So … full disclosure, on another blog I published a white paper about how your Raspberry Pi is a poor choice as a home security “hub”. Mostly because companies making you pay a lot are using these fab little computers to deliver something that … is all to easy to hack. On the other hand – I recommend you to buy a Raspberry Pi 3b+ or 4 or anything … and make something. So here is my guide to what has been a frustrating but eventually rewarding journey attempting to make something useful with an RPi.
Advice (1): its very easy to make something useful of an RPi if you manage your expectations. More often than not we go for the “wow its a cheap computer” and we want to use it … as a computer. Web browser, videos and so on – which you can but … unless its the absolute latest one and I haven’t got one of those RPi4 yet …well its going to be slow, frustrating and probably crashy. Oh, i’m sorry I am a realist, but there is a light at the end of the tunnel.
Advice (2): if you do want to go RPi project making, learning etc find my links on the “RPi4 or RPi3b+” leading to Canakit products and save yourself a lot of bother by getting a full kit from the get go … otherwise maybe you’ll feel you saved money but you’ll be massively delayed by all the various dramas and shopping searches that ensue after you realize you need all these other parts. You can do without the kit but its a lot of risk of damaging your RPi … or crashing due to bad power, wearing out weak plug points. Make sure you add on an HDMI cable at least … there are bigger kits too for real builders and educational use
Flashback to 2012
My first experience was the early day Raspberry Pi model B which I pre-ordered – just so I could show off a tiny computer. I was already building ever smaller computers, servers, firewalls but … well this was cheap and small. I was hooked but I had no illusions it would be for serious computing – at least back then. Sometime in May-June 2012 I got mine. The original concept seems to go back 6 years before then – so someone was at it for a very long time. The idea of this product was to get a computer into more peoples hands be it for children or low income earners so they could … learn programming. Much like the One Laptop Per Child project but from more of a minimal price hardware than engineered for children specifically.
Flash forward to 2019 – RPi is pissing off business world by enabling new IOT projects
Last year I did an extensive testing of RPi 3b+ as a media player and I did make it work, had great times. Also had some very suspect times … where it seemed to be hacked … but thats what you get when you are downloading from strange “repositories” of dodgy code. That is the Kodi media center track and OpenElec is another path. Basically I had moved to my new home, with my new wife and I only had a laptop. I was doing RPi research and so I was doing that thing where you are all positive. Downloading all kinds of things.
First stop – an image of a system – an image writing utility.
You get yourself an image, a memory card … you might buy a bundle that has a power adapter, memory card and the “Pi” as we end up calling them. Then you play and typically I want to try a few OS or just start again if things go wrong … so after looking at Raspian OS for a bit and how shitty it was if you opened youtube.com. You may already be satisfied with the basic OS and leave it be. The Raspberry Pi website will guide you through the basics but know that there are alternatives to win32diskimager. You can make a lot of OS bootable from a memory card or USBdrive with Rufus so don’t feel like there is only one tool. Google is your friend.
Second Stop – NOOBS
There is a NOOBs of image loader that lets you have a whole selection of OS installs on one memory card, delete, reload, add, remove – choose which one is first boot choice … and a few options to fix the settings so your mouse or LAN connection fire up. I found this website excellent for distributing “berry boot” images. https://berryboot.alexgoldcheidt.com/images/
That was where I went through and of course there is one excellent distribution called Kali for ethical hacking, security testing and training. If you want to learn admin that’s an excellent place to start. So I had Kali and Kodi and Raspian on a 32gb microSD memory card. Kodi I had several versions and even within Kodi you can add a lot of software via repositories and go into the sketchy world of alternative video access. However, honestly there are boxes designed for running things like Kodi but they will often be branded as Android box … and I can’t guarantee anything … but you’ll want more RAM. I think the RPi4 will probably be far better for Kodi/OpenElec media center with 2-4gb RAM. The 1gb RAM on the 3b range – it works, until you install a bunch of add-ons and then things start to make you realize people tune Kodi for a much more powerful computer.
So Admin … enough of this GUI, Web Browser Stuff
My definition of Admin here is that you should be wanting to know Linux and the command line. If you install something that doesn’t have KDE or Gnome … just straight up Linux Bash terminal you can start putting apps into your RPi and using it as a local server. I will even explain how I went further and got it exposed to the internet so my friends could work with it.
So Covid19 … locked down at home, for an admin nerd its just another day at the office. The RPi sitting there under the monitor (its so tiny) and it is asking “you gonna do something with me or not?”. I have it plugged into a TV I’m using with a real Linux Desktop PC (dual boot windows :-|) and on the 2nd HDMI input the RPi was there waiting to be re-purposed.
Cost cutting or foolishness?
My idea was simple – I’ve been renting a server for many years that I use for redistributing bit-torrent. All legitimate files of course ;-(). Bittorrent is an early success story decentralized approach to file-sharing and yes P2P filesharing since the early days. There were many challenges or problems to hurdle beyond to replace a “hosted server” account with my at home little toy of a computer. Some people call this kind of solution a “seedbox” … but run it from home is completely backwards. Its running on a fast internet, which has a private network – so my public IP may or may not be exposed to the point where they can directly tag it if someone downloaded something copy protected (who would do that?). Seedboxes are usually hosted where people can ignore attempts to complain about specific file sharing participation.
Before we worry about internet access and sharing the access to people outside my LAN … “web hosting” aspect of it lets just make it.
I used Ubuntu – because I’ve been using Ubuntu 18.04 for several Virtual Private Servers – and Kali is much the same as Ubuntu so I thought I’d just see what they have. They have RPi well covered https://ubuntu.com/download/raspberry-pi and the version I installed didn’t boot into a graphical UI – which is perfect because I just want a headless CLI driven thing just like a VPS for website hosting. No NOOBS for this project – just write the image to the microSD card. I started with a 32gb samsung. I use this card reader, its excellent, the Ugreen SDcard reader I like it because I can also use it to backup my phone via microUSB connector and it has normal USB connectivity.
More Project ingredients Deluge, Ngrok
Then I followed this guide to add Deluge which is what I was using on the old seedbox for many years. I set up Deluge with a builtin plugin IPblocklist – just in case it helps the seedbox be more protected from snooping. I created a user and set up the home directory to be owned by root. Thus you can “chroot” it so that when people SFTP in they are locked into this as their “root” directory and can’t escape and start looking around your system. Then Deluge copies completed torrents and reads seeds from non-root owned “Deluge” directory inside that home directory. So users access the box via a web interface for deluge and upload/download files for torrent sharing via SFTP.
Part 2 of this project gets quite involved so I’ll just say that after this I used Ngrok on the PI and Ngrokd on an external VPS to open tunnels for my friends to access Deluge and SFTP. My ISP doesn’t give one a real public IP – just a private IP in their network so forwarding ports from the router doesn’t give access to your LAN at all, other than perhaps to other users of your ISP … maybe. Ngrok is a kind of “reverse proxy”. In future I might also put a normal proxy server on the VPS and then all torrenting, web access and sftp are accessed via that server which is my PI tunnels into using Ngrok. Ngrok does try to keep the tunnels alive … but that’s a longer story. It is a working solution for over a week so far.