I had added a space and it turned it all yellow in bash.
Sent from my android device.
-----Original Message-----
From: Aaron Hepp <aaron.h...@gmail.com>
To: user@openmeetings.apache.org, Alan Johnson
<merch...@argentwolf.org>, Maxim Solodovnik <solomax...@gmail.com>
Sent: Fri, 30 Mar 2018 12:12
Subject: Re: Let's Encrypt and OM and Ubuntu
Looks like you did not comment out the <!-- Tomcat without SSL enabled
-- > section.
That has to be commented out to force SSL.
remove the --> from that line and add it right above this line
<!-- Tomcat with SSL enabled -->
That will comment out the entire "non-SSL" portion.
On 3/30/2018 12:02 PM, Alan Johnson wrote:
> I have done both of those steps.
>
> I created the keystore via the email chain you sent the link to. That
> seemed to work with no errors.
>
> I had previously enabled/disabled tomcat.
>
> I tried an experiment and changed the comment on the file and it
> seemed to like it better (included below) and seems to have fixed the
> errors in the log file, but it isn't answering on any of the expected
> ports (5443/8443/443 <tel:8443443>).
>
>
> From red5.properties <http://red5.properties>:
>
> # Socket policy
> policy.host <http://policy.host>=0.0.0.0
> policy.port=843
>
> # HTTP
> http.host <http://http.host>=0.0.0.0
> http.port=5080
> https.port=443
> http.URIEncoding=UTF-8
> http.max_headers_size=8192
> http.max_keep_alive_requests=-1
> http.max_threads=20
> http.acceptor_thread_count=10
> http.processor_cache=20
>
> # RTMPS
> rtmps.host <http://rtmps.host>=0.0.0.0
> rtmps.port=8443
>
>
> root@freki:/opt/red5402/log# ufw status
> Status: active
>
> To Action From
> -- ------ ----
> OpenSSH ALLOW Anywhere
> 5080 ALLOW Anywhere
> 1935 ALLOW Anywhere
> 80 ALLOW Anywhere
> 5443 ALLOW Anywhere
> 8443 ALLOW Anywhere
> 443 ALLOW Anywhere
> OpenSSH (v6) ALLOW Anywhere (v6)
> 5080 (v6) ALLOW Anywhere (v6)
> 1935 (v6) ALLOW Anywhere (v6)
> 80 (v6) ALLOW Anywhere (v6)
> 5443 (v6) ALLOW Anywhere (v6)
> 8443 (v6) ALLOW Anywhere (v6)
> 443 (v6) ALLOW Anywhere (v6)
>
> This is what is in the red5.log file, if it helps:
>
> root@freki:/opt/red5402/log# cat red5.log
> 2018-03-30 01:20:35,450 [main] INFO org.red5.server.Launcher - Red5
> Server 1.0.10 (https://github.com/Red5)
> 2018-03-30 01:20:35,570 [main] INFO
> o.s.c.s.FileSystemXmlApplicationContext - Refreshing
> org.springframework.context.support
<http://org.springframework.context.support>.FileSystemXmlApplicationContext@548b7f67:
> startup date [Fri Mar 30 01:20:35 UTC 2018]; root of context hierarchy
> 2018-03-30 01:20:35,687 [main] INFO
> o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions
> from class path resource [red5.xml]
> 2018-03-30 01:20:36,074 [main] INFO
> o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions
> from class path resource [jee-container.xml]
> 2018-03-30 01:21:36,609 [http-nio-0.0.0.0-5080-exec-4] INFO
> o.a.coyote.http11.Http11Processor - Error parsing HTTP request header
> Note: further occurrences of HTTP request parsing errors will be
> logged at DEBUG level.
> java.lang.IllegalArgumentException: Invalid character found in method
> name. HTTP method names must be tokens
> at
>
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410
<http://Http11InputBuffer.java:410>)
> at
>
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291
<http://Http11Processor.java:291>)
> at
>
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66
<http://AbstractProcessorLight.java:66>)
> at
>
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754
<http://AbstractProtocol.java:754>)
> at
> org.apache.tomcat.util.net
<http://org.apache.tomcat.util.net>.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376
<http://NioEndpoint.java:1376>)
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run
<http://org.apache.tomcat.util.net.SocketProcessorBase.run>(SocketProcessorBase.java:49
<http://SocketProcessorBase.java:49>)
> at
>
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149
<http://ThreadPoolExecutor.java:1149>)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run
<http://Worker.run>(ThreadPoolExecutor.java:624
<http://ThreadPoolExecutor.java:624>)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run
<http://WrappingRunnable.run>(TaskThread.java:61
<http://TaskThread.java:61>)
> at java.lang.Thread.run
<http://java.lang.Thread.run>(Thread.java:748 <http://Thread.java:748>)
>
> Full Jee-container.xml if it helps:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed
with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version
> 2.0
> (the "License"); you may not use this file except in compliance
with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <beans xmlns="http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:lang="http://www.springframework.org/schema/lang";
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://www.springframework.org/schema/lang
> http://www.springframework.org/schema/lang/spring-lang.xsd
> ">
> <!--
> The tomcat connectors may be blocking or non-blocking. Select
> between either option via the protocol property.
> Blocking I/O:
> <property name="protocol"
> value="org.apache.coyote.http11.Http11Protocol" />
> Non-blocking I/O:
> <property name="protocol"
> value="org.apache.coyote.http11.Http11NioProtocol" />
> -->
> <!-- Tomcat without SSL enabled -- >
> <bean id="tomcat.server"
> class="org.red5.server.tomcat.TomcatLoader"
> depends-on="context.loader" lazy-init="true">
> <property name="webappFolder"
> value="${red5.root}/webapps" />
> <property name="connectors">
> <list>
> <bean name="httpConnector"
> class="org.red5.server.tomcat.TomcatConnector">
> <property name="protocol"
> value="org.apache.coyote.http11.Http11NioProtocol" />
> <property name="address"
> value="${http.host <http://http.host>}:${http.port}" />
> <property name="redirectPort"
> value="${https.port}" />
> <property
> name="connectionProperties">
> <map>
> <entry
> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
> <entry
> key="keepAliveTimout" value="-1"/>
> </map>
> </property>
> </bean>
> </list>
> </property>
> <property name="baseHost">
> <bean
> class="org.apache.catalina.core.StandardHost">
> <property name="name"
> value="${http.host <http://http.host>}" />
> </bean>
> </property>
> <property name="valves">
> <list>
> <bean id="valve.access"
> class="org.apache.catalina.valves.AccessLogValve">
> <property name="directory"
> value="log" />
> <property name="prefix"
> value="${http.host <http://http.host>}_access." />
> <property name="suffix"
> value=".log" />
> <property name="pattern"
> value="common" />
> <property name="rotatable"
> value="true" />
> </bean>
> <bean id="valve.error"
> class="org.apache.catalina.valves.ErrorReportValve">
> <property name="showReport"
> value="false" />
> <property
> name="showServerInfo" value="false" />
> </bean>
> </list>
> </property>
> </bean>
>
> <!-- Tomcat with SSL enabled -->
>
> <bean id="tomcat.server"
> class="org.red5.server.tomcat.TomcatLoader"
> depends-on="context.loader" lazy-init="true">
> <property name="webappFolder"
> value="${red5.root}/webapps" />
> <property name="connectors">
> <list>
> <bean name="httpConnector"
> class="org.red5.server.tomcat.TomcatConnector">
> <property name="protocol"
> value="org.apache.coyote.http11.Http11NioProtocol" />
> <property name="address"
> value="${http.host <http://http.host>}:${http.port}" />
> <property name="redirectPort"
> value="${https.port}" />
> </bean>
> <bean name="httpsConnector"
> class="org.red5.server.tomcat.TomcatConnector">
> <property name="secure"
> value="true" />
> <property name="protocol"
> value="org.apache.coyote.http11.Http11NioProtocol" />
> <property name="address"
> value="${http.host <http://http.host>}:${https.port}" />
> <property name="redirectPort"
> value="${http.port}" />
> <property
> name="connectionProperties">
> <map>
> <entry
> key="port" value="${https.port}" />
> <entry
> key="redirectPort" value="${http.port}" />
> <entry
> key="SSLEnabled" value="true" />
> <entry
> key="sslProtocol" value="TLS" />
> <entry
> key="keystoreFile" value="${rtmps.keystorefile}" />
> <entry
> key="keystorePass" value="${rtmps.keystorepass}" />
> <entry
> key="truststoreFile" value="${rtmps.truststorefile}" />
> <entry
> key="truststorePass" value="${rtmps.truststorepass}" />
> <entry
> key="clientAuth" value="false" />
> <entry
> key="allowUnsafeLegacyRenegotiation" value="true" />
> <entry
> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
> <entry
> key="keepAliveTimout" value="-1"/>
> <entry
> key="useExecutor" value="true"/>
> <entry
> key="maxThreads" value="${http.max_threads}"/>
> <entry
> key="acceptorThreadCount" value="${http.acceptor_thread_count}"/>
> <entry
> key="processorCache" value="${http.processor_cache}"/>
> </map>
> </property>
> </bean>
> </list>
> </property>
> <property name="baseHost">
> <bean
> class="org.apache.catalina.core.StandardHost">
> <property name="name"
> value="${http.host <http://http.host>}" />
> </bean>
> </property>
> <property name="valves">
> <list>
> <bean id="valve.access"
> class="org.apache.catalina.valves.AccessLogValve">
> <property name="directory"
> value="log" />
> <property name="prefix"
> value="${http.host <http://http.host>}_access." />
> <property name="suffix"
> value=".log" />
> <property name="pattern"
> value="common" />
> <property name="rotatable"
> value="true" />
> </bean>
> <bean id="valve.error"
> class="org.apache.catalina.valves.ErrorReportValve">
> <property name="showReport"
> value="false" />
> <property
> name="showServerInfo" value="false" />
> </bean>
> </list>
> </property>
> </bean>
> -->
> </beans>
>
>
> On 3/30/2018 2:37 AM, Maxim Solodovnik wrote:
>> Hello Alan,
>>
>> To eneble HTTPS for OM you need to do 2 things:
>>
>> 1) create valid keystore/truststore (ensure filename/path is
correctly
>> defined in red5.properties <http://red5.properties>)
>> 2) Edit red5/conf/jee-container.xml file:
>> Comment Tomcat without SSL enabled section
>> UNComment Tomcat with SSL enabled section
>>
>> On Fri, Mar 30, 2018 at 5:30 AM, Alan Johnson
>> <merch...@argentwolf.org <mailto:merch...@argentwolf.org>> wrote:
>>> So I tried using the steps in the email, and they successfully
>>> created the
>>> keystore.
>>>
>>> However the steps to enable HTTPS web interface appear to be
>>> incorrect/have
>>> changed.
>>>
>>> Edit red5/webapps/openmeetings/public/config.xml and set
>>> <protocol>https</protocol>
>>> Edit red5/webapps/openmeetings/public/config.xml and set
>>> red5httpport to
>>> https port
>>>
>>> These files (Config.xml) are missing from the directory.
>>>
>>> root@freki:/opt/red5402/webapps/openmeetings/public# ls -al
>>> total 968
>>> drwxr-xr-x 3 nobody root 4096 Mar 29 22:29 .
>>> drwxr-xr-x 15 nobody root 4096 Mar 28 21:08 ..
>>> -rw-rw-r-- 1 nobody root 4597 Feb 1 23:17 chat_message.mp3
>>> drwxrwxr-x 2 nobody root 4096 Feb 24 23:00 cliparts
>>> -rw-rw-r-- 1 nobody root 11294 Feb 1 23:17 favicon.ico
>>> -rw-rw-r-- 1 nobody root 572587 Feb 24 23:00 main.swf
>>> -rw-rw-r-- 1 nobody root 384036 Feb 24 23:01 networktest.swf
>>>
>>> Please advise.
>>>
>>>
>>>
>>> On 3/29/2018 2:52 AM, Maxim Solodovnik wrote:
>>>
>>> What preventing you from using this script?
>>>
>>> On Thu, Mar 29, 2018 at 1:41 PM, Anis Aliev <aliev.a...@gmail.com
<mailto:aliev.a...@gmail.com>>
>>> wrote:
>>>
>>> Guys from bigbluebutton aleady developed a script for installing
>>> with lE
>>>
>>> чт, 29 марта 2018 г., 9:32 Maxim Solodovnik <solomax...@gmail.com
<mailto:solomax...@gmail.com>>:
>>>
>>> great :)
>>>
>>> ps please CC user@ list :)
>>>
>>>
>>> On Thu, Mar 29, 2018 at 11:18 AM, Alan Johnson
>>> <merch...@argentwolf.org <mailto:merch...@argentwolf.org>>
>>> wrote:
>>>
>>> Thank you for pointing it out. I will try the steps listed in the 18
>>> Oct
>>> 2017 email tomorrow.
>>>
>>> I might suggest that given the number of other emails asking about
>>> it to
>>> update the guide and / or build in certbot functionality to simplify
>>> the
>>> configuration. If I had my preference, the installer would offer LE
>>> https as
>>> a default option for installation.
>>>
>>>
>>> On 3/29/2018 12:13 AM, Maxim Solodovnik wrote:
>>>
>>> This topic was discussed many times:
>>>
>>>
>>>
https://openmeetings.markmail.org/search/?q=letsencrypt#query:letsencrypt+page:1+mid:ik4qdhdychl364bp+state:results
>>>
>>>
>>> What steps are not work for you?
>>>
>>> On Thu, Mar 29, 2018 at 10:14 AM, Anis Aliev
<aliev.a...@gmail.com <mailto:aliev.a...@gmail.com>>
>>> wrote:
>>>
>>> This is why I am asking community to arrange tutorial for SSL
based on
>>> LE.
>>>
>>> FYI
>>>
>>> 2018-03-29 7:22 GMT+05:00 Alan Johnson <merch...@argentwolf.org
<mailto:merch...@argentwolf.org>>:
>>>
>>> I saw a recent thread regarding windows 10 and Let's Encrypt. Has
>>> anyone
>>> had any success with Ubuntu and LE?
>>>
>>> I was using this guide
>>>
>>>
>>>
(https://openmeetings.apache.org/RTMPSAndHTTPS.html#SSL_for_the_web_interface)
>>>
>>> after getting OM up and running, but I had no luck figuring out how
>>> to
>>> convert the LE certs to appropriate formats for OM?
>>>
>>> Thanks,
>>>
>>> Alan
>>>
>>>
>>> --
>>>
>>> IT Manager,e-learning specialist
>>> Skype:aliev_anis
>>> www.facebook.com/anis.aliev <http://www.facebook.com/anis.aliev>
>>> Тел:989010012
>>>
>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>>
>>>
>>
>>
>
