great :) On Fri, Nov 24, 2017 at 2:54 AM, Hossein Dehghanpoor < hossein.dehghanp...@gmail.com> wrote:
> OK maxim > it is solved and ok. > thank you > > On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor < > hossein.dehghanp...@gmail.com> wrote: > >> this is mine httpd reverse proxy >> >> <IfModule mod_ssl.c> >> #NameVirtualHost *:443 >> ProxyRequests Off >> <VirtualHost *:80> >> ServerAdmin i...@saba-co.net >> ServerName elearning.saba-co.net >> ProxyPreserveHost On >> RewriteEngine on >> #CacheDisable "https://elearning.saba-co.net/"; >> # Redirect http traffic to https >> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R] >> </VirtualHost> >> <VirtualHost *:443> >> ServerAdmin i...@saba-co.net >> ServerName elearning.saba-co.net >> SSLEngine on >> SSLProxyEngine On >> RequestHeader set Front-End-Https "On" >> ProxyPreserveHost On >> RewriteEngine on >> CacheDisable "http://elearning.saba-co.net/"; >> #Reverse proxy all requests >> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P] >> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt >> SSLCertificateKeyFile /etc/pki/tls/private/server.key >> SetEnvIf User-Agent ".*MSIE.*" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >> </VirtualHost> >> </IfModule> >> >> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor < >> hossein.dehghanp...@gmail.com> wrote: >> >>> i think that the problem is in reversed proxy.. >>> >>> can any one help me to solve this issue? >>> >>> >>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor < >>> hossein.dehghanp...@gmail.com> wrote: >>> >>>> the only logs that i see are these: >>>> >>>> >>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil >>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED] >>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao >>>> [0.0-5080-exec-3] - getActiveLdapConfigs >>>> >>>> >>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor < >>>> hossein.dehghanp...@gmail.com> wrote: >>>> >>>>> sorry there were two <property name="connectionProperties">. >>>>> >>>>> that problem is ok. >>>>> >>>>> but another thing happen :(( >>>>> >>>>> that error does not occure any more, but when i try to login, nothing >>>>> happen and the page just gets refreshed.. >>>>> >>>>> >>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor < >>>>> hossein.dehghanp...@gmail.com> wrote: >>>>> >>>>>> yes. right now im using reversed proxy by httpd. the problem which >>>>>> now im facing, is i can not get login and this is the log. >>>>>> >>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt >>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request >>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o >>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid= >>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba >>>>>> -co.net, action: aborted with error 400 Origin does not correspond >>>>>> to request >>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt >>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request >>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o >>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid= >>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba >>>>>> -co.net, action: aborted with error 400 Origin does not correspond >>>>>> to request >>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.htt >>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request >>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o >>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid= >>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba >>>>>> -co.net, action: aborted with error 400 Origin does not correspond >>>>>> to request >>>>>> >>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik < >>>>>> solomax...@gmail.com> wrote: >>>>>> >>>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is this >>>>>>> the case? >>>>>>> >>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor < >>>>>>> hossein.dehghanp...@gmail.com> wrote: >>>>>>> >>>>>>>> Hello Maxim >>>>>>>> I have checked that. >>>>>>>> it is said that: add '<property name="secure" value="true" />' >>>>>>>> to ../conf/jee-container.xml right before '<property >>>>>>>> name="connectionProperties">' >>>>>>>> but this value, exists in "jee-container.xml" and the problem still >>>>>>>> exists. >>>>>>>> >>>>>>>> do any thing else should i do? >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor < >>>>>>>> hossein.dehghanp...@gmail.com> wrote: >>>>>>>> >>>>>>>>> Hello Dear Maxim, >>>>>>>>> Ok thank you. i will check that >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor < >>>>>>>>> hossein.dehghanp...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> *Hello Dear Yakovlev,* >>>>>>>>>> *Yes I done that.* >>>>>>>>>> *as i checked the logs, OM says that keystore is not found.* >>>>>>>>>> >>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. < >>>>>>>>>> yakovlev...@krvostok.ru> wrote: >>>>>>>>>> >>>>>>>>>>> Hello Hossein, >>>>>>>>>>> >>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties: >>>>>>>>>>> >>>>>>>>>>> rtmps.keystorepass=... >>>>>>>>>>> >>>>>>>>>>> rtmps.truststorepass=... >>>>>>>>>>> >>>>>>>>>>> jmx.keystorepass=... >>>>>>>>>>> >>>>>>>>>>> ? >>>>>>>>>>> >>>>>>>>>>> Ones must be the same you entered by the keytool command. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Nik >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gm >>>>>>>>>>> ail.com] >>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM >>>>>>>>>>> *To:* Openmeetings user-list >>>>>>>>>>> *Subject:* Re: self signed https problem >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> hola maxim >>>>>>>>>>> >>>>>>>>>>> i googled a lot and did some thing. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> here are my steps: >>>>>>>>>>> >>>>>>>>>>> 1- create key >>>>>>>>>>> >>>>>>>>>>> 2- create csr >>>>>>>>>>> >>>>>>>>>>> 3- request a CA to sign my csr >>>>>>>>>>> >>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and >>>>>>>>>>> Intermediate cert as one file* - so because of this i removed >>>>>>>>>>> some parts of the commands ) >>>>>>>>>>> >>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out >>>>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile >>>>>>>>>>> intermedXX.crt deleted) >>>>>>>>>>> >>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore >>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore >>>>>>>>>>> red5/conf/keystore.jks -alias red5 >>>>>>>>>>> >>>>>>>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks >>>>>>>>>>> -trustcacerts -file root.crt >>>>>>>>>>> >>>>>>>>>>> 8- (keytool -import -alias intermed -keystore >>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted) >>>>>>>>>>> >>>>>>>>>>> 9- edited red5/conf/jee-container.xml >>>>>>>>>>> >>>>>>>>>>> 10- and server is listening on 443 >>>>>>>>>>> >>>>>>>>>>> but the connection got refused when i try to get https connection >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik < >>>>>>>>>>> solomax...@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>> You can google it :)) >>>>>>>>>>> >>>>>>>>>>> Here are something to start from: https://www.sslshopper.c >>>>>>>>>>> om/article-most-common-openssl-commands.html >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor < >>>>>>>>>>> hossein.dehghanp...@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>> hello maxim >>>>>>>>>>> >>>>>>>>>>> i have tried to setup self signed https on my om >>>>>>>>>>> >>>>>>>>>>> according to this link: >>>>>>>>>>> >>>>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign >>>>>>>>>>> ed_certificate >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> i need tow cert files and one key file, iam i right? >>>>>>>>>>> >>>>>>>>>>> so how can i generate ca.cert and red5.cert?? >>>>>>>>>>> >>>>>>>>>>> i got confused :)) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> and one thing more, can i integrate nginx and om? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> WBR >>>>>>>>>>> Maxim aka solomax >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> WBR >>>>>>> Maxim aka solomax >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> > -- WBR Maxim aka solomax
