default

BeeVPN & AppleTV/PS3 & Netflix

[Sorry guys 'n gals - this post is in Danish - as it's mostly relevant for Danish users]

Nu har et par stykker gennem tiden spurgt mig hvordan man får Netflix til at virke på sit AppleTV/sin PS3 med BeeVPN. Så nu er det måske på tide at lige ridse op hvordan det gøres. For at kunne bruge guiden forudsætter vi at man har et AppleTV2 eller en PS3, og et ikke prøveabonnement hos BeeVPN.
Først skal BeeVPN delen sættes op, hvilket man gør ved at logge på kundeområdet hos dem, og gå ind under “Skift indstillinger” og så nede i bunden sætte den automatiske SeeAllTV til “Slået fra” og bagefter indsætte sin IP i kassen nedenunder (man kan fx se sin IP på myip.dk eller i baren over menuen på NT) – og gemmer indstillingerne. Skifter man IP dynamisk skal man lige være obs på at huske at opdatere det herinde også – eller alternativt bruge automode featuren, så man automatisk får sat sin IP til den man sidst loggede på med VPN klienten fra.

Netflix konto
Så skal man have ordnet en Netflix konto, hvilket er nemt – man hopper på VPN’en på sin maskine, går ind på www.netflix.com, udfylder sine detaljer for den gratis 1 måneds trial, trykker på “Continue” knappen, indtaster kort data osv. – og vupti.

AppleTV2
Man sætter sin DNS server på AppleTV’et til 217.015.175.097 (har valgt at vise 0′erne så det giver mening på den måde AppleTV’et opsættes). Dette gøres igennem at gå ind i “Settings” > “General” > “Network” > “Configure TCP/IP” – og vælge “Manually”. Alle valgene herefter skal være som de allerede stod – udover “DNS server”, som skal sættes til 217.015.175.097. Så genstarter man sit AppleTV (for at undgå den cacher nogen DNS entries) ved at hive strømmen og sætte det til igen. Herefter går ind i “Settings” under “iTunes store” og sætter “Location” til “United States” – og trykker på “Menu” knappen indtil man er kommet til hovedskærmen igen. Nu vil man ha’ “Netflix” i sin “Internet” menu – og efter at ha’ åbnet det, udfylder man med sit login/password – og vupti man har nu Netflix på sit AppleTV.

PS3
Processen ligner meget den på AppleTV’et, hvor man også skal sætte sin DNS server til at være 217.15.175. Man gør dette inde i “Settings” > “Network Settings” > “Internet Connection Settings”, ved at vælge “Yes”, “Custom” og så “Manual” og udfylde DNS server feltet med 217.15.175.97 og slette værdien hvis der er en i “Secondary DNS”. Så trykker man på knappen til at gå mod højre indtil man får muligheden for at tjekke Internetforbindelsen, hvilket man lader den gøre – og bagefter vælger at gemme konfigurationen. 

Når man er så langt skal man have fat på en amerikansk PSN konto, hvilket gøres meget nemt ved at oprette en ny bruger på ens PS3 og registrere en ny PSN konto som ligger i US (man kan eventuelt benytte fakenamegenerator.com for at finde p en brugbar falsk amerikansk adresse. Herefter genstarter man så sin PS3, for at sikre den ikke har cachet nogen DNS opslag – og åbner siden seealltv-ps3.beevpn.com i sin browser på PS3′eren på den bruger som er logget ind med den amerikanske PSN konto – og følger instruktionerne der. Herefter vil man have Netflix applikationen på sin PS3 – og kan logge på med sit Netflix login/password – og vupti man har nu Netflix på sin PS3.

… og sådan lige på falderebet – pas på! Netflix bliver lynhurtigt en tidssluger 

default

Planning for the upcoming season

So Christmas is coming up, and aside from having already bought my plane tickets – I’m neither in the mood yet, nor started on decoration the flat or buying gifts yet. So I should probably pick up some speed soon – as there’s nothing worse than not being ready for the final month of the year. Plus since I moved to my new place earlier this year – I finally have really optimal places “to plant the tree” in the apartment. I must say however that I’m really looking forward to spending some time with friends and family this Christmas, as it’s been a while since I’ve seen most of my friends in Denmark. I should really also start shipping the Christmas greeting cards soon – as they won’t make it in time otherwise, and that’d be just a shame really.

Tags:
default

DNSSEC joys, part 3

Today I received an email from Joker.com support, which stated, that the formular I’d used to request DS records to be put in my zone unixpimps.net, was put in place. After confirming it with “dig” it is indeed there – and according to the Verisign Lab DNSSEC Analyzer – it works! So it turns out Joker.com does indeed support this fully in their backend. This also means that I can conclude my setup of DNSSEC for all my domains, and simply sit back – and enjoy that I’ve done my part to make the internet more secure.

Tags: ,
default

DNSSEC joys, part two

I’ve used a few minutes this evening to research the status of DNSSEC DS records for .net with joker.com as the registrar. It turns out that for .org you need to send them an email (using their support system), which I’ve tried doing with my .net domain now. I’m still waiting for a reply from them, but according to what I’ve managed to find out, they should process the request within three working days. I’ll be sure to publish an update when I receive any sort of reply from them.

The format to use according to what I’ve been able to dig up is (use the reference below in the post for the values to extract from dnssec-dsfromkey):

ds-1-alg:T
ds-1-digest:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
ds-1-digest_type:O
ds-1-keytag:YYYYY

ds-2-alg:Q
ds-2-
digest:BXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ds-2-digest_type:Z
ds-2-keytag:YYYYY

In the mean time, I’ve decided to swap out my perlpimp.dk for perlpimp.net, which I got from Go Daddy for practically a steal! The reason being that I’ve wanted to for a while, and they have excellent support or most of the domains one’d want to use with DNSSEC, except for the most of the ccTLD ones. They’ve even published a nice guide for setting it up – and it genuinely just works!

In the spirit of my previous guide – I’ll quickly recap using the previous example, what one has to put in what fields in their interface.

 Bash |  copy code |? 
1
[root@termite masters]# dnssec-dsfromkey Kperlpimp.dk.+008+10924.key
2
perlpimp.dk. IN DS YYYYY T O CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
3
perlpimp.dk. IN DS YYYYY Q Z XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX

In the Go Daddy interface fill in the fields using the fields mapped to values in the above example output from dnssec-dsfromkey

Key Tag: YYYYY
Algorithm: Q
Digest Type: Z
Digest: All the X’es concatenated

default

DNSSEC joys

So I finally got time to look into having my own DNS zones signed. However Joker.com doesn’t allow for doing this yet – at least not if you’re running the DNS yourself. So after having been vaguely disappointed – I found out that I was in luck with my Danish domains, as DK-Hostmaster actually has already implemented this. Since this turned out involving quite a bit of reading – I decided to document it, should someone else want to join this bandwagon of higher security with DNS. I’m only using stock packages already available for CentOS – and the version of Bind I’m using is 9.7.0P2. Lastly, in my example the zone I’ll be signing is perlpimp.dk.

First we need to create two keys (I’ve chosen for simplicity to keep my key files along the zone files in  /var/named/chroot/var/named/masters – as I’m using the chrooted installation of Bind)

 Bash |  copy code |? 
1
dnssec-keygen -a RSASHA256 -b 2048 -n ZONE -f KSK perlpimp.dk
2
dnssec-keygen -a RSASHA256 -b 1024 -n ZONE perlpimp.dk

Next we need to make sure that Bind is sporting support for DNSSEC by altering the options section of named.conf
 nginx |  copy code |? 
1
options {
2
        ...
3
        dnssec-enable yes;
4
        dnssec-validation yes;
5
        dnssec-lookaside auto;
6
};

After having generated the keys – they must be included in the top of the zone file right before the SOA statement

 nginx |  copy code |? 
1
$include Kperlpimp.dk.+008+10924.key
2
$include Kperlpimp.dk.+008+26376.key

Naturally we need to increase the serial number – especially if you’ve got slave servers AXFRing down the zone.

For the signing of the zone we use dnssec-signzone

 Bash |  copy code |? 
1
dnssec-signzone perlpimp.dk

This will create the file named perlpimp.dk.signed, which you must point Bind towards in the “file” statement for the zone.

After this we reload named to ensure that it’s loaded the newly signed zone correctly, and that it’s pushed to its slaves.

To find the right file to run through dnssec-dsfromkey to get the entry DK-Hostmasters system needs for the .dk-zone, we’ll grep the zone keys

 Bash |  copy code |? 
1
grep "DNSKEY 257" Kperlpimp.dk.+*key

This will produce the output (scrambled because of obvious security reasons)

 Bash |  copy code |? 
1
Kperlpimp.dk.+008+10924.key:perlpimp.dk. IN DNSKEY 257 X X XXXXXXX XXXXX=

So we now know that it’s the file named Kperlpimp.dk.+008+10924.key we need to run through dnssec-dsfromkey.

 Bash |  copy code |? 
1
[root@termite masters]# dnssec-dsfromkey Kperlpimp.dk.+008+10924.key
2
perlpimp.dk. IN DS YYYYY 8 1 CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
3
perlpimp.dk. IN DS YYYYY 8 2 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX

The two sections blanked out by X’es we’ll join together, and this makes up the hash value we need to put into the DK-Hostmasters webinterface. On how to put these values into their webinterface I’ll refer to their guide, but mention that the YYYYY found in the previous output maps to their field “Nøgle ID” / “Key ID” and the concatenated X’es goes in their “Hash” field.

After completing this step – feel free to make some coffee, watch an episode of your favorite show, etc – as you’ll now have to wait for the changes to propagate into the .dk-zone.

Finally we’ll be able to verify that the zone now is properly signed – by using the debugger the guys over at Verisign Labs created.

default

Halloween status…

Well boy did I have enough candy – as it seems that only like 15 kinds knocked on my door this year. So I guess that the 2 kg was more than enough after all. However it was so cool to see the look on those kids faces – as it was almost like nobody opened their doors in my building. So well this is the first of many years – we’re I’ve got candy in the house for distribution at Halloween. It’s also been quite a fruitful day – and it’s always nice to finally have a piece of code fully functional, before just watching a few eps of Frasier on Netflix. Truly a good day – for a Monday of course. So to the tunes of Frasier – I’m signing off for today.

Tags: ,
default

Collection3 and nginx

Following up, on my previous post about using services with the nginx webserver – I’ve decided to publish the configuration sniplet from getting Collection3, which is used in conjunction with Collectd to give a simple peak into your machines performance. It’s quite simple really, but as it’s not to be found anywhere else – I’ll just publish it here, so Google will pick it up, and circulate it for me.

As with the last sniplet I published – you need to have fastcgi working on your nginx, and feel free to either leave out the basic authentication part, or modify it to suit your own needs.

 nginx |  copy code |? 
01
    location ~ .cgi$ {
02
        root /usr/share/collectd/collection3;
03
        if (!-e $request_filename) { rewrite / /bin/index.cgi last; }
04
        expires off;
05
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
06
        fastcgi_index index.cgi;
07
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
08
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
09
        include /etc/nginx/fastcgi_params;
10
    }
11
 
12
    location /share {
13
        alias /usr/share/collectd/collection3/share;
14
    }
15
 
16
    location / {
17
        auth_basic      "Happy Collectd server";
18
        auth_basic_user_file   /etc/nginx/users.htpasswd;
19
        root   /usr/share/collectd/collection3;
20
        index  bin/index.cgi;
21
    }

default

Halloween is around the corner…

So Halloween is coming up – and the previous years I’ve always forgot to buy any candy, so I could give some out when the kids starts the hunt. I have no idea how many kids will be trying to kick down my door – so I just grabbed 2kgs at Mercadona earlier, which given the “season” was on sale for like 1.25€ per 500 grams. So I’d say I’m ready now – at least judging from the picture of the “masses of candy” I’ve obtained.

Candy for Halloween

The 2kg candy for this years Halloween

Tags: ,
default

Gitolite, gitweb and nginx

To be able to fully enjoy using Git over HTTP(s) – you need to make sure you’ve got an up to date version of nginx and has fastcgi enabled for CGI support. As there’s plenty of guides for this out there – I’m not going to dwell into that any further. In my examples I’m using HTTP basic auth as I really don’t like people peaking into my private Git repositories. 

Also worth mentioning is that this is configured on a CentOS 6 box, but aside from having pulled everything from a repository – you could however just as easily build it from source. In the latter case just make sure you’ve updated the fullpath to match the home of Gitolite. It’s also worth mentioning that I’ve chosen to put my password file i /etc/nginx/gitolite.htpasswd – you can place it anywhere you like, but just make sure nginx has read access to it – and the usernames matches the ones Gitolite has listed too.

So without further adue here’s the needed bits to have all this flying

 nginx |  copy code |? 
01
   location ~ /git(/.*) {
02
        auth_basic      "Happy GIT server";
03
        auth_basic_user_file   /etc/nginx/gitolite.htpasswd;
04
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
05
        include /etc/nginx/fastcgi_params;
06
        fastcgi_param SCRIPT_FILENAME "/srv/gitolite/bin/gl-auth-command";
07
        fastcgi_param GIT_PROJECT_ROOT /srv/gitolite/repositories;
08
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
09
        fastcgi_param GITOLITE_HTTP_HOME /srv/gitolite;
10
        fastcgi_param AUTH_USER          $remote_user;
11
        fastcgi_param REMOTE_USER        $remote_user;
12
        fastcgi_param PATH_INFO           $1;
13
    }
14
 
15
    location ~ /git$ {
16
        auth_basic      "Happy GIT server";
17
        auth_basic_user_file   /etc/nginx/gitolite.htpasswd;
18
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
19
        include /etc/nginx/fastcgi_params;
20
        fastcgi_param SCRIPT_FILENAME "/srv/gitolite/bin/gl-auth-command";
21
        fastcgi_param GIT_PROJECT_ROOT /srv/gitolite/repositories;
22
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
23
        fastcgi_param GITOLITE_HTTP_HOME /srv/gitolite;
24
        fastcgi_param AUTH_USER          $remote_user;
25
        fastcgi_param REMOTE_USER        $remote_user;
26
    }
27
 
28
    location @gitwebhandler {
29
        rewrite /gitweb /gitweb.cgi;
30
    }
31
 
32
    location /gitweb {
33
        alias /var/www/git;
34
        auth_basic      "Happy GIT server";
35
        auth_basic_user_file   /etc/nginx/gitolite.htpasswd;
36
        index gitweb.cgi;
37
        try_files $uri $uri/ @gitwebhandler;
38
        expires 10d;
39
 
40
        location ~* \.(css|png|gif|ico|jpe?g|js) {
41
            expires 31d;
42
        }
43
 
44
        location ~ .cgi$ {
45
            root /var/www/git;
46
            if (!-e $request_filename) { rewrite / /gitweb.cgi last; }
47
            expires off;
48
            fastcgi_pass unix:/var/run/fcgiwrap.socket;
49
            fastcgi_index gitweb.cgi;
50
            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
51
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
52
            fastcgi_param AUTH_USER          $remote_user;
53
            fastcgi_param REMOTE_USER        $remote_user;
54
            include /etc/nginx/fastcgi_params;
55
          }
56
    }

Tags: , ,
default

Welcome back world!

So in an attempt to revive my whole blogging experience – I’ve decided to try and stay current once more. Simply putting in my random ramblings regarding the world around me – and what else I feel for shouting about.

© Perlpimp.net
CyberChimps