You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Dirk Hildebrand <d....@wis-it.de> on 2015/09/30 11:18:28 UTC

Re-10: Openmeetings behind Apache mod_proxy

I dont know what the problems are, after i finished: http://openmeetings.apache.org/RTMPSAndHTTPS.html , my installation is not reachable via https nor http on any Port i have ever configured in the Configurationfiles (8443, 8080, 5443, 5080, 8088). 

What i did:

I have a "real" Certificate (not self-signed) and imported the crt, key and intermediate into the Keystore, like it is described in the Link above.
Only things thats different:
my path to the files is not /opt/red5/..... but /opt/red5307/.... (i followed installation tutorial for Ubuntu 14.04 here: https://goo.gl/kH7Lhz)
my keystore Filename is: keystore.jmx but not keystore like in the Titorial for Configuration of RTMPS/HTTPS
I don't have a truststore (so i copied keystore to truststore)
I don't have a keystore.screen (so i copied keystore to keystore.screen)

Maybe i have a problem with that keystore.screen, because the tutorial says:

> 8. Create additional certificate as described above. Add this certificate to the following keystores: red5/conf/keystore.screen and red5/conf/keystore. (This step is required to be able to use screen-sharing web
> application, you can copy "main" keystore while testing)

What certifactes i have to create and why is coping the keystore only for testing, the keystore contains my valid Certificates ??!!

I'm a little lost, because i'm not realy into Java things.

mit freundlichen Grüßen

i.V. Dirk Hildebrand

-- Abteilungsleiter Service & Support --

_______________________________________________________

W.I.S. IT + Service GmbH, Johannesberger Strasse 2, 36041 Fulda
Telefon: +49 661 380 99 - 101 Telefax: +49 661 380 99 - 3200 e-mail: d.hildebrand@wis-it.de Internet: www.wis-it.de

Handelsregister: HRB 6664 / AG Fulda

Geschäftsführer: Thomas Löwer, Sven Eichmann, Thomas Schuy
_____________________________________
 
Diese E-mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Personen oder Organisationen, für die diese Information nicht bestimmt ist, ist es nicht gestattet, diese zu lesen, weiterzuleiten, anderweitig zu verwenden oder sich durch sie veranlasst zu sehen, Maßnahmen irgendeiner Art zu ergreifen. Wenn Sie nicht der richtige Adressat sind oder diese E-mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten diese E-mail.
This e-mail may contain confidential and/or privileged information. Persons or organisations, which are not the correct receivers of these information, neither are allowed to read, to transfer, to use these information nor to feel occasioned to take any action. If you are not the intended recipient or if you have received this e-mail in error, please notify the sender immediately and destroy this e-mail.
_____________________________________
 




 Original Message processed by David.fx12  
Re: Re-8: Openmeetings behind Apache mod_proxy (29-Sep-2015 21:26)
From:   Maxim Solodovnik
To:Openmeetings user-list


https was working as expected while I have tested it last time, what were the problems? 

 
Actually java has it's own trusted CAs so you need check if yours is accepted by your java


On Tue, Sep 29, 2015 at 8:26 PM, Dirk Hildebrand <d....@wis-it.de> wrote:

My Proxy is reachable via https, but openmeetings only has http. I tried to configure https and rtmps for openmeetings with this guide: 

http://openmeetings.apache.org/RTMPSAndHTTPS.html

but i was not successful. After this setup openmeetings is not reachable on any of the ports i used in the configuration.

I thought that the proxy terminates https so i can leave openmeeting on http. I have a real Certificate in the Proxy Server

Regards

Dirk
 Original Message processed by David.fx12  
Re: Re-6: Openmeetings behind Apache mod_proxy (29-Sep-2015 16:20)
From:   Maxim Solodovnik
To:Openmeetings user-list


yes, I'm sure the port should be 5080 

 
According to your screensharing error: all your protocols are "http" but screensharing applet is somehow being retrieved from "https", why?
And it seems like java on client computer doen't like the server SSL certificate


On Tue, Sep 29, 2015 at 5:45 PM, Dirk Hildebrand <d....@wis-it.de> wrote:

> the port should be 5080 

the rtmpt Port in conf/red5.properties is 8088, are you sure i need to set the Proxy to 5080?

> and you need to modify config.xml and set correct values in it

and what are correct values?

Thanks

Dirk


 Original Message processed by David.fx12  
Re: Re-4: Openmeetings behind Apache mod_proxy (29-Sep-2015 13:41)
From:   Maxim Solodovnik
To:Openmeetings user-list


the port should be 5080 
and you need to modify config.xml and set correct values in it

 
ps. i believe if you will close port 1935 (by setting up firewall for example) application will not work with port 8088


On Tue, Sep 29, 2015 at 5:36 PM, Dirk Hildebrand <d....@wis-it.de> wrote:

Now i changed my Proxy Config to:

> ProxyPass /webmeeting http://192.168.243.101:5080/webmeeting
> ProxyPassReverse /webmeeting http://192.168.243.101:5080/webmeeting
> ProxyPassReverse /open http://192.168.243.101:8088/open
> ProxyPass /open http://192.168.243.101:8088/open
> ProxyPassReverse /send http://192.168.243.101:8088/send
> ProxyPass /send http://192.168.243.101:8088/send
> ProxyPassReverse /close http://192.168.243.101:8088/close
> ProxyPass /close http://192.168.243.101:8088/close
> ProxyPassReverse /idle http://192.168.243.101:8088/idle
> ProxyPass /idle http://192.168.243.101:8088/idle
 
but still screensharing is not working over Proxy. Anything else is running perfectly.

The Errormessage i get from the Java Application is kind of irretating 





But i can reach that Resource by calling that URL

There is a Execption thrown:

javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
 at sun.security.ssl.ClientHandshaker.handshakeAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
 at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
 at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
 at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
 at com.sun.deploy.net.BasicHttpRequest.doGetRequest(Unknown Source)
 at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
 at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
 at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
 at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
 at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)
 at java.util.concurrent.FutureTask.run(Unknown Source)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
 
Regards

Dirk

 Original Message processed by David.fx12  
Re: Re-2: Openmeetings behind Apache mod_proxy (29-Sep-2015 12:01)
From:   Maxim Solodovnik
To:Openmeetings user-list


actually both HTTP and RTMPT uses port 5080, so you need to use this port 
the example config I pointed to only illustrates additional URLs need to be proxied


On Tue, Sep 29, 2015 at 3:53 PM, Dirk Hildebrand <d....@wis-it.de> wrote:

Thank you, i will try that, but what are the URL's with the Port 8088? I think i have Ports: 5080 (Web) and 8080 (rtmp?)
Is your Port 8088 for rtmp?

Regards

Dirk

 Original Message processed by David.fx12  
Re: Openmeetings behind Apache mod_proxy (29-Sep-2015 11:50)
From:   Maxim Solodovnik
To:Openmeetings user-list


here is the example: http://markmail.org/message/g7u6idbeaolzbkf3 
unfortunately we were unable to set-up for websockets using mod_proxy, and we currently using nginx


On Tue, Sep 29, 2015 at 3:44 PM, Dirk Hildebrand <d....@wis-it.de> wrote:

Hi there.

i just installed Openmeetings and i would like to set up an Proxy for it.

I'm able to use Openmeeting behind that proxy, except of Screensharing. i guess i need to setup something in my proxy for rtmp (Port 1935), but i cant figure out what to do.
the releavant Part of my Proxy Setup:

> ProxyPass /webmeeting http://192.168.243.101:5080/webmeeting
> ProxyPassReverse /webmeeting http://192.168.243.101:5080/webmeeting
 
(i renamed openmeetings Folder and evertihing else, to have a different URL than the standard)


Maybe someone can help me?


Thank you

Dirk




 
-- 

WBR
Maxim aka solomax




 
-- 

WBR
Maxim aka solomax




 
-- 

WBR
Maxim aka solomax




 
-- 

WBR
Maxim aka solomax




 
-- 

WBR
Maxim aka solomax