Thanks Aaron for the answers I'm little bit busy with personal stuff and my day time job
@Alan, to set up HTTPS you need 1) create keystore located at `rtmps.keystorefile` with password `rtmps.keystorepass` (and truststore) 2) modify jee*.xml to enable Tomcat with SSL (and disable Tomcat without SSL) not sure how this 2 step instruction can be further simplified :( This topic was discussed million times, this is why I send you the link to search Maybe previous QA might help I'll try to check if this can be further simplified (not sure how yet) but my time is very limited right now ..... On Fri, Mar 30, 2018 at 11:40 PM, Aaron Hepp <[email protected]> wrote: > Did you use a different password then in the instructions (which was > password) when creating your .jks files? This was my original mistake as > well. > > If so then you will need to change your red5.properties file and put the > password in there. > > # RTMPS Key and Trust store parameters > rtmps.keystorepass=password > rtmps.keystorefile=conf/keystore.jks > rtmps.truststorepass=password > rtmps.truststorefile=conf/truststore.jks > > > On 3/30/2018 12:27 PM, Alan Johnson wrote: > > I changed it to this: > > <!-- Tomcat without SSL enabled > <bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" > depends-on="context.loader" lazy-init="true"> > <property name="webappFolder" value="${red5.root}/webapps" > /> > <property name="connectors"> > <list> > <bean name="httpConnector" > class="org.red5.server.tomcat.TomcatConnector"> > <property name="protocol" > value="org.apache.coyote.http11.Http11NioProtocol" /> > <property name="address" > value="${http.host}:${http.port}" /> > <property name="redirectPort" > value="${https.port}" /> > <property > name="connectionProperties"> > <map> > <entry > key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> > <entry > key="keepAliveTimout" value="-1"/> > </map> > </property> > </bean> > </list> > </property> > <property name="baseHost"> > <bean class="org.apache.catalina.core.StandardHost"> > <property name="name" value="${http.host}" > /> > </bean> > </property> > <property name="valves"> > <list> > <bean id="valve.access" > class="org.apache.catalina.valves.AccessLogValve"> > <property name="directory" > value="log" /> > <property name="prefix" > value="${http.host}_access." /> > <property name="suffix" value=".log" > /> > <property name="pattern" > value="common" /> > <property name="rotatable" > value="true" /> > </bean> > <bean id="valve.error" > class="org.apache.catalina.valves.ErrorReportValve"> > <property name="showReport" > value="false" /> > <property name="showServerInfo" > value="false" /> > </bean> > </list> > </property> > </bean> > > Tomcat with SSL enabled --> > > > The server is still not answering on https ports. > > > On 3/30/2018 12:20 PM, Aaron Hepp wrote: > > that's because when you put a space between the -- and > then that is not a > vaild "closure"argument and at the end of your file you have a valid > "closure" --> So it thinks the entire statement is a "comment" > > On 3/30/2018 12:16 PM, [email protected] wrote: > > I had added a space and it turned it all yellow in bash. > > Sent from my android device. > > -----Original Message----- > From: Aaron Hepp <[email protected]> > To: [email protected], Alan Johnson <[email protected]>, > Maxim Solodovnik <[email protected]> > Sent: Fri, 30 Mar 2018 12:12 > Subject: Re: Let's Encrypt and OM and Ubuntu > > Looks like you did not comment out the <!-- Tomcat without SSL enabled > -- > section. > > That has to be commented out to force SSL. > > remove the --> from that line and add it right above this line > > <!-- Tomcat with SSL enabled --> > > That will comment out the entire "non-SSL" portion. > > > On 3/30/2018 12:02 PM, Alan Johnson wrote: >> I have done both of those steps. >> >> I created the keystore via the email chain you sent the link to. That >> seemed to work with no errors. >> >> I had previously enabled/disabled tomcat. >> >> I tried an experiment and changed the comment on the file and it >> seemed to like it better (included below) and seems to have fixed the >> errors in the log file, but it isn't answering on any of the expected >> ports (5443/8443/443). >> >> >> From red5.properties: >> >> # Socket policy >> policy.host=0.0.0.0 >> policy.port=843 >> >> # HTTP >> http.host=0.0.0.0 >> http.port=5080 >> https.port=443 >> http.URIEncoding=UTF-8 >> http.max_headers_size=8192 >> http.max_keep_alive_requests=-1 >> http.max_threads=20 >> http.acceptor_thread_count=10 >> http.processor_cache=20 >> >> # RTMPS >> rtmps.host=0.0.0.0 >> rtmps.port=8443 >> >> >> root@freki:/opt/red5402/log# ufw status >> Status: active >> >> To Action From >> -- ------ ---- >> OpenSSH ALLOW Anywhere >> 5080 ALLOW Anywhere >> 1935 ALLOW Anywhere >> 80 ALLOW Anywhere >> 5443 ALLOW Anywhere >> 8443 ALLOW Anywhere >> 443 ALLOW Anywhere >> OpenSSH (v6) ALLOW Anywhere (v6) >> 5080 (v6) ALLOW Anywhere (v6) >> 1935 (v6) ALLOW Anywhere (v6) >> 80 (v6) ALLOW Anywhere (v6) >> 5443 (v6) ALLOW Anywhere (v6) >> 8443 (v6) ALLOW Anywhere (v6) >> 443 (v6) ALLOW Anywhere (v6) >> >> This is what is in the red5.log file, if it helps: >> >> root@freki:/opt/red5402/log# cat red5.log >> 2018-03-30 01:20:35,450 [main] INFO org.red5.server.Launcher - Red5 >> Server 1.0.10 (https://github.com/Red5) >> 2018-03-30 01:20:35,570 [main] INFO >> o.s.c.s.FileSystemXmlApplicationContext - Refreshing >> >> org.springframework.context.support.FileSystemXmlApplicationContext@548b7f67: >> startup date [Fri Mar 30 01:20:35 UTC 2018]; root of context hierarchy >> 2018-03-30 01:20:35,687 [main] INFO >> o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions >> from class path resource [red5.xml] >> 2018-03-30 01:20:36,074 [main] INFO >> o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions >> from class path resource [jee-container.xml] >> 2018-03-30 01:21:36,609 [http-nio-0.0.0.0-5080-exec-4] INFO >> o.a.coyote.http11.Http11Processor - Error parsing HTTP request header >> Note: further occurrences of HTTP request parsing errors will be >> logged at DEBUG level. >> java.lang.IllegalArgumentException: Invalid character found in method >> name. HTTP method names must be tokens >> at >> >> org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410) >> at >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291) >> at >> >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) >> at >> >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754) >> at >> >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376) >> at >> >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) >> at >> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >> at >> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >> at >> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:748) >> >> Full Jee-container.xml if it helps: >> >> <?xml version="1.0" encoding="UTF-8"?> >> <!-- >> Licensed to the Apache Software Foundation (ASF) under one or more >> contributor license agreements. See the NOTICE file distributed with >> this work for additional information regarding copyright ownership. >> The ASF licenses this file to You under the Apache License, Version >> 2.0 >> (the "License"); you may not use this file except in compliance with >> the License. You may obtain a copy of the License at >> >> http://www.apache.org/licenses/LICENSE-2.0 >> >> Unless required by applicable law or agreed to in writing, software >> distributed under the License is distributed on an "AS IS" BASIS, >> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or >> implied. >> See the License for the specific language governing permissions and >> limitations under the License. >> --> >> <beans xmlns="http://www.springframework.org/schema/beans"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xmlns:lang="http://www.springframework.org/schema/lang"; >> xsi:schemaLocation=" >> http://www.springframework.org/schema/beans >> http://www.springframework.org/schema/beans/spring-beans.xsd >> http://www.springframework.org/schema/lang >> http://www.springframework.org/schema/lang/spring-lang.xsd >> "> >> <!-- >> The tomcat connectors may be blocking or non-blocking. Select >> between either option via the protocol property. >> Blocking I/O: >> <property name="protocol" >> value="org.apache.coyote.http11.Http11Protocol" /> >> Non-blocking I/O: >> <property name="protocol" >> value="org.apache.coyote.http11.Http11NioProtocol" /> >> --> >> <!-- Tomcat without SSL enabled -- > >> <bean id="tomcat.server" >> class="org.red5.server.tomcat.TomcatLoader" >> depends-on="context.loader" lazy-init="true"> >> <property name="webappFolder" >> value="${red5.root}/webapps" /> >> <property name="connectors"> >> <list> >> <bean name="httpConnector" >> class="org.red5.server.tomcat.TomcatConnector"> >> <property name="protocol" >> value="org.apache.coyote.http11.Http11NioProtocol" /> >> <property name="address" >> value="${http.host}:${http.port}" /> >> <property name="redirectPort" >> value="${https.port}" /> >> <property >> name="connectionProperties"> >> <map> >> <entry >> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> >> <entry >> key="keepAliveTimout" value="-1"/> >> </map> >> </property> >> </bean> >> </list> >> </property> >> <property name="baseHost"> >> <bean >> class="org.apache.catalina.core.StandardHost"> >> <property name="name" >> value="${http.host}" /> >> </bean> >> </property> >> <property name="valves"> >> <list> >> <bean id="valve.access" >> class="org.apache.catalina.valves.AccessLogValve"> >> <property name="directory" >> value="log" /> >> <property name="prefix" >> value="${http.host}_access." /> >> <property name="suffix" >> value=".log" /> >> <property name="pattern" >> value="common" /> >> <property name="rotatable" >> value="true" /> >> </bean> >> <bean id="valve.error" >> class="org.apache.catalina.valves.ErrorReportValve"> >> <property name="showReport" >> value="false" /> >> <property >> name="showServerInfo" value="false" /> >> </bean> >> </list> >> </property> >> </bean> >> >> <!-- Tomcat with SSL enabled --> >> >> <bean id="tomcat.server" >> class="org.red5.server.tomcat.TomcatLoader" >> depends-on="context.loader" lazy-init="true"> >> <property name="webappFolder" >> value="${red5.root}/webapps" /> >> <property name="connectors"> >> <list> >> <bean name="httpConnector" >> class="org.red5.server.tomcat.TomcatConnector"> >> <property name="protocol" >> value="org.apache.coyote.http11.Http11NioProtocol" /> >> <property name="address" >> value="${http.host}:${http.port}" /> >> <property name="redirectPort" >> value="${https.port}" /> >> </bean> >> <bean name="httpsConnector" >> class="org.red5.server.tomcat.TomcatConnector"> >> <property name="secure" >> value="true" /> >> <property name="protocol" >> value="org.apache.coyote.http11.Http11NioProtocol" /> >> <property name="address" >> value="${http.host}:${https.port}" /> >> <property name="redirectPort" >> value="${http.port}" /> >> <property >> name="connectionProperties"> >> <map> >> <entry >> key="port" value="${https.port}" /> >> <entry >> key="redirectPort" value="${http.port}" /> >> <entry >> key="SSLEnabled" value="true" /> >> <entry >> key="sslProtocol" value="TLS" /> >> <entry >> key="keystoreFile" value="${rtmps.keystorefile}" /> >> <entry >> key="keystorePass" value="${rtmps.keystorepass}" /> >> <entry >> key="truststoreFile" value="${rtmps.truststorefile}" /> >> <entry >> key="truststorePass" value="${rtmps.truststorepass}" /> >> <entry >> key="clientAuth" value="false" /> >> <entry >> key="allowUnsafeLegacyRenegotiation" value="true" /> >> <entry >> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> >> <entry >> key="keepAliveTimout" value="-1"/> >> <entry >> key="useExecutor" value="true"/> >> <entry >> key="maxThreads" value="${http.max_threads}"/> >> <entry >> key="acceptorThreadCount" value="${http.acceptor_thread_count}"/> >> <entry >> key="processorCache" value="${http.processor_cache}"/> >> </map> >> </property> >> </bean> >> </list> >> </property> >> <property name="baseHost"> >> <bean >> class="org.apache.catalina.core.StandardHost"> >> <property name="name" >> value="${http.host}" /> >> </bean> >> </property> >> <property name="valves"> >> <list> >> <bean id="valve.access" >> class="org.apache.catalina.valves.AccessLogValve"> >> <property name="directory" >> value="log" /> >> <property name="prefix" >> value="${http.host}_access." /> >> <property name="suffix" >> value=".log" /> >> <property name="pattern" >> value="common" /> >> <property name="rotatable" >> value="true" /> >> </bean> >> <bean id="valve.error" >> class="org.apache.catalina.valves.ErrorReportValve"> >> <property name="showReport" >> value="false" /> >> <property >> name="showServerInfo" value="false" /> >> </bean> >> </list> >> </property> >> </bean> >> --> >> </beans> >> >> >> On 3/30/2018 2:37 AM, Maxim Solodovnik wrote: >>> Hello Alan, >>> >>> To eneble HTTPS for OM you need to do 2 things: >>> >>> 1) create valid keystore/truststore (ensure filename/path is correctly >>> defined in red5.properties) >>> 2) Edit red5/conf/jee-container.xml file: >>> Comment Tomcat without SSL enabled section >>> UNComment Tomcat with SSL enabled section >>> >>> On Fri, Mar 30, 2018 at 5:30 AM, Alan Johnson >>> <[email protected]> wrote: >>>> So I tried using the steps in the email, and they successfully >>>> created the >>>> keystore. >>>> >>>> However the steps to enable HTTPS web interface appear to be >>>> incorrect/have >>>> changed. >>>> >>>> Edit red5/webapps/openmeetings/public/config.xml and set >>>> <protocol>https</protocol> >>>> Edit red5/webapps/openmeetings/public/config.xml and set >>>> red5httpport to >>>> https port >>>> >>>> These files (Config.xml) are missing from the directory. >>>> >>>> root@freki:/opt/red5402/webapps/openmeetings/public# ls -al >>>> total 968 >>>> drwxr-xr-x 3 nobody root 4096 Mar 29 22:29 . >>>> drwxr-xr-x 15 nobody root 4096 Mar 28 21:08 .. >>>> -rw-rw-r-- 1 nobody root 4597 Feb 1 23:17 chat_message.mp3 >>>> drwxrwxr-x 2 nobody root 4096 Feb 24 23:00 cliparts >>>> -rw-rw-r-- 1 nobody root 11294 Feb 1 23:17 favicon.ico >>>> -rw-rw-r-- 1 nobody root 572587 Feb 24 23:00 main.swf >>>> -rw-rw-r-- 1 nobody root 384036 Feb 24 23:01 networktest.swf >>>> >>>> Please advise. >>>> >>>> >>>> >>>> On 3/29/2018 2:52 AM, Maxim Solodovnik wrote: >>>> >>>> What preventing you from using this script? >>>> >>>> On Thu, Mar 29, 2018 at 1:41 PM, Anis Aliev <[email protected]> >>>> wrote: >>>> >>>> Guys from bigbluebutton aleady developed a script for installing >>>> with lE >>>> >>>> чт, 29 марта 2018 г., 9:32 Maxim Solodovnik <[email protected]>: >>>> >>>> great :) >>>> >>>> ps please CC user@ list :) >>>> >>>> >>>> On Thu, Mar 29, 2018 at 11:18 AM, Alan Johnson >>>> <[email protected]> >>>> wrote: >>>> >>>> Thank you for pointing it out. I will try the steps listed in the 18 >>>> Oct >>>> 2017 email tomorrow. >>>> >>>> I might suggest that given the number of other emails asking about >>>> it to >>>> update the guide and / or build in certbot functionality to simplify >>>> the >>>> configuration. If I had my preference, the installer would offer LE >>>> https as >>>> a default option for installation. >>>> >>>> >>>> On 3/29/2018 12:13 AM, Maxim Solodovnik wrote: >>>> >>>> This topic was discussed many times: >>>> >>>> >>>> >>>> https://openmeetings.markmail.org/search/?q=letsencrypt#query:letsencrypt+page:1+mid:ik4qdhdychl364bp+state:results >>>> >>>> >>>> What steps are not work for you? >>>> >>>> On Thu, Mar 29, 2018 at 10:14 AM, Anis Aliev <[email protected]> >>>> wrote: >>>> >>>> This is why I am asking community to arrange tutorial for SSL based on >>>> LE. >>>> >>>> FYI >>>> >>>> 2018-03-29 7:22 GMT+05:00 Alan Johnson <[email protected]>: >>>> >>>> I saw a recent thread regarding windows 10 and Let's Encrypt. Has >>>> anyone >>>> had any success with Ubuntu and LE? >>>> >>>> I was using this guide >>>> >>>> >>>> >>>> (https://openmeetings.apache.org/RTMPSAndHTTPS.html#SSL_for_the_web_interface) >>>> >>>> after getting OM up and running, but I had no luck figuring out how >>>> to >>>> convert the LE certs to appropriate formats for OM? >>>> >>>> Thanks, >>>> >>>> Alan >>>> >>>> >>>> -- >>>> >>>> IT Manager,e-learning specialist >>>> Skype:aliev_anis >>>> www.facebook.com/anis.aliev >>>> Тел:989010012 >>>> >>>> >>>> >>>> >>>> -- >>>> WBR >>>> Maxim aka solomax >>>> >>>> >>>> >>> >>> >> > > -- WBR Maxim aka solomax
