You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Xavier M <xa...@hotmail.com> on 2019/08/05 12:26:59 UTC
Tomcat with SSL
Hello,
I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an Apache-Server). I tried to follow these instructions to configure the Virtual Host:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
But I could not find the file corresponding to "conf/jee-container.xml". There exists a /opt/open500/conf/ directory, but no jee-container.xml. Where is it to be found?
For your information: all seems to work when I connect to http://domain.eu:5080/openmeetings/ (I sign in and access to OpenMeetings). But when I connect to https://openmeetings.domain.eu/openmeetings/, (the virtual host with servername openmeetings.domain.eu being configured as described in Stackoverflow), I have an access to the log in formular, but nothing happens when I click on "Sign in".
Could you please provide me help?
Thanks,
Xavier
Re: Tomcat with SSL
Posted by Xavier M <xa...@hotmail.com>.
Sorry for spamming...
Mea culpa again, I did not have load wstunnel correctly. sudo a2enmod proxy_wstunnel and it seems to work.
Have a good evening,
Xavier
Le 05/08/2019 à 20:54, Xavier M a écrit :
Hello again,
My fault, I copied/pasted once again the code for the VHost and modified the appropriated lines (names of server / error-log and SSL Certificates) again: now the log-in session works.
BUT when I'm logged in, I can see only "T'chat": the main page does not load. The browser console shows:
Firefox ne peut établir de connexion avec le serveur à l’adresse wss://openmeetings.domain.eu/openmeetings/wicket/websocket?pageId=2&wicket-ajax-baseurl=.&wicket-app-name=OpenmeetingsApplication.
I don't know anything of wss, but can it be that the line RewriteRule /(.*) ws://localhost:5080/$1 [P,L] does not work with wss:// requests?
Xavier
Post Scriptum: I tested with https://<IP of domain.eu>:5443/openmeetings and it still works correctly. But I had to add an exception of security on my computer, since I do not have a valid certificate for the IP adress.
Le 05/08/2019 à 18:22, Maxim Solodovnik a écrit :
please check browser console
do you have HTTP #400 errors?
On Mon, 5 Aug 2019 at 23:02, Xavier M <xa...@hotmail.com>> wrote:
Hi Maxim,
Thank you for your help. After a "sudo /etc/init.d/tomcat3 restart", I've got exactly the same as before, except that I can not connect through http://domain.eu:5080/openmeetings/ anymore. As for https://openmeetings.domain.eu/openmeetings/, I now have an access to the log-in session, but nothing happens when I sign in (except the dotted box which appears for less than 1 second when I click on the button).
I guess I'll have to double-check the Virtual Host you gave as answer at:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
I just changed the ServerName and the RedirectMatch (and logs), from domain.test-test.eu<http://domain.test-test.eu> to openmeetings.domain.eu<http://openmeetings.domain.eu>
Could you please confirm that I have to let "localhost" rather than changing by "domain.eu<http://domain.eu>", even for a web server?
Hope you're on holidays!
Xavier
________________________________
De : Maxim Solodovnik <so...@gmail.com>>
Envoyé : lundi 5 août 2019 16:39
À : Openmeetings user-list <us...@openmeetings.apache.org>>
Objet : Re: Tomcat with SSL
Hello Xavier,
In 5.0.0 the changes need to be done in https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L55
-- <Connector port="5080" protocol="HTTP/1.1"
++ <Connector port="5080" scheme="https" secure="true" protocol="HTTP/1.1"
On Mon, 5 Aug 2019 at 19:27, Xavier M <xa...@hotmail.com>> wrote:
Hello,
I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an Apache-Server). I tried to follow these instructions to configure the Virtual Host:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
But I could not find the file corresponding to "conf/jee-container.xml". There exists a /opt/open500/conf/ directory, but no jee-container.xml. Where is it to be found?
For your information: all seems to work when I connect to http://domain.eu:5080/openmeetings/ (I sign in and access to OpenMeetings). But when I connect to https://openmeetings.domain.eu/openmeetings/, (the virtual host with servername openmeetings.domain.eu<http://openmeetings.domain.eu> being configured as described in Stackoverflow), I have an access to the log in formular, but nothing happens when I click on "Sign in".
Could you please provide me help?
Thanks,
Xavier
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: Tomcat with SSL
Posted by Xavier M <xa...@hotmail.com>.
Hello again,
My fault, I copied/pasted once again the code for the VHost and modified the appropriated lines (names of server / error-log and SSL Certificates) again: now the log-in session works.
BUT when I'm logged in, I can see only "T'chat": the main page does not load. The browser console shows:
Firefox ne peut établir de connexion avec le serveur à l’adresse wss://openmeetings.domain.eu/openmeetings/wicket/websocket?pageId=2&wicket-ajax-baseurl=.&wicket-app-name=OpenmeetingsApplication.
I don't know anything of wss, but can it be that the line RewriteRule /(.*) ws://localhost:5080/$1 [P,L] does not work with wss:// requests?
Xavier
Post Scriptum: I tested with https://<IP of domain.eu>:5443/openmeetings and it still works correctly. But I had to add an exception of security on my computer, since I do not have a valid certificate for the IP adress.
Le 05/08/2019 à 18:22, Maxim Solodovnik a écrit :
please check browser console
do you have HTTP #400 errors?
On Mon, 5 Aug 2019 at 23:02, Xavier M <xa...@hotmail.com>> wrote:
Hi Maxim,
Thank you for your help. After a "sudo /etc/init.d/tomcat3 restart", I've got exactly the same as before, except that I can not connect through http://domain.eu:5080/openmeetings/ anymore. As for https://openmeetings.domain.eu/openmeetings/, I now have an access to the log-in session, but nothing happens when I sign in (except the dotted box which appears for less than 1 second when I click on the button).
I guess I'll have to double-check the Virtual Host you gave as answer at:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
I just changed the ServerName and the RedirectMatch (and logs), from domain.test-test.eu<http://domain.test-test.eu> to openmeetings.domain.eu<http://openmeetings.domain.eu>
Could you please confirm that I have to let "localhost" rather than changing by "domain.eu<http://domain.eu>", even for a web server?
Hope you're on holidays!
Xavier
________________________________
De : Maxim Solodovnik <so...@gmail.com>>
Envoyé : lundi 5 août 2019 16:39
À : Openmeetings user-list <us...@openmeetings.apache.org>>
Objet : Re: Tomcat with SSL
Hello Xavier,
In 5.0.0 the changes need to be done in https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L55
-- <Connector port="5080" protocol="HTTP/1.1"
++ <Connector port="5080" scheme="https" secure="true" protocol="HTTP/1.1"
On Mon, 5 Aug 2019 at 19:27, Xavier M <xa...@hotmail.com>> wrote:
Hello,
I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an Apache-Server). I tried to follow these instructions to configure the Virtual Host:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
But I could not find the file corresponding to "conf/jee-container.xml". There exists a /opt/open500/conf/ directory, but no jee-container.xml. Where is it to be found?
For your information: all seems to work when I connect to http://domain.eu:5080/openmeetings/ (I sign in and access to OpenMeetings). But when I connect to https://openmeetings.domain.eu/openmeetings/, (the virtual host with servername openmeetings.domain.eu<http://openmeetings.domain.eu> being configured as described in Stackoverflow), I have an access to the log in formular, but nothing happens when I click on "Sign in".
Could you please provide me help?
Thanks,
Xavier
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: Tomcat with SSL
Posted by Maxim Solodovnik <so...@gmail.com>.
please check browser console
do you have HTTP #400 errors?
On Mon, 5 Aug 2019 at 23:02, Xavier M <xa...@hotmail.com> wrote:
> Hi Maxim,
>
> Thank you for your help. After a "sudo /etc/init.d/tomcat3 restart", I've
> got exactly the same as before, except that I can not connect through
> http://domain.eu:5080/openmeetings/ anymore. As for
> https://openmeetings.domain.eu/openmeetings/, I now have an access to the
> log-in session, but nothing happens when I sign in (except the dotted box
> which appears for less than 1 second when I click on the button).
>
> I guess I'll have to double-check the Virtual Host you gave as answer at:
>
> https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
> I just changed the ServerName and the RedirectMatch (and logs), from
> domain.test-test.eu to openmeetings.domain.eu
> Could you please confirm that I have to let "localhost" rather than
> changing by "domain.eu", even for a web server?
>
> Hope you're on holidays!
> Xavier
>
> ------------------------------
> *De :* Maxim Solodovnik <so...@gmail.com>
> *Envoyé :* lundi 5 août 2019 16:39
> *À :* Openmeetings user-list <us...@openmeetings.apache.org>
> *Objet :* Re: Tomcat with SSL
>
> Hello Xavier,
>
> In 5.0.0 the changes need to be done in
> https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L55
> -- <Connector port="5080" protocol="HTTP/1.1"
> ++ <Connector port="5080" scheme="https" secure="true" protocol="HTTP/1.1"
>
> On Mon, 5 Aug 2019 at 19:27, Xavier M <xa...@hotmail.com> wrote:
>
> Hello,
>
> I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an
> Apache-Server). I tried to follow these instructions to configure the
> Virtual Host:
>
> https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
>
> But I could not find the file corresponding to "conf/jee-container.xml".
> There exists a /opt/open500/conf/ directory, but no jee-container.xml.
> Where is it to be found?
>
> For your information: all seems to work when I connect to
> http://domain.eu:5080/openmeetings/ (I sign in and access to
> OpenMeetings). But when I connect to
> https://openmeetings.domain.eu/openmeetings/, (the virtual host with
> servername openmeetings.domain.eu being configured as described in
> Stackoverflow), I have an access to the log in formular, but nothing
> happens when I click on "Sign in".
>
> Could you please provide me help?
> Thanks,
> Xavier
>
>
>
> --
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: Tomcat with SSL
Posted by Xavier M <xa...@hotmail.com>.
Hi Maxim,
Thank you for your help. After a "sudo /etc/init.d/tomcat3 restart", I've got exactly the same as before, except that I can not connect through http://domain.eu:5080/openmeetings/ anymore. As for https://openmeetings.domain.eu/openmeetings/, I now have an access to the log-in session, but nothing happens when I sign in (except the dotted box which appears for less than 1 second when I click on the button).
I guess I'll have to double-check the Virtual Host you gave as answer at:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
I just changed the ServerName and the RedirectMatch (and logs), from domain.test-test.eu to openmeetings.domain.eu
Could you please confirm that I have to let "localhost" rather than changing by "domain.eu", even for a web server?
Hope you're on holidays!
Xavier
________________________________
De : Maxim Solodovnik <so...@gmail.com>
Envoyé : lundi 5 août 2019 16:39
À : Openmeetings user-list <us...@openmeetings.apache.org>
Objet : Re: Tomcat with SSL
Hello Xavier,
In 5.0.0 the changes need to be done in https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L55
-- <Connector port="5080" protocol="HTTP/1.1"
++ <Connector port="5080" scheme="https" secure="true" protocol="HTTP/1.1"
On Mon, 5 Aug 2019 at 19:27, Xavier M <xa...@hotmail.com>> wrote:
Hello,
I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an Apache-Server). I tried to follow these instructions to configure the Virtual Host:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
But I could not find the file corresponding to "conf/jee-container.xml". There exists a /opt/open500/conf/ directory, but no jee-container.xml. Where is it to be found?
For your information: all seems to work when I connect to http://domain.eu:5080/openmeetings/ (I sign in and access to OpenMeetings). But when I connect to https://openmeetings.domain.eu/openmeetings/, (the virtual host with servername openmeetings.domain.eu<http://openmeetings.domain.eu> being configured as described in Stackoverflow), I have an access to the log in formular, but nothing happens when I click on "Sign in".
Could you please provide me help?
Thanks,
Xavier
--
WBR
Maxim aka solomax
Re: Tomcat with SSL
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello Xavier,
In 5.0.0 the changes need to be done in
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L55
-- <Connector port="5080" protocol="HTTP/1.1"
++ <Connector port="5080" scheme="https" secure="true" protocol="HTTP/1.1"
On Mon, 5 Aug 2019 at 19:27, Xavier M <xa...@hotmail.com> wrote:
> Hello,
>
> I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an
> Apache-Server). I tried to follow these instructions to configure the
> Virtual Host:
>
> https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
>
> But I could not find the file corresponding to "conf/jee-container.xml".
> There exists a /opt/open500/conf/ directory, but no jee-container.xml.
> Where is it to be found?
>
> For your information: all seems to work when I connect to
> http://domain.eu:5080/openmeetings/ (I sign in and access to
> OpenMeetings). But when I connect to
> https://openmeetings.domain.eu/openmeetings/, (the virtual host with
> servername openmeetings.domain.eu being configured as described in
> Stackoverflow), I have an access to the log in formular, but nothing
> happens when I click on "Sign in".
>
> Could you please provide me help?
> Thanks,
> Xavier
>
>
--
WBR
Maxim aka solomax