Friday, May 18, 2018

Script to add a Let’s Encrypt free certificate to an existing Lighttpd web server

Add Let’s Encrypt Certificates to Lighttpd

I wrote a bash script to help add a let's encrypt SSL certificate to a lighttpd web server via the console. Weirdly, they only provide fully automated support for Apache and Nginx as of now (but anyhow, I like to do it my way).

I highly recommend doing so not only because their certificates are free, but also because they help a lot reducing the usual manual burden to install an SSL certificate on an existing web site.

# Install an SSL certificate to a server, the easy way with Let's
# Note: add "certbot renew" to your crontab so it runs once a day (yes, this is the recommended period!)

if [[ "$1" = "--skip-install" ]]; then

if [[ "$#" != 2 ]]; then
echo "Usage: $(basename $0) [--skip-install] fqdn documentroot"

SRV="$1"      # eg.
DOCROOT="$2"  # eg. /var/www/html

set -x
set -e

if [[ ! "$skipinstall" ]]; then
apt-get update
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot

certbot certonly --webroot -w $DOCROOT -d $SRV

cd /etc/letsencrypt/live/$SRV/
cat privkey.pem cert.pem > ssl.pem

cd /etc/ssl/certs/
openssl dhparam -dsaparam -out dhparam.pem 4096

cd /etc/lighttpd
grep -q -v /lighttpd.ssl.conf lighttpd.conf && echo 'include "lighttpd.ssl.conf"' >> lighttpd.conf

cat << EOF > lighttpd.ssl.conf
# Certificate by generated on $(date)
\$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/$SRV/ssl.pem" =  "/etc/letsencrypt/live/$SRV/fullchain.pem"
ssl.dh-file = "/etc/ssl/certs/dhparam.pem" = "secp384r1"
ssl.honor-cipher-order = "enable"
ssl.use-compression = "disable"
setenv.add-response-header = (
# "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; preload",
"X-Frame-Options" => "DENY",
"X-Content-Type-Options" => "nosniff"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"

Note above, that you can enable HTST (Strict-Transport-Security), i.e. automatic forced redirection of http links to https.

I did not enable it by default because it is particularly sticky: as soon as the option is there, it tells web browsers to enforce the HTTPS protocol to serve your page content... even when it is specified as HTTP. In some case it may be quite annoying to remove the rule (you probably will have also to purge the history regarding the website, else you may fall in the trap again).

Of course it is meant to be this way: once you go HTTPS, better stay HTTPS: it is much better both for you and for your visitors.

Sunday, October 22, 2017

Lost component 04H-10 5873J01

04H-10 5873J01? No such references on the internet!
The little tabs are still a mystery to me.
I had a bunch of these SMT components which I did not index properly 4-5 years ago (promised, that was the last time I ever was lazy). Sadly, their reference 04H-10 5873J01 brought nothing back on the whole internet... They came in proper SMT strip and they are large enough to sport decent markings though. Alas, I called for help on G+ and/but I ended up sacrificing one open. Initially I thought they were atmospheric pressure sensors, because of the opening to the side.

But no, they are just completely dumb SMD electromagnetic buzzers. The kind with an old-school little coil that pulls a small metallic disk. Nowadays we tend to see more of the piezo electronic kind, but they still have a role because they slightly smaller and they work at a lower voltage (they are just bad in every other respect!). Being passive, they also need variable current to emit sound (they simply click once with a constant current), and I suspect they are able to vibrate at more than one frequency, i.e. they might be able to transmit sound and voice when a piezo buzzer cannot. I would have to check these ones, but I do not expect their frequency response to be good anyhow.

Tuesday, October 10, 2017

Charge a smartphone battery without the phone nor the charger

I shortly dipped my phone in sea water and the charging/battery control circuitry and micro USB plug got oxidized beyond repair (salt is really terrible). I could have saved it at the time if I had a chance to open it and carefully rinse the electronics with non-salted water immediately, but I miss my tools on holidays... While waiting for a replacement part to arrive, I had to recharge the battery the DIY way.

Recharge a smartphone battery with a super cheap lithium ion recharging module and pogo pins.
The short pieces of thick copper wires (in blue) are compulsory to present the retractable pins correctly
They are maintained in perfect contact with clamps on a soft silicon mat.

Saturday, July 15, 2017

Using PCB rivets vias for homemade double sided PCB

You may remember in a former article the super tiny rivets I bought for double sided prototyped printed circuit boards (these but check those, they are way cheaper!). I realize that I never documented how I used them. So here it is.

The "raison d'être" of these costly rivets is specifically to help doing the vias that route the signals from one side to the other side of the board. The industry does plated holes with a chemical process that deposits a layer of conductive metal on the inside walls. It both conducts the signal but it also really helps making the board sturdier, as the copper rings (well square, here), are bonded together. Without it, the risk to tear apart one of them is much more important. Actually, a few makers do it also but it is both difficult, lengthy, messy and specially risky with a lot of nasty chemicals... not for me since I mill my PCB ;)

So in general, making double sided PCBs at home means there is no such plated holes. So we usually solder a thin wire through the hole on both sides. It is time consuming and it stresses the copper pads a lot, especially when the damn wire falls down when both sides melt again when you just want to solder the other side ;)

Top and bottom layers: making vias by means of PCB rivets on a double-sided milled PCB.
The milling job is quite bad here: the traces were not cut properly on the top layer (left side, check why here),
and the layers were mis-aligned after the board was flipped over to mill the top side... I need more practice.
Also, there are better and expensive tools to fix the rivets, but this prototype worked fine in the end anyway ;)
Now, rivets still help to make more robust single sided PCBs, most notably for the connector holes that will be subject to mechanical stress. Rivets will protect and keep the small copper "rings" tightly bounded to the PCB support material, so they will be less likely torn away.

Most notably, dirt cheap bakelite boards give no second chance in this respect, while fiberglass (FR4) endure more abuse and re-soldering. I guess the bonding is much stronger with the latter.

Which PCB rivets to buy?

I recommend 0.8mm outer diameter (0.6mm ID), because there their heads leave just enough room to route a trace between them. Hence in EAGLE CAD, I make sure to configure my vias to be 0.8mm accordingly, so they fit tightly.

Wednesday, July 5, 2017

Measuring micro amps, the easiest way

You can build yours (see my former review), but you can buy them already made: these $10 sub micro ampmeters on ebay work pretty well from 50mA down to 0.001mA. This range matches nicely the currents of many sensors, including when they are in deep sleep mode. This range is very convenient for IoT autonomous projects and sensors, and the 5 digits makes it unnecessary to switch between milliamperes and microamperes like on a multimeter.

You lose one digit when plugged backwards. The feature is not really interesting except that it makes it safer (you will not burn it by accident).

$10 for these micro current meters is a bargain!
They really are straightforward to use, and they do measure very low currents: the display goes as low as 0.001 mA, ie. 1µA, but I am not sure it is reliable at that level -- anyhow, below a few micro amps, the self-discharge rate of a battery usually becomes not negligible, so there is often no point in fighting further to reduce the sleeping currents. A CR2032 coin cell can run for years at this level, so you would better start optimizing also the wake-up consumption (make sure to read this impressive in-depth review on the matter!).

Sunday, April 2, 2017

Vertical wire spool holder, under my desk

It is quite convenient to store stuff vertically under my desk, because it spares place above it :)

In this regard, I made a very simple but efficient holder with a plastic tube, a screw, and a bolt. It stores some of my spools of wire (show here with the 30AWG single core spools I use for wire wrapping, perfboard, or some repairing jobs). 

When I need some wire, I usually detach the entire bunch without removing individual spools.
The next thing would be a horizontal stand when I need them for a long period over my desk.

Sunday, March 26, 2017

Recycling CD cases

For years I ditched CD cases, but, interestingly, I eventually found some use for them in the last two days. I start regretting the many I should have kept...

CD case as material for an engraved logo. I really did not expect it to produce such a nice result.
Light coming from aside gets scattered by the scratches (I should try adding SMT leds sideways).
The trick was to move quickly, to avoid melting the polycarbonate.

And used as for the bottom protection of a Smoothieboard (which drives the aforementioned CNC mill)
CD cases do break too easily, but they are very convenient as they leave the signal names clearly readable.