Why should not we rely on port 80 in openmeetings, should we

[Alexei Fedotov <al...@gmail.com>]

We have really long discussion on the subject: why does our typical
installation has two http servers - one is Apache jetty embedded into red5,
and another is Apache Httpd which redirects traffic from port 80 to
different ports of our product.

I faced strong resistance convincing people that decreasing number of
servers and ports is good. Of course the less servers we have, less
installation work we have - why should we discuss it?

Finally I noticed why two servers may be good for some people. This applies
to the case when they want other http services like CMS or E-learning to
run on the same machine. I was thinking mostly about our Openmeetings
server farm, where are no advantages of keeping proxies, while each httpd
costs 200 Mb per server.

So the question is if we should keep using different ports in openmeetings.
Are there any other reasons I missed?

Concerning Maxim advice of using VPN - in my corporate life I don't even
have an admin password or a right to run non-microsoft executables.

Thanks.

Re: Why should not we rely on port 80 in openmeetings, should we

[Maxim Solodovnik <so...@gmail.com>]

I'm not sure how all this implemented
but I believe context is applied after packet is received by tomcat.
need to inspect content of http packets

2012/4/28 seba.wagner@gmail.com <se...@gmail.com>

> Yes that is right, that irritated me right from the beginning :)
> However it would mean that running multiple instances of Openmeetings in
> the same Tomcat Server is not possible because they all connect to the same
> context. But I think that is not true. I think you can run multiple webapps
> in Red5 and each of it has its own scope and can have its own RTMPT
> connection enabled.
>
> Sebastian
>
> 2012/4/28 Maxim Solodovnik <so...@gmail.com>
>
> > Yes
> > And it is redirects 8088/open
> > And not 8088/openmeetings/open
> > I've written similar shorter rules using mod_rewrite while trying to
> > understand what is going on.
> >
> > These rules demonstrate it is impossible to redirect RTMPT using context
> > On Apr 28, 2012 7:50 PM, "seba.wagner@gmail.com" <se...@gmail.com>
> > wrote:
> >
> > > Those are mod_proxy settings to redirect rtmpt traffic:
> > >
> > >
> > >
> >
> https://groups.google.com/group/openmeetings-user/msg/3d189be4d7546be3?dmode=source&output=gplain&noredirect
> > >
> > > Sebastian
> > >
> > > 2012/4/28 Maxim Solodovnik <so...@gmail.com>
> > >
> > > > It is impossible to proxy rtmpt based on the context.
> > > > Requests sent are go to /open /idle etc. Ignoring context.
> > > > I can send you logs and links proofing this
> > > > On Apr 28, 2012 6:51 PM, "seba.wagner@gmail.com" <
> > seba.wagner@gmail.com>
> > > > wrote:
> > > >
> > > > > We did solve to redirect rtmp traffic by using different path
> > segments,
> > > > > mod_proxy rule was path based.
> > > > >
> > > > > In the config.xml you can specify different paths for HTTP and RTMP
> > > URLs
> > > > > (RTMPT will be handled with same path segments as RTMP)
> > > > >
> > > > > the config values are:
> > > > > RTMP Path segment: <webAppRootKey>openmeetings</webAppRootKey>
> > > > > HTTP Path segment <httpRootKey>/openmeetings/</httpRootKey>
> > > > >
> > > > > => RTMP URL will be: rtmp://localhost:$rtmpport/$webAppRootKey/
> > > > > => RTMPT URL will be:
> > rtmpt://localhost:$rtmpTunnelport/$webAppRootKey/
> > > > > => HTTP Download/Upload URL will be:
> > > > > $protocol://localhost:$red5httpport$httpRootKey [missing / is no
> > typo,
> > > > the
> > > > > slash is in the httpRootKey so that you can make openmeetings
> > directly
> > > > run
> > > > > in WEB-ROOT with the path <httpRootKey>/</httpRootKey>  ]
> > > > >
> > > > > Now you can modify config.xml to:
> > > > > <webAppRootKey>openmeetings_rtmp</webAppRootKey>
> > > > > And add a mod_proxy rule:
> > > > > traffic to openmeetings_rtmp port 80 redirect to localhost:1935
> > > > > OR the same for RTMPT
> > > > >
> > > > > The issue is just you can configure rtmp AND rtmpt to have
> DIFFERENT
> > a
> > > > path
> > > > > segmements. Cause that would enable you to have mod_proxy settings
> > for
> > > > > both.
> > > > > But I did always then just configure RTMPT to port 443. And that
> way
> > I
> > > > have
> > > > > HTTP => Port 80
> > > > > RTMP => Port 80
> > > > > RTMPT => Port 443
> > > > >
> > > > > Of course you can also add one more mod_proxy rule:
> > > > > Redirect: $httpRootKey to localhost:5080, that way you can run yoru
> > > > website
> > > > > AND OpenMeetings on port 80.
> > > > >
> > > > > Sebastian
> > > > >
> > > > > 2012/4/28 Alexei Fedotov <al...@gmail.com>
> > > > >
> > > > > > 3) ...
> > > > > > any TCP/IP connection does not operate with paths
> > > > > > from the other side there may be several client connections
> > connected
> > > > > > to the same server and port
> > > > > >
> > > > > >
> > > > > > On Sat, Apr 28, 2012 at 3:31 PM, Alexei Fedotov
> > > > > > <al...@gmail.com> wrote:
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://helpx.adobe.com/flash-media-server/kb/ports-firewalls-flash-media-server.html
> > > > > > > shows how to initiate rtmp over different port
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Sat, Apr 28, 2012 at 3:29 PM, Alexei Fedotov
> > > > > > > <al...@gmail.com> wrote:
> > > > > > >> 1) it is impossible to redirect RTMP traffic
> > > > > > >>>> no quick answer
> > > > > > >>
> > > > > > >> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > > > > > >>>> overhead is even bigger because it uses 6 bit from every 8
> of
> > > > binary
> > > > > > traffic
> > > > > > >>
> > > > > > >> 3) even if you think you perform
> > > > > > rtmpt://server:port/openmeetings/hibernate
> > > > > > >> all packets are sent to  rtmpt://server:port/ (this is why it
> is
> > > > > > impossible
> > > > > > >> to proxy just RTMPT context)
> > > > > > >>>> no quick answer
> > > > > > >>
> > > > > > >>
> > > > > > >>
> > > > > > >> problems while implementing OOCP
> > > > > > >> 1) it will be impossible to use RTMP with it (please see 1)
> > above)
> > > > > > >>>> noone asks for it
> > > > > > >>
> > > > > > >> 2) it will be additional traffic (please see 2))
> > > > > > >>>> you use OOCP is fallback when 1935 is not available
> > > > > > >>
> > > > > > >> 3) it will be impossible to use current scheme (tomcat +
> apache
> > +
> > > > > > >> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help
> > here,
> > > > but
> > > > > it
> > > > > > >> also have own limitations.
> > > > > > >>>> what breaks current scheme?
> > > > > > >>
> > > > > > >> I'm not sure if I be able to create transparent proxy inside
> > > tomcat,
> > > > > but
> > > > > > >> I'll try.
> > > > > > >>>> there are few proxy solutions for Tomcat already
> > > > > > >>
> > > > > > >> --
> > > > > > >> With best regards / с наилучшими пожеланиями,
> > > > > > >> Alexei Fedotov / Алексей Федотов,
> > > > > > >> http://dataved.ru/
> > > > > > >> +7 916 562 8095
> > > > > > >>
> > > > > > >>
> > > > > > >> On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <
> > > > > solomax666@gmail.com>
> > > > > > wrote:
> > > > > > >>> statements
> > > > > > >>> 1) it is impossible to redirect RTMP traffic
> > > > > > >>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > > > > > >>> 3) even if you think you perform
> > > > > > rtmpt://server:port/openmeetings/hibernate
> > > > > > >>> all packets are sent to  rtmpt://server:port/ (this is why it
> > is
> > > > > > impossible
> > > > > > >>> to proxy just RTMPT context)
> > > > > > >>>
> > > > > > >>> problems while implementing OOCP
> > > > > > >>> 1) it will be impossible to use RTMP with it (please see 1)
> > > above)
> > > > > > >>> 2) it will be additional traffic (please see 2))
> > > > > > >>> 3) it will be impossible to use current scheme (tomcat +
> > apache +
> > > > > > >>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help
> > here,
> > > > but
> > > > > > it
> > > > > > >>> also have own limitations.
> > > > > > >>>
> > > > > > >>> I'm not sure if I be able to create transparent proxy inside
> > > > tomcat,
> > > > > > but
> > > > > > >>> I'll try.
> > > > > > >>>
> > > > > > >>> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <
> > > > > > alexei.fedotov@gmail.com>wrote:
> > > > > > >>>
> > > > > > >>>> I don't think multiple ports are problem - Timur's proof of
> > > > concept
> > > > > > >>>> shows they are not.
> > > > > > >>>>
> > > > > > >>>> The main problem is the following: something is already
> > running
> > > on
> > > > > 80
> > > > > > >>>> port. So exact requirement for the solution follows:
> > > > > > >>>>
> > > > > > >>>> 1. The only openmeetings communication port (OOCP) should
> be a
> > > > part
> > > > > of
> > > > > > >>>> the configuration. By default it would be port 80, and for
> > those
> > > > who
> > > > > > >>>> have somethings installed, they can move the port somewhere.
> > > > > > >>>>
> > > > > > >>>> 2. One should switch http or https for traffic over OOCP.
> > > > > > >>>>
> > > > > > >>>> 3. For OOCP over http I suggest using 1935 for RTMP, or
> > falling
> > > > back
> > > > > > >>>> to rtmpt over OOCP.
> > > > > > >>>>
> > > > > > >>>> --
> > > > > > >>>> With best regards / с наилучшими пожеланиями,
> > > > > > >>>> Alexei Fedotov / Алексей Федотов,
> > > > > > >>>> http://dataved.ru/
> > > > > > >>>> +7 916 562 8095
> > > > > > >>>>
> > > > > > >>>>
> > > > > > >>>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
> > > > > > >>>> <se...@gmail.com> wrote:
> > > > > > >>>> > Is this a question or a statement?
> > > > > > >>>> >
> > > > > > >>>> > You cannot run all services: http, https, rtmp, rtmpt,
> rtmps
> > > on
> > > > > the
> > > > > > >>>> > same port 80 and 443, you can only achieve that by
> cheating
> > > with
> > > > > > >>>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
> > > > > > >>>> >
> > > > > > >>>> > Our configuration currently allows people to configure
> http
> > +
> > > > rtmp
> > > > > > or
> > > > > > >>>> > http + rtmpt on the same port.
> > > > > > >>>> > However to practically achieve that you need Apache
> > Webserver
> > > > and
> > > > > > >>>> > configured with mod_proxy.
> > > > > > >>>> >
> > > > > > >>>> > Sebastian
> > > > > > >>>> >
> > > > > > >>>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
> > > > > > >>>> >> We have really long discussion on the subject: why does
> our
> > > > > typical
> > > > > > >>>> >> installation has two http servers - one is Apache jetty
> > > > embedded
> > > > > > into
> > > > > > >>>> red5,
> > > > > > >>>> >> and another is Apache Httpd which redirects traffic from
> > port
> > > > 80
> > > > > to
> > > > > > >>>> >> different ports of our product.
> > > > > > >>>> >>
> > > > > > >>>> >> I faced strong resistance convincing people that
> decreasing
> > > > > number
> > > > > > of
> > > > > > >>>> >> servers and ports is good. Of course the less servers we
> > > have,
> > > > > less
> > > > > > >>>> >> installation work we have - why should we discuss it?
> > > > > > >>>> >>
> > > > > > >>>> >> Finally I noticed why two servers may be good for some
> > > people.
> > > > > This
> > > > > > >>>> applies
> > > > > > >>>> >> to the case when they want other http services like CMS
> or
> > > > > > E-learning to
> > > > > > >>>> >> run on the same machine. I was thinking mostly about our
> > > > > > Openmeetings
> > > > > > >>>> >> server farm, where are no advantages of keeping proxies,
> > > while
> > > > > each
> > > > > > >>>> httpd
> > > > > > >>>> >> costs 200 Mb per server.
> > > > > > >>>> >>
> > > > > > >>>> >> So the question is if we should keep using different
> ports
> > in
> > > > > > >>>> openmeetings.
> > > > > > >>>> >> Are there any other reasons I missed?
> > > > > > >>>> >>
> > > > > > >>>> >> Concerning Maxim advice of using VPN - in my corporate
> > life I
> > > > > > don't even
> > > > > > >>>> >> have an admin password or a right to run non-microsoft
> > > > > executables.
> > > > > > >>>> >>
> > > > > > >>>> >> Thanks.
> > > > > > >>>> >
> > > > > > >>>> >
> > > > > > >>>> >
> > > > > > >>>> > --
> > > > > > >>>> > Sebastian Wagner
> > > > > > >>>> > https://twitter.com/#!/dead_lock
> > > > > > >>>> > http://www.openmeetings.de
> > > > > > >>>> > http://www.webbase-design.de
> > > > > > >>>> > http://www.wagner-sebastian.com
> > > > > > >>>> > seba.wagner@gmail.com
> > > > > > >>>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> --
> > > > > > >>> WBR
> > > > > > >>> Maxim aka solomax
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Sebastian Wagner
> > > > > https://twitter.com/#!/dead_lock
> > > > > http://www.openmeetings.de
> > > > > http://www.webbase-design.de
> > > > > http://www.wagner-sebastian.com
> > > > > seba.wagner@gmail.com
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Sebastian Wagner
> > > https://twitter.com/#!/dead_lock
> > > http://www.openmeetings.de
> > > http://www.webbase-design.de
> > > http://www.wagner-sebastian.com
> > > seba.wagner@gmail.com
> > >
> >
>
>
>
> --
> Sebastian Wagner
> https://twitter.com/#!/dead_lock
> http://www.openmeetings.de
> http://www.webbase-design.de
> http://www.wagner-sebastian.com
> seba.wagner@gmail.com
>



-- 
WBR
Maxim aka solomax

Re: Why should not we rely on port 80 in openmeetings, should we

["seba.wagner@gmail.com" <se...@gmail.com>]

Yes that is right, that irritated me right from the beginning :)
However it would mean that running multiple instances of Openmeetings in
the same Tomcat Server is not possible because they all connect to the same
context. But I think that is not true. I think you can run multiple webapps
in Red5 and each of it has its own scope and can have its own RTMPT
connection enabled.

Sebastian

2012/4/28 Maxim Solodovnik <so...@gmail.com>

> Yes
> And it is redirects 8088/open
> And not 8088/openmeetings/open
> I've written similar shorter rules using mod_rewrite while trying to
> understand what is going on.
>
> These rules demonstrate it is impossible to redirect RTMPT using context
> On Apr 28, 2012 7:50 PM, "seba.wagner@gmail.com" <se...@gmail.com>
> wrote:
>
> > Those are mod_proxy settings to redirect rtmpt traffic:
> >
> >
> >
> https://groups.google.com/group/openmeetings-user/msg/3d189be4d7546be3?dmode=source&output=gplain&noredirect
> >
> > Sebastian
> >
> > 2012/4/28 Maxim Solodovnik <so...@gmail.com>
> >
> > > It is impossible to proxy rtmpt based on the context.
> > > Requests sent are go to /open /idle etc. Ignoring context.
> > > I can send you logs and links proofing this
> > > On Apr 28, 2012 6:51 PM, "seba.wagner@gmail.com" <
> seba.wagner@gmail.com>
> > > wrote:
> > >
> > > > We did solve to redirect rtmp traffic by using different path
> segments,
> > > > mod_proxy rule was path based.
> > > >
> > > > In the config.xml you can specify different paths for HTTP and RTMP
> > URLs
> > > > (RTMPT will be handled with same path segments as RTMP)
> > > >
> > > > the config values are:
> > > > RTMP Path segment: <webAppRootKey>openmeetings</webAppRootKey>
> > > > HTTP Path segment <httpRootKey>/openmeetings/</httpRootKey>
> > > >
> > > > => RTMP URL will be: rtmp://localhost:$rtmpport/$webAppRootKey/
> > > > => RTMPT URL will be:
> rtmpt://localhost:$rtmpTunnelport/$webAppRootKey/
> > > > => HTTP Download/Upload URL will be:
> > > > $protocol://localhost:$red5httpport$httpRootKey [missing / is no
> typo,
> > > the
> > > > slash is in the httpRootKey so that you can make openmeetings
> directly
> > > run
> > > > in WEB-ROOT with the path <httpRootKey>/</httpRootKey>  ]
> > > >
> > > > Now you can modify config.xml to:
> > > > <webAppRootKey>openmeetings_rtmp</webAppRootKey>
> > > > And add a mod_proxy rule:
> > > > traffic to openmeetings_rtmp port 80 redirect to localhost:1935
> > > > OR the same for RTMPT
> > > >
> > > > The issue is just you can configure rtmp AND rtmpt to have DIFFERENT
> a
> > > path
> > > > segmements. Cause that would enable you to have mod_proxy settings
> for
> > > > both.
> > > > But I did always then just configure RTMPT to port 443. And that way
> I
> > > have
> > > > HTTP => Port 80
> > > > RTMP => Port 80
> > > > RTMPT => Port 443
> > > >
> > > > Of course you can also add one more mod_proxy rule:
> > > > Redirect: $httpRootKey to localhost:5080, that way you can run yoru
> > > website
> > > > AND OpenMeetings on port 80.
> > > >
> > > > Sebastian
> > > >
> > > > 2012/4/28 Alexei Fedotov <al...@gmail.com>
> > > >
> > > > > 3) ...
> > > > > any TCP/IP connection does not operate with paths
> > > > > from the other side there may be several client connections
> connected
> > > > > to the same server and port
> > > > >
> > > > >
> > > > > On Sat, Apr 28, 2012 at 3:31 PM, Alexei Fedotov
> > > > > <al...@gmail.com> wrote:
> > > > > >
> > > > >
> > > >
> > >
> >
> http://helpx.adobe.com/flash-media-server/kb/ports-firewalls-flash-media-server.html
> > > > > > shows how to initiate rtmp over different port
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Sat, Apr 28, 2012 at 3:29 PM, Alexei Fedotov
> > > > > > <al...@gmail.com> wrote:
> > > > > >> 1) it is impossible to redirect RTMP traffic
> > > > > >>>> no quick answer
> > > > > >>
> > > > > >> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > > > > >>>> overhead is even bigger because it uses 6 bit from every 8 of
> > > binary
> > > > > traffic
> > > > > >>
> > > > > >> 3) even if you think you perform
> > > > > rtmpt://server:port/openmeetings/hibernate
> > > > > >> all packets are sent to  rtmpt://server:port/ (this is why it is
> > > > > impossible
> > > > > >> to proxy just RTMPT context)
> > > > > >>>> no quick answer
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> problems while implementing OOCP
> > > > > >> 1) it will be impossible to use RTMP with it (please see 1)
> above)
> > > > > >>>> noone asks for it
> > > > > >>
> > > > > >> 2) it will be additional traffic (please see 2))
> > > > > >>>> you use OOCP is fallback when 1935 is not available
> > > > > >>
> > > > > >> 3) it will be impossible to use current scheme (tomcat + apache
> +
> > > > > >> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help
> here,
> > > but
> > > > it
> > > > > >> also have own limitations.
> > > > > >>>> what breaks current scheme?
> > > > > >>
> > > > > >> I'm not sure if I be able to create transparent proxy inside
> > tomcat,
> > > > but
> > > > > >> I'll try.
> > > > > >>>> there are few proxy solutions for Tomcat already
> > > > > >>
> > > > > >> --
> > > > > >> With best regards / с наилучшими пожеланиями,
> > > > > >> Alexei Fedotov / Алексей Федотов,
> > > > > >> http://dataved.ru/
> > > > > >> +7 916 562 8095
> > > > > >>
> > > > > >>
> > > > > >> On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <
> > > > solomax666@gmail.com>
> > > > > wrote:
> > > > > >>> statements
> > > > > >>> 1) it is impossible to redirect RTMP traffic
> > > > > >>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > > > > >>> 3) even if you think you perform
> > > > > rtmpt://server:port/openmeetings/hibernate
> > > > > >>> all packets are sent to  rtmpt://server:port/ (this is why it
> is
> > > > > impossible
> > > > > >>> to proxy just RTMPT context)
> > > > > >>>
> > > > > >>> problems while implementing OOCP
> > > > > >>> 1) it will be impossible to use RTMP with it (please see 1)
> > above)
> > > > > >>> 2) it will be additional traffic (please see 2))
> > > > > >>> 3) it will be impossible to use current scheme (tomcat +
> apache +
> > > > > >>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help
> here,
> > > but
> > > > > it
> > > > > >>> also have own limitations.
> > > > > >>>
> > > > > >>> I'm not sure if I be able to create transparent proxy inside
> > > tomcat,
> > > > > but
> > > > > >>> I'll try.
> > > > > >>>
> > > > > >>> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <
> > > > > alexei.fedotov@gmail.com>wrote:
> > > > > >>>
> > > > > >>>> I don't think multiple ports are problem - Timur's proof of
> > > concept
> > > > > >>>> shows they are not.
> > > > > >>>>
> > > > > >>>> The main problem is the following: something is already
> running
> > on
> > > > 80
> > > > > >>>> port. So exact requirement for the solution follows:
> > > > > >>>>
> > > > > >>>> 1. The only openmeetings communication port (OOCP) should be a
> > > part
> > > > of
> > > > > >>>> the configuration. By default it would be port 80, and for
> those
> > > who
> > > > > >>>> have somethings installed, they can move the port somewhere.
> > > > > >>>>
> > > > > >>>> 2. One should switch http or https for traffic over OOCP.
> > > > > >>>>
> > > > > >>>> 3. For OOCP over http I suggest using 1935 for RTMP, or
> falling
> > > back
> > > > > >>>> to rtmpt over OOCP.
> > > > > >>>>
> > > > > >>>> --
> > > > > >>>> With best regards / с наилучшими пожеланиями,
> > > > > >>>> Alexei Fedotov / Алексей Федотов,
> > > > > >>>> http://dataved.ru/
> > > > > >>>> +7 916 562 8095
> > > > > >>>>
> > > > > >>>>
> > > > > >>>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
> > > > > >>>> <se...@gmail.com> wrote:
> > > > > >>>> > Is this a question or a statement?
> > > > > >>>> >
> > > > > >>>> > You cannot run all services: http, https, rtmp, rtmpt, rtmps
> > on
> > > > the
> > > > > >>>> > same port 80 and 443, you can only achieve that by cheating
> > with
> > > > > >>>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
> > > > > >>>> >
> > > > > >>>> > Our configuration currently allows people to configure http
> +
> > > rtmp
> > > > > or
> > > > > >>>> > http + rtmpt on the same port.
> > > > > >>>> > However to practically achieve that you need Apache
> Webserver
> > > and
> > > > > >>>> > configured with mod_proxy.
> > > > > >>>> >
> > > > > >>>> > Sebastian
> > > > > >>>> >
> > > > > >>>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
> > > > > >>>> >> We have really long discussion on the subject: why does our
> > > > typical
> > > > > >>>> >> installation has two http servers - one is Apache jetty
> > > embedded
> > > > > into
> > > > > >>>> red5,
> > > > > >>>> >> and another is Apache Httpd which redirects traffic from
> port
> > > 80
> > > > to
> > > > > >>>> >> different ports of our product.
> > > > > >>>> >>
> > > > > >>>> >> I faced strong resistance convincing people that decreasing
> > > > number
> > > > > of
> > > > > >>>> >> servers and ports is good. Of course the less servers we
> > have,
> > > > less
> > > > > >>>> >> installation work we have - why should we discuss it?
> > > > > >>>> >>
> > > > > >>>> >> Finally I noticed why two servers may be good for some
> > people.
> > > > This
> > > > > >>>> applies
> > > > > >>>> >> to the case when they want other http services like CMS or
> > > > > E-learning to
> > > > > >>>> >> run on the same machine. I was thinking mostly about our
> > > > > Openmeetings
> > > > > >>>> >> server farm, where are no advantages of keeping proxies,
> > while
> > > > each
> > > > > >>>> httpd
> > > > > >>>> >> costs 200 Mb per server.
> > > > > >>>> >>
> > > > > >>>> >> So the question is if we should keep using different ports
> in
> > > > > >>>> openmeetings.
> > > > > >>>> >> Are there any other reasons I missed?
> > > > > >>>> >>
> > > > > >>>> >> Concerning Maxim advice of using VPN - in my corporate
> life I
> > > > > don't even
> > > > > >>>> >> have an admin password or a right to run non-microsoft
> > > > executables.
> > > > > >>>> >>
> > > > > >>>> >> Thanks.
> > > > > >>>> >
> > > > > >>>> >
> > > > > >>>> >
> > > > > >>>> > --
> > > > > >>>> > Sebastian Wagner
> > > > > >>>> > https://twitter.com/#!/dead_lock
> > > > > >>>> > http://www.openmeetings.de
> > > > > >>>> > http://www.webbase-design.de
> > > > > >>>> > http://www.wagner-sebastian.com
> > > > > >>>> > seba.wagner@gmail.com
> > > > > >>>>
> > > > > >>>
> > > > > >>>
> > > > > >>>
> > > > > >>> --
> > > > > >>> WBR
> > > > > >>> Maxim aka solomax
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Sebastian Wagner
> > > > https://twitter.com/#!/dead_lock
> > > > http://www.openmeetings.de
> > > > http://www.webbase-design.de
> > > > http://www.wagner-sebastian.com
> > > > seba.wagner@gmail.com
> > > >
> > >
> >
> >
> >
> > --
> > Sebastian Wagner
> > https://twitter.com/#!/dead_lock
> > http://www.openmeetings.de
> > http://www.webbase-design.de
> > http://www.wagner-sebastian.com
> > seba.wagner@gmail.com
> >
>



-- 
Sebastian Wagner
https://twitter.com/#!/dead_lock
http://www.openmeetings.de
http://www.webbase-design.de
http://www.wagner-sebastian.com
seba.wagner@gmail.com

Re: Why should not we rely on port 80 in openmeetings, should we

[Maxim Solodovnik <so...@gmail.com>]

Yes
And it is redirects 8088/open
And not 8088/openmeetings/open
I've written similar shorter rules using mod_rewrite while trying to
understand what is going on.

These rules demonstrate it is impossible to redirect RTMPT using context
On Apr 28, 2012 7:50 PM, "seba.wagner@gmail.com" <se...@gmail.com>
wrote:

> Those are mod_proxy settings to redirect rtmpt traffic:
>
>
> https://groups.google.com/group/openmeetings-user/msg/3d189be4d7546be3?dmode=source&output=gplain&noredirect
>
> Sebastian
>
> 2012/4/28 Maxim Solodovnik <so...@gmail.com>
>
> > It is impossible to proxy rtmpt based on the context.
> > Requests sent are go to /open /idle etc. Ignoring context.
> > I can send you logs and links proofing this
> > On Apr 28, 2012 6:51 PM, "seba.wagner@gmail.com" <se...@gmail.com>
> > wrote:
> >
> > > We did solve to redirect rtmp traffic by using different path segments,
> > > mod_proxy rule was path based.
> > >
> > > In the config.xml you can specify different paths for HTTP and RTMP
> URLs
> > > (RTMPT will be handled with same path segments as RTMP)
> > >
> > > the config values are:
> > > RTMP Path segment: <webAppRootKey>openmeetings</webAppRootKey>
> > > HTTP Path segment <httpRootKey>/openmeetings/</httpRootKey>
> > >
> > > => RTMP URL will be: rtmp://localhost:$rtmpport/$webAppRootKey/
> > > => RTMPT URL will be: rtmpt://localhost:$rtmpTunnelport/$webAppRootKey/
> > > => HTTP Download/Upload URL will be:
> > > $protocol://localhost:$red5httpport$httpRootKey [missing / is no typo,
> > the
> > > slash is in the httpRootKey so that you can make openmeetings directly
> > run
> > > in WEB-ROOT with the path <httpRootKey>/</httpRootKey>  ]
> > >
> > > Now you can modify config.xml to:
> > > <webAppRootKey>openmeetings_rtmp</webAppRootKey>
> > > And add a mod_proxy rule:
> > > traffic to openmeetings_rtmp port 80 redirect to localhost:1935
> > > OR the same for RTMPT
> > >
> > > The issue is just you can configure rtmp AND rtmpt to have DIFFERENT a
> > path
> > > segmements. Cause that would enable you to have mod_proxy settings for
> > > both.
> > > But I did always then just configure RTMPT to port 443. And that way I
> > have
> > > HTTP => Port 80
> > > RTMP => Port 80
> > > RTMPT => Port 443
> > >
> > > Of course you can also add one more mod_proxy rule:
> > > Redirect: $httpRootKey to localhost:5080, that way you can run yoru
> > website
> > > AND OpenMeetings on port 80.
> > >
> > > Sebastian
> > >
> > > 2012/4/28 Alexei Fedotov <al...@gmail.com>
> > >
> > > > 3) ...
> > > > any TCP/IP connection does not operate with paths
> > > > from the other side there may be several client connections connected
> > > > to the same server and port
> > > >
> > > >
> > > > On Sat, Apr 28, 2012 at 3:31 PM, Alexei Fedotov
> > > > <al...@gmail.com> wrote:
> > > > >
> > > >
> > >
> >
> http://helpx.adobe.com/flash-media-server/kb/ports-firewalls-flash-media-server.html
> > > > > shows how to initiate rtmp over different port
> > > > >
> > > > >
> > > > >
> > > > > On Sat, Apr 28, 2012 at 3:29 PM, Alexei Fedotov
> > > > > <al...@gmail.com> wrote:
> > > > >> 1) it is impossible to redirect RTMP traffic
> > > > >>>> no quick answer
> > > > >>
> > > > >> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > > > >>>> overhead is even bigger because it uses 6 bit from every 8 of
> > binary
> > > > traffic
> > > > >>
> > > > >> 3) even if you think you perform
> > > > rtmpt://server:port/openmeetings/hibernate
> > > > >> all packets are sent to  rtmpt://server:port/ (this is why it is
> > > > impossible
> > > > >> to proxy just RTMPT context)
> > > > >>>> no quick answer
> > > > >>
> > > > >>
> > > > >>
> > > > >> problems while implementing OOCP
> > > > >> 1) it will be impossible to use RTMP with it (please see 1) above)
> > > > >>>> noone asks for it
> > > > >>
> > > > >> 2) it will be additional traffic (please see 2))
> > > > >>>> you use OOCP is fallback when 1935 is not available
> > > > >>
> > > > >> 3) it will be impossible to use current scheme (tomcat + apache +
> > > > >> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here,
> > but
> > > it
> > > > >> also have own limitations.
> > > > >>>> what breaks current scheme?
> > > > >>
> > > > >> I'm not sure if I be able to create transparent proxy inside
> tomcat,
> > > but
> > > > >> I'll try.
> > > > >>>> there are few proxy solutions for Tomcat already
> > > > >>
> > > > >> --
> > > > >> With best regards / с наилучшими пожеланиями,
> > > > >> Alexei Fedotov / Алексей Федотов,
> > > > >> http://dataved.ru/
> > > > >> +7 916 562 8095
> > > > >>
> > > > >>
> > > > >> On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <
> > > solomax666@gmail.com>
> > > > wrote:
> > > > >>> statements
> > > > >>> 1) it is impossible to redirect RTMP traffic
> > > > >>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > > > >>> 3) even if you think you perform
> > > > rtmpt://server:port/openmeetings/hibernate
> > > > >>> all packets are sent to  rtmpt://server:port/ (this is why it is
> > > > impossible
> > > > >>> to proxy just RTMPT context)
> > > > >>>
> > > > >>> problems while implementing OOCP
> > > > >>> 1) it will be impossible to use RTMP with it (please see 1)
> above)
> > > > >>> 2) it will be additional traffic (please see 2))
> > > > >>> 3) it will be impossible to use current scheme (tomcat + apache +
> > > > >>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here,
> > but
> > > > it
> > > > >>> also have own limitations.
> > > > >>>
> > > > >>> I'm not sure if I be able to create transparent proxy inside
> > tomcat,
> > > > but
> > > > >>> I'll try.
> > > > >>>
> > > > >>> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <
> > > > alexei.fedotov@gmail.com>wrote:
> > > > >>>
> > > > >>>> I don't think multiple ports are problem - Timur's proof of
> > concept
> > > > >>>> shows they are not.
> > > > >>>>
> > > > >>>> The main problem is the following: something is already running
> on
> > > 80
> > > > >>>> port. So exact requirement for the solution follows:
> > > > >>>>
> > > > >>>> 1. The only openmeetings communication port (OOCP) should be a
> > part
> > > of
> > > > >>>> the configuration. By default it would be port 80, and for those
> > who
> > > > >>>> have somethings installed, they can move the port somewhere.
> > > > >>>>
> > > > >>>> 2. One should switch http or https for traffic over OOCP.
> > > > >>>>
> > > > >>>> 3. For OOCP over http I suggest using 1935 for RTMP, or falling
> > back
> > > > >>>> to rtmpt over OOCP.
> > > > >>>>
> > > > >>>> --
> > > > >>>> With best regards / с наилучшими пожеланиями,
> > > > >>>> Alexei Fedotov / Алексей Федотов,
> > > > >>>> http://dataved.ru/
> > > > >>>> +7 916 562 8095
> > > > >>>>
> > > > >>>>
> > > > >>>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
> > > > >>>> <se...@gmail.com> wrote:
> > > > >>>> > Is this a question or a statement?
> > > > >>>> >
> > > > >>>> > You cannot run all services: http, https, rtmp, rtmpt, rtmps
> on
> > > the
> > > > >>>> > same port 80 and 443, you can only achieve that by cheating
> with
> > > > >>>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
> > > > >>>> >
> > > > >>>> > Our configuration currently allows people to configure http +
> > rtmp
> > > > or
> > > > >>>> > http + rtmpt on the same port.
> > > > >>>> > However to practically achieve that you need Apache Webserver
> > and
> > > > >>>> > configured with mod_proxy.
> > > > >>>> >
> > > > >>>> > Sebastian
> > > > >>>> >
> > > > >>>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
> > > > >>>> >> We have really long discussion on the subject: why does our
> > > typical
> > > > >>>> >> installation has two http servers - one is Apache jetty
> > embedded
> > > > into
> > > > >>>> red5,
> > > > >>>> >> and another is Apache Httpd which redirects traffic from port
> > 80
> > > to
> > > > >>>> >> different ports of our product.
> > > > >>>> >>
> > > > >>>> >> I faced strong resistance convincing people that decreasing
> > > number
> > > > of
> > > > >>>> >> servers and ports is good. Of course the less servers we
> have,
> > > less
> > > > >>>> >> installation work we have - why should we discuss it?
> > > > >>>> >>
> > > > >>>> >> Finally I noticed why two servers may be good for some
> people.
> > > This
> > > > >>>> applies
> > > > >>>> >> to the case when they want other http services like CMS or
> > > > E-learning to
> > > > >>>> >> run on the same machine. I was thinking mostly about our
> > > > Openmeetings
> > > > >>>> >> server farm, where are no advantages of keeping proxies,
> while
> > > each
> > > > >>>> httpd
> > > > >>>> >> costs 200 Mb per server.
> > > > >>>> >>
> > > > >>>> >> So the question is if we should keep using different ports in
> > > > >>>> openmeetings.
> > > > >>>> >> Are there any other reasons I missed?
> > > > >>>> >>
> > > > >>>> >> Concerning Maxim advice of using VPN - in my corporate life I
> > > > don't even
> > > > >>>> >> have an admin password or a right to run non-microsoft
> > > executables.
> > > > >>>> >>
> > > > >>>> >> Thanks.
> > > > >>>> >
> > > > >>>> >
> > > > >>>> >
> > > > >>>> > --
> > > > >>>> > Sebastian Wagner
> > > > >>>> > https://twitter.com/#!/dead_lock
> > > > >>>> > http://www.openmeetings.de
> > > > >>>> > http://www.webbase-design.de
> > > > >>>> > http://www.wagner-sebastian.com
> > > > >>>> > seba.wagner@gmail.com
> > > > >>>>
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>> --
> > > > >>> WBR
> > > > >>> Maxim aka solomax
> > > >
> > >
> > >
> > >
> > > --
> > > Sebastian Wagner
> > > https://twitter.com/#!/dead_lock
> > > http://www.openmeetings.de
> > > http://www.webbase-design.de
> > > http://www.wagner-sebastian.com
> > > seba.wagner@gmail.com
> > >
> >
>
>
>
> --
> Sebastian Wagner
> https://twitter.com/#!/dead_lock
> http://www.openmeetings.de
> http://www.webbase-design.de
> http://www.wagner-sebastian.com
> seba.wagner@gmail.com
>

Re: Why should not we rely on port 80 in openmeetings, should we

["seba.wagner@gmail.com" <se...@gmail.com>]

Those are mod_proxy settings to redirect rtmpt traffic:

https://groups.google.com/group/openmeetings-user/msg/3d189be4d7546be3?dmode=source&output=gplain&noredirect

Sebastian

2012/4/28 Maxim Solodovnik <so...@gmail.com>

> It is impossible to proxy rtmpt based on the context.
> Requests sent are go to /open /idle etc. Ignoring context.
> I can send you logs and links proofing this
> On Apr 28, 2012 6:51 PM, "seba.wagner@gmail.com" <se...@gmail.com>
> wrote:
>
> > We did solve to redirect rtmp traffic by using different path segments,
> > mod_proxy rule was path based.
> >
> > In the config.xml you can specify different paths for HTTP and RTMP URLs
> > (RTMPT will be handled with same path segments as RTMP)
> >
> > the config values are:
> > RTMP Path segment: <webAppRootKey>openmeetings</webAppRootKey>
> > HTTP Path segment <httpRootKey>/openmeetings/</httpRootKey>
> >
> > => RTMP URL will be: rtmp://localhost:$rtmpport/$webAppRootKey/
> > => RTMPT URL will be: rtmpt://localhost:$rtmpTunnelport/$webAppRootKey/
> > => HTTP Download/Upload URL will be:
> > $protocol://localhost:$red5httpport$httpRootKey [missing / is no typo,
> the
> > slash is in the httpRootKey so that you can make openmeetings directly
> run
> > in WEB-ROOT with the path <httpRootKey>/</httpRootKey>  ]
> >
> > Now you can modify config.xml to:
> > <webAppRootKey>openmeetings_rtmp</webAppRootKey>
> > And add a mod_proxy rule:
> > traffic to openmeetings_rtmp port 80 redirect to localhost:1935
> > OR the same for RTMPT
> >
> > The issue is just you can configure rtmp AND rtmpt to have DIFFERENT a
> path
> > segmements. Cause that would enable you to have mod_proxy settings for
> > both.
> > But I did always then just configure RTMPT to port 443. And that way I
> have
> > HTTP => Port 80
> > RTMP => Port 80
> > RTMPT => Port 443
> >
> > Of course you can also add one more mod_proxy rule:
> > Redirect: $httpRootKey to localhost:5080, that way you can run yoru
> website
> > AND OpenMeetings on port 80.
> >
> > Sebastian
> >
> > 2012/4/28 Alexei Fedotov <al...@gmail.com>
> >
> > > 3) ...
> > > any TCP/IP connection does not operate with paths
> > > from the other side there may be several client connections connected
> > > to the same server and port
> > >
> > >
> > > On Sat, Apr 28, 2012 at 3:31 PM, Alexei Fedotov
> > > <al...@gmail.com> wrote:
> > > >
> > >
> >
> http://helpx.adobe.com/flash-media-server/kb/ports-firewalls-flash-media-server.html
> > > > shows how to initiate rtmp over different port
> > > >
> > > >
> > > >
> > > > On Sat, Apr 28, 2012 at 3:29 PM, Alexei Fedotov
> > > > <al...@gmail.com> wrote:
> > > >> 1) it is impossible to redirect RTMP traffic
> > > >>>> no quick answer
> > > >>
> > > >> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > > >>>> overhead is even bigger because it uses 6 bit from every 8 of
> binary
> > > traffic
> > > >>
> > > >> 3) even if you think you perform
> > > rtmpt://server:port/openmeetings/hibernate
> > > >> all packets are sent to  rtmpt://server:port/ (this is why it is
> > > impossible
> > > >> to proxy just RTMPT context)
> > > >>>> no quick answer
> > > >>
> > > >>
> > > >>
> > > >> problems while implementing OOCP
> > > >> 1) it will be impossible to use RTMP with it (please see 1) above)
> > > >>>> noone asks for it
> > > >>
> > > >> 2) it will be additional traffic (please see 2))
> > > >>>> you use OOCP is fallback when 1935 is not available
> > > >>
> > > >> 3) it will be impossible to use current scheme (tomcat + apache +
> > > >> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here,
> but
> > it
> > > >> also have own limitations.
> > > >>>> what breaks current scheme?
> > > >>
> > > >> I'm not sure if I be able to create transparent proxy inside tomcat,
> > but
> > > >> I'll try.
> > > >>>> there are few proxy solutions for Tomcat already
> > > >>
> > > >> --
> > > >> With best regards / с наилучшими пожеланиями,
> > > >> Alexei Fedotov / Алексей Федотов,
> > > >> http://dataved.ru/
> > > >> +7 916 562 8095
> > > >>
> > > >>
> > > >> On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <
> > solomax666@gmail.com>
> > > wrote:
> > > >>> statements
> > > >>> 1) it is impossible to redirect RTMP traffic
> > > >>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > > >>> 3) even if you think you perform
> > > rtmpt://server:port/openmeetings/hibernate
> > > >>> all packets are sent to  rtmpt://server:port/ (this is why it is
> > > impossible
> > > >>> to proxy just RTMPT context)
> > > >>>
> > > >>> problems while implementing OOCP
> > > >>> 1) it will be impossible to use RTMP with it (please see 1) above)
> > > >>> 2) it will be additional traffic (please see 2))
> > > >>> 3) it will be impossible to use current scheme (tomcat + apache +
> > > >>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here,
> but
> > > it
> > > >>> also have own limitations.
> > > >>>
> > > >>> I'm not sure if I be able to create transparent proxy inside
> tomcat,
> > > but
> > > >>> I'll try.
> > > >>>
> > > >>> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <
> > > alexei.fedotov@gmail.com>wrote:
> > > >>>
> > > >>>> I don't think multiple ports are problem - Timur's proof of
> concept
> > > >>>> shows they are not.
> > > >>>>
> > > >>>> The main problem is the following: something is already running on
> > 80
> > > >>>> port. So exact requirement for the solution follows:
> > > >>>>
> > > >>>> 1. The only openmeetings communication port (OOCP) should be a
> part
> > of
> > > >>>> the configuration. By default it would be port 80, and for those
> who
> > > >>>> have somethings installed, they can move the port somewhere.
> > > >>>>
> > > >>>> 2. One should switch http or https for traffic over OOCP.
> > > >>>>
> > > >>>> 3. For OOCP over http I suggest using 1935 for RTMP, or falling
> back
> > > >>>> to rtmpt over OOCP.
> > > >>>>
> > > >>>> --
> > > >>>> With best regards / с наилучшими пожеланиями,
> > > >>>> Alexei Fedotov / Алексей Федотов,
> > > >>>> http://dataved.ru/
> > > >>>> +7 916 562 8095
> > > >>>>
> > > >>>>
> > > >>>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
> > > >>>> <se...@gmail.com> wrote:
> > > >>>> > Is this a question or a statement?
> > > >>>> >
> > > >>>> > You cannot run all services: http, https, rtmp, rtmpt, rtmps on
> > the
> > > >>>> > same port 80 and 443, you can only achieve that by cheating with
> > > >>>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
> > > >>>> >
> > > >>>> > Our configuration currently allows people to configure http +
> rtmp
> > > or
> > > >>>> > http + rtmpt on the same port.
> > > >>>> > However to practically achieve that you need Apache Webserver
> and
> > > >>>> > configured with mod_proxy.
> > > >>>> >
> > > >>>> > Sebastian
> > > >>>> >
> > > >>>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
> > > >>>> >> We have really long discussion on the subject: why does our
> > typical
> > > >>>> >> installation has two http servers - one is Apache jetty
> embedded
> > > into
> > > >>>> red5,
> > > >>>> >> and another is Apache Httpd which redirects traffic from port
> 80
> > to
> > > >>>> >> different ports of our product.
> > > >>>> >>
> > > >>>> >> I faced strong resistance convincing people that decreasing
> > number
> > > of
> > > >>>> >> servers and ports is good. Of course the less servers we have,
> > less
> > > >>>> >> installation work we have - why should we discuss it?
> > > >>>> >>
> > > >>>> >> Finally I noticed why two servers may be good for some people.
> > This
> > > >>>> applies
> > > >>>> >> to the case when they want other http services like CMS or
> > > E-learning to
> > > >>>> >> run on the same machine. I was thinking mostly about our
> > > Openmeetings
> > > >>>> >> server farm, where are no advantages of keeping proxies, while
> > each
> > > >>>> httpd
> > > >>>> >> costs 200 Mb per server.
> > > >>>> >>
> > > >>>> >> So the question is if we should keep using different ports in
> > > >>>> openmeetings.
> > > >>>> >> Are there any other reasons I missed?
> > > >>>> >>
> > > >>>> >> Concerning Maxim advice of using VPN - in my corporate life I
> > > don't even
> > > >>>> >> have an admin password or a right to run non-microsoft
> > executables.
> > > >>>> >>
> > > >>>> >> Thanks.
> > > >>>> >
> > > >>>> >
> > > >>>> >
> > > >>>> > --
> > > >>>> > Sebastian Wagner
> > > >>>> > https://twitter.com/#!/dead_lock
> > > >>>> > http://www.openmeetings.de
> > > >>>> > http://www.webbase-design.de
> > > >>>> > http://www.wagner-sebastian.com
> > > >>>> > seba.wagner@gmail.com
> > > >>>>
> > > >>>
> > > >>>
> > > >>>
> > > >>> --
> > > >>> WBR
> > > >>> Maxim aka solomax
> > >
> >
> >
> >
> > --
> > Sebastian Wagner
> > https://twitter.com/#!/dead_lock
> > http://www.openmeetings.de
> > http://www.webbase-design.de
> > http://www.wagner-sebastian.com
> > seba.wagner@gmail.com
> >
>



-- 
Sebastian Wagner
https://twitter.com/#!/dead_lock
http://www.openmeetings.de
http://www.webbase-design.de
http://www.wagner-sebastian.com
seba.wagner@gmail.com

Re: Why should not we rely on port 80 in openmeetings, should we

[Maxim Solodovnik <so...@gmail.com>]

It is impossible to proxy rtmpt based on the context.
Requests sent are go to /open /idle etc. Ignoring context.
I can send you logs and links proofing this
On Apr 28, 2012 6:51 PM, "seba.wagner@gmail.com" <se...@gmail.com>
wrote:

> We did solve to redirect rtmp traffic by using different path segments,
> mod_proxy rule was path based.
>
> In the config.xml you can specify different paths for HTTP and RTMP URLs
> (RTMPT will be handled with same path segments as RTMP)
>
> the config values are:
> RTMP Path segment: <webAppRootKey>openmeetings</webAppRootKey>
> HTTP Path segment <httpRootKey>/openmeetings/</httpRootKey>
>
> => RTMP URL will be: rtmp://localhost:$rtmpport/$webAppRootKey/
> => RTMPT URL will be: rtmpt://localhost:$rtmpTunnelport/$webAppRootKey/
> => HTTP Download/Upload URL will be:
> $protocol://localhost:$red5httpport$httpRootKey [missing / is no typo, the
> slash is in the httpRootKey so that you can make openmeetings directly run
> in WEB-ROOT with the path <httpRootKey>/</httpRootKey>  ]
>
> Now you can modify config.xml to:
> <webAppRootKey>openmeetings_rtmp</webAppRootKey>
> And add a mod_proxy rule:
> traffic to openmeetings_rtmp port 80 redirect to localhost:1935
> OR the same for RTMPT
>
> The issue is just you can configure rtmp AND rtmpt to have DIFFERENT a path
> segmements. Cause that would enable you to have mod_proxy settings for
> both.
> But I did always then just configure RTMPT to port 443. And that way I have
> HTTP => Port 80
> RTMP => Port 80
> RTMPT => Port 443
>
> Of course you can also add one more mod_proxy rule:
> Redirect: $httpRootKey to localhost:5080, that way you can run yoru website
> AND OpenMeetings on port 80.
>
> Sebastian
>
> 2012/4/28 Alexei Fedotov <al...@gmail.com>
>
> > 3) ...
> > any TCP/IP connection does not operate with paths
> > from the other side there may be several client connections connected
> > to the same server and port
> >
> >
> > On Sat, Apr 28, 2012 at 3:31 PM, Alexei Fedotov
> > <al...@gmail.com> wrote:
> > >
> >
> http://helpx.adobe.com/flash-media-server/kb/ports-firewalls-flash-media-server.html
> > > shows how to initiate rtmp over different port
> > >
> > >
> > >
> > > On Sat, Apr 28, 2012 at 3:29 PM, Alexei Fedotov
> > > <al...@gmail.com> wrote:
> > >> 1) it is impossible to redirect RTMP traffic
> > >>>> no quick answer
> > >>
> > >> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > >>>> overhead is even bigger because it uses 6 bit from every 8 of binary
> > traffic
> > >>
> > >> 3) even if you think you perform
> > rtmpt://server:port/openmeetings/hibernate
> > >> all packets are sent to  rtmpt://server:port/ (this is why it is
> > impossible
> > >> to proxy just RTMPT context)
> > >>>> no quick answer
> > >>
> > >>
> > >>
> > >> problems while implementing OOCP
> > >> 1) it will be impossible to use RTMP with it (please see 1) above)
> > >>>> noone asks for it
> > >>
> > >> 2) it will be additional traffic (please see 2))
> > >>>> you use OOCP is fallback when 1935 is not available
> > >>
> > >> 3) it will be impossible to use current scheme (tomcat + apache +
> > >> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but
> it
> > >> also have own limitations.
> > >>>> what breaks current scheme?
> > >>
> > >> I'm not sure if I be able to create transparent proxy inside tomcat,
> but
> > >> I'll try.
> > >>>> there are few proxy solutions for Tomcat already
> > >>
> > >> --
> > >> With best regards / с наилучшими пожеланиями,
> > >> Alexei Fedotov / Алексей Федотов,
> > >> http://dataved.ru/
> > >> +7 916 562 8095
> > >>
> > >>
> > >> On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <
> solomax666@gmail.com>
> > wrote:
> > >>> statements
> > >>> 1) it is impossible to redirect RTMP traffic
> > >>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> > >>> 3) even if you think you perform
> > rtmpt://server:port/openmeetings/hibernate
> > >>> all packets are sent to  rtmpt://server:port/ (this is why it is
> > impossible
> > >>> to proxy just RTMPT context)
> > >>>
> > >>> problems while implementing OOCP
> > >>> 1) it will be impossible to use RTMP with it (please see 1) above)
> > >>> 2) it will be additional traffic (please see 2))
> > >>> 3) it will be impossible to use current scheme (tomcat + apache +
> > >>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but
> > it
> > >>> also have own limitations.
> > >>>
> > >>> I'm not sure if I be able to create transparent proxy inside tomcat,
> > but
> > >>> I'll try.
> > >>>
> > >>> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <
> > alexei.fedotov@gmail.com>wrote:
> > >>>
> > >>>> I don't think multiple ports are problem - Timur's proof of concept
> > >>>> shows they are not.
> > >>>>
> > >>>> The main problem is the following: something is already running on
> 80
> > >>>> port. So exact requirement for the solution follows:
> > >>>>
> > >>>> 1. The only openmeetings communication port (OOCP) should be a part
> of
> > >>>> the configuration. By default it would be port 80, and for those who
> > >>>> have somethings installed, they can move the port somewhere.
> > >>>>
> > >>>> 2. One should switch http or https for traffic over OOCP.
> > >>>>
> > >>>> 3. For OOCP over http I suggest using 1935 for RTMP, or falling back
> > >>>> to rtmpt over OOCP.
> > >>>>
> > >>>> --
> > >>>> With best regards / с наилучшими пожеланиями,
> > >>>> Alexei Fedotov / Алексей Федотов,
> > >>>> http://dataved.ru/
> > >>>> +7 916 562 8095
> > >>>>
> > >>>>
> > >>>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
> > >>>> <se...@gmail.com> wrote:
> > >>>> > Is this a question or a statement?
> > >>>> >
> > >>>> > You cannot run all services: http, https, rtmp, rtmpt, rtmps on
> the
> > >>>> > same port 80 and 443, you can only achieve that by cheating with
> > >>>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
> > >>>> >
> > >>>> > Our configuration currently allows people to configure http + rtmp
> > or
> > >>>> > http + rtmpt on the same port.
> > >>>> > However to practically achieve that you need Apache Webserver and
> > >>>> > configured with mod_proxy.
> > >>>> >
> > >>>> > Sebastian
> > >>>> >
> > >>>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
> > >>>> >> We have really long discussion on the subject: why does our
> typical
> > >>>> >> installation has two http servers - one is Apache jetty embedded
> > into
> > >>>> red5,
> > >>>> >> and another is Apache Httpd which redirects traffic from port 80
> to
> > >>>> >> different ports of our product.
> > >>>> >>
> > >>>> >> I faced strong resistance convincing people that decreasing
> number
> > of
> > >>>> >> servers and ports is good. Of course the less servers we have,
> less
> > >>>> >> installation work we have - why should we discuss it?
> > >>>> >>
> > >>>> >> Finally I noticed why two servers may be good for some people.
> This
> > >>>> applies
> > >>>> >> to the case when they want other http services like CMS or
> > E-learning to
> > >>>> >> run on the same machine. I was thinking mostly about our
> > Openmeetings
> > >>>> >> server farm, where are no advantages of keeping proxies, while
> each
> > >>>> httpd
> > >>>> >> costs 200 Mb per server.
> > >>>> >>
> > >>>> >> So the question is if we should keep using different ports in
> > >>>> openmeetings.
> > >>>> >> Are there any other reasons I missed?
> > >>>> >>
> > >>>> >> Concerning Maxim advice of using VPN - in my corporate life I
> > don't even
> > >>>> >> have an admin password or a right to run non-microsoft
> executables.
> > >>>> >>
> > >>>> >> Thanks.
> > >>>> >
> > >>>> >
> > >>>> >
> > >>>> > --
> > >>>> > Sebastian Wagner
> > >>>> > https://twitter.com/#!/dead_lock
> > >>>> > http://www.openmeetings.de
> > >>>> > http://www.webbase-design.de
> > >>>> > http://www.wagner-sebastian.com
> > >>>> > seba.wagner@gmail.com
> > >>>>
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> WBR
> > >>> Maxim aka solomax
> >
>
>
>
> --
> Sebastian Wagner
> https://twitter.com/#!/dead_lock
> http://www.openmeetings.de
> http://www.webbase-design.de
> http://www.wagner-sebastian.com
> seba.wagner@gmail.com
>

Re: Why should not we rely on port 80 in openmeetings, should we

["seba.wagner@gmail.com" <se...@gmail.com>]

We did solve to redirect rtmp traffic by using different path segments,
mod_proxy rule was path based.

In the config.xml you can specify different paths for HTTP and RTMP URLs
(RTMPT will be handled with same path segments as RTMP)

the config values are:
RTMP Path segment: <webAppRootKey>openmeetings</webAppRootKey>
HTTP Path segment <httpRootKey>/openmeetings/</httpRootKey>

=> RTMP URL will be: rtmp://localhost:$rtmpport/$webAppRootKey/
=> RTMPT URL will be: rtmpt://localhost:$rtmpTunnelport/$webAppRootKey/
=> HTTP Download/Upload URL will be:
$protocol://localhost:$red5httpport$httpRootKey [missing / is no typo, the
slash is in the httpRootKey so that you can make openmeetings directly run
in WEB-ROOT with the path <httpRootKey>/</httpRootKey>  ]

Now you can modify config.xml to:
<webAppRootKey>openmeetings_rtmp</webAppRootKey>
And add a mod_proxy rule:
traffic to openmeetings_rtmp port 80 redirect to localhost:1935
OR the same for RTMPT

The issue is just you can configure rtmp AND rtmpt to have DIFFERENT a path
segmements. Cause that would enable you to have mod_proxy settings for
both.
But I did always then just configure RTMPT to port 443. And that way I have
HTTP => Port 80
RTMP => Port 80
RTMPT => Port 443

Of course you can also add one more mod_proxy rule:
Redirect: $httpRootKey to localhost:5080, that way you can run yoru website
AND OpenMeetings on port 80.

Sebastian

2012/4/28 Alexei Fedotov <al...@gmail.com>

> 3) ...
> any TCP/IP connection does not operate with paths
> from the other side there may be several client connections connected
> to the same server and port
>
>
> On Sat, Apr 28, 2012 at 3:31 PM, Alexei Fedotov
> <al...@gmail.com> wrote:
> >
> http://helpx.adobe.com/flash-media-server/kb/ports-firewalls-flash-media-server.html
> > shows how to initiate rtmp over different port
> >
> >
> >
> > On Sat, Apr 28, 2012 at 3:29 PM, Alexei Fedotov
> > <al...@gmail.com> wrote:
> >> 1) it is impossible to redirect RTMP traffic
> >>>> no quick answer
> >>
> >> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> >>>> overhead is even bigger because it uses 6 bit from every 8 of binary
> traffic
> >>
> >> 3) even if you think you perform
> rtmpt://server:port/openmeetings/hibernate
> >> all packets are sent to  rtmpt://server:port/ (this is why it is
> impossible
> >> to proxy just RTMPT context)
> >>>> no quick answer
> >>
> >>
> >>
> >> problems while implementing OOCP
> >> 1) it will be impossible to use RTMP with it (please see 1) above)
> >>>> noone asks for it
> >>
> >> 2) it will be additional traffic (please see 2))
> >>>> you use OOCP is fallback when 1935 is not available
> >>
> >> 3) it will be impossible to use current scheme (tomcat + apache +
> >> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but it
> >> also have own limitations.
> >>>> what breaks current scheme?
> >>
> >> I'm not sure if I be able to create transparent proxy inside tomcat, but
> >> I'll try.
> >>>> there are few proxy solutions for Tomcat already
> >>
> >> --
> >> With best regards / с наилучшими пожеланиями,
> >> Alexei Fedotov / Алексей Федотов,
> >> http://dataved.ru/
> >> +7 916 562 8095
> >>
> >>
> >> On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> >>> statements
> >>> 1) it is impossible to redirect RTMP traffic
> >>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> >>> 3) even if you think you perform
> rtmpt://server:port/openmeetings/hibernate
> >>> all packets are sent to  rtmpt://server:port/ (this is why it is
> impossible
> >>> to proxy just RTMPT context)
> >>>
> >>> problems while implementing OOCP
> >>> 1) it will be impossible to use RTMP with it (please see 1) above)
> >>> 2) it will be additional traffic (please see 2))
> >>> 3) it will be impossible to use current scheme (tomcat + apache +
> >>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but
> it
> >>> also have own limitations.
> >>>
> >>> I'm not sure if I be able to create transparent proxy inside tomcat,
> but
> >>> I'll try.
> >>>
> >>> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <
> alexei.fedotov@gmail.com>wrote:
> >>>
> >>>> I don't think multiple ports are problem - Timur's proof of concept
> >>>> shows they are not.
> >>>>
> >>>> The main problem is the following: something is already running on 80
> >>>> port. So exact requirement for the solution follows:
> >>>>
> >>>> 1. The only openmeetings communication port (OOCP) should be a part of
> >>>> the configuration. By default it would be port 80, and for those who
> >>>> have somethings installed, they can move the port somewhere.
> >>>>
> >>>> 2. One should switch http or https for traffic over OOCP.
> >>>>
> >>>> 3. For OOCP over http I suggest using 1935 for RTMP, or falling back
> >>>> to rtmpt over OOCP.
> >>>>
> >>>> --
> >>>> With best regards / с наилучшими пожеланиями,
> >>>> Alexei Fedotov / Алексей Федотов,
> >>>> http://dataved.ru/
> >>>> +7 916 562 8095
> >>>>
> >>>>
> >>>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
> >>>> <se...@gmail.com> wrote:
> >>>> > Is this a question or a statement?
> >>>> >
> >>>> > You cannot run all services: http, https, rtmp, rtmpt, rtmps on the
> >>>> > same port 80 and 443, you can only achieve that by cheating with
> >>>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
> >>>> >
> >>>> > Our configuration currently allows people to configure http + rtmp
> or
> >>>> > http + rtmpt on the same port.
> >>>> > However to practically achieve that you need Apache Webserver and
> >>>> > configured with mod_proxy.
> >>>> >
> >>>> > Sebastian
> >>>> >
> >>>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
> >>>> >> We have really long discussion on the subject: why does our typical
> >>>> >> installation has two http servers - one is Apache jetty embedded
> into
> >>>> red5,
> >>>> >> and another is Apache Httpd which redirects traffic from port 80 to
> >>>> >> different ports of our product.
> >>>> >>
> >>>> >> I faced strong resistance convincing people that decreasing number
> of
> >>>> >> servers and ports is good. Of course the less servers we have, less
> >>>> >> installation work we have - why should we discuss it?
> >>>> >>
> >>>> >> Finally I noticed why two servers may be good for some people. This
> >>>> applies
> >>>> >> to the case when they want other http services like CMS or
> E-learning to
> >>>> >> run on the same machine. I was thinking mostly about our
> Openmeetings
> >>>> >> server farm, where are no advantages of keeping proxies, while each
> >>>> httpd
> >>>> >> costs 200 Mb per server.
> >>>> >>
> >>>> >> So the question is if we should keep using different ports in
> >>>> openmeetings.
> >>>> >> Are there any other reasons I missed?
> >>>> >>
> >>>> >> Concerning Maxim advice of using VPN - in my corporate life I
> don't even
> >>>> >> have an admin password or a right to run non-microsoft executables.
> >>>> >>
> >>>> >> Thanks.
> >>>> >
> >>>> >
> >>>> >
> >>>> > --
> >>>> > Sebastian Wagner
> >>>> > https://twitter.com/#!/dead_lock
> >>>> > http://www.openmeetings.de
> >>>> > http://www.webbase-design.de
> >>>> > http://www.wagner-sebastian.com
> >>>> > seba.wagner@gmail.com
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> WBR
> >>> Maxim aka solomax
>



-- 
Sebastian Wagner
https://twitter.com/#!/dead_lock
http://www.openmeetings.de
http://www.webbase-design.de
http://www.wagner-sebastian.com
seba.wagner@gmail.com

Re: Why should not we rely on port 80 in openmeetings, should we

[Alexei Fedotov <al...@gmail.com>]

3) ...
any TCP/IP connection does not operate with paths
from the other side there may be several client connections connected
to the same server and port


On Sat, Apr 28, 2012 at 3:31 PM, Alexei Fedotov
<al...@gmail.com> wrote:
> http://helpx.adobe.com/flash-media-server/kb/ports-firewalls-flash-media-server.html
> shows how to initiate rtmp over different port
>
>
>
> On Sat, Apr 28, 2012 at 3:29 PM, Alexei Fedotov
> <al...@gmail.com> wrote:
>> 1) it is impossible to redirect RTMP traffic
>>>> no quick answer
>>
>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
>>>> overhead is even bigger because it uses 6 bit from every 8 of binary traffic
>>
>> 3) even if you think you perform rtmpt://server:port/openmeetings/hibernate
>> all packets are sent to  rtmpt://server:port/ (this is why it is impossible
>> to proxy just RTMPT context)
>>>> no quick answer
>>
>>
>>
>> problems while implementing OOCP
>> 1) it will be impossible to use RTMP with it (please see 1) above)
>>>> noone asks for it
>>
>> 2) it will be additional traffic (please see 2))
>>>> you use OOCP is fallback when 1935 is not available
>>
>> 3) it will be impossible to use current scheme (tomcat + apache +
>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but it
>> also have own limitations.
>>>> what breaks current scheme?
>>
>> I'm not sure if I be able to create transparent proxy inside tomcat, but
>> I'll try.
>>>> there are few proxy solutions for Tomcat already
>>
>> --
>> With best regards / с наилучшими пожеланиями,
>> Alexei Fedotov / Алексей Федотов,
>> http://dataved.ru/
>> +7 916 562 8095
>>
>>
>> On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <so...@gmail.com> wrote:
>>> statements
>>> 1) it is impossible to redirect RTMP traffic
>>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
>>> 3) even if you think you perform rtmpt://server:port/openmeetings/hibernate
>>> all packets are sent to  rtmpt://server:port/ (this is why it is impossible
>>> to proxy just RTMPT context)
>>>
>>> problems while implementing OOCP
>>> 1) it will be impossible to use RTMP with it (please see 1) above)
>>> 2) it will be additional traffic (please see 2))
>>> 3) it will be impossible to use current scheme (tomcat + apache +
>>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but it
>>> also have own limitations.
>>>
>>> I'm not sure if I be able to create transparent proxy inside tomcat, but
>>> I'll try.
>>>
>>> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <al...@gmail.com>wrote:
>>>
>>>> I don't think multiple ports are problem - Timur's proof of concept
>>>> shows they are not.
>>>>
>>>> The main problem is the following: something is already running on 80
>>>> port. So exact requirement for the solution follows:
>>>>
>>>> 1. The only openmeetings communication port (OOCP) should be a part of
>>>> the configuration. By default it would be port 80, and for those who
>>>> have somethings installed, they can move the port somewhere.
>>>>
>>>> 2. One should switch http or https for traffic over OOCP.
>>>>
>>>> 3. For OOCP over http I suggest using 1935 for RTMP, or falling back
>>>> to rtmpt over OOCP.
>>>>
>>>> --
>>>> With best regards / с наилучшими пожеланиями,
>>>> Alexei Fedotov / Алексей Федотов,
>>>> http://dataved.ru/
>>>> +7 916 562 8095
>>>>
>>>>
>>>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
>>>> <se...@gmail.com> wrote:
>>>> > Is this a question or a statement?
>>>> >
>>>> > You cannot run all services: http, https, rtmp, rtmpt, rtmps on the
>>>> > same port 80 and 443, you can only achieve that by cheating with
>>>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
>>>> >
>>>> > Our configuration currently allows people to configure http + rtmp or
>>>> > http + rtmpt on the same port.
>>>> > However to practically achieve that you need Apache Webserver and
>>>> > configured with mod_proxy.
>>>> >
>>>> > Sebastian
>>>> >
>>>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
>>>> >> We have really long discussion on the subject: why does our typical
>>>> >> installation has two http servers - one is Apache jetty embedded into
>>>> red5,
>>>> >> and another is Apache Httpd which redirects traffic from port 80 to
>>>> >> different ports of our product.
>>>> >>
>>>> >> I faced strong resistance convincing people that decreasing number of
>>>> >> servers and ports is good. Of course the less servers we have, less
>>>> >> installation work we have - why should we discuss it?
>>>> >>
>>>> >> Finally I noticed why two servers may be good for some people. This
>>>> applies
>>>> >> to the case when they want other http services like CMS or E-learning to
>>>> >> run on the same machine. I was thinking mostly about our Openmeetings
>>>> >> server farm, where are no advantages of keeping proxies, while each
>>>> httpd
>>>> >> costs 200 Mb per server.
>>>> >>
>>>> >> So the question is if we should keep using different ports in
>>>> openmeetings.
>>>> >> Are there any other reasons I missed?
>>>> >>
>>>> >> Concerning Maxim advice of using VPN - in my corporate life I don't even
>>>> >> have an admin password or a right to run non-microsoft executables.
>>>> >>
>>>> >> Thanks.
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Sebastian Wagner
>>>> > https://twitter.com/#!/dead_lock
>>>> > http://www.openmeetings.de
>>>> > http://www.webbase-design.de
>>>> > http://www.wagner-sebastian.com
>>>> > seba.wagner@gmail.com
>>>>
>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax

Re: Why should not we rely on port 80 in openmeetings, should we

[Alexei Fedotov <al...@gmail.com>]

http://helpx.adobe.com/flash-media-server/kb/ports-firewalls-flash-media-server.html
shows how to initiate rtmp over different port



On Sat, Apr 28, 2012 at 3:29 PM, Alexei Fedotov
<al...@gmail.com> wrote:
> 1) it is impossible to redirect RTMP traffic
>>> no quick answer
>
> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
>>> overhead is even bigger because it uses 6 bit from every 8 of binary traffic
>
> 3) even if you think you perform rtmpt://server:port/openmeetings/hibernate
> all packets are sent to  rtmpt://server:port/ (this is why it is impossible
> to proxy just RTMPT context)
>>> no quick answer
>
>
>
> problems while implementing OOCP
> 1) it will be impossible to use RTMP with it (please see 1) above)
>>> noone asks for it
>
> 2) it will be additional traffic (please see 2))
>>> you use OOCP is fallback when 1935 is not available
>
> 3) it will be impossible to use current scheme (tomcat + apache +
> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but it
> also have own limitations.
>>> what breaks current scheme?
>
> I'm not sure if I be able to create transparent proxy inside tomcat, but
> I'll try.
>>> there are few proxy solutions for Tomcat already
>
> --
> With best regards / с наилучшими пожеланиями,
> Alexei Fedotov / Алексей Федотов,
> http://dataved.ru/
> +7 916 562 8095
>
>
> On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <so...@gmail.com> wrote:
>> statements
>> 1) it is impossible to redirect RTMP traffic
>> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
>> 3) even if you think you perform rtmpt://server:port/openmeetings/hibernate
>> all packets are sent to  rtmpt://server:port/ (this is why it is impossible
>> to proxy just RTMPT context)
>>
>> problems while implementing OOCP
>> 1) it will be impossible to use RTMP with it (please see 1) above)
>> 2) it will be additional traffic (please see 2))
>> 3) it will be impossible to use current scheme (tomcat + apache +
>> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but it
>> also have own limitations.
>>
>> I'm not sure if I be able to create transparent proxy inside tomcat, but
>> I'll try.
>>
>> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <al...@gmail.com>wrote:
>>
>>> I don't think multiple ports are problem - Timur's proof of concept
>>> shows they are not.
>>>
>>> The main problem is the following: something is already running on 80
>>> port. So exact requirement for the solution follows:
>>>
>>> 1. The only openmeetings communication port (OOCP) should be a part of
>>> the configuration. By default it would be port 80, and for those who
>>> have somethings installed, they can move the port somewhere.
>>>
>>> 2. One should switch http or https for traffic over OOCP.
>>>
>>> 3. For OOCP over http I suggest using 1935 for RTMP, or falling back
>>> to rtmpt over OOCP.
>>>
>>> --
>>> With best regards / с наилучшими пожеланиями,
>>> Alexei Fedotov / Алексей Федотов,
>>> http://dataved.ru/
>>> +7 916 562 8095
>>>
>>>
>>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
>>> <se...@gmail.com> wrote:
>>> > Is this a question or a statement?
>>> >
>>> > You cannot run all services: http, https, rtmp, rtmpt, rtmps on the
>>> > same port 80 and 443, you can only achieve that by cheating with
>>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
>>> >
>>> > Our configuration currently allows people to configure http + rtmp or
>>> > http + rtmpt on the same port.
>>> > However to practically achieve that you need Apache Webserver and
>>> > configured with mod_proxy.
>>> >
>>> > Sebastian
>>> >
>>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
>>> >> We have really long discussion on the subject: why does our typical
>>> >> installation has two http servers - one is Apache jetty embedded into
>>> red5,
>>> >> and another is Apache Httpd which redirects traffic from port 80 to
>>> >> different ports of our product.
>>> >>
>>> >> I faced strong resistance convincing people that decreasing number of
>>> >> servers and ports is good. Of course the less servers we have, less
>>> >> installation work we have - why should we discuss it?
>>> >>
>>> >> Finally I noticed why two servers may be good for some people. This
>>> applies
>>> >> to the case when they want other http services like CMS or E-learning to
>>> >> run on the same machine. I was thinking mostly about our Openmeetings
>>> >> server farm, where are no advantages of keeping proxies, while each
>>> httpd
>>> >> costs 200 Mb per server.
>>> >>
>>> >> So the question is if we should keep using different ports in
>>> openmeetings.
>>> >> Are there any other reasons I missed?
>>> >>
>>> >> Concerning Maxim advice of using VPN - in my corporate life I don't even
>>> >> have an admin password or a right to run non-microsoft executables.
>>> >>
>>> >> Thanks.
>>> >
>>> >
>>> >
>>> > --
>>> > Sebastian Wagner
>>> > https://twitter.com/#!/dead_lock
>>> > http://www.openmeetings.de
>>> > http://www.webbase-design.de
>>> > http://www.wagner-sebastian.com
>>> > seba.wagner@gmail.com
>>>
>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax

Re: Why should not we rely on port 80 in openmeetings, should we

[Alexei Fedotov <al...@gmail.com>]

1) it is impossible to redirect RTMP traffic
>> no quick answer

2) RTMPT contain all HTTP headers/cookies etc. == overhead
>> overhead is even bigger because it uses 6 bit from every 8 of binary traffic

3) even if you think you perform rtmpt://server:port/openmeetings/hibernate
all packets are sent to  rtmpt://server:port/ (this is why it is impossible
to proxy just RTMPT context)
>> no quick answer



problems while implementing OOCP
1) it will be impossible to use RTMP with it (please see 1) above)
>> noone asks for it

2) it will be additional traffic (please see 2))
>> you use OOCP is fallback when 1935 is not available

3) it will be impossible to use current scheme (tomcat + apache +
mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but it
also have own limitations.
>> what breaks current scheme?

I'm not sure if I be able to create transparent proxy inside tomcat, but
I'll try.
>> there are few proxy solutions for Tomcat already

--
With best regards / с наилучшими пожеланиями,
Alexei Fedotov / Алексей Федотов,
http://dataved.ru/
+7 916 562 8095


On Sat, Apr 28, 2012 at 2:40 PM, Maxim Solodovnik <so...@gmail.com> wrote:
> statements
> 1) it is impossible to redirect RTMP traffic
> 2) RTMPT contain all HTTP headers/cookies etc. == overhead
> 3) even if you think you perform rtmpt://server:port/openmeetings/hibernate
> all packets are sent to  rtmpt://server:port/ (this is why it is impossible
> to proxy just RTMPT context)
>
> problems while implementing OOCP
> 1) it will be impossible to use RTMP with it (please see 1) above)
> 2) it will be additional traffic (please see 2))
> 3) it will be impossible to use current scheme (tomcat + apache +
> mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but it
> also have own limitations.
>
> I'm not sure if I be able to create transparent proxy inside tomcat, but
> I'll try.
>
> On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <al...@gmail.com>wrote:
>
>> I don't think multiple ports are problem - Timur's proof of concept
>> shows they are not.
>>
>> The main problem is the following: something is already running on 80
>> port. So exact requirement for the solution follows:
>>
>> 1. The only openmeetings communication port (OOCP) should be a part of
>> the configuration. By default it would be port 80, and for those who
>> have somethings installed, they can move the port somewhere.
>>
>> 2. One should switch http or https for traffic over OOCP.
>>
>> 3. For OOCP over http I suggest using 1935 for RTMP, or falling back
>> to rtmpt over OOCP.
>>
>> --
>> With best regards / с наилучшими пожеланиями,
>> Alexei Fedotov / Алексей Федотов,
>> http://dataved.ru/
>> +7 916 562 8095
>>
>>
>> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
>> <se...@gmail.com> wrote:
>> > Is this a question or a statement?
>> >
>> > You cannot run all services: http, https, rtmp, rtmpt, rtmps on the
>> > same port 80 and 443, you can only achieve that by cheating with
>> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
>> >
>> > Our configuration currently allows people to configure http + rtmp or
>> > http + rtmpt on the same port.
>> > However to practically achieve that you need Apache Webserver and
>> > configured with mod_proxy.
>> >
>> > Sebastian
>> >
>> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
>> >> We have really long discussion on the subject: why does our typical
>> >> installation has two http servers - one is Apache jetty embedded into
>> red5,
>> >> and another is Apache Httpd which redirects traffic from port 80 to
>> >> different ports of our product.
>> >>
>> >> I faced strong resistance convincing people that decreasing number of
>> >> servers and ports is good. Of course the less servers we have, less
>> >> installation work we have - why should we discuss it?
>> >>
>> >> Finally I noticed why two servers may be good for some people. This
>> applies
>> >> to the case when they want other http services like CMS or E-learning to
>> >> run on the same machine. I was thinking mostly about our Openmeetings
>> >> server farm, where are no advantages of keeping proxies, while each
>> httpd
>> >> costs 200 Mb per server.
>> >>
>> >> So the question is if we should keep using different ports in
>> openmeetings.
>> >> Are there any other reasons I missed?
>> >>
>> >> Concerning Maxim advice of using VPN - in my corporate life I don't even
>> >> have an admin password or a right to run non-microsoft executables.
>> >>
>> >> Thanks.
>> >
>> >
>> >
>> > --
>> > Sebastian Wagner
>> > https://twitter.com/#!/dead_lock
>> > http://www.openmeetings.de
>> > http://www.webbase-design.de
>> > http://www.wagner-sebastian.com
>> > seba.wagner@gmail.com
>>
>
>
>
> --
> WBR
> Maxim aka solomax

Re: Why should not we rely on port 80 in openmeetings, should we

[Maxim Solodovnik <so...@gmail.com>]

statements
1) it is impossible to redirect RTMP traffic
2) RTMPT contain all HTTP headers/cookies etc. == overhead
3) even if you think you perform rtmpt://server:port/openmeetings/hibernate
all packets are sent to  rtmpt://server:port/ (this is why it is impossible
to proxy just RTMPT context)

problems while implementing OOCP
1) it will be impossible to use RTMP with it (please see 1) above)
2) it will be additional traffic (please see 2))
3) it will be impossible to use current scheme (tomcat + apache +
mod_proxy) (please see 3)) NOTE mod_rewrite is able to help here, but it
also have own limitations.

I'm not sure if I be able to create transparent proxy inside tomcat, but
I'll try.

On Sat, Apr 28, 2012 at 17:14, Alexei Fedotov <al...@gmail.com>wrote:

> I don't think multiple ports are problem - Timur's proof of concept
> shows they are not.
>
> The main problem is the following: something is already running on 80
> port. So exact requirement for the solution follows:
>
> 1. The only openmeetings communication port (OOCP) should be a part of
> the configuration. By default it would be port 80, and for those who
> have somethings installed, they can move the port somewhere.
>
> 2. One should switch http or https for traffic over OOCP.
>
> 3. For OOCP over http I suggest using 1935 for RTMP, or falling back
> to rtmpt over OOCP.
>
> --
> With best regards / с наилучшими пожеланиями,
> Alexei Fedotov / Алексей Федотов,
> http://dataved.ru/
> +7 916 562 8095
>
>
> On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
> <se...@gmail.com> wrote:
> > Is this a question or a statement?
> >
> > You cannot run all services: http, https, rtmp, rtmpt, rtmps on the
> > same port 80 and 443, you can only achieve that by cheating with
> > subdomains + redirect/mod_proxy rules in Apache HTTPD.
> >
> > Our configuration currently allows people to configure http + rtmp or
> > http + rtmpt on the same port.
> > However to practically achieve that you need Apache Webserver and
> > configured with mod_proxy.
> >
> > Sebastian
> >
> > 2012/4/28 Alexei Fedotov <al...@gmail.com>:
> >> We have really long discussion on the subject: why does our typical
> >> installation has two http servers - one is Apache jetty embedded into
> red5,
> >> and another is Apache Httpd which redirects traffic from port 80 to
> >> different ports of our product.
> >>
> >> I faced strong resistance convincing people that decreasing number of
> >> servers and ports is good. Of course the less servers we have, less
> >> installation work we have - why should we discuss it?
> >>
> >> Finally I noticed why two servers may be good for some people. This
> applies
> >> to the case when they want other http services like CMS or E-learning to
> >> run on the same machine. I was thinking mostly about our Openmeetings
> >> server farm, where are no advantages of keeping proxies, while each
> httpd
> >> costs 200 Mb per server.
> >>
> >> So the question is if we should keep using different ports in
> openmeetings.
> >> Are there any other reasons I missed?
> >>
> >> Concerning Maxim advice of using VPN - in my corporate life I don't even
> >> have an admin password or a right to run non-microsoft executables.
> >>
> >> Thanks.
> >
> >
> >
> > --
> > Sebastian Wagner
> > https://twitter.com/#!/dead_lock
> > http://www.openmeetings.de
> > http://www.webbase-design.de
> > http://www.wagner-sebastian.com
> > seba.wagner@gmail.com
>



-- 
WBR
Maxim aka solomax

Re: Why should not we rely on port 80 in openmeetings, should we

[Alexei Fedotov <al...@gmail.com>]

I don't think multiple ports are problem - Timur's proof of concept
shows they are not.

The main problem is the following: something is already running on 80
port. So exact requirement for the solution follows:

1. The only openmeetings communication port (OOCP) should be a part of
the configuration. By default it would be port 80, and for those who
have somethings installed, they can move the port somewhere.

2. One should switch http or https for traffic over OOCP.

3. For OOCP over http I suggest using 1935 for RTMP, or falling back
to rtmpt over OOCP.

--
With best regards / с наилучшими пожеланиями,
Alexei Fedotov / Алексей Федотов,
http://dataved.ru/
+7 916 562 8095


On Sat, Apr 28, 2012 at 12:50 PM, seba.wagner@gmail.com
<se...@gmail.com> wrote:
> Is this a question or a statement?
>
> You cannot run all services: http, https, rtmp, rtmpt, rtmps on the
> same port 80 and 443, you can only achieve that by cheating with
> subdomains + redirect/mod_proxy rules in Apache HTTPD.
>
> Our configuration currently allows people to configure http + rtmp or
> http + rtmpt on the same port.
> However to practically achieve that you need Apache Webserver and
> configured with mod_proxy.
>
> Sebastian
>
> 2012/4/28 Alexei Fedotov <al...@gmail.com>:
>> We have really long discussion on the subject: why does our typical
>> installation has two http servers - one is Apache jetty embedded into red5,
>> and another is Apache Httpd which redirects traffic from port 80 to
>> different ports of our product.
>>
>> I faced strong resistance convincing people that decreasing number of
>> servers and ports is good. Of course the less servers we have, less
>> installation work we have - why should we discuss it?
>>
>> Finally I noticed why two servers may be good for some people. This applies
>> to the case when they want other http services like CMS or E-learning to
>> run on the same machine. I was thinking mostly about our Openmeetings
>> server farm, where are no advantages of keeping proxies, while each httpd
>> costs 200 Mb per server.
>>
>> So the question is if we should keep using different ports in openmeetings.
>> Are there any other reasons I missed?
>>
>> Concerning Maxim advice of using VPN - in my corporate life I don't even
>> have an admin password or a right to run non-microsoft executables.
>>
>> Thanks.
>
>
>
> --
> Sebastian Wagner
> https://twitter.com/#!/dead_lock
> http://www.openmeetings.de
> http://www.webbase-design.de
> http://www.wagner-sebastian.com
> seba.wagner@gmail.com

Re: Why should not we rely on port 80 in openmeetings, should we

["seba.wagner@gmail.com" <se...@gmail.com>]

Is this a question or a statement?

You cannot run all services: http, https, rtmp, rtmpt, rtmps on the
same port 80 and 443, you can only achieve that by cheating with
subdomains + redirect/mod_proxy rules in Apache HTTPD.

Our configuration currently allows people to configure http + rtmp or
http + rtmpt on the same port.
However to practically achieve that you need Apache Webserver and
configured with mod_proxy.

Sebastian

2012/4/28 Alexei Fedotov <al...@gmail.com>:
> We have really long discussion on the subject: why does our typical
> installation has two http servers - one is Apache jetty embedded into red5,
> and another is Apache Httpd which redirects traffic from port 80 to
> different ports of our product.
>
> I faced strong resistance convincing people that decreasing number of
> servers and ports is good. Of course the less servers we have, less
> installation work we have - why should we discuss it?
>
> Finally I noticed why two servers may be good for some people. This applies
> to the case when they want other http services like CMS or E-learning to
> run on the same machine. I was thinking mostly about our Openmeetings
> server farm, where are no advantages of keeping proxies, while each httpd
> costs 200 Mb per server.
>
> So the question is if we should keep using different ports in openmeetings.
> Are there any other reasons I missed?
>
> Concerning Maxim advice of using VPN - in my corporate life I don't even
> have an admin password or a right to run non-microsoft executables.
>
> Thanks.



-- 
Sebastian Wagner
https://twitter.com/#!/dead_lock
http://www.openmeetings.de
http://www.webbase-design.de
http://www.wagner-sebastian.com
seba.wagner@gmail.com

Re: Why should not we rely on port 80 in openmeetings, should we

[Maxim Solodovnik <so...@gmail.com>]

Apache2 costs 5MB of RAM per process
The number of processes is configurable via apache2 config (by default: 2
processes while idle, 10 processes while working)

The reason why do we need more than 1 server is: currently we are working
with 3-5 ports:
1) rtmp 1935
2) rtmpt 8088 ("fallback")
3) web server 5080
4, 5) https

I will try to create proxy (inside tomcat) listening on some port and
redirecting packets to the corresponding services, unless this
functionality is not required.

On Sat, Apr 28, 2012 at 14:52, Alexei Fedotov <al...@gmail.com>wrote:

> We have really long discussion on the subject: why does our typical
> installation has two http servers - one is Apache jetty embedded into red5,
> and another is Apache Httpd which redirects traffic from port 80 to
> different ports of our product.
>
> I faced strong resistance convincing people that decreasing number of
> servers and ports is good. Of course the less servers we have, less
> installation work we have - why should we discuss it?
>
> Finally I noticed why two servers may be good for some people. This applies
> to the case when they want other http services like CMS or E-learning to
> run on the same machine. I was thinking mostly about our Openmeetings
> server farm, where are no advantages of keeping proxies, while each httpd
> costs 200 Mb per server.
>
> So the question is if we should keep using different ports in openmeetings.
> Are there any other reasons I missed?
>
> Concerning Maxim advice of using VPN - in my corporate life I don't even
> have an admin password or a right to run non-microsoft executables.
>
> Thanks.
>



-- 
WBR
Maxim aka solomax