I'm trying to set a telegram bot up. My favourite language is Java. In the past, I had experience with Grizzly lightweight webserver so I'd like to use it. The problem is that I don't know how to configure the whole environment in order to make it works with SSL.
I configured Apache2 on my Debian machine and it works with an autosigned SSL certificate. So if I browse https://10.0.0.1/ I can see the Apache welcome page.
The plan is to receive HTTPS POST requests containing a JSON and forward them to a Grizzly.
How could I achieve it?
Easy! With ProxyPass in Apache2!
Guide followed here
Related
Where I work theres an web app that is hosted on windows servers, all users access the application using HTTP, not HTTPS. This is due to some restrictions that the dev team could not solve.
So I thought that i could solve this issue using HAProxy and SSL Termination, so the users would communicate with the proxy first using HTTPs and then the proxy would communicate with the app servers using HTTP. This would be inside a private VLAN so the HTTP traffic cannot be sniffed.
The users access the app using this schema --> http://servername:port/path/to/app
So instead of this, the users should type https://haproxy.domainname:port/path/to/app
and the haproxy should handle the communication against the app servers.
Is this possible? or should i think of another solution to this?
I came up with this:
frontend haproxy.domain.name
bind ipaddress:port ssl crt /home/cert.pem
acl is_bdc path -i -m beg /path/to/app
use_backend web_servers if is_bdc
default_backend web_servers
backend web_servers
balance roundrobin
server server1 ipaddress:port
I can access the app server using this configuration, but the app fills some variables using the URL of the web browser, and as im accessing the app using another URL (haproxy.domain.name instead of the app server hostname) its causing some errors. Is possible to maintain the app server hostname on the url but also keep the SSL termination? The used certificate its a wildcard so adding the domain name would be enought (i think)
Thanks you in advance!
Well there are several options to solve your issue.
1.) Tell the app server that it runs behind a reverse proxy and configure the app engine to use haproxy.domain.name as Domain/Host part, something similar to tomcats Proxy Support How-To
2.) you can use the http-response replace-header or replace value to rewrite the URL. This will not work with links in the body of the response.
As you haven't mention the HAProxy version I link to the latest one.
Maybe you will need also to configure the IIS to know that it works behind a reverse proxy, in case you use IIS.
Ant-Media-Server is running on an IPAdress without any domains. We just set up this server to be used for streaming in order to use it from different domains pointing to different servers.
Since all of our domains use ssl, we face the typical connection problem:
mixed Content: The page at 'https://SOMEDOMAIN.com/QUERY' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://1.2.3.4:56'. This request has been blocked; this endpoint must be available over WSS.
Ant-Media already offers tutorials on how to install a Let's Encrypt SSL Certificate but sadly it is not available for pure IP-Addresses.
Apart from the Ant-Media Service, the server doesn't has any NGINX, NodeJS, Apache or other http Servers installed - the plan was just to use it for streaming by calling the IP-Address.
Do you have any ideas on how to solve that problem?
Unfortunately, this is not possible.
The goal of having a SSL is ensure you are requesting the right domain name besides encrypting the content between your users and your server.
Here are some alternatives:
create an endpoint in your own app that proxies data to your server.
Instead of playing the IP address, you can play:
/your-proxy-url?stream=http://yourIp.com:port/....
Note that using a proxy will make all the traffic pass through your web app.
As a reference, if you are using PHP on your website, you can have some ideas from here: https://gist.github.com/iovar/9091078
Create a reverse-proxy in front of your web app that redirects the traffic to your IP address.
Both solutions does not change your Ant Media Server, just adds a new resource between your users and your streaming server - adding the SSL on it.
Recently we have configured SSL to open WSS on our RESTCOMM server, as we got the issue of "getUserMedia()" deprecation issue because of insecure origin issue by chromium fix.
We managed to get WSS working and we can open RESTCOM Admin portal via HTTPs over 8443 port and even OLYMPUS is working too.
But because we have configured a SSL on RESTCOM Server i think even the REST Client API calls need to be on HTTPS too. Am icorrect?
Becuase when we use the HTTP based URLs for programmatically adding clients by invoking REST Client APIs of RESTCOMM, then we are getting SSl certificate issues and the reason for this i think is that we have configured SSL cert to address the getUserMedia() security issue by CHROMIUM fix.
can i request any solution or work around for this pls.
thanks in advance
ias
An issue I have been experiencing is that once every ~50 pages I load in Google chrome on my website is that chrome gives me an error page saying SSL Protocol Error. I am using Flexible SSL and various webapps, like webmin, vestacp, boxbilling and a few mostly static websites. All of these are hosted by nginx, reverse proxying directly to webmin and vestacp. As for the other webapps, the static files are hosted by nginx, reverse proxying to apache2 for php.
I am not entirely sure it is a cloudflare issue yet, but it does (seem to) work normal making plain http requests directly to my server. Of course I'd be surprised if I got any SSL error when using http.
The server request is being proxied through CloudFlare, as long as it is proxied through CloudFlare this issue lies with CloudFlare and there is little you can do to fix it yourself.
I would raise a support request with them and explain the issue, they give preference to clients who pay the most first, therefore you might have to wait to get a response.
I have a problem with my app that I want to use as sink for the push POST requests. I programmed it in Java as a straight forward servlet, I verified that I can send POST requests to it, but the test push from my consumer’s admin page says 404.
Is it possible that I can’t run the push sink on another port than 80? My secure Tomcat port is 8888. I don’t see any calls from the Foursquare servers in my Tomcat access log.
Thanks!
As stated in Realtime API self signed certificate 4sq seems currently not to be able to send POST requests to other ports than 443 (standard SSL).
I worked around this by using the mod_jk connector to let Apache2 send requests to a special directory directly to Tomcat7. This works for me.