Category Archives: Networking

Plex Nginx Config

by

0

This is my Plex Nginx configuration file.

Works exceptionally well, only port 80 and 443 are allowed on the router.

The caveat is that “Remote Access” will always show as unavailable, but this will still work. Make sure to add “yourdomain.com:443” to Custom server access URLs in Plex network settings.

upstream plex_backend {
server <IP ADDRESS>:32400;
keepalive 32;
}

map $http_upgrade $connection_upgrade {
default upgrade;
” close;
}

server {
if ($host = plexserver.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name plexserver.domain.com;
return 301 plexserver.domain.com$request_uri;
}

error_log /var/log/nginx/plexserver.domain.com.error.log;
access_log /var/log/nginx/plexserver.domain.com.access.log;

server {
listen 443 ssl http2; #http2 can provide a substantial improvement for streaming: https://blog.cloudflare.com/introducing-http2/
server_name plexserver.domain.com;

send_timeout 100m; #Some players don’t reopen a socket and playback stops totally instead of resuming after an extended pause (e.g. Chrome)

#Faster resolving, improves stapling time. Timeout and nameservers may need to be adjusted for your location Google’s have been used here.
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 5s;

#Use letsencrypt.org to get a free and trusted ssl certificate
ssl_certificate /etc/letsencrypt/live/plexserver.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/plexserver.domain.com/privkey.pem; # managed by Certbot

ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384.
ssl_ciphers ‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kE$

#Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/
ssl_stapling on;
ssl_stapling_verify on;
#For letsencrypt.org you can get your chain like this: https://esham.io/2016/01/ocsp-stapling
ssl_trusted_certificate /etc/letsencrypt/live/plexserver.domain.com/chain.pem;

#Reuse ssl sessions, avoids unnecessary handshakes
#Turning this on will increase performance, but at the cost of security. Read below before making a choice.
#https://github.com/mozilla/server-side-tls/issues/135
#https://wiki.mozilla.org/Security/Server_Side_TLS#TLS_tickets_.28RFC_5077.29
#ssl_session_tickets on;
ssl_session_tickets off;

#Use: openssl dhparam -out dhparam.pem 2048 – 4096 is better but for overhead reasons 2048 is enough for Plex.
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
#ssl_ecdh_curve secp384r1;

#Will ensure https is always used by supported browsers which prevents any server-side http > https redirects, as the browser will internally correct any request to https.
#Recommended to submit to your domain to https://hstspreload.org as well.
#!WARNING! Only enable this if you intend to only serve Plex over https, until this rule expires in your browser it WONT BE POSSIBLE to access Plex via http, remove ‘includeSubDomains$
#This is disabled by default as it could cause issues with some playback devices it’s advisable to test it with a small max-age and only enable if you don’t encounter issues. (Haven’t$

#add_header Strict-Transport-Security “max-age=63072000; includeSubDomains; preload” always;
add_header Strict-Transport-Security “max-age=120; includeSubDomains; preload” always;

#Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. (Haven’t encountered any yet)
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable “MSIE [1-6]\.”;

#Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
#Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
client_max_body_size 200M;

#Forward real ip and host to Plex
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Plex headers
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;

proxy_set_header Host $server_addr;
proxy_set_header Referer $server_addr;
proxy_set_header Origin $server_addr;

#Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;

#Disables compression between Plex and Nginx, required if using sub_filter below.
#May also improve loading time by a very marginal amount, as nginx will compress anyway.
proxy_set_header Accept-Encoding “”;

#Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;

location / {
#Example of using sub_filter to alter what Plex displays, this disables Plex News.
#sub_filter ‘,news,’ ‘,’;
#sub_filter_once on;
#sub_filter_types text/xml;
proxy_pass http://plex_backend;
}
}

How to perform clean install of Take Control on a single device

by

0

If Take Control requires a clean install, perform the following steps:

    1. From the Dashboard disable Take Control on the device
      1. Double click the device
      2. Select Remote Access > change Setting: to Off > select OK
    2. Monitor the Summary tab to see when Take Control changes from Active to Not Installed
      1. To speed up process, right-click device > select Re-run Checks
    3. Verify Take Control is not listed under add/remove programs
    4. Delete takecontrol_7_setup or takecontrol_8_setup file from machine
      1. 32 bit: C:\Program Files\Advanced Monitoring Agent\features
      2. 64 bit: C:\Program Files (x86)\Advanced Monitoring Agent\features
    5. From the Dashboard enable Take Control
      1. Double click the name of the device
      2. Select Remote Access > change Setting: to Use Policy Setting (On) or On> select OK
    6. Monitor the Summary tab to see when Take Control changes from Not Installed to Active
      1. To speed up process, right-click device > select Re-run Checks

 

 

How to kill a Windows service that’s stuck on stopping or starting

by

0

Almost any service could hang, but it typically happens with critical application services such as those involved in Microsoft Exchange, like IMAP. Using the DOS Taskkill command can allow you to put off rebooting the server until after business hours.

In Server Manager, find the stuck service and double click it. Make note of the service’s short name (also known as Registry name). For example, POP3 might be called POP3Svc or MSExchangePOP3, depending on your version of MS Exchange. Continue reading

SBS MSSQL$SBSMONITORING 1105 Event Error SQL

by

0

You recieve the following error in EventViewer with regards to “MSSQL$SBSMONITORING”, Event ID: 1105

Description:
Could not allocate space for object ‘dbo.EventLog’.’PK_EventLog’ in database ‘SBSMonitoring’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.
This is generally related to the size of the the database (Exceeds 4GB) Continue reading

Change the Default OU for New Users or Computers in Active Directory

by

0

Run the following command(s) in a command prompt on the Active Directory server to change the default Organizational Unit (OU):

For Computers:
redircmp ou=ComputersOU,dc=mydomain,dc=com

For Users:
redirusr ou=UsersOU,dc=mydomain,dc=com Continue reading

Exchange 2010 Mail Queue – 451 4.4.0 DNS Query Error

by

0

If you come across the following error it is because Exchange cant query the domain. If you ping the domain name it will give you an error saying it cannot find it.

Simple fix, under organization management -> Hub Transport -> Send Connector, right click on your send connector and select properties. On the network tab check the box that says Use External DNS lookup settings on the transport server.

Then under Server Configuration -> Hub Transport right click on the server name and select properties. Click the External DNS lookup tab and then “Use these DNS servers” and enter in your ISP DNS entries.

Click Okay and then refresh your queue and mail should start going out.

 

Source: http://edsitonline.com

DrayTek’s Vigor 2850 Firmware v3.6.4 Breaks Windows Server 2012 Essentials Anywhere Access

by

0

The latest firmware(v3.6.4) for DrayTek Vigor 2850 line of routers breaks Anywhere Access for Windows Server 2012 Essentials when it is setup with an Static IP address and an SLL Certificate for your own domain name.

The problem lies to the new feature introduced by DrayTek latest firmware called SSL VPN. This feature by default uses port 443 for any SSL VPN connections which in turns bypass the configuration of Windows Server 2012 Essentials for port redirection of https requests to be delivered to RWA Website.

The DrayTek’s Support answer which fixes the problem:

1. go to SSL VPN>>General Setup, and change the port from 443 to another one

2. go to System Maintenance>>Management, and change the HTTPS Port from 443 to another one.

Source: http://social.technet.microsoft.com/

Upgrading Backup Exec 2010 to R3 SP2

by

0

There are two ways to do this:

1- In place upgrade:

This is a direct upgrade of the existing installation, and here is how you do it:

  1. First its always backing up your configuration, so stop the BackupExec SQL instance service, and copy the directories “Data” and “Catalogs“  which are located here <root>:\Program Files\Symantec\Backup Exec\.
  2. Download the ISO image from here https://fileconnect.symantec.com/ you can either burn it, mount it via a virtual drive or extract it.
    The installation is straight forward, just next your way out till its done.
  3. When the installation is done, run live update where you’ll get SP2 and some hotfixes.
  4. Finally, the setup doesn’t require a reboot but I do recommend to reboot the server in case you’re utilizing AOFO (Advanced Open File Options).
  5. When the server is up, push the new agent to the already published servers (a reboot might be required for those servers) and you’re done.

2- A fresh installation setup:

The draw back of this, is that Symantec DOES NOT SUPPORT TAKING A COPY OF THE BACKUP CONFIGURATION FROM 2010 AND THEN APPLYING IT TO AN 2010 R3 INSTALLATION using BE Utility, if you do so the Backup Exec services won’t start because of a database schema mismatch.

Even though I tried taking the BEDB.bak and recovering it, then I tried upgrading the schema via BEMIG.exe which is supposed to fix the database and insert the new schema in it along with all its tables and views yet at a certain point it fails because it can’t find a certain column.

So eventually you will have to return into a blank database and start all over.

After you’ve finished the installation and updated your server to SP2:

  1. Push the new agent to the published servers.
  2. Print all your jobs to an XPS file and copy them to the new server.
  3. Configure your devices, Backup-to-Disk folders, tape libraries, etc.
  4. Configure the default System Log-On Account.

Source: http://notes.doodzzz.net/

Old Exchange Flaw Persists in iOS 7

by

0

A series of symptoms that often arrive hand in hand, sporadically, on Apple devices running various revisions of iOS 4, 5 and 6, up through 6.1.3.  Those symptoms include devices running warm to the touch or even hot, a battery that may drain significantly faster than normal, and spikes in cellular data use of up to ten times the user’s normal pattern.  While this trio of symptoms may well have more than one culprit, the many instances that I’ve personally witnessed have since been reduced to a single common cause.  One with a quick solution. Continue reading

How to Monitor Network Traffic in Windows 7 with Microsoft Network Monitor 3.4

by

0

Microsoft released a best network monitoring tool recently. Its an good idea  to use this product with your MS Operating systems since both from same place. This post explains how to monitor network traffic in windows 7 with latest Microsoft Network Monitor 3.4.

Sometimes, it will be very useful at home user level to check your network activity. When Windows 7 network slow, internet browsing very slow, connection problems and high network activity when you do nothing then this tool is very helpful. Continue reading