I have set up a new cluster 12.10 with https offloading and migrated the data from my single server installation to the cluster.
For testing I have set the service domain name to my server ip in the hosts file on the server and client.
I am using Debian.
I have 2 issues know
#Login Admin console
If I login in Admin console I result in a (error code: API:-1)
May be there is a Service call to a https://… ?
The kmc works!
Batch Server
It seems that the batch servers are not working because my uploaded file for testing are not converting. How can I register them to my DB or cluster?. I tryied dpkg-reconfigure kaltura-batch and kaltura-base but nothing changed.
For Admin Console, what’s the output for:
# curl -I -v https://your.host/admin_console
?
Also, while making the request in the browser, from a root shell on the server, run:
# kaltlog
and take a look at the errors.
kaltlog is an alias defined in /etc/profile.d/kaltura-base.sh, if it’s not already sourced, source it with:
# . /etc/profile.d/kaltura-base.sh
note that there’s a space between ‘.’ and /etc/profile.d/kaltura-base.sh.
As for batch, first, check if the daemon is running with:
# service kaltura-batch status
and if not, look at /opt/kaltura/log/kaltura_batch.log to understand why not.
curl -I -v https://your.host/admin_console
-> no refused
because it not accessible with https only with http in my cluster
so can I assume it works if move to production an the https of the LB is accessible?
The batch service is running an do Error message in log.
It can work over HTTP as well, I wrote https because of your comment:
“May be there is a Service call to a https://… ?”
Anyhow, what’s the output for:
$ curl -I -v http://your.host/admin_console
what’s in /opt/kaltura/log/kaltura_batch.log and what’s outputted to STDOUT when running kaltlog and making the request to /admin_console?
the blocking of http comes from this mixed content:
Mixed Content: The page at 'https://tube.htwchur.ch/index.php/kmc/kmc4' was loaded over HTTPS, but requested an insecure script 'http://tube.htwchur.ch/lib/js/jquery-1.8.3.min.js'. This request has been blocked; the content must be served over HTTPS.
The key to successfully determining the protocol [http or https] when configuring ssl offloading is here:
/opt/kaltura/app/configurations/apache/kaltura.conf
SetEnvIf X-Forwarded-Proto https HTTPS=on
That is, if your LB sets the X-Forwarded-Proto to https, the above Apache config will set HTTPS to ‘on’ which is in turn checked through out our code to determine whether to use https as the protocol.
Does your LB correctly set it?
Also, look at: /opt/kaltura/app/configurations/admin.ini and make sure settings.serviceUrl is prefixed with “https://”.
I would also recommend going to Admin Console->Publishers->Your Partner Row->Actions->Configure and check both:
“Embed Code Default Protocol HTTPS”
“Force KMC HTTPS”
Thats must be obviously the reason. Our IT will check the LB soon, it is not under my control. Until then I have set the “HTTP on” manually in my apache config and it works more or less. I still got some mixed content at some points but I guess these are gone if the LB have been set properly.
During my latest installations on Debian I have found some bugs:
After installation of a batch machine the directoy /opt/kaltura/tmp was not set to the user kaltura:ww-data.
After configure a front-machine with ssl (on my test envronment) there was a missing word-wrap in front of CRT_FILE=… in the files local.ini and system.ini.
Are you able to reproduce this? Asking because local.ini does not need that directive at all and I don’t see anywhere in the post or pre install scripts that makes an attempt to insert that directive into local.ini either:
Thanks, Roger, now I understand. For deb [thanks to debconf] Apache CRT and KEY ENV vars are not needed in system.ini so I just removed the code that adds them from /var/lib/dpkg/info/kaltura-front.postinst.
These ENV vars are set in system.ini only for the benefit of the RPM postinst scripts since RPM does not support interactive input prompting during any of its package installation steps.