Now that we include JRE in our bundles, it may be good to see if there are any advantages to using OpenJDK instead.
We already run our automated tests on that on the Linux Travis builds.
I am not sure the bundling of Java is such a great idea. I have been using java-1.8.0-openjdk and UMS with no problems for at least a year in Fedora. I can trust that version, and it is integrated into the system with all the right security settings for things like SELinux.
What if there is a security patch for Java that needs urgent installation? There is no repo for UMS, so we would never know and keep on running the old version.
A simple readme that shows how to install java-1.8.0-openjdk in each distro would make bundling it not needed, and all the security risks are gone.
https://openjdk.java.net/install/
JDK 8
Debian, Ubuntu, etc.On the command line, type:
$ sudo apt-get install openjdk-8-jreThe openjdk-8-jre package contains just the Java Runtime Environment. If you want to develop Java programs then please install the openjdk-8-jdk package.
Fedora, Oracle Linux, Red Hat Enterprise Linux, etc.On the command line, type:
$ su -c "yum install java-1.8.0-openjdk"The java-1.8.0-openjdk package contains just the Java Runtime Environment. If you want to develop Java programs then install the java-1.8.0-openjdk-devel package.
How can I use my own version of Java in version 9? Can I change a setting? Thanks!
On Linux, UMS will fallback to the system Java if the UMS one isn't there, so you can simply remove the folder in UMS
@SubJunk Thanks! That works, so now I have 9.0.1 booting up, but for some reason I can't seem to get UMS to work on Centos 8, and it worked great on Fedora 28 that Centos is built from.
I can browse the media OK in the local web browser at http://192.168.0.2:9001 but it does not show up on any devices on the network. I am not an expert at networking, but I think this shows the status of the firewall:
firewall-cmd --get-active-zones
public
interfaces: eno1
firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
And UMS mentions:
10:44:36 INFO Using address /192.168.0.2 found on network interface: name:eno1 (eno1)
10:44:36 INFO Created socket: /192.168.0.2:5001
Sorry to ask here, but I searched the Linux area of the UMS forum and found nothing. I can find no mention of Linux firewall settings in the docs, I assume Centos is more secure by default and blocking something. Cheers!
This guide mentions https://www.certdepot.net/rhel7-install-minidlna-service/
# firewall-cmd --permanent --add-port=1900/udp
# firewall-cmd --permanent --add-port=8200/tcp
# firewall-cmd --reload
Worse than a firewall, Centos also has the dreaded SELinux. It blocks as good as everything that happens on the OS unless you have made explicit exception rules for that particular behavior. The "standard" services come with their "standard" exceptions, so you won't ever notice if you just stick to the basic stuff in the Centos repo.
As soon as you walk outside the narrow path though, you're on your own figuring out how to ask the mighty SELinux for mercy. I have never bothered to figure out how to manage SELinux, since I don't see the point unless the server is exposed to the internet (like a web-server e.g). Thus, I've always disabled SELinux as one of the first things I do on a Centos installation, again given that it's not exposed/don't have a public IP.
Try disabling SELinux and see if that helps, and if it does, you can decide if you just want to keep it disabled or figure out how to tell it to allow UMS to exist.
@Nadahar Fedora also has SELinux and it never caused a problem with UMS. I did disable it temporarily in Centos and afraid it did not do anything to solve the problem. I think it is the Firewall settings, I really need official word on which ports need opening, strange it is not on the main website.
I have had antics with SELinux in the past, it can be a real pain! Thanks for your suggestion.
I can inform you about which ports to open, even if you don't consider if "official" :wink:
The ports I list are incoming ports, outgoing ports will be assigned randomly by the OS so outgoing should be "allow any". Port 1900 (UPnP) must be open for both TCP and UDP, and isn't configurable. Port 5001 is the default port for the HTTP server serving media files, and must be open for TCP. If you've changed the configuration to another port, you must obviously open that port instead.
Likewise, the web interface (if you want that) uses port 9001 by default. It also only needs TCP.
@Nadahar THANKS! I used the following commands and it worked! Would be great to get them in the docs for Centos:
firewall-cmd --get-active-zones
It will say either public, dmz, or something else. You should only apply to the zones required.
In the case of public:
firewall-cmd --zone=public --add-port=1900/tcp --permanent
firewall-cmd --zone=public --add-port=1900/udp --permanent
firewall-cmd --zone=public --add-port=5001/tcp --permanent
firewall-cmd --reload
Added a section in wiki https://github.com/UniversalMediaServer/UniversalMediaServer/wiki/faq#my-device-cant-find-ums . Thanks @David-Else and @Nadahar .
I would like suggest switch to AdoptOpenJDK.
You can read about current situation around Java here https://medium.com/@javachampions/java-is-still-free-2-0-0-6b9aa8d6d244
This is done
Most helpful comment
Added a section in wiki https://github.com/UniversalMediaServer/UniversalMediaServer/wiki/faq#my-device-cant-find-ums . Thanks @David-Else and @Nadahar .