-
-
Notifications
You must be signed in to change notification settings - Fork 989
HTTPS WSS
Paul Gregoire edited this page Sep 12, 2017
·
1 revision
To serve pages with HTTPS in red5, simply modify your conf/jee-container.xml file to mimic an existing Tomcat server.xml connector properties, or set keyAlias, keystoreFile, and keystorePass as shown below in your "tomcat.server" bean.
If your Tomcat server.xml looks like this:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat7/keystore.jks" keystorePass="mysupersecretpassword"
keyAlias="my.serversfqdn.com" />
Setting the key alias to anything other than the default of "tomcat" must be configured via "keyAlias" connector property Your red5 server config (in conf/jee-container.xml) should resemble this:
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" depends-on="context.loader" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${http.port}" />
<property name="redirectPort" value="${https.port}" />
</bean>
<bean name="httpsConnector" class="org.red5.server.tomcat.TomcatConnector">
<property name="secure" value="true" />
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${https.port}" />
<property name="redirectPort" value="${http.port}" />
<property name="connectionProperties">
<map>
<entry key="port" value="${https.port}" />
<entry key="redirectPort" value="${http.port}" />
<entry key="SSLEnabled" value="true" />
<entry key="sslProtocol" value="TLS" />
<entry key="keyAlias" value="my.serversfqdn.com" />
<entry key="keystoreFile" value="/etc/tomcat7/keystore.jks" />
<entry key="keystorePass" value="mysupersecretpassword" />
<entry key="keystoreType" value="JKS" />
<entry key="clientAuth" value="false" />
<entry key="allowUnsafeLegacyRenegotiation" value="true" />
<entry key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
<entry key="useExecutor" value="true"/>
<entry key="maxThreads" value="${http.max_threads}"/>
<entry key="acceptorThreadCount" value="${http.acceptor_thread_count}"/>
<entry key="processorCache" value="${http.processor_cache}"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
</bean>
Don't forget to comment-out or remove the other, non-ssl "tomcat.server" bean
keytool -genkey -keyalg RSA -alias tomcat -keystore keystore.jks -storepass password -validity 360 -keysize 2048
keytool -export -alias tomcat -file tomcat.cer -keystore keystore.jks -storepass password -noprompt
keytool -import -trustcacerts -alias tomcat -file tomcat.cer -keystore truststore.jks -storepass password -noprompt
WORK-IN-PROGRESS