System Requirements

OS
Ubuntu Server LTS 64bit (recommended) ¹⁾

Approximately for 5000 subscribers

Middlware Server with Stalker Middleware portal
CPU	2×Xeon5620
RAM	16Gb
HDD	2×500Gb RAID-1 (soft or hard)

Content Storage
CPU	2×Xeon5620
RAM	16Gb
HDD	System - 2×500Gb RAID-1, Content - 10×2Tb Hdw-RAID-5 (~200 simultaneous views)

Choosing of the distribution

The application works in any *nix system, but we strongly recommend to use stable 64 bit distribution of Ubuntu Server LTS. The work with other distributions is not guaranteed.

Attention! Ubuntu Server 16.04 LTS is not supported at the moment, because there are not some necessary packets for installation from the package.

Installing the "Stalker" portal

Necessary services & packets

apache2
apache2-rewrite
nginx
nginx-extras
memcached
mysqld >= 5
php5 >= 5.3.0
php5-mysql
php-pear
php-soap *
php5-intl *
php-gettext *
php5-memcache *
phing (for version >= 4.8.0) **
node.js (nodejs package) >= v0.4.8 (for PVR management)
upstart (for stalkerd - PVR mangemant)
php5-curl *
php5-tidy *
php5-imagick *
php5-geoip *

* - beginning from the version 4.8.35 they are automatically installed with phing using

** - phing installation:

pear channel-discover pear.phing.info
pear install phing/phing

Example: Install all necessary services & packages for Ubuntu 14.04.3 LTS (performed by superuser “root”):

sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get install -y -u apache2 nginx nginx-extras memcached mysql-server php5 php5-mysql php-pear nodejs upstart && sudo pear channel-discover pear.phing.info && sudo pear install -Z phing/phing

Installation order

1. Install the necessary services, packages;

2.Download and unzip current release of “Stalker MW” in your web-server directory (For example in /var/www/). Project files should be available by the URL http://<your_ip_or_domain_name>/stalker_portal/; * <fs medium>3.Create MySQL user with permision to access stalker_db database only:

GRANT ALL PRIVILEGES ON stalker_db.* TO stalker@localhost IDENTIFIED BY '1' WITH GRANT OPTION;

4. Configuration file /var/www/stalker_portal/server/config.ini.

Do not edit file config.ini! If you want to change some settings - create file custom.ini and add the necessary configuration.
Do not copy the entire content of config.ini in custom.ini. Add customized sections to custom.ini only.

5. Go to /var/www/stalker_portal/deploy/ and run phing

sudo phing

6. Configure MySQL, PHP, Node.js, Apache, Nginx;

Configure MySQL, PHP, Node.js, Apache, Nginx

MySQL

echo "max_allowed_packet = 32M" >> /etc/mysql/my.cnf

PHP

echo "short_open_tag = On" >> /etc/php5/apache2/php.ini

Node.js

Check that the config.ini and custom.ini have the correct values for daemon_api_url and stalker_api_url

Apache

Enable mod_rewrite:

a2enmod rewrite

Make sure that the package libapache2-mod-php5filter is not installed on the system. If necessary, remove it.

apt-get purge libapache2-mod-php5filter

Remove content of /etc/apache2/sites-available/000-default.conf Do not forget to make backup.

cat /dev/null > /etc/apache2/sites-available/000-default.conf

Add next content to /etc/apache2/sites-available/000-default.conf

<VirtualHost *:88>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www
        <Directory /var/www/stalker_portal/>
                Options -Indexes -MultiViews
                AllowOverride ALL
                Require all granted
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Set in /etc/apache2/ports.conf:

Listen 88

Restart apache:

service apache2 restart

Nginx

Example of configuration /etc/nginx/sites-available/default :

server {
    listen       80;
    server_name  localhost;
 
    location / {
        proxy_pass http://127.0.0.1:88/;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
    }
 
    location ~* \.(htm|html|jpeg|jpg|gif|png|css|js)$ {
        root /var/www;
        expires 30d;
    }
}

Restart nginx

service nginx restart

Admin interface will be available via URL http://<your_ip_or_domain_name>/stalker_portal/server/adm/.

Default access:
login: admin
password: 1
The recommended browser for the admin interface: - Mozilla Firefox and Google Chrome
If it is necessary you can change the admin password in MySQL:

update administrators set pass=MD5('new password') where login='admin';

Client interface is available http://<ip>/stalker_portal/c/. Client interface designed for STB MAG* only.
New Client interface is available http://<ip>//stalker_portal/new/launcher/. By default .htaccess has deny from all.

Portal URL can be set in STB:

From Embedded portal - System Settings (press SET or SETUP) → Servers → Portals → (Portal 1 URL and/or Portal 2 URL)
Manually set variable portal1 and/or portal2. For example: connect via SSH and use command fw_setenv portal1 http://<your_ip_or_domain_name>/stalker_portal/c/index.html

Utility fw_setenv is described in documentation Operator guide Section: Utilities description, page 26.
The most used variabls

Updating and Localization

Updating

Rename the folder with the previous version. For exemple: stalker_portal-old.
Download and unzip the file with the new version;
Copy custom.ini file from old version to the new one;
Copy /var/www/stalker_portal/screenshots/ folder from old version to the new one;
Copy all files (except the dummy.png file) from stalker_portal/misc/logos/ folder to new version.;
Enter into /var/www/stalker_portal/deploy/ and run command:

sudo phing

Localization

Middleware Stalker interface uses 2 locales: RU, EN. In default Stalker deducts the current localization variable from the main software and install the interface localization according to it's variable.

To install Stalker portal localization by default it is neccessary:

to create file custom.ini in directory .../stalker_portal/server/;
to copy in custom.ini the section [Locales] from file ...//stalker_portal/server/config.ini;
to edit custom.ini

Containing of custom.ini:

[locales]
default_locale = en_GB.utf8
;allowed_locales[Russian] = ru_RU.utf8
allowed_locales[English] = en_GB.utf8

In this case Stalker portal will be loaded with english interface independantly from the software locale.

Attention!The name of the locale used in the Middleware and the name of server system locale should be the same.

Interface localization in other language

For correct localization switching in Admin interface next locales should be installed on the server

en_GB.utf8 for English
ru_RU.utf8 for Russian
uk_UA.utf8 for Ukrainian
pl_PL.utf8 for Polish

Configuration of the Storage (separate server)

Necessary services & packets

1. apache2
2. php5 >= 5.3.0
3. php-soap
4. python-argparse (for TV recording)
5. nginx (for "TV Archive", recording or VOD via HTTP)

Installation order

1. Install all necessary services & packets.

for example:

apt-get install -y -u apache2 php5 php-soap python2.7 nginx

2. Download and unzip the file with release of “Stalker” portal "Stalker" download page. Copy the directory /stalker_portal/storage/ in your web-server directory /var/www/stalker_portal/storage;

3. To enable recording for “TV Archive” fucntion it is necessary to run next command in /var/www/stalker_portal/storage/:

chmod a+x install.sh
./install.sh

4. Edit file /var/www/stalker_portal/storage/config.php:

For exemple:

define('VIDEO_STORAGE_DIR', '/media/raid0/storage/');
define('KARAOKE_STORAGE_DIR', '/media/raid0/karaoke/');
define('RECORDS_DIR', '/media/raid0/records/');
define('NFS_HOME_PATH', '/media/raid0/mac/');
// Use login and password from the configuration file. (api_auth_login and api_auth_password in server/custom.ini)
define('API_URL', 'http://login:password@192.168.1.71/stalker_portal/api/');
define('PORTAL_URL', 'http://192.168.1.71/stalker_portal/');
define('STORAGE_NAME', 'bb3');

where is:

VIDEO_STORAGE_DIR - directory for files of “Videoclub” storing;

KARAOKE_STORAGE_DIR - directory for files of “Karaoke” storing;

RECORDS_DIR - directory for files PVR and “TV Archive” storing; "TV archive" settings;

NFS_HOME_PATH - STB's home directory;

API_URL - URL, which will be used for channel recording request from middleware. Watch "TV archive" settings:

PORTAL_URL - portal address. At this address will be sent to requests from “storage” to check the keys to access the archive;

STORAGE_NAME - storage name.

5. Create directories /media/raid0/storage/, /media/raid0/karaoke/, /media/raid0/records/, /media/raid0/mac/ and set permition0777 to them.

mkdir -p -m 0777 /media/raid0/storage /media/raid0/karaoke /media/raid0/records /media/raid0/mac

6. Create directory /var/www/media/

mkdir /var/www/media

7. Create symlink to the STB's home directories in /var/www/media/:

ln -s /media/raid0/mac/ /var/www/media/<storage name>

8. In Admin interface of portal → “Storage” make next settings:
- Name - <storage name>. For example: bb3;
- IP - IP address of storage;
- Home directory - <STB's home directory>. For example: /media/raid0/mac/

9. Configuring Apache, Nginx:

Configuring Apache, Nginx

Apache

In /etc/apache2/ports.conf set next:

NameVirtualHost *:88
Listen 88

In /etc/apache2/sites-enabled/default.conf change <VirtualHost *:80> to <VirtualHost *:88>
If there will be TV Archive then it is necessary to add directive VirtualHost inside the block

TimeOut 1800

Attention!Make sure that the package libapache2-mod-php5filter is not installed on the system. If necessary, remove it.
Restart apache.

Nginx

For example:

server {
    listen       80;
    server_name  example.com;
 
    location / {
        proxy_pass http://127.0.0.1:88/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
 
    location ~* \.(mpg|mpeg|avi|ts|mkv|mp4|mov|m2ts|flv|m4v|srt|sub|ass)$ {
 
        secure_link $arg_st,$arg_e;
        secure_link_md5 "supersecret$uri$remote_addr$arg_e"; # you can change secret "supersecret" in the portal config - nginx_secure_link_secret

        if ($secure_link = "") {
            return 403;
        }
 
        if ($secure_link = "0") {
            return 410;
        }
 
        send_timeout 6h;
        root /var/www/;
    }
}

"TV archive" settings

Before turning on “TV archive” option in TV channels, it is necessary to configure the "storage".
Attention! Only multicast streams can be recorded! Multicast streams should be available on the “Storage”

Checking of the availability of multicast streams can be performed with help of dumprtp utility. Utility dumprtp is included in dvbstream packet.
Example:

dumprtp 239.1.1.1 1234 > dump239.1.1.1.ts

where:

239.1.1.1 - IP address of multicast stream
1234 - port of multicast stream
dump239.1.1.1.ts - file name with dump of multicast stream.

Received files can be played by any player (for example: VLC).

Make sure that memcached is installed and worked on the server.

In Admin interface → “Storages” it is necessary to choose server and setup “TV record” option.

At the storage /var/www/stalker_portal/storage/config.php necessary to setup RECORDS_DIR, API_URL, PORTAL_URL and STORAGE_NAME.

where is:

RECORDS_DIR - directory with permission 0777, there will be create archive directory, which will contain all files.

API_URL - URL, which will record the channels from middleware. Usually it is http://<middleware directory>/api/tv_archive/.

To check it you can open your <API_URL>/tv_archive/ in browser and there should be next:
{“status”:“ERROR”,“results”:null,“error”:“Empty storage name”}
If there is an error 404 Not Found, then you have wrong configuration in apache and mod_rewrite.
/tv_archive - virtual directory! Do not create it manually!

PORTAL_URL - portal address. At this address will be sent to requests from “storage” to check the keys to access the archive;

STORAGE_NAME - storage name, which indicated in Admin interface.

Create directory /media/raid0/records/archive/

mkdir -m 0777 /media/raid0/records/archive

Create symlink of folder with archive in web server directory

ln -s /media/raid0/records/archive/  /var/www/

While editing TV channel in Admin interface you can choose “Enable TV archive” option.

Ensure that the Apache configuration file have directive

TimeOut 1800

Security

Web

User identification

First of all it is necessary to turn on rpaf module in apache. It allows to see the real IP address of user while working in nginx and use restricting access in apache configuration file.

sudo apt-get install libapache2-mod-rpaf

Restricting access in Admin interface

To improve security of Admin interface it is strongly recommended to use the same IP address for opening. This can be set in apache configuration file, where portal's host is described. After making changes it is necessary to restart apache.

<Directory /var/www/stalker_portal/server/administrator/>
    Order Deny,Allow
    Deny from All
    Allow from 192.168.1.0/24
</Directory>

STB - Authorization

Strongly recommended! For client portal's access to use STB authorization by login/password, "Authorization with key" method.

Disable support for emulators and thirs party devices

Add in custom.ini next string

disable_third_party_devices = true

Portal access limitation for new STBs

Beginning from 4.8.63 portal version there is new option appeared default_stb_status, which allows to close portal access for all new STBs. To enable this option it is necessary to add in server/custom.ini:

default_stb_status = 0

For old version in MySQL it is necessary to do:

ALTER TABLE `users` MODIFY `status` tinyint DEFAULT 1;

After this all new STBs will have status OFF in admin interface.

Access to portal using login&password

Simple authorization

Access to portal organization for new STBs using login&password. Portal admin creates login&password and provide them to user. While first loading there will be authorization window which request login&password. After successful authorization MAC address will be adjust to login. Further portal loading will be without authorization.

For this it is necessary to:

In custom.ini add next

auth_url = http://localhost/stalker_portal/server/tools/auth_simple.php

In admin interface users > add - add user, it is enough to specify login (unique) and password. MAC address field should be empty.

Authorization with key

Access to portal organization by login&password. Portal admin creates login/password and provide them to user. While first loading there will be authorization window which request login&password. After successful authorization new key will be generating which is based on lgin&password. This key is stored on STB, which will validates while next portal loading. If the same login&password will be used for another STB than previous one will be un-authorized automatically.

For this it is necessary to:

In custom.ini add next

auth_url = http://localhost/stalker_portal/server/tools/auth_every_load.php

In admin interface users > add - add user, it is enough ti specify login (unique) and password. MAC address field should be empty.

API

We are strongly recommend to pay attention on safity while API enable/use.
Recommendation about using:

Authentication (login&password) for access to API.
Strong passwords.
Firewall.

Billing

If it is necessary to turn on API for working with external billing systems then it is strongly recommended to use authorization. Specify the login and password in server/custom.ini.

[server_api]
; API required for tv archive, pvr and billing
enable_api = true

api_auth_login = login ; login specifying
api_auth_password = password ; password specifying

Storage configuring

On the storages, which are used for recording, it is necessary to specify TASKS_API_URL parameter with login and password (in storage/config.php):

define('TASKS_API_URL', 'http://login:password@localhost/stalker_portal/api/tv_archive/');

Temporary URLs

If the Wowza temporary URLs are using for playing, then it is necessary to specify the login and password for work with API in configuration of Wowza application. It is not necessary to specify them if nginx and VLC/udpxy are used.

API address setting in configuration file of Wowza:

<Property>
    <Name>stalkerApiServer</Name>
    <Value>http://login:password@192.168.1.1/stalker_portal/api/</Value>
</Property>

TV channel monitoring

In script check_channels.sh API_URLit is necessary to specify authorization URL:

API_URL=http://login:password@localhost/stalker_portal/api/monitoring_links/

Firewall

It is recommended to make access on 88 port (apache) for local access and access from storage, which are working with temporary URLs.

¹⁾

Attention! Ubuntu Server 16.04 LTS is not supported at the moment since some packets unstable in distribution.

User Tools

Site Tools

Sidebar

Navigation

Contacts Us

Related links

Table of Contents

System Requirements

Choosing of the distribution

Installing the "Stalker" portal

Necessary services & packets

Installation order

Configure MySQL, PHP, Node.js, Apache, Nginx

MySQL

PHP

Node.js

Apache

Nginx

Updating and Localization

Updating

Localization

Configuration of the Storage (separate server)

Necessary services & packets

Installation order

Configuring Apache, Nginx

Apache

Nginx

"TV archive" settings

Security

Web

User identification

Restricting access in Admin interface

STB - Authorization

Disable support for emulators and thirs party devices

Portal access limitation for new STBs

Access to portal using login&password

Simple authorization

Authorization with key

API

Billing

Storage configuring

Temporary URLs

TV channel monitoring

Firewall

Page Tools