You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Alvaro <zu...@gmail.com> on 2020/03/28 17:04:29 UTC
Some one have letsencrypt working rigt wit OpenMeetings-5 ?
Hello All,
Some one have letsencrypt working rigt wit OpenMeetings-5 ?
I have rights letsencrypt certificates, these are tested with
apache web server ssl, at the same machine that OM, and the
browsers say "Secure connection".
I have so:
<Connector port="5443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate
certificateKeyFile="/etc/letsencrypt/live/your_true_domain/privkey.pem"
certificateFile="/etc/letsencrypt/live/your_true_domain/cert.pem"
certificateChainFile="/etc/letsencrypt/live/your_true_domain/fullchain.
pem"
type="RSA" />
</SSLHostConfig>
</Connector>
...but with this configuration the browsers say "not secure
connection".
'Ve try in different ways but don't get it.
If somebody know the right way, please tell it.
Thanks
Alvaro
-------------------
Re: Some one have letsencrypt working rigt wit OpenMeetings-5 ?
Posted by Alvaro <zu...@gmail.com>.
Thanks Marcus,
I've found another way to do it, more simple.
Thanks again.
Alvaro
......
El sáb, 28-03-2020 a las 21:41 +0100, Marcus Schulz escribió:
> Hello Alvaro,
>
> Yes, me.
>
> I configured SSL Apache straigt forward and then use the PLAIN
> connector
> of the tomcat. You cannot proxy with an SSL virtual host to another
> SSL
> connector as far as I know.
>
>
> use that connector for tomcat:
>
> <Connector port="5080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="5443" secure="true" scheme="https"/>
>
> Here is my apache vhost config:
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
> ServerAdmin marcus@mydomain.de
> ServerName meeting.mydomain.de
>
> DocumentRoot /var/www-meeting
> TraceEnable Off
>
> ErrorDocument 404 /index.php
> ErrorLog /var/log/apache2/meeting-error.log
>
> # Possible values include: debug, info, notice, warn, error,
> crit,
> # alert, emerg.
> LogLevel warn
>
> CustomLog /var/log/apache2/meeting-access.log combined
> Include /etc/letsencrypt/options-ssl-apache.conf
> SSLCertificateFile /etc/letsencrypt/live/meeting.mydomain.de-
> 0004/cert.pem
> SSLCertificateKeyFile
> /etc/letsencrypt/live/meeting.mydomain.de-0004/privkey.pem
> SSLCertificateChainFile
> /etc/letsencrypt/live/meeting.mydomain.de-0004/chain.pem
>
> ### OpenMeetings ###
> ## Custom fragment
> RewriteEngine On
> RewriteCond %{REQUEST_URI} ^/$
> RewriteRule (.*) /openmeetings/ [R=301]
> RewriteCond %{HTTP:Connection} Upgrade [NC]
> RewriteCond %{HTTP:Upgrade} websocket [NC]
> RewriteRule /(.*) ws://localhost:5080/$1 [P,L]
> RedirectMatch ^/$ https://yourserver.de/openmeetings
> ProxyPreserveHost On
>
> <Location /openmeetings>
> Require all granted
> ProxyPass http://localhost:5080/openmeetings
> ProxyPassReverse http://localhost:5080/openmeetings
> RewriteEngine On
> RewriteRule ^/(.*) http://localhost:5080/$1 [P]
> </Location>
> <Location /open>
> Require all granted
> ProxyPass http://localhost:5080/open
> ProxyPassReverse http://localhost:5080/open
> </Location>
> <Location /send>
> Require all granted
> ProxyPass http://localhost:5080/send
> ProxyPassReverse http://localhost:5080/send
> </Location>
> <Location /idle>
> Require all granted
> ProxyPass http://localhost:5080/idle
> ProxyPassReverse http://localhost:5080/idle
> </Location>
> <Location /close>
> Require all granted
> ProxyPass http://localhost:5080/close
> ProxyPassReverse http://localhost:5080/close
> </Location>
>
> </VirtualHost>
> </IfModule>
>
> Hope that helps
>
>
>
> AJP13 could work also, but I did not test.
>
> Am 28.03.2020 um 18:04 schrieb Alvaro:
> > Hello All,
> >
> > Some one have letsencrypt working rigt wit OpenMeetings-5 ?
> >
> > I have rights letsencrypt certificates, these are tested with
> > apache web server ssl, at the same machine that OM, and the
> > browsers say "Secure connection".
> >
> > I have so:
> >
> > <Connector port="5443"
> > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > maxThreads="150" SSLEnabled="true" >
> > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> > />
> > <SSLHostConfig>
> > <Certificate
> > certificateKeyFile="/etc/letsencrypt/live/your_true_domain/privkey.
> > pem"
> > certificateFile="/etc/letsencrypt/live/your_true_domain/cert.pem"
> > certificateChainFile="/etc/letsencrypt/live/your_true_domain/fullch
> > ain.pem"
> > type="RSA" />
> > </SSLHostConfig>
> > </Connector>
> >
> > ...but with this configuration the browsers say "not secure
> > connection".
> >
> > 'Ve try in different ways but don't get it.
> >
> > If somebody know the right way, please tell it.
> >
> > Thanks
> >
> > Alvaro
> >
> >
> >
> >
> > -------------------
> >
> >
> >
>
>
Re: Some one have letsencrypt working rigt wit OpenMeetings-5 ?
Posted by Marcus Schulz <ms...@polarnetworks.de>.
Hello Alvaro,
Yes, me.
I configured SSL Apache straigt forward and then use the PLAIN connector
of the tomcat. You cannot proxy with an SSL virtual host to another SSL
connector as far as I know.
use that connector for tomcat:
<Connector port="5080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="5443" secure="true" scheme="https"/>
Here is my apache vhost config:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin marcus@mydomain.de
ServerName meeting.mydomain.de
DocumentRoot /var/www-meeting
TraceEnable Off
ErrorDocument 404 /index.php
ErrorLog /var/log/apache2/meeting-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/meeting-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meeting.mydomain.de-0004/cert.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/meeting.mydomain.de-0004/privkey.pem
SSLCertificateChainFile
/etc/letsencrypt/live/meeting.mydomain.de-0004/chain.pem
### OpenMeetings ###
## Custom fragment
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /openmeetings/ [R=301]
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:5080/$1 [P,L]
RedirectMatch ^/$ https://yourserver.de/openmeetings
ProxyPreserveHost On
<Location /openmeetings>
Require all granted
ProxyPass http://localhost:5080/openmeetings
ProxyPassReverse http://localhost:5080/openmeetings
RewriteEngine On
RewriteRule ^/(.*) http://localhost:5080/$1 [P]
</Location>
<Location /open>
Require all granted
ProxyPass http://localhost:5080/open
ProxyPassReverse http://localhost:5080/open
</Location>
<Location /send>
Require all granted
ProxyPass http://localhost:5080/send
ProxyPassReverse http://localhost:5080/send
</Location>
<Location /idle>
Require all granted
ProxyPass http://localhost:5080/idle
ProxyPassReverse http://localhost:5080/idle
</Location>
<Location /close>
Require all granted
ProxyPass http://localhost:5080/close
ProxyPassReverse http://localhost:5080/close
</Location>
</VirtualHost>
</IfModule>
Hope that helps
AJP13 could work also, but I did not test.
Am 28.03.2020 um 18:04 schrieb Alvaro:
> Hello All,
>
> Some one have letsencrypt working rigt wit OpenMeetings-5 ?
>
> I have rights letsencrypt certificates, these are tested with
> apache web server ssl, at the same machine that OM, and the
> browsers say "Secure connection".
>
> I have so:
>
> <Connector port="5443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig>
> <Certificate
> certificateKeyFile="/etc/letsencrypt/live/your_true_domain/privkey.pem"
> certificateFile="/etc/letsencrypt/live/your_true_domain/cert.pem"
> certificateChainFile="/etc/letsencrypt/live/your_true_domain/fullchain.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
>
> ...but with this configuration the browsers say "not secure connection".
>
> 'Ve try in different ways but don't get it.
>
> If somebody know the right way, please tell it.
>
> Thanks
>
> Alvaro
>
>
>
>
> -------------------
>
>
>
Re: Some one have letsencrypt working rigt wit OpenMeetings-5 ?
Posted by Alvaro <zu...@gmail.com>.
Ok, it is solved.
I will add the instructions in the tutorial:
Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M3.pdf
...and in two days will upload it again.
Regards
Alvaro
.........................
In two or three da
El sáb, 28-03-2020 a las 18:04 +0100, Alvaro escribió:
> Hello All,
>
> Some one have letsencrypt working rigt wit OpenMeetings-5 ?
>
> I have rights letsencrypt certificates, these are tested with
> apache web server ssl, at the same machine that OM, and the
> browsers say "Secure connection".
>
> I have so:
>
> <Connector port="5443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig>
> <Certificate
> certificateKeyFile="/etc/letsencrypt/live/your_true_domain/privkey.pe
> m"
> certificateFile="/etc/letsencrypt/live/your_true_domain/cert.pem"
> certificateChainFile="/etc/letsencrypt/live/your_true_domain/fullchai
> n.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
>
> ...but with this configuration the browsers say "not secure
> connection".
>
> 'Ve try in different ways but don't get it.
>
> If somebody know the right way, please tell it.
>
> Thanks
>
> Alvaro
>
>
>
>
> -------------------
>
>
>