David,
I would appreciate it. I have not yet had the opportunity to try the
other config file.
Alan
On 4/1/2018 2:31 PM, David Jentz wrote:
I have a script that converts the stanard config of openmeetings to
https. It prompts the user for keystore passwords currently but that
too could be automated via expect.
I posted before if anybody wants it but nobody replied, maybe I will
stop posting about it.
Because of the frequency of this topic I figured it might be helpful
though, at least as a starting point.
-Dave
On Sat, Mar 31, 2018 at 10:14 AM, Maxim Solodovnik <solomax...@gmail.com> wrote:
Thanks Aaron for the answers
I'm little bit busy with personal stuff and my day time job
@Alan,
to set up HTTPS
you need
1) create keystore located at `rtmps.keystorefile` with password
`rtmps.keystorepass` (and truststore)
2) modify jee*.xml to enable Tomcat with SSL (and disable Tomcat without SSL)
not sure how this 2 step instruction can be further simplified :(
This topic was discussed million times, this is why I send you the
link to search
Maybe previous QA might help
I'll try to check if this can be further simplified (not sure how yet)
but my time is very limited right now .....
On Fri, Mar 30, 2018 at 11:40 PM, Aaron Hepp <aaron.h...@gmail.com> wrote:
Did you use a different password then in the instructions (which was
password) when creating your .jks files? This was my original mistake as
well.
If so then you will need to change your red5.properties file and put the
password in there.
# RTMPS Key and Trust store parameters
rtmps.keystorepass=password
rtmps.keystorefile=conf/keystore.jks
rtmps.truststorepass=password
rtmps.truststorefile=conf/truststore.jks
On 3/30/2018 12:27 PM, Alan Johnson wrote:
I changed it to this:
<!-- Tomcat without SSL enabled
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader"
depends-on="context.loader" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps"
/>
<property name="connectors">
<list>
<bean name="httpConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address"
value="${http.host}:${http.port}" />
<property name="redirectPort"
value="${https.port}" />
<property
name="connectionProperties">
<map>
<entry
key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
<entry
key="keepAliveTimout" value="-1"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}"
/>
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access"
class="org.apache.catalina.valves.AccessLogValve">
<property name="directory"
value="log" />
<property name="prefix"
value="${http.host}_access." />
<property name="suffix" value=".log"
/>
<property name="pattern"
value="common" />
<property name="rotatable"
value="true" />
</bean>
<bean id="valve.error"
class="org.apache.catalina.valves.ErrorReportValve">
<property name="showReport"
value="false" />
<property name="showServerInfo"
value="false" />
</bean>
</list>
</property>
</bean>
Tomcat with SSL enabled -->
The server is still not answering on https ports.
On 3/30/2018 12:20 PM, Aaron Hepp wrote:
that's because when you put a space between the -- and > then that is not a
vaild "closure"argument and at the end of your file you have a valid
"closure" --> So it thinks the entire statement is a "comment"
On 3/30/2018 12:16 PM, merch...@argentwolf.org wrote:
I had added a space and it turned it all yellow in bash.
Sent from my android device.
-----Original Message-----
From: Aaron Hepp <aaron.h...@gmail.com>
To: user@openmeetings.apache.org, Alan Johnson <merch...@argentwolf.org>,
Maxim Solodovnik <solomax...@gmail.com>
Sent: Fri, 30 Mar 2018 12:12
Subject: Re: Let's Encrypt and OM and Ubuntu
Looks like you did not comment out the <!-- Tomcat without SSL enabled
-- > section.
That has to be commented out to force SSL.
remove the --> from that line and add it right above this line
<!-- Tomcat with SSL enabled -->
That will comment out the entire "non-SSL" portion.
On 3/30/2018 12:02 PM, Alan Johnson wrote:
I have done both of those steps.
I created the keystore via the email chain you sent the link to. That
seemed to work with no errors.
I had previously enabled/disabled tomcat.
I tried an experiment and changed the comment on the file and it
seemed to like it better (included below) and seems to have fixed the
errors in the log file, but it isn't answering on any of the expected
ports (5443/8443/443).
From red5.properties:
# Socket policy
policy.host=0.0.0.0
policy.port=843
# HTTP
http.host=0.0.0.0
http.port=5080
https.port=443
http.URIEncoding=UTF-8
http.max_headers_size=8192
http.max_keep_alive_requests=-1
http.max_threads=20
http.acceptor_thread_count=10
http.processor_cache=20
# RTMPS
rtmps.host=0.0.0.0
rtmps.port=8443
root@freki:/opt/red5402/log# ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
5080 ALLOW Anywhere
1935 ALLOW Anywhere
80 ALLOW Anywhere
5443 ALLOW Anywhere
8443 ALLOW Anywhere
443 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
5080 (v6) ALLOW Anywhere (v6)
1935 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
5443 (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
This is what is in the red5.log file, if it helps:
root@freki:/opt/red5402/log# cat red5.log
2018-03-30 01:20:35,450 [main] INFO org.red5.server.Launcher - Red5
Server 1.0.10 (https://github.com/Red5)
2018-03-30 01:20:35,570 [main] INFO
o.s.c.s.FileSystemXmlApplicationContext - Refreshing
org.springframework.context.support.FileSystemXmlApplicationContext@548b7f67:
startup date [Fri Mar 30 01:20:35 UTC 2018]; root of context hierarchy
2018-03-30 01:20:35,687 [main] INFO
o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions
from class path resource [red5.xml]
2018-03-30 01:20:36,074 [main] INFO
o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions
from class path resource [jee-container.xml]
2018-03-30 01:21:36,609 [http-nio-0.0.0.0-5080-exec-4] INFO
o.a.coyote.http11.Http11Processor - Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be
logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method
name. HTTP method names must be tokens
at
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Full Jee-container.xml if it helps:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version
2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:lang="http://www.springframework.org/schema/lang";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/lang
http://www.springframework.org/schema/lang/spring-lang.xsd
">
<!--
The tomcat connectors may be blocking or non-blocking. Select
between either option via the protocol property.
Blocking I/O:
<property name="protocol"
value="org.apache.coyote.http11.Http11Protocol" />
Non-blocking I/O:
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
-->
<!-- Tomcat without SSL enabled -- >
<bean id="tomcat.server"
class="org.red5.server.tomcat.TomcatLoader"
depends-on="context.loader" lazy-init="true">
<property name="webappFolder"
value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address"
value="${http.host}:${http.port}" />
<property name="redirectPort"
value="${https.port}" />
<property
name="connectionProperties">
<map>
<entry
key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
<entry
key="keepAliveTimout" value="-1"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean
class="org.apache.catalina.core.StandardHost">
<property name="name"
value="${http.host}" />
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access"
class="org.apache.catalina.valves.AccessLogValve">
<property name="directory"
value="log" />
<property name="prefix"
value="${http.host}_access." />
<property name="suffix"
value=".log" />
<property name="pattern"
value="common" />
<property name="rotatable"
value="true" />
</bean>
<bean id="valve.error"
class="org.apache.catalina.valves.ErrorReportValve">
<property name="showReport"
value="false" />
<property
name="showServerInfo" value="false" />
</bean>
</list>
</property>
</bean>
<!-- Tomcat with SSL enabled -->
<bean id="tomcat.server"
class="org.red5.server.tomcat.TomcatLoader"
depends-on="context.loader" lazy-init="true">
<property name="webappFolder"
value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address"
value="${http.host}:${http.port}" />
<property name="redirectPort"
value="${https.port}" />
</bean>
<bean name="httpsConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="secure"
value="true" />
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address"
value="${http.host}:${https.port}" />
<property name="redirectPort"
value="${http.port}" />
<property
name="connectionProperties">
<map>
<entry
key="port" value="${https.port}" />
<entry
key="redirectPort" value="${http.port}" />
<entry
key="SSLEnabled" value="true" />
<entry
key="sslProtocol" value="TLS" />
<entry
key="keystoreFile" value="${rtmps.keystorefile}" />
<entry
key="keystorePass" value="${rtmps.keystorepass}" />
<entry
key="truststoreFile" value="${rtmps.truststorefile}" />
<entry
key="truststorePass" value="${rtmps.truststorepass}" />
<entry
key="clientAuth" value="false" />
<entry
key="allowUnsafeLegacyRenegotiation" value="true" />
<entry
key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
<entry
key="keepAliveTimout" value="-1"/>
<entry
key="useExecutor" value="true"/>
<entry
key="maxThreads" value="${http.max_threads}"/>
<entry
key="acceptorThreadCount" value="${http.acceptor_thread_count}"/>
<entry
key="processorCache" value="${http.processor_cache}"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean
class="org.apache.catalina.core.StandardHost">
<property name="name"
value="${http.host}" />
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access"
class="org.apache.catalina.valves.AccessLogValve">
<property name="directory"
value="log" />
<property name="prefix"
value="${http.host}_access." />
<property name="suffix"
value=".log" />
<property name="pattern"
value="common" />
<property name="rotatable"
value="true" />
</bean>
<bean id="valve.error"
class="org.apache.catalina.valves.ErrorReportValve">
<property name="showReport"
value="false" />
<property
name="showServerInfo" value="false" />
</bean>
</list>
</property>
</bean>
-->
</beans>
On 3/30/2018 2:37 AM, Maxim Solodovnik wrote:
Hello Alan,
To eneble HTTPS for OM you need to do 2 things:
1) create valid keystore/truststore (ensure filename/path is correctly
defined in red5.properties)
2) Edit red5/conf/jee-container.xml file:
Comment Tomcat without SSL enabled section
UNComment Tomcat with SSL enabled section
On Fri, Mar 30, 2018 at 5:30 AM, Alan Johnson
<merch...@argentwolf.org> wrote:
So I tried using the steps in the email, and they successfully
created the
keystore.
However the steps to enable HTTPS web interface appear to be
incorrect/have
changed.
Edit red5/webapps/openmeetings/public/config.xml and set
<protocol>https</protocol>
Edit red5/webapps/openmeetings/public/config.xml and set
red5httpport to
https port
These files (Config.xml) are missing from the directory.
root@freki:/opt/red5402/webapps/openmeetings/public# ls -al
total 968
drwxr-xr-x 3 nobody root 4096 Mar 29 22:29 .
drwxr-xr-x 15 nobody root 4096 Mar 28 21:08 ..
-rw-rw-r-- 1 nobody root 4597 Feb 1 23:17 chat_message.mp3
drwxrwxr-x 2 nobody root 4096 Feb 24 23:00 cliparts
-rw-rw-r-- 1 nobody root 11294 Feb 1 23:17 favicon.ico
-rw-rw-r-- 1 nobody root 572587 Feb 24 23:00 main.swf
-rw-rw-r-- 1 nobody root 384036 Feb 24 23:01 networktest.swf
Please advise.
On 3/29/2018 2:52 AM, Maxim Solodovnik wrote:
What preventing you from using this script?
On Thu, Mar 29, 2018 at 1:41 PM, Anis Aliev <aliev.a...@gmail.com>
wrote:
Guys from bigbluebutton aleady developed a script for installing
with lE
чт, 29 марта 2018 г., 9:32 Maxim Solodovnik <solomax...@gmail.com>:
great :)
ps please CC user@ list :)
On Thu, Mar 29, 2018 at 11:18 AM, Alan Johnson
<merch...@argentwolf.org>
wrote:
Thank you for pointing it out. I will try the steps listed in the 18
Oct
2017 email tomorrow.
I might suggest that given the number of other emails asking about
it to
update the guide and / or build in certbot functionality to simplify
the
configuration. If I had my preference, the installer would offer LE
https as
a default option for installation.
On 3/29/2018 12:13 AM, Maxim Solodovnik wrote:
This topic was discussed many times:
https://openmeetings.markmail.org/search/?q=letsencrypt#query:letsencrypt+page:1+mid:ik4qdhdychl364bp+state:results
What steps are not work for you?
On Thu, Mar 29, 2018 at 10:14 AM, Anis Aliev <aliev.a...@gmail.com>
wrote:
This is why I am asking community to arrange tutorial for SSL based on
LE.
FYI
2018-03-29 7:22 GMT+05:00 Alan Johnson <merch...@argentwolf.org>:
I saw a recent thread regarding windows 10 and Let's Encrypt. Has
anyone
had any success with Ubuntu and LE?
I was using this guide
(https://openmeetings.apache.org/RTMPSAndHTTPS.html#SSL_for_the_web_interface)
after getting OM up and running, but I had no luck figuring out how
to
convert the LE certs to appropriate formats for OM?
Thanks,
Alan
--
IT Manager,e-learning specialist
Skype:aliev_anis
www.facebook.com/anis.aliev
Тел:989010012
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
