Minimum apt repository


My minimum apt repository hosted at http://riowing.net/apt/deb/
How to install the package:
$vi /etc/apt/sources.list.d/rioapt.list
which has one line: deb [trusted=yes] http://riowing.net/apt/deb /
$apt-get update
$apt-cache show riodeb
$apt-get install riodeb
How to test it: $ /usr/local/bin/riodeb.sh
outputs: I am from http://riowing.net/apt/deb 200125
How to make the package:
cd /home/rio/proj/deb/riodeb_1.0-1
vi DEBIAN/control details in tarball below
has: Package: riodeb Version: 1.0-1 Architecture: amd64 and more
permission must < 775:
vi riodeb_1.0-1/usr/local/bin/riodeb.sh echo some msg.
riodeb.sh will be installed to /usr/local/bin
cd /home/rio/proj/deb
dpkg-deb –build riodeb_1.0-1
this creates riodeb_1.0-1.deb
dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
copy Packages.gz and riodeb_1.0-1.deb to http://riowing.net/apt/deb/

Files on server:
http://riowing.net/apt/deb/ contains two files:
Packages.gz is the index file “apt-get update” that tells where to find a certain package.
riodeb_1.0-1.deb is the software package “apt-get install” downloads that holds riodeb.sh
It’s cached as /var/cache/apt/archives/riodeb_1.0-1_amd64.deb,
which can be installed by “apt install” and “dpkg -i” directly

Download everything at http://riowing.net/apt/all.tar

Free wildcard cert manually


Letsencrypt started supporting wildcard certificate since version certbot 0.22.
These changes need to be applied to https://riowingwp.wordpress.com/2019/01/20/ssl-cert-installation
1. certbot 0.22 on Ubuntu18. Ubuntu14 can only install certbot 0.14.2, which cannot do wildcard cert.
2. In addition to make a cert file as requested by Letsencrypt, DNS record are required to be created.
3. server need to be changed from acme-v01 to acme-v02. therefore the whole command becomes:
/usr/bin/certbot certonly –authenticator manual –server https://acme-v02.api.letsencrypt.org/directory –text –email RioChn@gmail.com –csr riowingNet.csr –logs-dir . –config-dir . –work-dir .

Details on DSN verification:
Taking Google Domains as an example.
DNS TXT record name: _acme-challenge.riowing.net
DNS TXT record value comes from the challenge, about 50 characters long
Propagation took over one hour in my case.
To verify:
openssl verify -verbose -CAfile <(cat 0000_chain.pem root.crt) riowingChainCertbot.crt
output: riowingChainCertbot.crt: OK
where: 0000_chain.pem is intermediate cert that sits between riowingChainCertbot and root.
To view:
certutil.exe -decode riowingChainCertbot.crt riowingChainCertbot.bin
certUtil.exe riowingChainCertbot.bin
Output includes: CN=*.riowing.net and CN=Let’s Encrypt Authority X3
Download: http://riowing.net/p/certs.zip

http2


Install web server nginx-1.9.15 supporting http/2.
Finding out http version of tech.riowing.net from remote client windows/WSL:
Curl: $ curl -sI –insecure https://tech.riowing.net -o/dev/null -w ‘%{http_version}\n’
output: 2
External tool:
https://tools.keycdn.com/http2-test
type in https://tech.riowing.net:443/hls/a.html
output: HTTP/2 protocol is supported. see attachment
Chrome:
F12 to bring up the DevTools window, and the network tab says H2.

Server side:
Build nginx, need to build from source code as http2 is not in default.
download source: http://nginx.org/download/nginx-1.9.15.tar.gz
untar it and go to that folder.
$ ./configure –with-http_ssl_module –with-http_v2_module –add-module=../nginx-rtmp-module-master
I need nginx-rtmp for streaming
$ make this builds the binary objs/nginx
Config
edit so that nginx.conf https has this line:
listen 443 ssl http2;
Most ubuntu meet minimum requirement: nginx 1.9.5 and TLS 1.2

Http2

Roku SDK: legacy vs SceneGraph


How video is played, legacy vs SceneGraph, or SDK1 vs SDK2
Screen creation:
SDK1: CreateObject(“roScreen”, true)
SDK2: CreateObject(“roSGScreen”) followed by CreateScene
Video object creation:
SDK1: CreateObject(“roVideoPlayer”)
SDK2: CreateObject(“roSGNode”, “Video”) followed by reparent to scene
Start video playing:
SDK1: video.Play()
SDK2: video.control = “play”
Event loop:
Nothing more than an empty dead loop, like while(true) end while, just to prevent main from exiting

Source code: http://riowing.net/p/sdk1vs2.zip