Hiya @jess
Still no luck I am afraid. The certificate chain is fine in the zzzkaltura.ssl.conf file below but it does seem like when I am running kaltura-front-config.sh it fails at something due to the virtual host not existing. See all below.
zzzkaltura.ssl.conf:
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
<IfVersion < 2.4>
SSLMutex default
</IfVersion>
<IfVersion >= 2.4>
Mutex sysvsem default
</IfVersion>
SSLCryptoDevice builtin
SSLCertificateFile /etc/letsencrypt/live/kaltura.xxxxxx.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/kaltura.xxxxxx.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/kaltura.xxxxxxx.com/chain.pem
<VirtualHost kaltura.xxxxxxx.com>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
ErrorLog "/opt/kaltura/log/kaltura_apache_errors_ssl.log"
CustomLog /opt/kaltura/log/kaltura_apache_access_ssl.log vhost_kalt
Include "/opt/kaltura/app/configurations/apache/conf.d/enabled.*.conf"
</VirtualHost>
Netstat:
[root@ip-172-26-7-33 ~]# netstat -plnt|grep httpd
tcp6 0 0 :::443 :::* LISTEN 16818/httpd
tcp6 0 0 :::80 :::* LISTEN 16818/httpd
Vhost Dump:
VirtualHost configuration:
35.176.20.56:* kaltura.scarlettentertainment.com (/etc/httpd/conf.d/zzzkaltura.ssl.conf:22)
*:443 ip-172-26-7-33.eu-west-2.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
Base Config:
kaltura-base-14.14.0-14.noarch
Welcome to Kaltura Server 14.14.0 post install setup.
In order to finalize the system configuration, please input the following:
CDN hostname [ip-172-26-7-33.eu-west-2.compute.internal]:
The host will be accessed over http(s). In case your CDN operates on a non-default port, please input CDNHO
ST:PORT.
kaltura.xxxxxxxxxxxxxxxx.com:443
Apache virtual hostname [ip-172-26-7-33.eu-west-2.compute.internal]
(Must be accessible from both inside the machine and from any clients / browsers that will use Kaltura):
kaltura.xxxxxxxxxxxxxxxx.com
Vhost port to listen on [80]: 443
range of ip addresses belonging to internal kaltura servers [0.0.0.0-255.255.255.255]:
The range is used when checking service actions permissions and allowing to access certain services without
KS from the internal servers.
The default is only good for testing, on a production ENV you should adjust according to your network.
DB port [3306]: 3306
MySQL super user [only for install, default root]: root
Analytics DB hostname [127.0.0.1]:127.0.0.1
Analytics DB port [3306]:3306
Sphinx hostname [127.0.0.1]: 127.0.0.1
Media Streaming Server secondary host [ip-172-26-7-33.eu-west-2.compute.internal]: kaltura.scarlettentertai
nment.com
Secondary Sphinx hostname [leave empty if none]:
Your Kaltura Service URL [https://kaltura.xxxxxxxxxxxxxxxx.com]
(Base URL where the Kaltura API and Apps will be accessed from - this would be your Load Balancer URL on a
cluster or same as your virtual host in an all-in-one Kaltura server - Must be accessible from both inside
the machine and from any clients / browsers that will use Kaltura):
https://kaltura.xxxxxxxxxxxxxxxx.com
VOD packager hostname [ip-172-26-7-33.eu-west-2.compute.internal]: kaltura.xxxxxxxxxxxxxxxx.com
VOD packager port to listen on [88]: 88
Admin user login password (must be minimum 8 chars and include at least one of each: upper-case, lower-case
, number and a special character):
Confirm passwd:
Your time zone [see http://php.net/date.timezone], or press enter for [Zulu]: Zulu
Your Kaltura install name (this name will show as the From field in emails sent by the system) [Kaltura Vid
eo Platform]:Your website Contact Us URL [http://corp.kaltura.com/company/contact-us]: Your 'Contact us' ph
one number [+1 800 871 5224]:Checking MySQL version..
Ver 5.5.60-MariaDB found compatible
===========================================================================================================
=============
Kaltura install answer file written to /tmp/kaltura_13_03_09_52.ans - Please save it!
This answers file can be used to silently-install re-install this machine or deploy other hosts in your clu
ster.
===============
Front Config:
base-config completed successfully, if you ever want to re-configure your system (e.g. change DB hostname) run the following script:
# rm /opt/kaltura/app/base-config.lock
# /opt/kaltura/bin/kaltura-base-config.sh
kaltura-front-14.14.0-2.noarch
Is your Apache working with SSL?[Y/n]
Please input path to your SSL certificate[/etc/ssl/certs/localhost.crt]:
/etc/letsencrypt/live/kaltura.xxxxxxxxxxxxxxxx.com/cert.pem
Please input path to your SSL key[/etc/pki/tls/private/localhost.key]:
/etc/letsencrypt/live/kaltura.xxxxxxxxxxxxxxxx.com/privkey.pem
Please input path to your SSL CA file or leave empty in case you have none:
/etc/letsencrypt/live/kaltura.xxxxxxxxxxxxxxxx.com/chain.pem
Which port will this Vhost listen on? [443]
443
Please select one of the following options [0]:
0. All web interfaces
1. Kaltura Management Console [KMC], Hosted Apps, HTML5 lib and ClipApp
2. KAC - Kaltura Admin Console
Enabling Apache config - apps.conf
Enabling Apache config - var.conf
Enabling Apache config - admin.conf
========================================================================================================================
Kaltura install answer file written to /tmp/kaltura_13_03_09_54.ans - Please save it!
This answers file can be used to silently-install re-install this machine or deploy other hosts in your cluster.
========================================================================================================================
Redirecting to /bin/systemctl restart httpd.service
Note: Forwarding request to 'systemctl enable httpd.service'.
Note: Forwarding request to 'systemctl enable memcached.service'.
Redirecting to /bin/systemctl restart memcached.service
Restarting kaltura-monit (via systemctl): [ OK ]
PHP Fatal error: Uncaught exception 'KalturaClientException' with message 'failed to unserialize server result
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /api_v3/service/session/action/start was not found on this server.</p>
</body></html>
' in /opt/kaltura/apps/clientlibs/php5/KalturaClientBase.php:401
Stack trace:
#0 /opt/kaltura/apps/clientlibs/php5/KalturaClient.php(7013): KalturaClientBase->doQueue()
#1 /opt/kaltura/html5/html5lib/playkitSources/kaltura-ovp-player/create_playkit_uiconf.php(17): KalturaSessionService->start('01df9c586326581...', NULL, 2, '0')
#2 {main}
thrown in /opt/kaltura/apps/clientlibs/php5/KalturaClientBase.php on line 401
Batch Config:
kaltura-batch-14.14.0-1.noarch
base-config completed successfully, if you ever want to re-configure your system (e.g. change DB hostname) run the following script:
# rm /opt/kaltura/app/base-config.lock
# /opt/kaltura/bin/kaltura-base-config.sh
Note: Forwarding request to 'systemctl enable httpd.service'.
Redirecting to /bin/systemctl reload httpd.service
Note: Forwarding request to 'systemctl enable memcached.service'.
Redirecting to /bin/systemctl restart memcached.service
Starting kaltura-monit (via systemctl): [ OK ]
Nginx config:
kaltura-nginx-1.14.0-5.x86_64
Kaltura API host and port (without the protocol) [ip-172-26-7-33.eu-west-2.compute.internal:80]:
kaltura.xxxxxxxxxxxxxxxx.com:443
Nginx server name [ip-172-26-7-33.eu-west-2.compute.internal]:
kaltura.xxxxxxxxxxxxxxxx.com
Nginx port to listen on [88]: 88
RTMP port to listen on [1935]: 1935
Would you like to configure Nginx with SSL?[Y/n]Nginx SSL port to listen on [8443]: 8443
Nginx SSL cert: /etc/letsencrypt/live/kaltura.xxxxxxxxxxxxxxxx.com/cert.pem
Nginx SSL key: /etc/letsencrypt/live/kaltura.xxxxxxxxxxxxxxxx.com/privkey.pem
Note: Forwarding request to 'systemctl enable kaltura-nginx.service'.
Redirecting to /bin/systemctl reload kaltura-nginx.service
If I reconfigure back to non ssl everything works fine again but once ssl is configured it just defaults back to the apache default index page.
Thanks in advance.