Looking for example of ssl.conf file

verdonv_1 · January 15, 2015, 1:47pm

Hi

I seem to be completely unable to get the configure scripts to allow me to configure ssl. Can any post the contents of their kaltura.ssl.conf file from a 9.x or newer install?

Thanks,
v

jess · January 15, 2015, 2:03pm

Hello,

When you run the install, it should prompt you like so:

Apache virtual hostname ]
(Must be accessible from both inside the machine and from any clients / browsers that will use Kaltura):

Vhost port to listen on [80]: 443

Is your Apache working with SSL?[Y/n]
Please input path to your SSL certificate[/etc/ssl/certs/localhost.crt]:

Please input path to your SSL key[/etc/pki/tls/private/localhost.key]:

Please input path to your SSL chain file or leave empty in case you have none:

Which port will this Vhost listen on? [443]

Just input your own certs of course, instead of the defaults.

verdonv_1 · January 15, 2015, 2:33pm

Hi Jess,

Thanks for replying. I just tried re-running
rm /opt/kaltura/app/base-config.lock
/opt/kaltura/bin/kaltura-base-config.sh

I did
Vhost port to listen on [80]: 443

…but was never asked the rest. I re-ran kaltura-front-config.sh and am then given the message “It is recommended that you do work using HTTPs. Would you like to continue anyway?[N/y]”, which is a dead end.

Now. My kaltura will not load at all… just the default apache page.

SO. My though is to either,

a) remove /etc/httpd/conf.d/ssl.conf and try again OR
b) completely remove kaltura and start again from scratch

If I start from scratch again, should I still remove /etc/httpd/conf.d/ssl.conf first?

I appreciate any wisdom you might have.

vern

Ps. I have checked and there is nothing about IS_SSL=Y/N in /etc/kaltura.d/system.ini either

jess · January 15, 2015, 2:48pm

Hi Vern,

You do not need to remove Kaltura, it is built so you can always reconfigure, I myself do it all the time:)
Please run:
# bash -x /opt/kaltura/bin/kaltura-front.sh
Answer the questions and paste the output here so I can better understand what’s happening.

Thanks

verdonv_1 · January 15, 2015, 3:39pm

Thanks Jess,

The output is nearly 6,000 lines, much of which is stuff like this
Handle 0x0042, DMI type 4, 35 bytes
Processor Information
Socket Designation: CPU socket #62
Type: Central Processor
Family: Unknown
Manufacturer: 000000000000
ID: 00 00 00 00 00 00 00 00
Version: Unknown Processor
Voltage: 3.3 V
External Clock: Unknown
Max Speed: 30000 MHz
Current Speed: Unknown
Status: Unpopulated
Upgrade: ZIF Socket
L1 Cache Handle: 0x00D0
L2 Cache Handle: 0x00D1
L3 Cache Handle: Not Provided
Serial Number: Not Specified
Asset Tag: Not Specified
Part Number: Not Specified

Do you want me to edit it a bit, or just paste it as is?

jess · January 15, 2015, 3:54pm

Lets be more specific:)
Edit kaltura-front-config.sh and put
set -x
before:
if [ -z “$IS_SSL” ];then

And then:
set +x
Before:
if [ -z “$CONFIG_CHOICE” ];then

Then run as usual without -x
This should narrow the output down a lot.

verdonv_1 · January 15, 2015, 4:43pm

Well, that’s a bit better. There was still some lines like above in there, but I have removed them. Here is what is left.

Something different did happen this time. I did get asked for port, but not for ssl file locations. It wrote something though, and wouldn’t start because of the default ssl.conf file clashing. I moved it, and tried to restart httpd. It did restart, but https will not work, and http is now pointing to the default apache page. Progress of a sort

I have put the ouput here, as it is too many characters for a forum post

https://verdonv.nipissingu.ca/output.txt

jess · January 15, 2015, 5:02pm

OK so, our problem starts here:

‘[’ -z false ‘]’
‘[’ false ‘!=’ Y -a false ‘!=’ 1 -a false ‘!=’ y -a false ‘!=’ true ‘]’

This is the output for:
if [ -z “$IS_SSL” ];then
and then
if [ “$IS_SSL” != ‘Y’ -a “$IS_SSL” != 1 -a “$IS_SSL” != ‘y’ -a “$IS_SSL” != ‘true’ ];then

This means that somewhere along the line, you have IS_SSL set to the value ‘false’.
It can come from multiple files the front-config.sh script sources these are:
/etc/kaltura.d/system.ini
/opt/kaltura/bin//kaltura-functions.rc
Or, an answer file you are passing the script but in this case, we know you are not using an answer file because you get prompts.

Can you please paste your /etc/kaltura.d/system.ini but mask passwds?

verdonv_1 · January 15, 2015, 5:44pm

That’s been confusing me too… I should say, I have run base and front config scripts several times since the install. I have also updated from 9.18 to 10.2.

more /etc/kaltura.d/system.ini

WEB_DIR=/opt/kaltura/web
LOG_DIR=/opt/kaltura/log
APP_DIR=/opt/kaltura/app
BASE_DIR=/opt/kaltura

PHP_BIN=/usr/bin/php
OS_KALTURA_USER=kaltura

MAILTO=verdonv@nipissingu.ca
ADMIN_CONSOLE_ADMIN_MAIL=verdonv@nipissingu.ca

DB1_HOST=127.0.0.1
DB1_NAME=kaltura
DB1_USER=kaltura
DB1_PASS=xxx

DWH_HOST=127.0.0.1
DWH_PORT=3306
DWH_USER=etl
DWH_PASS=xxx
SERVICE_URL=http://kmedia.nipissingu.ca:80
SPHINX_HOST=127.0.0.1
DB1_PORT=3306
SUPER_USER=root
SUPER_USER_PASSWD="xxx"
KALTURA_VIRTUAL_HOST_NAME=kmedia.nipissingu.ca
RED5_HOST=kmedia.nipissingu.ca

verdonv_1 · January 21, 2015, 6:24pm

It ultimately turned out to be the :80 specified in the SERVICE_URL that was causing the front-config file to not ask me setup questions for adding SSL after the fact.