You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Alvaro <zu...@gmail.com> on 2020/04/23 16:18:46 UTC
New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Hello,
It is at your disposal two new tutorials called:
Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
CentOS 7-8.pdf
...and
Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
Ubuntu 18.04.pdf
It is tested with an OpenMeetings 5.0.0-M4 server installed on a pcat
home, after NAT router; and each in the room saw and heard the
otherscameras and your own correctly.Also in the tests done, we have
uploaded files, recorded videoand shared desktop without any error.
You can find them here:
https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+
installing+OpenMeetings+and+Tools
Best regards
Alvaro
.....................
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Konstantin Kuzov <ma...@gmail.com>.
I tested it a bit and didn't find any difference except that way it is more
handy to distinguish connections in logs or coturn's cli.
But hypothetically there maybe some other turn-server implementation for
which it could matter.
вс, 17 мая 2020 г. в 09:57, Maxim Solodovnik <so...@gmail.com>:
> Hello Konstantin,
>
> I did my experiments with coturn based on this SO article
> https://stackoverflow.com/questions/35766382/coturn-how-to-use-turn-rest-api
> I have created config that works and stop further experiments :((
> So most probably something can be enhanced :) and something can be
> re-written
>
> I'm using
> lt-cred-mech
> use-auth-secret
> static-auth-secret=XXXXXXXXXXXXXXX
>
> with random string for user in applicationContext.xml
>
> >>>> Currently it basically use one user for all clients and there is no
> guarantee that timestamp alone will be unique. Currently it basically use
> one user for all clients and there is no guarantee that timestamp alone
> will be unique
> Why unique user might be required?
>
> --
> Best regards,
> Maxim
>
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello Konstantin,
I did my experiments with coturn based on this SO article
https://stackoverflow.com/questions/35766382/coturn-how-to-use-turn-rest-api
I have created config that works and stop further experiments :((
So most probably something can be enhanced :) and something can be
re-written
I'm using
lt-cred-mech
use-auth-secret
static-auth-secret=XXXXXXXXXXXXXXX
with random string for user in applicationContext.xml
>>>> Currently it basically use one user for all clients and there is no
guarantee that timestamp alone will be unique. Currently it basically use
one user for all clients and there is no guarantee that timestamp alone
will be unique
Why unique user might be required?
On Sun, 17 May 2020 at 13:45, Konstantin Kuzov <ma...@gmail.com>
wrote:
> I tested both use-auth-secret's static-auth and lt-cred-mech's static user
> auth modes and they both work for me like that:
> 1) lt-cred-mech's static user
> - turnserver.conf:
> fingerprint
> lt-cred-mech
> realm=example.org
> user=test:passwd
> stale-nonce=0
> verbose
>
> - applicationContext.xml:
> p:turnUrl="example.org"
> p:turnUser="test"
> p:turnSecret="passwd"
> p:turnMode=""
> p:turnTtl="60"
>
> 2) use-auth-secret's static-auth in REST mode
> - turnserver.conf:
> fingerprint
> use-auth-secret
> realm=example.org
> static-auth-secret=authsecret
> stale-nonce=0
> verbose
> - applicationContext.xml:
> p:turnUrl="example.org"
> p:turnUser=""
> p:turnSecret="authsecret"
> p:turnMode="rest"
> p:turnTtl="60"
>
> For use-auth-secret's static-auth you can also actually populate
> p:turnUser with somehing random. Then it will be used as userid. From
> coturn's documentation:
> # usercombo -> "timestamp:userid"
> # turn user -> usercombo
> # turn password -> base64(hmac(secret key, usercombo))
> #
> # This allows TURN credentials to be accounted for a specific user id.
> # If you don't have a suitable id, the timestamp alone can be used.
>
> Maxim, maybe OM need to also make proper use of userid for REST mode?
> Currently it basically use one user for all clients and there is no
> guarantee that timestamp alone will be unique. Dunno if that's bad.
> Something like this:
> https://github.com/CkNoSFeRaTU/openmeetings/commit/ab15c3fc6306982cd991835aa0a39f1b37a0c8cc#diff-ea905da2ad8890a997638b281f0fc87cR340
> c.getUid() can be replaced with c.getUser().getId() if that is better for
> some reason...
>
> вс, 17 мая 2020 г. в 02:59, Konstantin Kuzov <ma...@gmail.com>:
>
>> I'm using use-auth-secret without user in coturn's configuration and with
>> empty p:turnUser in OM's applicationContext.xml.
>> I haven't tried to configure user auth through applicationContext.xml...I
>> only tried user auth by not touching applicationContext.xml at all and by
>> configuring it in KMS's WebRtcEndpoint.conf.ini. That way it worked but
>> most users had trouble to prolong their sessions on turn and so had
>> disconnects by channel-lifetime (by default 10 minutes).
>>
>> Looking at
>> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L335 if
>> you want to try user auth you need to set p:TurnMode="",
>> p:TurnUser="username" and p:turnSecret="password"
>>
>> сб, 16 мая 2020 г. в 20:39, Juan Antonio Moreno Carmona <jamc60@gmail.com
>> >:
>>
>>> Hi Konstantin
>>>
>>> Then, what mechanism do you use? user or use-auth-secret?
>>>
>>> And how do you fill applicationContext.xml file. I tried to comment
>>> use-auth-secret and static-auth-secret in turnserver.conf file.
>>> Furthermore, I leave p:turnSecret option empty in applicationContext.xml
>>> file.
>>>
>>> But then I get following error in catalina.out and I can't get
>>> camera/audio working
>>>
>>> ERROR 05-16 18:57:36.864 o.a.w.DefaultExceptionMapper:170
>>> [-apr-443-exec-6] - Unexpected error occurred
>>> java.lang.IllegalArgumentException: Empty key
>>>
>>> Regards.
>>>
>>
--
Best regards,
Maxim
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Konstantin Kuzov <ma...@gmail.com>.
I tested both use-auth-secret's static-auth and lt-cred-mech's static user
auth modes and they both work for me like that:
1) lt-cred-mech's static user
- turnserver.conf:
fingerprint
lt-cred-mech
realm=example.org
user=test:passwd
stale-nonce=0
verbose
- applicationContext.xml:
p:turnUrl="example.org"
p:turnUser="test"
p:turnSecret="passwd"
p:turnMode=""
p:turnTtl="60"
2) use-auth-secret's static-auth in REST mode
- turnserver.conf:
fingerprint
use-auth-secret
realm=example.org
static-auth-secret=authsecret
stale-nonce=0
verbose
- applicationContext.xml:
p:turnUrl="example.org"
p:turnUser=""
p:turnSecret="authsecret"
p:turnMode="rest"
p:turnTtl="60"
For use-auth-secret's static-auth you can also actually populate
p:turnUser with somehing random. Then it will be used as userid. From
coturn's documentation:
# usercombo -> "timestamp:userid"
# turn user -> usercombo
# turn password -> base64(hmac(secret key, usercombo))
#
# This allows TURN credentials to be accounted for a specific user id.
# If you don't have a suitable id, the timestamp alone can be used.
Maxim, maybe OM need to also make proper use of userid for REST mode?
Currently it basically use one user for all clients and there is no
guarantee that timestamp alone will be unique. Dunno if that's bad.
Something like this:
https://github.com/CkNoSFeRaTU/openmeetings/commit/ab15c3fc6306982cd991835aa0a39f1b37a0c8cc#diff-ea905da2ad8890a997638b281f0fc87cR340
c.getUid() can be replaced with c.getUser().getId() if that is better for
some reason...
вс, 17 мая 2020 г. в 02:59, Konstantin Kuzov <ma...@gmail.com>:
> I'm using use-auth-secret without user in coturn's configuration and with
> empty p:turnUser in OM's applicationContext.xml.
> I haven't tried to configure user auth through applicationContext.xml...I
> only tried user auth by not touching applicationContext.xml at all and by
> configuring it in KMS's WebRtcEndpoint.conf.ini. That way it worked but
> most users had trouble to prolong their sessions on turn and so had
> disconnects by channel-lifetime (by default 10 minutes).
>
> Looking at
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L335 if
> you want to try user auth you need to set p:TurnMode="",
> p:TurnUser="username" and p:turnSecret="password"
>
> сб, 16 мая 2020 г. в 20:39, Juan Antonio Moreno Carmona <jamc60@gmail.com
> >:
>
>> Hi Konstantin
>>
>> Then, what mechanism do you use? user or use-auth-secret?
>>
>> And how do you fill applicationContext.xml file. I tried to comment
>> use-auth-secret and static-auth-secret in turnserver.conf file.
>> Furthermore, I leave p:turnSecret option empty in applicationContext.xml
>> file.
>>
>> But then I get following error in catalina.out and I can't get
>> camera/audio working
>>
>> ERROR 05-16 18:57:36.864 o.a.w.DefaultExceptionMapper:170
>> [-apr-443-exec-6] - Unexpected error occurred
>> java.lang.IllegalArgumentException: Empty key
>>
>> Regards.
>>
>
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Konstantin Kuzov <ma...@gmail.com>.
I'm using use-auth-secret without user in coturn's configuration and with
empty p:turnUser in OM's applicationContext.xml.
I haven't tried to configure user auth through applicationContext.xml...I
only tried user auth by not touching applicationContext.xml at all and by
configuring it in KMS's WebRtcEndpoint.conf.ini. That way it worked but
most users had trouble to prolong their sessions on turn and so had
disconnects by channel-lifetime (by default 10 minutes).
Looking at
https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L335
if
you want to try user auth you need to set p:TurnMode="",
p:TurnUser="username" and p:turnSecret="password"
сб, 16 мая 2020 г. в 20:39, Juan Antonio Moreno Carmona <ja...@gmail.com>:
> Hi Konstantin
>
> Then, what mechanism do you use? user or use-auth-secret?
>
> And how do you fill applicationContext.xml file. I tried to comment
> use-auth-secret and static-auth-secret in turnserver.conf file.
> Furthermore, I leave p:turnSecret option empty in applicationContext.xml
> file.
>
> But then I get following error in catalina.out and I can't get
> camera/audio working
>
> ERROR 05-16 18:57:36.864 o.a.w.DefaultExceptionMapper:170
> [-apr-443-exec-6] - Unexpected error occurred
> java.lang.IllegalArgumentException: Empty key
>
> Regards.
> El 16/5/20 a las 16:22, Konstantin Kuzov escribió:
>
> Hi there, I have a few suggestions about tutorials.
>
> 1) I don't really understand the purpose for setting both user and
> use-auth-secret in coturn. According to documentation they are both
> exclusive:
> # Be aware that use-auth-secret overrides some parts of lt-cred-mech.
> # The use-auth-secret feature depends internally on lt-cred-mech, so if
> you set
> # this option then it automatically enables lt-cred-mech internally
> # as if you had enabled both.
> # Note that you can use only one auth mechanism at the same time! This is
> because,
> # both mechanisms conduct username and password validation in different
> ways.
> # Use either lt-cred-mech or use-auth-secret in the conf
> # to avoid any confusion.
>
> 2) Also for coturn I don't see the fingerprint option. Isn't it required
> for webrtc?
> 3) What the point for installing to something obscure like /opt/open504
> and using open504 as database name? IMHO it would just complicate upgrading
> procedure for users.later on.
> 4) Please use openmeetings.service on distributions which use systemd.
> 5) User need to be aware that tomcat won't reload to new certificates upon
> renewal and will keep using old certificates until full restart. So
> typically after 3 month clients will be greated with expired certificate in
> case of let's encrypt. If user don't want to restart tomcat every now and
> then and terminate by that all currently active connections user need send
> to it reloadSslHostConfig(host) or reloadSslHostConfigs() via jmx or
> manager. But it is not something simple like in case of nginx which only
> require SIGHUP signal to the process. And nor jmx or manager is shipped
> with OM distribution anyway. As one solution to the problem on my test OM
> installation VM with let's encrypt I'm using acme-tiny instead of certbot
> (matter of preference) and this custom protocol
> https://github.com/CkNoSFeRaTU/tomcat-reloadprotocol which will
> automatically reload it for me every configured interval.
>
> сб, 16 мая 2020 г. в 13:22, Alvaro <zu...@gmail.com>:
>
>> ...in Russian mailing-list, Konstantin gives an idea about
>> help to solve the reconnection in Turn server:
>>
>> "stale-nonce=0" (at /etc/turnserver.conf)
>>
>> ...'ve added this parameter to the tutorials:
>>
>>
>> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
>> CentOS 7-8.pdf
>>
>> ...and
>>
>> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
>> Ubuntu 18.04.pdf
>>
>>
>> ...and reuploaded to:
>>
>>
>>
>> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>>
>>
>> There it is at your disposal.
>>
>>
>> Thanks to Maxim to comment it.
>>
>>
>> Regards
>>
>> Alvaro
>>
>>
>> ....................
>>
>> El jue, 23-04-2020 a las 18:18 +0200, Alvaro escribió:
>>
>>
>> Hello,
>>
>> It is at your disposal two new tutorials called:
>>
>>
>> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
>> CentOS 7-8.pdf
>>
>> ...and
>>
>> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
>> Ubuntu 18.04.pdf
>>
>>
>> It is tested with an OpenMeetings 5.0.0-M4 server installed on a pc
>> at home, after NAT router; and each in the room saw and heard the others
>> cameras and your own correctly.
>> Also in the tests done, we have uploaded files, recorded video
>> and shared desktop without any error.
>>
>> You can find them here:
>>
>>
>>
>> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>>
>>
>> Best regards
>>
>> Alvaro
>>
>> .....................
>>
>>
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Juan Antonio Moreno Carmona <ja...@gmail.com>.
Hi Konstantin
Then, what mechanism do you use? user or use-auth-secret?
And how do you fill applicationContext.xml file. I tried to comment
use-auth-secret and static-auth-secret in turnserver.conf file.
Furthermore, I leave p:turnSecret option empty in applicationContext.xml
file.
But then I get following error in catalina.out and I can't get
camera/audio working
ERROR 05-16 18:57:36.864 o.a.w.DefaultExceptionMapper:170
[-apr-443-exec-6] - Unexpected error occurred
java.lang.IllegalArgumentException: Empty key
Regards.
El 16/5/20 a las 16:22, Konstantin Kuzov escribió:
> Hi there, I have a few suggestions about tutorials.
>
> 1) I don't really understand the purpose for setting both user and
> use-auth-secret in coturn. According to documentation they are both
> exclusive:
> # Be aware that use-auth-secret overrides some parts of lt-cred-mech.
> # The use-auth-secret feature depends internally on lt-cred-mech, so
> if you set
> # this option then it automatically enables lt-cred-mech internally
> # as if you had enabled both.
> # Note that you can use only one auth mechanism at the same time! This
> is because,
> # both mechanisms conduct username and password validation in
> different ways.
> # Use either lt-cred-mech or use-auth-secret in the conf
> # to avoid any confusion.
>
> 2) Also for coturn I don't see the fingerprint option. Isn't it
> required for webrtc?
> 3) What the point for installing to something obscure like
> /opt/open504 and using open504 as database name? IMHO it would just
> complicate upgrading procedure for users.later on.
> 4) Please use openmeetings.service on distributions which use systemd.
> 5) User need to be aware that tomcat won't reload to new certificates
> upon renewal and will keep using old certificates until full restart.
> So typically after 3 month clients will be greated with expired
> certificate in case of let's encrypt. If user don't want to restart
> tomcat every now and then and terminate by that all currently active
> connections user need send to it reloadSslHostConfig(host) or
> reloadSslHostConfigs() via jmx or manager. But it is not something
> simple like in case of nginx which only require SIGHUP signal to the
> process. And nor jmx or manager is shipped with OM distribution
> anyway. As one solution to the problem on my test OM installation VM
> with let's encrypt I'm using acme-tiny instead of certbot (matter of
> preference) and this custom protocol
> https://github.com/CkNoSFeRaTU/tomcat-reloadprotocol which will
> automatically reload it for me every configured interval.
>
> сб, 16 мая 2020 г. в 13:22, Alvaro <zurcamos@gmail.com
> <ma...@gmail.com>>:
>
> ...in Russian mailing-list, Konstantin gives an idea about
> help to solve the reconnection in Turn server:
>
> "stale-nonce=0" (at /etc/turnserver.conf)
>
> ...'ve added this parameter to the tutorials:
>
>
> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4
> on CentOS 7-8.pdf
>
> ...and
>
> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4
> on Ubuntu 18.04.pdf
>
>
> ...and reuploaded to:
>
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
>
> There it is at your disposal.
>
>
> Thanks to Maxim to comment it.
>
>
> Regards
>
> Alvaro
>
>
> ....................
>
> El jue, 23-04-2020 a las 18:18 +0200, Alvaro escribió:
>>
>> Hello,
>>
>> It is at your disposal two new tutorials called:
>>
>>
>> Installation SSL certificates and Coturn for OpenMeetings
>> 5.0.0-M4 on CentOS 7-8.pdf
>>
>> ...and
>>
>> Installation SSL certificates and Coturn for OpenMeetings
>> 5.0.0-M4 on Ubuntu 18.04.pdf
>>
>>
>> It is tested with an OpenMeetings 5.0.0-M4 server installed on a pc
>> at home, after NAT router; and each in the room saw and heard the
>> others
>> cameras and your own correctly.
>> Also in the tests done, we have uploaded files, recorded video
>> and shared desktop without any error.
>>
>> You can find them here:
>>
>>
>> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>>
>>
>> Best regards
>>
>> Alvaro
>>
>> .....................
>>
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Alvaro <zu...@gmail.com>.
Hi there,
The only thing that i can say is...it works for me as was.
..................
El sáb, 16-05-2020 a las 17:22 +0300, Konstantin Kuzov escribió:
> Hi there, I have a few suggestions about tutorials.
>
> 1) I don't really understand the purpose for setting both user and
>
> use-auth-secret in coturn. According to documentation they are both
> exclusive:
> # Be aware that use-auth-secret overrides some parts of lt-cred-mech.
> # The use-auth-secret feature depends internally on lt-cred-mech, so
> if you set
> # this option then it automatically enables lt-cred-mech internally
> # as if you had enabled both.
> # Note that you can use only one auth mechanism at the same time!
> This is because,
> # both mechanisms conduct username and password validation in
> different ways.
> # Use either lt-cred-mech or use-auth-secret in the conf
> # to avoid any confusion.
>
> 2) Also for coturn I don't see the fingerprint option. Isn't it
> required for webrtc?
> 3) What the point for installing to something obscure like
> /opt/open504 and using open504 as database name? IMHO it would just
> complicate upgrading procedure for users.later on.
> 4) Please use openmeetings.service on distributions which use
> systemd.
> 5) User need to be aware that tomcat won't reload to new certificates
> upon renewal and will keep using old certificates until full restart.
> So typically after 3 month clients will be greated with expired
> certificate in case of let's encrypt. If user don't want to restart
> tomcat every now and then and terminate by that all currently active
> connections user need send to it reloadSslHostConfig(host) or
> reloadSslHostConfigs() via jmx or manager. But it is not something
> simple like in case of nginx which only require SIGHUP signal to the
> process. And nor jmx or manager is shipped with OM distribution
> anyway. As one solution to the problem on my test OM installation VM
> with let's encrypt I'm using acme-tiny instead of certbot (matter of
> preference) and this custom protocol https://github.com/CkNoSFeRaTU/t
> omcat-reloadprotocol which will automatically reload it for me every
> configured interval.
>
> сб, 16 мая 2020 г. в 13:22, Alvaro <zu...@gmail.com>:
> > ...in Russian mailing-list, Konstantin gives an idea abouthelp to
> > solve the reconnection in Turn server:
> > "stale-nonce=0" (at /etc/turnserver.conf)
> > ...'ve added this parameter to the tutorials:
> >
> > Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4
> > on CentOS 7-8.pdf
> > ...and
> > Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4
> > on Ubuntu 18.04.pdf
> >
> > ...and reuploaded to:
> >
> > https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+
> > for+installing+OpenMeetings+and+Tools
> >
> > There it is at your disposal.
> >
> > Thanks to Maxim to comment it.
> >
> > Regards
> > Alvaro
> >
> > ....................
> > El jue, 23-04-2020 a las 18:18 +0200, Alvaro escribió:
> > > Hello,
> > >
> > > It is at your disposal two new tutorials called:
> > >
> > >
> > > Installation SSL certificates and Coturn for OpenMeetings 5.0.0-
> > > M4 on CentOS 7-8.pdf
> > >
> > > ...and
> > >
> > > Installation SSL certificates and Coturn for OpenMeetings 5.0.0-
> > > M4 on Ubuntu 18.04.pdf
> > >
> > >
> > > It is tested with an OpenMeetings 5.0.0-M4 server installed on a
> > > pc
> > > at home, after NAT router; and each in the room saw and heard the
> > > others
> > > cameras and your own correctly.
> > > Also in the tests done, we have uploaded files, recorded video
> > > and shared desktop without any error.
> > >
> > > You can find them here:
> > >
> > >
> > > https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorial
> > > s+for+installing+OpenMeetings+and+Tools
> > >
> > >
> > > Best regards
> > >
> > > Alvaro
> > >
> > > .....................
> > >
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Konstantin Kuzov <ma...@gmail.com>.
Also better to use domain name in p:turnUrl if user have one and port
number can be omitted if it is default 3478.
сб, 16 мая 2020 г. в 17:22, Konstantin Kuzov <ma...@gmail.com>:
> Hi there, I have a few suggestions about tutorials.
>
> 1) I don't really understand the purpose for setting both user and
> use-auth-secret in coturn. According to documentation they are both
> exclusive:
> # Be aware that use-auth-secret overrides some parts of lt-cred-mech.
> # The use-auth-secret feature depends internally on lt-cred-mech, so if
> you set
> # this option then it automatically enables lt-cred-mech internally
> # as if you had enabled both.
> # Note that you can use only one auth mechanism at the same time! This is
> because,
> # both mechanisms conduct username and password validation in different
> ways.
> # Use either lt-cred-mech or use-auth-secret in the conf
> # to avoid any confusion.
>
> 2) Also for coturn I don't see the fingerprint option. Isn't it required
> for webrtc?
> 3) What the point for installing to something obscure like /opt/open504
> and using open504 as database name? IMHO it would just complicate upgrading
> procedure for users.later on.
> 4) Please use openmeetings.service on distributions which use systemd.
> 5) User need to be aware that tomcat won't reload to new certificates upon
> renewal and will keep using old certificates until full restart. So
> typically after 3 month clients will be greated with expired certificate in
> case of let's encrypt. If user don't want to restart tomcat every now and
> then and terminate by that all currently active connections user need send
> to it reloadSslHostConfig(host) or reloadSslHostConfigs() via jmx or
> manager. But it is not something simple like in case of nginx which only
> require SIGHUP signal to the process. And nor jmx or manager is shipped
> with OM distribution anyway. As one solution to the problem on my test OM
> installation VM with let's encrypt I'm using acme-tiny instead of certbot
> (matter of preference) and this custom protocol
> https://github.com/CkNoSFeRaTU/tomcat-reloadprotocol which will
> automatically reload it for me every configured interval.
>
>>
>>
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Konstantin Kuzov <ma...@gmail.com>.
Hi there, I have a few suggestions about tutorials.
1) I don't really understand the purpose for setting both user and
use-auth-secret in coturn. According to documentation they are both
exclusive:
# Be aware that use-auth-secret overrides some parts of lt-cred-mech.
# The use-auth-secret feature depends internally on lt-cred-mech, so if you
set
# this option then it automatically enables lt-cred-mech internally
# as if you had enabled both.
# Note that you can use only one auth mechanism at the same time! This is
because,
# both mechanisms conduct username and password validation in different
ways.
# Use either lt-cred-mech or use-auth-secret in the conf
# to avoid any confusion.
2) Also for coturn I don't see the fingerprint option. Isn't it required
for webrtc?
3) What the point for installing to something obscure like /opt/open504 and
using open504 as database name? IMHO it would just complicate upgrading
procedure for users.later on.
4) Please use openmeetings.service on distributions which use systemd.
5) User need to be aware that tomcat won't reload to new certificates upon
renewal and will keep using old certificates until full restart. So
typically after 3 month clients will be greated with expired certificate in
case of let's encrypt. If user don't want to restart tomcat every now and
then and terminate by that all currently active connections user need send
to it reloadSslHostConfig(host) or reloadSslHostConfigs() via jmx or
manager. But it is not something simple like in case of nginx which only
require SIGHUP signal to the process. And nor jmx or manager is shipped
with OM distribution anyway. As one solution to the problem on my test OM
installation VM with let's encrypt I'm using acme-tiny instead of certbot
(matter of preference) and this custom protocol
https://github.com/CkNoSFeRaTU/tomcat-reloadprotocol which will
automatically reload it for me every configured interval.
сб, 16 мая 2020 г. в 13:22, Alvaro <zu...@gmail.com>:
> ...in Russian mailing-list, Konstantin gives an idea about
> help to solve the reconnection in Turn server:
>
> "stale-nonce=0" (at /etc/turnserver.conf)
>
> ...'ve added this parameter to the tutorials:
>
>
> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
> CentOS 7-8.pdf
>
> ...and
>
> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
> Ubuntu 18.04.pdf
>
>
> ...and reuploaded to:
>
>
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
>
> There it is at your disposal.
>
>
> Thanks to Maxim to comment it.
>
>
> Regards
>
> Alvaro
>
>
> ....................
>
> El jue, 23-04-2020 a las 18:18 +0200, Alvaro escribió:
>
>
> Hello,
>
> It is at your disposal two new tutorials called:
>
>
> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
> CentOS 7-8.pdf
>
> ...and
>
> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
> Ubuntu 18.04.pdf
>
>
> It is tested with an OpenMeetings 5.0.0-M4 server installed on a pc
> at home, after NAT router; and each in the room saw and heard the others
> cameras and your own correctly.
> Also in the tests done, we have uploaded files, recorded video
> and shared desktop without any error.
>
> You can find them here:
>
>
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
>
> Best regards
>
> Alvaro
>
> .....................
>
>
Re: New tutorials Installation SSL certificates and Coturn for
OpenMeetings 5.0.0-M4
Posted by Alvaro <zu...@gmail.com>.
...in Russian mailing-list, Konstantin gives an idea abouthelp to solve
the reconnection in Turn server:
"stale-nonce=0" (at /etc/turnserver.conf)
...'ve added this parameter to the tutorials:
Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
CentOS 7-8.pdf
...and
Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
Ubuntu 18.04.pdf
...and reuploaded to:
https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+
installing+OpenMeetings+and+Tools
There it is at your disposal.
Thanks to Maxim to comment it.
Regards
Alvaro
....................
El jue, 23-04-2020 a las 18:18 +0200, Alvaro escribió:
> Hello,
>
> It is at your disposal two new tutorials called:
>
>
> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
> CentOS 7-8.pdf
>
> ...and
>
> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on
> Ubuntu 18.04.pdf
>
>
> It is tested with an OpenMeetings 5.0.0-M4 server installed on a pc
> at home, after NAT router; and each in the room saw and heard the
> others
> cameras and your own correctly.
> Also in the tests done, we have uploaded files, recorded video
> and shared desktop without any error.
>
> You can find them here:
>
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+fo
> r+installing+OpenMeetings+and+Tools
>
>
> Best regards
>
> Alvaro
>
> .....................
>