Re: Some one have letsencrypt working rigt wit OpenMeetings-5 ?

[Marcus Schulz]

Hello Alvaro,

Yes, me.
I configured SSL Apache straigt forward and then use the PLAIN connector 
of the tomcat. You cannot proxy with an SSL virtual host to another SSL 
connector as far as I know.


use that connector for tomcat:

 <Connector port="5080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="5443" secure="true" scheme="https"/>

Here is my apache vhost config:
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin mar...@mydomain.de
        ServerName meeting.mydomain.de

        DocumentRoot /var/www-meeting
        TraceEnable Off

        ErrorDocument 404 /index.php
        ErrorLog /var/log/apache2/meeting-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/meeting-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meeting.mydomain.de-0004/cert.pem
SSLCertificateKeyFile 
/etc/letsencrypt/live/meeting.mydomain.de-0004/privkey.pem
SSLCertificateChainFile 
/etc/letsencrypt/live/meeting.mydomain.de-0004/chain.pem

###      OpenMeetings    ###
## Custom fragment
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /openmeetings/ [R=301]
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:5080/$1 [P,L]
RedirectMatch ^/$ https://yourserver.de/openmeetings
ProxyPreserveHost On

<Location /openmeetings>
  Require all granted
  ProxyPass http://localhost:5080/openmeetings
  ProxyPassReverse http://localhost:5080/openmeetings
  RewriteEngine On
  RewriteRule ^/(.*) http://localhost:5080/$1 [P]
</Location>
<Location /open>
  Require all granted
  ProxyPass http://localhost:5080/open
  ProxyPassReverse http://localhost:5080/open
</Location>
<Location /send>
  Require all granted
  ProxyPass http://localhost:5080/send
  ProxyPassReverse http://localhost:5080/send
</Location>
<Location /idle>
  Require all granted
  ProxyPass http://localhost:5080/idle
  ProxyPassReverse http://localhost:5080/idle
</Location>
<Location /close>
  Require all granted
  ProxyPass http://localhost:5080/close
  ProxyPassReverse http://localhost:5080/close
</Location>

</VirtualHost>
</IfModule>

Hope that helps



AJP13 could work also, but I did not test.

Am 28.03.2020 um 18:04 schrieb Alvaro:
Hello All,

Some one have letsencrypt working rigt wit OpenMeetings-5 ?

I have rights letsencrypt certificates, these are tested with
apache web server ssl, at the same machine that OM, and the
browsers say "Secure connection".

I have so:

<Connector port="5443" 
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate 
certificateKeyFile="/etc/letsencrypt/live/your_true_domain/privkey.pem"
certificateFile="/etc/letsencrypt/live/your_true_domain/cert.pem"
certificateChainFile="/etc/letsencrypt/live/your_true_domain/fullchain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>

...but with this configuration the browsers say "not secure connection".

'Ve try in different ways but don't get it.

If somebody know the right way, please tell it.

Thanks

Alvaro




-------------------