Thanks for the heads-up. Jason
On Jun 9, 2016, 10:56 PM, at 10:56 PM, Vasiliy Degtyarev <va...@unipro.ru> wrote: >Hello Jason! > >Maxim in now out of office, he returns June 20 >so no updates on screen share for RTMPS. > >Thanks, >Vasiliy > >On 10.06.2016 9:23, Jason Romo wrote: >> Any update on getting RTMPS working with desktop share? >> >> >>> On May 27, 2016, at 5:04 AM, Maxim Solodovnik <solomax...@gmail.com >>> <mailto:solomax...@gmail.com>> wrote: >>> >>> Thanks for sharing this Jason, >>> >>> I'll update instructions with 3.1.2 release, currently trying to fix > >>> RTMPS screen-sharing >>> >>> On Fri, May 27, 2016 at 3:42 PM, Jason Romo >>> <ja...@securityarsenal.com <mailto:ja...@securityarsenal.com>> >wrote: >>> >>> Ok SSL with RTMPS works, but Screen Share is broken. They are >>> working on it , 3.1.2 is waiting for a resoution. Thanks to >Maxim >>> for helping resolve the proxyType issue. That was the one thing >>> all docs missed the other was ports. I don’t think one document >>> had a working config example for Openmeetings 3.1.1. Even the >doc >>> on RTMPS at the official website doesn’t work. This works! So >>> enjoy stress free install using SSL. >>> >>> To get SSL working with RTMPS you need to do the following: >>> >>> If you want to use LetsEncrypt Free SSL do this use the >following >>> or skip and add your own valid cert from any location to the >>> keystone. I add the LetsEncrypt because I couldn’t find a single >>> source that had this correct either. It took a bit to resolve. >>> >>> Install LetsEncrypt plenty of places to show you how to install. > >>> Then do cert-only install. You need to convert the cert to work >>> with keystone. >>> >>> cd /etc/letsencrypt/live/yourdomain >>> >>> # Java cacerts you can add the x3-cross-sign.pem to it like >this. >>> You have to download the x3-cross-sign.pem from letsencrypt >>> website. the default Java password is: changeit >>> keytool -importcert -file >>> /etc/letsencrypt/live/yourdomain/x3-cross-sign.pem -keystore >cacerts >>> >>> # Make new keystore >>> #keytool -keysize 2048 -genkey -alias key -keyalg RSA -keystore >>> keystore.jks >>> >>> # Make sure you append the x3-cross-sign.pem to the chain.pem or >>> it will not work. >>> openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out >>> cert_and_key.p12 -name red5 -CAfile chain.pem -caname root >>> >>> # Import keys >>> keytool -importkeystore -deststorepass password -destkeypass >>> password -destkeystore keystore.jks -srckeystore >cert_and_key.p12 >>> -srcstoretype PKCS12 -srcstorepass d4h3j9nq1 -alias red5 >>> >>> cp keystore.jks /opt/yourinstall/conf/keystore.jks >>> cp keystore.jks /opt/yourinstall/conf/keystore.screen >>> cp keystore.jks /opt/yourinstall/conf/truststore.jks >>> >>> >>> >>> vi conf/red5.properties >>> https.port=443 >>> rtmps.port=443 >>> rtmps.keystorepass=yourpass >>> rtmps.keystorefile=conf/keystore.jks >>> rtmps.truststorepass=yourpass >>> rtmps.truststorefile=conf/truststore.jks >>> >>> Make sure you set proxyType to none or it will not work. >>> vi webapps/openmeetings/public/config.xml >>> <rtmpport>1935</rtmpport> >>> <rtmpsslport>443</rtmpsslport> >>> <useSSL>yes</useSSL> >>> <protocol>https</protocol> >>> # NOTE: don’t use best like other docs say. It doesn’t work!! >>> <proxyType>none</proxyType> >>> >>> >>> Now enable SSL in the jee-container.xml. I copy the file >>> appending .ssl and .html to allow quick changes. >>> vi conf/jee-container.xml >>> >>> <!-- Tomcat without SSL enabled >>> <bean id="tomcat.server" >>> class="org.red5.server.tomcat.TomcatLoader" >>> depends-on="context.loader" init-method="start" >lazy-init="true"> >>> >>> <property name="webappFolder" >value="${red5.root}/webapps" /> >>> >>> <property name="connectors"> >>> <list> >>> <bean name="httpConnector" >>> class="org.red5.server.tomcat.TomcatConnector"> >>> <property name="protocol" >>> value="org.apache.coyote.http11.Http11NioProtocol" /> >>> <property name="address" value="${http.host}:${http.port}" /> >>> <property name="redirectPort" value="${https.port}" /> >>> </bean> >>> </list> >>> </property> >>> >>> <property name="baseHost"> >>> <bean class="org.apache.catalina.core.StandardHost"> >>> <property name="name" value="${http.host}" /> >>> </bean> >>> </property> >>> >>> <property name="valves"> >>> <list> >>> <bean id="valve.access" >>> class="org.apache.catalina.valves.AccessLogValve"> >>> <property name="directory" value="log" /> >>> <property name="prefix" value="${http.host}_access." /> >>> <property name="suffix" value=".log" /> >>> <property name="pattern" value="common" /> >>> <property name="rotatable" value="true" /> >>> </bean> >>> </list> >>> </property> >>> >>> </bean> >>> --> >>> <!-- Tomcat with SSL enabled --> >>> <bean id="tomcat.server" >>> class="org.red5.server.tomcat.TomcatLoader" >>> depends-on="context.loader" init-method="start" >lazy-init="true"> >>> >>> <property name="webappFolder" >value="${red5.root}/webapps" /> >>> >>> <property name="connectors"> >>> <list> >>> <bean name="httpConnector" >>> class="org.red5.server.tomcat.TomcatConnector"> >>> <property name="protocol" >>> value="org.apache.coyote.http11.Http11NioProtocol" /> >>> <property name="address" value="${http.host}:${http.port}" /> >>> <property name="redirectPort" value="${https.port}" /> >>> </bean> >>> <bean name="httpsConnector" >>> class="org.red5.server.tomcat.TomcatConnector"> >>> <property name="secure" value="true" /> >>> <property name="protocol" >>> value="org.apache.coyote.http11.Http11NioProtocol" /> >>> <property name="address" value="${http.host}:${https.port}" /> >>> <property name="redirectPort" value="${http.port}" /> >>> <property name="connectionProperties"> >>> <map> >>> <entry key="port" value="${https.port}" /> >>> <entry key="redirectPort" value="${http.port}" /> >>> <entry key="SSLEnabled" value="true" /> >>> <entry key="sslProtocol" value="TLS" /> >>> <entry key="keystoreFile" value="${rtmps.keystorefile}" /> >>> <entry key="keystorePass" value="${rtmps.keystorepass}" /> >>> <entry key="keystoreType" value="JKS" /> >>> <entry key="truststoreFile" value="${rtmps.truststorefile}" >/> >>> <entry key="truststorePass" value="${rtmps.truststorepass}" >/> >>> <entry key="clientAuth" value="false" /> >>> <entry key="allowUnsafeLegacyRenegotiation" value="true" /> >>> <entry key="maxKeepAliveRequests" >>> value="${http.max_keep_alive_requests}"/> >>> <entry key="useExecutor" value="true"/> >>> <entry key="maxThreads" value="${http.max_threads}"/> >>> <entry key="acceptorThreadCount" >>> value="${http.acceptor_thread_count}"/> >>> <entry key="processorCache" >value="${http.processor_cache}"/> >>> </map> >>> </property> >>> </bean> >>> </list> >>> </property> >>> >>> <property name="baseHost"> >>> <bean class="org.apache.catalina.core.StandardHost"> >>> <property name="name" value="${http.host}" /> >>> </bean> >>> </property> >>> >>> </bean> >>> >>> >>> You can now start up red5 from init if you followed the install >>> instructions. You should be able to connect to >>> https://yourdomain.com <https://yourdomain.com/>. If it >>> complains the cert is not valid then you missed something in the >>> keystone process. This is the script I use to build my keystone >>> from a cron job just before it expires automatically so it >should >>> work. >>> >>> Good luck, >>> Jason >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> WBR >>> Maxim aka solomax >>
