Kategorie: Software

Nextcloud Memories

Nextcloud Memories is an excellent alternative to Google Photos. It is hosted on your own cloud, where you really own your data.

You can cover the following use cases:

Store the pictures in your own cloud
Upload new pictures automatically from your mobile phone into your Nextcloud
Create Albums
Share photos with users or the public
Embed Photos or Albums in your blog
Edit Photos on the mobile or Server via ImageMagick

Also, be aware that Google is using the content of your photos to target you with specific advertisements based on that content.

Just make sure that you have all the prerequisites for Memories installed.

If you are running your Nextcloud Memories on a small server, make sure to adapt some settings for creating smaller preview images, best already before you watch them.

Make sure also that the cron job for creating the preview images is running.

The PHP Imagick extension can be installed based on https://cyberpanel.net/blog/how-to-install-imagick-php-on-linux

If you are running multiple PHP versions on your server, make sure that you are installing the package for the PHP version you are running Nextcloud, and also that you are enabling the PHP module for the correct version via

phpenmod -v 8.3 imagick

Schlagwörter Nextcloud, php, rpi

Software

Nextcloud with an RPi

Beitragsautor Von Gerhard Vogt
Beitragsdatum März 26, 2025
Keine Kommentare zu Nextcloud with an RPi

To complete my home network, I installed Nextcloud with an RPi.

The bigger vision is to get independent of the big companies, specifically from the US companies.

Let’s see which services I will provide with my own cloud, options are:

Files
Contacts
Calendar
Photos

It’s quite easy to use a package specifically built for the RPi called Nextcloudpi.

However, it does not run in a docker container, as the providers stopped creating an image. On the other hand, you can adjust much more on the LAMP system itself.

I just followed https://help.nextcloud.com/t/raspberry-pi-4-booting-from-usb-device-no-microsd/126320 and https://help.nextcloud.com/t/how-to-access-nextcloudpi-first-time-activation/126309 for the setup.

After that, everything was running locally already.

It became tricky with accessing the nextcloud server from outside my local network, as I had to configure the Reverse Proxy (NPM) accordingly.

The prerequisite is that you have configured a domain and routed that to the Dynamic DNS server.

At the NPM side the configuration looks like that:

Proxy Host:

Scheme: http
Cache Assets: On
Block Common Exploits: On
Websockets Support: On

SSL Certificate:

Force SSL: On
HTTP/2 Support: On
HSTS Enabled: On
HSTS Subdomains: Off

Advanced:

location / {
    proxy_pass http://yourIP_of_the_Nextcloud;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

location /.well-known/carddav {
    return 301 $scheme://$host/remote.php/dav;
}

location /.well-known/caldav {
    return 301 $scheme://$host/remote.php/dav;
}

location ^~ /.well-known {
    return 301 $scheme://$host/index.php$uri;
}
proxy_hide_header Upgrade;

At nextcloudpi configure the following parameters:

nc-trusted-domains
nc-trusted-proxies

Very important is also to switch off the Force SSL at the Nextcloudpi configuration!

This means we are now terminating the SSL at the Reverse Proxy (NPM), as usual. The communication between the Reverse Proxy and the Nextcloud server runs via http.

Schlagwörter Nextcloud

Software

Installing RPis with MQTT in Home Assistant

Beitragsautor Von Gerhard Vogt
Beitragsdatum März 11, 2025
Keine Kommentare zu Installing RPis with MQTT in Home Assistant

To add RPis to the Home Assistant, we are installing on each RPi a Python script as a daemon that sends data via MQTT messages to the MQTT Broker installed on the Home Assistant.

Unfortunately, if your Home Assistant is also running on an RPi but based on HAOSS, you can not use that approach. Later more to that.

First, install the MQTT Integration on the Home Assistant.

Just make sure that the automatic detection of MQTT devices is still enabled.

Then go to System / Add-Ons / Mosquitto Broker. Make sure it’s started while booting.

Under Configuration, add a username and a password. The YAML Code looks like this:

logins:
  - username: username
    password: password
require_certificate: false
certfile: fullchain.pem
keyfile: privkey.pem
customize:
  active: false
  folder: mosquitto

Now, let’s go to the RPi that we want to control. We need to install the script there. This includes the daemon that sends the MQTT messages to the Home Assistant.

Perform all the steps mentioned in https://github.com/ironsheep/RPi-Reporter-MQTT2HA-Daemon/blob/master/README.md

In the config.ini file, configure at least the following parameters:

hostname = 192.xx.yyy.zz
sensor_name = rpi-5
username = MQTT-UserName
password = MQTT-Password

Ironsheep did a great job. Thank you very much!

As soon as everything is set up and you see the data in your Home Assistant, you can also use the custom card that ironsheep compiled.

https://github.com/ironsheep/lovelace-rpi-monitor-card

Further options can be configured based on https://thesmarthomejourney.com/2021/11/15/monitoring-raspberry-pi-with-ha/

Also very nice are the mini graph cards, checkout https://github.com/kalkih/mini-graph-card

If you have your Home Assistant running on an RPi you can setup Monitoring via that approach https://www.youtube.com/watch?v=WcmxI06TAuI&t=1696s

Schlagwörter MQTT, rpi

Software

Self-hosted Bitwarden Password Manager

Beitragsautor Von Gerhard Vogt
Beitragsdatum März 7, 2025
Keine Kommentare zu Self-hosted Bitwarden Password Manager

Another RPi application is a self-hosted Bitwarden Password Manager.

The advantages of that solution are:

You own your data, as it’s not in the cloud
Reduced risk that your passwords get stolen
Passwords are synced over all your devices

What you need is:

RPi
Docker installed
NPM Nginx Proxy Manager
Subdomain configured

I installed it based on the following setup guide: https://pimylifeup.com/raspberry-pi-bitwarden

Just make sure that you configure the container with the correct ports without the IP Address, like

sudo docker run -d --name bitwarden \
    --restart=always \
    -v /bw-data/:/data/ \
    -p 8080:80 \
    -p 3012:3012 \
    vaultwarden/server:latest

You need a domain configured at your DNS provider with a CNAME entry like

bitwarden.example.de

If you are using a Dynamic DNS Provider, route the traffic there.

It is also necessary to have SSL terminated, in this case, at the NPM Proxy Manager.

Configure the Proxy Host with the following parameter:

Details
IP: The IP Address of your server, e.g. 192.168.178.34
Forward Port: 8080
Block Common Exploits
Websockets Support

SSL
Force SSL
HTTP/2 Support
HSTS Enabled
HSTS Subdomains

Advanced
 location /admin {
  return 404;
  }

  location / {
    proxy_pass http://YOURIP:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
    proxy_pass http://YOURIP:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://YOURIP:8080;
  }

Refer also to https://vaultwarden.discourse.group/t/vaultwarden-and-nginx-proxy-manager/1307/17

Actually, we have installed vaultwarden now.

Now you should be able to set up a user and a vault.

Also consider setting up a backup solution, just take a look at

https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#examples and https://dizzytech.de/posts/backing_up_vaultwarden/

I’m using bruceforce with the following command:

docker run -d --restart=always --name vaultwarden-backup --volumes-from=bitwarden -e BACKUP_DIR=/myBackup -e TIMESTAMP=true -e DELETE_AFTER=30 -e TZ=CEST -v /bw-data/myBackup:/myBackup bruceforce/vaultwarden-backup

You should also accompany this with backing up the files on at least two different physical devices, either via rsync or FTP or rclone, best running via a cron job.

Restore

There is no automated restore process to prevent accidental data loss. So if you need to restore a backup, you need to do this manually by following the steps below (assuming your backups are located at ./backup/ and your vaultwarden data is located at /var/lib/docker/volumes/vaultwarden/_data/)

# Delete any existing sqlite3 files
rm /var/lib/docker/volumes/vaultwarden/_data/db.sqlite3*

# Extract the archive
# You may need to install xz first
tar -xJvf ./backup/data.tar.xz -C /var/lib/docker/volumes/vaultwarden/_data/

Schlagwörter Password, rpi

Software

WireGuard VPN

Wow, how easy is it to set up a WireGuard VPN with the Raspberry Pi!

I can now cover the following use cases:

Access all the devices of my local network (router, RPis, drives, etc.) from abroad
Access German streaming services like ARD, ZDF, … from abroad

Getting there was not so easy. First, I had the idea of using the FritzBox’s VPN. But it turned out that the FritzBox only supports IPSec, and Android bigger than V11 does not support that. So, I decided to go for another solution.

I also had an RPi4 lying around after I had upgraded my website to the RPi5.

So I installed the Raspberry PI OS (64-BIT) on the RPi4.

State-of-the-art installations are based on docker.

So, I was installing docker and docker-compose.

Everything is based on https://pimylifeup.com/wireguard-docker/
(Many thanks!)