Closed jhon181 closed 4 years ago
cheluskin
commented
4 years ago my worked config part with Letsencrypt. maybe help
<TLS>
<ChainCertPath>/etc/letsencrypt/live/domain.com/chain.pem</ChainCertPath>
<CertPath>/etc/letsencrypt/live/domain.com/cert.pem</CertPath>
<KeyPath>/etc/letsencrypt/live/domain.com/privkey.pem</KeyPath>
</TLS>
jhon181
commented
4 years ago It is the same with Letsencrypt, the problem arises when I enable TLS in the configuration, it is how to block ovenmediaengine to be able to visualize, because to transmit with OBS it does not mark any error or problem
jhon181
commented
4 years ago On the same server I have installed NGINX to test the certificate and that port 443 is enabled for secure connection, and it works very well, but when I stop the NGINX to run OVENMEDIAENGINE, then the problem that I mentioned earlier comes up.
It should be noted that OVENMEDIAENGINE works very well without TLS
dimiden
commented
4 years ago @jhon181
Currently, OvenMediaEngine cannot enable both non-TLS and TLS ports at the same time.
If you enable TLS as above configuration, HLS/DASH still uses port 80.
Therefore, please change the port or try to insert port 80 explicity in the URL, like https://<your_host>:80/... instead of https://<your_host>/....
dbContext
commented
4 years ago You need to update your
jhon181
commented
4 years ago @jhon181 Currently, OvenMediaEngine cannot enable both non-TLS and TLS ports at the same time. If you enable TLS as above configuration, HLS/DASH still uses port 80. Therefore, please change the port or try to insert port 80 explicity in the URL, like
https://<your_host>:80/...instead ofhttps://<your_host>/....
This was, thank you very much, you must specify the port, if it is not done it does not work
Alexufo
commented
3 years ago @dimiden https works on 80 port? I see example at bottom of page. https://airensoft.gitbook.io/ovenmediaengine/streaming/hls-mpeg-dash
But in Server.xml i see 433 port for tls
<HLS>
<Port>${env:OME_HLS_STREAM_PORT:8080}</Port>
<!-- If you want to use TLS, specify the TLS port -->
<TLSPort>443</TLSPort>
</HLS>
<DASH>
<Port>${env:OME_DASH_STREAM_PORT:8080}</Port>
<!-- If you want to use TLS, specify the TLS port -->
<TLSPort>443</TLSPort>
</DASH>Is this a mistake?
dimiden
commented
3 years ago @Alexufo Oh, it's my mistake. HTTPS uses 443 port. I will update it soon.
Alexufo
commented
3 years ago I suppose we should add: If you working in docker do not forget to check opened ports (Container networking). I lost 1 day to find why ssl is not working. I forgot about it.
Or add default ssl ports to start docker install string.
There is no about ssl ports:
docker run -d \
-p 1935:1935 -p 4000-4005:4000-4005/udp -p 3333:3333 -p 8080:8080 -p 9000:9000 -p 10000-10010:10000-10010/udp \
airensoft/ovenmediaengine:latesteasy to forget moment.
I use default 8080 and 3333 ports for HTTPS due docker install default params.
dimiden
commented
3 years ago @Alexufo I will add the contents to the manual. Thank you. :)
getroot
commented
3 years ago @Alexufo There is a limit to guiding Docker commands in the OvenMediaEngine manual. The docker command of "Getting Started" in the manual is just an example that allows you to quickly start OME with default settings. Docker fully guides you that you need to change the docker command when changing the port inside the container. Some people use the network as a host mode in docker container, so some people don't need port forwarding.
I will consider this problem more.
Alexufo
commented
3 years ago @getroot I suppose we should use default setting with https ready by default. night Firefox or night Chrome testing full blocking of non https websites
getroot
commented
3 years ago What do "night firefox" and "night chrome" mean? It doesn't make sense that they block all non https. Will it be in the future? I need more information.
Alexufo
commented
3 years ago Ohh... I found right news. https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https- FF test https only mode as non default param .
popseye
commented
1 year ago my worked config part with Letsencrypt. maybe help
<TLS> <ChainCertPath>/etc/letsencrypt/live/domain.com/chain.pem</ChainCertPath> <CertPath>/etc/letsencrypt/live/domain.com/cert.pem</CertPath> <KeyPath>/etc/letsencrypt/live/domain.com/privkey.pem</KeyPath> </TLS>
hello @cheluskin , Pls if you have steps/procedure on how to install certificate using Letsencrypt. thank you
shoaibzafar
commented
1 year ago Hi I am unable to configure TLS getting this error.
E [OvenMediaEngine:1] Certificate | certificate.cpp:47 | Failed to create a certificate for VirtualHost [default]: Reason: [default] Could not create a certificate from file - [OpenSSL] error:80000002:system library::No such file or directory (-2147483646)
Cert file path: origin_conf/osng01.multiplierapp.live.crt
Chain cert file path: origin_conf/osng01.multiplierapp.live.ca-bundle
Private key file path: origin_conf/privkey.pem
FYI I have please all the files with 777 permission at location.
<Host>
<Names>
<!-- Host names
<Name>stream1.airensoft.com</Name>
<Name>stream2.airensoft.com</Name>
<Name>*.sub.airensoft.com</Name>
<Name>192.168.0.1</Name>
-->
<Name>osng01.multiplierapp.live</Name>
</Names>
<TLS>
<CertPath>osng01.multiplierapp.live.crt</CertPath>
<KeyPath>privkey.pem</KeyPath>
<ChainCertPath>osng01.multiplierapp.live.ca-bundle</ChainCertPath>
</TLS>
</Host>@shoaibzafar The comments you posted on #62 and #615 have already been resolved in the past. Furthermore, the problem you are facing is likely caused by a different reason, so please create a new issue.
Hello, I have the following problem: when I start the transmission with OBS and the TLS activated, I cannot connect to the player, but if I deactivate the TLS in ovenmediaengine, then it can already be displayed on the player, the strange thing is that the OBS It doesn't give any problem to transmit with TLS or without TLS, I don't know what error I might be making
