HOWTO - Make a BrewPi Fermentation Controller For Cheap

[hukdizzle]

So I am trying to password protect my brewpi per the instructions on page 9 and unfortunately I cannot figure out why it will not work. Here is how my putty session went down.

pi@raspberrypi ~ $ cd /var/www
pi@raspberrypi /var/www $ vi .htaccess
pi@raspberrypi /var/www $ mkdir private
pi@raspberrypi /var/www $ cd /var/www/private
pi@raspberrypi /var/www/private $ htpasswd -c .htpasswd Crunkworx
New password:
Re-type new password:
Adding password for user Crunkworx
pi@raspberrypi /var/www/private $

I wrote the following to the .htaccess file that is located within the /var/www folder.

<Files "brewery.php">
AuthUserFile /var/www/private/.htpasswd
AuthGroupFile /dev/null
AuthName "Crunkworx"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>
</Files>

It appears to have written the .htpasswd file to the /var/www/private folder but I can still get into my brewpi service without authentication. Thoughts? Sorry I am a total linux noob!

 

[atoughram]

I am a total linux noob!

I've been playing with it for years and I still consider myself a noob...

This isnt really a Linux issue but an .htaccess file issue - search for .htaccess, there is a ton of things you can do with that file.

 

[hukdizzle]

I've done some reading here and it appears that a requisite for this is that allowoverride must be set but I am not sure where to set this?

http://httpd.apache.org/docs/2.2/howto/auth.html

I went into the /etc/apache2/apache2.conf and could no find this setting so I applied it to the /var/www/ directory using the following syntax. I restarted the apache service after adding the following.

<Directory /var/www/>
AllowOverride AuthConfig
</Directory>

I still cannot get it to ask for a password, I am clearly doing something wrong but I just cannot figure out what it is.

 

[atoughram]

Check this out too

http://www.thesitewizard.com/apache/password-protect-directory.shtml

 

[FuzzeWuzze]

So I am trying to password protect my brewpi per the instructions on page 9 and unfortunately I cannot figure out why it will not work. Here is how my putty session went down.

pi@raspberrypi ~ $ cd /var/www
pi@raspberrypi /var/www $ vi .htaccess
pi@raspberrypi /var/www $ mkdir private
pi@raspberrypi /var/www $ cd /var/www/private
pi@raspberrypi /var/www/private $ htpasswd -c .htpasswd Crunkworx
New password:
Re-type new password:
Adding password for user Crunkworx
pi@raspberrypi /var/www/private $

I wrote the following to the .htaccess file that is located within the /var/www folder.

<Files "brewery.php">
AuthUserFile /var/www/private/.htpasswd
AuthGroupFile /dev/null
AuthName "Crunkworx"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>
</Files>

It appears to have written the .htpasswd file to the /var/www/private folder but I can still get into my brewpi service without authentication. Thoughts? Sorry I am a total linux noob!

Is your brewpi service file renamed to brewery.php like you list in the .htaccess file? hmmm

 

[hukdizzle]

Finally found it, htaccess does have to be enabled by default on a raspian install as follows.

cd /etc/apache2/sites-available
sudo nano default

look for <directory /var/www/> ... </directory>
change allowOverride to All

restart apache:
cd /usr/sbin
sudo apache2ctl -k graceful

 

[hukdizzle]

Is your brewpi service file renamed to brewery.php like you list in the .htaccess file? hmmm

Is the index.php the default service file? Can this be reconfigured possibly? What I have done is to change the file location to index.php and it seems to work as intended.

 

[FuzzeWuzze]

Is the index.php the default service file? Can this be reconfigured possibly? What I have done is to change the file location to index.php and it seems to work as intended.

Just rename your index.php file in /var/www (i believe) to whatever you want.

Just know that by default because of how web browsers work going to Http://brewpi goes to Index.php(among other defaults)

if you change it to brewery.php you now have to goto http://brewpi/brewery.php to access it. There may be a way in apache to fix this and redirect it properly but i dont know how and dont care really because its a bookmark in my browser anyways.

 

[atoughram]

http://tools.dynamicdrive.com/password/#.U3RjK_ldWSo

 

[stewart194]

I'd continue on and if you can access the webpage then all is good. If not you should delete and re-clone the git repository with the first command and just run the installer without modifying the install.sh script.

Its entirely possible that the developers have fixed the issues the previous people were having with the install script by now so the version your getting doesnt require the modification.

Took another stab at it this morning but am getting the same error. I deleted the entire brewpi-tools directory in my home folder, grabbed it again, did not modify the install.sh script this time but still get the same error.

ERROR ERROR ERROR ERROR "E: Unable to lacate package rpi-update"

I searched the internet for this error but didn't have any luck.

From this Debian machine, when I enter http://brewpi/ I get a "requested operation could not be completed" page that says unknown host. When I enter the IP address of the machine I get a page that says "It works! this is the default web page for this server. The web server software is running but no content has been added. When I try to enter http://brewpi from my regular Mac machine which is on the same network, it takes me to the online brewpi.com website. When I try to enter the IP address of the Debian machine it times out.

Someone mentioned that my hostname might be the problem. Do I need to set this to brewpi? How do I do that?

 

[balrog]

Stewart194--someone who knows more may correct me but you're not on a RPi, rather you are using an old lappy right? I *THINK* the rpi-update is a package specific to updating the RaspberryPi and not BrewPi software. IIRC when I installed on a virtual PC, I ran into same issue and just commented that line out as I thought it pertained to RPi folks and not me, as I'm not using a Pi. From da mighty Google: "rpi-update is a tool to upgrade the firmware for your Raspberry Pi."

 

[stewart194]

Stewart194--someone who knows more may correct me but you're not on a RPi, rather you are using an old lappy right? I *THINK* the rpi-update is a package specific to updating the RaspberryPi and not BrewPi software. IIRC when I installed on a virtual PC, I ran into same issue and just commented that line out as I thought it pertained to RPi folks and not me, as I'm not using a Pi. From da mighty Google: "rpi-update is a tool to upgrade the firmware for your Raspberry Pi."

Thanks for the reply. That makes sense. I installed this on a regular PC. I don't think I can echo out that line though because it also installs apache2, php5, python, etc. But when I took the "rpi-update" out of that line I still got the error. Maybe everything else installed correctly except that?

And IF I'm reading this script correctly, it should have installed a folder called brewpi to my home folder correct? If so, I don't have it...I only have a brewpi-tools folder in my home folder.

 

[balrog]

Well this is just sad that I don't recall the exact steps I took. I'll try to dig up what I did EXACTLY, but I thought it was just download the Debian ISO, make a VM with it, download the ZIP from rpi github, and then memory goes fuzzy--it's one of those "poke and respond to issues as they arise" but don't remember all the steps.

 

[stewart194]

I think it also should have placed files into /var/www and I don't see those either. Only index.html

 

[stewart194]

Well this is just sad that I don't recall the exact steps I took. I'll try to dig up what I did EXACTLY, but I thought it was just download the Debian ISO, make a VM with it, download the ZIP from rpi github, and then memory goes fuzzy--it's one of those "poke and respond to issues as they arise" but don't remember all the steps.

I know what you mean. I decided to document this entire process, so if it ever breaks I will know how to do it again. Maybe I'll create a post called "Linux install for complete idiots" when I'm done.

I've also never wired anything or bypassed the controller on a refrigerator...so this could be interesting!

 

[stewart194]

I think what is happening is that when the script doesn't find the "rpi-update", it stops right there and doesn't go any further.

 

[balrog]

open up install.sh. Line 179. It's updating all required pkgs. DELETE the rpi-update leaving all the others on there. That's what I did. Then run it.

By "open up" I mean edit with gedit or something.

 

[stewart194]

Even if I echo that entire line out, it still fails with the same error. You would think that it could skip over it and complete the rest of the install like installing brewpi, setting up the brewpi user, adding the files to var/www, etc.

And I think Python and Apache are already installed on this machine also.

Maybe I screwed this thing up by fumbling around so much in the beginning? Maybe I should just wipe it out and start over?

 

[stewart194]

open up install.sh. Line 179. It's updating all required pkgs. DELETE the rpi-update leaving all the others on there. That's what I did. Then run it.

I tried this and it didn't work for me...unless I'm missing something. That line reads "sudo apt-get install -y rpi-update apache2 libapache2-mod-php5" etc, etc...

If I take rpi-update out it fails. (I used Nano but it is editing and saving correctly)

 

[balrog]

The install looks like it wipes the directories www and brewpi during install allowing a refresh so to speak. I don't know why it would complain about rpi-update if you comented out the update line..

 

[atoughram]

I tried the password via .htaccess on the pi but it ignores the .htaccess file - I tried it on my other website http://theleus.com/test and it works... Hmm... I dont think .htaccess is being read by apache on the pi... More to come.

 

[atoughram]

OK - I dont know why the .htaccess isnt working on the pi...

But I've found something else that does work.

Create a file in your main brewpi directory (usually /var/www/) called access.php and copy this code into it.

sudo nano /var/www/access.php

//access.php

<?php
//put sha1() encrypted password here - example is 'hello'
$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';

session_start();
if (!isset($_SESSION['loggedIn'])) {
    $_SESSION['loggedIn'] = false;
}

if (isset($_POST['password'])) {
    if (sha1($_POST['password']) == $password) {
        $_SESSION['loggedIn'] = true;
    } else {
        die ('Incorrect password');
    }
} 

if (!$_SESSION['loggedIn']): ?>

<html><head><title>Login</title></head>
  <body>
    <p>You need to login</p>
    <form method="post">
      Password: <input type="password" name="password"> <br />
      <input type="submit" name="submit" value="Login">
    </form>
  </body>
</html>

<?php
exit();
endif;
?>

Change the $password hash to your own password - use the hash generator at http://www.sha1-online.com/

Make a backup copy index.php by using the command

sudo cp index.php index.bak

Just in case a mistake is made, you can copy it back to the original file.

Next modify index.php

sudo nano index.php

<?php
require('access.php');
?>
secret text

All that is required is adding the line require('access.php'); to the next line under <?php

 

[MongooseMan]

I think it's worth pointing out that the above method provides security by obscurity.
Just because someone can't get to index.php doesn't mean they can't call the javascript functions (which call the other .php files)

It's really up to you how much security you want, but just know that this method isn't completely hacker-proof.

 

[atoughram]

I think it's worth pointing out that the above method provides security by obscurity.
Just because someone can't get to index.php doesn't mean they can't call the javascript functions (which call the other .php files)

It's really up to you how much security you want, but just know that this method isn't completely hacker-proof.

Absolutely - but it's good enough to keep the honest person out... :rockin:

The only thing that would keep the hackers out is to unplug the RJ45...

 

[MongooseMan]

Absolutely - but it's good enough to keep the honest person out... :rockin:



The only thing that would keep the hackers out is to unplug the RJ45...

Yup
I'd still like to see security added at the application level, and I see there's a task on the brewpi forum to do that, but I'm not sure how long that'll take.

 

[stewart194]

I ended up doing the manual steps and I now have a working Brewpi web interface! I'm getting a "Cannot receive LCD text from Python script" message in the top left, and a red exclamation mark icon that says Script not running!" in the upper right. Is that because I don't have a working Aurduino board plugged into it?

The only part on the manual steps that didn't work for me was trying to run sudo usermod -a -G www-data pi &
sudo usermod -a -G brewpi pi in the Setting up Users and Permissions section. It told me that I don't have a user named pi...which it didn't ask me to create in the previous steps.

Any idea why this happened? Is there anything else I should do with this machine while I wait to get my other parts?

Thanks again to everyone who chimed in to help me out!

 

[hukdizzle]

Got my public site up and running and my private site is password protected, thanks for the help guys! Fantastic job on this Fuzze, thanks for doing the guide!

http://crunkworx.servebeer.com/crunkworxpublic.php

I get my probes and relay board today so hopefully those parts are as easy to implement as the software side has been.

 

[FuzzeWuzze]

I ended up doing the manual steps and I now have a working Brewpi web interface! I'm getting a "Cannot receive LCD text from Python script" message in the top left, and a red exclamation mark icon that says Script not running!" in the upper right. Is that because I don't have a working Aurduino board plugged into it?

The only part on the manual steps that didn't work for me was trying to run sudo usermod -a -G www-data pi &
sudo usermod -a -G brewpi pi in the Setting up Users and Permissions section. It told me that I don't have a user named pi...which it didn't ask me to create in the previous steps.

Any idea why this happened? Is there anything else I should do with this machine while I wait to get my other parts?

Thanks again to everyone who chimed in to help me out!

Yup thats right its because it has no arduino, good work.

Go ahead and make a user with the adduser command and call it Pi, i think the instructions assume(or tell you in other sections) that when you install Debian/RPI and it asks you for its first username to make it Pi.

I dont know if its actually ever used, but it only takes a second.

 

[giraffeman]

Looks like a LOT of good info here
subscribing so I can add this to my list of Projects that someday I'll finish

 

[FuzzeWuzze]

Yup
I'd still like to see security added at the application level, and I see there's a task on the brewpi forum to do that, but I'm not sure how long that'll take.

Yea HTAccess is probably the next best thing, as long as there arent any known Apache exploits out there to get around it...but honestly if someone wants to hack my WEP Wifi, then hack my Apache RPI just to turn my freezer on and ruin $20 worth of beer I wouldnt even be mad lol.

 

[MongooseMan]

Yea HTAccess is probably the next best thing, as long as there arent any known Apache exploits out there to get around it...but honestly if someone wants to hack my WEP Wifi, then hack my Apache RPI just to turn my freezer on and ruin $20 worth of beer I wouldnt even be mad lol.

I'm not phased about leaving it unsecured on my local LAN, but I'd think twice before making it available over the web without some level of password security.

I'm still waiting for my eBay order to arrive, including my wifi dongle for the PC becoming my server, but I'll probably go the htaccess route until I have time to sit down and trawl through the php code and secure it myself (unless BrewPi does it first).

 

[BrewerJack]

I'm not phased about leaving it unsecured on my local LAN, but I'd think twice before making it available over the web without some level of password security.

I'm still waiting for my eBay order to arrive, including my wifi dongle for the PC becoming my server, but I'll probably go the htaccess route until I have time to sit down and trawl through the php code and secure it myself (unless BrewPi does it first).

Honestly adding a password rarely does anything unless you are going to harden all the ports and set up network wide security. Hell, they would probably attack your router before going through your brewpi.

 

[hukdizzle]

Got my probes today and the wires are red, black, and white. Does anyone know what the proper pin out for these probes might be? Is there a systematic way that I can deduce which is which with an ohm meter or something along those lines or is this just a trial and error thing?

 

[atoughram]

Got my probes today and the wires are red, black, and white. Does anyone know what the proper pin out for these probes might be? Is there a systematic way that I can deduce which is which with an ohm meter or something along those lines or is this just a trial and error thing?

I'd assume red = 5v black = gnd and white = data

 

[ChelisHubby]

bootleggers Pale ale too hoppy for me but they didn't have my kolsch at the store.

 

[day_trippr]

So after slogging through the manual BrewPi installation I have RaspberryPints and BrewPi peacefully coexisting together. The only conflict I found along the way was both use the default index.php for their web pages, so I changed the one for BrewPi to brewpi.php. Otherwise, even though I could spend an entire day revising their instructions to harden them up, I've dealt with worse.

Device configuration was a bit interesting. The BrewPi site shows devices with "Device type" fields with something other than "None", unlike all of my devices. It's surprising the ds18b20s show up as "None" as they actually have device type codes embedded, but there's no way that BrewPi could identify the relay channels (just a GPIO pin sinking current through an opto-isolator that switches a transistor that energizes a relay coil - there isn't anything that's going to answer the question "What are you?"). Which makes me wonder where the "Temp Sensor", "Switch Sensor" and "Switch Actuator" values shown on their web site images for the device configuration are coming from.

Anyway, I figured out what was hooked where and assigned the sensors and relays in a generic manner. Still, at the start I had the two relay circuits set to non-inverted and then sat there like an idiot wondering why the LEDs on the relay card for both the cool and heat circuits were on simultaneously. Duh.

So with this running on my office desk I'm most likely torturing the control algorithms, as the relays obviously aren't hooked to anything and the two probes are laying on my desk. But I've been having fun scrambling BrewPi's senses playing with the temperature probes and changing the temperature goal. I have a feeling I'm going to be looking for a "Global Reset" function to make the poor thing unlearn whatever it thinks it's learning

Cheers!

[edit: it appears the one could indeed get BrewPi to run on an AlaMode without much issue as it appears the program supports all kinds of serial links. That said, if the intent of having an AlaMode is to manage the flow sensors for R'Pints V2 then BrewPi has to be run on its own Uno anyway.]

 

[BrewerJack]

Don't worry, there is a return to defaults button in the control panel.

 

[stewart194]

While I wait for my parts to arrive, I have a few basic questions for you guys if you don't mind.

1. I ferment in glass carboys and do 10 gallon batches. I know two carboys will fit in the refrigerator I plan to use, but obviously I will only be able to put the temp probe in one of these. Surely regulating the temperature based on one carboy will be adequate enough for the 2nd carboy sitting beside it correct?

2. I usually use blowoff tubes...how can I get the temp probe and the blowoff tube in the carboy at the same time? I almost always have krausen pushing through the tubes.

3. After the bulk of fermentation is complete, say after a week to 10 days, do you guys pull the fermenters out of the fridge and let them do their thing at room temp or do you keep them in the fridge? That is one thing I've noticed with my current "swamp cooler" method, is that it almost always takes 3 weeks, sometimes 4 to reach my final gravity. I'm hoping proper fermentation control speeds that up.

 

[day_trippr]

I ferment in glass, always run blow-offs during the throes of early primary, and control the fermentation fridge via a probe strapped to the side of the carboy with a piece of thick foam over it. There have been convincing accounts that a probe thus attached will track within a degree of a probe in a thermowell.

As for "how long in the chamber", I have a dedicated fridge for fermentation so I can leave batches running for as long as my pipeline schedule allows. Right now I have a big stout and a dark ale just ending their second week under temperature control, both will be moving on soon to free up the chamber for the next two batches...

Cheers!

 

[hukdizzle]

I'd assume red = 5v black = gnd and white = data

Correct, thanks for the info. I got mine up and running last night and it works perfectly.