Setup a Nginx RTMP live-stream server & HLS video-player on a WordPress site on Ubuntu/Raspbian/Debian

0. PRE-PREPARATION

This guide was written up by André, that would be me, to accompany a new video on my Youtube channel. The video will be uploaded somewhere during the next two days so make sure you keep an eye on that!! In the video I follow my own written guide, make some adjustments here and there. I posted the end-results below the video here.

All the commands are also available on Pastebin (right here)
Get WinSCP here, and Putty here.

1. PREPARATION

Continue reading

Ant Media Server on Ubuntu 18.04

This short guide will show you how to install Ant Media Server (Community Edition) on a Ubuntu 18.04 VPS server. Ant Media Server is a fork of Red5.

The community Edition is free, but it does have it’s limitations that can be unlocked by purchasing a license. It runs on Java so we’re also installing that on our server.

The server that I used in this example has Nginx installed and running with the additional RTMP module on port 1935. Ant Media Server will also require this port so to avoid any conflicts we need to stop Nginx before anything else. I also choose to disable it temporary but you don’t need to do this.

systemctl stop nginx
systemctl disable nginx

Another option you have to avoid conflicts is to change the port Nginx uses for RTMP by changing it in your /etc/nginx/nginx.conf file as shown on the image.

Let’s start by installing the default java (version 8) for Ubuntu.

apt install -y openjdk-8-jdk openjdk-8-jre
java -version

You must have to set JAVA_HOME and JRE_HOME environment variables, which is used by many of the Java applications to find Java libraries during runtime. You can set these variables in /etc/environment file using the following command.

cat >> /etc/environment <<EOL JAVA_HOME= /usr/lib/jvm/java-8-openjdk-amd64 JRE_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre EOL

Make sure you look for the latest version yourself on the github. At the time of creating this guide this was a direct download to the latest one.

wget https://github.com/ant-media/Ant-Media-Server/releases/download/ams-v2.1.0/ant-media-server-2.1.0-community-2.1.0-20200720_1340.zip
unzip ant-media-server-2.0.0-community-2.0.0-20200504_1842.zip
cd /opt/ant-media-server
wget https://raw.githubusercontent.com/ant-media/Scripts/master/install_ant-media-server.sh && chmod 755 install_ant-media-server.sh
sudo ./install_ant-media-server.sh ant-media-server-2.0.0-community-2.0.0-20200504_1842.zip
service antmedia status

Now open http://SERVER_IP_ADDRESS:5080 and create a new admin account or yourself.

In order to server run properly you need to open some network ports.

  • TCP:1935 (RTMP)
  • TCP:5080 (HTTP)
  • TCP:5443 (HTTPS)
  • UDP:5000-65000 (WebRTC)
  • TCP:5000-65000 (You need to open this range in only cluster mode for internal network. It should not be open to public.)
sudo ufw allow 1935/tcp
sudo ufw allow 5080/tcp
sudo ufw allow 5443/tcp

CLUSTER MODE ONLY
sudo ufw allow 5000:65000/udp

Enable SSL certificates

To obtain a certificate for Ant media server you can choose to create a new one or import it from an already existing certificate. I choose in this example to create a new one. PLEASE NOTE! The cert. creation process will need to use port 80 for its validation. So if you have Apache or Nginx already running, disable it for a moment using systemctl stop apache2/nginx.

cd /usr/local/antmedia
sudo ./enable_ssl.sh -d {DOMAIN_NAME}

I hope I don’t have to explain that you should replace the {DOMAIN_NAME} with your own hostname/domainname. Don’t forget to restart the Apache or Nginx process that you might have stopped earlier.

If you already have created certificates for the domain you want to use, another option would be to use those, like this:

sudo ./enable_ssl.sh -f yourdomain.pem -p privkey.pem -d yourdomain.com

For more information and help with seting up SSL please check out the Wiki.

Now you can open the interface to the server on http://yourdomain:5443

We’re done for now. Everything should be working now. A logical next step would be to install certificates and enable secure live-streaming. More about that on this page: https://github.com/ant-media/Ant-Media-Server/wiki/SSL-Setup

There’s a well written Wiki on the project’s github pages. You can use this if you run in to any issues. No need to click the link below at this moment because then you will see that I basically copy / pasted this whole page. In other words: I stole content. Sue me.. At least I’m honest about it.

https://github.com/ant-media/Ant-Media-Server/wiki/Installation

Fix the Nginx module in Webmin (Ubuntu 18.04)

For a long time now, the Nginx plugin that exists for Webmin did not work after installing it on Ubuntu/Debian. I never got around to figure out how to fix this but today I did. Here’s how to fix the Nginx plugin in Webmin on a Ubuntu server.

Now in all honesty I have no idea what step of all the steps below did the trick of actually getting it to work, but I’m guessing it had something to do with the brackets in the config file. I still need to try this out on a different server without installing the Perl modules first. You’re free to experiment yourself if you dare. If so, let me know what the specific fix was.

First of course you need to install the Nginx module for Webmin. It’s a third party module so add it using the correct option on the screen you see here.

Search for Nginx, select it and install it. Once it is installed you will find the tab on the left under Servers. If not, refresh your modules first. Chances are very likely that you will see a page with some errors that are Perl related. If this is the case continue to follow these steps.

In webmin open the Others tab, and then Perl Modules. Choose “From CPAN, named” and search for DBD::mysql and installit. Do the same thing for all of the following:

HTML::Entities
DBI
GD
DBD::mysql

If you run into any problems you can alternatively install the plugin through the command line. To start first use this command:

perl -MCPAN -e shell

Now you can install any plugin by entering:

i HTML::Entities

When it’s installed optionally do a “reload cpan” or install more plugins. Use te “quit” command to exit the perl inputline. If you’re running the earlier mentioned command for the first time you might also want to start of with “install CPAN” and “reload CPAN

Next step may seem difficult but it really isn’t. We need to add some \ to a config file. So edit the following file and make the changes I placed below.

nano /usr/share/webmin/nginx/nginx-lib.pl

Go to line 199 and add a backslash before the opening bracket.

if ($if ($line =~ /server \{$/) {

Do not forget to add a backslash before the closing bracket on line 202.

if ($line =~ /\}$/) {

Save the file and now it should work after refreshing the Webmin Nginx page.

Build a live-stream server

This guide will show you step by step how to install Nginx webserver & Certbot SSL certificates, the RTMP module, Ffmpeg on a Ubuntu 18.04 VPS server. It will then will also explain how to setup HLS live-streaming and create a webpage with Video.JS to show the live-stream.
I decided to write this guide after receiving a lot of questions and responses on a video or two that I made a while ago. HLS and SSL related mostly. So hopefully this guide will clear up all of those questions for you all. If not, please leave any questions at the bottom of this page or as comment on the Youtube page.

This guide contains 7 steps. I strongly advice to read through them all beforehand so you’ll know what you’re doing in stead of just blindly start copy/pasting everything, because that rarely works out like it should, in my experience. This looks like a long-ass guide, and it is in a way, but you could do this all in under 25 minutes. Anyways, it’s too long for this blog’s layout so click on the continue reading link below to read the full article and to see the video.

EDIT 24-07-2020 – Take a look at the git repo for easy hls site instal by Quinn Ebert. He has created it based on my guide and video. Thanks Quinn! Good work 🙂

Continue reading

Block all traffic from a Geo-located country with UFW firewall on Ubuntu

I was noticing some really strange requests in my web server’s log files on a VPS that I manage. Requests that seem to be focused on finding vulnerabilities or exploits. Turns out most of the originating IP addresses are from China. Since the VPS is not behind a router or otherwise managed firewall device, I decided to investigate if I could just block all traffic from China to my VPS. Turns out the software “Uncomplicated Firewall” or better know as UFW, that I already had running can do this easily. If you’re new to UFW have a look at this very comprehensive page showing how to set it up.

Here are two examples showing how to setup your UFW firewall to block IP addresses or ports based on Geo location. This should work on any system running UFW but in this case I did it on a headless Ubuntu 18.04 system. Click on Read more to view the rest of this article.

Continue reading

Configuring DNS-Over-HTTPS on RaspberryPi running Pi-Hole

In this article I will show you all the steps you will need to set up DNS-over-HTTPS to Cloudflared on a Raspberry Pi that’s running Pi-Hole on RaspBian Stretch OS. This is called an Argo Tunnel. Now you might think to yourself; What does all this even mean? Let me explain…

A Raspberry Pi is a really cheap tiny computer that has very low power consumption. These tiny computers costs between 30 to 50 euro’s/dollars and are ideal for people who often mess around with computers and everything related to it, like me for example. But they’re also interesting for people who want to keep their power consumption at home as low as possible, but still want certain services to run 24/7. I’m also one of those people. Especially when I saw my most recent electricity bill from the energy provider. It showed that I use more power than a family of five people averagely does. I live alone…

One of the reasons I want certain devices to run 24/7 is because they are hosting some services that I want to be available at all times. Like a DNS server for example. Pi-Hole is basically a DNS server that also blocks adds, for all the devices in your home network. Technically it’s actually not a DNS server but a local DNS resolver but that’s not important right now. I started using Pi-Hole about two years ago and nowadays my network feels incomplete without a Pi-Hole running in it. It also keep statistics that you can view in a simple web interface as shown below. Read more about it here.

pretty-stats
pretty-stats

Pi-Hole will resolve all DNS queries for every device in your home network. And to resolve queries and send the answer back to the clients Pi-Hole uses several upstream DNS server like 1.1.1.1 or 8.8.8.8. DNS queries from my Pi-Hole to the upstream DNS servers are not encrypted in any way. This means that my internet provider can monitor all these queries that I send out to the internet. In other words, they know what websites I visit and they monitor this and save the logs files for a certain amount of time. I’ve never really cared much about this, and I use VPN when I don’t want them to see what I’m doing. But with all the things that are going on right now in the realm of the world wide web, and with all the changes that have happened that I disagree with, I have become more aware of the benefits of securing as much as you can against preying eyes. Having said this just now, I started to nostalgically think back to the early days when the internet still felt like a playground for people like me, in anarchy, and it was completely free and it opened so many possibilities that we couldn’t even predict back then. Good days, good days. I miss those.

Recently I stumbled upon an article that explained the benefits of using HTTPS to secure DNS queries. This caught my interest so I did all the things the article suggested and within a couple of minutes a functional Pi-Hole with DNS-over-HTTPS was up and running. I figured that I might want to build this setup again at some point in the future, so I documented what I did, and since I was doing that, it was little effort to also post it here.

The upstream DNS servers we will be using are hosted by Cloudfare. They revolutionized the way we think of DNS when they went public on April fool’s day 2018, and their DNS servers are several times faster as the public Google DNS servers. I wrote something about this earlier that you might want to read also.

I’m assuming that you have already set up RaspBian on your Raspberry Pi yourself and that you are connected to the internet. I used RaspBian Lite but this works exactly the same on the full desktop version of RaspBian. Since I use the root account there’s no need for me to enter ‘sudo’ before the commands. So forgive me if I have forgotten to include sudo in some of the command-line instructions below. You should never use the root account but a regular account that has sudo rights. So if you see that a command is not working correctly for you, try it again but add sudo to the command.

We’re going to begin with the installation of Pi-Hole on a freshly new installed system. When this is running we install a tiny client-daemon from Cloudflare for the communication with the upstream DNS queries. I choose to use Cloudflare’s really fast servers 1.1.1.1 and 1.0.0.1, but you can use any of these servers that supports DNS over HTTPS. Eventually we will configure Pi-Hole and Cloudflared to work together hand in hand.

To continue reading the full article and the instructions, click on read more. Enough chatter, that barely anybody will read anyways, so let’s get started!

Continue reading

Public DNS servers 1.1.1.1 and 1.0.0.1

I’ve been using the public Google DNS servers 8.8.8.8 and 8.8.4.4 for several years now. It was once said that using these DNS servers would result in a noticeable speed increase when compared with the DNS servers that your internet provider makes you use. I started using the Google servers and the addresses immediately got stuck in my head, so I haven’t stopped using them since. Until today that is…
I’ve always really liked the easy-to-remember, and simply awesome addresses 8.8.8.8 and 8.8.4.4. I was happy with the response times and I never had any issues or complaints either. So why change? I’d better have a damn good reason for making this choice! Well, obviously I do!

Yesterday somebody told me that he switched to 1.1.1.1 as primary DNS server and 1.0.0.1 as secondary. He also mentioned that the response times are fast af! That info immediately drew my attention. So I decided to further investigate this as soon as I would get home. Turns out that these servers are indeed fast and have good testing results. I also learned that the good people at CloudFlare are behind it (Wiki). I’m pretty sure that remembering these new server addresses will not be a problem either.

I’m looking for speed when it comes to DNS servers. I want to use the fastest DNS servers in existence. The more speed, the better. Naturally I also want them to be reliable, safe, and respecting my privacy. It turns out that 1.1.1.1 & 1.0.0.1 are all these things and more. So I will be saying my goodbye’s to 8.8.8.8 & 8.8.4.4. And at the same time I will be welcoming 1.1.1.1 & 1.0.0.1 with open arms. Would you like to learn more? Or do you need a step-by-step guide on how to change what DNS servers you use? Just visit the website.

Adding cloud storage as permanent mount to Ubuntu Server 16.04

Many cloud storage services give you the option to mount your online storage as an extra drive on your operating system. This can be done really easy on any operating system that runs a desktop environment. But I wanted to add my storage as a mounted drive on Ubuntu Server, and it does not use a desktop environment so I use WinSCP and Putty to administrate my server.
I did some research on how to mount my cloud storage I use at Stackstorage. In my account info on their website they showed me that the address I have to use for WebDAV should be . This was all the information I needed to get started. Here’s a step by step guide how I did this that you can follow but keep in mind that some commands should be different depending on what cloud storage provider you are using. Click on READ MORE to read the full article.

Continue reading

Add Ubuntu Terminal to Windows 10

Have a look at this page for instructions on how to add a terminal to your Windows 10 in a matter of seconds. I just installed it and I’m very pleased with it so far. Could this mean I will stop using Putty after all these years? I’m not sure yet but I’m going to find out really soon. Here’s a link directly to the Windows Store if you don’t need any further instructions.

 

Things you should do after installing Raspbian on your Raspberry Pi

Here are a couple of things that you should do after you’ve installed Raspbian on your Raspberry Pi. Installing the Raspbian operating system itself is very easy so I’m not going into that. You can figure that out on your own. This article is just about a couple of things that you should, or could, do after installing the operating system. Click on the “read more” link below to get started!

Continue reading

Disable IPv6 on Ubuntu 16.04 Permanently

If you want IPv6 disabled permanently on a Ubuntu 16.04 system, here’s a good way to do it. Disabling it like this should keep it disabled permanently, even after performing updates that could potentially enable it again without you knowing it. I haven’t tested it so I’m not 100% certain but if you decide to upgrade Ubuntu to 16.10 or the most recent version, it should still have ipv6 disabled after upgrading. Now let’s get to it! Simply enter the following commands in your console:

sudo echo "net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee /etc/sysctl.d/99-my-disable-ipv6.conf
sudo service procps reload
ifconfig

The ifconfig should not show any ipv6 address. A reboot is not required, but it won’t hurt either.