Running wordpress in docker

The wife now also starts a blog. Time to play: This blog here is still set up the old-fashioned way, php and mysql running on the web server. But setting up a wordpress for her gives me a welcome excuse to play with docker.

So there you go:

For the simplified creation of vhosts for docker containers I set use a trio of containers using a slightly-adapted version of this docker-compose.yml:

  • nginx as reverse-proxy
  • jwilder/docker-genfor automatic creation of v-hosts based on container environment variables: simply pass -e and this container adapts the vhosts config for nginx accordingly.
  • jrcs/letsencrypt-nginx-proxy-companion to also automatically fetch a letsencrypt certificate and enable ssl for the new vhost..

For the wordpress instance I run an adapted docker-compose.yml for the usual container pair of wordpress and mysql. Apart from keeping the wordpress instance in a directory volume (for easy fiddling) i added the following modification:

       VIRTUAL_HOST: <vhost-1>.de,<vhost-2>.de...
       LETSENCRYPT_HOST: <vhost-1>.de,<vhost-2>.de...
       LETSENCRYPT_EMAIL: <letsencrypt-mail>

This enables automatic creation and sslification of the vhost in the nginx reverse proxy.

The nginx-reverse-proxy solution really makes it very convenient to just spin up a new container and immediately use it with a valid SSL certificate. Definitely worth the time for initial setup – it does not take longer than setting up SSL manually but you only have it once to get SSL for all vhosts.

Using duofern roller shutters with homeassistant

Zur Deutschen Version des Textes.
I use homeassistant as a front-end for home automation. It is really hackable, written in python and comes with support for a lot of devices. I chose it initially because it has mysensors support.

Last year I needed a solution for controlling roller shutters. Sadly most manufacturers that market in Germany are pushing their own proprietary solutions for home automation. While homeassistant supports a few of those via the proprietary gateways of the manufacturers, the gateways themselves can be very pricey. Additionally the installed roller shutters were belt-operated and the shutter was mounted in a steel case above the window. Unfortunately the hatches giving access to the roller shutter were so small that I ditched my initial plan of mounting a tube motor in the shutter roll.

Finally I found that german manufacturer Rademacher sells wall-mounted belt motors for Roller shutter operation (“Rollotron”). Some of these can be remote-controlled via “duofern”, a proprietary remote control protocol by the manufacturer. While homeassistant does not come with out-of-the-box support for this protocol, the Perl-based FHEM home automation project has support for these blinds via a usb stick sold by the manufacturer.

Duofern USB stick

I loathe perl, therefore I ported the rollotron-related sections of the GPL-licensed FHEM implementation to python. My python port can currently be found as pyduofern on bitbucket.

There is some documentation on how to get it to work with homeassistant in the subdirectory examples. Luckily the RF communication goes both ways, so homeassistant displays the current position of rollershutters regardless of whether they have been moved with manual controls or via homeassistant.

The whole thing is work in progress – in order to get it natively into homeassistant the next step would be to add it to pypi, but before I do that I would rather have it working with asyncio, because that is the way to do it for homeassistant.

Manually setting firewall rules for the Synology DSM openvpn interfaces

I keep forgetting how to do this so I’m finally gonna write it down. Synology DSM does not allow you to define arbitrary firewall rules. I especially want to define more paranoid firewall rules attached to openvpn connections. Sadly the GUI does not know about selective firewall rules for these so I had to do it myself. Synologys openvpn client calls


once the connection is established and


on disconnect. To define my own firewall rules I figured I would have to add to these two scripts. Unfortunately synology only sets its firewall rules some time after the scripts have run. So when I just add my own firewall rules to the two scripts, they are overwritten seconds later by synologys firewall. My solution is the following: at the end of the synology scripts




I add my own firewall setup script via:

# above here is synologys original code
# save the return code of the synology ip-up/down logic

# call my script and send it to the background
nohup /opt/bin/ &

# pass the original return code to the calling process
exit $returncode

In my own firewall script I begin with:

sleep 10

before I proceed to remove the synology firewall rules and replace them with my own.

WARNING: DSM Updates may overwrite your custom settings. Whenever you update DSM make sure that your settings are preserved.

Vectorized vortex clock

Dr Who style vortex clock
SVG (click to enlarge)

The Doctor Who intro features a vortex clock. Find it on youtube here (left of the two clips). I went through some pain to vectorize it in halfway decent quality in preparation of building a Doctor Who themed wall clock. In case anyone else wants an SVG version here is my amateur attempt. I know a lot could be done to make the SVG way smaller (probably the image could easily fit into 1/10 the size). My main goal was to get something that prints decently with a laser printer to iron on an aluminum plate, and this SVG is sufficient for that purpose.

Dynamic pdfs with pdflatex and ocg-p

Ever since I saw the microtype manual, I wanted to have something similar. The amazing thing about it is that you can switch on and off different microtype options and observe the resulting PDF output,

I now found the package ocg-p which allows to generate pdfs with dynamically switchable layers similar to the above. I built a demonstration which switches between a greek epigraph and its translation by clicking.

The code I used is the following, you can find the resulting PDF output here. The dynamic features only work in dedicated PDF readers (try opening with Acrobat):

\tikzset{external/export next=false}

\begin{tikzpicture}[node distance=3cm,every state/.style={fill=green!20},auto]
\draw[opacity=0] (-5,4)--(0,0);
\node[anchor=south east] at (0,0) { \toggleocgs{greek german}{I know that I know nothing}};
\node[anchor=north east] at (0,-0.2) { \toggleocgs{greek german}{\textit{Socrates}}};
\draw (-2,-0.1)--(0,-0.1);
\node[anchor=south east,font=\selectlanguage{polutonikogreek}] at (0,0) { \toggleocgs{greek german}{Οἶδα οὐκ εἰδώς.}};
\node[anchor=north east,font=\selectlanguage{polutonikogreek}] at (0,-0.2) { \toggleocgs{greek german}{\textit{Σωκράτης}}};
\draw (-2,-0.1)--(0,-0.1);


Running an open WIFI hotspot in Germany

logo by The Tor Project
logo by The Tor Project

German legislation makes it difficult to run an open WIFI hotspot: Not only will the police possibly search your house if somebody decides to commit criminal acts using your connection, you will also be liable via Störerhaftung for copyright-“crime” committed using your connection.

Despite the difficulties I am a big fan of offering open WIFI, and there is a large Café right across the street from my house which does not offer free WIFI on their own. Recently it hit me: Why not just make it a TOR hotspot? TOR is a free, strong anonymizing network run by volunteers like me. Data is redirected over three encrypted computers, making it impossible to trace data back to the users computer. If the Internet connection from the open WIFI passes through TOR nobody’s gonna ring my doorbell if somebody misbehaves.

Said was nearly done: used a Raspberry PI 2 I had so far no use for and combined it with a high power usb-wifi-adapter from amazon. After that it was only a matter of following the onion pi tutorial (but opting to run hostapd without encryption).

If you decide to do the same please consider doing it like I do: run a middle relay or a bridge on your pi in parallel to the access point (unless you pay per traffic) to give back to the TOR network that you use. Middle relays and bridges do not allow others to access the web from your connection, so they are quite safe to run even on a home connection.


Raspberry Pi – Ultrasonic Distance Sensor part II

Using python for the ultrasonic distance sensor from part one of this post in a project I realized: It is still too slow. In my project I record high queality video using the raspberry pi camera at high resolution. That puts quite some load on the IO. As a result, the timing needed for the distance measurement becomes unreliable. Results vary by more than a meter shot-to shot (without changing the distance to the first obstacle). For higher timing accuracy I decided to do the distance measurement in C or C++. I stole some interrupt based c++ code from here. I modified it to have it measure continuously. The code does one measuerement every 25miliseconds and outputs the result as a binary float to stdout. The result looks like this (download here):

// code based on
#include<stdint.h>       //for uint32_t
using namespace std;
uint32_t time1=0,time2=0;
uint32_t time_diff=0;
float Range_cm=0;
volatile int flag=0;
void show_distance(void);

void myInterrupt(void) // Interrupt routine
 {                     // Called whenever the input pin toggles
 	uint32_t timeTemp=micros();
    if(flag==0) // first toggle? note the time

    else // second toggle? compute the distance
void show_distance()// writes the distance as a 
  {                 // binary float to stdout.

int main(void)
       cout<<"wiringPiSetup failed !!\n";
    if(wiringPiISR(5,INT_EDGE_BOTH,&myInterrupt) < 0)
            cerr<<"interrupt error ["<<strerror (errno)<< "]:"<<errno<<endl;
            return 1;

    while(1) // this loop starts a new measurement
    {        // every 2500 miliseconds
    return 0;

Now we just need to modify our python class to read the regularly arriving distance from the c-code instead of measuring it itsself. To do so I use the following code (download

# License GPL
import gps
import threading
import subprocess
import time
import numpy
import os
#from xdg.Menu import tmp
# culd be beefed up with code from here
class distanceMeter(threading.Thread):
    # the init routine starts the compiled c-code
    # at high priority and initializes variables
    def __init__(self): 
        self.distanceProcess = subprocess.Popen(['./distance'],stdout=subprocess.PIPE, bufsize=500,preexec_fn=lambda : os.nice(-19))
        self.running = True
        print "created"
    # the run method of the thread is an infinite loop:
    #   whenever a distance measurement arrives
    #   the result is checked for validity (changes by more
    #   than 5 cm in 25msec are rejected as implausible for
    #   my means). Then mean and standard deviation of last
    #   five samples is computed.
    def run(self):
        print "starting loop"
        while self.running:
            # whenever new binary data comes in
            # put it into a numpy float and
            # process it.
            if (numpy.abs(self.lastFive-tmp)<5).any():
    def stopController(self):
        self.running = False
    def distance(self):
        return numpy.mean(self.lastFiveValid)
    def deviation(self):
        return numpy.std(self.lastFiveValid)
# This is just to show how to use the the class above 
if __name__ == '__main__':
    for i in numpy.arange(1000):
            print test.distance
            # you can put as much code as you like here,
            # test.distance will always contain the current
            # distance measurement, updated every 25msec.
        except KeyboardInterrupt:

With this I get reasonable distance measurements even while recording high resolution high quality video using the camera.

Raspberry Pi – Ultrasonic distance sensor

For a current hobby project I need an ultrasonic distance sensor. They work by sending a short pulse of ultrasound and measuring the time $t$ it needs to get reflected back from the first obstacle. A nice introduction can be found here. The distance traveled by the sound $d$ can then be calculated from a measurement of $t$: multiply the speed of sound $v_\mathrm{sound}=340.29\frac{\mathrm m}{\mathrm s}$ by $d$. Divide by two to get the distance between the emitter and the reflecting object (the sound had to travel the distance twice to get there and back again).


I want to measure distances with an accuracy of a few centimeters so the time measurement needs to be accurate by

$$\Delta t<\frac{2d}{v_\mathrm{sound}}$$

For one centimeter this amounts to about 60 $\mu\mathrm s$. This timing accuracy would be easy to achieve on a microcontroller where you can use hardware interrupts and have cycle-by-cycle accuracy of your timing (so at 1MHz you can get an accuracy of 1 microsecond). On a linux system your timing accuracy suffers from the fact that your measurement competes with other software for the CPU. Especially for an interpreted language like python, timing might get far worse than 60 $\mu\mathrm s$. The first solution I tried was this python code. No problem on an idle system. But as soon as you start recording HD video in parallel, your distance measurement starts to get quite noisy. It will be jumping by as much as half a meter from measurement to measurement).

For better timing accuracy one has to minimize delays between the incoming signal on the hardware pin and the recording of the time. With this goal I tried to modify the script to get an interrupt-based version. (An interrupt is a way of telling your machine, that when something happens it should automatically run a piece of code, allowing for decent timing in the presence of foreground processes.)

The result you can find here. It is object oriented and built such that you initialize the distance sensor and from then on it automatically updates the current distance regularly. It even calculates the standard deviation for you as an estimate of whether the measurement was noisy. (When the timing gets garbled up due to high load, you get a noisy measurement result). An example of how it can be used can be found in the main loop of the script.

You use the class like this:

import distanceMeter
#here is your code
#whenever you need the current distance you get it from the object
print "current distance is %0.3f, deviation %0.3f" % (distanceSensor.distance,distanceSensro.deviation)

#as the sensor runs in a thread you should tear it down properly:

Still this is not the end of it, even with the interrupt method I continue to get noisy distance data when the measurement code competes with other IO-heavy software on the PI, so stay tuned for an update with a C-based measurement module.

Update The post about the c-based module is here