Table of Contents

System Requirements

OS
Ubuntu Server LTS 64bit (recommended) 1)

Approximately for 5000 subscribers

Middlware Server with Stalker Middleware portal
CPUXeon5620
RAM16Gb
HDD2×500Gb RAID-1 (soft or hard)
Content Storage
CPUXeon5620
RAM16Gb
HDDSystem - 2×500Gb RAID-1, Content - 10×2Tb Hdw-RAID-5 (~200 simultaneous views)

Choosing of the distribution

The application works in any *nix system, but we strongly recommend to use stable 64 bit distribution of Ubuntu Server LTS. The work with other distributions is not guaranteed.

Attention! Ubuntu Server 16.04 LTS is not supported at the moment, because there are not some necessary packets for installation from the package.

Installing the "Stalker" portal

Necessary services & packets

  1. apache2
  2. apache2-rewrite
  3. nginx
  4. nginx-extras
  5. memcached
  6. mysqld >= 5
  7. php5 >= 5.3.0
  8. php5-mysql
  9. php-pear
  10. php-soap *
  11. php5-intl *
  12. php-gettext *
  13. php5-memcache *
  14. phing (for version >= 4.8.0) **
  15. node.js (nodejs package) >= v0.4.8 (for PVR management)
  16. upstart (for stalkerd - PVR mangemant)
  17. php5-curl *
  18. php5-tidy *
  19. php5-imagick *
  20. php5-geoip *

* - beginning from the version 4.8.35 they are automatically installed with phing using

** - phing installation: 

pear channel-discover pear.phing.info
pear install phing/phing

Example: Install all necessary services & packages for Ubuntu 14.04.3 LTS (performed by superuser “root”): 

sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get install -y -u apache2 nginx nginx-extras memcached mysql-server php5 php5-mysql php-pear nodejs upstart && sudo pear channel-discover pear.phing.info && sudo pear install -Z phing/phing

Installation order

GRANT ALL PRIVILEGES ON stalker_db.* TO stalker@localhost IDENTIFIED BY '1' WITH GRANT OPTION;
Do not edit file config.ini! If you want to change some settings - create file custom.ini and add the necessary configuration.
Do not copy the entire content of config.ini in custom.ini. Add customized sections to custom.ini only. 
sudo phing

Configure MySQL, PHP, Node.js, Apache, Nginx

MySQL

echo "max_allowed_packet = 32M" >> /etc/mysql/my.cnf

PHP

echo "short_open_tag = On" >> /etc/php5/apache2/php.ini

Node.js

Apache

a2enmod rewrite
apt-get purge libapache2-mod-php5filter
cat /dev/null > /etc/apache2/sites-available/000-default.conf
<VirtualHost *:88>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www
        <Directory /var/www/stalker_portal/>
                Options -Indexes -MultiViews
                AllowOverride ALL
                Require all granted
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Listen 88
service apache2 restart

Nginx

server {
    listen       80;
    server_name  localhost;
 
    location / {
        proxy_pass http://127.0.0.1:88/;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
    }
 
    location ~* \.(htm|html|jpeg|jpg|gif|png|css|js)$ {
        root /var/www;
        expires 30d;
    }
}
service nginx restart
  • Admin interface will be available via URL http://<your_ip_or_domain_name>/stalker_portal/server/adm/.

Default access:
login: admin
password: 1
The recommended browser for the admin interface: - Mozilla Firefox and Google Chrome
If it is necessary you can change the admin password in MySQL: 

update administrators set pass=MD5('new password') where login='admin';
  • Client interface is available http://<ip>/stalker_portal/c/. Client interface designed for STB MAG* only.
  • New Client interface is available http://<ip>//stalker_portal/new/launcher/. By default .htaccess has deny from all.

Portal URL can be set in STB:

  1. From Embedded portal - System Settings (press SET or SETUP)ServersPortals(Portal 1 URL and/or Portal 2 URL)
  2. Manually set variable portal1 and/or portal2. For example: connect via SSH and use command fw_setenv portal1 http://<your_ip_or_domain_name>/stalker_portal/c/index.html

Utility fw_setenv is described in documentation Operator guide Section: Utilities description, page 26.
The most used variabls

Updating and Localization

Updating

  1. Rename the folder with the previous version. For exemple: stalker_portal-old.
  2. Download and unzip the file with the new version;
  3. Copy custom.ini file from old version to the new one;
  4. Copy /var/www/stalker_portal/screenshots/ folder from old version to the new one;
  5. Copy all files (except the dummy.png file) from stalker_portal/misc/logos/ folder to new version.;
  6. Enter into /var/www/stalker_portal/deploy/ and run command:
sudo phing

Localization

Middleware Stalker interface uses 2 locales: RU, EN. In default Stalker deducts the current localization variable from the main software and install the interface localization according to it's variable.

To install Stalker portal localization by default it is neccessary:

Containing of custom.ini: 

[locales]
default_locale = en_GB.utf8
;allowed_locales[Russian] = ru_RU.utf8
allowed_locales[English] = en_GB.utf8

In this case Stalker portal will be loaded with english interface independantly from the software locale.

Attention!The name of the locale used in the Middleware and the name of server system locale should be the same.

Interface localization in other language

For correct localization switching in Admin interface next locales should be installed on the server

Configuration of the Storage (separate server)

Necessary services & packets

1. apache2
2. php5 >= 5.3.0
3. php-soap
4. python-argparse (for TV recording)
5. nginx (for "TV Archive", recording or VOD via HTTP)

Installation order

for example: 

apt-get install -y -u apache2 php5 php-soap python2.7 nginx
chmod a+x install.sh
./install.sh

For exemple: 

define('VIDEO_STORAGE_DIR', '/media/raid0/storage/');
define('KARAOKE_STORAGE_DIR', '/media/raid0/karaoke/');
define('RECORDS_DIR', '/media/raid0/records/');
define('NFS_HOME_PATH', '/media/raid0/mac/');
// Use login and password from the configuration file. (api_auth_login and api_auth_password in server/custom.ini)
define('API_URL', 'http://login:password@192.168.1.71/stalker_portal/api/');
define('PORTAL_URL', 'http://192.168.1.71/stalker_portal/');
define('STORAGE_NAME', 'bb3');

where is:

VIDEO_STORAGE_DIR - directory for files of “Videoclub” storing;

KARAOKE_STORAGE_DIR - directory for files of “Karaoke” storing;

RECORDS_DIR - directory for files PVR and “TV Archive” storing; "TV archive" settings;

NFS_HOME_PATH - STB's home directory;

API_URL - URL, which will be used for channel recording request from middleware. Watch "TV archive" settings:

PORTAL_URL - portal address. At this address will be sent to requests from “storage” to check the keys to access the archive;

STORAGE_NAME - storage name. 

mkdir -p -m 0777 /media/raid0/storage /media/raid0/karaoke /media/raid0/records /media/raid0/mac
mkdir /var/www/media
ln -s /media/raid0/mac/ /var/www/media/<storage name>

Configuring Apache, Nginx

Apache

NameVirtualHost *:88
Listen 88
TimeOut 1800

Nginx

server {
    listen       80;
    server_name  example.com;
 
    location / {
        proxy_pass http://127.0.0.1:88/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
 
    location ~* \.(mpg|mpeg|avi|ts|mkv|mp4|mov|m2ts|flv|m4v|srt|sub|ass)$ {
 
        secure_link $arg_st,$arg_e;
        secure_link_md5 "supersecret$uri$remote_addr$arg_e"; # you can change secret "supersecret" in the portal config - nginx_secure_link_secret

        if ($secure_link = "") {
            return 403;
        }
 
        if ($secure_link = "0") {
            return 410;
        }
 
        send_timeout 6h;
        root /var/www/;
    }
}


"TV archive" settings

Before turning on “TV archive” option in TV channels, it is necessary to configure the "storage".
Attention! Only multicast streams can be recorded! Multicast streams should be available on the “Storage”
Checking of the availability of multicast streams can be performed with help of dumprtp utility. Utility dumprtp is included in dvbstream packet.
Example: 
dumprtp 239.1.1.1 1234 > dump239.1.1.1.ts

where:

  • 239.1.1.1 - IP address of multicast stream
  • 1234 - port of multicast stream
  • dump239.1.1.1.ts - file name with dump of multicast stream.

Received files can be played by any player (for example: VLC).


where is:

RECORDS_DIR - directory with permission 0777, there will be create archive directory, which will contain all files.

API_URL - URL, which will record the channels from middleware. Usually it is http://<middleware directory>/api/tv_archive/.

To check it you can open your <API_URL>/tv_archive/ in browser and there should be next:
{“status”:“ERROR”,“results”:null,“error”:“Empty storage name”}
If there is an error 404 Not Found, then you have wrong configuration in apache and mod_rewrite.
/tv_archive - virtual directory! Do not create it manually!

PORTAL_URL - portal address. At this address will be sent to requests from “storage” to check the keys to access the archive;

STORAGE_NAME - storage name, which indicated in Admin interface. 

mkdir -m 0777 /media/raid0/records/archive
ln -s /media/raid0/records/archive/  /var/www/
TimeOut 1800


Security

Web

User identification

First of all it is necessary to turn on rpaf module in apache. It allows to see the real IP address of user while working in nginx and use restricting access in apache configuration file. 

sudo apt-get install libapache2-mod-rpaf

Restricting access in Admin interface

To improve security of Admin interface it is strongly recommended to use the same IP address for opening. This can be set in apache configuration file, where portal's host is described. After making changes it is necessary to restart apache. 

<Directory /var/www/stalker_portal/server/administrator/>
    Order Deny,Allow
    Deny from All
    Allow from 192.168.1.0/24
</Directory>

STB - Authorization

Strongly recommended! For client portal's access to use STB authorization by login/password, "Authorization with key" method.

Disable support for emulators and thirs party devices

Add in custom.ini next string 

disable_third_party_devices = true

Portal access limitation for new STBs

Beginning from 4.8.63 portal version there is new option appeared default_stb_status, which allows to close portal access for all new STBs. To enable this option it is necessary to add in server/custom.ini: 

default_stb_status = 0

For old version in MySQL it is necessary to do: 

ALTER TABLE `users` MODIFY `status` tinyint DEFAULT 1;

After this all new STBs will have status OFF in admin interface.

Access to portal using login&password

Simple authorization

Access to portal organization for new STBs using login&password. Portal admin creates login&password and provide them to user. While first loading there will be authorization window which request login&password. After successful authorization MAC address will be adjust to login. Further portal loading will be without authorization.

For this it is necessary to:

  1. In custom.ini add next 
    auth_url = http://localhost/stalker_portal/server/tools/auth_simple.php
  2. In admin interface users > add - add user, it is enough to specify login (unique) and password. MAC address field should be empty.
Authorization with key

Access to portal organization by login&password. Portal admin creates login/password and provide them to user. While first loading there will be authorization window which request login&password. After successful authorization new key will be generating which is based on lgin&password. This key is stored on STB, which will validates while next portal loading. If the same login&password will be used for another STB than previous one will be un-authorized automatically.

For this it is necessary to:

  1. In custom.ini add next 
    auth_url = http://localhost/stalker_portal/server/tools/auth_every_load.php
  2. In admin interface users > add - add user, it is enough ti specify login (unique) and password. MAC address field should be empty.

API

We are strongly recommend to pay attention on safity while API enable/use.
Recommendation about using:

  • Authentication (login&password) for access to API.
  • Strong passwords.
  • Firewall.

Billing

If it is necessary to turn on API for working with external billing systems then it is strongly recommended to use authorization. Specify the login and password in server/custom.ini. 

[server_api]
; API required for tv archive, pvr and billing
enable_api = true
api_auth_login = login ; login specifying
api_auth_password = password ; password specifying

Storage configuring

On the storages, which are used for recording, it is necessary to specify TASKS_API_URL parameter with login and password (in storage/config.php): 

define('TASKS_API_URL', 'http://login:password@localhost/stalker_portal/api/tv_archive/');

Temporary URLs

If the Wowza temporary URLs are using for playing, then it is necessary to specify the login and password for work with API in configuration of Wowza application. It is not necessary to specify them if nginx and VLC/udpxy are used.

API address setting in configuration file of Wowza: 

<Property>
    <Name>stalkerApiServer</Name>
    <Value>http://login:password@192.168.1.1/stalker_portal/api/</Value>
</Property>

TV channel monitoring

In script check_channels.sh API_URLit is necessary to specify authorization URL: 

API_URL=http://login:password@localhost/stalker_portal/api/monitoring_links/

Firewall

It is recommended to make access on 88 port (apache) for local access and access from storage, which are working with temporary URLs.


1)
Attention! Ubuntu Server 16.04 LTS is not supported at the moment since some packets unstable in distribution.