Topic: Computer

Hardware, software & hacks

Ant Media Server with Apache Reverse Proxy

I’ve been using the Communtiy Edition of Ant Media Server for quite a while. The server is normally addressed via HTTP on port 5080. In principle HTTPS with Let’s Encrypt is also possible, but only if no web server is already active on port 80, which is not practical for my application. Instead, I configured a reverse proxy in Apache.

However after one of the last updates there was an unexpected problem: the live stream was still working, but trying to login to the dashboard was acknowledged with HTTP 403. The solution for this is to add the option ProxyAddHeaders off to the proxy configuration. Apparently Ant Media denies access to the dashboard when a proxy is used. The new configuration now looks like this:

RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:5080/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:5080/$1 [P,L]
ProxyAddHeaders off
ProxyPass / http://localhost:5080/
ProxyPassReverse / http://localhost:5080/

In this way, both the dashboard and live streams can be used. Just be aware that Ant Media now also treats every incoming request as it was from 127.0.0.1 and not the IP address of the client.

Update 2022-08-29

The reason for this behavior is now also clear:

Ant Media doesn’t support IPv6 – at least the community version I’m currently using. This can easily be checked by setting up an FQDN for the machine running Ant Media that only has an AAAA record and then trying to contact Ant Media using that name and port 5080. In this case no connection is possible since Ant Media does not have any IPv6 listener only IPv4.

When using a proxy, connection requests via IPv6 are handled by proxy and then forwarded to Ant Media with IPv4. However, these requests contain the IPv6 address as the source in the headers, which Ant Media cannot interpret as an allowed IPv4 address and therefore rejects the request.

The addition ProxyAddHeaders off prevents the IPv6 source address from being passed on in the headers, so that for Ant Media all requests come as IPv4 from the address 127.0.0.1, which is accepted.

Update 2022-09-10

The problem can be fixed by adjusting the configuration which will propably included in one of the next updates of Ant Media – also see Use Ant Media with IPv6.

Home Assistant

Tasmota, web interfaceRecently I’ve been working on a small craft project: extending an IKEA Vindriktning air quality sensor with a D1 Mini to read the data and forward it to a server via MQTT.

See also Sören Beye’s Github repository for the conversion. However, instead of this firmware, I use Tasmota based on these instructions from Blakadder, which is much more convenient to set up and configure. See also the Tasmotizer on Github.

When I was looking for a suitable server, I quickly ended up at Home Assistant. This is a free software solution for integrating numerous smart home devices and can also be used on a Raspberry Pi 3 or 4. In my case this is a Raspberry Pi 4.

Update 2022-08-14: In the meantime I have expanded this with another sensor for CO2, relative humidity and temperature, see the article here.

Continue reading

Retbleed

Does anyone remember Meltdown and  Spectre? These vulnerabilities were discovered in June and July 2017 and publicly documented in early 2018. As a result, countermeasures have been taken by software manufacturers for both operating systems and applications, some of which also lead to reduced performance.

As reported on https://www.ncsc.admin.ch/retbleed-en, researchers of the ETH Zürich now discovered a vulnerability in one of the counter measures – retpoline – affecting CPUs by Intel and AMD which got the name “Retbleed” (CVE-2022-29900, CVE-2022-29901). Also see the description at https://comsec.ethz.ch/research/microarch/retbleed/.

Fast SSD with NVMe

NVMe is the abbreviation for “Non Volatile Memory Express” and describes a standard for connecting SSDs via PCI Express. With SATA the speed is limited to 600 MB/s. In addition, AHCI (Advanced Host Controller Interface) used by SATA was primarily developed for hard drives and limits the possible I/O operations per second (IOPS). With NVMe both have been improved – PCI Express enables significantly higher transfer rates of up to 32 GBit/s or 4 GB/s via PCIe 4x and more than 500000 IOPS.

After one of the SSDs in my “retro PC” started reporting checksum errors I installed an NVMe drive with a PCIe adapter card for M.2 as a replacement.

Continue reading

By the way – about USB controllers

My PC is built into a tower case from Chieftec. This case offers also external ports for USB 3 among other things. Internally, these ports are connected to the mainboard.

However, I also installed an internal memory card reader from Chieftec, which also uses USB 3 and offers a 4× USB hub. This means that the only internal USB 3 port on the mainboard is occupied. In order to be able to use the external USB connections, I bought an additional controller for PCI-Express, which offers two external USB connections and two more internal connections. The connections in the housing can also be supplied via this.

So far so good – but there was a strange effect when I tried to use a Velleman K8055N: as soon as the connection was established in the software, the software stopped working. This effect did not occur using the connections of the mainboard itself. The USB connections of the memory card reader were not a problem either.

Continue reading