Just a reminder to myself that the uptimerobot monitor for Icecast streams has to be a GET monitor, because Icecast sends a 400 Bad request error for HEAD requests. So, for example, we can set up a GET monitor for
https://streamingurl.tld/mountpoint/status.xsl
But then we would not really know if the streams are running - for that, we rely on our shell scripts to email us like
COULD NOT FIND PLAYLIST nameof.playlist AT Sun May 28 06:01:01 IST 2017
PLAYING EMERGENCY INSTRUMENTAL PLAYLIST!!
We wanted the same content as oldname.tld/url to be served from newname.tld/url for a domain which was being served from a shared server running Plesk. We could not do it by adding a domain alias, instead we had to do it by adding newname.tld as a new domain in Plesk and pointing it to the same directory as oldname.tld for wwwroot.
In order to create a timeshift backup before upgrade, creating a virtual hard disk volume,
https://www.tecmint.com/create-virtual-harddisk-volume-in-linux/
This took 20 minutes on lenovo pc for 30 GB. mkfs finished in just seconds.
Initially, I thought our non-profit edition of Google Workspace did not have Google Forms, and so created a form manually, following
https://dev.to/omerlahav/submit-a-form-to-a-google-spreadsheet-1bia
https://github.com/jamiewilson/form-to-google-sheets
and a template from jotform.com
Freenom is the domain registrar for .tk and currently, their process for renewing free domains is -
Our audio streams were getting blocked by Chrome's insistence on https. Our initial workaround was to not use any javascript-based player, and instead just use a link to the stream URL with target = _blank to open it in a new window or tab. Now, working towards https support for our audio streams, we found two options.
1. Icecast 2.4.4 has support for SSL, but we need to recompile it on most platforms with the flag set as the icecast package which is available at this repo doesn't support SSL. ./configure --with-curl --with-openssl
2. The other option is to use an SSL reverse-proxy - Apache or Nginx.
Since we had Apache running on our server already, I tried the reverse-proxy method. I had to use acme.sh and not certbot since our server needs an OS upgrade. After the acme.sh installation, have to log out and log in (or open another shell) for the .bashrc changes to take effect. On the server, the main steps were:
a2enmod proxy
a2enmod proxy-http #(without this, got Internal Server Error)
service apache2 restart
a2ensite stream.ourdomain.tld
service apache2 reload
The file created for stream.ourdomain.tld in /etc/apache2/sites-available/stream.ourdomain.tld.conf was copied from another virtual host and then I added the lines like
ProxyPass /nameofstream http://11.22.33.44:8567/
ProxyPassReverse /nameofstream http://11.22.33.44:8567/
ProxyPass /nameofanotherstream http://11.22.33.44:8577/
ProxyPassReverse /nameofanotherstream http://11.22.33.44:8577/
</VirtualHost>
The file created for the ssl version had to be hand-written since acme.sh doesn't automatically create the config files unlike certbot. stream.ourdomain.tld-ssl.conf had the additional lines
<IfModule mod_ssl.c>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/stream.ourdomain.tld.cer
SSLCertificateKeyFile /etc/ssl/private/stream.ourdomain.tld.key
So, with acme.sh, first issued the certificate in Apache mode as root -
acme.sh --issue --apache -d stream.ourdomain.tld
and then installed it using
acme.sh --install-cert -d stream.ourdomain.tld \
--cert-file /etc/ssl/certs/stream.ourdomain.tld.cer \
--key-file /etc/ssl/private/stream.ourdomain.tld.key
a2ensite stream.ourdomain.tld-ssl
service apache2 reload
Worked.
Everything seems to be fine - Apache was not having any issues I could detect with top and a tail -f of the Apache access log. Cloudflare proxying had been turned on, but I'm not sure if it had any impact since this was a stream and not a static file which could have been cached.
CPU utilization and RAM utilization didn't change more than 1-2% - 97% idle CPU, and all the Apache processes together were using only 14% RAM or less of our 8 GB server, which didn't increase substantially from what it was before the test. Some 300+ clients connected via our website with the new links to the various streams in the last 90 minutes or so of the test.
Edit: See the later post, implemented with icecast-kh
https://hnsws.blogspot.com/2021/06/adding-ssl-https-to-http-mp3-streams.html
While making some command-line commits to github, I'd received an email from github that password-based authentication is deprecated, and would be unavailable after Aug 2021. Github docs also mention that pw auth is deprecated. This stackoverflow post also discusses the change, and its advantages. So, basically we need to create the password token, give it suitable permissions and use that instead of the password on the commandline.
Working with xfce on a GCP cloud server, minimized windows were not visible. My workaround as suggested by this forum post was to centre-click on the desktop (right+left click on my trackpad) and choose the relevant window from the list.
Last week, I could not remote desktop into one of our servers which was a VM on Azure - Remote Desktop was working only immediately after a restart, and later not at all. Remmina failed with
connected to ip.address.tld:3389
recv: Connection reset by peer
Error: protocol security negotiation or connection failure
and rdesktop failed with
ERROR: CredSSP: Initialize failed, do you have correct kerberos tgt initialized ?
Failed to connect, CredSSP required by server.
I thought I got the explanation for CredSSP from this post and thought disabling NLA would solve the issue. But then, I could not connect at all. I'd done this by right-clicking on System, Properties, Remote, and disabling the check-box 'Allow connections only from computers with NLA...'
Tried resetting the connection configuration from Azure portal, still no. (Choose the VM in Azure Portal, Support + Troubleshooting, Reset Password screen, choose 'Reset configuration only').
I tried logging on using a Windows 10 VM on another server, but got an "internal error". Perhaps this was due to the Windows trial license expiring on that machine. Today when I re-installed a trial version of Windows 10 and tried to connect, the Remote Desktop connection worked fine. Turned on NLA, it still worked. Tried with Remmina on my local machine, that also worked.
So, why did it fail and why did it start working again? Was it due to a Windows update causing issues like in this forum thread? Perhaps a network glitch? Perhaps restarting the VM (which I did several times) or resetting the configuration solved the issue but I was unable to check due to turning off NLA? At that time, I did not see this post, but maybe in the future I might need these tips again.
One of our external IP addresses had port-forwarding set up to allow incoming ssh. That external network failed and the alternate network took over for web browsing, but our ssh connections would fail. Workaround was to set up identical port-forwarding rules for this alternate network external IP address also. Then, if the primary network fails, we can ssh in using the alternate network.
Troubleshooting an issue of iSpring's output html not appearing properly on a mobile app, found this page with some recommendations on font sizing for mobile devices. The issue itself might be due to javascript support issues or user-agent issues, I guess, since the page appears properly on mobile browsers.
