Any update on getting RTMPS working with desktop share?
> On May 27, 2016, at 5:04 AM, Maxim Solodovnik <solomax...@gmail.com> wrote: > > Thanks for sharing this Jason, > > I'll update instructions with 3.1.2 release, currently trying to fix RTMPS > screen-sharing > > On Fri, May 27, 2016 at 3:42 PM, Jason Romo <ja...@securityarsenal.com > <mailto:ja...@securityarsenal.com>> wrote: > Ok SSL with RTMPS works, but Screen Share is broken. They are working on it > , 3.1.2 is waiting for a resoution. Thanks to Maxim for helping resolve the > proxyType issue. That was the one thing all docs missed the other was ports. > I don’t think one document had a working config example for Openmeetings > 3.1.1. Even the doc on RTMPS at the official website doesn’t work. This > works! So enjoy stress free install using SSL. > > To get SSL working with RTMPS you need to do the following: > > If you want to use LetsEncrypt Free SSL do this use the following or skip and > add your own valid cert from any location to the keystone. I add the > LetsEncrypt because I couldn’t find a single source that had this correct > either. It took a bit to resolve. > > Install LetsEncrypt plenty of places to show you how to install. Then do > cert-only install. You need to convert the cert to work with keystone. > > cd /etc/letsencrypt/live/yourdomain > > # Java cacerts you can add the x3-cross-sign.pem to it like this. You have to > download the x3-cross-sign.pem from letsencrypt website. the default Java > password is: changeit > keytool -importcert -file /etc/letsencrypt/live/yourdomain/x3-cross-sign.pem > -keystore cacerts > > # Make new keystore > #keytool -keysize 2048 -genkey -alias key -keyalg RSA -keystore keystore.jks > > # Make sure you append the x3-cross-sign.pem to the chain.pem or it will not > work. > openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 > -name red5 -CAfile chain.pem -caname root > > # Import keys > keytool -importkeystore -deststorepass password -destkeypass password > -destkeystore keystore.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 > -srcstorepass d4h3j9nq1 -alias red5 > > cp keystore.jks /opt/yourinstall/conf/keystore.jks > cp keystore.jks /opt/yourinstall/conf/keystore.screen > cp keystore.jks /opt/yourinstall/conf/truststore.jks > > > > vi conf/red5.properties > https.port=443 > rtmps.port=443 > rtmps.keystorepass=yourpass > rtmps.keystorefile=conf/keystore.jks > rtmps.truststorepass=yourpass > rtmps.truststorefile=conf/truststore.jks > > Make sure you set proxyType to none or it will not work. > vi webapps/openmeetings/public/config.xml > <rtmpport>1935</rtmpport> > <rtmpsslport>443</rtmpsslport> > <useSSL>yes</useSSL> > <protocol>https</protocol> > # NOTE: don’t use best like other docs say. It doesn’t work!! > <proxyType>none</proxyType> > > > Now enable SSL in the jee-container.xml. I copy the file appending .ssl and > .html to allow quick changes. > vi conf/jee-container.xml > > <!-- Tomcat without SSL enabled > <bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" > depends-on="context.loader" init-method="start" lazy-init="true"> > > <property name="webappFolder" value="${red5.root}/webapps" /> > > <property name="connectors"> > <list> > <bean name="httpConnector" > class="org.red5.server.tomcat.TomcatConnector"> > <property name="protocol" > value="org.apache.coyote.http11.Http11NioProtocol" /> > <property name="address" > value="${http.host}:${http.port}" /> > <property name="redirectPort" value="${https.port}" /> > </bean> > </list> > </property> > > <property name="baseHost"> > <bean class="org.apache.catalina.core.StandardHost"> > <property name="name" value="${http.host}" /> > </bean> > </property> > > <property name="valves"> > <list> > <bean id="valve.access" > class="org.apache.catalina.valves.AccessLogValve"> > <property name="directory" value="log" /> > <property name="prefix" value="${http.host}_access." /> > <property name="suffix" value=".log" /> > <property name="pattern" value="common" /> > <property name="rotatable" value="true" /> > </bean> > </list> > </property> > > </bean> > --> > <!-- Tomcat with SSL enabled --> > <bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" > depends-on="context.loader" init-method="start" lazy-init="true"> > > <property name="webappFolder" value="${red5.root}/webapps" /> > > <property name="connectors"> > <list> > <bean name="httpConnector" > class="org.red5.server.tomcat.TomcatConnector"> > <property name="protocol" > value="org.apache.coyote.http11.Http11NioProtocol" /> > <property name="address" > value="${http.host}:${http.port}" /> > <property name="redirectPort" value="${https.port}" /> > </bean> > <bean name="httpsConnector" > class="org.red5.server.tomcat.TomcatConnector"> > <property name="secure" value="true" /> > <property name="protocol" > value="org.apache.coyote.http11.Http11NioProtocol" /> > <property name="address" > value="${http.host}:${https.port}" /> > <property name="redirectPort" value="${http.port}" /> > <property name="connectionProperties"> > <map> > <entry key="port" value="${https.port}" /> > <entry key="redirectPort" value="${http.port}" /> > <entry key="SSLEnabled" value="true" /> > <entry key="sslProtocol" value="TLS" /> > <entry key="keystoreFile" > value="${rtmps.keystorefile}" /> > <entry key="keystorePass" > value="${rtmps.keystorepass}" /> > <entry key="keystoreType" value="JKS" /> > <entry key="truststoreFile" > value="${rtmps.truststorefile}" /> > <entry key="truststorePass" > value="${rtmps.truststorepass}" /> > <entry key="clientAuth" value="false" /> > > <entry key="allowUnsafeLegacyRenegotiation" > value="true" /> > <entry key="maxKeepAliveRequests" > value="${http.max_keep_alive_requests}"/> > <entry key="useExecutor" value="true"/> > <entry key="maxThreads" > value="${http.max_threads}"/> > <entry key="acceptorThreadCount" > value="${http.acceptor_thread_count}"/> > <entry key="processorCache" > value="${http.processor_cache}"/> > </map> > </property> > </bean> > </list> > </property> > > <property name="baseHost"> > <bean class="org.apache.catalina.core.StandardHost"> > <property name="name" value="${http.host}" /> > </bean> > </property> > > </bean> > > > You can now start up red5 from init if you followed the install instructions. > You should be able to connect to https://yourdomain.com > <https://yourdomain.com/>. If it complains the cert is not valid then you > missed something in the keystone process. This is the script I use to build > my keystone from a cron job just before it expires automatically so it should > work. > > Good luck, > Jason > > > > > > > > > > > > > > > > > > > > -- > WBR > Maxim aka solomax
