Posted on Leave a comment

Some Resolve 17 Color transform methods to DCI X´Y´Z´

Example: Rec 709 Gamma 2.4 to DCI X´Y´Z´

If you choose Rec 709 Gamma 2.4 as the Timeline color space, DCPs made with Kakadu or the Easydcp plugin will have an automatic color transform. It will look strange on a normal monitor when rendering, but when you drop the DCP back in the Rec 709 2.4 project, it will have a reverse DCI X´Y´Z´ to Rec709 2.4 transform applied and look normal.

In “Project setting” – “Color management” – “Color Space and Transforms” – “Timeline color space” choose Color science = DaVinci YRGB and the color space and gamma of the film. Example Rec 709 Gamma 2.4

Example DCI X´Y´Z´ with REC 709 2.4 3D LUT color transform

When DCI X´Y´Z´ is chosen as the Timeline color space, there will be no automatic color conversion when making a DCP.

DCI X´Y´Z´ can be used when using a 3D LUT to do the conversion to DCI X´Y´Z. You can apply an Output lookup table to the project in Lookup tables – Output lookup table.

Project setting – Color space & Tranforms

Project settings – Color Managment – Lookup tables – Output lookup table.

3D Lookup table interpolation = Tetraderal

Other 3D LUTS you can use from my free XYZ 3D LUT PACK:
P3 D60 2.6 gamma
P3 DCI WHITE 2.6 gamma
P3 D61 2.6 gamma
P3 D65 2.6 gamma
Rec709 d65 2.2 gamma
Rec709 d65 2.4 gamma
Rec709 d65 2.6 gamma

Example DCI X´Y´Z´ with no color transform

If the project already is converted to DCI X´Y´Z´ like a DCP you choose “Timeline color space” “DCI X´Y´Z´.”

DCPs made with Kakadu or the Easydcp plugin will have no automatic transform when choosing DCI X´Y´Z´.

On trailers, you often add graphics in RGB with a 3D LUT color transform to DCI X´Y´Z applied to match the DCP.

Example DCI X´Y´Z´ from Rec.709 2.4 with white point adaption from D65 to DCI WHITE

Use Project Setting – Timeline Color space DCI XYZ

Use a corrector node with the Color space transform in Open FX – Resolve FX color effect

Input Color space – Rec. 709
Input Gamma 2.4

Output Color Space: Use Timeline
Output Gamma: Use Timeline
Tone Mapping method: None
Gamut mapping method: None

Advanced. “Use white point adaption” is ticked

Note: When viewing a DCP made with a white point/chromatic adaption from D65 to DCI WHITE in Resolve, the picture is greenish. You can add a corrector node with the “Chromatic Adaption” Resolve FX effect from DCI White to D65 to get it back to normal.

Posted on Leave a comment

Converting stereo to 5.1 in Pro Tools Ultimate with the Waves DTS neural upmix plugin

To convert stereo soundtracks to 5.1 I use Pro Tools Ultimate with the Waves DTS neural upmix, Penteo Upmix and Halo upmix plugins.

Upmixing stereo with Waves DTS neural upmix and Izotope RX loudness control in Pro Tools Ultimate

To normalize the sound to a loudness and dynamics level that works with Waves DTS neural upmix I use Izotope RX loudness control.

To use the Waves DTS neural upmix for a Dolby surround or an LCR mix, I normalize the mix first. I try to avoid a true peak over -6 to avoid clipping when the DTS neural upmix plugin runs. A TV mix often has -23 integrated loudness with max true peak -1. In this example, the stereo mix has an integrated loudness of 21.7, and the true peak is 0.5. If I set the plugin to -28 integrated loudness, the true peak goes to -6.8, and it will not clip in the upmixing.

I choose Multichannel plugin – sound field – DTS neural upmix (stereo 5.1) insert.
For a standard upmix I use the auto setting but lower the LFE by -7. When doing an LCR mix, the Bass Management is turned off, and the Depth slider is moved all the way to the front.

To save the 5.1 mix I use Bounce to disk.

More info:

Cinemas started with mono sound.

Then Dolby Stereo in the 70s used 4 channels extracted from the stereo track: Left, Right, Center, and Mono Surround.

In the 90s compressed 5.1 Dolby Digital, DTS and SDDS were used with discrete Left, Right, Center, LFE, Ls, and Rs channels.

Today digital cinema uses uncompressed 5.1, 7.1 and Dolby Atmos.

DCP specifications for film festivals often say that the sound must be 5.1, or specify that dialogue should have at least an LCR mix with dialogue in the center channel.

Some cinemas that screen archive DCPs with stereo sound can decode sound in Dolby Prologic II or similar. But a lot of cinemas have only 5.1, where the left channel will play in the left speaker, and the right channel will play in the right speaker. Without a center channel, the dialogue will sound like it comes from the left side if you sit on the left side of the auditorium and the right side if you sit on the right side. If you sit in the center, you can get a phantom center, but only some seats will get this effect, and phase cancellations between the left and right speaker can cause an unpleasant effect. In 5.1 mixing, there is a best common practice to avoid using the same sound in two different channels at the same time to avoid these phase issues.

Posted on Leave a comment

Activate SSL/TLS on the SFTPGO web UI

In this post, I describe how to activate SSL/TLS encryption on the SFTPGO web admin UI with CERTBOT and enable auto-renewal of the certificates using a post-renewal hook shell script.

Certbot is a free tool to enable TLS 1.3 AES 128 SHA 256 HTTPS using Lets encrypt certificates.

In this setup guide, I mostly followed the official Certbot instruction for a snapd installation/other server and some of the instructions from here.

This is a follow-up post to Setting up a SFTPGO SFTP server on a Hetzner Ubuntu 20.10 server.

Install Certbot SSL/TLS encryption on the SFTPGO web UI

Install snap with apt

sudo apt install snapd

Install snap core

sudo snap install core; sudo snap refresh core

Make sure certbot is not already installed with apt

sudo apt remove certbot

Install certbot with snap

sudo snap install --classic certbot

Make a symlink between /snap/bin/certbot and /usr/bin/certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Open port 80 in the firewall

Certbot creates a web server on port 80 when it generates the SSL/TLS certificates so I open port 80 in the firewall. SFTPGO is running on port 8080.

Hetzner firewall

Image of opening port 80 in the hetzner firewall

nftables firewall

To activate HTTP(S) on the nftables firewall I used in this post, you would uncomment these lines:

Allow HTTP(S).  
tcp dport { http, https } accept
udp dport { http, https } accept

Run Certbot

Certbot uses the domain name of your server. You can find it by doing a reverse domain lookup on your server IP address. You also need to give certbot an email address.

Link: mxtoolbox reverse domain lookup

sudo certbot certonly --standalone

Make the post renewal hook shell script and run it

This shell script copies the files to the sftpgo ssl directory, changes the ownership of the certificates to the sftpgo user and reloads sftpgo (sends a SIGHUP) when certbot renews the certificates. SFTPGO will keep on running when it reloads.

Open the script in nano

sudo nano /etc/letsencrypt/renewal-hooks/post/

Copy and paste the script

You need to change the to the name of your server.

Github link for this script.

sudo cp /etc/letsencrypt/live/ /etc/sftpgo/ssl/
sudo cp /etc/letsencrypt/live/ /etc/sftpgo/ssl/
sudo chown -R sftpgo:sftpgo /etc/sftpgo/ssl
sudo systemctl reload sftpgo 
Image of the script pasted in nano

Make the shell script executable

sudo chmod 755 /etc/letsencrypt/renewal-hooks/post/ 

Run the script

cd /etc/letsencrypt/renewal-hooks/post/ 

Enable SSL/TLS https in the SFTPGO configuration file sftpgo.json

Edit the sftpgo.json configuration file with nano

sudo nano /etc/sftpgo/sftpgo.json

Enable_https from false to true

"enable_https": true,

Change certificate_file to /etc/sftpgo/ssl/cert.pem
Change certificate_key_file to /etc/sftpgo/ssl/privkey.pem

"certificate_file": "/etc/sftpgo/ssl/cert.pem",
"certificate_key_file": "/etc/sftpgo/ssl/privkey.pem",
image of the changed json file

Restart SFTPGO

sudo systemctl restart sftpgo
sudo systemctl status sftpgo
image of sftpgo status

Type in your server address in a web browser

The lock icon besides the address will be locked and SSL/TLS encryption is active.

sftpgo web page

lock icon

Testing the certbot auto renewal process (optional)

Check the status of snap.certbot.renew.timer

Cerbot installs a systemd timer called snap.certbot.renew.timer.

It runs twice every day to check if it is time to renew the certificates. (It will run the renewal every 90 days)

sudo systemctl status snap.certbot.renew.timer 

Run a forced renewal of the certificates

To check if everything works, you can run a forced renewal of the certificates. (Max 5 times a week).

sudo certbot renew --force-renewal

Type in your server address in a web browser

Check if it works.