Setting up SSL with Shinobi Video using Let’s Encrypt and Certbot

This help text was compiled using Ubuntu 16.04 server LTS

Install Shinobi using the online documentation

Become a super user

sudo su

Make sure your distribution is up to date

apt-get update
apt-get dist-upgrade

First change the login email address and password for the super user in super.json

Create an md5 hash of your password

echo -n 'password' | md5sum

Copy the result and edit the super.json file replacing the email and password with your info.

cd /home/user/Shinboi
nano super.json

Ctrl O, Enter to Save and Ctrl X to exit

Install certbot

apt-get update
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot

Setup the folder structure you are going to use for certbot

cd /home/user/Shinobi
mkdir certs
cd /home/user/Shinobi/web
mkdir -p .well-known/acme-challenge

Generate the certificate

certbot certonly --webroot -w /home/user/Shinobi/web -d shinobi.website.com --cert-path /home/user/Shinobi/certs --key-path /home/user/Shinobi/certs --fullchain-path /home/user/Shinobi/certs --chain-path /home/user/Shinobi/certs

Edit the Shinobi super configuration file to turn on SSL

nano conf.json

{
"port": 80,
"addStorage": [
{
"name": "second",
"path": "__DIR__/videos2"
}
],
"db": {
"host": "127.0.0.1",
"user": "majesticflame",
"password": "",
"database": "ccio",
"port": 3306
},
"mail": {
"service": "gmail",
"auth": {
"user": "your_email@gmail.com",
"pass": "your_password_or_app_specific_password"
}
},
"ssl": {
"key": "/home/user/Shinobi/certs/privkey.pem",
"cert": "/home/user/Shinobi/certs/cert.pem",
"port": 443
},
"cron": {
"key": "change_this_to_something_very_random__just_anything_other_than_this"
},
"pluginKeys": {
"Motion": "change_this_to_something_very_random____make_sure_to_match__/plugins/motion/conf.json",
"OpenCV": "change_this_to_something_very_random____make_sure_to_match__/plugins/opencv/conf.json",
"OpenALPR": "SomeOpenALPRkeySoPeopleDontMessWithYourShinobi"
}
}

Ctrl O, Enter to Save and Ctrl X to exit

Edit the Shinobi configuration file to add a static refernce to the .well-known folder

nano cameras.js

Hit Ctrl W, type //pages followed by enter to search for //pages

make it look like the below by adding this line of text – app.use('/.well-known',express.static(__dirname + '/web/.well-known'));

////Pages
app.enable('trust proxy');
app.use('/libs',express.static(__dirname + '/web/libs'));
app.use('/.well-known',express.static(__dirname + '/web/.well-known'));
app.use(bodyParser.json());

Ctrl O, Enter to save and Ctrl X to quit

Restart Shinobi

pm2 start camera.js
pm2 start cron.js

Profit

Windows Command Line IP Address Assignment

If you want to set a static IP address from the command prompt in Windows, use the following command in an elevated command prompt.

netsh interface ipv4 set address “Local Area Connection” static 10.0.0.55 255.0.0.0 10.0.0.1

where “Local Area Connection” is your network adapter name as shown in the Network and Sharing Center

where 10.0.0.55 is the ip address you wish to assign

where 255.0.0.0 is the subnet mask you wish to assign

where 10.0.0.1 is the default gateway you wish to assign.

Windows 2012 Server LDAP over SSL

The only thing required for Windows 2012 R2 Server LDAP over SSL is a trusted certificate in the personal store for the local machine (not user) and a REBOOT.

You do not need an Active Directory Certificate Authority or a publicly trusted certificate that matches the host name in the Subject or Subject Alternative (DNS) names. What this means is that you can use a public wildcard certificate; or a private wildcard certificate as long as your domain controllers trust the authority that issued it (put the certificate in both your trusted root and personal stores for the domain controllers).

The only other thing I did was add it to the SSL binding for the default site in IIS and then REBOOT. You absolutely have to reboot.

You also have to do this on ALL of your domain controllers.

You can test by using LDP on your domain controller. Connect to the domain controller with the SSL box ticked and the port set to 3269. Just when you think it’s going to time out, it should connect. If not, REBOOT.

Adding a certificate to UniFi Wifi Controller

If anyone is still having trouble with this, I just figured out how to do it using an existing Windows certificate. In my case, we have our own internal Certification Authority, but it will work just the same with a certificate issued by GoDaddy or anyone else.

I’m assuming you already know how to export the certificate using the Certificates MMC snap-in, and that the keytool executable from your installed java package is in the path.

1)      Export PFX certificate with private key and the option “Include all certificates in the certification path if possible”, using password “aircontrolenterprise” (this is important!)

2)      Open a Command Prompt and go to the directory Unifi was installed to then the data directory (example: C:\Users\administrator\Ubiquiti Unifi\data)

3)      Find the alias of your exported certificate by using (use the password from step 1):

keytool -list -keystore c:\path\to\pfx.pfx -storetype pkcs12

It will list the certificate starting with its alias, for example:

Keystore type: PKCS12

Keystore provider: SunJSSE

Your keystore contains 1 entry

le-webserver2003-8f6daf5b-8c89-405f-b3bb-045c58656883, Mar 20, 2013, PrivateKeyEntry,

Certificate fingerprint (MD5): AB:3F:79:FD:F5:1E:B3:69:78:8C:1C:AC:41:B3:29:6B

 The certificate alias in this case is le-webserver2003-8f6daf5b-8c89-405f-b3bb-045c58656883. Use it in place of “src-alias” in the command below (yours will be different).

4)      Rename the existing file called “keystore” to keystore.orig.

5)      Run the following command:

keytool -importkeystore -srcstoretype pkcs12 -srcalias src-alias -srckeystore c:\path\to\pfx.pfx -keystore keystore -destalias unifi

Use the same password from step 1.

6)     Start the UniFi server.

View solution in original post

Permissions for Redirected Folders Root Folder Share

2.  Set Share Permissions for the Everyone group to Full Control.

3.  Use the following settings for NTFS Permissions:

  • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
  • System – Full Control (Apply onto: This Folder, Subfolders and Files)
  • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
  • Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
  • Everyone – List Folder/Read Data (Apply onto: This Folder Only)
  • Everyone – Read Attributes (Apply onto: This Folder Only)
  • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)

Crunchyroll Android problem

In the crunchyroll app on Android, If you’re trying to stream an episode of a show on crunchyroll and you get the following message:

We’re preparing this show for your device

;try the following method to fix it.

Go to settings
Go to applications or apps
Go to downloaded
Go to crunchyroll
Hit clear data
Hit yes
Close and reopen crunchyroll
Log back in
Try streaming the episode

Tested on nvidia shield tablet 2014 with Android 5.01