Dear Hemant,
this looks good to me, although I did not try it out in an example
environment. At best you keep a network sniffer at hand to see, what
messages are passed between localhost:5080 and your reverse proxy. This
makes your live a hell of much more easy.
If it does not work out as expected, feel free to ask again. I will try
to help as much as possible.
Cheers
Christian
PS: I do not use the ProxyPreserveHost directive which is Off by default
I think. This could make a small difference.
Am 18.07.2018 um 18:28 schrieb Coscend@OM:
Hello Christian,
Following yourguidance, here is whatthe config we have for SSL reverse
proxyfor Apache HTTPD server. Is this correct? If yes, then we will
create equivalent of this forthe differentproxy serverwe use—we do not
use Apache HTTPD. Thank you for your guidance.
<VirtualHost _default_:443 [::]:443>
#### SSL
ServerAdminadmin<domain>
ServerName<www.yourdomain.com>
SSLEngine on
SSLCertificateFile /opt/red5403/cert/certserver.crt
SSLCertificateKeyFile /opt/red5403/cert/certserver.key
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire off
##########
###### Reverse proxy
<Location /openmeetings/>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass http://localhost:5080/openmeetings/
ProxyPassReverse
http://localhost:5080/openmeetings/
RequestHeader edit
Referer"https://www.example.com/openmeetings";
"http://localhost:5080/openmeetings";
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .*
ws://localhost:5080%{REQUEST_URI} [P]
ErrorLog /var/log/apache2/red5-error_log
CustomLog /var/log/apache2/red5-access_log common
# LogLevel info rewrite:trace5
# Require all denied
</Location>
##########
</VirtualHost>
Sincerely,
Hemant K. Sabat
___www.Coscend.com_<http://www.coscend.com/>
------------------------------------------------------------------
*****Real-time, Interactive Video Collaboration, Tele-healthcare,
Tele-education, Telepresence Services, on the fly…*
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
Messages from Coscend Communications Solutions' posted
at:_http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html_<http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
-----Original Message-----
From: Christian Wolf <christianlu...@gmx.de>
Sent: Wednesday, July 18, 2018 3:00 AM
To: user@openmeetings.apache.org
Subject: Re: Problems with certificates with RMTPS
Dear Hemant,
Would you be kind enough to share the Apache SSL configuration?
Wearefacing issues in connecting through “proxy HTTPS + OM HTTP”. We
are using a different proxy server, but can learn from your Apache
configuration to adapt to our proxy.
I use it in a virtual subdirectory of the main server. This is also the
reason for the reverse proxy need.
<Location /openmeetings/>
ProxyPasshttp://localhost:5080/openmeetings/
ProxyPassReversehttp://localhost:5080/openmeetings/
RequestHeader edit Referer
"https://www.example.com/openmeetings"; "http://localhost:5080/openmeetings";
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:5080%{REQUEST_URI} [P]
# LogLevel info rewrite:trace5
# Require all denied
</Location>
How isyour configurationdifferent from this:
_____http://mail-archives.apache.org/mod_mbox/openmeetings-user/201805.mbox/%3Ctrinity-46cc4ce2-542c-4f5a-872b-ae86bbb100c4-1526140744656@3c-app-mailcom-bs02%3E_<http://mail-archives.apache.org/mod_mbox/openmeetings-user/201805.mbox/%3Ctrinity-46cc4ce2-542c-4f5a-872b-ae86bbb100c4-1526140744656@3c-app-mailcom-bs02%3E>?
The only difference I see is the `RequestHeader` directive from the
mod_headers. The problem was that the login was refused as OM/red5
detected some malicious setting due to unmatching domains.
I hope this can help you.
Christian
--
Mit freundlichen Grüßen
Christian Wolf
Waldwiese 9-11
66123 Saarbrücken
Mobil: 0178 776 79 39
