- RESTCOMM Client API...over HTTPS/SSL - restcomm

Recently we have configured SSL to open WSS on our RESTCOMM server, as we got the issue of "getUserMedia()" deprecation issue because of insecure origin issue by chromium fix.
We managed to get WSS working and we can open RESTCOM Admin portal via HTTPs over 8443 port and even OLYMPUS is working too.
But because we have configured a SSL on RESTCOM Server i think even the REST Client API calls need to be on HTTPS too. Am icorrect?
Becuase when we use the HTTP based URLs for programmatically adding clients by invoking REST Client APIs of RESTCOMM, then we are getting SSl certificate issues and the reason for this i think is that we have configured SSL cert to address the getUserMedia() security issue by CHROMIUM fix.
can i request any solution or work around for this pls.
thanks in advance
ias

Related

Ant-Media-Server + SSL without Domain

Ant-Media-Server is running on an IPAdress without any domains. We just set up this server to be used for streaming in order to use it from different domains pointing to different servers.
Since all of our domains use ssl, we face the typical connection problem:
mixed Content: The page at 'https://SOMEDOMAIN.com/QUERY' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://1.2.3.4:56'. This request has been blocked; this endpoint must be available over WSS.
Ant-Media already offers tutorials on how to install a Let's Encrypt SSL Certificate but sadly it is not available for pure IP-Addresses.
Apart from the Ant-Media Service, the server doesn't has any NGINX, NodeJS, Apache or other http Servers installed - the plan was just to use it for streaming by calling the IP-Address.
Do you have any ideas on how to solve that problem?
Unfortunately, this is not possible.
The goal of having a SSL is ensure you are requesting the right domain name besides encrypting the content between your users and your server.
Here are some alternatives:
create an endpoint in your own app that proxies data to your server.
Instead of playing the IP address, you can play:
/your-proxy-url?stream=http://yourIp.com:port/....
Note that using a proxy will make all the traffic pass through your web app.
As a reference, if you are using PHP on your website, you can have some ideas from here: https://gist.github.com/iovar/9091078
Create a reverse-proxy in front of your web app that redirects the traffic to your IP address.
Both solutions does not change your Ant Media Server, just adds a new resource between your users and your streaming server - adding the SSL on it.

Install free SSL https for port forwarding address

I have mattermost installed in my local server, currently login to it using http://192.168.x.x:8065, and I've setup a ddns port forwarding for it, means that I can login to mattermost using http://xxx.ddns.net:8065 as well.
Now I'm going to install https SSL for it, I tried using self-signed certificate, it seems work fine when I login from my desktop (chrome, firefox, desktop app).
But when it comes to iPhone native app, my mattermost will trigger error message:
Please check connection, Mattermost unreachable. If issue
persists, ask administrator to check WebSocket port.
and now all the messages coming to mattermost will not be shown and no notification at all until we manually refresh the app.
Is there any suggestion on overcoming this issue? Is it because iPhone tried to block any untrusted / self-signed certificate?
Thank you.
Best regards,
Kong
You are correct that the iPhone does not trust your self-signed certificate out of the box. An easier way to get this working would be to get a free SSL certificate for xxx.ddns.net using a service like Let's Encrypt, which will be trusted out-of-the-box by your iPhone.
This is especially straightforward to do with Mattermost, as it has built in support for using a Let's Encrypt certificate. You can configure this by following the steps in the documentation here

Websockets on localhost over https:// problems

I'm trying to write a service, my service is a WebsocketServer is written in nodejs, with express and the ws module. This service should be installed with node-webkit locally on a computer(on localhost) to communicate with a web site in https:// to exchange information. My problem is, that i need a trusted certificate for localhost(its not possible), because all browsers give a warning if i use a self signed certificate. I know i can ignore that warning, but in the future this software should be distribuited, and i dont want to give that warning for future clients. Is there a good way to resolve this problem?
Use one of the following options to work around this:
Package your client-side interface as a browser extension
Setup a Message Queue which transforms messages to your node server as Websocket requests
Use a PAAS provider with free certificates to proxy to your domain
References
How do I use a self signed certificate for a HTTPS Node.js server?
Simulating GitHub OAuth2 Login for Tests with JUnit, Webdriver & Hoverfly
Apache configuration using Self Signed Certificate - YouTube
Amazon SES: Sendmail
SMTP Gateway Plugin for RabbitMQ
Sending RabbitMQ messages via websockets

Cloudflare SSL protocol error

An issue I have been experiencing is that once every ~50 pages I load in Google chrome on my website is that chrome gives me an error page saying SSL Protocol Error. I am using Flexible SSL and various webapps, like webmin, vestacp, boxbilling and a few mostly static websites. All of these are hosted by nginx, reverse proxying directly to webmin and vestacp. As for the other webapps, the static files are hosted by nginx, reverse proxying to apache2 for php.
I am not entirely sure it is a cloudflare issue yet, but it does (seem to) work normal making plain http requests directly to my server. Of course I'd be surprised if I got any SSL error when using http.
The server request is being proxied through CloudFlare, as long as it is proxied through CloudFlare this issue lies with CloudFlare and there is little you can do to fix it yourself.
I would raise a support request with them and explain the issue, they give preference to clients who pay the most first, therefore you might have to wait to get a response.

How to verify SSL in Grails application running on tomcat?

I am able to run Grails application on tomcat using SSL but I am not sure how to verify that it is running properly with SSL.
I am able to do following things (I am using grails security)...
Created Self Signed SSL certification
Able to configure same certification with tomcat(updated server.xml)
Able to run application using https in browser(All features are running
properly with https url, I did not updated web.xml of war).
Problem: I am able to see logged in user's user credentials using Fiddler.
So I am not sure that I did correct configure of SSL or I did some mistake.
Can anyone suggest me how to verify that the data in traveling in encrypted form ??
If you've enabled HTTPS decryption in Fiddler (Tools > Fiddler Options > HTTPS), then being able to see the credentials is expected. If you haven't enabled HTTPS decryption in Fiddler, then you are not using HTTPS properly.