Skip to content
This repository has been archived by the owner on Jul 17, 2024. It is now read-only.

HTTPS embeds #57

Open
ofadam opened this issue Oct 20, 2020 · 4 comments
Open

HTTPS embeds #57

ofadam opened this issue Oct 20, 2020 · 4 comments

Comments

@ofadam
Copy link

ofadam commented Oct 20, 2020

What would be the easiest/best way to get an HTTPS embed out of rtsp-stream? I'm running into issues embedding on a secure site.

@bigjohnson
Copy link

I've just embedded it on a https site behind an apache webserver that act as a reverse proxy with autentication and works great!

@tlonovoi
Copy link

how did you do that?...

@bigjohnson
Copy link

bigjohnson commented May 27, 2023

<VirtualHost *:443>

#   General setup for the virtual host
DocumentRoot "/htdocs/rtspstream.pippo.it"
ServerName rtspstream.pippo.it:443
#ServerAdmin admin@pippo.it
    ProxyRequests Off
    ProxyPreserveHost On
    SSLProxyEngine on
        Alias "/.well-known/" "/htdocs/rtspstream.pippo.it/.well-known/"
        Alias "/index.html"  "/htdocs/rtspstream.pippo.it/index.html"
        <Directory /htdocs/rtspstream.pippo.it>
                AllowOverride None
                Require all granted
        </Directory>

        ProxyPassMatch ^/.well-known/ !
        ProxyPassMatch ^/index.html !
        ProxyPassMatch ^/libs/ !
        ProxyPassMatch ^/$ !
        ProxyPass / http://localhost:8080/
        ProxyPassReverse  / http://localhost:8080/

SSLCertificateFile /etc/letsencrypt/live/rtspstream.pippo.it/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/rtspstream.pippo.it/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rtspstream.pippo.it/privkey.pem

ErrorLog /etc/httpd/logs/ssl_rtspstream.pippo.it.error.log

CustomLog /etc/httpd/logs/ssl_rtspstream.pippo.it.access.log ssllog env=!dontlog
CustomLog /etc/httpd/logs/ssl_rtspstream.pippo.it.request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_COMPRESS_METHOD}x \"%r\" %b %{cookie}n" env=!dontlog

    <Location />
             IndexOptions NameWidth=*
             AuthName "Reserved area"
             AuthType Basic
             require user user
             SSLRequireSSL
             AuthBasicProvider "google_authenticator"
             GoogleAuthUserPath /etc/httpd/ga_auth
             GoogleAuthCookieLife 3600
             GoogleAuthEntryWindow 2
    </Location>

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. Use
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


</VirtualHost>

@tlonovoi
Copy link

OMG... so complicated
we are using shared hosting, not sure we can implement it...

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants