ServerAdministration

From ATCSMon Wiki
Jump to: navigation, search

Setup

Overview of tasks

How ATCSMon works in a client/server environment

  1. When a client tries to connect to ATCSMon, a TCP request is sent to port 4800 on the server computer. (Other ports are common, like 4799 or 4801)
  2. The server computer replies with a number greater than 1024.
  3. The client then attempts a UDP connection on that port. E.g. if the server replied 1089, the UDP connection would initiate on port 1089.
  4. This can be verified in the Servers Connected window.
  5. ATCS packet data is then sent over that UDP port. Also, special Keep Alive messages are sent periodically in cases where there is little ATCS traffic. This is done to keep traffic-based port forwarding active.

Configuring ATCSMon as a server

  1. Configure > Options > Data Source.
  2. Ensure Server Mode Listener is checked, and verify the port number listed, default is 4800.
  3. Remove any server entries listed below that, if any remain from previous remote listening sessions.
  4. Set the option for Deny server access. While this seems counter-intuitive, you are really saying "deny nothing" since you have no entries in the box above that.
  5. Recommended option, in the notes field add Base=30000,30 which specifies a UDP port range starting at 30000 and allowing 30 concurrent connections. You may change these values however you want. By specifying the UDP port range this facilitates specification of port forwarding in home routers for the UDP traffic.
  6. If you have a second server instance running (for an BCP or additional railroad, etc), make sure your port numbers and ranges don't overlap. So the second one could be TCP Server Mode Listener 4801 and UDP Base=30030,30.

Firewalling and Port Forwarding

  1. Depending on your ISP and home network, you may have up to three locations providing firewalling services, and possibly two providing port forwarding. You'll need to configure the devices on your network (DSL/cable modem, wireless router, and server PC) so that only one is providing firewall and port forwarding services.
  2. PC Firewall. Unless you know what you're doing with the software firewall, just disable it entirely, at least until you know the rest of the server setup works. If you re-enable it, you'll want to test again and configure firewall exceptions ("holes" allowing specified network traffic through the firewall) in it as needed.
  3. DSL/Cable Modem. Most modern DSL and cable modems now include router functionality which includes port forwarding and firewall services. If your network also has a router (e.g. a Linksys wireless router, Netgear, D-Link, etc) in addition to a modem, the best thing to do is put the modem in "bridge" mode which turns off the extra services. Additionally, in "bridge" mode, the modem makes your ISP-assigned public IP address available to your router - in other words, making it so that your router is now "on" the Internet so that you can now allow the router to handle your ATCS server traffic.
  4. Wired/Wireless Router. This is where you'll need to set up port forwarding to both the TCP and UDP port ranges your server will need. Doing so allows Internet traffic to access only those ports on your server.
    1. Consider assigning a static IP address to the server PC. In layman's terms, each computer on your network is assigned an IP address by your home router. However, these addresses are not consistently assigned to the same computer, as each assignment typically only lasts a day or so. (This IP address assignment is provided by the DHCP service on your router). Since the IP of your server could change in DHCP, there's some chance the IP may change someday, breaking the port forwarding you'll be doing on your broadband router. So with all that, you'll want to manually configure your server PC with a static (non-changing) IP.
    2. On your router, look to see what range of IP addresses are assigned using DHCP. For instance, on a Linksys router this range is often 192.168.1.100 to 192.168.1.149.
    3. On your PC, at a cmd prompt, type ipconfig /all to see the IP, Mask, Gateway, and DNS Servers that DHCP assigned to you. Configure your network card TCP/IP information using the Subnet Mask, Gateway, and DNS Server values you obtained. Then, assign a new IP address that is outside of the IP address range referred to above. If the range is 192.168.1.50 through .150, pick something like .151 so that the router doesn't assign that IP address to another computer on your network. Typical subnet mask values are 255.255.255.0. If you know what you're doing you can set that to something else like .3 or .253.
    4. Record your server PC IP address and gateway, which you'll need when configuring your router. From a cmd prompt, type ipconfig to see these.

Enable port forwarding on broadband router or firewall

The idea here is to poke pinholes in the router so that when someone connects to your public (internet) IP using the port number you specify, that request gets forwarded to the private (internal) IP of your ATCS Monitor server. This exposes only the small required range of ports at your PC, so it's really adequately secure for a typical home setup.

  1. You can normally get to the configuration page by web browsing to http://(ip_address) and logging in. (HowToFindRouterIPAddress)
  2. Make a forwarding entry for the TCP port number you chose when you set up the Server Mode Listener port above, and forward that to the IP address of your server PC. In the example above, you'd forward 4800 or if the entry requires a range, it's from 4800 to 4800. You do NOT need to specify TCP and UDP...just TCP.
  3. Make a forwarding entry for the UDP port range you chose when you set up the UDP range above, and forward that to the IP address of your server PC. In the example above, the entry would range from port 30000 (Base) to port 30029 (which is 30 ports, inclusive).
  4. If you have a second server instance running (for an BCP or additional railroad, etc), make sure your port numbers and ranges don't overlap. So the second one in the example could be TCP 4801 and UDP 30030 to 30059 forwarded to the same server PC IP address. Alternately, you can just combine the group, if contiguous, so TCP 4800 to 4801 and UDP 30000 to 30059. See?
  5. If you experience trouble, go back and verify the ATCS Monitor setup you did above, and verify the PC software firewall such as Windows Firewall is disabled. If still you have issues, you could try to use a setting on some routers called "DMZ" just for testing. Don't leave this set, as it exposes all ports on the server PC, a relatively insecure method of operating a server. Also, verify that another device (e.g. another router, or your DSL/cable modem) is not providing it's own firewall or port forwarding service and is properly configured.

Dynamic DNS Clients

You'll probably want to install a Dynamic DNS client which runs on the server, and updates a Dynamic DNS registry with your home router's IP address.

http://www.dyndns.org/

Maintenance and Administration

Remote Administration

Radio site servers commonly run in what is called "headless" mode, which means that no monitor, mouse or keyboard is connected to the system. All administration work is done via remote control software via the network (either ethernet or wifi) or Internet.

For the Windows XP systems (Pro only), one can make use of the built in Remote Desktop Protocol (RDP) feature (sometimes also referred to a Windows Terminal Services). Originally designed for help desk and tech support employees to help customers remotely, it also works very well for administering the server. Once the server and a client are configured, a user on the client computer can simply click a shortcut or run the client app and select a configuration and connect to the server and perform nearly any task that they could do if they were working on the server directly. It is possible to obscure the port number so that others are less likely to even find the connection, but simply editing a registry key to change the default TCP port used for RDP.

For a machine that does not have RDP, one can use a free remote connection utility called TightVNC to access this system. The application has to be installed on both the client and the server but it not too hard to setup and is reliable once configured. TightVNC works on most versions of Windows and many flavors of Unix/Linux. Recently, a better flavor of VNC has popped up called UltraVNC. Seems to work very well and is also free.

If you don't want to open ports on the router at all, yet want to remote control the machine, consider LogMeIn or GoToMyPC, or similar applications. LogMeIn has a free version available. (Be warned that it will try to get you to take a LogMeIn Pro trial (eventually a pay service), which you can convert to LogMeIn Free immediately after installation. --- Further Reading:

LogMeIn Remote Access Service

UltraVNC Remote Access Software

TightVNC Remote Access Software

Windows Remote Desktop Protocol

Running a Headless Server

Logging Connections

Providing Layouts and MCP's for users

Please export and ZIP your MCPs (.mdb), layout (.lay), and preferably a profile (.ini) including the server connection and proper layout selection. Upload the ZIP file to the appropriate subdivision.

The group generally supports the concept of a territory manager for an "official" custodian of each territory, usually by subdivision. If there is no ZIP file already in place, it's a safe bet that you can be the custodian. If there's already one uploaded, please contact the person who uploaded it to coordinate. Nothing says you can't upload yours as an alternate, but please list it as such in the description.

Listing Your Server

Please list your server in the Yahoo Groups Database area, so we know where to find you! You'll see the Servers database there and you'll know what to do.

Providing Data outside of ATCS Monitor

Real Time Display

ATCS Monitor has no features to allow the realtime display of it's data stream outside of the local Windows PC based environment.

Using the Image Capture feature

While it is possible to capture an image of the display as a JPG and publish it to a website, the ATCS Monitor user community strongly discourages this practice, for good reasons. The logic is that as the captured displays are more widely published, and therefore publicly available, the incentive for the railroads to encrypt ATCS communications also increases. If you do publish them, it should only be for your own use and please make attempts to restrict or reduce exposure to the general public, and absolutely do not openly flaunt them. Friends and family that you personally show them too, shouldn't be a problem, but openly providing access to them, in public forums (or search engines), on the internet is a huge problem, and will likely cause the author of ATCSMon to take some form of action in regards to your further access to the program.

This does not mean you should not allow any public viewing of a capture display, but you SHOULD hide the URL or otherwise not make known the origin of the data, other than that it is an ATCSMon display. The public knowing about the program isn't an issue, it's providing the public a way to access the data, outside of the use of the program itself, which is a problem. Any way for someone to see, and use as they please, the intercepted data, which bypasses the mandatory membership in the Yahoo! group for ATCSMon (which the author solely controls access too) is the issue, and should not be allowed.

Image Capture via FTP (remote web server setup)

In the Configure>Options>Display tab, there's an entry for a path to save the JPG file, and a setting for the capture interval in seconds. The name of the JPG will always be in the format layoutname.jpg. You can either commit the file locally or to an FTP server.

  • Local - Type in the drive and path, such as C:\webfolder\atcs\.
  • FTP site - Type in the servername, username, password, and targetdirectory without spaces, such as ftp.ftpspot.com,railguy,amtrak801,/webfolder

The capture interval must be set in order for this to work. Setting the capture interval too frequent may make the file transfer fail, especially for slow FTP upload sites. Generally an update every few minutes will be good enough to aid local railfanning while out on the road.

The entire display area must be visible on the screen in order for capture to work properly, and that area must not be obscured by other windows. It's best to check the "Always on top" option by right-clicking the title bar of the display.

Some users format special layouts specifically for this function by grouping only one or two control points horizontally. This is done so that web-browser equipped cell phones only have to scroll the screen up and down in order to see the route, and the display will appear large enough to be readable.

Image Capture and publishing locally (local web server setup)

This section addresses how to setup both the ATCSMon program and a web server on the same machine at the same time. A self-contained setup that can allow access to ATCSMon displays from mobile phones and other computers at any time and any place.

Note: please take to heart the above warnings about the public use of ATCSMon display. The author of this section is NOT writing this information in order for you to bypass the wishes of the author of ATCSMon, but rather to provide a simpler way to access ATCSMon displays from non-Windows PCs. The writer has actually set this up himself, and maintains a setup similar to what is described below for HIS OWN PERSONAL USE, ONLY. You too shouldn't do anything else with this information either.

Prerequisites:

A Windows PC capable of running ATCSMon and a web server at the same time. A low usage personal web server does not place much of a load on a PC, and therefore an ATCSMon capable computer with a little extra RAM should perform just fine.

To further define the requirements:

1.) A PC with Windows XP or newer, including Windows Server 2003 or newer. At least 1Gb of RAM, but for Vista/Win7/Server 2008 or 2008 R2, 2Gbs or more should suffice. Note: it has to be a Microsoft Windows PC based system. Linux or Mac based systems that run Windows emulation modes may or may not work, and you are on your own in that context.

2.) The ATCSMon program, running on the PC, configured to either pull in an internet feed, or listening to a radio locally (or both). See other parts of this Wiki for details on installation and setup of those modes.

3.) Web server software configured and running on the same machine. Either setup to serve web pages on the standard port (Port 80) or configured to use a non-standard port instead. See 'Tips for securing your setup from prying eyes'.

4.) Some sort of DNS name pointed to the PC from the public internet. Which usually means DynDns (a service, on the public internet, for this) setup and pointed to the machine, taking into account any home routers to allow web traffic through (Port 80, or a custom port for HTTP access) is the basic idea. More details below.

5.) HTML coded pages, for the web server software to serve up, linking the captured ATCSMon JPG images to a form a web browser can utilize (HTML).

Web Server

On a windows based PC, there are two main choices for web server software, IIS or Apache.

IIS (Internet Information Services) is a free Microsoft product. It can be used on any version of Windows.

Apache is an open source (and free) software package that has been adapted to work on Windows too. It is the main backbone of web servers on the internet today. So you can't go wrong using the leader. IIS also has a major following, but it pales in comparison to the usage of Apache.

IIS is included with any version of Microsoft Windows Server, and the install method varies for each version. See the MS support resources for help installing it. It is also an installable component of XP etc, and used to go by the name PWS (Personal Web Services). Poke around MS's support site for information on how to install on XP/Vista/Win7 etc. (The writer of this section is using Windows Server 2008 R2 and installed this as a 'Role' within 'Server Manager').

Apache is installable, within Windows, within a wrapper. The writer of this document has done it, once. But doesn't recall the name of the installation package. It can be done, but, as of this writing, you'll need to research how to do it yourself.

ATCSMon configuration

See the above section about FTP capture. You want to configure ATCSMon to save the image locally on the computer, in the root of the web server's web site or within a folder that is within web server's web site pages.

For IIS the default is: C:\inetpub\wwwroot That location is the default location of the root of the default web site included with IIS. If you know about web servers, you can change this to a more logical structure etc. But to keep it simple, configure ATCSMon to put the images into the root of the web site.

Apache will have a similar place that it pulls from that contains the files making up a web site. Place the images in that location, locally, on your server PC.

Custom HTML pages linking the two

First off, this requires a lot of creating a file and other advanced topics. So if you are timid or faint of heart, this is the place you'll be challenged on those! You need to literally write very basic computer-ish 'code'. I will keep it simple and use lots of examples!

Some technical tips first:

One key fact is: Whatever the file name of the ATCSMon layout file is, will also be the name of the JPG screen captured file. So you can simplify your life (and HTML editing), if you manage the name(s) of the layout file(s).

The default file name of a web site is always 'index.htm'. So if you just want a plain and simple website, you just need to create that one file, in the root of the web site. You may have to delete the one included with IIS or Apache first though.

A sample HTML code:

<html>
<head>

<meta name="robots" content="noindex">
<title>BNSF Scenic Subdivision ATCSMon dispatcher's display</title>
<meta http-equiv="refresh" content="44">
</head>

<body>

<IMG src="bnsf_scenic.jpg" ALT="BNSF Scenic Subdivision ATCSMon dispatcher's display image capture"><br>
Image is updated every 10 secs, web page auto refreshes every 45 seconds.<br>

<FONT SIZE="4">
<a href="http://75.146.60.100:8008/listen.pls" target="_blank">Radio Stream: Gold Bar</a><br>
<a href="http://75.146.60.100:8006/listen.pls" target="_blank">Radio Stream: Wenatchee</a><br>
<a href="http://75.146.60.100:8004/listen.pls" target="_blank">Radio Stream: Seattle North #1</a><br>
<a href="http://www.railroadradio.net/content/playlist/centralia-north.pls" target="_blank">Radio Stream: Seattle North #2</a><br>
<FONT SIZE="3">
<a href="bnsf_scenic_detectors.htm" target="_top">Defect detector list</a><br>
</body>
</html>

That is an actual example of one of my files, for the BNSF line running by my house.

I have a few advanced features in it, like links to radio streams, defect detectors list and search engine index code. But the keys are the following lines:

<html>
<head>
<title>BNSF Scenic Subdivision ATCSMon dispatcher's display</title>
<meta http-equiv="refresh" content="44">
</head>

<body>

<IMG src="bnsf_scenic.jpg" ALT="BNSF Scenic Subdivision ATCSMon dispatcher's display image capture"><br>
Image is updated every 10 secs, web page auto refreshes every 45 seconds.<br>

</body>
</html>

The title is what the web browser puts at the top of the window when you view this page. The image name (ATCSMon JPG screen capture) is 'bnsf_scenic.jpg', and is the captured picture of the ATCSMon Dispatcher's Display. On the same line, the ALT information is what is displayed if the image can not be retrieved, for some reason, or if you hover over the image when viewing the web page.

The phrase "Image is updated every 10 secs" is stated because ATCSMon, on my server, is setup to do a screen capture every 10 seconds. The default is 5, but doubling the time helped reduce the load on my personal server.

The phrase "web page auto refreshes every 45 seconds." is there because the line near the top (<meta http-equiv="refresh" content="44">) tells the web browser to auto-refresh the page every 44 seconds. You could set it to 45, but in order to reduce the amount of partial images I was seeing I staggered the refresh rate by setting it to 44 instead of 45. Aka: there is a GREAT reason to placing the refresh away from 5 or 10 second intervals/boundaries!

Also, don't be too aggressive on the auto refresh. You can overload your mobile device's internet connection by having it done too often. And, besides, when you are using the page, in the field, you can always manually refresh it, if needed.

So to put it simply, put the above code (from the second one, from <html> to the </html>) (but change the title, image name, and ALT tag) in a text file named 'index.htm', in the root of the web server's web site (default for IIS: C:\inetpub\wwwroot). And then test it! It should work immediately. The hard part is if you don't put it in the right place, have the web server installed correctly, or the image doesn't show up because ATCSMon is not putting it in the right place, or it's capture mode is not turned on.

Hint: you can test it locally by typing the following into an open web browser on your ATCSMon server machine: http://127.0.0.1, or if you changed the port to 53000: http://127.0.0.1:53000

Other details

DNS:

If you don't have a name for your server, on the public internet, your mobile phone or other places you want to access it from, will not be able to find it! So this is a key link. See way up this page for more information about DNS and DynDNS.

Tips for securing your setup from prying eyes

1.) Password protect the site. Even a simple password with Basic Authentication is better then nothing (see online HTML reference sites for more information). The author of this software has indicated that this is his #1 requirement for security. Failing to do this will lead to lose of use of ATCSMon. There should be everything done to prevent access, and from this ability from falling into the wrong hands.

Quote: "Lastly, regardless of the fact that you have attempted to block web crawlers, etc. from accessing your live feed site, you need to either protect it with a password or take it down. This has been my requirement all along for such sites, and you are not immune from it. Failure to comply will result in permanent banning from the group."

2.) Use a non-standard HTTP port. The standard web server port is port 80, you can change this to another port. Note: when you try and access your URL from, as an example, a mobile phone, you need to add a colon and the port number when you type in the URL in the web browser on the device. For instance: If you are using port 53000, you would need to type the address, on the mobile phone, as: http://yourserver.mydomain.org:53000/

3.) Insert a standard file (named robots.txt), in the root of the web server pages, that turns off search engine robots. This is to prevent a search engine from finding out information about your web site and then publishing it as a search result.

Create a file named 'robot.txt' in the root of your web server, and put the following code in it:

# robots.txt to disallow search bots in a friendly way
User-agent: *
Disallow: /

4.) Add the following code after the HTML <head> tag, on each web page, to keep a page from being indexed in public search engines (like Google, Yahoo, etc):

<meta name="robots" content="noindex">

5.) Use a non-standard name for your server. Aka do NOT name it 'www' on the public internet. This is an example: http://yourserver.mydomain.org:53000/. Notice how the server name is NOT 'www', but rather 'yourserver'.

6.) Never post the URL on a forum or in an email where some computer somewhere can 'harvest' it for it's own purposes. You may be aware of how people do not post their email address in forums etc. They tend to state it in the form 'mymailbox at yahoo dot com'. This is the same idea.

7.) If you are using the web page for public viewing (say in a museum or model train club): hide the address bar from public eyes. Internet Explorer has a feature to turn off the address bar, as well as a full screen feature. You can use a combination of both these to hide the URL from public eyes.

8.) Probably the key idea: do not give the URL out to anyone you don't trust, that will abuse it, or use it in a wrong way!

To sum up all these tips: if another computer or person doesn't know about it, it stays private! As the old World War II saying goes: lose lips sink ships! This applies to other computers as well as people now!