Closed jhon181 closed 4 years ago
my worked config part with Letsencrypt. maybe help
<TLS>
<ChainCertPath>/etc/letsencrypt/live/domain.com/chain.pem</ChainCertPath>
<CertPath>/etc/letsencrypt/live/domain.com/cert.pem</CertPath>
<KeyPath>/etc/letsencrypt/live/domain.com/privkey.pem</KeyPath>
</TLS>
It is the same with Letsencrypt, the problem arises when I enable TLS in the configuration, it is how to block ovenmediaengine to be able to visualize, because to transmit with OBS it does not mark any error or problem
On the same server I have installed NGINX to test the certificate and that port 443 is enabled for secure connection, and it works very well, but when I stop the NGINX to run OVENMEDIAENGINE, then the problem that I mentioned earlier comes up.
It should be noted that OVENMEDIAENGINE works very well without TLS
@jhon181
Currently, OvenMediaEngine cannot enable both non-TLS and TLS ports at the same time.
If you enable TLS as above configuration, HLS/DASH still uses port 80.
Therefore, please change the port or try to insert port 80 explicity in the URL, like https://<your_host>:80/...
instead of https://<your_host>/...
.
You need to update your
@jhon181 Currently, OvenMediaEngine cannot enable both non-TLS and TLS ports at the same time. If you enable TLS as above configuration, HLS/DASH still uses port 80. Therefore, please change the port or try to insert port 80 explicity in the URL, like
https://<your_host>:80/...
instead ofhttps://<your_host>/...
.
This was, thank you very much, you must specify the port, if it is not done it does not work
@dimiden https works on 80 port? I see example at bottom of page. https://airensoft.gitbook.io/ovenmediaengine/streaming/hls-mpeg-dash
But in Server.xml i see 433 port for tls
<HLS>
<Port>${env:OME_HLS_STREAM_PORT:8080}</Port>
<!-- If you want to use TLS, specify the TLS port -->
<TLSPort>443</TLSPort>
</HLS>
<DASH>
<Port>${env:OME_DASH_STREAM_PORT:8080}</Port>
<!-- If you want to use TLS, specify the TLS port -->
<TLSPort>443</TLSPort>
</DASH>
Is this a mistake?
@Alexufo Oh, it's my mistake. HTTPS uses 443 port. I will update it soon.
I suppose we should add: If you working in docker do not forget to check opened ports (Container networking). I lost 1 day to find why ssl is not working. I forgot about it.
Or add default ssl ports to start docker install string.
There is no about ssl ports:
docker run -d \
-p 1935:1935 -p 4000-4005:4000-4005/udp -p 3333:3333 -p 8080:8080 -p 9000:9000 -p 10000-10010:10000-10010/udp \
airensoft/ovenmediaengine:latest
easy to forget moment.
I use default 8080 and 3333 ports for HTTPS due docker install default params.
@Alexufo I will add the contents to the manual. Thank you. :)
@Alexufo There is a limit to guiding Docker commands in the OvenMediaEngine manual. The docker command of "Getting Started" in the manual is just an example that allows you to quickly start OME with default settings. Docker fully guides you that you need to change the docker command when changing the port inside the container. Some people use the network as a host mode in docker container, so some people don't need port forwarding.
I will consider this problem more.
@getroot I suppose we should use default setting with https ready by default. night Firefox or night Chrome testing full blocking of non https websites
What do "night firefox" and "night chrome" mean? It doesn't make sense that they block all non https. Will it be in the future? I need more information.
Ohh... I found right news. https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https- FF test https only mode as non default param .
my worked config part with Letsencrypt. maybe help
<TLS> <ChainCertPath>/etc/letsencrypt/live/domain.com/chain.pem</ChainCertPath> <CertPath>/etc/letsencrypt/live/domain.com/cert.pem</CertPath> <KeyPath>/etc/letsencrypt/live/domain.com/privkey.pem</KeyPath> </TLS>
hello @cheluskin , Pls if you have steps/procedure on how to install certificate using Letsencrypt. thank you
Hi I am unable to configure TLS getting this error.
E [OvenMediaEngine:1] Certificate | certificate.cpp:47 | Failed to create a certificate for VirtualHost [default]: Reason: [default] Could not create a certificate from file - [OpenSSL] error:80000002:system library::No such file or directory (-2147483646)
Cert file path: origin_conf/osng01.multiplierapp.live.crt
Chain cert file path: origin_conf/osng01.multiplierapp.live.ca-bundle
Private key file path: origin_conf/privkey.pem
FYI I have please all the files with 777 permission at location.
<Host>
<Names>
<!-- Host names
<Name>stream1.airensoft.com</Name>
<Name>stream2.airensoft.com</Name>
<Name>*.sub.airensoft.com</Name>
<Name>192.168.0.1</Name>
-->
<Name>osng01.multiplierapp.live</Name>
</Names>
<TLS>
<CertPath>osng01.multiplierapp.live.crt</CertPath>
<KeyPath>privkey.pem</KeyPath>
<ChainCertPath>osng01.multiplierapp.live.ca-bundle</ChainCertPath>
</TLS>
</Host>
@shoaibzafar The comments you posted on #62 and #615 have already been resolved in the past. Furthermore, the problem you are facing is likely caused by a different reason, so please create a new issue.
Hello, I have the following problem: when I start the transmission with OBS and the TLS activated, I cannot connect to the player, but if I deactivate the TLS in ovenmediaengine, then it can already be displayed on the player, the strange thing is that the OBS It doesn't give any problem to transmit with TLS or without TLS, I don't know what error I might be making