MINISTRA TV PLATFORM

INSTALLATION
We are sorry that due to the change of the Stalker Middleware product name to the Ministra
TV platform, in some articles you will still see the name Stalker Middleware.

System Requirements

OS

Ubuntu Server LTS 64bit (recommended)

Approximately for 1000 subscribers

Middlware Server with Ministra TV platform portal

CPU Xeon E3 1220

RAM 8Gb

2xHDD HARDWARE RAID1

HDD

For about 100 channels recording and 100 simultaneous sessions

 Content Storage

2xXeon 2620
CPU

RAM 32Gb
HDD System - 2xHDD HARDWARE RAID1, Content - 12xHDD HARDWARE RAID5

Choosing of the distribution

The platform works in any *nix system, but we strongly recommend to use the stable 64-
bit distribution of Ubuntu 16.04 LTS or Ubuntu 14.04 LTS. The work with other
distributions is not guaranteed, or some of the functions of the middleware may not be
available.

Ministra Recommended
TV Operating
Platform System
version

5.5.0 and Ubuntu

higher Server LTS 16.04

lower Ubuntu
than Server LTS 14.04
5.5.0
Installing the Ministra TV Platform
on Ubuntu 14.04
Necessary services & packets
1. apache2
2. apache2-rewrite
3. nginx
4. memcached
5. mysqld >= 5
6. php5 >= 5.3.0
7. php5-mysql
8. php-pear
9. php-soap *
10. php5-intl *
11. php-gettext *
12. php5-memcache *
13. phing (for version >= 4.8.0) **
14. nodejs>= v0.4.8 (for PVR management)
15. upstart (for stalkerd - PVR management)
16. php5-curl *
17. php5-tidy *
18. php5-imagick *
19. php5-geoip *

20. php5-sqlite

* - beginning from the version 4.8.35 they are automatically installed with phing using.

** - phing installation:

1. pear channel-discover pear.phing.info

2. pear install phing/phing

Example of installing all necessary services & packages for Ubuntu 14.04.3 LTS
(performed by superuser “root”):

1. sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get install -y -u apache2
nginx memcached php5-memcache mysql-server php5 php5-mysql php-pear nodejs m
 crypt php5-mcrypt npm php5-curl php5-imagick php5-sqlite upstart && sudo pear cha
nnel-discover pear.phing.info && sudo pear install -Z phing/phing

Installation order
When installing Ministra TV Platform on Ubuntu 14.04, we strongly recommend you to
upgrade the NPM version to 2.15.11. Otherwise, it is possible to incorrectly install the list
of application packages.
1. Install the necessary services, packages;
2. Unzip archive with version in your web-server directory (For example in /var/www/ ).
Project files should be available by the
URL http://<your_ip_or_domain_name>/stalker_portal/ ;
3. Create MySQL user with permission to access stalker_db database only:

1. GRANT ALL PRIVILEGES ON stalker_db.* TO stalker@localhost IDENTIFIED B

Y '1' WITH GRANT OPTION;

4. Make the necessary changes in the portal config. To change the settings/configuration
you need to create a configuration file /var/www/stalker_portal/server/custom.ini and add
to it different from config.ini settings items.

Do not edit file config.ini! If you want to change some settings - create file

custom.ini
and add the necessary configuration.

Do not copy the entire content of config.ini in custom.ini. Add customized sections
to custom.ini only. For example, if you want to change MySQL configuration, then create
a file

custom.ini
with the following lines:

1. [database]
2. mysql_host = 10.128.1.3
3. mysql_pass = superpass

5. Configure MySQL, PHP, Node.js, Apache, Nginx;

6. It is necessary to upgrade the version of NPM to 2.15.11.
 1. sudo npm install -g npm@2.15.11
2. sudo ln -s /usr/bin/nodejs /usr/bin/node
3. sudo reboot

If an error Error: CERT_UNTRUSTED occurs during the installation of npm, use the
command:

1. npm config set strict-ssl false

7. Go to /var/www/stalker_portal/deploy/ and run:

1. sudo phing

Upgrading Ubuntu 14.04 to 16.04

with Ministra TV Platform installed
Backing up current Ministra system
1. Create a directory for the backup files:

1. sudo mkdir /opt/backup

2. Back up the database:

1. sudo mysqldump -u stalker -p1 stalker_db | gzip -9 > /opt/backup/database.sql.gz

where

 stalker - value of the mysql_user parameter in the configuration file;

 stalker_db - db_name parameter value in the configuration file;
 1 - value of the mysql_pass parameter in the configuration file.

Note! If you use a host and port other than those specified by default, they must be
specified in the command parameters.
3. Back up the portal directory:

1. sudo cp -r /var/www/stalker_portal/ /opt/backup

Ministra portal update

To install Ministra TV Platform on Ubuntu 16.04, you must use Ministra TV Platform
version 5.4.0 and higher. Therefore, before updating the server, you must update Ministra
if the current version used is lower than 5.4.0.

1. Upgrade currently installed packages:

1. sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

2. Perform release upgrade.

Make sure you have the update-manager-core package installed:

1. sudo apt-get install update-manager-core

Remove packages that are no longer required:

1. sudo apt-get autoremove

Run the command to update:

1. sudo do-release-upgrade

3. Type y to enable the run of the additional ssh daemon on port 1022. It will be required to
access the system in case the update is not completed.

1. Reading cache
2.
3. Checking package manager
4.
5. Continue running under SSH?
6.
7. This session appears to be running under ssh. It is not recommended
8. to perform a upgrade over ssh currently because in case of failure it
9. is harder to recover.
10.
11. If you continue, an additional ssh daemon will be started at port
12. '1022'.
13. Do you want to continue?
14.
15. Continue [yN]

4. Next, you’ll be informed that do-release-upgrade is starting a new instance of sshd on

port 1022.

1. Starting additional sshd

2.
 3. To make recovery in case of failure easier, an additional sshd will
4. be started on port '1022'. If anything goes wrong with the running
5. ssh you can still connect to the additional one.
6. If you run a firewall, you may need to temporarily open this port. As
7. this is potentially dangerous it's not done automatically. You can
8. open the port with e.g.:
9. 'iptables -I INPUT -p tcp --dport 1022 -j ACCEPT'
10.
11. To continue please press [ENTER]

Click Enter.

5. Type y to confirm that you want to start the upgrade.

1. Do you want to start the upgrade?

2.
3.
4. 6 installed packages are no longer supported by Canonical. You can
5. still get support from the community.
6.
7. 9 packages are going to be removed. 104 new packages are going to be
8. installed. 399 packages are going to be upgraded.
9.
10. You have to download a total of 232 M. This download will take about
11. 46 seconds with your connection.
12.
13. Installing the upgrade can take several hours. Once the download has
14. finished, the process cannot be canceled.
15.
16. Continue [yN] Details [d]

6. Select <Yes> to restart automatically the services when necessary.

7. After confirming that the services restart automatically, a few messages will appear
stating that some default configuration files have been changed.

Note! You probably changed some default configuration files, so follow the instructions
below and reject offers to replace the changed files.

For example, you will be prompted to change the default configuration for the Nginx
virtual host. Press N.
 1. Configuration file '/etc/nginx/sites-available/default'
2. ==> Modified (by you or by a script) since installation.
3. ==> Package distributor has shipped an updated version.
4. What would you like to do about it ? Your options are:
5. Y or I : install the package maintainer's version
6. N or O : keep your currently-installed version
7. D : show the differences between the versions
8. Z : start a shell to examine the situation
9. The default action is to keep your current version.
10. *** default (Y/I/N/O/D/Z) [default=N]

8. Select the keep the local version currently installed option to configure unattended-
upgrades.

9. On the new system, without any configuration changes, you can answer y to confirm the
removal of unnecessary packages. On a system that has been significantly modified, you
can answer d and view the list of packages proposed for removal in case you want to
reinstall some of them later.

1. Remove obsolete packages?

2.
3. 74 packages are going to be removed.
4.
5. Continue [yN] Details [d]

10. After the update is complete, you must restart the server. Enter y to continue.

1. System upgrade is complete.

2.
3. Restart required
4.
5. To finish the upgrade, a restart is required.
6. If you select 'y' the system will be restarted.
7.
8. Continue [yN]

11. When using SSH, a message displays:

1. === Command detached from window (Thu Oct 3 04:35:58 2019) ===
 2. === Command terminated normally (Thu Oct 3 04:36:08 2019) ===

12. You may need to type any key to exit, since the SSH session was interrupted on the
server side. Wait for the system to reboot and log in again.

13. Verify that the system is updated to Ubuntu 16.04. To do this, run the following
command:

1. lsb_release -a

14. Install the required packages.

1. sudo apt-get install php7.0-mcrypt php7.0-mbstring nginx memcached mysql-server p

hp php-mysql php-pear nodejs libapache2-mod-php php-curl php-imagick php-sqlite3
&& sudo pear channel-discover pear.phing.info && sudo pear install -Z phing/phing

15. Set proper MySQL sql_mode.

1. echo -e "[mysqld]\nsql_mode=\"\"" >> /etc/mysql/conf.d/strict_mode.cnf

16. Restart MySQL service.

1. sudo service mysql restart

17. Enable PHP short tags.

1. sed -i 's/^short_open_tag = Off/short_open_tag = On/g' /etc/php/7.0/apache2/php.ini

18. Enable PHP mod_encrypt.

1. phpenmod mcrypt

19. If necessary, install NPM 2.15.11.

1. sudo apt-get install npm; sudo npm install -g npm@2.15.11

2. sudo ln -s /usr/bin/nodejs /usr/bin/node

20. Remove PHP5 directory.

1. sudo rm -rf /etc/php5/

21. Go to /var/www/stalker_portal/deploy/ and run:

1. sudo phing
Installing the Ministra TV Platform
on Ubuntu 16.04
Installation order
Note! To install Ministra TV Platform on Ubuntu 16.04, you must use Ministra TV
Platform version 5.4.0 and higher. Versions lower than Ministra TV Platform 5.4.0
are only compatible with Ubuntu 14.04. When installing Ministra TV Platform 5.4 on
Ubuntu 16.04, we strongly recommend you to downgrade the NPM version to 2.15.11.
Otherwise, incorrect installation of the list of application packages is possible.
1. Install system updates:

1. sudo apt-get update

2. sudo apt-get upgrade

2. Install and configure apache:

1. sudo apt install apache2

For details on how to configure Apache, see here.

1. sudo service apache2 restart

3. Install the remaining packages with one command:

1. sudo apt-get install php7.0-mcrypt php7.0-mbstring nginx memcached php-memcache

mysql-server php php-mysql php-pear nodejs libapache2-mod-php php-curl php-imagi
ck php-sqlite3 && sudo pear channel-discover pear.phing.info && sudo pear install -
Z phing/phing

4. Unzip the archive with the version to the root directory of the web server /var/www/.
Project files should be available by the
URL http://<your_ip_or_domain_name>/stalker_portal/;

5. Create MySQL user with permission to access stalker_db database only:

1. GRANT ALL PRIVILEGES ON stalker_db.* TO stalker@localhost IDENTIFIED B

Y '1' WITH GRANT OPTION;

6. Make the necessary changes in the portal config. To change the settings/configuration
you need to create a configuration file /var/www/stalker_portal/server/custom.ini and add
to it different from config.ini settings items.

7. Configure MySQL, PHP, Node.js, Nginx ;

8. It is necessary to downgrade the version of NPM to 2.15.11.

1. sudo apt install npm

2. sudo npm install -g npm@2.15.11
3. sudo ln -s /usr/bin/nodejs /usr/bin/node

If the Error: CERT_UNTRUSTED error occurs during the installation of npm, use the
command:

1. npm config set strict-ssl false

9. Go to /var/www/stalker_portal/deploy/ and run:

1. sudo phing

Configure MySQL, PHP, Node.js,

Apache, Nginx
MySQL
For Ubuntu 14.04

1. echo "max_allowed_packet = 32M" >> /etc/mysql/my.cnf

For Ubuntu 16.04

1. echo "sql_mode=\"\"" >> /etc/mysql/mysql.conf.d/mysqld.cnf

Then you need to restart MySQL server:

1. sudo service mysql restart

PHP
For Ubuntu 14.04
  Enable mod_mcrypt :

1. php5enmod mcrypt

1. echo "short_open_tag = On" >> /etc/php5/apache2/php.ini

For Ubuntu 16.04

 Enable mod_mcrypt :

1. phpenmod mcrypt

1. echo "short_open_tag = On" >> /etc/php/7.0/apache2/php.ini

Apache
 Enable mod_rewrite :

1. a2enmod rewrite

 Make sure that the package libapache2-mod-php5filter is not installed on the system.
If necessary, remove it.

1. apt-get purge libapache2-mod-php5filter

 Remove content of /etc/apache2/sites-available/000-default.conf Do not forget to

make backup.

1. cat /dev/null > /etc/apache2/sites-available/000-default.conf

 Add next content to /etc/apache2/sites-available/000-default.conf

1. <VirtualHost *:88>
2. ServerAdmin webmaster@localhost
3. DocumentRoot /var/www
4. <Directory /var/www/stalker_portal/>
5. Options -Indexes -MultiViews
6. AllowOverride ALL
7. Require all granted
8. </Directory>
9. <Directory /var/www/player>
10. Options -Indexes -MultiViews
11. AllowOverride ALL
12. #Require all granted
13. DirectoryIndex index.php index.html
14. </Directory>
15. ErrorLog ${APACHE_LOG_DIR}/error.log
16. CustomLog ${APACHE_LOG_DIR}/access.log combined
17. </VirtualHost>

 Set in /etc/apache2/ports.conf :

1. Listen 88

 Restart apache :

1. service apache2 restart

Nginx
 Example of configuration /etc/nginx/sites-available/default :

1. server {
2. listen 80;
3. server_name localhost;
4.
5. root /var/www;
6. location ^~ /player {
7. root /var/www/player;
8. index index.php;
9. rewrite ^/player/(.*) /player/$1 break;
10. proxy_pass http://127.0.0.1:88/;
11. proxy_set_header Host $host:$server_port;
12. proxy_set_header X-Real-IP $remote_addr;
13. }
14.
15. location / {
16. proxy_pass http://127.0.0.1:88/;
17. proxy_set_header Host $host:$server_port;
18. proxy_set_header X-Real-IP $remote_addr;
19. }
20.
21. location ~* \.(htm|html|jpeg|jpg|gif|png|css|js)$ {
22. root /var/www;
23. expires 30d;
24. }
25. }

 Restart nginx

1. service nginx restart

  Admin interface will be available via URL

http://<your_ip_or_domain_name>/stalker_portal/server/adm/

.
Default access:
login: admin
password: 1
The recommended browser for the admin interface: - Mozilla Firefox and Google Chrome
If it is necessary you can change the admin password in MySQL:

1. update administrators set pass=MD5('new password') where login='admin';

 The client interface is available

http://<your_ip_or_domain_name>/stalker_portal/c/index.html

.
Client interface designed for STB MAG* only.
Portal URL can be set in STB:

From Embedded portal - System Settings (press SET or SETUP) → Servers → Portals →
(Portal 1 URL and/or Portal 2 URL)

The most used variables -

portal1
,

portal2

Updating
1. Fill the download request form for the Ministra TV Platform on the official website.
Please note, that the download link for the further updates will be sent to the email
specified in the form. If you don't receipt reply to your request, please contact
technical support: support@infomir.eu
2. Rename the folder with the previous version. For example: stalker_portal-old .
3. Download and unzip the file with the new version;
 4. Copy custom.ini file from the old version to the new one;
5. Copy /var/www/stalker_portal/screenshots/ folder from the old version to the new
one;
6. Copy all files (except the dummy.png file)
from stalker_portal/misc/logos/ and stalker_portal/misc/audio_covers
from the previous version to the corresponding directories of the new version.
Pay attention! Before upgrading to the new version, you need to install the
recommended version of NPM 2.15.11.
7. Enter into /var/www/stalker_portal/deploy/ and run command:

1. sudo phing

Localization
Ministra TV platform interface uses the following locales: Russian (RU), English (EN),
Ukrainian (UK), Polish (PL), Greek (EL), Italian (IT), German (DE), Slovenian (SK),
Spanish (ES). In default Ministra deducts the current localization variable from the main
software and install the interface localization according to it's variable.

To install Ministra portal localization by default it is necessary:

 to create file custom.ini in directory .../stalker_portal/server/ ;

 to copy in custom.ini the section [Locales] from
file ...//stalker_portal/server/config.ini ;
 to edit custom.ini
Containing of custom.ini :

1. [locales]
2. default_locale = ru_RU.utf8
3. allowed_locales[Русский] = ru_RU.utf8
4. allowed_locales[English] = en_GB.utf8
5. allowed_locales[Українська] = uk_UA.utf8
6. allowed_locales[Polski] = pl_PL.utf8
7. allowed_locales[Ελληνικά] = el_GR.utf8
8. allowed_locales[Nederlandse] = nl_NL.utf8
9. allowed_locales[Italiano] = it_IT.utf8
10. allowed_locales[Deutsch] = de_DE.utf8
11. allowed_locales[Slovenský] = sk_SK.utf8
12. allowed_locales[Español] = es_ES.utf8
In this case Ministra portal will be loaded with English interface independently from the
software locale.

Attention! The name of the locale used in the Middleware and the name of the server
system locale should be the same.
Interface localization in other language
For correct localization switching in Admin interface next locales should be installed on the
server: ru_RU.utf8 , en_GB.utf8 , uk_UA.utf8 , pl_PL.utf8 , pl_PL.utf8 , el_GR.utf8 , nl_
NL.utf8 , it_IT.utf8 , de_DE.utf8 , sk_SK.utf8 , es_ES.utf8 .

Configuration of the Storage

(separate server)
Necessary services & packets
1. apache2
2. php5 >= 5.3.0
3. php-soap
4. libpython2.7-stdlib (for TV recording)
5. nginx (for "TV Archive", recording or VOD via HTTP)

Installation order
1. Install all necessary services & packages:

Ubuntu 16.04

1. sudo apt-get install -y -u apache2 php php-soap python2.7 libapache2-mod-php realpa

th

Ubuntu 14.04

1. sudo apt-get install -y -u apache2 php5 php-soap python2.7 realpath

2. Add the following content to /etc/apache2/sites-available/000-default.conf

1. <VirtualHost *:88>
2. TimeOut 1800
3. ServerAdmin webmaster@localhost
4. DocumentRoot /var/www
5. <Directory /var/www/stalker_portal/>
 6. Options -Indexes -MultiViews
7. AllowOverride ALL
8. Require all granted
9. </Directory>
10. ErrorLog ${APACHE_LOG_DIR}/error.log
11. CustomLog ${APACHE_LOG_DIR}/access.log combined
12. </VirtualHost>

3. Set in /etc/apache2/ports.conf :

1. Listen 88

4. Make sure the package libapache2-mod-php5filter is not installed on the system.

If necessary, remove it:

1. apt-get purge libapache2-mod-php5filter

5. Restart apache :

1. sudo service apache2 restart

6. Install Nginx:

1. sudo apt-get install -y -u nginx nginx-extras

Configuration example in /etc/nginx/sites-available/default:

1. server {
2. listen 80;
3. server_name example.com;
4.
5. location / {
6. proxy_pass http://127.0.0.1:88/;
7. proxy_set_header Host $host;
8. proxy_set_header X-Real-IP $remote_addr;
9. }
10.
11. location ~* \.(mpg|mpeg|avi|ts|mkv|mp4|mov|m2ts|flv|m4v|srt|sub|ass)$ {
12.
13. secure_link $arg_st,$arg_e;
14. secure_link_md5 "supersecret$uri$remote_addr$arg_e"; # you can change secret
"supersecret" in the portal config - nginx_secure_link_secret
15.
16. if ($secure_link = "") {
17. return 403;
 18. }
19.
20. if ($secure_link = "0") {
21. return 410;
22. }
23.
24. send_timeout 6h;
25. root /var/www/;
26. }
27. }

7. Restart Nginx:

1. sudo service nginx restart

8. Unzip the archive with the version of the portal. Copy the contents of the
directory /stalker_portal/storage/ in /var/www/stalker_portal/storage

9. Create directories /media/raid0/storage/ , /media/raid0/karaoke/ , /media/raid0/records/

, /media/raid0/mac/ and set permission 0777 to them.

Create a symbolic link to the STB's home directories in /var/www/media/

Create directory /media/raid0/records/archive/

Create a symbolic link of the folder with the archive to the root of web server.

Create the necessary directories and symbolic links with one command:

1. sudo mkdir -p -m 0777 /media/raid0/storage /media/raid0/karaoke /media/raid0/record

s /media/raid0/mac && sudo mkdir /var/www/media && sudo ln -s /media/raid0/mac/
/var/www/media/bb3 && mkdir -m 0777 /media/raid0/records/archive && sudo ln -s
/media/raid0/records/archive/ /var/www

10. Edit the file /var/www/stalker_portal/storage/config.php . The following server IP

address with a portal is used as an example: 192.168.1.71. Sample file
content /var/www/stalker_portal/storage/config.php :

1. define('VIDEO_STORAGE_DIR', '/media/raid0/storage/');
2. define('KARAOKE_STORAGE_DIR', '/media/raid0/karaoke/');
3. define('RECORDS_DIR', '/media/raid0/records/');
4. define('NFS_HOME_PATH', '/media/raid0/mac/');
 5. //В качестве логина и пароля будут использоваться значения параметров api_aut
h_login и api_auth_password из файла server/custom.ini, который хранится на серв
ере с порталом.
6. define('API_URL', 'http://login:password@192.168.1.71/stalker_portal/api/');
7. define('PORTAL_URL', 'http://192.168.1.71/stalker_portal/');
8. define('STORAGE_NAME', 'bb3');
9. define('ASTRA_RECORDER', false);
10. define('DUMPSTREAM_BUFFERING', 1); // set -1 for system default

where:
VIDEO_STORAGE_DIR- the directory for storing the Video club files;
KARAOKE_STORAGE_DIR- the directory for storing the Karaoke files;
RECORDS_DIR- directory with write permissions 0777 . In this directory, create a
directory archive , where TV archive files will be created. See TV Archive settings.
NFS_HOME_PATH- STB's home directory;
API_URL- URL to record channels from middleware. Usually it is http://<middleware
directory>/api/tv_archive/
PORTAL_URL- portal address. It will be accessed by the storage to verify the access keys
to the archive. For example, http://<portal ip or domain name>/stalker_portal/
STORAGE_NAME- the name of the storage specified in the admin interface.

To check it you can open your

<API_URL>
for TV archive:

http://<you_ip_or_domain_name>/stalker_portal/api/tv_archive/
Message

{“status”:“ERROR”,“results”:null,“error”:“Empty storage name”}

is displayed on the screen.

If there is an error

404 Not Found

, then you have the wrong configuration in

apache
and

mod_rewrite
. Note!
 /tv_archive
- virtual directory! Do not create it manually!
11. To record a TV archive, go to /var/www/stalker_portal/storage/ and run:

1. chmod u+x install.sh tvarchive.sh

2. ./install.sh

12. In Admin interface of portal → Storage make next settings:

 Name - <storage name>. For example: bb3 ;

IP - IP address of storage, for example 192.168.1.100.

 Home directory - <STB's home directory>. For example:

/media/raid0/mac/ Read more about adding storage in the administration panel here.

"TV archive" settings

Before turning on “TV archive” option in TV channels, it is necessary to configure the
"storage". Attention! Only multicast streams can be recorded! Multicast streams should
be available on the “Storage”.
Checking of the availability of multicast streams can be performed with help of

dumprtp
utility. Utility

dumprtp
is included in

dvbstream
packet.
Example:

1. dumprtp 239.1.1.1 1234 > dump239.1.1.1.ts

where:

 239.1.1.1 - IP address of multicast stream

 1234 - port of a multicast stream
 dump239.1.1.1.ts - file name with dump of multicast stream.

Received files can be played by any player (for example: VLC).

 1. Make sure that memcached is installed and worked on the server.
2. In Admin interface in the Storage section from the Allow TV recording drop-down
list, select the server program that will be used to make the recordings on the storage
server.
3. While editing TV channel in Admin interface you can choose “Enable TV
archive” option. See more here.

Security
Web
User identification
First of all it is necessary to turn on remoteip module in apache. It allows seeing the real IP
address of user while working in nginx and user restricting access in apache configuration
file.

Turn on the remoteip module:

1. a2enmod remoteip

If you previously enabled the rpaf module, disable it:

1. a2dismod rpaf

Create the remoteip.conf file on the path /etc/apache2 /conf-available/ and add the
following contents to it:

1. <ifmodule remoteip_module>
2. RemoteIPHeader X-Real-IP
3. RemoteIPInternalProxy 127.0.0.1 external_server_ip
4. </ifmodule>

external_server_ip - address of your server.

To activate the settings of the remoteip module, you need to run the following command:

1. a2enconf remoteip

In the apache2.conf file, under the path /etc/apache2/ replace the line:
 1. LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" co
mbined

to the following content:

1. LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" co

mbined

Then restart apache:

1. service apache2 restart

Restricting access in Admin interface

To improve the security of Admin interface it is strongly recommended to use the same IP
address for the opening. This can be set in apache configuration file,where portal's host is
described. After making changes it is necessary to restart apache.

1. <Directory /var/www/stalker_portal/server/adm/>
2. Order Deny,Allow
3. Deny from All
4. Allow from 192.168.1.0/24
5. </Directory>

STB - Authorization
Strongly recommended for the client portal's access to use STB authorization by
login/password, "Authorization with key" method.
Portal access limitation for new STBs
Beginning from 4.8.63 portal version there is option default_stb_status appeared, which
allows closing portal access for all new STBs. To enable this option it is necessary to add
in server/custom.ini :

1. default_stb_status = 0

For old version in MySQL it is necessary to do:

1. ALTER TABLE `users` MODIFY `status` tinyint DEFAULT 1;

After this all new STBs will have status OFF in admin interface.

Access control based on the set-top box model

Ministra allows you to differentiate the access to the portal based on set-top box model. The
list of all models that are allowed access, is described in parameter allowed_stb_types of
the configuration file. For example, you need to add support of WR320 model, all you need
is to add in stalker_portal/server/custom.ini the line

1. allowed_stb_types = MAG200,MAG245,MAG250,MAG254,MAG255,MAG270,MA
G275,AuraHD,WR320

For AuraHD set-top box there is a possibility of the strict model check
(parameter strict_stb_type_check ), in this case, it is necessary to completely specify the
model. For example, access is allowed only to AuraHD International:

1. strict_stb_type_check = true
2. allowed_stb_types = AuraHD9

If the model supports recording on the local media, then you can additionally add it to the
appropriate list

1. allowed_stb_types_for_local_recording = MAG245,MAG250,MAG255,MAG270,M
AG275,AuraHD,WR320

Access to portal using login&password

Simple authorization

Access to the portal organization for new STBs using login&password. Portal admin
creates login&password and provide them to the user. While first loading there will be
authorization window which requests login&password. After successful authorization
MAC address will be adjust to login. Further portal loading will be without authorization.

For this it is necessary to:

1. In custom.ini add next

1. auth_url = http://localhost/stalker_portal/server/tools/auth_simple.php

2. In admin interface Users > Add - Add user, it is enough to specify login (unique) and
password. MAC address field should be empty.

Authorization with key

Access to portal organization by login&password. Portal admin creates login/password and

provides them to the user. While first loading there will be authorization window which
request login&password. After successful authorization new key will be generating which
is based on login&password. This key is stored on STB, which will validate while next
portal loading. If the same login&password will be used for another STB than previous one
will be un-authorized automatically.
For this it is necessary to:

1. In custom.ini add next

1. auth_url = http://localhost/stalker_portal/server/tools/auth_every_load.php
2. In admin interface users > add -add user,it is enough to specify login(unique) and
password. MAC address field should be empty.

API
We are strongly recommend to pay attention to safety while API enable/use.

Recommendation about using:

 Authentication (login&password) for access to API.

 Strong passwords.
 Firewall.

Billing
If it is necessary to turn on API for working with external billing systems then it is strongly
recommended to use authorization. Specify the login and password in server/custom.ini .

1. [server_api]
2. ; API required for tv archive, pvr and billing
3. enable_api = true

1. api_auth_login = login ; login specifying

2. api_auth_password = password ; password specifying

Storage configuring
On the storages, which are used for recording, it is necessary to specify API_URL
parameter with login and password (in storage/config.php ):

1. define('API_URL', 'http://login:password@localhost/stalker_portal/api/');

Temporary URLs
If the Wowza temporary URLs are using for playing, then it is necessary to specify the
login and password for work with API in the configuration of Wowza application. It is not
necessary to specify them if nginx and VLC/udpxy are used.

API address setting in configuration file of Wowza:

1. <Property>
 2. <Name>stalkerApiServer</Name>
3. <Value>http://login:password@192.168.1.1/stalker_portal/api/</Value>
4. </Property>

TV channel monitoring
In script check_channels.sh API_URL it is necessary to specify authorization URL:

1. API_URL=http://login:password@localhost/stalker_portal/api/monitoring_links/

Firewall
It is recommended to make access on 88 port (apache) for local access and access from
storage, which are working with temporary URLs.