5

I am trying to install Apache OpenMeetings. I however wants to use Nginx as the reverse proxy to run the application on port 443 using Let's Encrypt free SSL.

If I try to load the application on port 5080, I successfully get the interface, but when try using the domain name on port 443 HTTPS, It is not loading the resources.

Image with Errors.

Here's my nginx virtual host file.

upstream openmeetings {
server 127.0.0.1:5080;
}

server {
    listen 80;
    server_name openmeetings.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name openmeetings.example.com;

    ssl_certificate           /etc/letsencrypt/live/openmeetings.example.com/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/openmeetings.example.com/privkey.pem;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log  /var/log/nginx/openmeetings.access.log;

location / {
        proxy_pass http://openmeetings;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;
    }
  }
Campo Popo
  • 51
  • 3
  • Did you write literally `proxy_pass http://openmeetings;` or are you just trying to hide your local domain name? – Dima Chubarov Jan 30 '18 at 05:09
  • I just want to run this application on `https://openmeetings.mydomain.com`instead of `http://openmeetings.mydomain.com:5080`. , I was just trying this configuration but it does not work. Some websocket problem I guess. If you can help with the Nginx configuration, I will be thankful. – Campo Popo Jan 30 '18 at 10:33
  • what openmeetings version is it? 5? – Psychozoic Apr 08 '19 at 21:07

2 Answers2

0

I faced same problem. (vit Openmeetings 5.0.0-M4) I found next:

Openmeetings use ajax over WebSocket.

adding 

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

to http section

and

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

to location

It solve status 400 problem

Then I meet problem with Content Security Policy

I feel like connect-src policy configured automatic on first connect to server. So after change used domain I need restart Openmeetings.

Problem with media stream play

On Check setup recording produce long browser console message ending with

onaddstream is deprecated! Use peerConnection.ontrack instead.

...

Remote ICE candidate received

Look like it incompatibility with old Firefox 54.0 on Linux

On latest Firefox 75.0 on Windows it works!

mmv-ru
  • 219
  • 6
  • 13
0

It is also necessary to rewrite server.xml referring to

nginx managed SSL with Tomcat 7

<Valve className="org.apache.catalina.valves.RemoteIpValve"
           remoteIpHeader="x-forwarded-for"
           remoteIpProxiesHeader="x-forwarded-by"
           protocolHeader="x-forwarded-proto"
    />
makoyuki
  • 1
  • 1