please share with us. Thanks 2018-04-01 23:53 GMT+05:00 Alan Johnson <[email protected]>:
> David, > > I would appreciate it. I have not yet had the opportunity to try the other > config file. > > Alan > > > > On 4/1/2018 2:31 PM, David Jentz wrote: > >> I have a script that converts the stanard config of openmeetings to >> https. It prompts the user for keystore passwords currently but that >> too could be automated via expect. >> >> I posted before if anybody wants it but nobody replied, maybe I will >> stop posting about it. >> >> Because of the frequency of this topic I figured it might be helpful >> though, at least as a starting point. >> -Dave >> >> On Sat, Mar 31, 2018 at 10:14 AM, Maxim Solodovnik <[email protected]> >> wrote: >> >>> Thanks Aaron for the answers >>> I'm little bit busy with personal stuff and my day time job >>> >>> @Alan, >>> to set up HTTPS >>> you need >>> 1) create keystore located at `rtmps.keystorefile` with password >>> `rtmps.keystorepass` (and truststore) >>> 2) modify jee*.xml to enable Tomcat with SSL (and disable Tomcat without >>> SSL) >>> >>> not sure how this 2 step instruction can be further simplified :( >>> >>> This topic was discussed million times, this is why I send you the >>> link to search >>> Maybe previous QA might help >>> >>> I'll try to check if this can be further simplified (not sure how yet) >>> but my time is very limited right now ..... >>> >>> >>> On Fri, Mar 30, 2018 at 11:40 PM, Aaron Hepp <[email protected]> >>> wrote: >>> >>>> Did you use a different password then in the instructions (which was >>>> password) when creating your .jks files? This was my original mistake >>>> as >>>> well. >>>> >>>> If so then you will need to change your red5.properties file and put the >>>> password in there. >>>> >>>> # RTMPS Key and Trust store parameters >>>> rtmps.keystorepass=password >>>> rtmps.keystorefile=conf/keystore.jks >>>> rtmps.truststorepass=password >>>> rtmps.truststorefile=conf/truststore.jks >>>> >>>> >>>> On 3/30/2018 12:27 PM, Alan Johnson wrote: >>>> >>>> I changed it to this: >>>> >>>> <!-- Tomcat without SSL enabled >>>> <bean id="tomcat.server" class="org.red5.server.tomcat. >>>> TomcatLoader" >>>> depends-on="context.loader" lazy-init="true"> >>>> <property name="webappFolder" >>>> value="${red5.root}/webapps" >>>> /> >>>> <property name="connectors"> >>>> <list> >>>> <bean name="httpConnector" >>>> class="org.red5.server.tomcat.TomcatConnector"> >>>> <property name="protocol" >>>> value="org.apache.coyote.http11.Http11NioProtocol" /> >>>> <property name="address" >>>> value="${http.host}:${http.port}" /> >>>> <property name="redirectPort" >>>> value="${https.port}" /> >>>> <property >>>> name="connectionProperties"> >>>> <map> >>>> <entry >>>> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> >>>> <entry >>>> key="keepAliveTimout" value="-1"/> >>>> </map> >>>> </property> >>>> </bean> >>>> </list> >>>> </property> >>>> <property name="baseHost"> >>>> <bean class="org.apache.catalina.cor >>>> e.StandardHost"> >>>> <property name="name" >>>> value="${http.host}" >>>> /> >>>> </bean> >>>> </property> >>>> <property name="valves"> >>>> <list> >>>> <bean id="valve.access" >>>> class="org.apache.catalina.valves.AccessLogValve"> >>>> <property name="directory" >>>> value="log" /> >>>> <property name="prefix" >>>> value="${http.host}_access." /> >>>> <property name="suffix" >>>> value=".log" >>>> /> >>>> <property name="pattern" >>>> value="common" /> >>>> <property name="rotatable" >>>> value="true" /> >>>> </bean> >>>> <bean id="valve.error" >>>> class="org.apache.catalina.valves.ErrorReportValve"> >>>> <property name="showReport" >>>> value="false" /> >>>> <property name="showServerInfo" >>>> value="false" /> >>>> </bean> >>>> </list> >>>> </property> >>>> </bean> >>>> >>>> Tomcat with SSL enabled --> >>>> >>>> >>>> The server is still not answering on https ports. >>>> >>>> >>>> On 3/30/2018 12:20 PM, Aaron Hepp wrote: >>>> >>>> that's because when you put a space between the -- and > then that is >>>> not a >>>> vaild "closure"argument and at the end of your file you have a valid >>>> "closure" --> So it thinks the entire statement is a "comment" >>>> >>>> On 3/30/2018 12:16 PM, [email protected] wrote: >>>> >>>> I had added a space and it turned it all yellow in bash. >>>> >>>> Sent from my android device. >>>> >>>> -----Original Message----- >>>> From: Aaron Hepp <[email protected]> >>>> To: [email protected], Alan Johnson <[email protected] >>>> >, >>>> Maxim Solodovnik <[email protected]> >>>> Sent: Fri, 30 Mar 2018 12:12 >>>> Subject: Re: Let's Encrypt and OM and Ubuntu >>>> >>>> Looks like you did not comment out the <!-- Tomcat without SSL enabled >>>> -- > section. >>>> >>>> That has to be commented out to force SSL. >>>> >>>> remove the --> from that line and add it right above this line >>>> >>>> <!-- Tomcat with SSL enabled --> >>>> >>>> That will comment out the entire "non-SSL" portion. >>>> >>>> >>>> On 3/30/2018 12:02 PM, Alan Johnson wrote: >>>> >>>>> I have done both of those steps. >>>>> >>>>> I created the keystore via the email chain you sent the link to. That >>>>> seemed to work with no errors. >>>>> >>>>> I had previously enabled/disabled tomcat. >>>>> >>>>> I tried an experiment and changed the comment on the file and it >>>>> seemed to like it better (included below) and seems to have fixed the >>>>> errors in the log file, but it isn't answering on any of the expected >>>>> ports (5443/8443/443). >>>>> >>>>> >>>>> From red5.properties: >>>>> >>>>> # Socket policy >>>>> policy.host=0.0.0.0 >>>>> policy.port=843 >>>>> >>>>> # HTTP >>>>> http.host=0.0.0.0 >>>>> http.port=5080 >>>>> https.port=443 >>>>> http.URIEncoding=UTF-8 >>>>> http.max_headers_size=8192 >>>>> http.max_keep_alive_requests=-1 >>>>> http.max_threads=20 >>>>> http.acceptor_thread_count=10 >>>>> http.processor_cache=20 >>>>> >>>>> # RTMPS >>>>> rtmps.host=0.0.0.0 >>>>> rtmps.port=8443 >>>>> >>>>> >>>>> root@freki:/opt/red5402/log# ufw status >>>>> Status: active >>>>> >>>>> To Action From >>>>> -- ------ ---- >>>>> OpenSSH ALLOW Anywhere >>>>> 5080 ALLOW Anywhere >>>>> 1935 ALLOW Anywhere >>>>> 80 ALLOW Anywhere >>>>> 5443 ALLOW Anywhere >>>>> 8443 ALLOW Anywhere >>>>> 443 ALLOW Anywhere >>>>> OpenSSH (v6) ALLOW Anywhere (v6) >>>>> 5080 (v6) ALLOW Anywhere (v6) >>>>> 1935 (v6) ALLOW Anywhere (v6) >>>>> 80 (v6) ALLOW Anywhere (v6) >>>>> 5443 (v6) ALLOW Anywhere (v6) >>>>> 8443 (v6) ALLOW Anywhere (v6) >>>>> 443 (v6) ALLOW Anywhere (v6) >>>>> >>>>> This is what is in the red5.log file, if it helps: >>>>> >>>>> root@freki:/opt/red5402/log# cat red5.log >>>>> 2018-03-30 01:20:35,450 [main] INFO org.red5.server.Launcher - Red5 >>>>> Server 1.0.10 (https://github.com/Red5) >>>>> 2018-03-30 01:20:35,570 [main] INFO >>>>> o.s.c.s.FileSystemXmlApplicationContext - Refreshing >>>>> >>>>> org.springframework.context.support.FileSystemXmlApplication >>>>> Context@548b7f67: >>>>> startup date [Fri Mar 30 01:20:35 UTC 2018]; root of context hierarchy >>>>> 2018-03-30 01:20:35,687 [main] INFO >>>>> o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions >>>>> from class path resource [red5.xml] >>>>> 2018-03-30 01:20:36,074 [main] INFO >>>>> o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions >>>>> from class path resource [jee-container.xml] >>>>> 2018-03-30 01:21:36,609 [http-nio-0.0.0.0-5080-exec-4] INFO >>>>> o.a.coyote.http11.Http11Processor - Error parsing HTTP request header >>>>> Note: further occurrences of HTTP request parsing errors will be >>>>> logged at DEBUG level. >>>>> java.lang.IllegalArgumentException: Invalid character found in method >>>>> name. HTTP method names must be tokens >>>>> at >>>>> >>>>> org.apache.coyote.http11.Http11InputBuffer.parseRequestLine( >>>>> Http11InputBuffer.java:410) >>>>> at >>>>> org.apache.coyote.http11.Http11Processor.service(Http11Proce >>>>> ssor.java:291) >>>>> at >>>>> >>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractPro >>>>> cessorLight.java:66) >>>>> at >>>>> >>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler. >>>>> process(AbstractProtocol.java:754) >>>>> at >>>>> >>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>>> (NioEndpoint.java:1376) >>>>> at >>>>> >>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro >>>>> cessorBase.java:49) >>>>> at >>>>> >>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>> Executor.java:1149) >>>>> at >>>>> >>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>> lExecutor.java:624) >>>>> at >>>>> >>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable. >>>>> run(TaskThread.java:61) >>>>> at java.lang.Thread.run(Thread.java:748) >>>>> >>>>> Full Jee-container.xml if it helps: >>>>> >>>>> <?xml version="1.0" encoding="UTF-8"?> >>>>> <!-- >>>>> Licensed to the Apache Software Foundation (ASF) under one or more >>>>> contributor license agreements. See the NOTICE file distributed >>>>> with >>>>> this work for additional information regarding copyright ownership. >>>>> The ASF licenses this file to You under the Apache License, Version >>>>> 2.0 >>>>> (the "License"); you may not use this file except in compliance >>>>> with >>>>> the License. You may obtain a copy of the License at >>>>> >>>>> http://www.apache.org/licenses/LICENSE-2.0 >>>>> >>>>> Unless required by applicable law or agreed to in writing, software >>>>> distributed under the License is distributed on an "AS IS" BASIS, >>>>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or >>>>> implied. >>>>> See the License for the specific language governing permissions and >>>>> limitations under the License. >>>>> --> >>>>> <beans xmlns="http://www.springframework.org/schema/beans"; >>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>>>> xmlns:lang="http://www.springframework.org/schema/lang"; >>>>> xsi:schemaLocation=" >>>>> http://www.springframework.org/schema/beans >>>>> http://www.springframework.org/schema/beans/spring-beans.xsd >>>>> http://www.springframework.org/schema/lang >>>>> http://www.springframework.org/schema/lang/spring-lang.xsd >>>>> "> >>>>> <!-- >>>>> The tomcat connectors may be blocking or non-blocking. Select >>>>> between either option via the protocol property. >>>>> Blocking I/O: >>>>> <property name="protocol" >>>>> value="org.apache.coyote.http11.Http11Protocol" /> >>>>> Non-blocking I/O: >>>>> <property name="protocol" >>>>> value="org.apache.coyote.http11.Http11NioProtocol" /> >>>>> --> >>>>> <!-- Tomcat without SSL enabled -- > >>>>> <bean id="tomcat.server" >>>>> class="org.red5.server.tomcat.TomcatLoader" >>>>> depends-on="context.loader" lazy-init="true"> >>>>> <property name="webappFolder" >>>>> value="${red5.root}/webapps" /> >>>>> <property name="connectors"> >>>>> <list> >>>>> <bean name="httpConnector" >>>>> class="org.red5.server.tomcat.TomcatConnector"> >>>>> <property name="protocol" >>>>> value="org.apache.coyote.http11.Http11NioProtocol" /> >>>>> <property name="address" >>>>> value="${http.host}:${http.port}" /> >>>>> <property name="redirectPort" >>>>> value="${https.port}" /> >>>>> <property >>>>> name="connectionProperties"> >>>>> <map> >>>>> <entry >>>>> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> >>>>> <entry >>>>> key="keepAliveTimout" value="-1"/> >>>>> </map> >>>>> </property> >>>>> </bean> >>>>> </list> >>>>> </property> >>>>> <property name="baseHost"> >>>>> <bean >>>>> class="org.apache.catalina.core.StandardHost"> >>>>> <property name="name" >>>>> value="${http.host}" /> >>>>> </bean> >>>>> </property> >>>>> <property name="valves"> >>>>> <list> >>>>> <bean id="valve.access" >>>>> class="org.apache.catalina.valves.AccessLogValve"> >>>>> <property name="directory" >>>>> value="log" /> >>>>> <property name="prefix" >>>>> value="${http.host}_access." /> >>>>> <property name="suffix" >>>>> value=".log" /> >>>>> <property name="pattern" >>>>> value="common" /> >>>>> <property name="rotatable" >>>>> value="true" /> >>>>> </bean> >>>>> <bean id="valve.error" >>>>> class="org.apache.catalina.valves.ErrorReportValve"> >>>>> <property name="showReport" >>>>> value="false" /> >>>>> <property >>>>> name="showServerInfo" value="false" /> >>>>> </bean> >>>>> </list> >>>>> </property> >>>>> </bean> >>>>> >>>>> <!-- Tomcat with SSL enabled --> >>>>> >>>>> <bean id="tomcat.server" >>>>> class="org.red5.server.tomcat.TomcatLoader" >>>>> depends-on="context.loader" lazy-init="true"> >>>>> <property name="webappFolder" >>>>> value="${red5.root}/webapps" /> >>>>> <property name="connectors"> >>>>> <list> >>>>> <bean name="httpConnector" >>>>> class="org.red5.server.tomcat.TomcatConnector"> >>>>> <property name="protocol" >>>>> value="org.apache.coyote.http11.Http11NioProtocol" /> >>>>> <property name="address" >>>>> value="${http.host}:${http.port}" /> >>>>> <property name="redirectPort" >>>>> value="${https.port}" /> >>>>> </bean> >>>>> <bean name="httpsConnector" >>>>> class="org.red5.server.tomcat.TomcatConnector"> >>>>> <property name="secure" >>>>> value="true" /> >>>>> <property name="protocol" >>>>> value="org.apache.coyote.http11.Http11NioProtocol" /> >>>>> <property name="address" >>>>> value="${http.host}:${https.port}" /> >>>>> <property name="redirectPort" >>>>> value="${http.port}" /> >>>>> <property >>>>> name="connectionProperties"> >>>>> <map> >>>>> <entry >>>>> key="port" value="${https.port}" /> >>>>> <entry >>>>> key="redirectPort" value="${http.port}" /> >>>>> <entry >>>>> key="SSLEnabled" value="true" /> >>>>> <entry >>>>> key="sslProtocol" value="TLS" /> >>>>> <entry >>>>> key="keystoreFile" value="${rtmps.keystorefile}" /> >>>>> <entry >>>>> key="keystorePass" value="${rtmps.keystorepass}" /> >>>>> <entry >>>>> key="truststoreFile" value="${rtmps.truststorefile}" /> >>>>> <entry >>>>> key="truststorePass" value="${rtmps.truststorepass}" /> >>>>> <entry >>>>> key="clientAuth" value="false" /> >>>>> <entry >>>>> key="allowUnsafeLegacyRenegotiation" value="true" /> >>>>> <entry >>>>> key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> >>>>> <entry >>>>> key="keepAliveTimout" value="-1"/> >>>>> <entry >>>>> key="useExecutor" value="true"/> >>>>> <entry >>>>> key="maxThreads" value="${http.max_threads}"/> >>>>> <entry >>>>> key="acceptorThreadCount" value="${http.acceptor_thread_count}"/> >>>>> <entry >>>>> key="processorCache" value="${http.processor_cache}"/> >>>>> </map> >>>>> </property> >>>>> </bean> >>>>> </list> >>>>> </property> >>>>> <property name="baseHost"> >>>>> <bean >>>>> class="org.apache.catalina.core.StandardHost"> >>>>> <property name="name" >>>>> value="${http.host}" /> >>>>> </bean> >>>>> </property> >>>>> <property name="valves"> >>>>> <list> >>>>> <bean id="valve.access" >>>>> class="org.apache.catalina.valves.AccessLogValve"> >>>>> <property name="directory" >>>>> value="log" /> >>>>> <property name="prefix" >>>>> value="${http.host}_access." /> >>>>> <property name="suffix" >>>>> value=".log" /> >>>>> <property name="pattern" >>>>> value="common" /> >>>>> <property name="rotatable" >>>>> value="true" /> >>>>> </bean> >>>>> <bean id="valve.error" >>>>> class="org.apache.catalina.valves.ErrorReportValve"> >>>>> <property name="showReport" >>>>> value="false" /> >>>>> <property >>>>> name="showServerInfo" value="false" /> >>>>> </bean> >>>>> </list> >>>>> </property> >>>>> </bean> >>>>> --> >>>>> </beans> >>>>> >>>>> >>>>> On 3/30/2018 2:37 AM, Maxim Solodovnik wrote: >>>>> >>>>>> Hello Alan, >>>>>> >>>>>> To eneble HTTPS for OM you need to do 2 things: >>>>>> >>>>>> 1) create valid keystore/truststore (ensure filename/path is correctly >>>>>> defined in red5.properties) >>>>>> 2) Edit red5/conf/jee-container.xml file: >>>>>> Comment Tomcat without SSL enabled section >>>>>> UNComment Tomcat with SSL enabled section >>>>>> >>>>>> On Fri, Mar 30, 2018 at 5:30 AM, Alan Johnson >>>>>> <[email protected]> wrote: >>>>>> >>>>>>> So I tried using the steps in the email, and they successfully >>>>>>> created the >>>>>>> keystore. >>>>>>> >>>>>>> However the steps to enable HTTPS web interface appear to be >>>>>>> incorrect/have >>>>>>> changed. >>>>>>> >>>>>>> Edit red5/webapps/openmeetings/public/config.xml and set >>>>>>> <protocol>https</protocol> >>>>>>> Edit red5/webapps/openmeetings/public/config.xml and set >>>>>>> red5httpport to >>>>>>> https port >>>>>>> >>>>>>> These files (Config.xml) are missing from the directory. >>>>>>> >>>>>>> root@freki:/opt/red5402/webapps/openmeetings/public# ls -al >>>>>>> total 968 >>>>>>> drwxr-xr-x 3 nobody root 4096 Mar 29 22:29 . >>>>>>> drwxr-xr-x 15 nobody root 4096 Mar 28 21:08 .. >>>>>>> -rw-rw-r-- 1 nobody root 4597 Feb 1 23:17 chat_message.mp3 >>>>>>> drwxrwxr-x 2 nobody root 4096 Feb 24 23:00 cliparts >>>>>>> -rw-rw-r-- 1 nobody root 11294 Feb 1 23:17 favicon.ico >>>>>>> -rw-rw-r-- 1 nobody root 572587 Feb 24 23:00 main.swf >>>>>>> -rw-rw-r-- 1 nobody root 384036 Feb 24 23:01 networktest.swf >>>>>>> >>>>>>> Please advise. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 3/29/2018 2:52 AM, Maxim Solodovnik wrote: >>>>>>> >>>>>>> What preventing you from using this script? >>>>>>> >>>>>>> On Thu, Mar 29, 2018 at 1:41 PM, Anis Aliev <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> Guys from bigbluebutton aleady developed a script for installing >>>>>>> with lE >>>>>>> >>>>>>> чт, 29 марта 2018 г., 9:32 Maxim Solodovnik <[email protected]>: >>>>>>> >>>>>>> great :) >>>>>>> >>>>>>> ps please CC user@ list :) >>>>>>> >>>>>>> >>>>>>> On Thu, Mar 29, 2018 at 11:18 AM, Alan Johnson >>>>>>> <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> Thank you for pointing it out. I will try the steps listed in the 18 >>>>>>> Oct >>>>>>> 2017 email tomorrow. >>>>>>> >>>>>>> I might suggest that given the number of other emails asking about >>>>>>> it to >>>>>>> update the guide and / or build in certbot functionality to simplify >>>>>>> the >>>>>>> configuration. If I had my preference, the installer would offer LE >>>>>>> https as >>>>>>> a default option for installation. >>>>>>> >>>>>>> >>>>>>> On 3/29/2018 12:13 AM, Maxim Solodovnik wrote: >>>>>>> >>>>>>> This topic was discussed many times: >>>>>>> >>>>>>> >>>>>>> >>>>>>> https://openmeetings.markmail.org/search/?q=letsencrypt#quer >>>>>>> y:letsencrypt+page:1+mid:ik4qdhdychl364bp+state:results >>>>>>> >>>>>>> >>>>>>> What steps are not work for you? >>>>>>> >>>>>>> On Thu, Mar 29, 2018 at 10:14 AM, Anis Aliev <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> This is why I am asking community to arrange tutorial for SSL based >>>>>>> on >>>>>>> LE. >>>>>>> >>>>>>> FYI >>>>>>> >>>>>>> 2018-03-29 7:22 GMT+05:00 Alan Johnson <[email protected]>: >>>>>>> >>>>>>> I saw a recent thread regarding windows 10 and Let's Encrypt. Has >>>>>>> anyone >>>>>>> had any success with Ubuntu and LE? >>>>>>> >>>>>>> I was using this guide >>>>>>> >>>>>>> >>>>>>> >>>>>>> (https://openmeetings.apache.org/RTMPSAndHTTPS.html#SSL_for_ >>>>>>> the_web_interface) >>>>>>> >>>>>>> after getting OM up and running, but I had no luck figuring out how >>>>>>> to >>>>>>> convert the LE certs to appropriate formats for OM? >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Alan >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> IT Manager,e-learning specialist >>>>>>> Skype:aliev_anis >>>>>>> www.facebook.com/anis.aliev >>>>>>> Тел:989010012 >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> WBR >>>>>>> Maxim aka solomax >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>> >>> >>> -- >>> WBR >>> Maxim aka solomax >>> >> > -- IT Manager,e-learning specialist Skype:aliev_anis www.facebook.com/anis.aliev Тел:989010012
