Problem Deploying Kaltura SSL Cluster on Centos

Hello,

I have posted this question as comment on github (https://github.com/kaltura/server/issues/1935), but I would like to ask more questions regarding SSL in cluster.
Which SSL method is best for kaltura? Is it using SSL termination or SSL passthrough?

I tried using SSL termination, all the cluster member run in HTTP mode, but got KMC flash problem when browser requested a javascript which has URL like (I don’t remember the exact URL) “http://mydomain.local:80/lib/js/swfObject.js”.
Which in turn causing error if using SSL, it called ‘mixed content’.

I also tried to auto redirect HTTP URL to HTTPS in loadbalancer (haproxy), but it created another problem because the URL of that javascript request contains ‘:80’, which result in “https://mydomain.local:80/lib/js/swfObject.js” (invalid URL).

Meanwhile if using SSL passthrough, I got problem passing the request hostname to cluster’s front node virtual host.

Here’s my cluster description:

  • 1 haproxy loadbalancer
  • 2 front node
  • 1 batch node
  • 1 sphinx node
  • 2 mysql server

Any advise will be appreciated.

Thanks,
Juraganet

Hello Juraganet,

The recommended setup is an LB working over SSL and then offloading to machines using HTTP.
Can you please provide the exact request that caused an issue so we can check?

Thanks,

Hello,
Thank you for your reply. I managed to setup haproxy using ssl-passthrough method.

But now I’m facing another problem that Kaltura sometimes loads external resources which is in non-HTTPS mode, here’s an example:
Blocked loading mixed active content “http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js”[Learn More] kmc1

Another problem is when accessing KMC from main page (not from admin console), I got this error on page other than the above error:
SyntaxError: expected expression, got ‘<’ kmc1:572:3

Please advise how to overcome the non-HTTPS external resources problem, because there are many other external resources which use non-HTTPS requested by Kaltura which lead to ‘mixed content’ error on browser.

Hello,

For the mixed content, please submit a full list of resources so we can correct it or better still, if you can fix it and submit a pull request to https://github.com/kaltura/server that would be even nicer:)

As for KMC, can you please check /opt/kaltura/log/* for errors?
You can use the kaltlog alias from the shell, just run kaltlog while making the request and take a look at the output/

"http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"
Founded in:
/opt/kaltura/app/alpha/apps/kaltura/modules/kmc/config/view.yml
/opt/kaltura/app/alpha/apps/kaltura/modules/system/templates/kcwUiConfEditorSuccess.php
/opt/kaltura/app/cache/alpha/kaltura/prod/config/modules_kmc_config_view.yml.php

I fixed it by changing “http://ajax.googleapis.com…” to “//ajax.googleapis.com…”

And the ‘<’ problem seems to be in:
/opt/kaltura/app/alpha/apps/kaltura/modules/kmc/templates/kmc1Success.php line: 642.

I tried to change the ‘<?’ to ‘<?php’, but looks like I’m doing it wrong, and result in another error :stuck_out_tongue:

Hello,

You’ve done the exact right thing:)
David Bezemer already made a pull request on that:
https://github.com/DBezemer/server/commit/aef92b7aa88cb48ff14be21e6a2d3fd0adfd9053
So should be good for the next ver.
What is the current error?

1 Like

Hello,
Thanks to David Bezemer and you for the fix.
Unfortunately now it shows blank page (no content at all).

Error in kaltlog:

PHP Parse error: syntax error, unexpected $end in /opt/kaltura/app/alpha/apps/kaltura/modules/kmc/templates/kmc1Success.php on line 1101, referer: https://kaltura.mydomain.local/kmc

I’m not sure why this error occured because line 1101 is not exist at all (it’s end of file)

Hello,

Will check. Did you take the entire file from the pull request?
Thanks,

Hello,

I downloaded this kmc1Success.php: https://github.com/DBezemer/server/blob/aef92b7aa88cb48ff14be21e6a2d3fd0adfd9053/alpha/apps/kaltura/modules/kmc/templates/kmc1Success.php
Or should I download another file?

I’m wondering why other people not experiencing same issue. Meanwhile this kmc1Success.php is important to load the KMC portal page. Is there any other way to switch or not using km11Success.php?