Kaltura management console error

#1

hi, i have installed kaltura on ubuntu 16.04 server.
the installation was successful but I am unable to enter the admin. blank page with An error occurred
(error code: API: -1).
I installed kaltura with ssl.
what can I check to find the problem? thanks for the support.
best regards

#2

Hello @sincerbex,

First of all, please ensure that:

# curl -I -v $SERVICE_URL -L

returns correctly. If not, whatever the issue is, it needs to be addressed.

Assuming that request returns a HTTP 200, to understand the root cause for the failure, in a root shell on the server, run:

# . /etc/profile.d/kaltura*base.sh
# kaltlog

Then make the request and look at the errors being outputted. Once you have these, open the relevant log file [most probably /opt/kaltura/log/kaltura_apache_errors_ssl.log or /opt/kaltura/log/kaltura_api_v3.log], locate the final error and trace back to the beginning of the flow. Paste the stack trace here.

In parallel, open the dev tools in your browser and look for errors in the “console” and “network” tabs. Paste your findings and we’ll take it from there.

#3

hi @jess,
Thanks for the reply!
I re-run the installation on centos, I found the same problem and I solved it by removing the comment from settings.clientConfig.verifySSL = false in the file /opt/kaltura/app/configurations/admin.ini. now I can log in.
now I have another problem.
if I create a live stream entry, the encoder communicates with the server but the player is offline.
what could be the problem?
I also noticed that the server receives traffic from unknown hosts using so much bandwidth.
best regards

#4

Hi @sincerbex,

See Install SSL on existing kaltura setup cause application error.

#5

hi @jess,
thanks for the support!
in /etc/httpd/conf.d/zzzkaltura.ssl.conf I replaced @SSL_CERTIFICATE_FILE@ and @SSL_CERTIFICATE_KEY_FILE@ with related certificate file patches. its correct?
the command apachectl -t -DDUMP_VHOSTS return:

Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
VirtualHost configuration:
xx.xx.xxx.xx:* sub.domain.com (/etc/httpd/conf.d/zzzkaltura.ssl.conf:22)
*:443 sub2.domain.com (/etc/httpd/conf.d/ssl.conf:56)

The $SERVICE_URL is already set with https.

my impression is that the certificates are loaded correctly, I don’t receive any error from the browser

#6

Hello @sincerbex,

Does the below now return correctly with a HTTP 200 response?

# curl -I -v $SERVICE_URL -L

If so, what is the current problem you’re facing and what errors do you see in the log files? Any errors in the JS console or failing requests in the “Network” tab?

#7

hi @jess,
this is the output of curl:

[sincerbex@streaming ~]$ curl -I -v https://sub.domain.com -L
* About to connect() to sub.domain.com port 443 (#0)
*   Trying xx.xx.xxx.xx...
* Connected to sub.domain.com (xx.xx.xxx.xx) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=sub.domain.com
*       start date: mag 15 00:00:00 2019 GMT
*       expire date: mag 14 12:00:00 2020 GMT
*       common name: sub.domain.com
*       issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
* Peer's Certificate issuer is not recognized.
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.

the Peer’s Certificate is private key?

best regards

#8

Hello @sincerbex,

Did you correctly set the SSLCACertificateFile directive to point to your CA cert?

Looks as though you haven’t…

#9

hi @jess,
no, I commented this directive. this is a private key?

#10

Hi @sincerbex,

No. The SSLCertificateKeyFile directive should point to the private key, SSLCertificateFile should point to the cert and SSLCACertificateFile should point to the CA cert.

According to your curl output, you’re using DigiCert. If so - See https://www.digicert.com/digicert-root-certificates.htm

#11

hi @jess ,
if add SSLCACertificateFile /home/sincerbex/DigiCertGlobalRootCA.crt the httpd does not restart

#12

hi @jess,
same problem whit SSLCertificateChainFile

#13

ok @jess,
now restart httpd is done!
i have uncomment SSLCertificateChainFile /home/sincerbex/DigiCertGlobalRootCA.crt in /etc/httpd/conf.d/zzzkaltura.ssl.conf but curl return:

[sincerbex@streaming ~]$ curl -I -v https://sub.domain.com -L
* About to connect() to sub.domain.com port 443 (#0)
*   Trying xx.xx.xxx.xx...
* Connected to sub.domain.com (xx.xx.xxx.xx) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=sub.domain.com
*       start date: mag 15 00:00:00 2019 GMT
*       expire date: mag 14 12:00:00 2020 GMT
*       common name: sub.domain.com
*       issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
* Peer's Certificate issuer is not recognized.
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.
#14

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

#15

ok @jess,
now curl return HTTP 200

 curl -I -v https://sub.domain.com -L
* About to connect() to sub.domain.com port 443 (#0)
*   Trying xx.xx.xx.xxx...
* Connected to sub.domain.com (xx.xx.xx.xxx) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=sub.domain.com
*       start date: mag 15 00:00:00 2019 GMT
*       expire date: mag 14 12:00:00 2020 GMT
*       common name: sub.domain.com
*       issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: sub.domain.com
> Accept: */*
>
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Date: Mon, 20 May 2019 17:43:41 GMT
Date: Mon, 20 May 2019 17:43:41 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
< Location: https://sub.domain.com/start/index.php
Location: https://sub.domain.com/start/index.php
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1

<
* Connection #0 to host sub.domain.com left intact
* Issue another request to this URL: 'https://sub.domain.com/start/index.php'
* Found bundle for host sub.domain.com: 0xb79ee0
* Re-using existing connection! (#0) with host sub.domain.com
* Connected to sub.domain.com (xx.xx.xx.xxx) port 443 (#0)
> HEAD /start/index.php HTTP/1.1
> User-Agent: curl/7.29.0
> Host: sub.domain.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Mon, 20 May 2019 17:43:41 GMT
Date: Mon, 20 May 2019 17:43:41 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
< X-Powered-By: PHP/5.4.16
X-Powered-By: PHP/5.4.16
< X-Me: sub.domain.com
X-Me: sub.domain.com
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8

<
* Connection #0 to host sub.domain.com left intact

passed this step the rtmp streaming player should go online?
thanks

#16

Hi @sincerbex,

For RTMP streaming, see https://github.com/kaltura/platform-install-packages/blob/Orion-15.0.0/doc/nginx-rtmp-live-streaming.md

Cheers,

#17

hi @jess,
i have set /opt/kaltura/nginx/conf/nginx.conf

rtmp {
    server {
        listen 1936; # Listen on standard RTMP port
        chunk_size 4000;

        # This application is to accept incoming stream
        application kLive {
                live on; # Allows live input from above

                # ADAPTIVE BITRATE SUPPORT
                # Once the stream is alive, transcode for adaptive streaming
                # This single ffmpeg command takes the input and transforms
                # the source into 4 different streams with different bitrate
                # and quality. The scaling done here respects the aspect
                # ratio of the input.

                # This is commented by default as it is CPU and RAM intensive
                # If you opt to enable it, ensure you have sufficient resources.

                #exec /opt/kaltura/bin/ffmpeg -i rtmp://streaming.ermeslink.com:1936/$app/$name -async 1 -vsync -1
                #        -c:v libx264 -b:v 256k -b:a 32k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://streaming.ermeslink.com:1936/kLive/$name_low
                #        -c:v libx264 -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://streaming.ermeslink.com:1936/kLive/$name_mid
                #        -c:v libx264 -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://streaming.ermeslink.com:1936/kLive/$name_high
                #        -c:v libx264 -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://streaming.ermeslink.com:1936/kLive/$name_hd720
                #        -c copy -f flv rtmp://streaming.ermeslink.com:1936/kLive/$name_src;

                dash on;
                dash_path /var/tmp/dashme;

                hls on; # Enable HTTP Live Streaming
                # Instruct clients to adjust resolution according to bandwidth
                hls_variant _low BANDWIDTH=288000; # Low bitrate, sub-SD resolution
                hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
                hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
                hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution
                hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution

                hls_cleanup on;
                hls_sync 100ms;
                hls_fragment 2s;
                hls_playlist_length 300m;
                hls_path /var/tmp/hlsme/;
 # Enable recording archived files of each stream
                record all;
                # This does not need to be publicly accessible since we'll convert and publish the files later
                record_path /var/tmp/rec;
                record_suffix _%Y-%m-%d_%H-%M-%S.flv;
                record_lock on;

                # Define the two scripts that will run when recording starts and when it finishes
                exec_publish /opt/kaltura/bin/create_live_entry.php $args;
                exec_record_done /opt/kaltura/bin/upload_live_recording.php $args $path;
    }
    }

but stream not working :frowning: