipbox/fipboxvpn.sh
    bash fipboxvpn.sh

    Enable DynDNS for IPv6 (because prefix will change every few days)

    http://blog.belodedenko.me/2013/07/dynamic-ipv6-updates-using-ddclient-for.html

    Open Firewall of Raspi IPv6 for Port 1197

    Enable IPv4->IPv6 Port Forwarding using feste-ip-net and DynDNS Host

    http://www.feste-ip.net/dslite-ipv6-portmapper/universelle-portmapper/

    Calling a HTTP url from FHEM to trigger action

    I need to call HTTP urls from FHEM for several things, like firing IR signals to my TV (see my post: https://kaistech.wordpress.com/2016/10/09/wifi-infrared-ir-remote-extension-using-esp8266/ ).
    As far as I know, FHEM currently does not have a way to do this easily (HTTPMOD seems to be a bit too complicated for that).

    My solution is based on a simple PERL script which is called directly from FHEM:

    Script /home/pi/irhttp.pl:

    #!/usr/bin/perl -w

    use warnings;
    use strict;
    use Time::HiRes qw/time usleep/;
    use Socket qw(:all);
    use POSIX ":sys_wait_h";

    use LWP::Simple;

    #print $ARGV[0];
    #print "\n";

    my $url = 'http://192.168.2.114/ir?code=';
    $url .= $ARGV[0];

    my $content = get($url);
    die "Can't GET $url" if (! defined $content);

    Then make it executable: sudo chmod +x /home/pi/irhttp.pl

    Now you can call it from FHEM e.g. from a DOIF like this:

    define DOIF_Dummy_WohnzimmerTVMode DOIF ([Dummy_WohnzimmerTVMode]) ({system ("/home/pi/irhttp.pl 50153655 &")})

    Note: Here I pass the a argument to the Perl script which is attached to the URL.