Schlagwort: rpi

Installing RPis with MQTT in Home Assistant

Beitragsautor Von Gerhard Vogt
Beitragsdatum März 11, 2025
Keine Kommentare zu Installing RPis with MQTT in Home Assistant

To add RPis to the Home Assistant, we are installing on each RPi a Python script as a daemon that sends data via MQTT messages to the MQTT Broker installed on the Home Assistant.

Unfortunately, if your Home Assistant is also running on an RPi but based on HAOSS, you can not use that approach. Later more to that.

First, install the MQTT Integration on the Home Assistant.

Just make sure that the automatic detection of MQTT devices is still enabled.

Then go to System / Add-Ons / Mosquitto Broker. Make sure it’s started while booting.

Under Configuration, add a username and a password. The YAML Code looks like this:

logins:
  - username: username
    password: password
require_certificate: false
certfile: fullchain.pem
keyfile: privkey.pem
customize:
  active: false
  folder: mosquitto

Now, let’s go to the RPi that we want to control. We need to install the script there. This includes the daemon that sends the MQTT messages to the Home Assistant.

Perform all the steps mentioned in https://github.com/ironsheep/RPi-Reporter-MQTT2HA-Daemon/blob/master/README.md

In the config.ini file, configure at least the following parameters:

hostname = 192.xx.yyy.zz
sensor_name = rpi-5
username = MQTT-UserName
password = MQTT-Password

Ironsheep did a great job. Thank you very much!

As soon as everything is set up and you see the data in your Home Assistant, you can also use the custom card that ironsheep compiled.

https://github.com/ironsheep/lovelace-rpi-monitor-card

Further options can be configured based on https://thesmarthomejourney.com/2021/11/15/monitoring-raspberry-pi-with-ha/

Also very nice are the mini graph cards, checkout https://github.com/kalkih/mini-graph-card

If you have your Home Assistant running on an RPi you can setup Monitoring via that approach https://www.youtube.com/watch?v=WcmxI06TAuI&t=1696s

Schlagwörter MQTT, rpi

Software

Self-hosted Bitwarden Password Manager

Beitragsautor Von Gerhard Vogt
Beitragsdatum März 7, 2025
Keine Kommentare zu Self-hosted Bitwarden Password Manager

Another RPi application is a self-hosted Bitwarden Password Manager.

The advantages of that solution are:

You own your data, as it’s not in the cloud
Reduced risk that your passwords get stolen
Passwords are synced over all your devices

What you need is:

RPi
Docker installed
NPM Nginx Proxy Manager
Subdomain configured

I installed it based on the following setup guide: https://pimylifeup.com/raspberry-pi-bitwarden

Just make sure that you configure the container with the correct ports without the IP Address, like

sudo docker run -d --name bitwarden \
    --restart=always \
    -v /bw-data/:/data/ \
    -p 8080:80 \
    -p 3012:3012 \
    vaultwarden/server:latest

You need a domain configured at your DNS provider with a CNAME entry like

bitwarden.example.de

If you are using a Dynamic DNS Provider, route the traffic there.

It is also necessary to have SSL terminated, in this case, at the NPM Proxy Manager.

Configure the Proxy Host with the following parameter:

Details
IP: The IP Address of your server, e.g. 192.168.178.34
Forward Port: 8080
Block Common Exploits
Websockets Support

SSL
Force SSL
HTTP/2 Support
HSTS Enabled
HSTS Subdomains

Advanced
 location /admin {
  return 404;
  }

  location / {
    proxy_pass http://YOURIP:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
    proxy_pass http://YOURIP:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://YOURIP:8080;
  }

Refer also to https://vaultwarden.discourse.group/t/vaultwarden-and-nginx-proxy-manager/1307/17

Actually, we have installed vaultwarden now.

Now you should be able to set up a user and a vault.

Also consider setting up a backup solution, just take a look at

https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#examples and https://dizzytech.de/posts/backing_up_vaultwarden/

I’m using bruceforce with the following command:

docker run -d --restart=always --name vaultwarden-backup --volumes-from=bitwarden -e BACKUP_DIR=/myBackup -e TIMESTAMP=true -e DELETE_AFTER=30 -e TZ=CEST -v /bw-data/myBackup:/myBackup bruceforce/vaultwarden-backup

You should also accompany this with backing up the files on at least two different physical devices, either via rsync or FTP or rclone, best running via a cron job.

Restore

There is no automated restore process to prevent accidental data loss. So if you need to restore a backup, you need to do this manually by following the steps below (assuming your backups are located at ./backup/ and your vaultwarden data is located at /var/lib/docker/volumes/vaultwarden/_data/)

# Delete any existing sqlite3 files
rm /var/lib/docker/volumes/vaultwarden/_data/db.sqlite3*

# Extract the archive
# You may need to install xz first
tar -xJvf ./backup/data.tar.xz -C /var/lib/docker/volumes/vaultwarden/_data/

Schlagwörter Password, rpi

Software

WireGuard VPN

Wow, how easy is it to set up a WireGuard VPN with the Raspberry Pi!

I can now cover the following use cases:

Access all the devices of my local network (router, RPis, drives, etc.) from abroad
Access German streaming services like ARD, ZDF, … from abroad

Getting there was not so easy. First, I had the idea of using the FritzBox’s VPN. But it turned out that the FritzBox only supports IPSec, and Android bigger than V11 does not support that. So, I decided to go for another solution.

I also had an RPi4 lying around after I had upgraded my website to the RPi5.

So I installed the Raspberry PI OS (64-BIT) on the RPi4.

State-of-the-art installations are based on docker.

So, I was installing docker and docker-compose.

Everything is based on https://pimylifeup.com/wireguard-docker/
(Many thanks!)

Setting up the clients was also super easy.

On the mobile, I did it with a QR scan; on the laptop, I was exporting the config.

The advantages of this docker container/image are:

Managing the Clients via a GUI including QR Code
Gateway configured for accessing the Internet via your router

Schlagwörter rpi, VPN

Blog Software

Mail for the WordPress Docker setup

Beitragsautor Von Gerhard Vogt
Beitragsdatum August 21, 2024
Keine Kommentare zu Mail for the WordPress Docker setup

After setting up the docker containers for WordPress and the NGINX Proxy Manager I still had one open issue: Sending mail was not possible. So I was looking for a solution to set up mail for the WordPress Docker setup.

I had the following options in mind:

Setting up a separate docker container with an e-mail server. More or less I just needed a so-called Smarthost, that takes sent-out e-mails from any docker container and forwards them to my e-mail provider, Gmail. I struggled to find a proper, small image of a mail server running on an RPi for a long time. Then open the ports of the WordPress containers and send the e-mail from the WordPress containers to the container with the Smarthost Mail server. Nevertheless, you must install any kind of mailer within the container to handle the mail() call coming from WordPress.
Set up an email server on the host (I used exim4) and let all Docker containers send their e-mails to the host, which will then be forwarded to the real e-mail provider by exim4. Still, you must install any kind of mailer within the container to handle the mail() call coming from WordPress. There were the following sub steps necessary:
- Install and configure exim4
- Setup 2 factor authentication at Google
- Create an App Password for TLS usage
- Make the Let’s encrypt credentials accessible for exim4
- Setup the docker bridge connecting the host
Setting up a WordPress Plugin, connecting via SMTP to the e-mail provider.

The variants 1 & 2 generated so many problems during the setup, that I finally decided to go with variant #3. This was set up in 30 minutes only!

For this SMTP service, I’m using the plugin WP Mail SMTP.

Schlagwörter 3, Docker, rpi, Wordpress

Blog Software

Setting up a WordPress staging system with docker

Beitragsautor Von Gerhard Vogt
Beitragsdatum Juni 3, 2024
Keine Kommentare zu Setting up a WordPress staging system with docker

I wanted a WordPress staging system to play around with new plugins, new WordPress versions, and PHP versions.

The primary goals of my mini-project were:

Have a staging system for WordPress available for testing new WordPress versions and Plugins
Enhance the Performance of the actual WordPress Blog

How can we do it?

Here is a network diagram of the current system setup.

OK, the ideas were quite clear. Now we need a migration plan. And this looks like that:

Install Raspian on the RPi5 SSD, with the Raspberry Pi imager
Install docker and Portainer on the RPi5, based on the Heise description
Install the following docker containers via „docker compose“
1. Nginx Reverse Proxy
2. Maria DB for WordPress Staging
3. WordPress Staging
4. Maria DB for WordPress Production
5. WordPress Production
6. (Setting up Home Assistant also as a docker container is not a good idea as we lose the functionality of Add-Ons)
With the current live system I’m doing a regular backup via Updraft, so let’s import these backups into the two WordPress instances
At the DNS provider define the new subdomains and route them also to the Dynamic DNS provider
Configure the NPM (Nginx Proxy Manager) with these domains and define the forwarding to the different instances
1. Setup SSL via Let’s encrypt
2. Add also the local Home Assistant server/Port as the target
Reconfigure the port forwarding of the router to the NPM
Shutdown the old RPi4

So, let’s dive a little bit deeper into the different steps.

Configure the new RPi5 hardware and software

OK, let’s get the first new hardware, which means the new high-performance RPi5.

It took some time to be available on the market and the announced performance numbers looked promising.

As the power supply is quite strong I attached directly a SSD drive to the USB3 port.

So no need anymore for a USB hub!

Installing the latest Rasbian operating system on the SSD was pretty easy using the Raspian Imager.

I also configured the SSH access for it, of course.

So, how are we going further?

Install docker on the RPi5

As I wanted to run a WordPress life system and a WordPress staging system in my local network, I thought it would be a good idea to go with:

Docker to run multiple images/containers
Nginx Reverse Proxy to manage/route the traffic to/from these containers to the outside world

Install the docker containers

Setup a docker network manually

docker network create dockerwp

Create a directory for wp_prod, wp_staging, nginx
Define a file for common parameters used as anonymized volumes in the docker containers
Create docker-compose.yml for the Nginx Proxy

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP

    # Uncomment the next line if you uncomment anything in the section
    # environment:
      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"

      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'

    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

networks:
  dockerwp:
    external: true

Create docker-compose.yml for the MariaDB and the WordPress container (one for the staging and one for the production system)

services:
  mysqldb0:
    image: mariadb:11.3.2
    container_name: prod_db
    environment:
      MARIADB_ROOT_PASSWORD: "secret"
      MARIADB_DATABASE: "wordpress"
      MARIADB_USER: "wordpress"
      MARIADB_PASSWORD: "secret"
    volumes:
      - 'mysqldb0:/var/lib/mysql'
    restart: always
    networks:
      -  mysqldb0


  wordpress0:
    image: wordpress:6.5.3
    container_name: prod_wp
    environment:
      WORDPRESS_DB_HOST: "mysqldb0"
      WORDPRESS_DB_USER: "wordpress"
      WORDPRESS_DB_PASSWORD: "secret"
      WORDPRESS_DB_NAME: "wordpress"
      WORDPRESS_CONFIG_EXTRA: |
        define('AUTOMATIC_UPDATER_DISABLED', true);

   volumes:
      - 'wordpress0:/var/www/html/wp-content'
      - '../uploads.ini:/usr/local/etc/php/conf.d/uploads.ini'
    restart: always
    ports:
      - "8001:80"
    depends_on:
      - mysqldb0
    networks:
      - mysqldb0
      - dockerwp

volumes:
  mysqldb0:
  wordpress0:

networks:
  mysqldb0:
    internal: true
  dockerwp:
    external: true

Setup the WordPress content

As I backed up the WordPress blog site with updraft, we are restoring the backup to the new WordPress staging and WordPress production system, respectively.

Configure the Sub-Domains

Go to your DNS provider and configure the new Sub-domains with a CNAME entry.

If you have a dynamic IP address, route the Sub-Domain entries to the same Dynamic DNS entry of your DynDNS Provider.

Configure the NPM

Define the target of the routing for all the Sub-Domains, e.g. the Ports of your WordPress containers.

Let the Sub-Domain for the Home Assistant point to the separate HA RPi3.

Add the SSL certificates from Let’s Encrypt.

Additional configuration for the Home Assistant

We must add the following configuration steps to make the Home Assistant run with an external Sub Domain, based on ademalidurmus.

1.) At the NPM, enter the following entry in the advanced config for the Home Assistant Host.

location / {
        proxy_pass              http://10.0.0.5:8123;
        proxy_set_header        Host            $host;
        proxy_redirect          http://         https://;
        proxy_set_header        Authorization   $http_authorization;
        proxy_pass_header       Authorization;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection “upgrade”;
 }

In the Home Assistant configuration.yml file add:

http:
  cors_allowed_origins:
    - https://public.domain.tld # my public domain
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.0.0.3 # nginx proxy manager internal IP adress

At the „Home Assistant URL“ page enter:

Internet: [External Domain]
Local network: [Internal IP]:8123

Reconfigure the Port forwarding at your router

The Ports 80 for HTTP and 443 for HTTPS must now be reconfigured to forward the traffic from these two ports to the NPM.

Here is the network diagram of the new setup.

Let’s now check our goals from the beginning. Did we reach them?

Have a staging system for WordPress available for testing new versions and Plugins: Available
Enhance Performance of the actual WordPress Blog: Super fast!