Phriction Welcome in gitpull.it, a Phabricator instance! Border Radio Reference History Version 7 vs 31
Version 7 vs 31
Version 7 vs 31
Edits
Edits
- Edit by valerio.bozzolan, Version 31
- Jan 25 2022 00:47
- Edit by valerio.bozzolan, Version 7
- Sep 28 2020 20:13
Edit Older Version 7... | Edit Current Version 31... |
Content Changes
Content Changes
This is a reference of the current implementation of #border_radio infrastructure currently hosted in #reyboz.
== Overview ==
{F32030, size=full}
== Icecast Stream ==
The stream is broadcasted to the people via Icecast. The current installed version can be seen there:
https://packages.debian.org/buster/icecast2
It's served by the main #reyboz webserver.
It's exposed by HTTP (directly via Icecast) and HTTPs (under a frontend Apache webserver).
* http://stream.border-radio.it:8000/radio.mp3
* https://stream.border-radio.it/radio.mp3
== Podcast Drive ==
This is the Border Radio Podcast drive:
* http://static.border-radio.it/podcast/
* https://static.border-radio.it/podcast/
Because storage is expensive, the Border Radio Podcast Drive it's a single board computer with a 1TB hard drive hidden in a LAN. It has a webserver but it's not reachable from itself because actually we have not the ability to configure its router.
In order to be available to the world, that node keep online an SSH reverse tunnel to #reyboz similar to this one:
```
autossh -R 8081:localhost:80 border-tunnel@reyboz
```
And in #reyboz we have a small Apache proxy that exposes the incoming HTTP traffic to that opened `8081` loopback port with something like this:
```
name=/etc/apache2/sites-enabled/border-radio.static.conf
<VirtualHost *:80>
ServerName static.border-radio.it
# serve some local files (just temporary certificates actually)
DocumentRoot /home/www-data/reyboz.it/static/border-radio
# allow to renew let's encrypt certificates when it creates temporary stuff in this directory
ProxyPass "/.well-known" "!"
# proxy enabled by a reverse SSH tunnel from an hidden LAN from a secret single board computer. asd
ProxyPass / http://localhost:8081/border-radio/
ProxyPassReverse / http://localhost:8081/border-radio/
</VirtualHost>
```
== Stream Director ==
We have a computer in the Border Radio LAN.
TODO
== Website ==
* https://border-radio.it/
The website is a WordPress instance installed via the `wordpress` package in Debian GNU/Linux stable (currently codename `buster`). This choice was done in order to keep the website secure via the package manager and do not break the website on unintended WordPress upgrades.
The current WordPress version can be seen there:
* https://packages.debian.org/buster/wordpress
It's served by the main #reyboz webserver.
== Border Regia remote desktop (VNC) ==
Change password (8 characters):
```
sudo x11vnc -storepasswd asdasdas /etc/x11vnc.pass
```
See {T489}.
== Border Regia SSH reverse tunnel ==
On the Border Radio regia there is a reverse SSH tunnel opened to the #reyboz server:
```
systemctl status autossh-reyboz
```
See [[ reyboz/ports/ ]].
This is a reference of the current implementation of #border_radio infrastructure currently hosted in #reyboz.
== Network overview ==
{F1540966, size=full}
== Icecast Stream ==
The stream is broadcasted to the people via Icecast. The current installed version can be seen there:
https://packages.debian.org/buster/icecast2
It's served by the main #reyboz webserver.
It's exposed by HTTP (directly via Icecast) and HTTPs (under a frontend Apache webserver).
* http://stream.border-radio.it:8000/radio.mp3
* https://stream.border-radio.it/radio.mp3
There is also a low-priority hidden mountpoint used by LibreTime:
https://stream.border-radio.it/music
== Podcast Drive ==
This is the Border Radio Podcast drive:
* http://static.border-radio.it/podcast/
* https://static.border-radio.it/podcast/
Because storage is expensive, the Border Radio Podcast Drive it's a single board computer with a 1TB hard drive hidden in a LAN. It's exposed via dirty hacks like pirates (using a reverse SSH tunnel). In the future we may want to get rid of this reverse SSH tunnel and expose this host directly from Comala's LAN hacking with the port forwarding settings in the Comala's router (but actually nobody in Comala knows the router's password).
See {T490}
=== Podcast Drive FTP ===
Border Radio podcast drive FTP server's configuration:
FTP server:
`border-radio.it`
FTP port:
2121
FTP modality:
passive
Credentials:
* {K21}
* {K22}
=== Podcast drive SFTP ===
The Podcast drive can be accessed via SFTP via the `ftp-border-radio` user.
This is used in background to mirror stuff locally and to use podcasts in LibreTime.
== Website ==
* https://border-radio.it/
The website is a WordPress instance installed via the `wordpress` package in Debian GNU/Linux stable (currently codename `buster`). This choice was done in order to keep the website secure via the package manager and do not break the website on unintended WordPress upgrades.
The current WordPress version can be seen there:
* https://packages.debian.org/buster/wordpress
It's served by the main #reyboz webserver.
=== Website theme ===
Border Radio adopted the [[ https://themeforest.net/item/onair2-radio-station-wordpress-theme/19340714 | OnAir2 WordPress theme ]]. To be honest under its hood is shitty (ask we why please) but, hey, it was the best we found. Moreover it's free as in freedom so we hope to patch it and improve it.
Tips:
* change homepage splash image (T581)
FTP access for the theme directory:
{K26}
== Border Regia remote desktop (VNC) ==
Change password (8 characters):
```
sudo x11vnc -storepasswd asdasdas /etc/x11vnc.pass
```
See {T489}.
{K25}
== Border Regia SSH reverse tunnel ==
On the Border Radio regia there is a reverse SSH tunnel opened to the #reyboz server:
```
systemctl status autossh-reyboz
```
In short it connects via:
```
ssh [various parameters] border-radio-regia@reyboz.it
```
See [[ reyboz/ports/ ]].
== Border Radio LibreTime ==
LibreTime is exposed here:
https://director.border-radio.it/
Before visiting it you must insert these HTTP Auth credentials:
{K23}
To restart the service:
```
sudo systemctl restart libretime
```
More details at:
{T594}
The source code is here:
* https://github.com/BorderRadio/docker-multicontainer-libretime
== Border Radio LibreTime live Icecast ==
LibreTime exposes an Icecast server to enter in live:
{K27}
== Logo ==
The logos should be show in the Visual Identity page:
https://border-radio.it/visual-identity/
Rounded:
{F643879}
Long with phrase:
{F643879}
This is a reference of the current implementation of #border_radio infrastructure currently hosted in #reyboz.
== O== Network overview ==
{F32030{F1540966, size=full}
== Icecast Stream ==
The stream is broadcasted to the people via Icecast. The current installed version can be seen there:
https://packages.debian.org/buster/icecast2
It's served by the main #reyboz webserver.
It's exposed by HTTP (directly via Icecast) and HTTPs (under a frontend Apache webserver).
* http://stream.border-radio.it:8000/radio.mp3
* https://stream.border-radio.it/radio.mp3
There is also a low-priority hidden mountpoint used by LibreTime:
https://stream.border-radio.it/music
== Podcast Drive ==
This is the Border Radio Podcast drive:
* http://static.border-radio.it/podcast/
* https://static.border-radio.it/podcast/
Because storage is expensive, the Border Radio Podcast Drive it's a single board computer with a 1TB hard drive hidden in a LAN. It has a webserver but it's not reachable from itself because actually we have not the ability to configure its router's exposed via dirty hacks like pirates (using a reverse SSH tunnel). In the future we may want to get rid of this reverse SSH tunnel and expose this host directly from Comala's LAN hacking with the port forwarding settings in the Comala's router (but actually nobody in Comala knows the router's password).
In order to be available to the world, that node keep online an SSH reverse tunnel to #reyboz similar to this one:See {T490}
```
autossh -R 8081:localhost:80 border-tunnel@reyboz
```=== Podcast Drive FTP ===
And in #reyboz we have a small Apache proxy that exposes the incoming HTTP traffic to that opened `8081` loopback port with something like thisBorder Radio podcast drive FTP server's configuration:
```FTP server:
name=/etc/apache2/sites-enabled/`border-radio.static.conf
<VirtualHost *:80>
ServerName static.border-radio.itit`
# serve some local files (just temporary certificates actually)FTP port:
DocumentRoot /home/www-data/reyboz.it/static/border-radio2121
# allow to renew let's encrypt certificates when it creates temporary stuff in this directoryFTP modality:
ProxyPass "/.well-known" "!"passive
# proxy enabled by a reverse SSH tunnel from an hidden LAN from a secret single board computer. asd
ProxyPass / http://localhost:8081/border-radio/
ProxyPassReverse / http://localhost:8081/border-radio/
</VirtualHost>Credentials:
* {K21}
```* {K22}
== Stream Director ===== Podcast drive SFTP ===
We have a computer inThe Podcast drive can be accessed via SFTP via the B`ftp-border R-radio LAN` user.
TODOThis is used in background to mirror stuff locally and to use podcasts in LibreTime.
== Website ==
* https://border-radio.it/
The website is a WordPress instance installed via the `wordpress` package in Debian GNU/Linux stable (currently codename `buster`). This choice was done in order to keep the website secure via the package manager and do not break the website on unintended WordPress upgrades.
The current WordPress version can be seen there:
* https://packages.debian.org/buster/wordpress
It's served by the main #reyboz webserver.
=== Website theme ===
Border Radio adopted the [[ https://themeforest.net/item/onair2-radio-station-wordpress-theme/19340714 | OnAir2 WordPress theme ]]. To be honest under its hood is shitty (ask we why please) but, hey, it was the best we found. Moreover it's free as in freedom so we hope to patch it and improve it.
Tips:
* change homepage splash image (T581)
FTP access for the theme directory:
{K26}
== Border Regia remote desktop (VNC) ==
Change password (8 characters):
```
sudo x11vnc -storepasswd asdasdas /etc/x11vnc.pass
```
See {T489}.
{K25}
== Border Regia SSH reverse tunnel ==
On the Border Radio regia there is a reverse SSH tunnel opened to the #reyboz server:
```
systemctl status autossh-reyboz
```
In short it connects via:
```
ssh [various parameters] border-radio-regia@reyboz.it
```
See [[ reyboz/ports/ ]].
== Border Radio LibreTime ==
LibreTime is exposed here:
https://director.border-radio.it/
Before visiting it you must insert these HTTP Auth credentials:
{K23}
To restart the service:
```
sudo systemctl restart libretime
```
More details at:
{T594}
The source code is here:
* https://github.com/BorderRadio/docker-multicontainer-libretime
== Border Radio LibreTime live Icecast ==
LibreTime exposes an Icecast server to enter in live:
{K27}
== Logo ==
The logos should be show in the Visual Identity page:
https://border-radio.it/visual-identity/
Rounded:
{F643879}
Long with phrase:
{F643879}
Public contents are in Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) or GNU Free Documentation License (at your option) unless otherwise noted. · Contact / Register