Hi,
I installed Kaltura on HTTP and everything is OK but I would like to enable install SSL on Kaltura.
Should I just purchase an SSL and re-run /opt/kaltura/bin/kaltura-config-all.sh again ?
Should I do other things except above ?
Best Regards,
Amir
Hi @Kalhori,
Yes, purchase a valid SSL cert [it will not work well with a self signed one] or you can get a valid one for free from http://letsencrypt.org.
You should then rerun kaltura-config-all.sh and when asked about the Service URL input it with https.
Also, in the DB, the kaltura.delivery_profile table must be updated.
# mysql -h$DB1_HOST -u$DB1_USER -p$DB1_PASS $DB1_NAME
mysql> select id,name,url,host_name from delivery_profile;
And update the relevant urls.
Hi Jess,
Thank you for your reply.
Actually, First I updated kaltura.delivery_profile as below :
Then I use kaltura-config-all.sh for setting SSL but I got below Error : ( CentOS 7.2 - MariaDB Database )
Note: Forwarding request to ‘systemctl enable httpd.service’.
Redirecting to /bin/systemctl reload httpd.service
Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.
kaltura-batch-config.sh FAILED with: 1 on line 98
Archving logs to /opt/kaltura/log/log_13_10_16_09_37.tar.gz…
ERROR: /opt/kaltura/bin/kaltura-batch-config.sh failed:( You can re-run it when the issue is fixed.
Best Regards,
â— httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) (Result: exit-code) since Thu 2016-10-13 09:35:55 IRST; 14min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 7220 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=1/FAILURE)
Main PID: 6440 (httpd)
Status: "Total requests: 176; Current requests/sec: 0.5; Current traffic: 2.4KB/sec"
CGroup: /system.slice/httpd.service
├─6440 /usr/sbin/httpd -DFOREGROUND
├─6442 /usr/sbin/httpd -DFOREGROUND
├─6444 /usr/sbin/httpd -DFOREGROUND
├─6445 /usr/sbin/httpd -DFOREGROUND
├─6446 /usr/sbin/httpd -DFOREGROUND
├─6447 /usr/sbin/httpd -DFOREGROUND
├─7395 /usr/sbin/httpd -DFOREGROUND
├─7396 /usr/sbin/httpd -DFOREGROUND
└─7397 /usr/sbin/httpd -DFOREGROUND
Oct 13 09:35:54 video.dotin.com systemd[1]: Starting The Apache HTTP Server…
Oct 13 09:35:55 video.dotin.com systemd[1]: Started The Apache HTTP Server.
Oct 13 09:37:18 video.dotin.com httpd[7220]: httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error …ectory
Oct 13 09:37:18 video.dotin.com systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 13 09:37:18 video.dotin.com systemd[1]: Reload failed for The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
#journalctl -xe
– Unit user-48.slice has begun shutting down.
Hi @Kalhori,
Your issue starts here:
Oct 13 09:37:18 video.dotin.com httpd[7220]: httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error …ectory
So, what’s in line 353 of /etc/httpd/conf/httpd.conf?
Hi Jess,
This is the line 353 of /etc/httpd/conf/httpd.conf :
IncludeOptional conf.d/*.conf
Should I comment it ?
Best Regards,
The thing is there is nothing wrong with this directive…
It is meant to include all files under /etc/httpd/conf.d/*.conf when loading and you DO need these files.
The output you attached was cut off "Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error …ectory"
but it looks like it’s saying there is no such directory?
What is the output for:
# ls -al /etc/httpd/conf.d/
Hi Jess,
This the output :
[root@video ~]# ls -al /etc/httpd/conf.d/
total 40
drwxr-xr-x 2 root root 4096 Oct 13 09:37 .
drwxr-xr-x 5 root root 4096 Oct 4 12:48 …
-rw-r–r-- 1 root root 2926 Jul 18 20:00 autoindex.conf
-rw-r–r-- 1 root root 691 Aug 12 01:57 php.conf
-rw-r–r-- 1 root root 366 Jul 18 20:00 README
-rw-r–r-- 1 root root 9438 Jul 18 19:52 ssl.conf
-rw-r–r-- 1 root root 1252 Jul 18 19:52 userdir.conf
-rw-r–r-- 1 root root 824 Jul 18 19:52 welcome.conf
lrwxrwxrwx 1 root root 51 Oct 13 09:37 zzzkaltura.conf -> /opt/kaltura/app/configurations/apache/kaltura.conf
lrwxrwxrwx 1 root root 55 Oct 13 09:35 zzzkaltura.ssl.conf -> /opt/kaltura/app/configurations/apache/kaltura.ssl.conf
[root@video ~]#
Best Regards,
Hi @Kalhori,
This seems fine.
Anything in the Apache error log under /var/log/httpd/error_log, /var/log/httpd/ssl_error_log or /opt/kaltura/log/kaltura_apache_errors*.log?
Also, try:
# journalctl -u httpd.service --no-pager
and make sure you paste the full lines here. I am trying to understand what the full error is in “Oct 13 09:37:18 video.dotin.com httpd[7220]: httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error …ectory”
Lastly, what’s the output for:
# apachectl -t -DDUMP_VHOSTS
?
Hi Jess,
Thank you for following up this issue.
There is no error in "Oct 13 09:37:18 and this the output : journalctl -u httpd.service --no-pager
[root@video ~]# journalctl -u httpd.service --no-pager
Oct 15 13:16:35 video.dotin.com systemd[1]: Starting The Apache HTTP Server…
Oct 15 13:16:40 video.dotin.com httpd[1124]: httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 7 of /etc/httpd/conf.d/zzzkaltura.conf: Could not open config directory /etc/httpd/@APP_DIR@/configurations/apache/conf.d: No such file or directory
Oct 15 13:16:40 video.dotin.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 15 13:16:40 video.dotin.com kill[2525]: kill: cannot find process ""
Oct 15 13:16:40 video.dotin.com systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 15 13:16:40 video.dotin.com systemd[1]: Failed to start The Apache HTTP Server.
Oct 15 13:16:40 video.dotin.com systemd[1]: Unit httpd.service entered failed state.
Oct 15 13:16:40 video.dotin.com systemd[1]: httpd.service failed.
Oct 15 13:16:42 video.dotin.com systemd[1]: Starting The Apache HTTP Server…
Oct 15 13:16:42 video.dotin.com httpd[2663]: httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 7 of /etc/httpd/conf.d/zzzkaltura.conf:
Could not open config directory /etc/httpd/@APP_DIR@/configurations/apache/conf.d: No such file or directory
this the output : apachectl -t -DDUMP_VHOSTS
[root@video ~]# apachectl -t -DDUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 7 of /etc/httpd/conf.d/zzzkaltura.conf: Could not open config directory /etc/httpd/@APP_DIR@/configurations/apache/conf.d: No such file or directory
[root@video ~]#
Best Regards
Hi @Kalhori,
So, the problem is you have placeholders in the Apache configuration which should be replaced with actual values, among which @APP_DIR@. These are replaced when running the configuration scripts.
I believe in your case, you are running a single Kaltura server machine, and so, you should run /opt/kaltura/bin/kaltura-config-all.sh and provide the inputs when prompted, the script will then go on to replace the tokens in the config files and things should then work correctly.
If you get any errors while running the config script, please post them here.
Thanks,
Hi, Jess !
Thank you for your update.
I decided to run /opt/kaltura/bin/kaltura-config-all.sh again and show all my inputs when prompted here.
May it helps you if I input something wrong.
In addition : my server does not have access to the internet when I run kaltura-config-all.sh
[root@video ~]# /opt/kaltura/bin/kaltura-config-all.sh
Running base config…
kaltura-base-12.2.0-8.noarch
Welcome to Kaltura Server 12.2.0 post install setup.
To keep up with the bi-weekly Kaltura releases, and stay up to date with
the latest news, security and bug updates, and connect with the global
Kaltura community - sign up for our regular Kaltura Community updates.
Please enter your email to sign up, or enter NO to pass.
In order to finalize the system configuration, please input the following:
CDN hostname [video.dotin.com]:
The host will be accessed over http(s). In case your CDN operates on a non-default port, please input CDNHOST:PORT.
https://video.dotin.com
Apache virtual hostname [video.dotin.com]
(Must be accessible from both inside the machine and from any clients / browsers that will use Kaltura):
video.dotin.com
Vhost port to listen on [80]: 443
range of ip addresses belonging to internal kaltura servers [0.0.0.0-255.255.255.255]:
The range is used when checking service actions permissions and allowing to access certain services without KS from the internal servers.
The default is only good for testing, on a production ENV you should adjust according to your network.
0.0.0.0-255.255.255.255
DB port [3306]: 3306
MySQL super user [only for install, default root]: root
Analytics DB hostname [127.0.0.1]:127.0.0.1
Analytics DB port [3306]:3306
Sphinx hostname [127.0.0.1]: 127.0.0.1
Secondary Sphinx hostname [leave empty if none]:
Your Kaltura Service URL [https://video.dotin.com]
(Base URL where the Kaltura API and Apps will be accessed from - this would be your Load Balancer URL on a cluster or same as your virtual host in an all-in-one Kaltura server - Must be accessible from both inside the machine and from any clients / browsers that will use Kaltura):
https://video.dotin.com
VOD packager hostname [video.dotin.com]: video.dotin.com
VOD packager port to listen on [88]: 88
Admin user login password (must be minimum 8 chars and include at least one of each: upper-case, lower-case, number and a special character):
Confirm passwd:
Your time zone [see http://php.net/date.timezone]: Asia/Dubai
Your Kaltura install name (this name will show as the From field in emails sent by the system) [Kaltura Video Platform]:Kaltura Video Platform
Your website Contact Us URL [http://corp.kaltura.com/company/contact-us]: http://corp.kaltura.com/company/contact-us
Your ‘Contact us’ phone number [+1 800 871 5224]:+1 800 871 5224
Checking MySQL version…
Ver 5.5.50-MariaDB found compatible
Configuration of 12.2.0 finished successfully!
Running FrontEnd config…
base-config completed successfully, if you ever want to re-configure your system (e.g. change DB hostname) run the following script:
kaltura-front-12.2.0-1.noarch
Is your Apache working with SSL?[Y/n]
Y
Please input path to your SSL certificate[/etc/ssl/certs/localhost.crt]:
/etc/ssl/certs/localhost.crt
Please input path to your SSL key[/etc/pki/tls/private/localhost.key]:
/etc/pki/tls/private/localhost.key
Please input path to your SSL CA file or leave empty in case you have none:
Which port will this Vhost listen on? [443]
443
Please select one of the following options [0]:
0. All web interfaces
Redirecting to /bin/systemctl restart httpd.service
Note: Forwarding request to ‘systemctl enable httpd.service’.
Note: Forwarding request to ‘systemctl enable memcached.service’.
Redirecting to /bin/systemctl restart memcached.service
Restarting kaltura-monit (via systemctl): [ OK ]
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Running Sphinx config…
kaltura-sphinx-2.2.1-20.x86_64
base-config completed successfully, if you ever want to re-configure your system (e.g. change DB hostname) run the following script:
Starting kaltura-monit (via systemctl): [ OK ]
Running Batch config…
kaltura-batch-12.2.0-1.noarch
base-config completed successfully, if you ever want to re-configure your system (e.g. change DB hostname) run the following script:
Note: Forwarding request to ‘systemctl enable httpd.service’.
Redirecting to /bin/systemctl reload httpd.service
Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.
kaltura-batch-config.sh FAILED with: 1 on line 98
Archving logs to /opt/kaltura/log/log_19_10_16_14_50.tar.gz…
ERROR: /opt/kaltura/bin/kaltura-batch-config.sh failed:( You can re-run it when the issue is fixed.
Also, here the kaltura_19_10_14_48.ans :
TIME_ZONE="Asia/Dubai"
KALTURA_FULL_VIRTUAL_HOST_NAME="video.dotin.com"
KALTURA_VIRTUAL_HOST_NAME="video.dotin.com"
DB1_HOST="127.0.0.1"
DB1_PORT="3306"
DB1_PASS="xpskj0RmPLRYwwi"
DB1_NAME="kaltura"
DB1_USER="kaltura"
SERVICE_URL="https://video.dotin.com"
SPHINX_SERVER1="127.0.0.1"
SPHINX_SERVER2="127.0.0.1"
DWH_HOST="127.0.0.1"
DWH_PORT="3306"
ADMIN_CONSOLE_ADMIN_MAIL="a.kalhori@dotin.com"
ADMIN_CONSOLE_PASSWORD="TestTest"
CDN_HOST="https://video.dotin.com"
KALTURA_VIRTUAL_HOST_PORT="443"
SUPER_USER="root"
SUPER_USER_PASSWD="TestTest"
ENVIRONMENT_NAME="Kaltura Video Platform"
DWH_PASS="xpskj0RmPLRYwwi"
PROTOCOL="https"
RED5_HOST="video.dotin.com"
USER_CONSENT="0"
CONTACT_MAIL="NO"
VOD_PACKAGER_HOST="video.dotin.com"
VOD_PACKAGER_PORT="88"
IP_RANGE="0.0.0.0-255.255.255.255"
WWW_HOST="video.dotin.com"
CONFIG_CHOICE=“0"
IS_SSL=“Y"
CRT_FILE=”/etc/ssl/certs/localhost.crt"
KEY_FILE=”/etc/pki/tls/private/localhost.key"
CA_FILE=“NO_CA”
Finally, :
[root@video ~]# cat /etc/httpd/conf.d/zzzkaltura.conf
<VirtualHost *:@KALTURA_VIRTUAL_HOST_PORT@>
# for SSL offloading support, if LB has X_FORWARDED_PROTO set to ‘https’, set HTTPS to 'on’
SetEnvIf X-Forwarded-Proto https HTTPS=on
ErrorLog "@LOG_DIR@/kaltura_apache_errors.log"
CustomLog @LOG_DIR@/kaltura_apache_access.log vhost_kalt
Include "@APP_DIR@/configurations/apache/conf.d/enabled.*.conf"
I installed Kaltura on another Linux Server ( CentOS 7.2 ) but the problem happens !
I do not have any problems If I use HTTP but when I want to setup HTTPS , I got above error.
Do you need other information from my side ?
I look forward to hearing from you.
Best Regards,
Kalhori
Hello,
At this point, no need for external internet access from the machine, although you will need it for fetching updates.
As for your issue, for some reason, the tokens are not replaced.
Can you try:
# rm /opt/kaltura/app/base-config.lock
# rm /etc/httpd/conf.d/kaltura
# /opt/kaltura/bin/kaltura-base-config.sh /path/to/your/answer/file
and then make sure the @APP_DIR@ token was replaced in /opt/kaltura/app/configurations/apache/kaltura.conf and in /opt/kaltura/app/configurations/apache/kaltura.ssl.conf?
Once you verified they were indeed replaced, please run:
# /opt/kaltura/bin/kaltura-front-config.sh /path/to/your/answer/file
if there were not replaced, please run:
# bash -x /opt/kaltura/bin/kaltura-base-config.sh /path/to/your/answer/file 2> /tmp/kaltura-base.log
and email me at jess.portnoy kaltura.com since that has a lot of sensitive data you should paste here.
Hi. I see this is an older post, but I am having the same exact problems with switching from non-SSL to SSL I did the above steps and still have the @APP_DIR@ token in the /opt/kaltura/app/configurations/apache/kaltura.conf My main page loads but both KMC and the admin console return blank pages. I am running Kaltura 9.18.0 Just wondering if there was a resolution to this post? thanks.