You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2019/03/18 05:13:47 UTC
[openmeetings] branch master updated: [OPENMEETINGS-2028]
documentation is partially converted to markdown, and corrected
This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/master by this push:
new 2be9a20 [OPENMEETINGS-2028] documentation is partially converted to markdown, and corrected
2be9a20 is described below
commit 2be9a202ce84b1ffb5b65d3f1f40ecf770edac48
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Mon Mar 18 12:13:35 2019 +0700
[OPENMEETINGS-2028] documentation is partially converted to markdown, and corrected
---
.../src/site/markdown/ExternalVideo.md | 24 ++
openmeetings-server/src/site/markdown/HTTPS.md | 77 ++++++
.../src/site/markdown/InstallMediaServer.md | 15 ++
.../src/site/markdown/PortSettings.md | 20 ++
.../src/site/markdown/RestrictedAccess.md | 19 ++
openmeetings-server/src/site/site.xml | 2 +-
.../src/site/xdoc/ExternalVideo.xml | 41 ----
.../src/site/xdoc/InstallMediaServer.xml | 35 ---
openmeetings-server/src/site/xdoc/PortSettings.xml | 46 ----
.../src/site/xdoc/RTMPSAndHTTPS.xml | 263 ---------------------
.../src/site/xdoc/RestrictedAccess.xml | 39 ---
.../src/site/xdoc/voip-sip-integration.xml | 6 +
12 files changed, 162 insertions(+), 425 deletions(-)
diff --git a/openmeetings-server/src/site/markdown/ExternalVideo.md b/openmeetings-server/src/site/markdown/ExternalVideo.md
new file mode 100644
index 0000000..7551d7c
--- /dev/null
+++ b/openmeetings-server/src/site/markdown/ExternalVideo.md
@@ -0,0 +1,24 @@
+<!--
+# Licensed under the Apache License, Version 2.0 (the "License") http://www.apache.org/licenses/LICENSE-2.0 -->
+
+# External Video/Camera
+
+## Connecting external video source
+
+<div class="bd-callout bd-callout-danger">
+ Please NOTE: this functionality is not yet implemented in 5.0.x
+</div>
+
+correct ffmpeg command for testing (width/height only works if both specified)
+
+```
+ffmpeg -re -i Avengers2.mp4 -vcodec flv -f flv -rtmp_conn "O:1 NS:sid:SID_OF_EXISTENT_USER NN:width:720 NN:height:480 O:0" rtmp://localhost:1935/openmeetings/ROOM_ID/UNIQUE_BROADCAST_ID_STRING
+```
+
+Sending video from external camera on Linux: (more info <a href="https://trac.ffmpeg.org/wiki/Capture/Webcam">here</a>)
+
+```
+ffmpeg -re -f v4l2 -framerate 30 -video_size 720x480 -i /dev/video0 -vcodec flv -f flv -rtmp_conn "O:1 NS:sid:SID_OF_EXISTENT_USER NN:width:720 NN:height:480 O:0" rtmp://localhost:1935/openmeetings/ROOM_ID/UNIQUE_BROADCAST_ID_STRING
+```
+
+`SID_OF_EXISTENT_USER` == Admin->Connections -> client "sid" parameter (NOT broadcastId, NOT uid)
diff --git a/openmeetings-server/src/site/markdown/HTTPS.md b/openmeetings-server/src/site/markdown/HTTPS.md
new file mode 100644
index 0000000..0bbc7c9
--- /dev/null
+++ b/openmeetings-server/src/site/markdown/HTTPS.md
@@ -0,0 +1,77 @@
+<!--
+# Licensed under the Apache License, Version 2.0 (the "License") http://www.apache.org/licenses/LICENSE-2.0 -->
+
+# Using OpenMeetings with HTTPS
+
+## Using OpenMeetings with HTTPS
+
+There are 2 ways the client communicates with the server:
+
+1. Pure HTTP: all browser-server communications go through plain, unsecured HTTP
+
+> This option can be used in case you will have frontend proxy to do encryption
+
+2. HTTPS: all browser-server communications will be encrypted
+
+### Self-signed certificate
+
+This option is available out-of-the-box, just follow the URL: [https://localhost:5443/openmeetings](https://localhost:5443/openmeetings)
+
+### 'Real' certificate
+#### Prerequisites
+1. You need OpenMeetings 5.0.x or later for this
+1. Rename the existing keystore file `$OM_HOME/conf/keystore` to `$OM_HOME/conf/keystore.bak`
+
+#### Create Keystore from the scratch
+1. Create a new keystore and key, use the same password for both:
+
+```
+keytool -keysize 4096 -genkey -alias openmeetings -keyalg RSA -storetype PKCS12 -keystore $OM_HOME/conf/keystore
+Enter keystore password:
+Re-enter new password:
+What is your first and last name?
+[Unknown]: <your hostname, e.g demo.openmeetings.de>
+What is the name of your organizational unit?
+[Unknown]: Dev
+What is the name of your organization?
+[Unknown]: OpenMeetings
+What is the name of your City or Locality?
+[Unknown]: Henderson
+What is the name of your State or Province?
+[Unknown]: Nevada
+What is the two-letter country code for this unit?
+[Unknown]: US
+Is CN=demo.openmeetings.de, OU=Dev, O=OpenMeetings, L=Henderson, ST=Nevada, C=US correct?
+[no]: yes
+Enter key password for <openmeetings>
+```
+
+2. Generate a CSR: `keytool -certreq -keyalg RSA -alias openmeetings -file openmeetings.csr -keystore $OM_HOME/conf/keystore`
+3. Submit CSR to your CA of choice and receive a signed certificate
+4. Import your chosen CA's root certificate into the keystore (may need to download it from their site - make sure to get the root CA and not the intermediate one): `keytool -import -alias root -keystore $OM_HOME/conf/keystore -trustcacerts -file root.crt` (NOTE: you may receive a warning that the certificate already exists in the system wide keystore - import anyway)
+5. Import the intermediate certificate(s) you normally receive with the certificate: `keytool -import -alias intermed -keystore $OM_HOME/conf/keystore -trustcacerts -file intermediate.crt`
+6. Import the certificate you received: `keytool -import -alias openmeetings -keystore $OM_HOME/conf/keystore -trustcacerts -file demo.openmeetings.de.crt`
+
+### Create Keystore using existing key-pair
+#### Prerequisites
+- Server key: openmeetings.key
+- Signed CSR: openmeetings.crt
+- CA's root certificate: root.crt
+- ** Intermediate certificate(s): intermedXX.crt
+
+#### Steps
+1. Export existing keys into PKCS12 format:
+
+```
+openssl pkcs12 -export -in openmeetings.crt -inkey openmeetings.key -out openmeetings.p12 -name openmeetings -certfile root.crt -certfile intermedXX.crt`
+
+Enter Export Password: openmeetings
+Verifying - Enter Export Password: openmeetings
+```
+2. Import resulting openmeetings.p12 into keystore: `keytool -importkeystore -srcstorepass openmeetings -srckeystore openmeetings.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore $OM_HOME/conf/keystore -alias openmeetings -deststoretype PKCS12`
+3. Import your chosen CA's root certificate into the keystore (may need to download it from their site - make sure to get the root CA and not the intermediate one): `keytool -import -alias root -keystore $OM_HOME/conf/keystore -trustcacerts -file root.crt` (note: you may receive a warning that the certificate already exists in the system wide keystore - import anyway)
+4. Import the intermediate certificate(s) you normally receive with the certificate: `keytool -import -alias intermed -keystore $OM_HOME/conf/keystore -trustcacerts -file intermedXX.crt`
+
+### More configuration options
+
+Additional info on HTTPS configuration can be found at [Apache Tomcat site](https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html)
diff --git a/openmeetings-server/src/site/markdown/InstallMediaServer.md b/openmeetings-server/src/site/markdown/InstallMediaServer.md
new file mode 100644
index 0000000..4341307
--- /dev/null
+++ b/openmeetings-server/src/site/markdown/InstallMediaServer.md
@@ -0,0 +1,15 @@
+<!--
+# Licensed under the Apache License, Version 2.0 (the "License") http://www.apache.org/licenses/LICENSE-2.0 -->
+
+# Media Server Installation
+
+## Install Kurento Media server
+
+<a href="https://doc-kurento.readthedocs.io/en/stable/user/installation.html">Install Kurento Media server</a>
+<div class="bd-callout bd-callout-danger">
+ It should be run under same user as OM
+</div>
+
+## Specify/Install Turn server
+
+<div class="bd-callout bd-callout-info">Optional step</div>
diff --git a/openmeetings-server/src/site/markdown/PortSettings.md b/openmeetings-server/src/site/markdown/PortSettings.md
new file mode 100644
index 0000000..854a457
--- /dev/null
+++ b/openmeetings-server/src/site/markdown/PortSettings.md
@@ -0,0 +1,20 @@
+<!--
+# Licensed under the Apache License, Version 2.0 (the "License") http://www.apache.org/licenses/LICENSE-2.0 -->
+
+# Port settings
+
+## Default Configuration
+- Port 5443: HTTPS (For web interface)
+- Port 5080: HTTP (For unsecured web interface, useful if SSL proxy is being used)
+
+## Configure alternative ports
+
+You need to change `$OM_HOME/conf/server.xml` file, OpenMeetings server need to be restarted so that changes are online.
+
+## Preventing Firewall issues
+
+A common way of bypassing the firewall is to change HTTP port to 80
+
+## OpenMeetings over SSL
+
+You can run OpenMeetings completely over SSL. See <a href="HTTPS.html">HTTPS guide</a>.
diff --git a/openmeetings-server/src/site/markdown/RestrictedAccess.md b/openmeetings-server/src/site/markdown/RestrictedAccess.md
new file mode 100644
index 0000000..c7739fe
--- /dev/null
+++ b/openmeetings-server/src/site/markdown/RestrictedAccess.md
@@ -0,0 +1,19 @@
+<!--
+# Licensed under the Apache License, Version 2.0 (the "License") http://www.apache.org/licenses/LICENSE-2.0 -->
+
+#How to restrict access to your Openmeetings server
+
+## Server Side
+You can protect your OpenMeetings instance from beeing accessed from 3th party by setting up `RemoteAddrValve`
+
+Here `$OM_HOME/conf/server.xml` (will affect the whole Tomcat)
+
+Or here `$OM_HOME/webapps/openmeetings/META-INF/context.xml`
+
+Please check Tomcat documentation for more details <a href="https://tomcat.apache.org/tomcat-9.0-doc/config/context.html">Docs about context</a>, <a href="https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_Address_Valve">Docs about RemoteAddrValve</a>
+
+For example: To allow access only for the clients connecting from localhost:
+
+```
+<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>
+```
diff --git a/openmeetings-server/src/site/site.xml b/openmeetings-server/src/site/site.xml
index 1a754e8..9911337 100644
--- a/openmeetings-server/src/site/site.xml
+++ b/openmeetings-server/src/site/site.xml
@@ -101,7 +101,7 @@
</item>
<item name="Security" href="#security">
<item name="Restricted Access" href="/RestrictedAccess.html" />
- <item name="RTMPS and HTTPS" href="/RTMPSAndHTTPS.html" />
+ <item name="HTTPS" href="/HTTPS.html" />
</item>
<item name="Converters" href="#convert">
<item name="OpenOffice Converter" href="/OpenOfficeConverter.html" />
diff --git a/openmeetings-server/src/site/xdoc/ExternalVideo.xml b/openmeetings-server/src/site/xdoc/ExternalVideo.xml
deleted file mode 100644
index 2907f79..0000000
--- a/openmeetings-server/src/site/xdoc/ExternalVideo.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-<document xmlns="http://maven.apache.org/XDOC/2.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
- <properties>
- <title>External Video/Camera</title>
- <author email="dev@openmeetings.apache.org">Apache OpenMeetings Team</author>
- </properties>
- <body>
- <section name="Connecting external video source">
- <div>
- correct ffmpeg command for testing (width/height only works if both specified)
- <source>
-<![CDATA[
-ffmpeg -re -i Avengers2.mp4 -vcodec flv -f flv -rtmp_conn "O:1 NS:sid:SID_OF_EXISTENT_USER NN:width:720 NN:height:480 O:0" rtmp://localhost:1935/openmeetings/ROOM_ID/UNIQUE_BROADCAST_ID_STRING
-]]>
- </source>
- Sending video from external camera on Linux: (more info <a href="https://trac.ffmpeg.org/wiki/Capture/Webcam">here</a>)
- <source>
-<![CDATA[
-ffmpeg -re -f v4l2 -framerate 30 -video_size 720x480 -i /dev/video0 -vcodec flv -f flv -rtmp_conn "O:1 NS:sid:SID_OF_EXISTENT_USER NN:width:720 NN:height:480 O:0" rtmp://localhost:1935/openmeetings/ROOM_ID/UNIQUE_BROADCAST_ID_STRING
-]]>
- </source>
- SID_OF_EXISTENT_USER == Admin->Connections -> client "sid" parameter (NOT broadcastId, NOT uid)
- </div>
- </section>
- </body>
-</document>
diff --git a/openmeetings-server/src/site/xdoc/InstallMediaServer.xml b/openmeetings-server/src/site/xdoc/InstallMediaServer.xml
deleted file mode 100644
index 814c3a6..0000000
--- a/openmeetings-server/src/site/xdoc/InstallMediaServer.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-<document xmlns="http://maven.apache.org/XDOC/2.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
- <properties>
- <title>Media Server Installation</title>
- <author email="dev@openmeetings.apache.org">Apache OpenMeetings Team</author>
- </properties>
- <body>
- <section name="Install Kurento Media server">
- <p>
- <a href="https://doc-kurento.readthedocs.io/en/stable/user/installation.html">Install Kurento Media server</a>
- <div class="bd-callout bd-callout-danger">
- It should be run under same user as OM
- </div>
- </p>
- </section>
- <section name="Specify/Install Turn server">
- <div class="bd-callout bd-callout-info">Optional step</div>
- </section>
- </body>
-</document>
diff --git a/openmeetings-server/src/site/xdoc/PortSettings.xml b/openmeetings-server/src/site/xdoc/PortSettings.xml
deleted file mode 100644
index 892463a..0000000
--- a/openmeetings-server/src/site/xdoc/PortSettings.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-<document xmlns="http://maven.apache.org/XDOC/2.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
- <properties>
- <title>Port settings</title>
- <author email="dev@openmeetings.apache.org">Apache OpenMeetings Team</author>
- </properties>
- <body>
- <section name="Default Configuration">
- <ul>
- <li>Port 5443: HTTPS (For web interface) </li>
- <li>Port 5080: HTTP (For unsecured web interface, useful if SSL proxy is being used) </li>
- </ul>
- </section>
- <section name="Configure alternative ports">
- <p>You need to change two files: </p>
- <ul>
- <li>Server-Side configuration: $OM_HOME/conf/server.xml, you
- need to restart the OpenMeetings so that changes are online.
- </li>
- </ul>
- </section>
- <section name="Preventing Firewall issues">
- <p>A common way of bypassing the firewall is to change HTTP port to 80</p>
- </section>
- <section name="OpenMeetings over SSL">
- <p>
- You can run OpenMeetings completely over SSL. See <a href="RTMPSAndHTTPS.html">RTMPSAndHTTPS</a>.
- </p>
- </section>
- </body>
-</document>
diff --git a/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml b/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml
deleted file mode 100644
index 8604ab6..0000000
--- a/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml
+++ /dev/null
@@ -1,263 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-<document xmlns="http://maven.apache.org/XDOC/2.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
- <properties>
- <title>Using OpenMeetings with RTMPS and HTTPS</title>
- <author email="dev@openmeetings.apache.org">Apache OpenMeetings Team</author>
- </properties>
-
- <body>
- <section name="Using OpenMeetings with RTMPS and HTTPS">
- <p>There are 3 ways the client communicates with the server: </p>
- <ul>
- <li>The flash-client uses RTMP protocol to transfer Audio/Video and
- to send and receive the user data (login et cetera) to the server
- and back
- </li>
- <li>The browser uses HTTP protocol to load the SWF and to upload and
- download the files (documents, pdfs, images) to the server and
- back.
- </li>
- <li>The screensharing client uses RTMP protocol to transfer screen
- data and remote control to the server and back
- </li>
- </ul>
- </section>
- <section name="'Real' certificate">
- <h3>Prerequisites</h3>
- <ul>
- <li>You need OpenMeetings 1.9.x or later for this, OpenMeetings 1.8.x does not have those options.</li>
- <li>Install OpenMeetings according to the install instructions and check that it runs without problems</li>
- <li>Rename the existing keystore file <tt>red5/conf/keystore.jmx</tt> to <tt>red5/conf/keystore.bak</tt></li>
- <li>Rename the existing truststore file <tt>red5/conf/truststore.jmx</tt> to <tt>red5/conf/truststore.bak</tt></li>
- </ul>
- <h3>Create Keystore from the scratch</h3>
- <ol>
- <li>
- Create a new keystore and key, use the same password for both:<br/>
- <br/><source><![CDATA[
-keytool -keysize 2048 -genkey -alias red5 -keyalg RSA -keystore red5/conf/keystore.jks
-Enter keystore password:
-Re-enter new password:
-What is your first and last name?
-[Unknown]: <your hostname, e.g demo.openmeetings.de>
-What is the name of your organizational unit?
-[Unknown]: Dev
-What is the name of your organization?
-[Unknown]: OpenMeetings
-What is the name of your City or Locality?
-[Unknown]: Henderson
-What is the name of your State or Province?
-[Unknown]: Nevada
-What is the two-letter country code for this unit?
-[Unknown]: US
-Is CN=demo.openmeetings.de, OU=Dev, O=OpenMeetings, L=Henderson, ST=Nevada, C=US correct?
-[no]: yes
-Enter key password for <red5>
-]]></source>
- </li>
- <li>Generate a CSR: <source><![CDATA[keytool -certreq -keyalg RSA -alias red5 -file red5.csr -keystore red5/conf/keystore.jks]]></source>
- </li>
- <li>Submit CSR to your CA of choice and receive a signed certificate
- </li>
- <li>Import your chosen CA's root certificate into the keystore (may
- need to download it from their site - make sure to get the root CA and
- not the intermediate one):
- <source><![CDATA[keytool -import -alias root -keystore red5/conf/keystore.jks -trustcacerts -file root.crt]]></source>
- (note: you may receive a warning that the certificate already exists in the system wide keystore - import
- anyway)
- </li>
- <li>Import the intermediate certificate(s) you normally receive with
- the certificate:
- <source><![CDATA[keytool -import -alias intermed -keystore red5/conf/keystore.jks -trustcacerts -file intermediate.crt]]></source>
- </li>
- <li>Import the certificate you received:
- <source><![CDATA[keytool -import -alias red5 -keystore red5/conf/keystore.jks -trustcacerts -file demo.openmeetings.de.crt]]></source>
- </li>
- <li>Please NOTE according to this <a href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
- guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
- </li>
- <li>Create additional certificate as described above.
- Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore.jks</tt>. (This step is required to be able to use
- screen-sharing web application, you can copy "main" keystore while testing)
- </li>
- </ol>
- <h3>Create Keystore using existing key-pair</h3>
- <h4>Prerequisites</h4>
- <ul>
- <li>Server key: red5.key</li>
- <li>Signed CSR: red5.crt</li>
- <li>CA's root certificate: root.crt</li>
- <li>** Intermediate certificate(s): intermedXX.crt</li>
- </ul>
- <h4>Steps</h4>
- <ol>
- <li>
- Export existing keys into PKCS12 format:<br/>
- <br/><source><![CDATA[
-openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile root.crt -certfile intermedXX.crt
-
-Enter Export Password: password
-Verifying - Enter Export Password: password
-]]></source>
- </li>
- <li>Import resulting red5.p12 into keystore: <source><![CDATA[
-keytool -importkeystore -srcstorepass password -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore red5/conf/keystore.jks -alias red5
-]]></source>
- </li>
- <li>Import your chosen CA's root certificate into the keystore (may
- need to download it from their site - make sure to get the root CA and
- not the intermediate one):
- <source><![CDATA[keytool -import -alias root -keystore red5/conf/keystore.jks -trustcacerts -file root.crt]]></source>
- (note: you may receive a warning that the certificate already exists in the system wide keystore - import
- anyway)
- </li>
- <li>Import the intermediate certificate(s) you normally receive with
- the certificate:
- <source><![CDATA[keytool -import -alias intermed -keystore red5/conf/keystore.jks -trustcacerts -file intermedXX.crt]]></source>
- </li>
- <li>Please NOTE according to this <a href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
- guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
- </li>
- <li>Create additional certificate as described above.
- Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore.jks</tt>. (This step is required to be able to use
- screen-sharing web application, you can copy "main" keystore while testing)
- </li>
- </ol>
- </section>
- <section name="Self-signed certificate">
- <h3>Prerequisites</h3>
- <ul>
- <li>Create CA's root certificate: ca.crt</li>
- <li>Create self-signed server certificate: red5.crt <tt>Common Name (CN) while creating certificate
- should be assign to FQDN of your site, for example - vkc.company.com</tt></li>
- <li>Rename the existing keystore file <tt>red5/conf/keystore.jmx</tt> to <tt>red5/conf/keystore.bak</tt></li>
- <li>Rename the existing truststore file <tt>red5/conf/truststore.jmx</tt> to <tt>red5/conf/truststore.bak</tt></li>
- </ul>
- <h3>Steps for OM server</h3>
- <ol>
- <li>Export existing keys into PKCS12 format:<source><![CDATA[
-cd _folder_with_certificates_
-openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile ca.crt
-]]></source>
- </li>
- <li>Import resulting red5.p12 into keystore:<source><![CDATA[
-keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass changeit -destkeystore /opt/om/conf/keystore.jks -alias red5
-]]></source>
- This command creates the keystore.jks with password changeit (may be any password)
- </li>
- <li>Import your CA's root certificate into the keystore:<source><![CDATA[
-keytool -import -alias root -keystore /opt/om/conf/keystore.jks -keystorepass changeit -trustcacerts -file ca.crt
-]]></source>
- </li>
- <li>copy keystore to truststore<source><![CDATA[
-cp /opt/om/conf/keystore.jks /opt/om/conf/truststore.jks
-]]></source>
- </li>
- <li>Change passwords in /opt/om/conf/red5.properties<source><![CDATA[
-rtmps.keystorepass=changeit
-rtmps.truststorepass=changeit
-jmx.keystorepass=changeit
-]]></source>
- </li>
- <li>Set up SSL according <a href="#SSL_for_the_web_interface" title="SSL for the web interface">SSL for the web interface</a> section.</li>
- <li>Set up RTMPS according <a href="#Tunneling_RTMPS" title="Tunneling RTMPS">Tunneling RTMPS</a> or <a href="#Native_RTMPS" title="Native RTMPS">Native RTMPS</a> sections.</li>
- <li>Restart OM service or whole OM server. Now OM server is ready to accept SSL-connections.</li>
- </ol>
- <h3>Steps for client machines</h3>
- <p>Windows specific steps are marked with (**)</p>
- <ol>
- <li>(**)Add the ca.crt certificate as trusted into the CA's list on all windows PC at the system level (certmgr.msc applet)</li>
- <li>Add the ca.crt certificate as trusted into Chrome/Firefox if it used</li>
- <li>
- Add the ca.crt certificate into ${JAVA_HOME}/lib/security/cacerts with keytool utility on a PC that organizes screensharing
- <p> (**) <br/>
- For example, Java Version 8 Update 144 has been installed on Windows machine by default location path.<br/>
- Copy ca.crt to a folder : c:\ca.crt<br/>
- Start command line interface as administrator:<br/>
- runas /user:AdminAccount cmd.exe<br/>
- Enter admin password<br/>
- Enter to bin directory of java:<br/>
- cd "c:\Program Files\Java\jre1.8.0_144\bin"<br/>
- Import ca.crt into keystore:<br/>
- keytool -import -alias root -keystore ..\lib\security\cacerts -file c:\ca.crt<br/>
- Enter the password to keystore: changeit<br/>
- </p>
- </li>
- </ol>
- </section>
- <section name="SSL for the web interface">
- <p>Please perform following steps if you want to use SSL for the web interface.
- This is mainly to secure the server against MITM attacks, additionally some other features
- like file uploads also use a plain HTTP connection if this is not
- done. The following instructions assume that you have already set up
- RTMPS successfully. </p>
- <ol>
- <li>
- Edit <tt>red5/conf/jee-container.xml</tt> file:<br/>
- Comment <tt>Tomcat without SSL enabled</tt> section<br/>
- UNComment <tt>Tomcat with SSL enabled</tt> section
- </li>
- <li>
- Restart red5 and try to connect to
- <u>https://your.server:5443</u> - you should be redirected to the OpenMeetings
- app and all access should be via HTTPS and/or RTMPS (close port 5080 to be sure).
- </li>
- </ol>
- </section>
- <section name="Set up RTMPS">
- <h3>Tunneling RTMPS</h3>
- <ol>
- <li>HTTPS need to be enabled otherwise tunneling will not work (it can be set up using frontend nginx/apache as well)</li>
- <li>
- In Administration->Configuration set<br/>
- <br/><source><![CDATA[
- flash.secure = true
- flash.secure.proxy = none
-]]></source>
- </li>
- <li>Restart red5 and try to connect - your connection should now be made via RTMPS (close port 1935 to be sure)
- </li>
- </ol>
- <h3>Native RTMPS</h3>
- <ol>
- <li> Default RTMPS port is 8443, you can change it by editing <tt>red5/conf/red5.properties</tt> and change the port here: <tt>rtmps.port=8443</tt><br/>
- Please set <tt>rtmps.keystorepass=password</tt> and <tt>rtmps.truststorepass=password</tt>
- (password = password you set on your new keystore(s))<br/>
- Additionally you need to set <tt>rtmps.screen.keystorepass=screenpassword</tt> (screenpassword = password you set on your keystore for screen-sharing application)
- </li>
- <li>
- Edit <tt>red5/conf/red5-core.xml</tt> file:<br/>
- UNComment <tt>RTMPS</tt> section
- </li>
- <li>
- In Administration->Configuration set<br/>
- <br/><source><![CDATA[
- flash.secure = true
- flash.secure.proxy = best
-]]></source>
- </li>
- <li>Restart red5 and try to connect - your connection should now be made via RTMPS (close port 1935 to be sure)
- </li>
- </ol>
- </section>
- <section name="Credits">
- <p>Thanks to Nexus, Holger Rabbach and Yakovlev Nick for their help and
- contribution to configuration and documentation! </p>
- </section>
- </body>
-</document>
diff --git a/openmeetings-server/src/site/xdoc/RestrictedAccess.xml b/openmeetings-server/src/site/xdoc/RestrictedAccess.xml
deleted file mode 100644
index fabcbf0..0000000
--- a/openmeetings-server/src/site/xdoc/RestrictedAccess.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-<document xmlns="http://maven.apache.org/XDOC/2.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
- <properties>
- <title>How to restrict access to your Openmeetings server</title>
- <author email="dev@openmeetings.apache.org">Apache OpenMeetings Team</author>
- </properties>
-
- <body>
- <section name="Server Side">
- <p>You can protect your OpenMeetings instance from beeing accessed
- from 3th party by setting up <tt>RemoteAddrValve</tt><br/>
- Here <tt>$OM_HOME/conf/server.xml</tt> (will affect the whole Tomcat<br/>)
- Or here $OM_HOME/webapps/openmeetings/META-INF/context.xml
- </p>
- <p>Please check Tomcat documentation for more details
- <a href="https://tomcat.apache.org/tomcat-9.0-doc/config/context.html">Docs about context</a>, <a
- href="https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_Address_Valve">Docs about RemoteAddrValve</a>
- </p>
- <p>For example: To allow access only for the clients connecting from localhost:</p>
- <source><![CDATA[<Valve className="org.apache.catalina.valves.RemoteAddrValve"
-allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>]]></source>
- </section>
- </body>
-</document>
diff --git a/openmeetings-server/src/site/xdoc/voip-sip-integration.xml b/openmeetings-server/src/site/xdoc/voip-sip-integration.xml
index 7692c59..8fd8068 100644
--- a/openmeetings-server/src/site/xdoc/voip-sip-integration.xml
+++ b/openmeetings-server/src/site/xdoc/voip-sip-integration.xml
@@ -20,6 +20,12 @@
<author email="dev@openmeetings.apache.org">Apache OpenMeetings Team</author>
</properties>
<body>
+ <section name="Not implemented">
+ <div class="bd-callout bd-callout-danger">
+ Please NOTE: this functionality is not yet implemented in 5.0.x
+ </div>
+ </section>
+
<section name="VoIP and SIP Integration">
<p>
There are multiple ways to integrate with VoIP and or SIP.