Flash Policy setup instructions
Version 7 (Valentin Manthei, 11/24/2010 09:47 am) → Version 8/23 (Ivar Allik, 11/24/2010 09:52 am)
h1. Flash Policy setup instructions
When you can't connect to a server and the client shows a security sandbox violation message, the server the IRCd is running on does not allow connections from a Flash client.
Due to the socket security policy Adobe introduced with Flash Player 9,0,124 you are forced to have a daemon that delivers a crossdomain.xml to allow establishing a connection.
It is *not* a restriction by lightIRC, but one of Adobe Flash!
h2. Linux
To install a flash policy server on linux you need to do the following:
* Download our prepared flashpolicyd (based on the flashpolicyd project):
<pre>
> wget http://www.lightirc.com/release/flashpolicyd.zip
> unzip flashpolicyd.zip
> cd flashpolicyd
> chmod a+x flashpolicyd.rb
</pre>
* Make sure you have Ruby installed. If you have not, you can maybe install it with one of the following commands depending on your Linux distribution or through compiling the Ruby sources:
<pre>
> apt-get install ruby
</pre>
or
<pre>
> yum install ruby
</pre>
* Start flashpolicyd
<pre>
> ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log
</pre>
* Verify that flashpolicyd is running:
<pre>
> tail flashpolicyd.log
</pre>
If you see this message the flashpolicyd started succesfully:
<pre>"Starting server on port xxx in process xxx"</pre>
h3. Possible errors and their solution
If you get this error: <pre>"Can't open server: Errno::EACCES Permission denied - bind(2)"</pre> It means your tried to start the flashpolicyd on a port below 1000, which requires root access. Start the daemon as root (On debian system you can use the command sudo for this) or use the following command:
<pre>
> ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log --port 8002
</pre>
Your flashpolicyd is now started as a normal user with a different port. You must pass policyPort=8002 as a parameter to lightIRC.swf when starting flashpolicyd like this!
h2. Windows
We recommend the use of "Silverlight and Flash Policy File Server":http://policyserver.codeplex.com
Download it from the project website, change the listening port in *policyserver.exe.config* to 843, put the following XML into *policyfile.xml* and start the application using *policyserver.exe*.
<pre>
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="6667" />
</cross-domain-policy>
</pre>
!policyserver.png!
When you can't connect to a server and the client shows a security sandbox violation message, the server the IRCd is running on does not allow connections from a Flash client.
Due to the socket security policy Adobe introduced with Flash Player 9,0,124 you are forced to have a daemon that delivers a crossdomain.xml to allow establishing a connection.
It is *not* a restriction by lightIRC, but one of Adobe Flash!
h2. Linux
To install a flash policy server on linux you need to do the following:
* Download our prepared flashpolicyd (based on the flashpolicyd project):
<pre>
> wget http://www.lightirc.com/release/flashpolicyd.zip
> unzip flashpolicyd.zip
> cd flashpolicyd
> chmod a+x flashpolicyd.rb
</pre>
* Make sure you have Ruby installed. If you have not, you can maybe install it with one of the following commands depending on your Linux distribution or through compiling the Ruby sources:
<pre>
> apt-get install ruby
</pre>
or
<pre>
> yum install ruby
</pre>
* Start flashpolicyd
<pre>
> ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log
</pre>
* Verify that flashpolicyd is running:
<pre>
> tail flashpolicyd.log
</pre>
If you see this message the flashpolicyd started succesfully:
<pre>"Starting server on port xxx in process xxx"</pre>
h3. Possible errors and their solution
If you get this error: <pre>"Can't open server: Errno::EACCES Permission denied - bind(2)"</pre> It means your tried to start the flashpolicyd on a port below 1000, which requires root access. Start the daemon as root (On debian system you can use the command sudo for this) or use the following command:
<pre>
> ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log --port 8002
</pre>
Your flashpolicyd is now started as a normal user with a different port. You must pass policyPort=8002 as a parameter to lightIRC.swf when starting flashpolicyd like this!
h2. Windows
We recommend the use of "Silverlight and Flash Policy File Server":http://policyserver.codeplex.com
Download it from the project website, change the listening port in *policyserver.exe.config* to 843, put the following XML into *policyfile.xml* and start the application using *policyserver.exe*.
<pre>
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="6667" />
</cross-domain-policy>
</pre>
!policyserver.png!