David, we do a similar thing at our site, below are some of the important answers I have to questions and a note I have about a change we have to make at the end. So libmedia is our front facing ssl server, and kaltura is behind the scenes.
Here’s notes on how to configure Kaltura behind our TLS proxy (libmedia:8443)
- The CDN host setting should be libmedia.willamette.edu:8443. Within the local.ini file, this will set cdn_host and cdn_host_https.
- The answer to “Your Kaltura Service URL” should be https://libmedia.willamette.edu:8443. Within the local.ini file, this will configure several URLs to use the proxy. An entry for the service URL is also added to system.ini.
- The answer to “Apache virtual hostname” would ideally be set to libmedia.willamette.edu:8443, the answer to “Vhost port to listen on” would be “80”, the answer to the later question “Is your Apache working with SSL?[Y/n]” would be NO. HOWEVER, as noted above, the virtual hostname cannot contain a port number (because the “:” breaks the monit configuration script). The solution is to set the hostname to “kaltura.willamette.edu” and then update local.ini as described. Most URLs in local.ini are configured using the virtual hostname. The virtual hostname is ALSO added to /opt/kaltura/app/configurations/system.ini; it is ok (apparently) to leave this setting as “kaltura.willamette.edu.” The system.ini setting is not involved in constructing URL paths…and the actual hostname may be required (or at least sensible) in the system configuration.
- We do not configure the host to use SSL. But we do proxy through a TLS/SSL server (libmedia:8443).
These are the values we set in the system.ini file: