I had added a space and it turned it all yellow in bash. Sent from my android device.
-----Original Message----- From: Aaron Hepp <[email protected]> To: [email protected], Alan Johnson <[email protected]>, Maxim Solodovnik <[email protected]> Sent: Fri, 30 Mar 2018 12:12 Subject: Re: Let's Encrypt and OM and Ubuntu Looks like you did not comment out the <!-- Tomcat without SSL enabled -- > section. That has to be commented out to force SSL. remove the --> from that line and add it right above this line <!-- Tomcat with SSL enabled --> That will comment out the entire "non-SSL" portion. On 3/30/2018 12:02 PM, Alan Johnson wrote: > I have done both of those steps. > > I created the keystore via the email chain you sent the link to. That > seemed to work with no errors. > > I had previously enabled/disabled tomcat. > > I tried an experiment and changed the comment on the file and it > seemed to like it better (included below) and seems to have fixed the > errors in the log file, but it isn't answering on any of the expected > ports (5443/8443/443). > > > From red5.properties: > > # Socket policy > policy.host=0.0.0.0 > policy.port=843 > > # HTTP > http.host=0.0.0.0 > http.port=5080 > https.port=443 > http.URIEncoding=UTF-8 > http.max_headers_size=8192 > http.max_keep_alive_requests=-1 > http.max_threads=20 > http.acceptor_thread_count=10 > http.processor_cache=20 > > # RTMPS > rtmps.host=0.0.0.0 > rtmps.port=8443 > > > root@freki:/opt/red5402/log# ufw status > Status: active > > To Action From > -- ------ ---- > OpenSSH ALLOW Anywhere > 5080 ALLOW Anywhere > 1935 ALLOW Anywhere > 80 ALLOW Anywhere > 5443 ALLOW Anywhere > 8443 ALLOW Anywhere > 443 ALLOW Anywhere > OpenSSH (v6) ALLOW Anywhere (v6) > 5080 (v6) ALLOW Anywhere (v6) > 1935 (v6) ALLOW Anywhere (v6) > 80 (v6) ALLOW Anywhere (v6) > 5443 (v6) ALLOW Anywhere (v6) > 8443 (v6) ALLOW Anywhere (v6) > 443 (v6) ALLOW Anywhere (v6) > > This is what is in the red5.log file, if it helps: > > root@freki:/opt/red5402/log# cat red5.log > 2018-03-30 01:20:35,450 [main] INFO org.red5.server.Launcher - Red5 > Server 1.0.10 (https://github.com/Red5) > 2018-03-30 01:20:35,570 [main] INFO > o.s.c.s.FileSystemXmlApplicationContext - Refreshing > org.springframework.context.support.FileSystemXmlApplicationContext@548b7f67: > startup date [Fri Mar 30 01:20:35 UTC 2018]; root of context hierarchy > 2018-03-30 01:20:35,687 [main] INFO > o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions > from class path resource [red5.xml] > 2018-03-30 01:20:36,074 [main] INFO > o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions > from class path resource [jee-container.xml] > 2018-03-30 01:21:36,609 [http-nio-0.0.0.0-5080-exec-4] INFO > o.a.coyote.http11.Http11Processor - Error parsing HTTP request header > Note: further occurrences of HTTP request parsing errors will be > logged at DEBUG level. > java.lang.IllegalArgumentException: Invalid character found in method > name. HTTP method names must be tokens > at > org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410) > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376) > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > > Full Jee-container.xml if it helps: > > <?xml version="1.0" encoding="UTF-8"?> > <!-- > Licensed to the Apache Software Foundation (ASF) under one or more > contributor license agreements. See the NOTICE file distributed with > this work for additional information regarding copyright ownership. > The ASF licenses this file to You under the Apache License, Version > 2.0 > (the "License"); you may not use this file except in compliance with > the License. You may obtain a copy of the License at > > http://www.apache.org/licenses/LICENSE-2.0 > > Unless required by applicable law or agreed to in writing, software > distributed under the License is distributed on an "AS IS" BASIS, > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > See the License for the specific language governing permissions and > limitations under the License. > --> > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:lang="http://www.springframework.org/schema/lang"; > xsi:schemaLocation=" > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans.xsd > http://www.springframework.org/schema/lang > http://www.springframework.org/schema/lang/spring-lang.xsd > "> > <!-- > The tomcat connectors may be blocking or non-blocking. Select > between either option via the protocol property. > Blocking I/O: > <property name="protocol" > value="org.apache.coyote.http11.Http11Protocol" /> > Non-blocking I/O: > <property name="protocol" > value="org.apache.coyote.http11.Http11NioProtocol" /> > --> > <!-- Tomcat without SSL enabled -- > > <bean id="tomcat.server" > class="org.red5.server.tomcat.TomcatLoader" > depends-on="context.loader" lazy-init="true"> > <property name="webappFolder" > value="${red5.root}/webapps" /> > <property name="connectors"> > <list> > <bean name="httpConnector" > class="org.red5.server.tomcat.TomcatConnector"> > <property name="protocol" > value="org.apache.coyote.http11.Http11NioProtocol" /> > <property name="address" > value="${http.host}:${http.port}" /> > <property name="redirectPort" > value="${https.port}" /> > <property > name="connectionProperties"> > <map> > <entry > key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> > <entry > key="keepAliveTimout" value="-1"/> > </map> > </property> > </bean> > </list> > </property> > <property name="baseHost"> > <bean > class="org.apache.catalina.core.StandardHost"> > <property name="name" > value="${http.host}" /> > </bean> > </property> > <property name="valves"> > <list> > <bean id="valve.access" > class="org.apache.catalina.valves.AccessLogValve"> > <property name="directory" > value="log" /> > <property name="prefix" > value="${http.host}_access." /> > <property name="suffix" > value=".log" /> > <property name="pattern" > value="common" /> > <property name="rotatable" > value="true" /> > </bean> > <bean id="valve.error" > class="org.apache.catalina.valves.ErrorReportValve"> > <property name="showReport" > value="false" /> > <property > name="showServerInfo" value="false" /> > </bean> > </list> > </property> > </bean> > > <!-- Tomcat with SSL enabled --> > > <bean id="tomcat.server" > class="org.red5.server.tomcat.TomcatLoader" > depends-on="context.loader" lazy-init="true"> > <property name="webappFolder" > value="${red5.root}/webapps" /> > <property name="connectors"> > <list> > <bean name="httpConnector" > class="org.red5.server.tomcat.TomcatConnector"> > <property name="protocol" > value="org.apache.coyote.http11.Http11NioProtocol" /> > <property name="address" > value="${http.host}:${http.port}" /> > <property name="redirectPort" > value="${https.port}" /> > </bean> > <bean name="httpsConnector" > class="org.red5.server.tomcat.TomcatConnector"> > <property name="secure" > value="true" /> > <property name="protocol" > value="org.apache.coyote.http11.Http11NioProtocol" /> > <property name="address" > value="${http.host}:${https.port}" /> > <property name="redirectPort" > value="${http.port}" /> > <property > name="connectionProperties"> > <map> > <entry > key="port" value="${https.port}" /> > <entry > key="redirectPort" value="${http.port}" /> > <entry > key="SSLEnabled" value="true" /> > <entry > key="sslProtocol" value="TLS" /> > <entry > key="keystoreFile" value="${rtmps.keystorefile}" /> > <entry > key="keystorePass" value="${rtmps.keystorepass}" /> > <entry > key="truststoreFile" value="${rtmps.truststorefile}" /> > <entry > key="truststorePass" value="${rtmps.truststorepass}" /> > <entry > key="clientAuth" value="false" /> > <entry > key="allowUnsafeLegacyRenegotiation" value="true" /> > <entry > key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> > <entry > key="keepAliveTimout" value="-1"/> > <entry > key="useExecutor" value="true"/> > <entry > key="maxThreads" value="${http.max_threads}"/> > <entry > key="acceptorThreadCount" value="${http.acceptor_thread_count}"/> > <entry > key="processorCache" value="${http.processor_cache}"/> > </map> > </property> > </bean> > </list> > </property> > <property name="baseHost"> > <bean > class="org.apache.catalina.core.StandardHost"> > <property name="name" > value="${http.host}" /> > </bean> > </property> > <property name="valves"> > <list> > <bean id="valve.access" > class="org.apache.catalina.valves.AccessLogValve"> > <property name="directory" > value="log" /> > <property name="prefix" > value="${http.host}_access." /> > <property name="suffix" > value=".log" /> > <property name="pattern" > value="common" /> > <property name="rotatable" > value="true" /> > </bean> > <bean id="valve.error" > class="org.apache.catalina.valves.ErrorReportValve"> > <property name="showReport" > value="false" /> > <property > name="showServerInfo" value="false" /> > </bean> > </list> > </property> > </bean> > --> > </beans> > > > On 3/30/2018 2:37 AM, Maxim Solodovnik wrote: >> Hello Alan, >> >> To eneble HTTPS for OM you need to do 2 things: >> >> 1) create valid keystore/truststore (ensure filename/path is correctly >> defined in red5.properties) >> 2) Edit red5/conf/jee-container.xml file: >> Comment Tomcat without SSL enabled section >> UNComment Tomcat with SSL enabled section >> >> On Fri, Mar 30, 2018 at 5:30 AM, Alan Johnson >> <[email protected]> wrote: >>> So I tried using the steps in the email, and they successfully >>> created the >>> keystore. >>> >>> However the steps to enable HTTPS web interface appear to be >>> incorrect/have >>> changed. >>> >>> Edit red5/webapps/openmeetings/public/config.xml and set >>> <protocol>https</protocol> >>> Edit red5/webapps/openmeetings/public/config.xml and set >>> red5httpport to >>> https port >>> >>> These files (Config.xml) are missing from the directory. >>> >>> root@freki:/opt/red5402/webapps/openmeetings/public# ls -al >>> total 968 >>> drwxr-xr-x 3 nobody root 4096 Mar 29 22:29 . >>> drwxr-xr-x 15 nobody root 4096 Mar 28 21:08 .. >>> -rw-rw-r-- 1 nobody root 4597 Feb 1 23:17 chat_message.mp3 >>> drwxrwxr-x 2 nobody root 4096 Feb 24 23:00 cliparts >>> -rw-rw-r-- 1 nobody root 11294 Feb 1 23:17 favicon.ico >>> -rw-rw-r-- 1 nobody root 572587 Feb 24 23:00 main.swf >>> -rw-rw-r-- 1 nobody root 384036 Feb 24 23:01 networktest.swf >>> >>> Please advise. >>> >>> >>> >>> On 3/29/2018 2:52 AM, Maxim Solodovnik wrote: >>> >>> What preventing you from using this script? >>> >>> On Thu, Mar 29, 2018 at 1:41 PM, Anis Aliev <[email protected]> >>> wrote: >>> >>> Guys from bigbluebutton aleady developed a script for installing >>> with lE >>> >>> чт, 29 марта 2018 г., 9:32 Maxim Solodovnik <[email protected]>: >>> >>> great :) >>> >>> ps please CC user@ list :) >>> >>> >>> On Thu, Mar 29, 2018 at 11:18 AM, Alan Johnson >>> <[email protected]> >>> wrote: >>> >>> Thank you for pointing it out. I will try the steps listed in the 18 >>> Oct >>> 2017 email tomorrow. >>> >>> I might suggest that given the number of other emails asking about >>> it to >>> update the guide and / or build in certbot functionality to simplify >>> the >>> configuration. If I had my preference, the installer would offer LE >>> https as >>> a default option for installation. >>> >>> >>> On 3/29/2018 12:13 AM, Maxim Solodovnik wrote: >>> >>> This topic was discussed many times: >>> >>> >>> https://openmeetings.markmail.org/search/?q=letsencrypt#query:letsencrypt+page:1+mid:ik4qdhdychl364bp+state:results >>> >>> >>> >>> What steps are not work for you? >>> >>> On Thu, Mar 29, 2018 at 10:14 AM, Anis Aliev <[email protected]> >>> wrote: >>> >>> This is why I am asking community to arrange tutorial for SSL based on >>> LE. >>> >>> FYI >>> >>> 2018-03-29 7:22 GMT+05:00 Alan Johnson <[email protected]>: >>> >>> I saw a recent thread regarding windows 10 and Let's Encrypt. Has >>> anyone >>> had any success with Ubuntu and LE? >>> >>> I was using this guide >>> >>> >>> (https://openmeetings.apache.org/RTMPSAndHTTPS.html#SSL_for_the_web_interface) >>> >>> >>> after getting OM up and running, but I had no luck figuring out how >>> to >>> convert the LE certs to appropriate formats for OM? >>> >>> Thanks, >>> >>> Alan >>> >>> >>> -- >>> >>> IT Manager,e-learning specialist >>> Skype:aliev_anis >>> www.facebook.com/anis.aliev >>> Тел:989010012 >>> >>> >>> >>> >>> -- >>> WBR >>> Maxim aka solomax >>> >>> >>> >> >> >
