Bob Mottram 10 jaren geleden
bovenliggende
commit
69f8d3fc97
1 gewijzigde bestanden met toevoegingen van 226 en 0 verwijderingen
  1. 226
    0
      beaglebone.txt

+ 226
- 0
beaglebone.txt Bestand weergeven

@@ -8358,6 +8358,232 @@ a2ensite $HOSTNAME
8358 8358
 service apache2 restart
8359 8359
 #+END_SRC
8360 8360
 
8361
+** Subsonic
8362
+
8363
+Subsonic looks ok as a media server, but the deb file downloadable from soureforge seems to be not quite free - i.e. to have a built in licensing antifeature. There is a fully free version with the antifeature removed, but currently the debian build fails.
8364
+
8365
+#+BEGIN_SRC
8366
+apt-get install openjdk-7-jre openjdk-7-jdk lintian maven
8367
+adduser subsonic
8368
+mkdir ~/build
8369
+cd ~/build
8370
+git clone https://github.com/EugeneKay/subsonic.git
8371
+cd subsonic
8372
+git checkout release
8373
+mvn package
8374
+mvn -P full -pl subsonic-booter -am install
8375
+mvn -P full -pl subsonic-installer-debian/ -am install
8376
+dpkg -i ./subsonic-installer-debian/target/subsonic-*.deb
8377
+editor /etc/default/subsonic
8378
+#+END_SRC
8379
+
8380
+Settings should look like the following:
8381
+
8382
+#+BEGIN_SRC: bash
8383
+SUBSONIC_ARGS="--port=4040 --max-memory=100"
8384
+SUBSONIC_USER=subsonic
8385
+#+END_SRC
8386
+
8387
+Save and exit.
8388
+
8389
+#+BEGIN_SRC: bash
8390
+chown -R subsonic:subsonic /var/subsonic
8391
+service subsonic restart
8392
+#+END_SRC
8393
+
8394
+Edit your Apache configuration.
8395
+
8396
+#+BEGIN_SRC: bash
8397
+export HOSTNAME=mydomainname.com
8398
+editor /etc/apache2/sites-available/$HOSTNAME
8399
+#+END_SRC
8400
+
8401
+Add the following, replacing /mysubsonicdomainname.com/ with your subsonic domain name and /myusername@mydomainname.com/ with your email address.
8402
+
8403
+#+BEGIN_SRC: bash
8404
+<VirtualHost *:80>
8405
+    ServerAdmin myusername@mydomainname.com
8406
+    ServerName mysubsonicdomainname.com
8407
+
8408
+    ProxyRequests Off
8409
+    ProxyPreserveHost Off
8410
+
8411
+    <Location />
8412
+        ProxyPass  http://localhost:4040/
8413
+        ProxyPassReverse  http://localhost:4040/
8414
+    </Location>
8415
+
8416
+    RewriteEngine on
8417
+    RewriteOptions inherit
8418
+
8419
+    ErrorLog ${APACHE_LOG_DIR}/paste_error.log
8420
+
8421
+    # Possible values include: debug, info, notice, warn, error, crit,
8422
+    # alert, emerg.
8423
+    LogLevel error
8424
+
8425
+    CustomLog ${APACHE_LOG_DIR}/paste.log combined
8426
+</VirtualHost>
8427
+
8428
+
8429
+<IfModule mod_ssl.c>
8430
+<VirtualHost *:443>
8431
+    ServerAdmin myusername@mydomainname.com
8432
+    ServerName mysubsonicdomainname.com
8433
+
8434
+    ProxyRequests Off
8435
+    ProxyPreserveHost Off
8436
+
8437
+    <Location />
8438
+        ProxyPass  http://localhost:4040/
8439
+        ProxyPassReverse  http://localhost:4040/
8440
+    </Location>
8441
+
8442
+    RewriteEngine on
8443
+    RewriteOptions inherit
8444
+
8445
+    DocumentRoot /var/www/mysubsonicdomainname.com/htdocs
8446
+    <Directory />
8447
+        Options FollowSymLinks
8448
+        AllowOverride All
8449
+    </Directory>
8450
+    <Directory /var/www/mysubsonicdomainname.com/htdocs/>
8451
+        Options All
8452
+        AllowOverride All
8453
+        Order allow,deny
8454
+        allow from all
8455
+        LimitRequestBody 5120000
8456
+    </Directory>
8457
+
8458
+    # Don't serve .php~ or .php# files created by emacs
8459
+    <Files ~ "(^#.*#|~|\.sw[op])$">
8460
+        Order allow,deny
8461
+        Deny from all
8462
+    </Files>
8463
+
8464
+    <IfModule headers_module>
8465
+        Header set X-Content-Type-Options nosniff
8466
+        Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate, private"
8467
+        Header set Pragma no-cache
8468
+    </IfModule>
8469
+
8470
+    <Files .htaccess>
8471
+      deny from all
8472
+    </Files>
8473
+
8474
+    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
8475
+    <Directory "/usr/lib/cgi-bin">
8476
+        AllowOverride All
8477
+        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
8478
+        Order allow,deny
8479
+        Allow from all
8480
+        LimitRequestBody 512000
8481
+    </Directory>
8482
+
8483
+    ErrorLog ${APACHE_LOG_DIR}/error.log
8484
+
8485
+    # Possible values include: debug, info, notice, warn, error, crit,
8486
+    # alert, emerg.
8487
+    LogLevel error
8488
+
8489
+    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
8490
+
8491
+    #   SSL Engine Switch:
8492
+    #   Enable/Disable SSL for this virtual host.
8493
+    SSLEngine on
8494
+
8495
+	SSLCertificateFile    /etc/ssl/certs/mysubsonicdomainname.com.crt
8496
+	SSLCertificateKeyFile /etc/ssl/private/mysubsonicdomainname.com.key
8497
+
8498
+    # Options based on bettercrypto.org
8499
+    SSLProtocol All -SSLv2 -SSLv3
8500
+    SSLHonorCipherOrder On
8501
+    SSLCompression off
8502
+    SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
8503
+
8504
+    # Add six earth month HSTS header for all users ...
8505
+    Header add Strict-Transport-Security "max-age=15768000"
8506
+    # If you want to protect all subdomains , use the following header
8507
+    # ALL subdomains HAVE TO support https if you use this !
8508
+    # Strict-Transport-Security: max-age=15768000 ; includeSubDomains
8509
+
8510
+    #   SSL Engine Options:
8511
+    #   Set various options for the SSL engine.
8512
+    #   o FakeBasicAuth:
8513
+    #     Translate the client X.509 into a Basic Authorisation.  This means that
8514
+    #     the standard Auth/DBMAuth methods can be used for access control.  The
8515
+    #     user name is the `one line' version of the client's X.509 certificate.
8516
+    #     Note that no password is obtained from the user. Every entry in the user
8517
+    #     file needs this password: `xxj31ZMTZzkVA'.
8518
+    #   o ExportCertData:
8519
+    #     This exports two additional environment variables: SSL_CLIENT_CERT and
8520
+    #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
8521
+    #     server (always existing) and the client (only existing when client
8522
+    #     authentication is used). This can be used to import the certificates
8523
+    #     into CGI scripts.
8524
+    #   o StdEnvVars:
8525
+    #     This exports the standard SSL/TLS related `SSL_*' environment variables.
8526
+    #     Per default this exportation is switched off for performance reasons,
8527
+    #     because the extraction step is an expensive operation and is usually
8528
+    #     useless for serving static content. So one usually enables the
8529
+    #     exportation for CGI and SSI requests only.
8530
+    #   o StrictRequire:
8531
+    #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
8532
+    #     under a "Satisfy any" situation, i.e. when it applies access is denied
8533
+    #     and no other module can change it.
8534
+    #   o OptRenegotiate:
8535
+    #     This enables optimized SSL connection renegotiation handling when SSL
8536
+    #     directives are used in per-directory context.
8537
+    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
8538
+    <FilesMatch "\.(cgi|shtml|phtml|php)$">
8539
+        SSLOptions +StdEnvVars
8540
+    </FilesMatch>
8541
+    <Directory /usr/lib/cgi-bin>
8542
+        SSLOptions +StdEnvVars
8543
+    </Directory>
8544
+
8545
+    #   SSL Protocol Adjustments:
8546
+    #   The safe and default but still SSL/TLS standard compliant shutdown
8547
+    #   approach is that mod_ssl sends the close notify alert but doesn't wait for
8548
+    #   the close notify alert from client. When you need a different shutdown
8549
+    #   approach you can use one of the following variables:
8550
+    #   o ssl-unclean-shutdown:
8551
+    #     This forces an unclean shutdown when the connection is closed, i.e. no
8552
+    #     SSL close notify alert is send or allowed to received.  This violates
8553
+    #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
8554
+    #     this when you receive I/O errors because of the standard approach where
8555
+    #     mod_ssl sends the close notify alert.
8556
+    #   o ssl-accurate-shutdown:
8557
+    #     This forces an accurate shutdown when the connection is closed, i.e. a
8558
+    #     SSL close notify alert is send and mod_ssl waits for the close notify
8559
+    #     alert of the client. This is 100% SSL/TLS standard compliant, but in
8560
+    #     practice often causes hanging connections with brain-dead browsers. Use
8561
+    #     this only for browsers where you know that their SSL implementation
8562
+    #     works correctly.
8563
+    #   Notice: Most problems of broken clients are also related to the HTTP
8564
+    #   keep-alive facility, so you usually additionally want to disable
8565
+    #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
8566
+    #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
8567
+    #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
8568
+    #   "force-response-1.0" for this.
8569
+    BrowserMatch "MSIE [2-6]" \
8570
+        nokeepalive ssl-unclean-shutdown \
8571
+        downgrade-1.0 force-response-1.0
8572
+    # MSIE 7 and newer should be able to use keepalive
8573
+    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
8574
+
8575
+</VirtualHost>
8576
+</IfModule>
8577
+#+END_SRC
8578
+
8579
+Save and exit.
8580
+
8581
+#+BEGIN_SRC: bash
8582
+makecert mysubsonicdomainname.com
8583
+a2ensite mysubsonicdomainname.com
8584
+service apache2 restart
8585
+#+END_SRC
8586
+
8361 8587
 * Related projects
8362 8588
 
8363 8589
   * [[https://freedomboxfoundation.org/][Freedombox]]