Raspberry Pi Apache, MariaDB, PHP & WordPress Server

The purpose of this tutorial is to walk you through the process of using a Raspberry Pi as a web server.

This tutorial assumes:

  1. You already know how to flash a microSD card with Raspbian.
  2. You are already somewhat familiar with setting up and using a Raspberry Pi.
  3. You have already followed my previous tutorial titled Raspbian Stretch Lite Secure Baseline Setup.

Before We Begin

The way I have outlined this tutorial is to

  1. Walk you through the steps of getting the Raspberry Pi setup as a fully functional web server.
  2. Once everything is fully setup we will move the Raspberry Pi web server onto the Internet.

Sure, we could do everything live. However, I prefer this method so the system is secure before I move it into production. Once we do move things online, there will be a couple of adjustments that we have to make so all of the links on the site will work properly.

Please keep in mind that the instructions I am providing to you are what allowed me to make this work. There are probably (most likely) better instructions out there. I try my hardest to be as secure in my setups as possible. I have a background in Information Technology and currently hold a CompTIA Security+ certification. With that being said, I make zero claims of being an expert! I wish I were! Ultimately, use these instructions at your own risk!

Now that all of the disclaimers are out of the way, let’s have some fun!

Install Apache, MariaDB, PHP, & phpMyAdmin

Once you have your Raspberry Pi running with your baseline image of Raspian Lite and are logged in with an account that has super user (sudo) privileges, it is time to get to work installing all of the components of your Raspberry Pi Web Server. The following command will install Apache 2 (web server), MariaDB (Maria Database Server, which is a fork of MySQL), PHP 7.0 (a scripting language that WordPress relies on), and a few other necessary components to make everything work.

themaster@IRGOS:/home/themaster$ sudo apt-get install apache2 apache2-utils mariadb-server mariadb-client php7.0 libapache2-mod-php7.0 php7.0-mysql php-common php7.0-cli php7.0-common php7.0-json php7.0-opcache php7.0-readline

Once all of the packages have completed installation you should be able to view the Apache test page by entering http://IPADDRESS (replace IPADDRESS with your Pi’s IP address) into the browser of your choice on your local network.

Secure the MariaDB Installation

themaster@IRGOS:/home/themaster$ sudo mysql_secure_installation

Super user permissions are required. Enter your password, if prompted.

themaster@IRGOS:/home/themaster$ [sudo] password for themaster:

You will be prompted for the current root password of MariaDB. Since there is currently no password, press Enter.

themaster@IRGOS:/home/themaster$ Enter current password for root (enter for none):

You will now have the opportunity to set the root password. I highly encourage you to set this to its own password. Make it an extremely complex password. Use a password manager to save it.

themaster@IRGOS:/home/themaster$
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

You will be asked if you would like to perform additional tasks. For the sake of increased security I would recommend answering ‘Y’ (Yes) to all of them.

themaster@IRGOS:/home/themaster$
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Install phpMyAdmin

This will allow for easy management of databases.

themaster@IRGOS:/home/themaster$ sudo apt-get install phpmyadmin

You will be prompted to select the web server that should be automatically configured to run phpMyAdmin. Select the apache2 option.

You will also be prompted to configure a database for phpmyadmin using dbconfig-common. When this prompt appears, select Yes.

You will then be prompted to enter a password for phpmyadmin.

You can verify the installation was successful by navigating to http://IPADDRESS/phpMyAdmin

Create a Database Manager (User) Account

Next, we will create a new database user account that we will use for general database administration. We’ll need to create this via the command line. Afterward, we’ll be able to use it in phpMyAdmin.

themaster@IRGOS:/home/themaster$ sudo mariadb

You may need to enter your password again. After successful authentication, you will drop into the MariaDB console. You will enter the following commands to create a user and grant that user all privileges on all databases.

CREATE USER ‘USERNAME’@‘localhost’ IDENTIFIED BY ‘PASSWORD’;
 
GRANT ALL PRIVILEGES ON *.* to ‘USERNAME’@‘localhost’ WITH GRANT OPTION;
 

Once you have entered the above commands you can exit out of the MariaDB console by typing exit and pressing Enter.

themaster@IRGOS:/home/themaster$ sudo mariadb
[sudo] password for themaster:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 294
Server version: 10.1.23-MariaDB-9+deb9u1 Raspbian 9.0

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE USER 'themaster'@'localhost' IDENTIFIED BY 'OjI4\zMxVzIwC=V';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* to 'themaster'@'localhost' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

Create WordPress Database

We will now setup our WordPress database inside of phpMyAdmin. Navigate to http://IPADDRESS/phpMyAdmin. Logon using the administrative account that we just created in the MariaDB console. Once you are logged in, navigate to User accounts.

Click on Add user account.

Enter a username. My recommendation for this field is to make the username the same name as the database.

Leave the host name field set to % so the database can be accessed from anywhere.

Enter a password for the database and re-type it.

If you are following my recommendation, select the “Create database with same name and grant all privileges” option.

Click on the Go button at the bottom.

You should receive a message at the top that says “You have added a new user.” Note the line below. This is the command that you could have used in the command line (CLI). While I love the CLI, I don’t love it enough to type out that entire command! This is also a great way to learn how to perform a task in MariaDB if you’re trying to create a database driven website.

Backup Current Apache Configuration

themaster@IRGOS:/home/themaster$ cd /etc
themaster@IRGOS:/etc$ sudo cp apache2 apache2backup -r

Configure an Apache Site

We will start by disabling the default Apache site.

themaster@IRGOS:/etc$ cd apache2/sites-available
themaster@IRGOS:/etc/apache2/sites-available$ sudo a2dissite 000-default

Next, we will create a directory to store the website. My preference for this is to store the website in the home folder of a user account that is named after the website. In my examples, I’m creating a website called IRGos so I will create an account named irgos.

themaster@IRGOS:/etc/apache2/sites-available$ sudo adduser irgos

If you’re wondering why I do this: I prefer to not have my website in the home folder of a user account that has sudo permissions. Yes, I could host the website in Apache2’s default location of /var/www/html/htdocs. However, I would then have to fiddle with permissions for FTP’ing files to the site. If I have a user account for the website, I can simply connect into the server via SFTP with that user account and have read/write permissions by default. If I ever needed to host a website for someone else, I could create an account for them or their website and it would be in its own little world.

Once you have the website account created, we will switch into it to create some directories. I will apologize in advance. I will be having you to switch between this account and themaster (or whichever account you use that has sudo permissions) quite often. If it is easier for you, you may choose to have two SSH sessions open at the same time.

themaster@IRGOS:/etc/apache2/sites-available$ su irgos

Enter the password for the site user account.

Next, we will create a folder structure in which to store our website files. It will look like the following:

  • htdocs
    • logs
    • public_html
  • scripts
  • temp

htdocs is where we will store all of our website files.

scripts is where we will store the backup scripts.

temp will be used when a backup operation is in progress.

irgos@IRGOS:/home/irgos$ mkdir htdocs scripts temp
irgos@IRGOS:/home/irgos$ cd htdocs
irgos@IRGOS:/home/irgos/htdocs$ mkdir logs public_html

We will now create the .log files in the logs folder.

irgos@IRGOS:/home/irgos/htdocs$ cd logs
irgos@IRGOS:/home/irgos/htdocs/logs$ touch {access,error}.log

We will now create a symbolic link in /var/www/html to /home/irgos/htdocs/public_html

We do this because Apache is configured to host files out of /var/www/html by default. Yes, we could change this in the Apache configuration. However, creating a symbolic link will allow us the ability to host multiple websites for several users on the system, should we choose to do so.

You will need to drop out of the site user account to do this. Type exit and press Enter to return to your account with sudo privileges. Then enter the following command to create the symbolic link.

themaster@IRGOS:/etc/apache2/sites-available$ sudo ln -sf /home/irgos/htdocs /var/www/html/irgos.com

Setup the Apache VirtualHost

Navigate to the sites-available directory if you are not already there.

themaster@IRGOS:/etc/apache2/sites-available$ cd /etc/apache2/sites-available

Copy the default configuration file to a new file for your site.

themaster@IRGOS:/etc/apache2/sites-available$ sudo cp 000-default.conf irgos.com.conf

Delete the default configuration file (remember, we have already made a backup of this). I suggest removing this so that it does not get enabled by accident.

themaster@IRGOS:/etc/apache2/sites-available$ sudo rm 000-default.conf

Open the newly created configuration file and modify it to match the following (replacing folder names & domain names where applicable).

themaster@IRGOS:/etc/apache2/sites-available$ sudo nano irgos.com.conf

In Nano you can use Ctrl + K to quickly delete all of the lines of text.

Listen 80
<VirtualHost IPADDRESS>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName www.irgos.com

ServerAdmin webmaster@irgos.com
DocumentRoot /var/www/html/irgos.com/public_html

# Available loglevels: trace8, …, trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog /var/www/html/irgos.com/logs/error.log
CustomLog /var/www/html/irgos.com/logs/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

We now need to activate the site that we just created and restart Apache2.

themaster@IRGOS:/etc/apache2/sites-available$ sudo a2ensite irgos.com.conf
themaster@IRGOS:/etc/apache2/sites-available$ sudo apachectl -k graceful

Open the apache2.conf file and ServerName localhost to the bottom to suppress the “Unable to determine FQDN” message. Then re-run the apachectl -k graceful command.

Setup WordPress

Download WordPress from WordPress.org and extract the ZIP file.

Note that I’ll be using my regular desktop computer (Windows) for a lot of the following tasks.

Rename wp-config.php to wp-config.php then open it (in Notepad, Notepad++, etc.).

Add your database details to the following section:

// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define(‘DB_NAME’, ‘your_database’);

/** MySQL database username */
define(‘DB_USER’, ‘your_database_user’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘your_database_password’);

/** MySQL hostname */
define(‘DB_HOST’, ‘localhost’);

/** Database Charset to use in creating database tables. */
define(‘DB_CHARSET’, ‘utf8’);

/** The Database Collate type. Don’t change this if in doubt. */
define(‘DB_COLLATE’, );

Navigate to the WordPress unique phrase generator website. Copy the newly generated phrases over what is already in the configuration file.

Save the wp-config.php file.

Re-connect to your server using an FTP client. Use the site credentials. I’ll be using FileZilla.

Navigate to the /home/irgos/htdocs/public_html folder.

Upload all of the WordPress files.

Navigate to http://IPADDRESS (replace IPADDRESS with the IP address of your Pi).

You should now be greeted with the WordPress installer screen. Follow the instructions on the screen to configure your web site.

Must Have Plugins

SMTP Mailer Plugin

If you are going to use your installation of WordPress offline in an Intranet environment, the SMTP Mailer plugin is crucial to allow WordPress to send email messages. In the server’s current configuration no email messages will be sent. Using this plugin will allow you to connect your WordPress installation to an SMTP server to allow outgoing messages from WordPress. If you are using Gmail or gSuite (formerly Google Apps, Google Apps for Domains) you will have to enable the option in your settings that allows for less secure applications to connect to the SMTP server (as a security conscious person, this makes me cringe). This will not work if you have two-factor authentication enabled. A more secure option would be to use the Gmail SMTP plugin. If you would prefer to use that option, after we get our server moved online we can setup that plugin.

To enable the “Allow less secure apps” option (again I cringe), login to your Google account. Go to the “My Account” page. Click on the link for “Sign-in & security” then scroll down to the section titled “Apps with account access” and turn on the “Allow less secure apps” option.

Because this is a less secure option, I would highly encourage that if you have any sensitive information in the account you were planning to use, that you create another account. Perhaps create a “no-reply” account as you have undoubtedly seen utilized on thousands of websites.

Download the SMTP Mailer plugin and extract the ZIP file.

Upload the extracted files to /home/username/htdocs/public_html/wp-content/plugins

While logged into your WordPress installation, click on the Plugins link.

Activate the SMTP Mailer plugin. Click on the Settings button.

For Gmail or gSuite, use the following settings:

SMTP Host: smtp.gmail.com
SMTP Authentication: True
SMTP Username: Your Gmail address or your gSuite address.
Type of Encryption: TLS
SMTP Port: 587
From Email Address: Your Gmail address or your gSuite address.
From Name: Use what you would like your recipients to see.

You should now be able to click on the Test Email tab and send a test email message. Another way to test this would be to logout of WordPress and select the “Lost your password?” option. Enter your username. You should receive an email in your mailbox with a link to reset your password.

WP-DBManager

Next, we need to setup a method for backing up the WordPress database. My recommendation is the WP-DBManager plugin.

Download the plugin and extract the ZIP file.

Connect to your Pi via sFTP and navigate to /home/irgos/htdocs/public_html/wp-content and create a directory named “backup-db”

Open the newly created directory.

From the contents of the extracted plugin (wp-dbmanager.2.79\wp-dbmanager), upload the htaccess.txt file then rename the file to .htaccess

Go back up one level. Right click on the newly created directory and select File permissions.

Enter 777 into the Numeric value field.

Select the “Recurse into subdirectories” and “Apply to all files and directories” options.

Upload the extracted plugin files (the wp-dbmanager folder within the wp-dbmanager.2.79 folder) to /home/irgos/htdocs/public_html/wp-content/plugins

While logged into your WordPress installation, click on the Plugins link.

Activate the WP-DBManager plugin.

From the sidebar, click on the Database option.

Select the “DB Options” option. This is where you definitely want to make some changes. You will want to setup automatic backups. Select a schedule that reflects how often you plan to make changes to your WordPress site. I do recommend using the Gzip option. It is a good idea to run automatic database optimization and repair at least once per month. At the bottom you configure the backups to be emailed to your preferred email inbox.

Other options you may find useful:

The Database option will show you local server information and the tables from your WordPress database that will be backed up.

Click on the Backup DB option. This is where you can confirm that all of your settings are good to go. Additionally, at the bottom, there is an option to GZIP the database backup file. The default is set to “No” but I generally change this to “Yes.”

The Manage Backup DB option will allow you to select a specific database backup and either email, download, restore, or delete it.

The Optimize DB option will allow you to run a database optimization on your tables.

The Repair DB option will allow you to repair your database tables.

The Empty/Drop Tables option is dangerous. Be careful with it. This one allows you to empty the contents or delete a database table.

If you’d rather not connect to the MariaDB console or access phpMyAdmin, you can run SQL queries from the Run SQL Query option.

Akismet Anti-Spam

While I do not plan to go into the details of how to setup Akismet, I will say two things: 1.) If your website is publicly accessible and has a high volume of traffic, definitely set it up. 2.) While I am fully aware that my website does not receive a ton of traffic, I do not have the plugin enabled on this site and I rarely receive comment spam. Should that change, I will re-enable it or another option.

The main reason I stopped using Akismet was due to needing to have a license for several websites. Now that I have merged all of my websites into one, this may be another reason to re-enable Akismet.

For internal intranet sites I don’t think it is necessary unless you think internal users will abuse the comments.

Backup Site Files

In the plugins section I wrote about backing up the WordPress database. Now we need to also backup the actual website files. We also need a way to get them off of the Pi’s microSD card in case it becomes corrupted. I personally think offloading these files to Dropbox is the best solution.

Once again we need to switch into the site user’s account.

themaster@IRGOS:/etc/apache2/sites-available$ su irgos

Change into the scripts directory.

irgos@IRGOS:/home/irgos$ cd /home/irgos/scripts

Next, we will download Andrea Fabrizi’s Dropbox-Uploader script using curl.

irgos@IRGOS:/home/irgos/scripts$ curl "https://raw.githubusercontent.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh" -o dropbox_uploader.sh

Because we could potentially have additional sites running on this server that we may want to backup to different Dropbox accounts, we will want to edit the dropbox_uploader.sh script. By default, the script places a configuration file into the root user’s home directory. We will change this to our site user account’s home directory.

irgos@IRGOS:/home/irgos/scripts$ nano dropbox_uploader.sh

We will modify the CONFIG_FILE line

FROM:

CONFIG_FILE=~/.dropbox_uploader

TO:

CONFIG_FILE=.dropbox_token

You will notice that I changed the name of the file. The reason for this is because the only thing contained within this file is the token we will generate shortly.

Save and exit the file.

The script will need execute permissions in order to run. Unfortunately, we will once again need to switch users. We’ll switch to themaster account and then exit it so that we are back at the command line for the site user account.

irgos@IRGOS:/home/irgos/scripts$ su themaster
irgos@IRGOS:/etc/apache2/sites-available$ sudo chmod 777 /home/irgos/scripts/dropbox_uploader.sh

Type exit and press Enter to return to the site user account.

From a web browser logon to Dropbox. After you have logged onto Dropbox, access the Dropbox Developer website.

As of 10/14/2017, there is a link in the middle of the page titled “Create your app.” Click on that link.

Select the Dropbox API.

Select the App folder option.

Name your app. Example: Website Backup

Click on Create app.

Now we will run the Dropbox Uploader script so that we can enter an access token for the application that we created on Dropbox.

irgos@IRGOS:/home/irgos/scripts$ ./dropbox_uploader.sh

When prompted, you will enter an access token that you generate on the Dropbox website.

Once you have entered the token and confirmed that it looks good, we will upload a file to Dropbox to make sure that it works. For convenience we will simply upload the dropbox_uploader.sh script. Don’t forget the “.” at the end of the command. This will put the file into the root of our application folder in Dropbox.

irgos@IRGOS:/home/irgos/scripts$ ./dropbox_uploader.sh upload dropbox_uploader.sh .

If successful you should see the following in the terminal:

irgos@IRGOS:/home/irgos/scripts$ Uploading "/home/irgos/scripts/dropbox_uploader.sh" to "/dropbox_uploader.sh"... DONE

You should now see the file in the folder for the app that we created within Dropbox.

We will now create another shell script that will backup the site user’s home directory to a compressed file and upload it to Dropbox.

irgos@IRGOS:/home/irgos/scripts$ nano irgos_site_files_backup.sh

Once the file is open, paste in the following. Modifying paths where necessary.

#!/bin/bash

DATE=$(date +"%d-%m-%Y_%H%M")
BKP_FILE="/home/irgos/temp/irgos_site_files_backup_$DATE.tar"
BKP_DIRS="/home/irgos/htdocs /home/irgos/scripts /etc/apache2/sites-available/irgos.com.conf"
DROPBOX_UPLOADER=/home/irgos/scripts/dropbox_uploader.sh

tar cf "$BKP_FILE" $BKP_DIRS
gzip "$BKP_FILE"

$DROPBOX_UPLOADER -f /home/irgos/scripts/.dropbox_token upload "$BKP_FILE.gz" .

rm "$BKP_FILE".gz

Save and exit the file.

We need to make this script executable as well. By now you know the drill. Switch to an account with sudo privileges and execute the following command.

themaster@IRGOS:/etc/apache2/sites-available$ sudo chmod 777 /home/irgos/scripts/irgos_site_files_backup.sh

Save and exit the file. Type exit again to return to the site user account.

Finally, we will setup a cron job to automate the backup/upload process. Run the following command and select your preferred text editor. I prefer nano.

irgos@IRGOS:/home/irgos/scripts$ crontab -e

Enter the following at the bottom of the file, replacing “m” “h” “dom” “mon” “dow” with the appropriate values (additional information below). Once you have the command in place, save and exit the file.

m h dom mon dow /home/irgos/scripts/irgos_site_files_backup.sh

m = minute
h = hour
dom = date of month (1 – 31)
mon = month (1 – 12)
dow = day of week [0 – 6, 6 is Saturday], [0 – 7, 7 is Sunday], or [Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday]

Additionally, instead of specifying the date/time as described above, you could use one of the following options:

@reboot (runs once at system startup)
@daily (runs at midnight)
@midnight (same as @daily)
@monthly (once a month)
@hourly (every hour)

Example:

@midnight /home/irgos/scripts/irgos_site_files_backup.sh

Move to the Internet

Dynamic DNS

Unless your ISP provides you with a static IP address, you will need to subscribe to a service that captures your router/modem’s public IP address and reports that back to their DNS servers as it changes.

No-IP Setup

Because I already pay for NO-IP services, this is the dynamic DNS service that I will write instructions for in this article. There are other dynamic DNS services out there. You may prefer one of those better based on pricing, options, etc.

Create an account at noip.com then configure a new host.

Login to the site account on your Pi via SSH and run the following commands from the root of that user’s home directory (i.e. /home/siteuser:

NOTE: The following instructions were taken from No-IP’s knowledge base with slight modifications.

themaster@IRGOS:/home/mydomain$ mkdir noip

Open the noip directory.

themaster@IRGOS:/home/mydomain$ cd noip

Next you will use wget to download the No-IP Dynamic Update Client (DUC).

themaster@IRGOS:/home/mydomain/noip$ wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz

Issue the following command to untar (extract) the DUC.

themaster@IRGOS:/home/mydomain/noip$ tar vzxf noip-duc-linux.tar.gz

Open the newly created directory.

themaster@IRGOS:/home/mydomain/noip$ cd noip-2.1.9-1

Next you will run the commands to make and run the installer.

themaster@IRGOS:/home/mydomain/noip$ sudo make
themaster@IRGOS:/home/mydomain/noip$ sudo make install

You will enter your login credentials for No-IP.com, select the hostname to update, and the interval at which to update the hostname. I generally set mine to the default 30 minutes.

Next you will need to configure the No-IP DUC to launch when the Pi starts. Great instructions for doing this are available on westernwillow.com.

Once you have followed those instructions and rebooted your Pi you can run the following command to confirm that the No-IP client is running.

themaster@IRGOS:/home/mydomain$ sudo /usr/local/bin/noip2 -S

A Matter of Security

At the beginning of this article I suggested that if you had not, you should follow my previous blog article, Setting up the Raspberry Pi Zero, Zero W, or Pi 3 with Raspbian Stretch Lite. If you haven’t, I highly recommend going through it. You will learn how to configure user accounts, two factor (certificate based) authentication, a firewall, and additional ways that you can and should enhance the security of your Raspberry Pi before you place your project onto the Internet.

Move Pi to the DMZ

At this point you should be good to move your Pi into the DMZ. This will place your Pi directly onto the Internet. That is, if your ISP does not block web server traffic. Once you do have your Pi in the DMZ, start attempting to access the web site by entering your public IP address (if web server traffic is not blocked) or your No-IP hostname into your browser’s address bar. You may want to try it from an external network (mobile/cell network) if you are not having any luck. If you do get connected, you will then want to work on getting your domain name forwarded to your No-IP hostname.

Unfortunately, because almost everyone reading these instructions has a different router, it would be impossible for me to tell you how to put your Pi into the DMZ. What I can do is show you how I do have done it with my Century Link Actiontec C1000A. It will be pretty similar on most other routers.

Login to the web based admin.

Go into the Advanced Setup options.

Under the Security options, select DMZ Hosting.

Enter the IP address of your Pi and click on Apply.

If your current public IP address has had enough time to propagate through the Internet then you should be able to access your NO-IP hostname from ANOTHER network (cell/mobile phone).

In order to access your NO-IP hostname from within your own network, you’re going to have to fake it. What I mean is you will have to go to the DNS Host Mapping settings and link your NO-IP hostname to your Pi’s local IP address.

Fixing WordPress URLs

If you are successful in accessing your web server remotely you may notice that some of the URLs try to go to your Pi’s local IP address. This is because when we installed WordPress we installed it locally. Yes, we could have waited until we got everything else setup, but I wanted to have WordPress fully functional before putting the server online. This is easy to correct.

Navigate to http://IPADDRESS/phpmyadmin (you can also use http://NOIPHOSTNAME if you have made the DNS Mapping change to your router) and login using your site account’s WordPress database.

If it isn’t already, expand the database in the left sidebar.

Click on wp_options.

Under option_name you will see siteurl and home. Use the Edit button to update these values to your NOIP hostname.

Setting up the Gmail SMTP Plugin

Earlier in this post I provided instructions for setting up a WordPress plugin called SMTP Mailer. We installed this plugin because without it WordPress would not be able to send out email messages in the server’s current configuration. Unfortunately, if we use this plugin to connect to a Google account, we must enable an option that downgrades our security. The instructions in this section are for the Gmail SMTP Plugin, which allows us to take advantage of the full security offerings of a Google account. Now that we have the server online, this plugin will work.

Note that I was unable to get this plugin to work while having 2-factor authentication enabled. Which is unfortunate.

The plugin developer does have instructions on their site. However, the instructions are a bit out of date. So I will walk you through the steps of getting this setup.

I was unable to get this to work using one of my gSuite accounts. It appears as though the free version of gSuite does not allow its users to take advantage of the Google Developer Console. I started using Google Apps for Domains (what is now known as gSuite) many, many years ago when it was in beta and free. I believe for me to utilize one of those accounts I would have to upgrade my gSuite account to a paid account. At the moment I would rather not have to pay for yet another service. The good news is that you can utilize the Google Developer Console from a free Gmail account.

Download the Gmail SMTP plugin and extract the ZIP file.

Upload the extracted files to /home/username/htdocs/public_html/wp-content/plugins

While logged into your WordPress installation, click on the Plugins link.

Activate the Gmail SMTP plugin. Click on the Settings button.

In a separate tab, login to your Google account and navigate to the Google Developer Console website.

Click on the Create Project button.

Give your project a name then click on Create.

Currently, the Gmail API is listed as a popular API. Click on the Gmail API icon in the list of popular APIs.

Click on Enable

We will now create credentials that the Gmail SMTP plugin will use to access your Gmail account.

Click on the Create Credentials button.

We will leave the option Which API are you using? set to Gmail API.

In the Where will you be calling the API from? options we will select Web server.

Under What data will you be accessing? select User data. Click on the What credentials do I need? button.

You will now be presented with the form to create an OAuth 2.0 client ID. Provide a name for the client ID.

In the Authorized JavaScript origins you will need to place your website URL.

In the Authorized redirect URIs field, you will need to copy this address from the Gmail SMTP settings panel within WordPress.

If you do not click on anything the values that you enter will automatically appear above the form field. This would allow you to enter additional URL or URIs.

Click on Create client ID.

On the next screen you will need to create a Product name. Click on Continue.

You will be presented with the Client ID. Copy this to the Client ID field in the Gmail SMTP plugin settings page.

On the Google Developer Console page you will also be presented with an option to download the credential information in JSON format. Download the file. Open the file in Notepad. You will have to get the “client_secret” code to paste into the Gmail SMTP settings. You will want everything between the parenthesis. Do not include the parenthesis.

Sidenote: While writing these instructions I ran through this process multiple times. After having deleting the credentials and re-creating them I would occasionally get a pop-up with the Client ID and Client Secret. Which is much simpler than downloading the JSON file. However, either option will work.

Complete the rest of the fields in the Gmail SMPT settings in WordPress.

Click on the Save Changes button.

Once the page reloads, click on the Grant Permission button.

You will be prompted to login to your Google account. Login to the account we are setting up authentication for.

You will be taken to a screen that states This app isn’t verified. Click on the Advanced link and choose the Go to URLHERE unsafe option.

Grant the permission for your application to use your Gmail account by clicking on Allow.

You should be taken back to your Gmail SMTP settings panel. The SMTP Status should now be green with a checkmark.

You can test the connection by clicking on the Test Email tab and composing an email to yourself. It would also be a good idea to logout of WordPress and pretend you forgot your password to ensure you receive an email from the site. Also, it would be a good idea to confirm your database backups still get delivered to you.

If you are like me and need to switch your email address in WordPress from a gSuite address to a free Gmail account. You can do this in WordPress by clicking on the Settings button. Then click on the General button. Then change the email address in the Email Address field. Click on Save Changes at the bottom.

One Final Backup

After you have completed all of the above steps, it would be a shame if the microSD card became corrupted. I highly recommend that at this time you make another backup of your microSD card so that you will be even further along should you need to flash another microSD card.

Raspbian Stretch Lite Secure Baseline Setup

The purpose of this tutorial is to walk you through the process of making an installation of Raspbian Stretch Lite more secure. Which you can then create your own image from to use as a baseline setup for future Raspberry Pi projects.

This tutorial assumes that you already know how to flash a microSD card with Raspbian. It also assumes that you are already somewhat familiar with setting up and using a Raspberry Pi.

User Setup

The first thing we will do to improve the security of our setup is to add a new user account with SUDO privileges, remove the default user (pi) account and home directory (/home/pi), and change the root user password.

Add a New User Account with SUDO Privileges

Raspbian has a default user account named pi that has SUDO (super user) privileges. We want to logon to this account and create a new account with SUDO privileges. Once we create the new account we will remove the pi account. Go ahead and logon to Raspbian using the standard credentials. Currently as of 11/4/2017, Username: pi, Password: raspberry

Issue the following command to add a new user:

pi@raspberrypi:/home/pi$ sudo adduser USERNAME

I am going to use themaster as my username. A little reference to Doctor Who. This isn’t actually what I will use in the real world (sorry hackers). I just needed something for training purposes and for some reason this is the first thing that came to my mind. In my future Raspberry Pi tutorials you will see this theme re-emerge as I plan to use these setup instructions as my baseline setup for future tutorials.

You will be prompted for information about the user. It’s not necessary to include anything here. You can skip the questions by pressing enter. Then type “y” at the end to confirm the information is accurate.

We will now want to change the password of the newly created account:

pi@raspberrypi:/home/pi$ sudo passwd themaster

We will now add the user to the sudo group. This will allow themaster to have super user privileges.

pi@raspberrypi:/home/pi$ sudo usermod -a -G sudo themaster

Delete the Default “pi” Account

It is now time to say goodbye to the pi account. Logout by typing exit and pressing Enter. You should now be back at a logon screen.

Logon with the newly created account.

We now want to make sure that our new user account has sudo permissions. The easiest way to test this is to issue the following command. Only users who have sudo permissions are allowed to issue this command.

themaster@raspberrypi:/home/themaster$ sudo visudo

If successful, this will load the sudoers file. To exit the file, simply press Ctrl + X at the same time.

We will now issue the command to delete the pi account.

themaster@raspberrypi:/home/themaster$ sudo deluser pi

We will also need to ensure the pi account home directory is also deleted.

themaster@raspberrypi:/home/themaster$ sudo rm -r /home/pi

Change the “root” Account Password

themaster@raspberrypi:/home/themaster$ sudo passwd root

System Settings

We will now run the raspi-config program to make the following changes.

  1. Resize the filesystem to take advantage of the entire microSD card.
  2. Decrease the amount of memory being dedicated to the GPU.
  3. Change the hostname.
  4. Change the locale and timezone.
  5. Enable SSH for remote administration.
themaster@raspberrypi:/home/themaster$ sudo raspi-config

Some of these options will require a reboot before the changes will take effect. You can reboot when prompted or wait until we have completed all of the steps. I prefer to complete as many steps as I can before I have to reboot. I will let you know when I reboot.

Starting with the second option, 2 – Hostname, we will change the default hostname from raspberrypi to baseline. Since we’re going to use this to get future projects off the ground faster, when I flash a new microSD card with this image, I will already know what the hostname is. We’ll talk about it more in the new project setup tasks section, but when I do start a new project, I would change this hostname to reflect the project I am working on.

Example 1: In my next article I am writing about how you can use the Raspberry Pi as a web server. I used my IRGos test website to write the tutorial. So for the hostname I used irgos.

Example 2: In the past I have experimented with using a Raspberry Pi Zero as a car dashcam. For that project I used the hostname dashcam.

Next we will expand the filesystem. Select 7 – Advanced Options then A1 – Expand Filesystem. This will ensure that Raspbian has access to the entire available space of the microSD card.

From within 7 – Advanced Options, select A3 – Memory Split. On my projects where I don’t utilize a graphical user interface (GUI), I take this option all the way down to 16 megabytes (MB).

We will now change the locale. Select option 4 – Localisation Options. Then select I1 – Change Locale. Since I am in the United States I will use en_US.UTF-8 UTF-8. Select en_US.UTF-8 again to use it as the default locale for the system.

You will be taken back to the main menu. We need to go back into option 4 – Localisation Options. Then select Change Timezone. Select US then your timezone.

The settings will apply and you will again be taken back to the main menu.

To get into the system we will enable SSH. Select 5 – Interfacing Options. Then select P2 – SSH.

Once you have enabled SSH you can exit out of raspi-config. You will be prompted to reboot. Go ahead and allow the Pi to reboot at this time.

Configure a Static Ethernet IP Address

Static IP Assignment via MAC Address

In my opinion, the best option for configuring a static IP address is to have your router apply the IP address based on the MAC address of the device. I utilize this option on my network. Why?

Scenario 1: If I have my Pi connected to the switch that I have in the demilitarized zone (DMZ) it will receive one IP address. If I need to take the Pi offline and move it back onto my private network I can do so without logging back into the Pi to change the static IP address or turn off static IP addressing. It will then receive an IP address for my private network.

Scenario 2: I have a couple of Pi boards that I use for testing of miscellaneous projects. Using router based addressing allows me to print the IP address that I know the router will assign to those Pi boards.

In both of the above scenarios: 1.) The need for me to logon to the Pi to see what IP address has been assigned, 2.) The need to connect the Pi to a monitor to check the IP address, and 3.) The need to connect into my router’s console to see what IP address it assigned have all been eliminated.

Every router is different so you will have to read through your router’s manual in order to determine how to do this. However, I can tell you how I do it on my TP-LINK (TL-WDR4300) and Century Link (Actiontec C1000A) routers.

First, we need to determine your MAC address:

themaster@webserver:/home/themaster$ ifconfig

Look for the ether address in your Ethernet adapter information. If you are using a Pi with built-in Ethernet it should be listed as eth0. It will look something like this: r8:74:er:e9:4c:9e (invalid MAC address, by the way, but this is what they look like).

On my TP-LINK router, after I logon I click on DHCP then Address Reservation. I then click on Add New and supply the MAC Address of the Pi and the IP address that I would like to have reserved for the Pi. One thing to note here, the Pi will display it’s MAC address to you with colons. In my experience, you have to use hyphens instead of the colons when reserving an address on this TP-LINK router.

Once you save you will have to allow the router to reboot before the changes occur. You will then also have to reboot the Pi, but only after the router has fully rebooted.

On my CenturyLink router, after I logon I click on the Advanced Setup button. Then the DHCP Reservation link on the sidebar. Enter your MAC address into Step 4. Then in Step 5 you will select an IP address to associate with the MAC address. Click on Apply in Step 6. Allow the router to reboot.

Static IP Assignment via the dhcpcd.conf File

If you don’t have the option to use your router to assign a static IP address, you will have to do it manually via the dhcpcd.conf file.

We will use a program called nano (a text editor) to edit the dhcpcd.conf file which is located in the /etc directory.

themaster@webserver:/home/themaster$ sudo nano /etc/dhcpcd.conf

Look for the section in the file that provides an example static IP configuration. I like to put mine below the example, leaving the example in case I need to reference it in the future.

interface eth0
static ip_address=192.168.1.87/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1 8.8.8.8
 

The last IP address in static domain_name_servers, 8.8.8.8, is for Google’s public DNS servers. You do not have to add it.

Save and exit the file.

Now is a good time to go ahead and reboot.

themaster@webserver:/home/themaster$ sudo reboot

Connect to the Pi via SSH and SFTP

After the Pi reboots we will connect into the Pi using SSH and SFTP. I use two programs for these tasks. To connect in via SSH I use PuTTY. For SFTP connections I use FileZilla.

Once you have PuTTY installed. From the main screen you should be on the Session settings. In the Host Name (or IP address) field, enter your Pi’s IP address. Port should remain 22. Connection type should remain SSH. In the Saved Sessions field, enter a name for the connection. I usually use the Pi’s hostname. Click on Save. You can then click on the Open button to connect.

Once you have FileZilla installed. We will open the Site Manager and create a new connection. In the Host field, enter your Pi’s IP address. Leave the Port field blank, but be sure to select SFTP – SSH File Transfer Protocol from the Protocol drop-down.

For the Logon Type select Normal and supply the username and password. Click on Connect.

Two-factor Authentication

Now that we are able to connect into the Pi without actually having to sit in front of it, this makes administration a little easier. However, it also makes the system more vulnerable. We have made the system more secure by making a new user for system administration, deleting the old default account (pi), and changing the password for the root account. Unfortunately, it’s not enough. Though, in the times we live in, there is never enough security! The most secure computer is one that is not turned on! But what fun is that?

We can increase security further by enabling two-factor authentication. The type of two-factor that we are going to implement on our Pi uses two keys. A private key and a public key.

The Raspberry Pi website has instructions for generating keys via ssh-keygen. I prefer to use the PuTTY Key Generator. The Raspberry Pi website instructions do not instruct you to add a passphrase. I disagree with that. I think you should.

Another option for two-factor is Google Authenticator. Digital Ocean has instructions for setting this up. I really wanted to use this option because I think it’s fantastic. However, all of the programs I use for connecting to and managing my Pi are much friendlier to certificate based authentication.

During the installation of PuTTY, PuTTY Key Generator should have also been installed. On Windows, it should be on the Start Menu. I can usually get to it by searching for it on Windows through Cortana search. If not, it’s located at: C:\Program Files (x86)\PuTTY\puttygen.exe

From the main screen, in the Actions section, click on Generate.

You will see an instruction at the top to move your mouse cursor over the blank space.

Once a key has been generated you will see the new public key, a fingerprint and comment.

Make sure to add a key passphrase!

Save the public and private keys. I keep these in a cloud storage account so that if I am mobile and need to logon to a server I can easily retrieve the key file.

Return to the SSH connection you have established with your Pi:

themaster@webserver:/home/themaster$ mkdir /home/username/.ssh

The above command will create a hidden directory named .ssh

We now need to get the public key that we created via PuTTY Generator into that newly created folder in a file named authorized_keys.

Access the .ssh directory:

themaster@webserver:/home/themaster$ cd .ssh

Create the authorized_keys file:

themaster@webserver:/home/themaster/.ssh$ nano authorized_keys

You should now be able to copy and paste the public key that was generated by PuTTY Key Generator into this file.

Save and exit the file using Ctrl + X.

We now need to change the permissions of the authorized_keys file:

themaster@webserver:/home/themaster/.ssh$ chmod 644 authorized_keys

We now need to edit the sshd_config file located at /etc/ssh/sshd_config (this will require sudo privileges):

themaster@webserver:/home/themaster/.ssh$ sudo nano /etc/ssh/sshd_config

In the file, change all of the following options to NO:

  • PasswordAuthentication
  • PermitEmptyPasswords
  • ChallengeResponseAuthentication
  • UsePAM

Once you have changed those options to No, save and exit the file using Ctrl + X.

Restart the SSH server:

themaster@webserver:/home/themaster/.ssh$ sudo service ssh reload

We now need to go back into PuTTY and modify our connection.

Click on the connection within PuTTY and select Load.

From the Category sidebar, expand SSH and select Auth. At the bottom of the list of options you will see Private key file for authentication. Click on Browse and select your private key file.

Return to the Session options screen. Click on Save to save the new authentication method.

Upon re-connecting to the server you will be prompted for the user that you would like to logon as and the passphrase for that user’s private key.

We will also need to update our connection settings within FileZilla.

Access the Site Manager. Change the Logon Type from Normal to Key file. A username will still need to be supplied, but you will now authenticate off of the private key file that you specify. Upon reconnection you will get another pop-up to enter the passphrase.

This only changes how you logon to the server. As you are performing administration tasks on the Pi, when you are prompted for your password, you will still supply the actual account password.

Install a Firewall

A firewall may be overkill for your project. However, if it’s going to be publicly accessible, it’s a must.

The instructions below were taken from the Raspberry Pi website.

The Firewall we are going to install is called UncomplicatedFirewall or UFW. It is incredibly easy to setup and use.

themaster@webserver:/home/themaster$ sudo apt-get install ufw

For the projects you will be implementing on your Pi, you will need to find out which port they require to be open. We’ll go ahead and allow port 22 through since we will need SSH access.

You can specify the port number:

themaster@webserver:/home/themaster$ sudo ufw allow 22

You can specify the protocol by name:

themaster@webserver:/home/themaster$ sudo ufw allow ssh

The next command will enable the firewall:

themaster@webserver:/home/themaster$ sudo ufw enable

I do agree with the Raspberry Pi website’s instruction of limiting SSH login attempts. By issuing the following command, if more than 6 login attempts occur within 30 seconds, the attempt will be denied:

themaster@webserver:/home/themaster$ sudo ufw limit ssh/tcp

Install fail2ban

As suggested by the Raspberry Pi website we will also install the fail2ban program for additional security.

themaster@webserver:/home/themaster$ sudo apt-get install fail2ban

There are just a couple of configuration changes we need to make for fail2ban to work properly.

themaster@webserver:/home/themaster$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

You can view the configuration by opening the configuration file:

themaster@webserver:/home/themaster$ sudo nano /etc/fail2ban/jail.local

Update Raspbian

You will want to check for and install any available updates from time to time. At least once per month.

The following command will update your install of Raspbian as close to the downloadable image file as possible.

themaster@webserver:/home/themaster$ sudo apt-get dist-upgrade

The next section talks about creating a backup image of your microSD card. Don’t forget to make a new one after you have applied system updates in the future.

microSD Card Backup

Now that you have got your Pi setup with a good baseline set of security standards, now would be a good time to make a backup of it. With this backup you can quickly get a project off the ground. All you will have to do is change the hostname so that it doesn’t conflict with another system on the network and make sure it’s got its own IP address.

Making a backup is easy. I will walk you through how I do it on Windows using a program called Win32 Disk Imager.

First, you’ll want to shutdown the Pi:

themaster@webserver:/home/themaster$ sudo poweroff

Remove the microSD card and connect it into your Windows desktop.

Next, right click on your desktop or inside of a folder then select New > Text Document.

Before pressing Enter… Let’s give it a new filename.

I recommend something like: baseline_32GB_2017_11_12.img

baseline: Because this is our baseline image.

32GB: Because this is the size of the microSD card that I am backing up. Unfortunately, using this method, you will only be able to write the image back out to a microSD card that is the same size or larger.

Additionally, this is going to create a rather large .IMG file. Make sure you have enough space on your hard drive to create the .IMG file. A 32GB microSD card could result in an .IMG file that is close to 32GBs. We can use a program such as 7Zip to compress it after it has been created. Just know you’re still going to need to write the image to the same size card or larger.

Date: The date, so I will know when I made this backup IMG file.

To do this, open Win32 Disk Imager.

Allow it to make changes to the system.

Select the image file that you just created.

Ensure that your microSD card is selected in the Device drop-down.

Then click on Read.

This will read the contents of the microSD card and write them to the .IMG file.

Utilizing backups like this will allow you more flexibility in experimenting. If you get your Pi setup perfectly, but you would like to try something, make a backup before you make the change. If the change doesn’t work out, you can easily restore to the previous setup. Exactly where you left off. If the experiment does work, make a new backup!

New Project Tasks

When you are ready to start a new project and you have flashed your microSD card, there are a few things you will want to make sure that you do after your Pi is up and running.

IP Address

If you are using the same Pi for all of your projects, no need to worry about getting a new IP address.

However, if you’re using a different Pi, and you have hard coded a static IP address into dhcpcd.conf, make sure you change this to avoid IP address conflict issues. Your router may simply assign another IP address to your Pi if the one you have in your dhcpcd.conf file is currently in use. This isn’t guaranteed.

Hostname

In our backup image, the hostname is basline. I recommend changing this to more accurately describe the project you are working on.

Project Specific User Accounts

I do recommend creating separate accounts for your projects. For example, I am already working on my next blog post. In that post I am writing about how to use the Raspberry Pi as a web server. I take this baseline setup, but add on to it. I add another user account for the website that I am going to be hosting. The reason for this is because I do not want to host a website out of an account that has sudo privileges. If your project is going to be publicly accessible and doesn’t require sudo privileges, I would highly recommend this. Just make sure to generate public/private keys for this new user as well.

The Raspberry Pi

In early 2012 I found an article about the Raspberry Pi. All of my news feeds were filled with buzz about “The $35 Computer.” Ever since then my mind and my project to-do list have been filled with projects that the Raspberry Pi could be used for.

I often bring up the Raspberry Pi in casual conversation. People usually get excited about it and want to know more. They will often ask me questions that I can never adequately answer on the spot. I want to be able to say “I don’t have enough time to do this topic justice right now! However, I have wrote about it extensively on my web site! Please, take a look!” If that is why you are here, I’m glad you could make it! 🙂

After having owned and used many Raspberry Pi (Pi) boards, I want to finally start writing about it. Sharing projects where I have utilized the Pi.

I want this blog post to be used for both newcomers and slightly more technically savvy people who just need some recommendations for what to purchase and links to additional resources to get them started.

Please note that I make no claims of being an expert with the Raspberry Pi, Linux, or computer hardware. I consider myself a fanatic!

Flickr Album Gallery Pro Powered By: Weblizar

What is the Raspberry Pi?

Before I tell you what the Raspberry Pi (Pi) is, let me tell you what it is not! The Pi is not a $5, $10, or $35 computer! We’ll talk more about that later.

The Pi is a low-cost ($5 – $35), low-powered (5V, 2A), and tiny (the largest being 3.37″ x 2.21″ x 0.83″) system board (think motherboard) that contains all of the necessary components to function as a desktop computer, server, laptop, thin-client, mobile computing platform, or the brains of an Internet of Things (IoT) device. You supply the storage media (to boot the operating system), monitor (or TV), mouse, keyboard, and case.

It was originally designed for kids to be used as a way of learning how a computer works and how to write computer programs. Instead of them trying to attempt these things with their family’s home computer. Kids could do this with a low-cost computer that could be easily wiped and restored if anything went wrong. If the board itself was destroyed, thankfully it wasn’t the family’s much more expensive home computer. The original Pi board was released for $35. There are now versions of the Pi that are available for as little as $5 (original Pi Zero) and $10 (Pi Zero W).

When the board was released, the DIY/maker community embraced the Pi and used it as the basis for thousands of projects. Any project that you can think of that would require any type of computer processing at its core, the Raspberry Pi has been used for. To give you an idea of what people in the DIY community use theirs for, below is a list of 4 projects that I absolutely love and why I love them.

3D Scanner

As a photographer and a fan of Star Trek I’ve always had this crazy idea of creating holographic photos of people. While holographic technology is nowhere near the level I would like for it to be, this Pi scanner gets us closer to capturing people and objects in 3D. You can then take the captured image and use a 3D printer to reproduce a replica.

Talking Toys

At my parent’s house in Tennessee. Buried deep in the closet is a 2-XL robot. It was an interesting toy. You put cassette tapes in and it would ask you questions which you answered by pressing buttons on the robot. For several years, since the Pi has been out, I have thought it would be fun to revive my old 2-XL with a Pi. The link above takes you to another individual who turned one of their toys, a phone in this case, into a talking toy. It gives me hope that I can do something fun with my 2-XL if I ever get the chance.

AstroPi

Two Pi were sent to the International Space Station with astronaut Tim Peake. The Pi boards were equipped with sensors for monitoring the environment within ISS, detecting how it is moving through space and pick up the Earth’s magnetic field.

Irrigation Controller

Before my partner purchased a sprinkler system with built-in Wi-Fi, I thought it would be fun to create a Pi sprinkler controller.

This is an extremely popular project. If you do a search you will see thousands of results for people with their own version of this project.

What would the average person use a Raspberry Pi for?

Desktop Computer

The Pi would not win any speed comparison contests with any desktop computer that is on the market today. However, it can be used as a desktop computer for basic computing tasks such as browsing the Internet and office applications (word processing, spreadsheets, presentations). If you’re not a fan of LibreOffice (the free and open source office suite pre-installed with the desktop version of Raspian) you can use Microsoft Office online.

If you have a relative or a friend who would like to have a computer for basic tasks, but you and they do not have a lot of money to spend on a computer, then the Pi would be fantastic. It’s fairly easy to setup. It can be configured to sync with cloud services such as Google Drive, OneDrive, and Dropbox. If the OS becomes corrupted it can be wiped and re-loaded easily.

Put one in the kitchen. This is where one of my Pi’s has lived for a year now. I use Microsoft Office OneNote (via web browser) to take phone call notes. I use it to lookup recipes. I use it to look up anything I would like additional information about that my partner and I may be discussing. I also use it to play Solitaire while I’m on the phone!

Because Linux is the primary operating system that a person would use if they want a graphical user interface with the Pi, there are hundreds of free and open source games that can be installed. Put one in the kid’s playroom. You can disconnect it from the Internet once you have installed the games you would like for them to have access to. There are a lot of people who play Minecraft with their Pi.

Put one in your guest bedroom. Not that I ever have guests, but if I did, I wouldn’t want them on my computer. No offense potential future guests!

Put one in the garage. Use it to look up tutorials for servicing your car. Connect some speakers and use it to listen to web radio.

Connect one to your TV and play your digital media files or use it as a game console emulator.

What would a more technically savvy person (or small business) use a Raspberry Pi for?

Virtual Private Network (VPN) Server

Using public WiFi is extremely unsafe. If you absolutely have to use it, you should be connecting to a VPN. You can setup a VPN server in your home that you can connect to while you are traveling. You’ll get a secure, encrypted connection back to your home office. You’ll have the added benefit of being able to access your home network resources.

Thin Client

One of the projects that I fully intend to implement in my home and write about is a virtual machine server and utilize Pi’s as thin clients. I’ll have the benefit of being able to move from different terminals in the house and pick up where I left off in the other room. Do I really need this? Yes, absolutely!

Digital Signs and Information Screens

In some of my favorite fast casual restaurants I am seeing digital displays showing the menu and prices. As a business owner I would love the ability to update my menu and price boards without having to print new copies of everything. The same goes for information screens. If the information you are wanting to display can be pulled from a database you can use the Pi to display it. If you don’t have a database there are many other ways that you could display the menu (presentation, image viewed in full screen, web page, etc.). I suspect that the commercially available options for digital signage are extremely expensive. It doesn’t have to be! If you’ve got a display you can use a Pi to display your content.

Web Server

If you have a web site that doesn’t get a whole lot of traffic and you don’t want to pay for web hosting, you can use the Pi as a web server. If you’re concerned about security you could simply use it for an internal site or just use it as a testing environment.

File Server

Too many families do not back up their photos! Some people are scared of storing their photos in the cloud. Some people simply do not know how to backup their photos. The first MagPi magazine that I purchased included an article about using the Raspberry Pi to backup your family’s photos. The project was called the Mason Jar Preserve. I loved that they used a Mason jar as the enclosure for the Pi. I think these would be fantastic to give as a gift.

What do I need to order?

The Pi is too often referred to as the $5, $10 or $35 computer. I have even made that mistake myself in the past. While it is true that there is a model of the Pi board that only costs $5; I want people to understand that it takes more than that to get the Pi up and running. Hopefully, you’ll have many of these items on hand already (excluding the case, of course). Below are my recommendations for items to have on hand prior to the arrival of your Pi.

Raspberry Pi

Obviously, you’re going to need to purchase a Raspberry Pi. You will first need to decide which one to purchase. There are currently six models that you can choose from. This blog entry is going to focus on three options. If you would like to see the others, please visit the Raspberry Pi Foundation web site product page. The specifications listed below were copied from that page.

Raspberry Pi 3 Model B

Specifications:

Quad Core 1.2GHz Broadcom BCM2837 64bit CPU
1GB RAM
BCM43438 wireless LAN and Bluetooth Low Energy (BLE) on board
40-pin extended GPIO
4 USB 2 ports
4 Pole stereo output and composite video port
Full size HDMI
CSI camera port for connecting a Raspberry Pi camera
DSI display port for connecting a Raspberry Pi touchscreen display
Micro SD port for loading your operating system and storing data
Upgraded switched Micro USB power source up to 2.5A

Price: $35

This is the “go to” Pi board. It’s the most powerful. It has the most memory. It has all of the ports you need for a desktop computer built-in to it. Unless you need more than four USB devices attached, you won’t need a USB hub. Bluetooth and WiFi are built-in. This is the board that I recommend for most people who are interested in the Pi.

Raspberry Pi Zero

Specifications:

1GHz, Single-core CPU
512MB RAM
Mini-HDMI port
Micro-USB OTG port
Micro-USB power
HAT-compatible 40-pin header
Composite video and reset headers
CSI camera connector (v1.3 only)

Price: $5

I would only recommend this board for single task projects. I would also only recommend this board for projects where you will not need on-board WiFi/Bluetooth or you plan to use an external adapter anyway.

Raspberry Pi Zero W

Specifications:

Same specifications as the Raspberry Pi Zero (above), but also includes the following:

802.11 b/g/n wireless LAN
Bluetooth 4.1
Bluetooth Low Energy (BLE)

Price: $10

Like it’s predecessor (Pi Zero, above); I would only recommend this board for single task projects. As an example, I have had success in using these as car dash cameras.

Where to Buy Your Pi

I usually buy my Pi boards 1.) Anywhere that has them on sale. 2.) Anywhere that has the best shipping.

I have purchased them from Adafruit, but I am always hesitant because in the case of the Pi Zero, I paid more to have it shipped than the Pi Zero actually cost! I do appreciate that they allow you to use Amazon as a payment source.

I like buying Pi from Amazon, but only when it is from a reputable seller (preferably from the Raspberry Pi Foundation themselves), Amazon Prime shipping is available, and the price isn’t insanely jacked up.

I have had good luck with CanaKit, but in the case of the Pi Zero again the cost of shipping was more than the cost of the device itself.

Occasionally, arrow.com will have an amazing sale on Pi boards. A few months ago I purchased 3-Raspberry Pi 3 boards for $70. It was an insanely good deal and I had to jump on it.

Case

Whichever model of Pi you purchase, buy the case for it. It bothers me to see naked Pi sitting around.

The Raspberry Pi Foundation makes amazing cases for the Pi. However, if you aren’t keen on the Foundation’s cases, Adafruit makes and sells some great Pi cases as well.

Raspberry Pi Foundation Cases

Raspberry Pi 3 Case

Raspberry Pi Zero and Raspberry Pi Zero W Case

Adafruit Raspberry Pi Cases

Pi Model B+ / Pi 2 / Pi 3 Case Base – Red Don’t forget the top!

ModMyPi Pi Zero Case – Frost/Clear – This case is from ModMyPi, but sold by Adafruit. ModMyPi is based in the United Kingdom. If you’re in the United States (like me) and want a ModMyPi case you’ll get it faster by ordering through a re-seller such as Adafruit.

microSD Card

There are several online electronics stores that sell a pre-flashed microSD card with N00BS (New Out Of the Box Software). NooBS makes it extremely easy to get the Raspbian operating system up and running.

These are great if you don’t want to spend any time downloading and loading the Raspbian OS onto a microSD card yourself.

My problem with these is that you are paying a premium. The microSD card is usually small (16 GBs as of late). You’re most likely going to need to update the OS anyway.

16GB Card with NOOBS 2.1 from Adafruit

16GB MicroSD NOOBS Card from Sparkfun.

If you do go the route of buying your own microSD card and flashing it yourself (which I recommend); Don’t purchase one smaller than 16 GBs. You could probably get away with an 8 GB card, but I wouldn’t recommend it unless you know you will not be installing additional applications. The Raspian operating system is already over 4 GBs and that is before you install updates or your own applications. I typically use 32 GB or 64 GB cards as they’re usually less than $20 these days and are often on sale on Amazon. I do highly recommend SanDisk.

SanDisk Ultra 32GB microSDHC on Amazon

SanDisk Ultra 64GB microSDXC on Amazon

HDMI Cable

For the Pi 3 you can use a regular HDMI cable.

AmazonBasics High-Speed HDMI Cable – 6 Feet (Latest Standard)

For either of the Pi Zero boards you will need to use a Mini HDMI to HDMI cable.

AmazonBasics High-Speed Mini-HDMI to HDMI Cable

Power Adapter

You will want to purchase a power adapter that can supply 5 volts and 2.5 amps. You may have a phone charger that you are no longer using that may suffice. Just make sure that it meets the 5v/2.5A requirements. If you need to purchase a power adapter I would recommend the following two options.

CanaKit’s 5V 2.5A Raspberry Pi 3 Power Supply / Adapter / Charger – Works with the Raspberry Pi 3 and the Raspberry Pi Zero and Raspberry Pi Zero W.

AUKEY Power Strip with 2 Outlets and 4 USB Ports – For this option you’ll also need to purchase a micro USB to USB cable. Make sure to get one long enough to reach your Pi.

Where I have my Kitchen Pi, I was running out of power outlets. I needed a plug for the Pi, the monitor and an Amazon Echo Dot. The AUKEY power strip turned out to be an adequate solution. I was able to connect the Pi and Echo Dot to the power strip via USB. Then connect the monitor to one of the power outlets on the power strip.

Keyboard and Mouse

You’ll need a USB mouse and keyboard. The Pi Zero W does have built-in Bluetooth, but you will still need a USB mouse and keyboard to set up any Bluetooth devices.

I have successfully used Microsoft and Logitech wireless mice and keyboards with my Pi’s. I have also successfully used an HP PS/2 keyboard and mouse via a PS/2 to USB adapter.

Keep in mind that some key mappings may be off. For instance, the @ and ” keys are reversed on several of the keyboards that I have used with my Pi’s. Someday, I’ll do a quick search and learn how to fix this.

Monitor

Almost any monitor will do (including your TV, provided that it has an available HDMI port). If your monitor does not have an HDMI port you can use either an HDMI to DVI cable or an HDMI to VGA converter.

I don’t have a recommendation on a good HDMI to VGA converter because I have never used one. I do recommend the following HDMI to DVI cable.

AmazonBasics HDMI to DVI Adapter Cable

Additional Recommended Items for the Raspberry Pi Zero and Raspberry Pi Zero W

USB OTG (On The Go) Cable

This will allow you to connect a USB wireless mouse/keyboard adapter or the USB hub mentioned below.

USB Hub

I wouldn’t say that a USB hub is a requirement. It is really going to depend on your needs. Keep in mind that the Pi Zero only has one USB port. Which you will most likely be using for your keyboard and mouse. If you are purchasing the $5 Pi Zero, you’ll also need a port for connecting a USB Ethernet or Wi-Fi adapter. The Pi Zero W ($10) has Wi-Fi and Bluetooth built-in.

USB Wi-Fi or Ethernet Adapter

If you are going to go with the $5 Pi Zero and need network connectivity you’ll need to use a USB Wi-Fi or Ethernet adapter. I am quite partial to TP-LINK products and have had great success with the TP-Link N300 Wireless Mini USB Adapter on my Pi Zero boards.

TP-Link N300 Wireless Mini USB Adapter, Ideal for Raspberry Pi (TL-WN823N)

OMG, Andy! That’s A Lot of Stuff!

I know what you’re thinking. “OMG, Andy! That’s a lot of stuff that I need to buy! That has to be ridiculously expensive! There’s got to be a better option‽” Here are my suggestions.

Make sure that you don’t have any of these items on hand already. If you don’t; Ask your family, friends, neighbors, and coworkers. More often than not they will have one of the items that you’re needing and often they will gladly give them to you free of charge because they are needing to get rid of them anyway.

Check your local thrift and second hand computer stores. We in Boise, Idaho are lucky enough to have the Reuseum.

If you don’t want to ask anyone for anything and you don’t want any dirty second-hand gear, you can get started by purchasing a Raspberry Pi Starter Kit. There are several options available. Keep in mind though that most of these kits are still going to require that you have a monitor, mouse, and keyboard.

The Official Raspberry Pi 3 Starter Kit

  • Created by The Raspberry Pi Foundation
  • Includes a SMALL keyboard and mouse.
  • No monitor.
  • Available from several stores.

CanaKit

Adafruit

Note: You will see that I link to a few online stores a lot. I do so because I have purchased items from them before and was pleased with their service.

Raspberry Pi 3 Complete Starter Kit – 32 GB Edition by CanaKit

  • No keyboard or mouse.
  • No monitor.
  • Available at CanKit.com

Computer Starter Kit for Raspberry Pi 3 by Adafruit

  • Includes keyboard and mouse.
  • No monitor.
  • Available at Adafruit.com

Kano Computer KitS

Kano has put together two amazing kits for the Raspberry Pi. I say amazing because they look fantastic! I have never purchased, owned, or used one of their kits myself. Mainly because of the sticker price. However, convenience may outweigh the cost and frustration of trying to track down all of the components on your own.

  • Kano Computer Kit:
    • Includes a keyboard with a touchpad.
    • These kits go on sale often.
    • Available at Kano.com
  • Kano Computer Kit Bundle:
    • Includes a display, keyboard and mouse.
    • Available at Kano.com

Pi-Top

  • Started on Indiegogo.
  • The pi-top kit provides all of the necessary components to build a laptop with the Raspberry Pi (which is included).
  • You can also purchase a desktop all-in-one computer (called the pi-topCEED) that has a Raspberry Pi built-in and is ready to go out of the box (monitor, mouse and keyboard are included).

How do I set it up?

Watch this space.

Additional Resources

In addition to the Raspberry Pi website itself, the following are additional resources for the Pi.

Tutorial Sites

List of tutorials from RaspberryPi.org

tutorials-raspberrypi.com

Adafruit

SparkFun

ThePiHut

Magazines

The MagPi

Raspberry Pi Geek

YouTube Videos and Channels

The official Raspberry Pi YouTube Channel

Eben Upton – The Story of Raspberry Pi

Raspberry Pi as Fast As Possible by Techquickie

2017 United States Solar Eclipse

Flickr Album Gallery Pro Powered By: Weblizar

Dell PowerEdge 840 Upgrade

In January 2012 I purchased a used Dell PowerEdge 840 (PE840) server. Since then I have been using it as a home file and remote desktop server. My eventual goal when I bought the server was to upgrade the server to its maximum capacity. I wanted to use the server as a file and virtualization server. I knew it would take a while to buy all of the components. I started buying components for the upgrade project in March 2015. It is now November 2016 and I have had all of the parts for a few months now. I finally had some time off from work and performed the upgrade.

Specs before upgrade:

CPU: Intel Xeon 3040 Dual-Core 1.86 GHz
RAM: 2 GB DDR2-667 PC2-5300 ECC RAM
Storage: 1-250 GB HDD and 1-2 TB HDD
Connectivity: 1-Gigabit Ethernet Port

Specs after upgrade:

CPU: Intel Xeon X3230 Quad-Core 2.66 GHz
RAM: 8 GB DDR2-667 PC2-5300 ECC RAM
Storage: 1-60 GB SSD, 1-120 GB SSD and 2-5 TB NAS HDDs
Connectivity: 4-Gigabit Ethernet Ports (1 on motherboard, 3 via add-on cards)

The upgrade was successful. The server is running well. The only major problem that I had is with Windows Server 2016. I was hoping to be able to run Windows Server 2016 Hyper-V. It installed without a problem, but it would not recognize the embedded Broadcom Gigabit NIC. I found drivers for the NIC that were created for Windows 7, but they did not work (it was a long shot, I know). I couldn’t find any newer drivers. However, I was able to utilize the NIC with Windows Server 2012 R2.

I am currently using this machine as a file and Hyper-V server. I have two virtual machines running around the clock. (1) VPN Server (CentOS with OpenVPN) and (2) Windows 7 installation that is being utilized as an iTunes server to feed our Apple TV.

Flickr Album Gallery Pro Powered By: Weblizar

I purchased the upgrade components over the course of a year so I was able to distribute the cost. However, the RAM upgrade alone was close to $90 ($45 for 4 GBs). Recently, I had the thought of buying another PE840 to use for additional virtual machines. I found one for $90 (plus shipping) that has the same specs that mine has AFTER I upgraded it. It would be ridiculous for me to purchase another PE840 for $90 when you can get something much better that doesn’t cost that much more. You can get decent brand new servers in the $200 price range. There are much better/newer used servers to be had on eBay for as little as $100-$150. Some with 32 GBs of RAM or better. If you’re dead set on upgrading your PE840, go for it. You’ll appreciate the performance boost. If you haven’t bought the components, I would investigate buying a newer server.

The only component that I haven’t installed is an adequate GPU. It would really be nice for Hyper-V machines so I can take advantage of RemoteFX. However, I don’t think I want to put anymore money into this machine as I am hoping to retire it or re-purpose it soon. If I were to purchase a GPU for it, it looks like the ZOTAC GeForce GT 710 would be the best option. Currently on NewEgg for a little under $50. It is DirectX 12 capable which would allow you to utilize RemoteFX (which requires DX11).

When I started the process of buying the components to upgrade the PE840 I found the following blog post that was extremely useful. If you’re planning to upgrade a PE840, check it out.

What is the best CPU that a Dell Poweredge 840 can take? A Quad Core Xeon X3230!

Central Oregon Road Trip, Labor Day Weekend 2016

Every year my partner and I try to make it to Bend, Oregon. We fell in love with the town in 2011. We’ve been every year since (except for 2014).

The town has a lot of great things to offer. There are great restaurants. One of our favorites is Deschutes Brewery’s Public House. I don’t drink but they have really good food. Now that I am going through this lifestyle change I am thankful they have some great salads on the menu! I really didn’t want to gain the 15 pounds I lost last month back because of poor meal choices on vacation!

In addition to great restaurants, Bend is a great launching point for sightseeing. Crater Lake National Park is just a couple of hours away. When we go to Bend, we always go to Crater Lake! It is one of my favorite places on Earth. There is something about the crisp air and the gorgeous blue water that calls us to come back every year. It doesn’t hurt that Crater Lake Lodge has great food! We’ve only ever been there when they are serving lunch, unfortunately. Hopefully, one of these days, we’ll be able to stay at the lodge and have breakfast and dinner. I also am dying to be at Crater Lake during sunrise, golden hour and sunset!

Flickr Album Gallery Pro Powered By: Weblizar

Crater Lake was PACKED this year. The fact that it was the day before Labor Day did not help! It took forever to even get turned off of the main highway onto the entrance road. It took us over an hour to get up to the entrance pay station. Thankfully, once past the pay station traffic wasn’t too bad. Many of the viewpoints were super crowded though. Thankfully, we have stopped at all of them on our many trips so we just went on to the next one when one was too crowded.

The past few trips that we have made to Bend we have taken a route that allows us to stop by The Painted Hills near John Day, Oregon. The two times we have stopped at The Painted Hills it was raining. This time we were greeted with gorgeous blue skies. To tell you the truth though, I kind of like my pictures of The Painted Hills from our last trip better than the ones I took this time. I may grow to like the ones I took on this trip in the future. I am very critical of my own work and tend to hate it for a while. Most likely because I spend a lot of time fussing over them before I publish them. At a certain point I become sick of them! It could also be because I worked harder on the photos I took the last time. Even though it was cold and raining, I stood out there with the camera on the tripod and even used a light meter. This time it was freestyle shooting all the way.

Because we have made a trip to Crater Lake and The Painted Hills before, I decided to try something different this year. I decided to try my best to take more photos of the details. To do this, I opted to use my telephoto lens instead of my wide angle lens.

The next time we are in Bend, I want to spend more time taking photos of the actual town. More so than I have in the past. It’s a beautiful town. Not too big. Not too small.

If you’re interested, I created an album on Flickr for ALL of the pictures I have taken at Crater Lake. I decided to create this album so I don’t have to send people multiple links to see all of my Crater Lake photos!

Right now I am in a “I hate these photos!” mood, but I hope they’re decent enough for you to enjoy!

Shadow in a Hat

Shadow in a Hat

I do like to pretend that I am abstract artist. I love to put pen and paper together and just see what happens. Last night while I was doing this I looked at the piece and didn’t see anything. I rotated it 90 degrees and saw a hat. I then thought it would look fantastic on our cat Shadow. After digging through the thousands of pictures that I have taken of this cat I found one where he was looking straight at me.

I think the colors of the hat in the original are much better. I haven’t quite figured out how to get scanned ink drawings to look great. Regardless, I think the final piece is fun. Maybe even wall worthy?

Delete OneNote 2016 Templates

The option to delete templates in OneNote 2016 is grayed out. I found a quick solution on the Microsoft Answers site. Copying solution here in case that page ever goes away:

  • Go to C:\Users\yourusername\AppData\Roaming\Microsoft\Templates
  • Open My Templates.one
    • You may be prompted to choose which program to open the file with. Choose OneNote 2016.
  • Your templates will appear as pages. Delete the templates that you don’t need. The template will be removed from the “My Templates” section of OneNote.
    • This does not remove the template from the “Page Templates” button in the ribbon. The old template will go away once you start to use other templates.

Since your templates now appear as an open notebook in OneNote, you can easily switch to it to delete, edit or create new templates.

Going through “The Change”

I grew up differently than everyone else. We didn’t call housework “chores.” Housework was referred to as “You do this right now or I’m going to bust your butt, mister!” We didn’t call punishments “demerits.” We had “Go out there and cut me a hickory switch! If it’s not good enough I’ll make you get another one! Then I’ll make you wish you got a good one the first time!” Long, but effective!

Fast forward a few years to me between my freshman and sophomore years in high school. I got the opportunity to go to a summer camp with the Upward Bound program. The first few days I felt like I had went to a foreign country. The counselors used terms like “chores” and “demerits.” There was an imposed curfew, lights out and bed time. If I had stayed at home that summer I could have stayed up all night long if I had wanted to. This was an interesting change to my lifestyle from home.

Fast forward to August 13, 2016. I have been on this bariatric diet for two weeks now. I think I have been doing a fantastic job. Have I lost any weight? I don’t know. Have I cheated? Oh, absolutely! We all do when we’re dieting, right? Right? You had better have answered YES to that! However, there is a night and day difference between what I was eating and what I am eating now. I haven’t raided the vending machine in two weeks. Okay, I went one time because I didn’t bring enough food for my 10 hour shift at work. I got beef jerky. Then I realized how much sodium was in one package. I won’t be doing that again!

I have finally realized, truly realized, that there is nothing in that vending machine that is even remotely healthy. Not even the granola bars. Just because it is a healthier option doesn’t mean it is a good option. That machine haunts me! I can hear it calling me from my desk. When I am sitting in the break room during my lunch break eating a salad I hear it calling me.

“Andy! Andy! Andy! Come and get some Ruffles! Just think about how good they will taste! Don’t stop at one bag! You know one bag isn’t going to be enough to satisfy your craving!”

I stare at it. I look at each and every item thinking: “Would that really be that bad?” Then I stop myself. “YES! Andy! YES! It would be!” I really want some Ruffles Cheddar and Sour Cream chips. I want them with sour cream and onion dip. I want an entire family size bag and tub all to myself! I can’t though! Not even one chip!

I went to the grocery store three times last week. I had the hardest time shopping. Prior to starting this diet I had gotten into a bad habit of buying freezer meals. At the time I didn’t think I was buying terribly unhealthy food. It was either something from Trader Joe’s (they have an absolutely amazingly delicious selection of frozen Asian food) or the organic section of Fred Meyer. After starting this diet I REALLY got to looking at the sodium, fat and carbohydrates in the nutrition facts. It was shocking!

This diet truly is a lifestyle change. If I am going to have bariatric weight loss surgery, I have got to make it a permanent change. Going out to eat will be happening a lot less. Preparing food at home will be happening a lot more. It’s a good thing my partner and I love to cook (we just wish we had more time to do it … and a cleaner kitchen to do it in)! It’s one of the hardest lifestyle changes I have had to make. Even harder than getting used to being away from home at summer camp. At least with summer camp I knew there would be a time when I would get to go back home and resume my normal life. I can’t ever go back to my previous eating habits! Maybe I need someone to beat me when I eat the wrong things? We’ve got plenty of bamboo canes!

Even going through the grocery store is a new battle. Even if you stay on the outside perimeter of the store. Every aisle I go down I see everything differently. I don’t see what they’re trying to sell me. I see one of the following: carbs, sugar, fat, sodium. Canned soup? No, it’s canned liquid salt. Suddenly Salad anyone? How about Suddenly Fat! I think not!

One would think that they could order a tuna sandwich from Jimmy John’s, right? That sounds healthy. OH NO! 1,700 mg of sodium. I had no idea it was a salt lick. Maybe that’s why it is so good? I won’t even talk about the carbs! 2,414 mg in the Italian Night Club (my personal favorite). 3,534 mg in the Gargantuan. How did I or anyone else not instantly die after eating the Gargantuan? Goodbye Jimmy John’s. I will miss you!

I still have a long way to go before I am eating right! I am doing good right now, but it could be a whole lot better. I am eating better foods, but I still need to work on portion size. An omelet recipe in the South Beach diet cookbook calls for 3 eggs. Says that it serves 2 people. Mind boggling! I used to eat 3 eggs in my own personal omelet. I need to focus on eating while I am eating. We still sit in front of the television for dinner. Perhaps it’s time to go get the table cleared off once and for good!

I just wish these cravings would go away! I am really wanting a pizza from Costco right now. I want to go out for Mexican food! I want Chinese food! Jesus, take the wheel!

NOTE: In regards to the first paragraph. I was spanked for misbehaving, but it was not abuse. It was included as a humorous way to tie in other thoughts in this entry.