bigjohnson
commented
3 years ago I've just embedded it on a https site behind an apache webserver that act as a reverse proxy with autentication and works great!
Open ofadam opened 3 years ago
bigjohnson
commented
3 years ago I've just embedded it on a https site behind an apache webserver that act as a reverse proxy with autentication and works great!
tlonovoi
commented
1 year ago how did you do that?...
bigjohnson
commented
1 year ago <VirtualHost *:443>
# General setup for the virtual host
DocumentRoot "/htdocs/rtspstream.pippo.it"
ServerName rtspstream.pippo.it:443
#ServerAdmin admin@pippo.it
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine on
Alias "/.well-known/" "/htdocs/rtspstream.pippo.it/.well-known/"
Alias "/index.html" "/htdocs/rtspstream.pippo.it/index.html"
<Directory /htdocs/rtspstream.pippo.it>
AllowOverride None
Require all granted
</Directory>
ProxyPassMatch ^/.well-known/ !
ProxyPassMatch ^/index.html !
ProxyPassMatch ^/libs/ !
ProxyPassMatch ^/$ !
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLCertificateFile /etc/letsencrypt/live/rtspstream.pippo.it/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/rtspstream.pippo.it/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rtspstream.pippo.it/privkey.pem
ErrorLog /etc/httpd/logs/ssl_rtspstream.pippo.it.error.log
CustomLog /etc/httpd/logs/ssl_rtspstream.pippo.it.access.log ssllog env=!dontlog
CustomLog /etc/httpd/logs/ssl_rtspstream.pippo.it.request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_COMPRESS_METHOD}x \"%r\" %b %{cookie}n" env=!dontlog
<Location />
IndexOptions NameWidth=*
AuthName "Reserved area"
AuthType Basic
require user user
SSLRequireSSL
AuthBasicProvider "google_authenticator"
GoogleAuthUserPath /etc/httpd/ga_auth
GoogleAuthCookieLife 3600
GoogleAuthEntryWindow 2
</Location>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>OMG... so complicated we are using shared hosting, not sure we can implement it...
What would be the easiest/best way to get an HTTPS embed out of rtsp-stream? I'm running into issues embedding on a secure site.