Azure Media Services restrict content by country not working - azure-media-services

I'm using Geo-filtering to restrict content delivery by CDN, but its not working. I've configured 2 paths, one for the entire locator and one for a file, but I'm still can reproduce the video. I'm using Azure CDN Standard from Verizon.
------------------------------------------------------------------------
| **Path** |**Action** | **Country Codes** |
------------------------------------------------------------------------
| /{locator_name}/{file.ism/manifest} | Block | Mexico, MX |
------------------------------------------------------------------------
| /{locator_name} | Block | Mexico, MX |
------------------------------------------------------------------------
I tested that traffic its pointed to the CDN using www.digwebinterface.com too, that its working fine.
Should I use the storage link instead?

To rule out if this is an issue with how you are specifying your path, I would recommend trying this with a path of just "/" which indicates that all requests for the CDN endpoint should be blocked. If this also doesn't work then we would need to know the IP(s) that you aren't seeing as being blocked.

Related

Orion not using FIWARE Service on Kubernetes

I'm having a weird issue using Orion on Kubernetes. When using Orion 2.5 (also happens with 3.6) and MongoDB 4.4 on Docker-Compose, everything works as expected, I'm able to create and retrieve entities in Orion and they are created properly in databases with the proper name (if fiware-service is service, the database is orion-service).
However, using the same in Kubernetes, with the same commands in Orion and everything configured the same way, it ignores the service. I can see in the logs that Orion receives the service and service-path
time=2022-04-29T12:20:44.125Z | lvl=INFO | corr=cac0239e-c7b6-11ec-abd6-f6ce73396b62 | trans=1651234819-423-00000000003 | from=127.0.0.1 | srv=acc1234121 | subsrv=/asd | comp=Orion | op=logTracing.cpp[148]:logInfoRequestWithPayload | msg=Request received: POST /v2/entities, request payload (288 bytes)
However, it creates the entity in the orion database (without using the -service, which would be orion-acc1234121 in this case).
Could you provide some insights on how to debug the issue and if there is some configuration I'm missing?
Thanks
UPDATE: We finally figured out the issue. In the chart, we were not setting properly the multiservice option, so it was set to false. The point is we are not able to see it neither in the command executed (output of ps command) nor in the environment variables. Anyway, thank you very much for your help, we can mark this as closed and solved.

How to have identity provider configuration page visible in Keycloak?

I'm writing a custom identity provider for Keycloa that I want to deploy using the deployer method (since I want to deploy it in Docker containers). Following an example I found on the web, I've created a maven project where, using the maven-assembly-plugin, I build a jar with dependencies (but I've filtered out the various services implementations my dependencies provide me to just keep the identity provider service).
Things seems to work partly correctly :
Keycloak log indicates my id provider is loading/loaded : keycloak_1 | 09:23:20,056 INFO [org.jboss.as.server] (ServerService Thread Pool -- 29) WFLYSRV0010: Deployed "mycompnay-oidc-id-provider-0.0.1-SNAPSHOT-jar-with-dependencies.jar" (runtime-name :
"mycompany-oidc-id-provider-0.0.1-SNAPSHOT-jar-with-dependencies.jar")
When I go in the Identity Providers panel, the new provider is visible (see screenshot)
But when I try to configure it, everything fails :
The problem is that Keycloak outputs strictly no logs (even when I configure log level to the max).
In my project, I have he following code organization (which gets replicated in jar-with-dependencies)
+---src
+---build
| \---assembly
+---main
| +---java
| | \---com
| | \---mycompany
| | \---mygroup
| | \---security
| | \---oidc
| \---resources
| +---META-INF
| | \---services
| \---themes
| \---base
| \---admin
| \---resources
| \---partials
\---test
+---java
\---resources
What am I missing ?
Maybe you've figured this out by now.
It's not very well documented... I've done something similar a month ago and I faced the same problem. I've figured it out pretty much by poking and guessing, so it might not be the best way to do it but I'll say what I know on this:
You need both the idp and the partial page registered properly.
To be honest I have no idea if you can just extend the base keycloak admin theme in that way. I've tried it but failed horribly. So I've created my own theme extending the base one:
assuming your idp is called foo
src/main/resources/theme/foo/admin/theme.properties
parent=keycloak
import=common/keycloak
src/main/resources/theme/foo/admin/resources/partials/realm-identity-provider-foo.html
<div data-ng-include
data-src="resourceUrl + '/partials/realm-identity-provider-oidc.html'">
</div>
src/main/resources/theme/foo/admin/resources/partials/realm-identity-provider-foo.html
<div data-ng-include
data-src="resourceUrl + '/partials/realm-identity-provider-oidc.html'">
</div>
(I'm using oidc as my idp is extending that one, but you can use whatever makes sense for your case here)
src/main/resources/theme/foo/admin/resources/partials/realm-identity-provider-foo-ext.html
this last file is empty in my case, but as far as I remember you must have it
Then, on the admin console, you need to go and change your admin theme to be foo, and you must refresh your browser so it starts picking up the resources from your new theme. It's important to note that if you are logged in with a user from another realm (e.g. admin from master realm), you have to change the admin theme in master realm, since this is the theme you are actually using now.
If successful you should start seeing in your devtools that template resources now come from your theme, e.g. auth/resources/4.4.0.final/admin/foo/templates/kc-tabs-realm.html
If that's the case then your idp page should be working, or at least you should be able to pick it up from here.
I know it's not the perfect answer, but it might give you a hint on things to consider.
If you make progress or find a better way please share!
I faced the same problem. Resolved by renaming jar file to:
keycloak-{identity provider name}-{version}-SNAPSHOT.jar
Before that the file was called:
keycloak-{identity provider name}-idp-plugin-{version}-SNAPSHOT.jar
…and I was getting "resource not found" error. I suppose keycloak is looking for resources in archives with a name that matches a certain pattern.

svnserve behind a frontend server proxy

I'm looking to see if there is an existing solution for setting up a subversion repository that sits behind a redirecting proxy system, and uses svn+ssh.
Example:
+BeS1-+ +BeS2-+
|repo1| |repo2|
+-----+ +-----+
\ /
+-FeSys------+
| redirector |-+
+------------+ | <== clients point to the FeSys and the redirector
+------------+ proxies to the correct backend.
client: svn+ssh://FeSys/repo2/trunk/blah blah gets "served" by BeS2
client: svn+ssh://FeSys/repo1/trunk/blah blah gets "served" by BeS1
The client never talks to the BeS1 and BeS2 systems directly. FeSys is a collection of systems that have a common virtual hostname (redundancy and load balancing)
Currently doing this using a custom rewritemap program and apache proxies.
I'm now looking at trying to do the same with svnserve (basically looking for ideas for the "redirector" part).

How trigger Jenkins to build a project?

I have the task to run a build task whenever the source code in github is updated. However I am very new with Jenkins and I have a hard time to accomplish this.
My understanding
github.com will send a POST message to a specific URL that I specify. As an example let's use:
http://mywebsite/src-updated
So the source code get's update, github sends the POST message to mywebsite/src-updated. Since HTTP runs on port 80, Apache receives this message.
____________LAN____________
| |
| .......... .......... |
| :JENKINS : :APACHE : | POST message to: ..............
| :Listen : :Listen :<--|<----http://mywebsite/src-updated--- : github.com :
| :on 8080 : :on 80 : | :............:
| :........: :........: |
|___________________________|
My frustration
Now what?
Jenkins sits there like a loser with no-one wanting to play with him. How will Mr. Jenkins get the message? Is there some module I have to install on Apache so that it notifies him? All this sounds very different from the sparse information I read so far so I feel that I am totally off track.
I also tried to use the Github plugin but I am totally lost on how it's supposed to work (terrible documentation if you're new to the whole thing).
Any help?
Please check this link on configuring Jenkins with Apache. Besides, i also found this note on the GitHub plugin page:
Jenkins inside a firewall:
In case your Jenkins run inside the firewall and not directly reachable from the internet, this plugin lets you specify an arbitrary endpoint URL as an override in the automatic mode. The plugin will assume that you've set up reverse proxy or some other means so that the POST from GitHub will be routed to the Jenkins.
As far as running builds is concerned whenever source code in GitHub is updated, it's very simple to configure in Jenkins. There is a polling option present in the job's/project's configuration page. Go to the configuration section of the job. Search for Build Triggers section. You will find a check-box named Poll SCM. Enabling this option tells Jenkins to initiate a build as soon as it finds a change in the repository (in this case, GitHub) you specified. You will have to specify some interval after which it will check GitHub for changes:
For example,
# every fifteen minutes (perhaps at :07, :22, :37, :52)
H/15 * * * *
For more options and details on the above, don't forget to look for the help section '?'

How to provision a test user in kamailio?

I have just (for the first time) compiled and installed kamailio, following this guide. For configuration, I am following the documentation here
I am trying to test a new SIP user. I have created it with:
» kamctl add test testpasswd
The user is there:
» kamctl db show subscriber
|----+----------+--------------------+------------+---------------+----------------------------------+----------------------------------+------|
| id | username | domain | password | email_address | ha1 | ha1b | rpid |
|----+----------+--------------------+------------+---------------+----------------------------------+----------------------------------+------|
| 5 | test | tethys.wavilon.net | testpasswd | | 5cf40781f33c6f43a26244046564b67e | eb898de815bc16092e4c2e8c04bfe188 | NULL |
|----+----------+--------------------+------------+---------------+----------------------------------+----------------------------------+------|
I try to connect with my sip client, and the registration times out (Request Timeout (408)). I have tried to verify what is going on by doing:
» kamailio -l <my-ip> -E -ddddd -D 1
And I see lots of messages, one of them interesting:
0(15818) DEBUG: auth [api.c:86]: pre_auth(): auth:pre_auth: Credentials with realm '<my-ip>' not found
But I do not know how to solve this problem. How can I verify what credentials associated to realm <my-ip> are configured? What is a "realm"? I do not find any beginners guide for kamailio. Is there a simple how-to on how to setup a simple kamailio configuration?
The log message you pasted in the question is for debug purposes (hence DEBUG level) and it could be printed for first SIP requests that come with no credentioals (e.g., first REGISTER) -- in such case it is all ok. Those requests are challenged for authentication with 401 replies, then they are resent by phone with credentials in Autorization header.
If for those requests with credentials you don't get the same realm as used in challenge function parameters (e.g., www_challenge(), auth_challenge()...), then the SIP phone might be misconfigured. Typically the realm is the same as SIP domain in order to ensure it is unique, but that is not a must. With default kamailio configuration, the realm is the From header URI domain.
However, you say you get 408 timeout for registration, then the issues might be something else. When the credentials matching the realm are not found, then 401reply is sent back, not 408.
The reason for timeout could be that the REGISTER didn't get to kamailio or kamailio tries to send it somewhere else. You should look at the SIP traffic on the kamailio server to see what happens. You can use ngrep for that purpose, like:
ngrep -d any -qt -W byline . port 5060
Watch to see if the REGISTER comes to kamailio server and if it is attempted to be sent to another IP.
I got the same issue. I that add the alias record in kamailio.cfg and it works well.
alias="tethys.wavilon.net"
Kamailio is a proxy. It is not simple, so if you want something simple, try Asterisk instead. Kamailio configuration requires knowledge of SIP.
For this problem: you set the realm somewhere (in config file or in database) but are not using it for registration. Possible solutions would be to:
Remove the realm or set it to the correct domain name (and use it!). In the default config, that means disabling domains.
Use tethys.wavilon.net as you described in the subscriber table.
For more info, go to the Kamailio site and read this document.