分類: 資訊與軟硬體

資訊與軟硬體相關

發佈於

Mac OS X 設定NAT與port forwarding

Mac OS X版本:OS X El Capitan 10.11

Mac OS 的防火牆軟體在10.10已經將IPFW取消,改用OpenBSD的PF,有關PF的User guide 可參考:https://www.openbsd.org/faq/pf/,或在此下載PDF說明。

PF 原則上在Mac OS X都會自動啟動,如果不讓PF於開機時啟動,可以執行下面的指令:

# rcctl disable pf

重啟Mac即可生效。

下面二個指令可啟動與關閉PF功能:

# pfctl -e
# pfctl -d

PF於系統開機時(Booting),會讀取pf.conf這個設定檔(位於 /etc/pf.conf),透過rc的scripts來載入的。主要也是透過pfctl這個指令來執行設置。其他常用的pfctl指令如下:

# pfctl -f /etc/pf.conf 載入pf.conf這個設定檔
# pfctl -nf /etc/pf.conf 解析/etc/pf.conf這個設定檔,但不載入
# pfctl -sr 顯示目前防火牆的設置
# pfctl -ss 顯示現在連線狀態
# pfctl -si 顯示過濾狀態以及統計
# pfctl -sa 顯示所有狀態訊息
其他完整的指令可按下這裡進行詳閱

以下僅針對pf.conf有關NAT與Port Forwarding的防火牆設置的簡單說明:

順序很重要,Port Forwarding的指令必須在NAT之前,否則會出現錯誤訊息

Port forwarding:

若要將ppp連線或對外接口的特定port轉換到內網某個特定IP的特定port,例如:tcp 9922轉換到內網192.168.1.5的ssh (port 22)則設定為:

rdr on ppp0 proto tcp from any to 222.3.15.2port 9922 -> 192.168.1.5 port 22

外網的IP為222.3.15.2,當外面連接這個地址port 9922則轉到192.168.1.5 port 22這個位址:

rdr on ppp0 proto tcp from any to 222.3.15.2 port 1935 -> 192.168.1.18

則連接到外網222.3.15.2的port 1935則轉到192.168.1.18的相同位址(port 1935)。

NAT讓內網可以透過這台MAC連上Internet

nat on ppp0 from 192.168.1.0/24 to any -> 222.3.15.2
pass from 192.168.1.0/24 to any keep state

222.3.15.2為外網IP,以上定義內網192.168.1.0/24皆可轉為222.3.15.2外網IP直接連上Internet

 

發佈於

『華藏淨宗學會』專用播放器開發完成

滑動2

個人第一次以Adobe Flash Builder開發的Adobe AIR for Desktop應用程式,也學習了許多Flex開發所需要的編程技巧。例如,利用Flex外掛as3corelib.swc  用來解析JSON (JavaScript Object Notation)、Flash HTTPService的安全性問題、VideoPlayer物件在進行Live直播所遭遇到bug,因而改用VideoDisplay進行開發播放器、檔案管理、下載文件…等等問題。都在此次編程1200多行程序列裡,鍛煉自己在編程上的功夫。

程式碼(源代碼)有興趣的,可發郵件一起分享。已編譯好的程式,可在下面連結,直接下載:

http://www.thesolarsystems.net/downloads/hwadzan.exe — Windows環境安裝程式。

http://www.thesolarsystems.net/downloads/hwadzan.dmg — MacOS環境安裝程式。

http://www.thesolarsystems.net/downloads/hwadzan.air — 若已安裝Adobe AIR可直接下載此程式快速安裝。

爾後不定時發佈此程式源代碼的部分說明,請先進不吝賜教。

發佈於

VLC 2.1.x版到Windows的交叉編譯-Cross Compile

官方說明:http://wiki.videolan.org/Win32Compile

以Ubuntu 12.04.2 LTS i686平台進行編譯,以下說明,最重要是第二項,在VLC官方網站沒有說明。而Ubuntu 12.04也正在改版,而且Mingw-w64在Debian也在修改。所以,避免花費太多時間,一定得去清楚明瞭MINGW的版本。

安裝必要工具

1. 安裝Mingw-64相關工具

$ sudo apt-get install gcc-mingw-w64-i686 g++-mingw-w64
$ sudo apt-get install mingw-w64
$ sudo apt-get install mingw-w64-tools

2. 到Debian.ORG去查看是否有最新版本的Mingw-w64, 在VLC 2.0.x以後版本必須使用Mingw-w64 3.0以上的工具才行, 查看網址:http://ftp.debian.org/debian/pool/main/m/mingw-w64/ , 以2013/6/30編譯時,所查到的版本軟體為 mingw-w64-i686-dev_3.0~svn5915-1_all.deb, 所以以下面方式下載並安裝

$ wget http://ftp.debian.org/debian/pool/main/m/mingw-w64/mingw-w64-i686-dev_3.0~svn5915-1_all.deb
$ sudo dpkg -i mingw-w64-i686-dev_3.0~svn5915-1_all.deb

則與更新為最新版本。接下來就依據官方網站的方式進行編譯,但是需要把 i586-mingw32msvc 改為i686-w64-mingw32

3. 安裝其他相關程式、軟體、相依程式庫。。。等

$ sudo apt-get install git lua5.1 libtool automake autoconf make gettext pkg-config qt4-dev-tools subversion cmake cvs zip p7zip nsis bzip2
$ sudo apt-get install p7zip-full

7zip-full需要安裝才可以提供完整7z的指令。
4. 下載VLC程式碼

$ git clone git://git.videolan.org/vlc.git vlc

5. 開始進行編譯

$ cd vlc
$ mkdir -p contrib/win32
$ cd contrib/win32
$ ../bootstrap --host=i686-w64-mingw32
$ make prebuilt
$ cd -
$ ./bootstrap
$ mkdir -p win32 && cd win32
$ ../extras/package/win32/configure.sh --host=i686-w64-mingw32
$ make

包裝 VLC

以下的方式可以進行封裝VLC的方式:

Command Description
make package-win-common Creates a subdirectory named vlc-x.x.x with all the binaries. You can run VLC directly from this directory.
make package-win-strip Same as above but will create ‘stripped’ binaries (that is, smallest size, unusable with a debugger).
make package-win32-7zip Same as above but will package the directory in a 7z file.
make package-win32-zip Same as above but will package the directory in a zip file.
make package-win32 Same as above but will also create an auto-installer package. You must have NSIS installed in its default location for this to work.

 

 

 

發佈於

如何在Wowza Media Server媒體伺服器上,用視訊檔案輪流播放直播節目

Wowza Media Server是一套很長是一套很常用的媒體伺服器,尤其支持許多行動裝置,像是手機(iPhone或是Android的手機)、平板電腦(無論iPAD還是Android PAD)、甚至各種電腦、機上盒。。。等等應用,非常普遍。

這裡介紹一下怎樣設定這套系統,讓放置在這套系統的視訊檔案(Video File),利用時間排程,進行連續播放,就好像電視台在播放影片、廣告、影片、其他內容等等,方便又好用的功能:

首先,Wowza支持的檔案格式,可以參考這個連結

FLV (Flash Video – .flv) 
MP4 (QuickTime container – .mp4, .f4v, .mov, .m4v, .mp4a, .3gp, and .3g2) 
MP3 (.mp3)

所以,其他格式必須事先進行轉碼才可以使用。

Wowza輸出格式以及相關規格,可以參考此連結。詳細的PDF資料在這裡

基本上要實現這樣的功能,有兩種方法,一種是下面介紹的

“如何使用串流類別的串流來做伺服器端的發佈應用?”原文在此。是一個簡單的例子來說明串流類別(Stream Class)的基本使用。程式碼如下:

package com.wowza.wms.example.serverlistener;

import com.wowza.wms.logging.WMSLoggerFactory;
import com.wowza.wms.server.*;
import com.wowza.wms.vhost.*;
import com.wowza.wms.stream.publish.*;
import com.wowza.wms.application.*;

public class StreamPublisherDemo implements IServerNotify {

	public void onServerInit(IServer server)
	{
		IVHost vhost = VHostSingleton.getInstance(VHost.VHOST_DEFAULT);
		IApplication app = vhost.getApplication("live");
		IApplicationInstance appInstance = app.getAppInstance("_definst_");

		Stream stream1 = Stream.createInstance(vhost, "live", "Stream1");

		stream1.play("mp4:sample.mp4", 5, 5, true);
		stream1.play("mp4:sample.mp4", 50, 5, false);
		stream1.play("mp4:sample.mp4", 150, 5, false);
		stream1.addListener(new StreamListener(appInstance));

		Stream stream2 = Stream.createInstance(vhost, "live", "Stream2");

		stream2.play("mp4:sample.mp4", 0, -1, true);
		stream2.addListener(new StreamListener(appInstance));

	}
	public void onServerCreate(IServer server)
	{
	}
	public void onServerShutdownComplete(IServer server)
	{
	}

	public void onServerShutdownStart(IServer server)
	{
	}
	class StreamListener implements IStreamActionNotify
	{
		StreamListener(IApplicationInstance appInstance)
		{
		}
		public void onPlaylistItemStop(Stream stream, PlaylistItem item)
		{
			WMSLoggerFactory.getLogger(null).info("Item Stopped: " + item.getName() + "on Stream: " + stream.getName());			
		}
		public void onPlaylistItemStart(Stream stream, PlaylistItem item) 
		{
			WMSLoggerFactory.getLogger(null).info("Item Started: " + item.getName() + "on Stream: " + stream.getName());
		}
	}	
}

把Server listener加到/conf/Server.xml /ServerListeners,如下面的程式碼:

<ServerListener>
   <BaseClass>com.wowza.wms.example.serverlistener.StreamPublisherDemo</BaseClass>
</ServerListener>

接著呢,建立ㄧ個Wowza app名稱為“live”,將Application.xml裡面的/StreamType設定為”live”。這樣基本上就設定好了,但是怎麼播放呢?

可以打開 [install-dir]/examples/LiveVideoStreaming/FlashRTMPPlayer/player.html (Wowza Media Server 3.5 或以後的版本)

或者

[install-dir]/examples/LiveVideoStreaming/client/live.html (Wowza Media Server 3.5以前的版本)

內容位置在于:

Server: rtmp://[wowza-ip-address]/live
Stream: Stream1 (or Stream2)

另外ㄧ個方法,下次再寫。

發佈於

在CentOS上,如何設定SSL給HTTPS,或其他應用。

採用OPENSSL指令來設定SSL,以下的動作需要root/su的權限才行。

參考網址:
http://wiki.centos.org/HowTos/Https
http://www.sslshopper.com/article-most-common-openssl-commands.html

 

1. 首先下載OpenSSL, openssl官網:http://www.openssl.org/

 yum install mod_ssl openssl

2. 產生ㄧ個self-signed certificate

 # 產生私有鑰匙 private key 
openssl genrsa -out ca.key 1024 

# 產生 CSR 
openssl req -new -key ca.key -out ca.csr

# 產生 Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# 將上述的檔案復制到正確的目錄
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

3. 修改/etc/httpd/conf.d/ssl.conf

....
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key   
...

4. 重新啓動httpd

service httpd restart

5. 設定虛擬主機(Virtual Hosting)

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>

6. 重新啓動httpd

service httpd restart

7. 設定防火牆

iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v

8 其他openssl主要指令集:
These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.
Generate a new private key and Certificate Signing Request

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Generate a self-signed certificate (see How to Create and Install an Apache Self Signed Certificate for more info)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Generate a certificate signing request (CSR) for an existing private key

openssl req -out CSR.csr -key privateKey.key -new

Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

Remove a passphrase from a private key

openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL
If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.

Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

Check a private key

openssl rsa -in privateKey.key -check

Check a certificate

openssl x509 -in certificate.crt -text -noout

Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

Debugging Using OpenSSL

If you are receiving an error that the private doesn’t match the certificate or that a certificate that you installed to a site is not trusted, try one of these commands. If you are trying to verify that an SSL certificate is installed correctly, be sure to check out the SSL Checker.

Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

Check an SSL connection. All the certificates (including Intermediates) should be displayed

openssl s_client -connect www.paypal.com:443

Converting Using OpenSSL

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS. Use our SSL Converter to convert certificates without messing with OpenSSL.

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt