Hi , first, thanks for yours answer,
I recall you that i seek to bypass a firewall.
i have configured my wildcard certificate, the certificate works. but it
cannot load the page. try1, try2, try3. error missing 204, 556, 642.
locally or from outside.
here are a sample of my configuration now
*/usr/lib/red5/webapps/openmeetings/config.xml*
<rtmphostlocal>rtmpt.mydomain.com</rtmphostlocal>
<httphostlocal>openmeetings.mydomain.com</httphostlocal>
<rtmpport>1935</rtmpport>
<rtmpTunnelport>8088</rtmpTunnelport>
<rtmpsslport>80</rtmpsslport>
<useSSL>yes</useSSL>
<red5httpport>443</red5httpport>
<protocol>https</protocol>
<proxyType>best</proxyType>
<webAppRootKey>openmeetings</webAppRootKey>
<httpRootKey>/openmeetings/</httpRootKey>
*/usr/lib/red5/conf/red5.properties *
# HTTP
http.host=0.0.0.0
#http.port=5080
http.port=443
https.port=443
# RTMP
rtmp.host=0.0.0.0
rtmp.port=8088
# RTMPS
rtmps.host=0.0.0.0
rtmps.port=80
rtmps.ping_interval=5000
rtmps.max_inactivity=60000
rtmps.max_keep_alive_requests=-1
rtmps.max_threads=20
rtmps.acceptor_thread_count=2
rtmps.processor_cache=20
# RTMPS Keystore Password
rtmps.keystorepass=importkey
# RTMPT
rtmpt.host=0.0.0.0
rtmpt.port=8088
*/usr/lib/red5/webapps/openmeetings/WEB-INF/conf/axis2.xml*
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">443</parameter>
</transportReceiver>
*/usr/lib/red5/conf/red5-core.xml*
<!-- RTMPS -->
<bean id="rtmpsMinaIoHandler"
class="org.red5.server.net.rtmps.RTMPSMinaIoHandler">
<property name="handler" ref="rtmpHandler" />
<property name="codecFactory" ref="rtmpCodecFactory" />
<property name="rtmpConnManager" ref="rtmpConnManager" />
<property name="keyStorePassword" value="${rtmps.keystorepass}" />
<property name="keystoreFile" value="conf/keystore" />
</bean>
<bean id="rtmpsTransport"
class="org.red5.server.net.rtmp.RTMPMinaTransport" init-method="start"
destroy-method="stop">
<property name="ioHandler" ref="rtmpsMinaIoHandler" />
<property name="connectors">
<list>
<bean class="java.net.InetSocketAddress">
<constructor-arg index="0" type="java.lang.String"
value="${rtmps.host}" />
<constructor-arg index="1" type="int"
value="${rtmps.port}" />
</bean>
</list>
</property>
<property name="ioThreads" value="${rtmp.io_threads}" />
<property name="tcpNoDelay" value="${rtmp.tcp_nodelay}" />
</bean>
*On my reverse proxy apache /etc/apache2/sites-available/ssl*
*
*
<virtualhost *:443>
ServerAdmin [email protected]
ServerName openmeetings.mydomain.com
ProxyRequests On
ProxyPreserveHost On
# RewriteEngine On
RequestHeader set Front-End-Https "On"
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass / https://192.168.1.241/openmeetings/
ProxyPassReverse / https://192.168.1.241/openmeetings/
SSLEngine on
SSLProxyEngine On
SSLProtocol all -SSLv2
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
SSLCertificateFile /etc/ssl/mydomain.com.cert
SSLCertificateKeyFile /etc/ssl/private/mydomain.com.key
SSLCACertificateFile /etc/ssl/mydomain.com.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.meetings.mydomain.com.log
CustomLog ${APACHE_LOG_DIR}/access.meetings.mydomain.com.log combined
</VirtualHost>
<virtualhost *:443>
ServerAdmin [email protected]
ServerName rtmpt.mydomain.com
ProxyRequests On
ProxyPreserveHost On
# RewriteEngine On
RequestHeader set Front-End-Https "On"
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass / https://192.168.1.241:80/
ProxyPassReverse / https://192.168.1.241:80/
SSLEngine on
SSLProxyEngine On
SSLProtocol all -SSLv2
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
SSLCertificateFile /etc/ssl/mydomain.com.cert
SSLCertificateKeyFile /etc/ssl/private/mydomain.com.key
SSLCACertificateFile /etc/ssl/mydomain.com.pem
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.rtmpt.mydomain.com.log
CustomLog ${APACHE_LOG_DIR}/access.rtmpt.mydomain.com.log combined
</VirtualHost>
*
*
*
*
*
*
Thanks for your help.
Tell me if you need more information.
2013/5/22 Marcus Wellnitz <[email protected]>
> Hello Daniel,
>
> in former times I Tried exactly this setup. I thik it is possible but I
> ran out of time so I didn't finish the tests but I will share my
> experiences and configuration to you to prevent you starting from 0.
>
> My Intention was to encrypt all traffic via https or rtmps and to decrypt
> via apache reverse Proxy.
>
> System Ubuntu 12.04 LTS
> OM-Version 2.0 (AFAIK)
>
> It's some time ago but as i remember i played with some files to change
> the context roots of rtmp and http server:
>
> INSTALL_DIR=/usr/lib/red5/
> ${INSTALL_DIR}/webapps/openmeetings/config.xml
> ${INSTALL_DIR}/conf/red5.properties
> ${INSTALL_DIR}/webapps/root/WEB-INF/red5-web.properties
>
>
> snippets from /etc/apache2/sites-available/hostname-443.conf
> #RequestHeader set X-Forwarded-Host Bla.bla.org
> #ProxyPreserveHost On
> RequestHeader set X_FORWARDED_PROTO 'https'
> <Proxy balancer://om-http>
> BalancerMember http://localhost:5080 \
> smax=2 max=20 ttl=600 keepalive=on retry=1
> </Proxy>
> <Location /om-red5 >
> ProxyPass balancer://om-rtmpt/om-red5
> Order allow,deny
> Allow from all
> </Location>
> <Location /openmeetings >
> ProxyPass balancer://om-http/openmeetings
> Order allow,deny
> Allow from all
> </Location>
> <Proxy balancer://om-rtmpt>
> #BalancerMember http://::1:8088 \
> #BalancerMember http://localhost:8088 \
> #BalancerMember http://localhost:1935/om-red5/
> BalancerMember http://localhost:8088 \
> smax=2 max=20 ttl=600 keepalive=on retry=1
> </Proxy>
> <Location /open/ >
> ProxyPass balancer://om-rtmpt/open/
> Order allow,deny
> Allow from all
> </Location>
> <Location /send/ >
> ProxyPass balancer://om-rtmpt/send/
> Order allow,deny
> Allow from all
> </Location>
> <Location /idle/ >
> ProxyPass balancer://om-rtmpt/idle/
> Order allow,deny
> Allow from all
> </Location>
> <Location /close/ >
> ProxyPass balancer://om-rtmpt/close/
> Order allow,deny
> Allow from all
> </Location>
> <Location /fcs/ >
> ProxyPass balancer://om-rtmpt/fcs/
> Order allow,deny
> Allow from all
> </Location>
>
> Hopefully you are able to solve this issue and it would be fine to get
> some feedback to this list.
>
> Greetings from Germany
>
> Marcus
>
> Am 21.05.2013 14:35, schrieb Daniel Sebastiao:
>
> Hello,
>
> to explain my architecture, I have a machine which has the role of
> reverse proxy, for bypass the company's firewalls. ****
>
> ** **
>
> but i havent make the last part with https/rtmps****
>
> ** **However, outside, that does not function with the port 443... ****
>
> https://openmeetings.mydomain.com ----> reverse proxy ----->
> http://openmeetings.mydomain.local:5080/openmeetings/****
>
> ** **
>
> This was exactly my intention
>
> --
> Marcus Wellnitz
> Datenwerk GmbH
> Vogelsbergstr. 34
> 60316 Frankfurt am Main
>
> Telefon +49 (0) 69/9434086-0
> Fax +49 (0) 69/9434086-9
> E-Mail [email protected]
> Web www.datenwerk-it.de
>
> Sitz: Frankfurt am Main, Amtsgericht Frankfurt am Main HRB 55221
> Geschäftsführer: Michael Beck
>
>
--
SEBASTIAO Daniel
Ingénieur Systèmes Sécurité et Réseaux / Intégrateur / Développeur
*Mail :* [email protected]
*Tel :* 06 29 86 23 00
