Home About Meetings FOSS

December 12 2022 certbot, ‘Le potato,’ Docker, Open Refine

Posted on December 21, 2022
( 9 minute read )

John reported on his successful installation of a Let’s Encrypt certificate using certbot in manual mode. He had first downloaded certbot to his computer; he had then gone to the webroot folder on the website, that is, the one containing index.html, and created the folder .well-known and then, inside that, another folder called acme-challenge so that he had /.well-known/acme-challenge/.

Using root permissions on his computer, he had entered:

certbot certonly - - manual

which prompted him for the URL of the website on which he wished to place the certificate and then instructed him to place a string in a file with a specific name in /.well-known/acme-challenge/.

He had created the file and uploaded it to /.well-known/acme-challenge/ before pressing Enter to continue.

Once certbot had prompted a check that the file just created was on the website with the specified URL, the relevant files were placed in /etc/letsencrypt/live/<domain name>/, the certificate in fullchain.pem and the private key in privkey.pem.

He had then followed the instructions on Manually installing an SSL certificate on 123-Reg websites; the only downside had been that 123-Reg provide a script which can be placed in .htaccess to allow http pages to be treated as https pages but this required www to be in the URL and the website John maintains had never set up the www option. So he had manually to change http to https.

David noted that he would have to renew the certificate every few months manually but John said that, having found out how straightforward it was, that would be no problem. The reason he had done it was not that the website needed a certificate as it is a static website on which there is nothing to steal but that some browsers insist on warning users that it is ‘insecure.’ So he wanted to avoid casual users being put off by these messages from browsers. David also mentioned that there is a certbot Docker image.

Brian reported some problems with Nextcloud integration with Home Assistant [there are several threads on the Internet about such problems] but none with tailscale integration. He had also found that he could only run so much on Home Assistant.

He went on to say that a teacher in Spain was using the Libre Computer Board AML-S905X-CC, otherwise known as ‘Le potato’ in place of a Raspberry Pi 4; it is very similar but lacks wi-fi. David commented that it uses the same system on a chip that the Odroid uses. Brian added that he has heard that another batch of Raspberry Pi 4s will be arriving soon.

Responding to Brian’s comment about Home Assistant becoming overloaded David commented that Home Assistant remembers every device that it finds and also that there is OpenWrt integration for Home Assistant.

Bernard gave a presentation on Docker which works by running an application built into an image in a container; there are other container managers such as Podman which runs them and Buildah which builds them. A daemon runs the container, receiving commands from a command line client which can be remote.

Note that you have to be root or in a Docker group to run Docker.

The Docker Hub is just a listing of available images, some of which are rubbish. Go for those labelled ‘official Docker image.’

docker image ls

lists the images you have downloaded while

docker image run <imagename>

will run an image you have downloaded or pull it from the Docker Hub.

Each image needs to have at least two files, a Dockerfile and a file which can be executed. That image also needs to contain the language which the file is going to use. There are languages and databases available to include in Docker images.

The Dockerfile contains three lines of instruction:

FROM specifying the language image on which to base the container

COPY specifying the application to copy into the container

CMD [ ] specifying the commands to initiate the language and run the application.

John mentioned that SUSE are planning to move to Podman containers in future as an alternative to packages and Bernard said that Podman containers are compatible with Docker containers but do not require root to run them. John suggested that that might well explain why SUSE are using them for large organisations where giving people access to particular applications needs to be simple.

Bernard then demonstrated how to create a Docker image and run it and listed some of the Docker commands before going on to discuss how to create a container for his web application, skiwidgets, which runs on port 8000. He went on to demonstrate creating another container containing the image skiwdock which runs in the background with the container port mapped to the host port (which in this example happen to be the same).

You can create your own networks and attach containers to the network and you can have groups of containers. There are various restart policies of which Bernard would recommend -- restart always.

There are various ways of adding storage space; bind mounts can be shared with a directory and also get you hard drive space.

Of the Docker clients docker-compose is recommended rather than the older docker compose; this takes a yaml file and you can put the instructions for multiple containers in the yaml file.

Brian asked where Linux Containers (LXC)/LXD fitted in and Bernard said that you should consider LXC/LXD for developing and Docker for deploying.

Darren said that a year ago he had started a module but that he had fluffed it and would have to redo it again; in the meantime he has started another module using what looks like an Ubuntu Docker image. It is an OU only image but includes Python and Jupyter notebooks. He is also using a Java program called Open Refine which allows you to import a spreadsheet and then to export it in different formats; it will also tidy up CSV files. However, one problem he has found is that it has no history file; so it looks as if he will have to take screenshots to record what he has done and create a log of screenshots to prove that he was using Open Refine.

He commented that he had found that all the Python libraries look different — a point on which Bernard agreed.

Darren is also using pandas, the Python Data Analysis Library.