• Home
  • Programming
    • API
      • Google
    • Javascript
    • Php
    • Server
  • CMS
    • Magento
    • Yahoo! Store

Setup of AWS RTMP Server with EFS

Thursday, 21 May 2020 15:49
Tim Ramsey
0 Comments
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#Install amazon-efs-utils and mount EFS
#https://docs.aws.amazon.com/efs/latest/ug/installing-other-distro.html
sudo apt-get -y install binutils
git clone https://github.com/aws/efs-utils
cd efs-utils
./build-deb.sh
sudo apt-get -y install ./build/amazon-efs-utils*deb
cd /
sudo mkdir /efs
sudo mount -t efs <UNIQUEIDHERE>:/ efs
sudo chown www-data:www-data /efs/recordings/
#verify with df
 
sudo nano /etc/fstab
#Add this line
<UNIQUEIDHERE>:/ /efs efs defaults,_netdev 0 0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#Setup Server
#I chose to keep local version of boot/men
sudo apt update && sudo apt upgrade -y
sudo apt install build-essential libpcre3 libpcre3-dev libssl-dev nginx libnginx-mod-rtmp ffmpeg -y
sudo nano /etc/nginx/nginx.conf
 
rtmp {
    server {
        listen 1935;
        chunk_size 4096;
        notify_method get;
        drop_idle_publisher 10s;
        application live {
            on_publish http://localhost/auth;
            live on;
            record all;
            record_path /efs/recordings;
            record_unique on;
            hls on;
            hls_path /hls/live;
            hls_fragment 2s;
            hls_playlist_length 4s;
push rtmp://localhost/facebook;
push rtmp://localhost/youtube;
        }
# Facebook Stream Application  
application facebook {
  live on;
  record off;
 
  #Only allow localhost to publish
  allow publish 127.0.0.1;
  deny publish all;
 
  # Push URL with the Facebook stream key
  push rtmp://127.0.0.1:19350/rtmp/<streamkey>;
}
# YouTube Application  
application youtube {
  live on;
  record off;
 
  #Only allow localhost to publish
  allow publish 127.0.0.1;
  deny publish all;
 
  # Push URL with the Facebook stream key
  push rtmp://a.rtmp.youtube.com/live2/<streamkey>
}
    }
}
 
sudo mkdir -p /hls/live
sudo chown -R $USER:$USER /hls/live
sudo nano /etc/nginx/sites-enabled/default
location /auth {
    if ($arg_pwd = '<uniquepassword>') {
        return 200;
    }
    return 401;
}
 
sudo systemctl restart nginx.service
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.net
sudo nano /etc/nginx/sites-available/example.net
server {
        listen 80;      # HTTP IPv4
        listen [::]:80; # HTTP IPv6
        listen 443 ssl;      # HTTPS IPv4; force SSL
        listen [::]:443 ssl; # HTTPS IPv6; force SSL
        server_name example.net;
 
        location / {
        # Disable cache
        add_header Cache-Control no-cache;
 
            # Enable CORS
            add_header 'Access-Control-Allow-Origin' '*' always;
            add_header 'Access-Control-Expose-Headers' 'Content-Length';
 
            # Allow CORS preflight requests
            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Max-Age' 1728000;
                add_header 'Content-Type' 'text/plain charset=UTF-8';
                add_header 'Content-Length' 0;
                return 204;
            }
 
            # Specify file type to be served (.m3u8)
            types {
            application/vnd.apple.mpegurl m3u8;
                video/mp2t;
            }
 
            # File location
            # Set to the same hls_path specified in the rtmp application
            root /hls;
    }
}
 
sudo ln -s /etc/nginx/sites-available/example.net /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
sudo curl -o stunnel-5.56.tar.gz https://www.stunnel.org/downloads/stunnel-5.56.tar.gz
sudo tar xvfz stunnel-5.56.tar.gz
cd stunnel-5.56
sudo ./configure
sudo make
sudo make install
sudo ln -s /usr/local/bin/stunnel /bin/stunnel
sudo nano /etc/stunnel/stunnel.conf
; Sample stunnel configuration file for Unix by Michal Trojnara 1998-2019
; Some options used here may be inadequate for your particular configuration
; This sample file does *not* represent stunnel.conf defaults
; Please consult the manual for detailed description of available options
 
; **************************************************************************
; * Global options                                                         *
; **************************************************************************
 
; It is recommended to drop root privileges if stunnel is started by root
;setuid = nobody
;setgid = nogroup
 
; PID file is created inside the chroot jail (if enabled)
;pid = /usr/local/var/run/stunnel.pid
 
; Debugging stuff (may be useful for troubleshooting)
;foreground = yes
;debug = info
;output = /usr/local/var/log/stunnel.log
 
; Enable FIPS 140-2 mode if needed for compliance
;fips = yes
 
; The pkcs11 engine allows for authentication with cryptographic
; keys isolated in a hardware or software token
; MODULE_PATH specifies the path to the pkcs11 module shared library,
; e.g. softhsm2.dll or opensc-pkcs11.so
; Each section using this feature also needs the "engineId = pkcs11" option
;engine = pkcs11
;engineCtrl = MODULE_PATH:/usr/lib/softhsm/libsofthsm2.so
;engineCtrl = PIN:1234
 
; **************************************************************************
; * Service defaults may also be specified in individual service sections  *
; **************************************************************************
 
; Enable support for the insecure SSLv3 protocol
;options = -NO_SSLv3
 
; These options provide additional security at some performance degradation
;options = SINGLE_ECDH_USE
;options = SINGLE_DH_USE
 
; **************************************************************************
; * Include all configuration file fragments from the specified folder     *
; **************************************************************************
 
;include = /usr/local/etc/stunnel/conf.d
 
; **************************************************************************
; * Service definitions (remove all services for inetd mode)               *
; **************************************************************************
 
; ***************************************** Example TLS client mode services
 
; The following examples use /etc/ssl/certs, which is the common location
; of a hashed directory containing trusted CA certificates.  This is not
; a hardcoded path of the stunnel package, as it is not related to the
; stunnel configuration in /usr/local/etc/stunnel/.
 
[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995
verifyChain = yes
CApath = /etc/ssl/certs
checkHost = pop.gmail.com
OCSPaia = yes
 
[gmail-imap]
client = yes
accept = 127.0.0.1:143
connect = imap.gmail.com:993
verifyChain = yes
CApath = /etc/ssl/certs
checkHost = imap.gmail.com
OCSPaia = yes
 
[gmail-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.gmail.com:465
verifyChain = yes
CApath = /etc/ssl/certs
checkHost = smtp.gmail.com
OCSPaia = yes
 
; Encrypted HTTP proxy authenticated with a client certificate
; located in a cryptographic token
;[example-pkcs11]
;client = yes
;accept = 127.0.0.1:8080
;connect = example.com:8443
;engineId = pkcs11
;cert = pkcs11:token=MyToken;object=MyCert
;key = pkcs11:token=MyToken;object=MyKey
 
; ***************************************** Example TLS server mode services
 
;[pop3s]
;accept  = 995
;connect = 110
;cert = /usr/local/etc/stunnel/stunnel.pem
 
;[imaps]
;accept  = 993
;connect = 143
;cert = /usr/local/etc/stunnel/stunnel.pem
 
; Either only expose this service to trusted networks, or require
; authentication when relaying emails originated from loopback.
; Otherwise the following configuration creates an open relay.
;[ssmtp]
;accept  = 465
;connect = 25
;cert = /usr/local/etc/stunnel/stunnel.pem
 
; TLS front-end to a web server
;[https]
;accept  = 443
;connect = 80
;cert = /usr/local/etc/stunnel/stunnel.pem
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
; Microsoft implementations do not use TLS close-notify alert and thus they
; are vulnerable to truncation attacks
;TIMEOUTclose = 0
 
; Remote shell protected with PSK-authenticated TLS
; Create "/usr/local/etc/stunnel/secrets.txt" containing IDENTITY:KEY pairs
;[shell]
;accept = 1337
;exec = /bin/sh
;execArgs = sh -i
;PSKsecrets = /usr/local/etc/stunnel/secrets.txt
 
; Non-standard MySQL-over-TLS encapsulation connecting the Unix socket
;[mysql]
;cert = /usr/local/etc/stunnel/stunnel.pem
;accept = 3307
;connect = /run/mysqld/mysqld.sock
 
; vim:ft=dosini
 
 
 
# Stunnel basic config
# /etc/stunnel/stunnel.conf
setuid = stunnel4
setgid = stunnel4
pid=/tmp/stunnel.pid
output = /var/log/stunnel4/stunnel.log
include = /etc/stunnel/conf.d
 
#Set ENABLE=1 in /etc/default/stunnel4
 
# RTMP -> RTMPS tunnel
#/etc/stunnel/conf.d/fb.conf
[fb-live]
client = yes
accept = 127.0.0.1:19350
connect = live-api-s.facebook.com:443
verifyChain = no
 
sudo systemctl restart stunnel4 && sudo systemctl status stunnel4
1
2
3
4
5
6
7
8
#Install SSL
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx -d example.com
sudo certbot renew --dry-run
 
#systemd should take care of the auto renewal

Dynamic IP IpTables Update

Wednesday, 06 May 2020 20:21
Tim Ramsey
0 Comments
1
touch /usr/local/sbin/firewall_dynamic_update.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/bin/bash
HOSTNAME=yourhost.ddns.net
LOGFILE=$HOME/ufw.$HOSTNAME.log
Current_IP=$(host $HOSTNAME | head -n1 | cut -f4 -d ' ')
 
if [ ! -f $LOGFILE ]; then
    /usr/sbin/ufw allow from $Current_IP to any port 2222
    /usr/sbin/ufw allow from $Current_IP to any port 9090
    /usr/sbin/ufw allow from $Current_IP to any port 8443
    echo $Current_IP > $LOGFILE
else
 
    Old_IP=$(cat $LOGFILE)
    if [ "$Current_IP" = "$Old_IP" ] ; then
        echo IP address has not changed
    else
        /usr/sbin/ufw delete allow from $Current_IP to any port 2222
/usr/sbin/ufw delete allow from $Current_IP to any port 9090
/usr/sbin/ufw delete allow from $Current_IP to any port 8443
/usr/sbin/ufw allow from $Current_IP to any port 2222
/usr/sbin/ufw allow from $Current_IP to any port 9090
/usr/sbin/ufw allow from $Current_IP to any port 8443
        echo $Current_IP > $LOGFILE
        echo iptables have been updated
    fi
fi
1
2
sudo chown root:root /usr/local/sbin/firewall_dynamic_update.bash
sudo chmod +x /usr/local/sbin/firewall_dynamic_update.bash
1
2
sudo crontab -e
*/5 * * * * /usr/local/sbin/firewall_dynamic_update.bash > /dev/null 2>&1

Steps after FreePBX distro installation

Friday, 01 May 2020 19:12
Tim Ramsey
0 Comments

After you use your custom image to install freePBX, you will want to do a couple of things.

  1. Reset the root password(root/password)
1
passwrd root

2. Connect via SSH and disable password ssh connection

1
2
3
4
nano /root/.ssh/authorized_key
nano /etc/ssh/sshd_config
#change PasswordAuthentication no
service sshd restart

Dell Laptop wifi connection slow?

Thursday, 20 February 2020 21:11
Tim Ramsey
0 Comments

After hours of debugging, I finally found the issue with wireless speeds, and it happened to be a piece of software. Go to your add/remove programs and look for ‘smartbyte drivers and services’. It happened to be limiting a laptop I was working on to 12MBPS. I removed it jumped to 200MBPS.

Page 2 of 13

  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • …
  • 13
  • Next

Categories

  • CMS
    • Magento
    • Shopify
    • Yahoo! Store
  • Programming
    • API
      • Google
    • Javascript
    • Php
    • Server
    • SVN
  • VOIP

Recent Posts

  • Github permission denied from cPanel
  • Magento 2 Remove version signing static files
  • Composer Memory Limit Issues when updating/installing
  • Installing WHM/Cpanel on Digital Ocean
  • Setup of AWS RTMP Server with EFS