attached is my working XML file. I would suggest once you get the all
the files configured and working:
red5-core.xml
red5.properties
jee-container.xml
That you copy them into a new folder inside /opt (mine is /opt/files) as
this will save you from having to redo all the changes each time you
implement a new build.
On 3/30/2018 12:16 PM, [email protected] wrote:
I had added a space and it turned it all yellow in bash.
Sent from my android device.
-----Original Message-----
From: Aaron Hepp <[email protected]>
To: [email protected], Alan Johnson
<[email protected]>, Maxim Solodovnik <[email protected]>
Sent: Fri, 30 Mar 2018 12:12
Subject: Re: Let's Encrypt and OM and Ubuntu
Looks like you did not comment out the <!-- Tomcat without SSL enabled
-- > section.
That has to be commented out to force SSL.
remove the --> from that line and add it right above this line
<!-- Tomcat with SSL enabled -->
That will comment out the entire "non-SSL" portion.
On 3/30/2018 12:02 PM, Alan Johnson wrote:
> I have done both of those steps.
>
> I created the keystore via the email chain you sent the link to. That
> seemed to work with no errors.
>
> I had previously enabled/disabled tomcat.
>
> I tried an experiment and changed the comment on the file and it
> seemed to like it better (included below) and seems to have fixed the
> errors in the log file, but it isn't answering on any of the expected
> ports (5443/8443/443 <tel:8443443>).
>
>
> From red5.properties <http://red5.properties>:
>
> # Socket policy
> policy.host <http://policy.host>=0.0.0.0
> policy.port=843
>
> # HTTP
> http.host <http://http.host>=0.0.0.0
> http.port=5080
> https.port=443
> http.URIEncoding=UTF-8
> http.max_headers_size=8192
> http.max_keep_alive_requests=-1
> http.max_threads=20
> http.acceptor_thread_count=10
> http.processor_cache=20
>
> # RTMPS
> rtmps.host <http://rtmps.host>=0.0.0.0
> rtmps.port=8443
>
>
> root@freki:/opt/red5402/log# ufw status
> Status: active
>
> To Action From
> -- ------ ----
> OpenSSH ALLOW Anywhere
> 5080 ALLOW Anywhere
> 1935 ALLOW Anywhere
> 80 ALLOW Anywhere
> 5443 ALLOW Anywhere
> 8443 ALLOW Anywhere
> 443 ALLOW Anywhere
> OpenSSH (v6) ALLOW Anywhere (v6)
> 5080 (v6) ALLOW Anywhere (v6)
> 1935 (v6) ALLOW Anywhere (v6)
> 80 (v6) ALLOW Anywhere (v6)
> 5443 (v6) ALLOW Anywhere (v6)
> 8443 (v6) ALLOW Anywhere (v6)
> 443 (v6) ALLOW Anywhere (v6)
>
> This is what is in the red5.log file, if it helps:
>
> root@freki:/opt/red5402/log# cat red5.log
> 2018-03-30 01:20:35,450 [main] INFO org.red5.server.Launcher - Red5
> Server 1.0.10 (https://github.com/Red5)
> 2018-03-30 01:20:35,570 [main] INFO
> o.s.c.s.FileSystemXmlApplicationContext - Refreshing
> org.springframework.context.support
<http://org.springframework.context.support>.FileSystemXmlApplicationContext@548b7f67:
> startup date [Fri Mar 30 01:20:35 UTC 2018]; root of context hierarchy
> 2018-03-30 01:20:35,687 [main] INFO
> o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions
> from class path resource [red5.xml]
> 2018-03-30 01:20:36,074 [main] INFO
> o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions
> from class path resource [jee-container.xml]
> 2018-03-30 01:21:36,609 [http-nio-0.0.0.0-5080-exec-4] INFO
> o.a.coyote.http11.Http11Processor - Error parsing HTTP request header
> Note: further occurrences of HTTP request parsing errors will be
> logged at DEBUG level.
> java.lang.IllegalArgumentException: Invalid character found in method
> name. HTTP method names must be tokens
> at
>
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410
<http://Http11InputBuffer.java:410>)
> at
>
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291
<http://Http11Processor.java:291>)
> at
>
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66
<http://AbstractProcessorLight.java:66>)
> at
>
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754
<http://AbstractProtocol.java:754>)
> at
> org.apache.tomcat.util.net
<http://org.apache.tomcat.util.net>.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376
<http://NioEndpoint.java:1376>)
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run
<http://org.apache.tomcat.util.net.SocketProcessorBase.run>(SocketProcessorBase.java:49
<http://SocketProcessorBase.java:49>)
> at
>
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149
<http://ThreadPoolExecutor.java:1149>)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run
<http://Worker.run>(ThreadPoolExecutor.java:624
<http://ThreadPoolExecutor.java:624>)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run
<http://WrappingRunnable.run>(TaskThread.java:61
<http://TaskThread.java:61>)
> at java.lang.Thread.run
<http://java.lang.Thread.run>(Thread.java:748 <http://Thread.java:748>)
>
> Full Jee-container.xml if it helps:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed
with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version
> 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <beans xmlns="http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:lang="http://www.springframework.org/schema/lang";
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://www.springframework.org/schema/lang
> http://www.springframework.org/schema/lang/spring-lang.xsd
> ">
> <!--
> The tomcat connectors may be blocking or non-blocking. Select
> between either option via the protocol property.
> Blocking I/O:
> <property name="protocol"
> value="org.apache.coyote.http11.Http11Protocol" />
> Non-blocking I/O:
> <property name="protocol"
> value="org.apache.coyote.http11.Http11NioProtocol" />
> -->
> <!-- Tomcat without SSL enabled -- >
> <bean id="tomcat.server"
> class="org.red5.server.tomcat.TomcatLoader"
> depends-on="context.loader" lazy-init="true">
> <property name="webappFolder"
> value="${red5.root}/webapps" />
> <property name="connectors">
> <list>
> <bean name="httpConnector"
> class="org.red5.server.tomcat.TomcatConnector">
> <property name="protocol"
> value="org.apache.coyote.http11.Http11NioProtocol" />
> <property name="address"
> value="${http.host <http://http.host>}:${http.port}" />
> <property name="redirectPort"
> value="${https.port}" />
> <property
> name="connectionProperties">
> <map>
> <entry
> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
> <entry
> key="keepAliveTimout" value="-1"/>
> </map>
> </property>
> </bean>
> </list>
> </property>
> <property name="baseHost">
> <bean
> class="org.apache.catalina.core.StandardHost">
> <property name="name"
> value="${http.host <http://http.host>}" />
> </bean>
> </property>
> <property name="valves">
> <list>
> <bean id="valve.access"
> class="org.apache.catalina.valves.AccessLogValve">
> <property name="directory"
> value="log" />
> <property name="prefix"
> value="${http.host <http://http.host>}_access." />
> <property name="suffix"
> value=".log" />
> <property name="pattern"
> value="common" />
> <property name="rotatable"
> value="true" />
> </bean>
> <bean id="valve.error"
> class="org.apache.catalina.valves.ErrorReportValve">
> <property name="showReport"
> value="false" />
> <property
> name="showServerInfo" value="false" />
> </bean>
> </list>
> </property>
> </bean>
>
> <!-- Tomcat with SSL enabled -->
>
> <bean id="tomcat.server"
> class="org.red5.server.tomcat.TomcatLoader"
> depends-on="context.loader" lazy-init="true">
> <property name="webappFolder"
> value="${red5.root}/webapps" />
> <property name="connectors">
> <list>
> <bean name="httpConnector"
> class="org.red5.server.tomcat.TomcatConnector">
> <property name="protocol"
> value="org.apache.coyote.http11.Http11NioProtocol" />
> <property name="address"
> value="${http.host <http://http.host>}:${http.port}" />
> <property name="redirectPort"
> value="${https.port}" />
> </bean>
> <bean name="httpsConnector"
> class="org.red5.server.tomcat.TomcatConnector">
> <property name="secure"
> value="true" />
> <property name="protocol"
> value="org.apache.coyote.http11.Http11NioProtocol" />
> <property name="address"
> value="${http.host <http://http.host>}:${https.port}" />
> <property name="redirectPort"
> value="${http.port}" />
> <property
> name="connectionProperties">
> <map>
> <entry
> key="port" value="${https.port}" />
> <entry
> key="redirectPort" value="${http.port}" />
> <entry
> key="SSLEnabled" value="true" />
> <entry
> key="sslProtocol" value="TLS" />
> <entry
> key="keystoreFile" value="${rtmps.keystorefile}" />
> <entry
> key="keystorePass" value="${rtmps.keystorepass}" />
> <entry
> key="truststoreFile" value="${rtmps.truststorefile}" />
> <entry
> key="truststorePass" value="${rtmps.truststorepass}" />
> <entry
> key="clientAuth" value="false" />
> <entry
> key="allowUnsafeLegacyRenegotiation" value="true" />
> <entry
> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
> <entry
> key="keepAliveTimout" value="-1"/>
> <entry
> key="useExecutor" value="true"/>
> <entry
> key="maxThreads" value="${http.max_threads}"/>
> <entry
> key="acceptorThreadCount" value="${http.acceptor_thread_count}"/>
> <entry
> key="processorCache" value="${http.processor_cache}"/>
> </map>
> </property>
> </bean>
> </list>
> </property>
> <property name="baseHost">
> <bean
> class="org.apache.catalina.core.StandardHost">
> <property name="name"
> value="${http.host <http://http.host>}" />
> </bean>
> </property>
> <property name="valves">
> <list>
> <bean id="valve.access"
> class="org.apache.catalina.valves.AccessLogValve">
> <property name="directory"
> value="log" />
> <property name="prefix"
> value="${http.host <http://http.host>}_access." />
> <property name="suffix"
> value=".log" />
> <property name="pattern"
> value="common" />
> <property name="rotatable"
> value="true" />
> </bean>
> <bean id="valve.error"
> class="org.apache.catalina.valves.ErrorReportValve">
> <property name="showReport"
> value="false" />
> <property
> name="showServerInfo" value="false" />
> </bean>
> </list>
> </property>
> </bean>
> -->
> </beans>
>
>
> On 3/30/2018 2:37 AM, Maxim Solodovnik wrote:
>> Hello Alan,
>>
>> To eneble HTTPS for OM you need to do 2 things:
>>
>> 1) create valid keystore/truststore (ensure filename/path is correctly
>> defined in red5.properties <http://red5.properties>)
>> 2) Edit red5/conf/jee-container.xml file:
>> Comment Tomcat without SSL enabled section
>> UNComment Tomcat with SSL enabled section
>>
>> On Fri, Mar 30, 2018 at 5:30 AM, Alan Johnson
>> <[email protected] <mailto:[email protected]>> wrote:
>>> So I tried using the steps in the email, and they successfully
>>> created the
>>> keystore.
>>>
>>> However the steps to enable HTTPS web interface appear to be
>>> incorrect/have
>>> changed.
>>>
>>> Edit red5/webapps/openmeetings/public/config.xml and set
>>> <protocol>https</protocol>
>>> Edit red5/webapps/openmeetings/public/config.xml and set
>>> red5httpport to
>>> https port
>>>
>>> These files (Config.xml) are missing from the directory.
>>>
>>> root@freki:/opt/red5402/webapps/openmeetings/public# ls -al
>>> total 968
>>> drwxr-xr-x 3 nobody root 4096 Mar 29 22:29 .
>>> drwxr-xr-x 15 nobody root 4096 Mar 28 21:08 ..
>>> -rw-rw-r-- 1 nobody root 4597 Feb 1 23:17 chat_message.mp3
>>> drwxrwxr-x 2 nobody root 4096 Feb 24 23:00 cliparts
>>> -rw-rw-r-- 1 nobody root 11294 Feb 1 23:17 favicon.ico
>>> -rw-rw-r-- 1 nobody root 572587 Feb 24 23:00 main.swf
>>> -rw-rw-r-- 1 nobody root 384036 Feb 24 23:01 networktest.swf
>>>
>>> Please advise.
>>>
>>>
>>>
>>> On 3/29/2018 2:52 AM, Maxim Solodovnik wrote:
>>>
>>> What preventing you from using this script?
>>>
>>> On Thu, Mar 29, 2018 at 1:41 PM, Anis Aliev <[email protected]
<mailto:[email protected]>>
>>> wrote:
>>>
>>> Guys from bigbluebutton aleady developed a script for installing
>>> with lE
>>>
>>> чт, 29 марта 2018 г., 9:32 Maxim Solodovnik <[email protected]
<mailto:[email protected]>>:
>>>
>>> great :)
>>>
>>> ps please CC user@ list :)
>>>
>>>
>>> On Thu, Mar 29, 2018 at 11:18 AM, Alan Johnson
>>> <[email protected] <mailto:[email protected]>>
>>> wrote:
>>>
>>> Thank you for pointing it out. I will try the steps listed in the 18
>>> Oct
>>> 2017 email tomorrow.
>>>
>>> I might suggest that given the number of other emails asking about
>>> it to
>>> update the guide and / or build in certbot functionality to simplify
>>> the
>>> configuration. If I had my preference, the installer would offer LE
>>> https as
>>> a default option for installation.
>>>
>>>
>>> On 3/29/2018 12:13 AM, Maxim Solodovnik wrote:
>>>
>>> This topic was discussed many times:
>>>
>>>
>>>
https://openmeetings.markmail.org/search/?q=letsencrypt#query:letsencrypt+page:1+mid:ik4qdhdychl364bp+state:results
>>>
>>>
>>> What steps are not work for you?
>>>
>>> On Thu, Mar 29, 2018 at 10:14 AM, Anis Aliev <[email protected]
<mailto:[email protected]>>
>>> wrote:
>>>
>>> This is why I am asking community to arrange tutorial for SSL
based on
>>> LE.
>>>
>>> FYI
>>>
>>> 2018-03-29 7:22 GMT+05:00 Alan Johnson <[email protected]
<mailto:[email protected]>>:
>>>
>>> I saw a recent thread regarding windows 10 and Let's Encrypt. Has
>>> anyone
>>> had any success with Ubuntu and LE?
>>>
>>> I was using this guide
>>>
>>>
>>>
(https://openmeetings.apache.org/RTMPSAndHTTPS.html#SSL_for_the_web_interface)
>>>
>>> after getting OM up and running, but I had no luck figuring out how
>>> to
>>> convert the LE certs to appropriate formats for OM?
>>>
>>> Thanks,
>>>
>>> Alan
>>>
>>>
>>> --
>>>
>>> IT Manager,e-learning specialist
>>> Skype:aliev_anis
>>> www.facebook.com/anis.aliev <http://www.facebook.com/anis.aliev>
>>> Тел:989010012
>>>
>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>>
>>>
>>
>>
>
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:lang="http://www.springframework.org/schema/lang";
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
">
<!--
The tomcat connectors may be blocking or non-blocking. Select between either option via the protocol property.
Blocking I/O:
<property name="protocol" value="org.apache.coyote.http11.Http11Protocol" />
Non-blocking I/O:
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
-->
<!-- Tomcat without SSL enabled
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" depends-on="context.loader" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${http.port}" />
<property name="redirectPort" value="${https.port}" />
<property name="connectionProperties">
<map>
<entry key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
<entry key="keepAliveTimout" value="-1"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access" class="org.apache.catalina.valves.AccessLogValve">
<property name="directory" value="log" />
<property name="prefix" value="${http.host}_access." />
<property name="suffix" value=".log" />
<property name="pattern" value="common" />
<property name="rotatable" value="true" />
</bean>
<bean id="valve.error" class="org.apache.catalina.valves.ErrorReportValve">
<property name="showReport" value="false" />
<property name="showServerInfo" value="false" />
</bean>
</list>
</property>
</bean>
-->
<!-- Tomcat with SSL enabled -->
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" depends-on="context.loader" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${http.port}" />
<property name="redirectPort" value="${https.port}" />
</bean>
<bean name="httpsConnector" class="org.red5.server.tomcat.TomcatConnector">
<property name="secure" value="true" />
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${https.port}" />
<property name="redirectPort" value="${http.port}" />
<property name="connectionProperties">
<map>
<entry key="port" value="${https.port}" />
<entry key="redirectPort" value="${http.port}" />
<entry key="SSLEnabled" value="true" />
<entry key="sslProtocol" value="TLS" />
<entry key="keystoreFile" value="${rtmps.keystorefile}" />
<entry key="keystorePass" value="${rtmps.keystorepass}" />
<entry key="truststoreFile" value="${rtmps.truststorefile}" />
<entry key="truststorePass" value="${rtmps.truststorepass}" />
<entry key="clientAuth" value="false" />
<entry key="allowUnsafeLegacyRenegotiation" value="true" />
<entry key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
<entry key="keepAliveTimout" value="-1"/>
<entry key="useExecutor" value="true"/>
<entry key="maxThreads" value="${http.max_threads}"/>
<entry key="acceptorThreadCount" value="${http.acceptor_thread_count}"/>
<entry key="processorCache" value="${http.processor_cache}"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access" class="org.apache.catalina.valves.AccessLogValve">
<property name="directory" value="log" />
<property name="prefix" value="${http.host}_access." />
<property name="suffix" value=".log" />
<property name="pattern" value="common" />
<property name="rotatable" value="true" />
</bean>
<bean id="valve.error" class="org.apache.catalina.valves.ErrorReportValve">
<property name="showReport" value="false" />
<property name="showServerInfo" value="false" />
</bean>
</list>
</property>
</bean>
</beans>
