Raspberry Pi and Lighttpd

I’m familiar with apache but not lighttpd. There is very little I could find on how to setup lighttpd with ssl. I don’t have time todo a full blog post but here’s my example lighttpd.conf file for those of you who it might help. It has 2 virtual servers both using ssl. It does not listen on port 80 (non-ssl) at all.

I also followed this tutorial from the Nwgat blog to setup letsencrypt ssl certificates (the only one I could find that worked for me). I’m copying the steps below in case that link goes dead:

https://nwgat.ninja/setting-up-letsencrypt-with-lighttpd/

  1. Stop lighttpd
  2. combine files into ssl.pem
  3. Forward Secrecy & Diffie Hellman Ephemeral Parameters
  4. Copy and paste the following into /etc/lighttpd/lighttpd.conf dont forget to change yourdomain to your domain
    or you can put it into /etc/lighttpd/conf-enabled as letsencrypt.yourdomain.conf
  5. now open port and start lighttpd
  6. sudo ufw allow 443
    sudo service lighttpd start

Port Forwarding Http/Https to Different Computers Within Your Home Network

So you want to have different web servers on your home network that are exposed to the outside world?  How do you do that?  Most web servers listen on the same ports: 80 for non-ssl and port 443 for ssl. If a request comes in for port 80  

Say your home network is setup like this:

Home Network Computers
Router: 192.168.1.1

Your Study: 192.168.1.2 (running your personal wordpress blog )

Wife’s Office: 192.168.1.2 (running your personal wordpress blog)

Living Room Computer: 192.168.1.3 (Running Home Assistant web server)

1. Setup a dynamic DNS service. 

               Go to duckdns.org (super simple) to create a subdomain url for each computer you’d like to access in your internal network from any computer in the world.   I won’t explain it here as the DuckDNS site does a good job.  In my example you would need to set up 3 subdomains for your home network:

Example Dynamic DNS URLs

http://blog.duckdns.org -> your blog in your study

http://wifesblog.duckdns.org -> wife’s blog in her office

http://homey.duckdns.org -> home automation server at

2.  Setup Port Forwarding

                  Normally, if you are outside your home network, say at a coffee shop, and plug “http://homey.duckdns.org” in your browser you most likely will end up either with blank page/unauthorized page or will get the control panel login for your router which is at 192.168.1.1. 

To set-up port forwarding within your home network go into your router (192.168.1.1 in my example) and navigate to the port forwarding section. I use ddwrt so in my home network I would selecte DD-WRT’s NAT/QoS menu selection and set the port forwarding as follows:

Port From (incoming set by url, e.g.: http://blog.duckdns.org:202) Ip Address Port To (This is port server is listening on)
80 192.168.1.1 804 (fake port, nothing is listening here)
202 192.168.1.2 80
203 192.168.1.3 80
204 192.168.1.4 8123

Here’s a screen shot of my example setup:

 
Once Saved, you access your sites as follows:

URL -> Server

http://blog.duckdns.org:202 -> your blog in your study at 192.168.1.2 port 80

http://wifesblog.duckdns.org:203 -> wife’s blog in her office at 192.168.1.3 port 80

http://homey.duckdns.org:204 -> home automation server at 192.168.1.4 port 8123

If someone leaves the port out (http://blog.duckdns.org) it would just go to a blank page because it would be forwarded to 192.168.1.1:804  which is a fake port with nothing listening.

In actual practice you should use SSL for each of these,but for simplicity of explanation I’ve left that out. However, it would work the same way. You would turn off port 80 on each of the servers, and substitue 443 for 80 above, with an additional fake port for 443, such as the following:

Port From (incoming set by url, e.g.: http://blog.duckdns.org:202) Ip Address Port To (This is port server is listening on)
443 192.168.1.1 804 (fake port, nothing is listening here)
202 192.168.1.2 443
203 192.168.1.3 443
204 192.168.1.4 8123


Also, if you’re using ssl you’ll need to set up ssl certificates (use LetsEncryptfor free ssl certifices)

As a final note, you could have all of these sites on one computer (personally I’m doing this on Raspberry Pi 3 using lighttpd and homeassistent), but you would have to change the default  listening ports on each server that is running. For example, instead of your blog’s server software listening to 443, you would have the ssl port listen to say 452.   Likewise, your wife’s ssl port would listen to say 574, etc. .

Multiboot USB with Gandalf’s Win10 PE & Install as Windows Boot Menu

Windows PE distributions are mini-Windows operating systems that one can run from a USB flash memory stick. They are extremely handy particularly when fixing a broken Windows system. I just fixed a PC suffering from a Blue Screen of death by using one.

At the moment, one of the most handy Windows PE distributions is Gandalf’s Win10 PE Redstone. This “Redstone” distribution packs about 4GB of very useful programs and a fully functional super smooth version of Windows 10 into one ISO that can be installed on and booted from a USB drive.

Having this available on a bootable USB stick if anything goes wrong on your windows system is SUPER handy and has saved me countless times.

This tutorial will show you how to build a multi-boot USB stick that will add Gandalf’s Win10 PE distro but is also capable of adding additional operating systems on the same stick. In addition it will show you how to install Gandalf’s Win10 PE on your boot menu. So if your Windows system goes south you have a very useful toolkit available as an option on the boot screen without even needing your USB stick. This tutorial was done using Windows 10 but the steps should be similar for Windows 7 and 8.

Part I Installing Gandalf PE on a Multiboot Yumi USB

  1. Make sure you have at least an 8 GB USB Flash thumb drive that you are ok with reformatting and destroying all data on.

  2. Download Yumi Multiboot
  3. Download the latest Gandalf distribution (I believe there are several, the larger the size the more programs ) Gandalf’s Windows PE
  4. Startup Yumi. Under Yumi’s Step 1, select the USB drive you are dedicating to Yumi. Under Step 2, select “Single Windows PE” option (located near the bottom under Windows PE Builds). Under step 3 select the Gandalf ISO you downloaded. Yumi should look similar to this:

  5. Click Create and let Yumi go to town. It will take quite a while as it will extract the various programs from the ISO and install them on your USB drive. When it is done it should give you a success message. Close the program and verify that it will boot. If it doesn’t see the troubleshooting in the FAQ and How-To’s on the Yumi page.
  6. To add additional distributions to the USB flash drive (anything from countless Linux distros, bootable Dos systems, to other PE systems, etc. – basically anything Yumi lists in its Step 2) just run Yumi again, select the distro in Step 2 in the Yumi program, and download and install the distro. Very easy.
    NOTE: If you want to add Gandalf’s PE to your Windows boot menu, I recommend adding additional distros only after you complete Part II below.

Part II Installing Gandalf PE to the Windows Boot Menu

WARNING: DO THIS AT YOUR OWN RISK!! In particular, but not without disregarding other things that can go wrong, messing with your BCD files can lead to Blue Screens of death like “Inaccessible Boot Drive” errors. I highly recommend backing up your BCD File and if there are any problems, restore your old BCD. You should be able to do this even if you can’t get into your system again by using the bootable USB drive you created in Part I above.
  1. Create a folder named “Gandalf Rescue PE” on the root of one of your drives (it can be C but preferably another hard drive you have on your system).
  2. Open your USB flash drive and select all the files and folders and click copy:

  3. Now navigate to the folder you created in Part II, Step 1 above, and paste all of the Yumi files and folders into that folder.
  4. Download and install EasyBCD (I used version 2.3). The official site is at Neosmart here (the free/register version works fine), but I downloaded it from Softpedia as the download at the official site was problematic. There’s a free version of EasyBCD for personal use, if commercial use is made, paid versions are available. If you don’t want to use EasyBCD you can use BCDedit (see the example entry below in the last step but I won’t other describe editing with BCDedit as it is too lenghty to go into).
  5. Open EasyBCD (ignore any messages on EFI if you do). Before you do anything backup your existing configuration, by clicking “BCD Backup/Repair” and hitting “Backup settings” after you are satisfied with the path:

  6. Now you’re ready to install Gandalf’s Win10 PE. Click “Add New Entry”. Under “Portable/External Media”, click “WinPE” and under “Type” click “Wim Image (Ramdisk)”. Change the name to “Gandalf’s Win10 PE” and under path, click the browse button and look for the “boot.wim” file found in the “Sources” folder inside the folder your created in Part II, #1 above. Check the box for “EMS Enabled”. Your screen should look something like this:

  7. Click “Add Entry”. Close EasyBCD.
  8. On your PC, open “Startup and Recovery” (type this in your search box) and make sure under “System Startup” the Gandalf distribution is being shown and that there is a delay for “Time to display list of operating systems”:

  9. That’s it. Now reboot and you should see Gandalf’s Win 10 PE show up on your boot screen as an option.
  10. As a final note, if someone desires to manually edit the BCD file using BCDEdit (rather than using EasyBCD),the manual entry looks like this (I don’t have room to explain the below but if you are using bcdedit you should know how to create this entry):

    NOTE ON ABOVE FOR MANUAL BCDEDIT ENTRIES: Substitute your drive letter for “K:” above. Also note the GUID used in the device and osdevice lines are the same as the Identifier GUID.