Dear Hemant,
I just found out, I neeeded two more modifications of the HTTP(S)
headers. The added lines are
RequestHeader edit Origin "https://example.com"; "http://localhost:5080";
Header edit Content-Security-Policy "ws://localhost:5080"
"wss://example.com"
Cheers
Christian
Am 18.07.2018 um 18:28 schrieb Coscend@OM:
Hello Christian,
Following yourguidance, here is whatthe config we have for SSL reverse
proxyfor Apache HTTPD server. Is this correct? If yes, then we will
create equivalent of this forthe differentproxy serverwe use—we do not
use Apache HTTPD. Thank you for your guidance.
<VirtualHost _default_:443 [::]:443>
#### SSL
ServerAdminadmin<domain>
ServerName<www.yourdomain.com>
SSLEngine on
SSLCertificateFile /opt/red5403/cert/certserver.crt
SSLCertificateKeyFile /opt/red5403/cert/certserver.key
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire off
##########
###### Reverse proxy
<Location /openmeetings/>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass http://localhost:5080/openmeetings/
ProxyPassReverse
http://localhost:5080/openmeetings/
RequestHeader edit
Referer"https://www.example.com/openmeetings";
"http://localhost:5080/openmeetings";
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .*
ws://localhost:5080%{REQUEST_URI} [P]
ErrorLog /var/log/apache2/red5-error_log
CustomLog /var/log/apache2/red5-access_log common
# LogLevel info rewrite:trace5
# Require all denied
</Location>
##########
</VirtualHost>
Sincerely,
Hemant K. Sabat
___www.Coscend.com_<http://www.coscend.com/>
------------------------------------------------------------------
*****Real-time, Interactive Video Collaboration, Tele-healthcare,
Tele-education, Telepresence Services, on the fly…*
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
Messages from Coscend Communications Solutions' posted
at:_http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html_<http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
-----Original Message-----
From: Christian Wolf <christianlu...@gmx.de>
Sent: Wednesday, July 18, 2018 3:00 AM
To: user@openmeetings.apache.org
Subject: Re: Problems with certificates with RMTPS
Dear Hemant,
Would you be kind enough to share the Apache SSL configuration?
Wearefacing issues in connecting through “proxy HTTPS + OM HTTP”. We
are using a different proxy server, but can learn from your Apache
configuration to adapt to our proxy.
I use it in a virtual subdirectory of the main server. This is also the
reason for the reverse proxy need.
<Location /openmeetings/>
ProxyPasshttp://localhost:5080/openmeetings/
ProxyPassReversehttp://localhost:5080/openmeetings/
RequestHeader edit Referer
"https://www.example.com/openmeetings"; "http://localhost:5080/openmeetings";
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:5080%{REQUEST_URI} [P]
# LogLevel info rewrite:trace5
# Require all denied
</Location>
How isyour configurationdifferent from this:
_____http://mail-archives.apache.org/mod_mbox/openmeetings-user/201805.mbox/%3Ctrinity-46cc4ce2-542c-4f5a-872b-ae86bbb100c4-1526140744656@3c-app-mailcom-bs02%3E_<http://mail-archives.apache.org/mod_mbox/openmeetings-user/201805.mbox/%3Ctrinity-46cc4ce2-542c-4f5a-872b-ae86bbb100c4-1526140744656@3c-app-mailcom-bs02%3E>?
The only difference I see is the `RequestHeader` directive from the
mod_headers. The problem was that the login was refused as OM/red5
detected some malicious setting due to unmatching domains.
I hope this can help you.
Christian
--
Mit freundlichen Grüßen
Christian Wolf
Waldwiese 9-11
66123 Saarbrücken
Mobil: 0178 776 79 39
