I would like to proxy our Kaltura off of another server running SSL, and it works fine for the administration interface, but when I go to the content admin page goes to load I get a couple calls to the server in the pages:
All of these get blocked since they are coming from an insecure server. Is there a config setting I can change so those get the correct server name or some way that would make them relative so I could proxy them?
So Jess, I have that in my zzzkaltura.conf, and I’m proxying and even have the URL rewritten to the proper server libmedia is our SSL server we want to proxy from, this is running on our kaltura server, but since these calls are for http, and not https, :
Did you verify that the X_FORWARDED_PROTO header is correctly set by the LB?
If you’ll look at /opt/kaltura/app/alpha/apps/kaltura/templates/kmclayout.php, you’ll see:
requestUtils::getRequestProtocol() is defined in /opt/kaltura/app/alpha/apps/kaltura/lib/requestUtils.class.php:
public static function getRequestProtocol()
{
$protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? "https" : "http";
return $protocol;
}
The HTTPS header should be set to “on” in the event X_FORWARDED_PROTO is set. That’s because of this config in /opt/kaltura/app/configurations/apache/kaltura.conf:
# for SSL offloading support, if LB has X_FORWARDED_PROTO set to 'https', set HTTPS to 'on'
SetEnvIf X-Forwarded-Proto https HTTPS=on
You didn’t specify what Kaltura CE version you are using, if it is very old, perhaps you are missing that SetEnvIf directive, in which case, you should add it and reload Apache.
David, so maybe this is what you are accounting for, we get everything to be proxied fine, except the media file. It still makes a call to the Kaltura server at https:
We use a delivery profile for the media files. The delivery domain might be different from the Kaltura API/web domain and points to the proxy servers (CDN).
The CDN pulls the files from the nginx VOD segmenter as configured in Kaltura.
BTW, that allows us to use one Kaltura backend for different delivery CDNs or domains.
For instance, we define an HLS delivery profile (apple_http, vod_packager_hls) as this: