April 20, 2020

From Gerald R. Lucas

New Pi covid-19: day 39 | US: GA | info | exit


Forget Amazon during this crisis.[1] EBay is my new jam for hobby stuff.[2] I ordered a lower-spec Raspberry Pi 4, a case, and an SD card from eBay last Thursday, and everything but the case arrived today. Yeah, I should stick with eBay for this stuff.[3] This Pi will be my new reverse proxy I mentioned a few nights ago.

I’m getting to be quick setting up these little Pis. I did all the basics with this new one in about 30 minutes, including copying ssh keys, tweaking local settings, and making it comfortable on my network.

Now, since this will be the public face of my network, I first set out to secure it as best I could. Chris Titus has a pretty good video tutorial for this. Most of it is applicable to my proxy—I even learned about the ssh-copy-id command. Note that his edit of /etc/host.conf is not necessary in current versions of Linux and resulted in an error on my system.


Next, I followed this tutorial for setting up my reverse proxy. It seems to work, but Let’s Encrypt will not get any certificates. I get the same error I was getting before: “Timeout during connect (likely firewall problem).” I assumed it was something having to do with Pihole, but even disabling that doesn’t help. Initially, when getting a certificate for grlucas.com, it seemed that disabling Pihole allowed me to get a certificate; in fact, that’s the only time Let’s Encrypt has worked for me. Disabling Pihole now doesn’t seem to do anything, yet there’s the whole reverse proxy configuration that might be messing it up.

I’ve been futzing with this for a while, so I’m going to call it for today. It appears that the reverse proxy is working, but Let’s Encrypt is still an issue. I’ll figure it out tomorrow.


  1. Arguably, we should probably forget them all together. I’ve heard and read enough about their business practices that should make me avoid them totally. This would be a difficult one to boycott. It’s because of Amazon that I haven’t been in a Walmart in 20 years.
  2. I also ordered a Pi Zero from Canakit on April 1—shipped on April 2. I still have yet to receive it, and since it’s coming from the Great White North, I can’t track it. I did email Canakit this morning, and they told me to wait until the 24th “before creating an investigation with USPS.” It sounds like they’re truly concerned and that they’re not going to do shot about it. Hm.
  3. OK, I have some issues with eBay, too, but most of those are when selling. Buying is still great.