Re: Openmeetings, https, rtmps and apache reverse proxy to bypass proxy ?
Maxim Solodovnik
Hello,
to explain my architecture, I have a machine which has the role of reverse proxy, for bypass the company's firewalls.
That thus enables me to attack all my Web sites (which are on other machine) on port 443.I would like to make the same thing with openmeetings.
I followed this tutorial :
but i havent make the last part with https/rtmps
The application, which is superb (only misses the android client :-D), function very well with localhost, inside my network. And with the default configuration, and a firewall less restrictive, the application works too. (after opened the port 1935 to the OM serveur )
However, outside, that does not function with the port 443...
I made several test but actually, it doesnt work...
Here is the schema of what i want:
https://openmeetings.mydomain.com ----> reverse proxy -----> http://openmeetings.mydomain.local:5080/openmeetings/
here is my conf files:
/usr/lib/red5/conf/red5.properties
# Socket policy
policy.host=0.0.0.0
policy.port=843
# HTTP
http.host=0.0.0.0
http.port=5080
https.port=5443
http.URIEncoding=UTF-8
http.max_keep_alive_requests=-1
http.max_threads=20
http.acceptor_thread_count=10
http.processor_cache=20
# RTMP
rtmp.host=0.0.0.0
rtmp.port=1935
rtmp.io_threads=16
rtmp.send_buffer_size=65536
rtmp.receive_buffer_size=65536
rtmp.ping_interval=1000
rtmp.max_inactivity=60000
rtmp.max_handshake_time=5000
rtmp.tcp_nodelay=true
rtmp.default_server_bandwidth=10000000
rtmp.default_client_bandwidth=10000000
rtmp.client_bandwidth_limit_type=2
rtmp.bandwidth_detection=true
rtmp.encoder_base_tolerance=5000
rtmp.encoder_drop_live_future=false
# traffic optimization hinting. to disable set traffic class set to -1
# low delay + high throughput == 24 (0x18)
rtmp.traffic_class=-1
# requested maximum length of the queue of incoming connections
rtmp.backlog=32
# the interval (seconds) between each throughput calculation
rtmp.thoughput_calc_interval=1
# enable use of the default mina acceptor
rtmp.default_acceptor=true
# pool sizes used when default acceptor is disabled
rtmp.initial_pool_size=0
rtmp.max_pool_size=2
rtmp.max_processor_pool_size=16
rtmp.executor_keepalive_time=60000
mina.logfilter.enable=false# RTMPS
rtmps.host=0.0.0.0
rtmps.port=8443
rtmps.ping_interval=5000
rtmps.max_inactivity=60000
rtmps.max_keep_alive_requests=-1
rtmps.max_threads=20
rtmps.acceptor_thread_count=2
rtmps.processor_cache=20
# RTMPS Keystore Password
rtmps.keystorepass=password# RTMPT
rtmpt.host=0.0.0.0
rtmpt.port=8088
rtmpt.ping_interval=5000
rtmpt.max_inactivity=60000
rtmpt.max_handshake_time=5000
rtmpt.max_keep_alive_requests=-1
rtmpt.max_threads=20
rtmpt.acceptor_thread_count=2
rtmpt.processor_cache=20
rtmpt.encoder_base_tolerance=5000
rtmpt.encoder_drop_live_future=true
# better setting for streaming media
rtmpt.target_reponse_size=32768
# best setting for small messages or shared objects
#rtmpt.target_reponse_size=8192
# max incoming messages to process at a time. the most that FP appears to send is 166
rtmpt.max_in_msg_process=166
# max time in millis that we will wait when offering data to the in or out queue
rtmpt.max_queue_offer_time=125
# max offer attempts
rtmpt.max_queue_offer_attempts=4
# Debug proxy (needs to be activated in red5-core.xml)
proxy.source_host=127.0.0.1
proxy.source_port=1936
proxy.destination_host=127.0.0.1
proxy.destination_port=1935
# JMX
jmx.rmi.host=localhost
jmx.rmi.port=9999
jmx.rmi.port.remoteobjects=
jmx.keystorepass=password
jmx.mina.monitor.enable=true
jmx.mina.poll.interval=1000
jmx.registry.create=true
jmx.reuse.existing.server=true
# Server properties
# max events to send in a single update
so.max.events.per.update=64
keyframe.cache.entry.max=500
war.deploy.server.check.interval=600000
fileconsumer.delayed.write=true
fileconsumer.queue.size=21
subscriberstream.buffer.check.interval=5000
subscriberstream.underrun.trigger=100
broadcaststream.auto.record=false
/usr/lib/red5/webapps/openmeetings/config.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<config
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="config.xsd"><!-- URL/IP to use for the Server for RTMP and RTMPT traffic.
If this value is empty it will try to connect to the
domain-name the OpenMeetings-Client has been loading from
Can be either and IP or a domain name.
For example:
<rtmphostlocal>192.168.254.182</rtmphostlocal>
or
<rtmphostlocal>mysubdomain.streaming.to</rtmphostlocal>
-->
<rtmphostlocal></rtmphostlocal>
<!-- URL/IP to use for the Server for HTTP and HTTPS traffic.
If this value is empty it will use the rtmphostlocal
variable (and in that way try to connect to the
domain-name the OpenMeetings-Client has been loading from)
-->
<httphostlocal></httphostlocal>
<!--
Port to use for the Server
To this port the default server lookup is done
You can find all this configuration in your red5-Config in: $RED5_HOME/conf/red5.properties
-->
<rtmpport>1935</rtmpport>
<!--
Port to use for the Server
To this port the fallback is done once the default rtmport failed
this should workaround 99% of all firewalls
-->
<rtmpTunnelport>8088</rtmpTunnelport>
<rtmpsslport>443</rtmpsslport>
<!--
Wether it should try to connect to rtmps first or not
Valid values: yes / no
NOTE: The OSx and Linux Flash Player are NOT able to connect via rtmps
The support for Windows is experimental
-->
<useSSL>no</useSSL><!--
Port to use for the Server
This port is used to connect to the http-servlet
of the red5-servlet
-->
<red5httpport>5080</red5httpport><!--
The protocol to use for the http connections
for example upload/download of files
-->
<protocol>http</protocol><!--
The setting for the NetConnection
default settings is "none"
set to value "best" if you are trying to use rtmp over native SSL
see: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/NetConnection.
html#proxyType
-->
<proxyType>none</proxyType><!--
Name of the Application
this is the Top-Icon Name of the Application
-->
<currentappname>Apache OpenMeetings</currentappname><!--
URL to the Home of the Application
this is the URL which is used if you click on the Top-icon
-->
<currentappnameurl>http://openmeetings.apache.org</currentappnameurl><!--
Should APP name and/or logo be displayed
-->
<appdisplay>
<displayelement name="logo" display="true" x="5" y="5"/>
<displayelement name="name" display="true" x="140" y="10"/>
</appdisplay><!--
URL to Bugs/Support
this is the URL which is used if you click on *report a bug*
-->
<currentappnamebugurl>https://issues.apache.org/jira/browse/OPENMEETINGS</currentappnamebugurl><!--
Video-Settings
Number that specifies the amount of sound required to activate the microphone
Acceptable values from 0 to 100.
this value is used in Audio_Streaming, at which the *activity-meter* will
send a notification for all connected hosts of a conference
the result of this notification is that you see the green-light highlighted if
a remote user is speaking
-->
<loudnessAcitviation>0</loudnessAcitviation><!--
OpenMeetings-Webapp Name
This is the name of the WebApp the Client will try to connect
in former versions (till 0.5 Beta7) the name was xmlcrm
the same param kann be find in the webapp in the Red5-Webapp
red5-web.properties
web.xml
-->
<webAppRootKey>openmeetings</webAppRootKey><!--
We need this additional ROOT-Key as we have to deploy the application
as Global Contex Root.
If the rtmpt issues is solved sothat several Webapps can use different RTMPT connection
we might change this value again to its origin / webapp-context-->
<httpRootKey>/openmeetings/</httpRootKey>
<!--
Window-Effect Settings
showWindowEffect-values:
y = yes
n = no
showWindowEffectOpacity-values
between 0 and 1
-->
<showWindowEffect>n</showWindowEffect><!--
Show the recorder buttons in the Conference Rooms
visible = yes
hidden = no
-->
<showRecording>hidden</showRecording><!--
To enable the modern whiteboard Panel you need to switch this to y
old menu bar is not active any more
<showmodernWhiteBoard>y</showmodernWhiteBoard>
--><!--
First day in the Week used by the Calendar
0 means Sunday
1 means Monday
this is the way how the calendar UI shows a week
-->
<firstdayinweek>0</firstdayinweek><!--
#############################################################################
Audio and Video Settings
Before you change settings here,
you should first Play and learn how the Settings work in the Documentation:
http://code.google.com/p/openmeetings/wiki/AudioVideoTestingApplication
#############################################################################
--><!-- Camera Settings for codecType
codecType possible values:
h263
h264
If you want to use red5sip, set value to "h264"
-->
<codecType>h264</codecType><!-- Camera Settings for the FramesPerSecond
fps:Number [optional] - The requested rate at which the camera should capture
data, in frames per second. The default value is 15.
-->
<framesPerSecond>30</framesPerSecond>
<!-- Camera Settings for the Bandwidth:
bandwidth:Number [optional] - An integer that specifies the maximum amount
of bandwidth that the current outgoing video feed can use, in bytes per second.
To specify that Flash video can use as much bandwidth as needed to maintain
the value of frameQuality, pass 0 for bandwidth. The default value is 16384.
-->
<!-- These are the settings for the Quality-Modus *normal*
The Quality-Modus can be chosen in the Login-Box -->
<bandwidthNeededNormal>16384</bandwidthNeededNormal>
<!-- These are the settings for the Quality-Modus *best* -->
<bandwidthNeededBest>0</bandwidthNeededBest>
<!-- Camera Settings for the Qualityquality:Number [optional] - An integer that specifies the required level of
picture quality, as determined by the amount of compression being applied to
each video frame. Acceptable values range from 1 (lowest quality, maximum
compression) to 100 (highest quality, no compression). To specify that picture
quality can vary as needed to avoid exceeding bandwidth, pass 0 for quality.
The default value is 0.
-->
<!-- These are the settings for the Quality-Modus *normal* -->
<camQualityNormal>85</camQualityNormal>
<!-- These are the settings for the Quality-Modus *best* -->
<camQualityBest>90</camQualityBest>
<!-- Microphone Settings for the Rate:
rate:Number -
The rate at which the microphone should capture sound, in kHz.
Acceptable values are 5, 8, 11, 22, and 44.
The default value is 8 kHz if your sound capture
device supports this value. Otherwise, the default value
is the next available capture level above 8 kHz that your sound
capture device supports, usually 11 kHz.
-->
<!-- Microphone Settings Quality-Modus -->
<microphoneRateBest>22</microphoneRateBest><!-- AEC configuration value
Specifies the echo path length (in milliseconds). A longer echo path means better
echo cancellation but also introduces longer delays and requires more processing power.
The default value is 128; the only other possible value is 256.
To disable AEC please specify 0.
-->
<echoPath>128</echoPath><!--
Set "true" or "false" to enable/disable microphone echo suppression
-->
<echoSuppression>true</echoSuppression>
<!--
The Size of the Whiteboard
The Whiteboard has scrollbars so you may increase the size without problems
-->
<defaultWhiteboardWidth>2400</defaultWhiteboardWidth>
<defaultWhiteboardHeight>1200</defaultWhiteboardHeight><!-- Available Configurations -->
<availableCameraResolutions>
<resolution type="4:3 (~6 KByte/sec)" width="40" height="30" isDefault="false" />
<resolution type="4:3 (~12 KByte/sec)" width="80" height="60" isDefault="false" />
<resolution type="4:3 (~20 KByte/sec)" width="120" height="90" isDefault="true" />
<resolution type="QQVGA 4:3 (~36 KByte/sec)" width="160" height="120" isDefault="false" />
<resolution type="4:3 (~40 KByte/sec)" width="240" height="180" isDefault="false" />
<resolution type="HVGA 4:3 (~56 KByte/sec)" width="320" height="240" isDefault="false" />
<resolution type="4:3 (~60 KByte/sec)" width="480" height="360" isDefault="false" />
<resolution type="4:3 (~68 KByte/sec)" width="640" height="480" isDefault="false" />
<resolution type="XGA 4:3" width="1024" height="768" isDefault="false" />
<resolution type="16:9" width="256" height="150" isDefault="false" />
<resolution type="WQVGA 9:5" width="432" height="240" isDefault="false" />
<resolution type="pseudo 16:9" width="480" height="234" isDefault="false" />
<resolution type="16:9" width="512" height="300" isDefault="false" />
<resolution type="nHD 16:9" width="640" height="360" isDefault="false" />
<resolution type="16:9" width="1024" height="600" isDefault="false" />
</availableCameraResolutions>
<!-- Module Configuration --><!-- #############################################
Admin Modules
--><adminModuleUser>userAdmin</adminModuleUser>
<adminModuleRoom>roomAdmin</adminModuleRoom>
<adminModuleOrg>orgAdmin</adminModuleOrg>
<adminModuleLanguages>languagesEditor</adminModuleLanguages>
<adminModuleConnections>roomClient</adminModuleConnections>
<adminModuleConfiguration>confAdmin</adminModuleConfiguration>
<adminModuleBackup>backupContent</adminModuleBackup>
<adminModuleLDAP>ldapAdmin</adminModuleLDAP>
<adminModuleServers>serversAdmin</adminModuleServers>
<!-- #############################################
Moderator Modules
--><moderatorModuleUser>userModerate</moderatorModuleUser>
<moderatorModuleRoom>roomModerate</moderatorModuleRoom>
<!-- #############################################
Dashboard Modules
--><dashboardModuleStartScreen>mainDashboard</dashboardModuleStartScreen>
<dashboardModuleCalendar>lzCalendar</dashboardModuleCalendar>
<!-- Conference Room Modules --><conferenceModuleRoomList>allmeetings</conferenceModuleRoomList>
<!-- #############################################Conference Room
Room Layout's: flexibleConferenceRoom,conferenceView
--><conferenceRoomModule>flexibleConferenceRoom</conferenceRoomModule>
<!-- #############################################
Event Room
Room Layouts: flexibleRestrictedConferenceRoom,restrictedConferenceRoom
-->
<restrictedRoomModule>restrictedConferenceRoom</restrictedRoomModule>
<!-- #############################################
Interview Room
Room Layouts: interviewConferenceRoom
-->
<interviewRoomModule>interviewConferenceRoom</interviewRoomModule><!-- #############################################
Event Room Modules
--><recordModule>lzRecordContent</recordModule>
<!-- #############################################
Profiles Panel Modules
--><userSettingsModule>userSettings</userSettingsModule>
</config>
And the ssl vhost on the reverse proxy:
<virtualhost *:443>
ServerAdmin ad...@mydomain.com
ServerName openmeetings.mydomain.com
ProxyRequests on
ProxyPreserveHost On
# RewriteEngine On
RequestHeader set Front-End-Https "On"
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass / http://192.168.1.241:5080/openmeetings/
ProxyPassReverse / http://192.168.1.241:5080/openmeetings/
SSLEngine on
SSLProxyEngine On
SSLProtocol all -SSLv2
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
SSLCertificateFile /etc/ssl/mydomain.com.cert
SSLCertificateKeyFile /etc/ssl/private/mydomain.com.key
SSLCACertificateFile /etc/ssl/mydomain.com.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.meetings.mydomain.com.log
CustomLog ${APACHE_LOG_DIR}/access.meetings.mydomain.com.log combined
</VirtualHost>
any idea? and for the rtmpt? i have to create a vhost too?
thanks for your answer
Daniel
WBR
Maxim aka solomax