Skip to content

Instantly share code, notes, and snippets.

@DanielJoyce

DanielJoyce/1A User set up

Last active May 9, 2020 18:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save DanielJoyce/7274f630c16e5f59537fc427352281cf to your computer and use it in GitHub Desktop.
Save DanielJoyce/7274f630c16e5f59537fc427352281cf to your computer and use it in GitHub Desktop.
Download ZIP
Octopi Setup on 64bit arm Ubuntu 20.04 on RPI 4
Raw
1A User set up
For now, we can use the ubuntu use, but for improved security, later we will create a dedicated octoprint user
usermod -G dialout -a ubuntu
# add a gpio group
# Out of the box, ubuntu doesn't have one, and /dev/gpiomem is set accessible to only root.root
groupadd -g gpio
usermod -G gpio -a ubuntu
#later we will repeat these steps with a new octoprint user
Raw
60-gpiomem.rules
# put in /etc/udev/rules.d
# Set ownership of dev/gpiomem to gpio group
# Now, if a user needs gpio access, they just need this group added to them!
KERNEL=="gpiomem", OWNER="root", GROUP="gpio"
Raw
90-usb-serial-printer.rules
# put in /etc/udev/rules.d
# Here we run stty to disable hupcl for printer usb-serial uart
# so when we plug it in or reconnect the printer does not reset
# This will let octoprint reconnect to the printer for monitoring without resetting the printer.
# ID 1a86:7523 QinHeng Electronics HL-340 USB-Serial adapter used by ender5/3
# If you want to try this for your printer, do a lsusb, and look for the idVendor:idProduct pair
# and change it below.
KERNEL="ttyUSB[0-9]*|ttyACM[0-9]*", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", RUN+="stty -F ${KERNEL} -hupcl"
Raw
klipper user setup
``` shell
$ sudo groupadd klipper
$ sudo useradd -b /opt -g octoprint -G dialout,gpio -m -r -s /usr/sbin/nologin klipper
```
Raw
nginx-setup.md

Strong diffie-hellman sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Generate self-signed key with proper AltName support

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -addext 'subjectAltName=DNS:ender5.local' -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

change ender5.local to match your host name

nginx config in /etc/nginx/sites-available/default

server {
	listen 80 default_server;
	listen [::]:80 default_server;
        server_name ender5.local;
        return 302 https://$server_name$request_uri;
}

upstream octoprint {
	server localhost:5000;
}

server {

	# SSL configuration
	#
	listen 443 ssl default_server;
	listen [::]:443 ssl default_server;
        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;
	gzip off;
        location / {
		proxy_pass http://octoprint/;
                proxy_set_header Host $http_host;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Scheme $scheme;
                proxy_http_version 1.1;
                client_max_body_size 0;
        }
}
Raw
ocotoprint install
```
cd /opt/octoprint
virtualenv --python=python2 .
sudo -u octoprint ./bin/pip install octoprint
```
add octoprint service to systemd
enable it
start it
Fire up octoprint, go through initial setup
edit config.yaml, set server host to 127.0.0.1
install nginx
install self signed cert.
`sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -addext 'subjectAltName=DNS:HOSTNAME.local' -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt`
When it asks for Common Name, use HOST_NAME.local as well
etc etc
Raw
octoprint user setup.md

We create a octoprint system user, and a octoprint group, and then set it's homedir to /opt.

We give it access to the gpio and dialout groups

$ sudo groupadd octoprint
$ sudo useradd -b /opt -g octoprint -G dialout,gpio -m -r -s /usr/sbin/nologin octoprint
Raw
ssh setup.md 
<?xml version="1.0" standalone="no"?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
	<name replace-wildcards="yes">SSH on host %h</name>
	<service>
		<type>_ssh._tcp</type>
		<port>22</port>
	</service>
</service-group>

Put the above in a ssh.service file under /etc/avahi/services

Out of the box, ubuntu 20.04 comes with avahi running which is a multicast DNS service provider/resolver. This will annouce your raspberry pi over the local network, making it easy to find with avahi-browse or other tools.

Eventually we will add one for octoprint itself, or at least, nginx in front of ocotoprint to support https.

Default hostname is ubuntu, and so you can ssh to it via ubuntu@ubuntu.local, and hit octoprint via ubunu.local:5000

if you set your raspbery hostname with sudo hostnamectl set-hostname HOST_NAME, then you can use HOST_NAME.local instead. I named mine after the ender 5. So I can hit my machine with ender5.local, etc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment