Re: Log-in and security

2019-07-05 Thread Maxim Solodovnik 
Please check OM is running: `ps -ef|grep java` and necessary ports are
being LISTEN `netstat -an|grep 5443`

The result of the last command should be something like

tcp6   0  0 :::5443 :::*LISTEN



On Fri, 5 Jul 2019 at 22:21, Xavier M  wrote:

> Atomic steps sounds fine... Except if it is a nuclear bomb!
>
> In my case, I'd like as first step to understand why I can not connect
> anymore to "https://domain.eu:5443/openmeetings; (while I could connect
> to "https://domain.eu ") - domain.eu
> was a generic name in my explanation - since I followed the steps given
> yesterday. Nota Bene: it works again when I modify /etc/apache2/ports.conf
> to add "Listen 5443" and "Listen ", but I got the error
> SSL_ERROR_RX_RECORD_TOO_LONG.
>
> Assume that I go back to the previous problem, that is I can connect, but
> with a warning "self made certificate", or whatever the correct name...
> Then I have to understand what Aaron means by "Proxy through Apache, or
> configure your OM instance to be able to read where the keys are" and
> what are pros and cons. Aaron suggested me to "proxy", but actually I do
> not know how one does this.
>
> Thanks all of you for your help,
> Xavier
>
> --
> *De :* Maxim Solodovnik 
> *Envoyé :* vendredi 5 juillet 2019 16:28
> *À :* Openmeetings user-list
> *Objet :* Re: Log-in and security
>
> The best way to make everything working is to perform atomic steps
> And ensure everything still works after each step
>
> In your case
> 0) you need to understand what is your goal
> 1) then achieve it :)
>
> As I understand you would like to have OM at port 443
>
> You can do it by ether change OM https port to be 443
> Or
> By set up frontend proxy
>
> Each option has pros and cons
> You have to choose one option before any other step :)
>
> On Fri, Jul 5, 2019, 20:34 Xavier M  wrote:
>
> This is possible! But:
>
>  - What does Alvaro mean by "To be able to connect from the Internet or
> LAN with this server, remember to open the following
> ports: 5443 " ?
>  - I could not connect anymore to "https://domain.eu:5443/openmeetings;
> (while I could connect to "https://domain.eu
> ") until I did that: and now it
> "works" again, with the error SSL_ERROR_RX_RECORD_TOO_LONG...
>  - ... and I have no idea why!
>
> If you have any idea/explanation, I really don't know neither what happens
> nor what to do! I will comment the lines in ports.conf and restart, to
> check whether it works like before or not.
>
> Thank you!
> Xavier
>
> --
> *De :* Maxim Solodovnik 
> *Envoyé :* vendredi 5 juillet 2019 15:14
> *À :* Openmeetings user-list
> *Objet :* Re: Log-in and security
>
> I'm afraid this
> I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
> make no sense :(
>
> Apache HTTPD will listen these ports and both OM and Kurento will be
> unable to start since the port are already busy 
>
> On Fri, 5 Jul 2019 at 17:37, Xavier M  wrote:
>
> Hi all,
>
> I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
> (and nothing into /etc/apache2/sites-enabled/000-default.conf)
>
> I can now access to "https://domain.eu:5443/openmeetings;, but with the
> error SSL_ERROR_RX_RECORD_TOO_LONG
> How can I solve it? Could it be due to the changes I made yesterday thanks
> to Stefan's help?
>
> *sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem
>  -inkey
> /etc/letsencrypt/live/domain.eu/privkey.pem 
> -out /opt/OM_Folder/conf/red5.p12 -name red5 -certfile
> /etc/letsencrypt/live/domain.eu/chain.pem *
>
>
> * sudo keytool -importkeystore -srcstorepass password -srckeystore
> /opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password
> -destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5*
>
> *sudo keytool -import -alias root -keystore
> /opt/OM_Folder/conf/keystore.jks -trustcacerts -file
> /etc/letsencrypt/live/domain.eu/chain.pem *
>
>
> * sudo cp -f /opt/OM_Folder/conf/keystore.jks
> /opt/OM_Folder/conf/trustscore.jks*
>
>
> * sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore
> (<- only if you have version 5.*)*
>
> Bis demnächst,
> Xavier
>
>
>
>
> --
> *De :* Xavier M 
> *Envoyé :* vendredi 5 juillet 2019 10:36
> *À :* user@openmeetings.apache.org
> *Objet :* RE: Log-in and security
>
> Hello Maxim,
>
> That's a good idea... I had already heard of it, but I still have to look
> how I do it. But it seems that I forgot something, since I can not access
> to Open Meetings since I "shutdown -r now" the server. Any idea of which
> command it is?
>
> Xavier
>
> --
> *De :* Maxim Solodovnik 
> *Envoyé :* vendredi 5 juillet 2019 09:38
> *À :* Openmeetings user-list
>

Re: Is it time for 4.0.9/5.0.0-M2?

2019-07-05 Thread Maxim Solodovnik 
Can you also share Kurento logs?

I'll try to reproduce these locally

On Sat, 6 Jul 2019 at 08:58, Maxim Solodovnik  wrote:

> Downloaded
>
> On Fri, 5 Jul 2019 at 21:48, Alvaro  wrote:
>
>> Ok, the time-zone works right. Now is not problem with MariaDB
>> in the OM-2 installation.
>>
>> Please take a look:
>>
>> https://drive.google.com/file/d/1659cGw9XYFdg3CyXitwoRx3mtQudN581
>>
>> ...could you say "Done" after download the zip?, so ican delete it.
>> Thanks.
>>
>>
>>
>> ...
>>
>>
>> El vie, 05-07-2019 a las 16:00 +0200, Alvaro escribió:
>>
>> ...i don't know what file you refer...
>>
>> Am goeing to test OM-2-2885.
>>
>>
>> 
>>
>>
>> El vie, 05-07-2019 a las 20:19 +0700, Maxim Solodovnik escribió:
>>
>> Hello Alvaro,
>> The file you are referring to doesn't exist :(
>>
>> On Wed, 3 Jul 2019 at 16:39, Alvaro  wrote:
>>
>> ...Maxim, when i said "without internet connection" i mean
>> the PC network tarjet it is not connected to router.
>>
>>
>> ...
>>
>>
>>
>> El mié, 03-07-2019 a las 11:17 +0200, Alvaro escribió:
>>
>> Please Maxim, take a look:
>>
>>
>> https://drive.google.com/file/d/1udJBFV064as7_OQ7q_zY7S-T65I7xpPA/view?usp=sharing
>>
>>
>> -
>>
>>
>>
>> El mié, 03-07-2019 a las 12:34 +0700, Maxim Solodovnik escribió:
>>
>> Dear community,
>>
>> I would like to start release process for 4.0.9/5.0.0-M2
>> Are there any objections?
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>>
>
> --
> WBR
> Maxim aka solomax
>


-- 
WBR
Maxim aka solomax

Re: Is it time for 4.0.9/5.0.0-M2?

2019-07-05 Thread Maxim Solodovnik 
Downloaded

On Fri, 5 Jul 2019 at 21:48, Alvaro  wrote:

> Ok, the time-zone works right. Now is not problem with MariaDB
> in the OM-2 installation.
>
> Please take a look:
>
> https://drive.google.com/file/d/1659cGw9XYFdg3CyXitwoRx3mtQudN581
>
> ...could you say "Done" after download the zip?, so ican delete it. Thanks.
>
>
>
> ...
>
>
> El vie, 05-07-2019 a las 16:00 +0200, Alvaro escribió:
>
> ...i don't know what file you refer...
>
> Am goeing to test OM-2-2885.
>
>
> 
>
>
> El vie, 05-07-2019 a las 20:19 +0700, Maxim Solodovnik escribió:
>
> Hello Alvaro,
> The file you are referring to doesn't exist :(
>
> On Wed, 3 Jul 2019 at 16:39, Alvaro  wrote:
>
> ...Maxim, when i said "without internet connection" i mean
> the PC network tarjet it is not connected to router.
>
>
> ...
>
>
>
> El mié, 03-07-2019 a las 11:17 +0200, Alvaro escribió:
>
> Please Maxim, take a look:
>
>
> https://drive.google.com/file/d/1udJBFV064as7_OQ7q_zY7S-T65I7xpPA/view?usp=sharing
>
>
> -
>
>
>
> El mié, 03-07-2019 a las 12:34 +0700, Maxim Solodovnik escribió:
>
> Dear community,
>
> I would like to start release process for 4.0.9/5.0.0-M2
> Are there any objections?
>
> --
> WBR
> Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>

-- 
WBR
Maxim aka solomax

RE: Default password for keystore

2019-07-05 Thread Equinoxe 4 
LOL, thanks 

Enviado desde Correo para 
Windows 10


De: Maxim Solodovnik 
Enviado: Friday, July 5, 2019 9:34:26 AM
Para: Openmeetings user-list
Asunto: Re: Default password for keystore

Password is here: 
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L75

'openmeetings' :))

On Fri, Jul 5, 2019, 20:50 Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hi,

Did you try "password" ? If it does not work, can you please write the command 
line you are using and the message you read?

Good luck,
Xavier


De : Equinoxe 4 
mailto:rodolfo_gonza...@hotmail.com>>
Envoyé : vendredi 5 juillet 2019 15:44
À : user@openmeetings.apache.org
Objet : Default password for keystore

Hello,

I'm trying to use ssl with om. When importing the certificate, I'm asked for 
the store's password. Which could be this password?

Thank you

RE: Log-in and security

2019-07-05 Thread Xavier M 
Atomic steps sounds fine... Except if it is a nuclear bomb!

In my case, I'd like as first step to understand why I can not connect anymore 
to "https://domain.eu:5443/openmeetings; (while I could connect to 
"https://domain.eu") - domain.eu was a 
generic name in my explanation - since I followed the steps given yesterday. 
Nota Bene: it works again when I modify /etc/apache2/ports.conf to add "Listen 
5443" and "Listen ", but I got the error SSL_ERROR_RX_RECORD_TOO_LONG.

Assume that I go back to the previous problem, that is I can connect, but with 
a warning "self made certificate", or whatever the correct name... Then I have 
to understand what Aaron means by "Proxy through Apache, or configure your OM 
instance to be able to read where the keys are" and what are pros and cons. 
Aaron suggested me to "proxy", but actually I do not know how one does this.

Thanks all of you for your help,
Xavier


De : Maxim Solodovnik 
Envoyé : vendredi 5 juillet 2019 16:28
À : Openmeetings user-list
Objet : Re: Log-in and security

The best way to make everything working is to perform atomic steps
And ensure everything still works after each step

In your case
0) you need to understand what is your goal
1) then achieve it :)

As I understand you would like to have OM at port 443

You can do it by ether change OM https port to be 443
Or
By set up frontend proxy

Each option has pros and cons
You have to choose one option before any other step :)

On Fri, Jul 5, 2019, 20:34 Xavier M 
mailto:xa...@hotmail.com>> wrote:
This is possible! But:

 - What does Alvaro mean by "To be able to connect from the Internet or LAN 
with this server, remember to open the following
ports: 5443 " ?
 - I could not connect anymore to "https://domain.eu:5443/openmeetings; (while 
I could connect to "https://domain.eu") 
until I did that: and now it "works" again, with the error 
SSL_ERROR_RX_RECORD_TOO_LONG...
 - ... and I have no idea why!

If you have any idea/explanation, I really don't know neither what happens nor 
what to do! I will comment the lines in ports.conf and restart, to check 
whether it works like before or not.

Thank you!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 15:14
À : Openmeetings user-list
Objet : Re: Log-in and security

I'm afraid this
I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
make no sense :(

Apache HTTPD will listen these ports and both OM and Kurento will be unable to 
start since the port are already busy 

On Fri, 5 Jul 2019 at 17:37, Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hi all,

I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf (and 
nothing into /etc/apache2/sites-enabled/000-default.conf)

I can now access to "https://domain.eu:5443/openmeetings;, but with the error 
SSL_ERROR_RX_RECORD_TOO_LONG
How can I solve it? Could it be due to the changes I made yesterday thanks to 
Stefan's help?


sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file 
/etc/letsencrypt/live/domain.eu/chain.pem

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)


Bis demnächst,
Xavier





De : Xavier M mailto:xa...@hotmail.com>>
Envoyé : vendredi 5 juillet 2019 10:36
À : user@openmeetings.apache.org
Objet : RE: Log-in and security

Hello Maxim,

That's a good idea... I had already heard of it, but I still have to look how I 
do it. But it seems that I forgot something, since I can not access to Open 
Meetings since I "shutdown -r now" the server. Any idea of which command it is?

Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 09:38
À : Openmeetings user-list
Objet : Re: Log-in and security

You need to set-up autostart for these services

On Fri, Jul 5, 2019, 14:04 Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm 
pretty sure I'll do it.

For the moment, I do not understand why I can not connect anymore to 
"https://domain.eu:5443/openmeetings;

Re: Is it time for 4.0.9/5.0.0-M2?

2019-07-05 Thread Alvaro 
Ok, the time-zone works right. Now is not problem with MariaDBin the
OM-2 installation.
Please take a look:
https://drive.google.com/file/d/1659cGw9XYFdg3CyXitwoRx3mtQudN581
...could you say "Done" after download the zip?, so ican delete it.
Thanks.


...

El vie, 05-07-2019 a las 16:00 +0200, Alvaro escribió:
> ...i don't know what file you refer...
> Am goeing to test OM-2-2885.
> 
> 
> 
> El vie, 05-07-2019 a las 20:19 +0700, Maxim Solodovnik escribió:
> > Hello Alvaro,The file you are referring to doesn't exist :(
> > On Wed, 3 Jul 2019 at 16:39, Alvaro  wrote:
> > > ...Maxim, when i said "without internet connection" i meanthe PC
> > > network tarjet it is not connected to router.
> > > 
> > > ...
> > > 
> > > 
> > > El mié, 03-07-2019 a las 11:17 +0200, Alvaro escribió:
> > > > Please Maxim, take a look:
> > > > https://drive.google.com/file/d/1udJBFV064as7_OQ7q_zY7S-T65I7xp
> > > > PA/view?usp=sharing
> > > > 
> > > > -
> > > > 
> > > > 
> > > > El mié, 03-07-2019 a las 12:34 +0700, Maxim Solodovnik
> > > > escribió:
> > > > > Dear community,
> > > > > I would like to start release process for 4.0.9/5.0.0-M2
> > > > > Are there any objections?
> > > > > 
> > > > > -- 
> > > > > WBR
> > > > > Maxim aka solomax
> > 
> > -- 
> > WBR
> > Maxim aka solomax

Re: Default password for keystore

2019-07-05 Thread Maxim Solodovnik 
Password is here:
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L75

'openmeetings' :))

On Fri, Jul 5, 2019, 20:50 Xavier M  wrote:

> Hi,
>
> Did you try "password" ? If it does not work, can you please write the
> command line you are using and the message you read?
>
> Good luck,
> Xavier
>
> --
> *De :* Equinoxe 4 
> *Envoyé :* vendredi 5 juillet 2019 15:44
> *À :* user@openmeetings.apache.org
> *Objet :* Default password for keystore
>
> Hello,
>
> I'm trying to use ssl with om. When importing the certificate, I'm asked
> for the store's password. Which could be this password?
>
> Thank you
>

Re: Log-in and security

2019-07-05 Thread Maxim Solodovnik 
The best way to make everything working is to perform atomic steps
And ensure everything still works after each step

In your case
0) you need to understand what is your goal
1) then achieve it :)

As I understand you would like to have OM at port 443

You can do it by ether change OM https port to be 443
Or
By set up frontend proxy

Each option has pros and cons
You have to choose one option before any other step :)

On Fri, Jul 5, 2019, 20:34 Xavier M  wrote:

> This is possible! But:
>
>  - What does Alvaro mean by "To be able to connect from the Internet or
> LAN with this server, remember to open the following
> ports: 5443 " ?
>  - I could not connect anymore to "https://domain.eu:5443/openmeetings;
> (while I could connect to "https://domain.eu
> ") until I did that: and now it
> "works" again, with the error SSL_ERROR_RX_RECORD_TOO_LONG...
>  - ... and I have no idea why!
>
> If you have any idea/explanation, I really don't know neither what happens
> nor what to do! I will comment the lines in ports.conf and restart, to
> check whether it works like before or not.
>
> Thank you!
> Xavier
>
> --
> *De :* Maxim Solodovnik 
> *Envoyé :* vendredi 5 juillet 2019 15:14
> *À :* Openmeetings user-list
> *Objet :* Re: Log-in and security
>
> I'm afraid this
> I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
> make no sense :(
>
> Apache HTTPD will listen these ports and both OM and Kurento will be
> unable to start since the port are already busy 
>
> On Fri, 5 Jul 2019 at 17:37, Xavier M  wrote:
>
> Hi all,
>
> I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
> (and nothing into /etc/apache2/sites-enabled/000-default.conf)
>
> I can now access to "https://domain.eu:5443/openmeetings;, but with the
> error SSL_ERROR_RX_RECORD_TOO_LONG
> How can I solve it? Could it be due to the changes I made yesterday thanks
> to Stefan's help?
>
> *sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem
>  -inkey
> /etc/letsencrypt/live/domain.eu/privkey.pem 
> -out /opt/OM_Folder/conf/red5.p12 -name red5 -certfile
> /etc/letsencrypt/live/domain.eu/chain.pem *
>
>
> * sudo keytool -importkeystore -srcstorepass password -srckeystore
> /opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password
> -destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5*
>
> *sudo keytool -import -alias root -keystore
> /opt/OM_Folder/conf/keystore.jks -trustcacerts -file
> /etc/letsencrypt/live/domain.eu/chain.pem *
>
>
> * sudo cp -f /opt/OM_Folder/conf/keystore.jks
> /opt/OM_Folder/conf/trustscore.jks*
>
>
> * sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore
> (<- only if you have version 5.*)*
>
> Bis demnächst,
> Xavier
>
>
>
>
> --
> *De :* Xavier M 
> *Envoyé :* vendredi 5 juillet 2019 10:36
> *À :* user@openmeetings.apache.org
> *Objet :* RE: Log-in and security
>
> Hello Maxim,
>
> That's a good idea... I had already heard of it, but I still have to look
> how I do it. But it seems that I forgot something, since I can not access
> to Open Meetings since I "shutdown -r now" the server. Any idea of which
> command it is?
>
> Xavier
>
> --
> *De :* Maxim Solodovnik 
> *Envoyé :* vendredi 5 juillet 2019 09:38
> *À :* Openmeetings user-list
> *Objet :* Re: Log-in and security
>
> You need to set-up autostart for these services
>
> On Fri, Jul 5, 2019, 14:04 Xavier M  wrote:
>
> Hmm... It sounds a bit complicated for me, I have to make it "slowly". But
> I'm pretty sure I'll do it.
>
> For the moment, I do not understand why I can not connect anymore to "
> https://domain.eu:5443/openmeetings; (while I can connect to "
> https://domain.eu ") after I
> "shutdown -r now" the web server? It has been a full night since I typed
> after the "reboot":
> sudo /etc/init.d/mysql start
> sudo /etc/init.d/kurento-media-server start
> sudo /etc/init.d/tomcat3 start
>
> Did I forget something? Is there anywhere a log which could help?
>
> Have a good day!
> Xavier
>
> --
> *De :* Maxim Solodovnik 
> *Envoyé :* vendredi 5 juillet 2019 04:18
> *À :* Openmeetings user-list
> *Objet :* Re: Log-in and security
>
> Demo server uses Apache as frontend proxy
> The config is here:
> https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass
>
> On Fri, 5 Jul 2019 at 03:51, Xavier M  wrote:
>
> Ok, at the time being, I won't switch to root...
>
> I "sudo shutdown -r now" and waited. The server has gone on again (website
> "https://domain.eu " reachable). I
> connected through SSH and typed:
>
> sudo /etc/init.d/mysql start
> sudo /etc/init.d/tomcat3 start
>
>
>

Re: Is it time for 4.0.9/5.0.0-M2?

2019-07-05 Thread Alvaro 
...i don't know what file you refer...
Am goeing to test OM-2-2885.



El vie, 05-07-2019 a las 20:19 +0700, Maxim Solodovnik escribió:
> Hello Alvaro,The file you are referring to doesn't exist :(
> On Wed, 3 Jul 2019 at 16:39, Alvaro  wrote:
> > ...Maxim, when i said "without internet connection" i meanthe PC
> > network tarjet it is not connected to router.
> > 
> > ...
> > 
> > 
> > El mié, 03-07-2019 a las 11:17 +0200, Alvaro escribió:
> > > Please Maxim, take a look:
> > > https://drive.google.com/file/d/1udJBFV064as7_OQ7q_zY7S-T65I7xpPA
> > > /view?usp=sharing
> > > 
> > > -
> > > 
> > > 
> > > El mié, 03-07-2019 a las 12:34 +0700, Maxim Solodovnik escribió:
> > > > Dear community,
> > > > I would like to start release process for 4.0.9/5.0.0-M2
> > > > Are there any objections?
> > > > 
> > > > -- 
> > > > WBR
> > > > Maxim aka solomax
> 
> -- 
> WBR
> Maxim aka solomax

Re: Making the bind between OM 5.0.0 and MariaDB on an Apache server (Ubuntu)

2019-07-05 Thread Alvaro 
...am goeing there...


..



El vie, 05-07-2019 a las 10:30 +0700, Maxim Solodovnik escribió:
> Should be fixedWould appreciate if you can test latest nightly build
> On Thu, 4 Jul 2019 at 13:40, Alvaro  wrote:
> > ...that is the best way.
> > 
> > -
> > 
> > El jue, 04-07-2019 a las 13:35 +0700, Maxim Solodovnik escribió:
> > > https://issues.apache.org/jira/browse/OPENMEETINGS-2080
> > > 
> > > On Thu, 4 Jul 2019 at 13:35, Alvaro  wrote:
> > > > Good morning Maxim, 
> > > > I found two ways about it, One, you modify mysql-
> > > > persistence.xml file as yousaid. Second i add some lines in the
> > > > tutorials where download that file, beforei've modified and
> > > > uploaded, and replace it.
> > > > 
> > > > ---
> > > > 
> > > > 
> > > > El jue, 04-07-2019 a las 11:13 +0700, Maxim Solodovnik
> > > > escribió:
> > > > > I'll try to modify MySqlPatcher, to add this parameter with
> > > > > current system timezoneAnd I believe NOTE at https://openmeet
> > > > > ings.apache.org/MySQLConfig.html should be added
> > > > > 
> > > > > Maybe someone can propose "wording" ? :))
> > > > > On Wed, 3 Jul 2019 at 21:42, Xavier M 
> > > > > wrote:
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Hello René,
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > It worked perfectly, so that I could make Open Meetings
> > > > > > work. I now just have to test it with other users.
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Thanks a lot,
> > > > > > 
> > > > > > Xavier
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > De : René Scholz 
> > > > > > 
> > > > > > Envoyé : mercredi 3 juillet 2019 14:24
> > > > > > 
> > > > > > À : user@openmeetings.apache.org
> > > > > > 
> > > > > > Objet : Re: Making the bind between OM 5.0.0 and MariaDB on
> > > > > > an Apache server (Ubuntu)
> > > > > >  
> > > > > > 
> > > > > > 
> > > > > > Hello Xavier,
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > I had the same problems. I copy the line I posted a few
> > > > > > months ago.
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Edit the mysql-persistence.xml. You find it:
> > > > > > /opt/open500/webapps/openmeetings/WEB-INF/classes/META-INF
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Actual I used this modified line. 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Url=jdbc:mysql://localhost:3306/openmeetings?autoReconnect=
> > > > > > trueuseLegacyDatetimeCode=falseserverTimezone=Eur
> > > > > > ope/BerlinuseUnicode=truecreateDatabaseIfNotExist
> > > > > > =truecharacterEncoding=utf-
> > > > > > 8connectionCollation=utf8_general_cicachePrepStmt
> > > > > > s=truecacheCallableStatements=truecacheServerConf
> > > > > > iguration=trueuseLocalSessionState=trueelideSetAu
> > > > > > toCommits=truealwaysSendSetIsolation=falseenableQ
> > > > > > ueryTimeouts=falseprepStmtCacheSize=3000prepStmtC
> > > > > > acheSqlLimit=1000useSSL=falsenullNamePatternMatch
> > > > > > esAll=truDOBe
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > I hope it will works.
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Best regards,
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > René
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > Am 03.07.2019 um 14:11 schrieb Xavier M:
> > > > > > 
> > > > > > 
> > > > > > > 
> > > > > > > Hi all!
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > I am a new user of OpenMeetings, or let's say I would
> > > > > > > like to try to use it. But I can not complete the
> > > > > > > installation...
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > >  * I've got a "LAMP" web server hosted by Online.net,
> > > > > > > reachable at .
> > > > > > > 
> > > > > > >  * I've read the tutorial "Ubuntu 18.04 LTS" for OM
> > > > > > > 5.0.0-M1 from 
> > > > > > > https://cwiki.apache.org/confluence/display/OPENMEETINGS/
> > > > > > > Tutorials+for+installing+OpenMeetings+and+Tools (thank
> > > > > > > you Alvaro for this great work!)
> > > > > > > 
> > > > > > >  * All worked fine until section 10 :
> > > > > > > 
> > > > > > >   - I used a Terminal with SSH
> > > > > > > 
> > > > > > >   - I modified in section 6 "new-password" by my own ;
> > > > > > > "open500" by "openmeet" ; "hola" by  ;
> > > > > > > "1a2B3c4D" by 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > In section 10 :
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > >  * I stopped using SSH (except for the 2 "sudo" commands)
> > > > > > > and opened Mozilla Firefox
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > >  * Instead of 
> > > > > > > https://localhost:5443/openmeetings (which does not work
> > > > > > > on my

RE: Default password for keystore

2019-07-05 Thread Xavier M 
Hi,

Did you try "password" ? If it does not work, can you please write the command 
line you are using and the message you read?

Good luck,
Xavier


De : Equinoxe 4 
Envoyé : vendredi 5 juillet 2019 15:44
À : user@openmeetings.apache.org
Objet : Default password for keystore

Hello,

I'm trying to use ssl with om. When importing the certificate, I'm asked for 
the store's password. Which could be this password?

Thank you

Default password for keystore

2019-07-05 Thread Equinoxe 4 
Hello,

I'm trying to use ssl with om. When importing the certificate, I'm asked for 
the store's password. Which could be this password?

Thank you

RE: Log-in and security

2019-07-05 Thread Xavier M 
This is possible! But:

 - What does Alvaro mean by "To be able to connect from the Internet or LAN 
with this server, remember to open the following
ports: 5443 " ?
 - I could not connect anymore to "https://domain.eu:5443/openmeetings; (while 
I could connect to "https://domain.eu") 
until I did that: and now it "works" again, with the error 
SSL_ERROR_RX_RECORD_TOO_LONG...
 - ... and I have no idea why!

If you have any idea/explanation, I really don't know neither what happens nor 
what to do! I will comment the lines in ports.conf and restart, to check 
whether it works like before or not.

Thank you!
Xavier


De : Maxim Solodovnik 
Envoyé : vendredi 5 juillet 2019 15:14
À : Openmeetings user-list
Objet : Re: Log-in and security

I'm afraid this
I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
make no sense :(

Apache HTTPD will listen these ports and both OM and Kurento will be unable to 
start since the port are already busy 

On Fri, 5 Jul 2019 at 17:37, Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hi all,

I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf (and 
nothing into /etc/apache2/sites-enabled/000-default.conf)

I can now access to "https://domain.eu:5443/openmeetings;, but with the error 
SSL_ERROR_RX_RECORD_TOO_LONG
How can I solve it? Could it be due to the changes I made yesterday thanks to 
Stefan's help?


sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file 
/etc/letsencrypt/live/domain.eu/chain.pem

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)


Bis demnächst,
Xavier





De : Xavier M mailto:xa...@hotmail.com>>
Envoyé : vendredi 5 juillet 2019 10:36
À : user@openmeetings.apache.org
Objet : RE: Log-in and security

Hello Maxim,

That's a good idea... I had already heard of it, but I still have to look how I 
do it. But it seems that I forgot something, since I can not access to Open 
Meetings since I "shutdown -r now" the server. Any idea of which command it is?

Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 09:38
À : Openmeetings user-list
Objet : Re: Log-in and security

You need to set-up autostart for these services

On Fri, Jul 5, 2019, 14:04 Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm 
pretty sure I'll do it.

For the moment, I do not understand why I can not connect anymore to 
"https://domain.eu:5443/openmeetings; (while I can connect to 
"https://domain.eu") after I "shutdown -r 
now" the web server? It has been a full night since I typed after the "reboot":
sudo /etc/init.d/mysql start
sudo /etc/init.d/kurento-media-server start
sudo /etc/init.d/tomcat3 start

Did I forget something? Is there anywhere a log which could help?

Have a good day!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 04:18
À : Openmeetings user-list
Objet : Re: Log-in and security

Demo server uses Apache as frontend proxy
The config is here: 
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass

On Fri, 5 Jul 2019 at 03:51, Xavier M 
mailto:xa...@hotmail.com>> wrote:

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website 
"https://domain.eu" reachable). I 
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start


Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that 
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not 
establish a connection with this address...


Thank you all and have a good night,

Xavier


Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

PS: if you want to access to "permission denied" folders you need to switch to

Re: Kurento Port range

2019-07-05 Thread Maxim Solodovnik 
On demo server we have turn server configured
and only ports 443 and `Turnserver` are added to firewall exceptions

`Turnserver` are rules bundled with coturn

can be allowed via `ufw allow Turnserver`
you can check it using `ufw app info Turnserver`

On Fri, 5 Jul 2019 at 15:47, René Scholz 
wrote:

> Hello,
>
> I try to use OM5 behind a firewall.
>
> I open Port 5443 and .
> The access to the web-interface is functionally and as moderator I can
> open my camera and microphone. Both is working, I see the
> video and the green line is hopping funny when I sing a song...
>
> After I send a invitation to my 2nd-email-address I open it, but I see
> no camera-picture.
>
> What is wrong? Need Kurento himself a port-range too I have to open?
>
> BTW: I cant send a email to the same email-account I logged in. I get an
> "internal error" when I do something like that.
>
> Best regards,
>
> René
>


-- 
WBR
Maxim aka solomax

Re: new USB-camera Logitech Brio 4K

2019-07-05 Thread Maxim Solodovnik 
I only have very old cameras to test :(
You can check Kurento forum: https://groups.google.com/forum/#!forum/kurento

On Fri, 5 Jul 2019 at 13:49, René Scholz 
wrote:

> Hello Maxim,
>
> with local installed applications it works on USB2 and USB3.
>
> For the moment it's OK to use USB2 - it's really not necessary to use a
> 4k-videostream.
>
> Have anyone a USB3-Cam in use?
>
> Best regards,
>
> René
>
>
> Am 05.07.2019 um 04:23 schrieb Maxim Solodovnik:
>
> Is this camera works in other applications while connected to usb2?
>
> On Fri, 5 Jul 2019 at 01:35, R. Scholz 
> wrote:
>
>> Addendum:
>> coincidentally I use with the 4k-camera a "wrong" port - it was a USB2.
>> Anr: All is functionally.
>>
>> H, does anybody know if Kurento have a problem with USB3?
>> Or is the resolution too high?
>>
>> Best regards,
>>
>> René
>>
>>
>>
>> Am 04.07.2019 um 15:03 schrieb René Scholz:
>>
>> Hello,
>>
>> today my new 4K-camera "Logitech Brio" arrives.
>>
>> (Very nice to play. It feels al little bit like christmas.)
>>
>> When I try to select it in my OM5 I get the access-question in my
>> Firefox, thats OK.
>> Then the red bubble (bottom( appears with:  *NotReadableError:
>> Failed to allocate videosource.*
>>
>> When I use the internal Notebook-cam its  functionally. The notebook cam
>> and microphone works.
>>
>> Have anybody an idea?
>>
>> With best regards,
>>
>> René
>>
>>
>>
>
> --
> WBR
> Maxim aka solomax
>
>
>

-- 
WBR
Maxim aka solomax

Re: Is it time for 4.0.9/5.0.0-M2?

2019-07-05 Thread Maxim Solodovnik 
Hello Alvaro,
The file you are referring to doesn't exist :(

On Wed, 3 Jul 2019 at 16:39, Alvaro  wrote:

> ...Maxim, when i said "without internet connection" i mean
> the PC network tarjet it is not connected to router.
>
>
> ...
>
>
>
> El mié, 03-07-2019 a las 11:17 +0200, Alvaro escribió:
>
> Please Maxim, take a look:
>
>
> https://drive.google.com/file/d/1udJBFV064as7_OQ7q_zY7S-T65I7xpPA/view?usp=sharing
>
>
> -
>
>
>
> El mié, 03-07-2019 a las 12:34 +0700, Maxim Solodovnik escribió:
>
> Dear community,
>
> I would like to start release process for 4.0.9/5.0.0-M2
> Are there any objections?
>
> --
> WBR
> Maxim aka solomax
>
>

-- 
WBR
Maxim aka solomax

Re: OM-recording

2019-07-05 Thread Maxim Solodovnik 
What server OS do you have?
What version of Kurento do you have?
What customizations i.e. port protocol changes etc. were made?

On Wed, 3 Jul 2019 at 19:14, René Scholz 
wrote:

> Hello Maxim,
>
> I finished my new OM5-M2.
> Now Kurento and Tomcat runs at User "resch", I give "resch" rights onto
> /opt/open500": *sudo chown -R resch:resch /opt/open500*
>
> I start the recording a few seconds, make a line into the whiteboard, and
> stop the recording.
> All seems OK, the Button switches from "Start recording" to "Stop
> recording" and back.
>
> During the recording-time the Kurento-log appears every second:
> *...*
> *2019-07-03T14:06:26,154453 1338 0x7fd5e9993700 warning
> rtpsessionrtpsession.c:2805 rtp_session_process_rtcp()  got
> unknown RTCP packet*
> *2019-07-03T14:06:27,366303 1338 0x7fd5e9993700 warning
> rtpsessionrtpsession.c:2805 rtp_session_process_rtcp()  got
> unknown RTCP packet*
> *...*
>
> After pressing stop:
> *2019-07-03T14:06:30,586564 1338 0x7fd631074700   error
> KurentoUriEndpointImplUriEndpointImpl.cpp:179 stop()
>   Error: Already in state stop*
> *2019-07-03T14:06:30,588779 1338 0x7fd645c57280 warning
> recorderendpoint  kmsrecorderendpoint.c:555
> kms_recorder_endpoint_dispose()   warning: Recorder
> may have buffers to save*
> *2019-07-03T14:06:30,588870 1338 0x7fd645c57280 warning
> recorderendpoint  kmsrecorderendpoint.c:555
> kms_recorder_endpoint_dispose()   warning: Disposing
> recorder when it isn't stopped.*
>
> Have anybody an idea? Should I try another Linux as Ubuntu?
>
> Best regards,
>
> René
>
>
> Am 03.07.2019 um 13:16 schrieb Maxim Solodovnik:
>
> 1) I'm using user 'nobody'
>
> 2) I'll try to check
>
> 3) the jira was reported, I did nothing to address this due to
> personal reasons. Hopefully will have more time in following weeks, so I'll
> try to implement it in next version
>
>
> On Wed, Jul 3, 2019, 17:55 René Scholz 
> wrote:
>
>> Hello Maxim,
>>
>> to reproduce my current recording-problems I setup a complete new
>> OM5-M2-installation.
>>
>> 1.) As which user is it recommended to run tomcat and kurento?
>> (I know it must be the same user.)
>>
>> 2.) When I click (Firefox and Chrome) on the "share/record-button"
>> (right/top) the button is away.
>> That is OK, I see the window to record/share. But when I close the window
>> is away too.
>> I have to press F5 - or exit the room and enter again.
>>
>> 3.) A few weeks ago I made the suggestion og a "intro-picture" before the
>> moderatot enter the room.
>> Is there anything planned?
>>
>> Best regards,
>>
>> René
>>
>>
>> Am 03.07.2019 um 05:59 schrieb Maxim Solodovnik:
>>
>> Hello Rene,
>>
>> for whatever reason KMS fail to record stream to the disk :(
>> Can you check KMS logs?
>> Were you able to watch "screen stream" as another user while recording?
>>
>> On Tue, 2 Jul 2019 at 13:21, René Scholz <
>> rene.sch...@abakus-edv-systems.de> wrote:
>>
>>> Hello,
>>>
>>> when I start the recording the webm-files will be created, in the log I
>>> see that
>>> *INFO  07-02 08:16:05.654 o.a.o.c.r.KStream:241 [ventExec-e2-t23] -
>>> Recording started successfully*
>>>
>>> At recording the file-size is 0. That will be possible, the file is in
>>> use and open.
>>>
>>> When I stop the recording the file size is also 0.
>>>
>>> In the log appears:
>>> *ERROR 07-02 08:13:42.765 o.a.o.c.c.RecordingConverter:111
>>> [taskExecutor-2] - [startConversion]*
>>> *org.apache.openmeetings.core.converter.ConversionException:
>>> screenMetaData is Null recordingId 22*
>>>
>>> I dont know what I can try. Kurento and OM run as the same user.
>>> (I try to run both as "root" - so the programs have no limits.)
>>>
>>> Best regards,
>>>
>>> René
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>>
>>
>

-- 
WBR
Maxim aka solomax

Re: Log-in and security

2019-07-05 Thread Maxim Solodovnik 
I'm afraid this
I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
make no sense :(

Apache HTTPD will listen these ports and both OM and Kurento will be unable
to start since the port are already busy 

On Fri, 5 Jul 2019 at 17:37, Xavier M  wrote:

> Hi all,
>
> I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
> (and nothing into /etc/apache2/sites-enabled/000-default.conf)
>
> I can now access to "https://domain.eu:5443/openmeetings;, but with the
> error SSL_ERROR_RX_RECORD_TOO_LONG
> How can I solve it? Could it be due to the changes I made yesterday thanks
> to Stefan's help?
>
> *sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem
>  -inkey
> /etc/letsencrypt/live/domain.eu/privkey.pem 
> -out /opt/OM_Folder/conf/red5.p12 -name red5 -certfile
> /etc/letsencrypt/live/domain.eu/chain.pem *
>
>
> * sudo keytool -importkeystore -srcstorepass password -srckeystore
> /opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password
> -destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5*
>
> *sudo keytool -import -alias root -keystore
> /opt/OM_Folder/conf/keystore.jks -trustcacerts -file
> /etc/letsencrypt/live/domain.eu/chain.pem *
>
>
> * sudo cp -f /opt/OM_Folder/conf/keystore.jks
> /opt/OM_Folder/conf/trustscore.jks*
>
>
> * sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore
> (<- only if you have version 5.*)*
>
> Bis demnächst,
> Xavier
>
>
>
>
> --
> *De :* Xavier M 
> *Envoyé :* vendredi 5 juillet 2019 10:36
> *À :* user@openmeetings.apache.org
> *Objet :* RE: Log-in and security
>
> Hello Maxim,
>
> That's a good idea... I had already heard of it, but I still have to look
> how I do it. But it seems that I forgot something, since I can not access
> to Open Meetings since I "shutdown -r now" the server. Any idea of which
> command it is?
>
> Xavier
>
> --
> *De :* Maxim Solodovnik 
> *Envoyé :* vendredi 5 juillet 2019 09:38
> *À :* Openmeetings user-list
> *Objet :* Re: Log-in and security
>
> You need to set-up autostart for these services
>
> On Fri, Jul 5, 2019, 14:04 Xavier M  wrote:
>
> Hmm... It sounds a bit complicated for me, I have to make it "slowly". But
> I'm pretty sure I'll do it.
>
> For the moment, I do not understand why I can not connect anymore to "
> https://domain.eu:5443/openmeetings; (while I can connect to "
> https://domain.eu ") after I
> "shutdown -r now" the web server? It has been a full night since I typed
> after the "reboot":
> sudo /etc/init.d/mysql start
> sudo /etc/init.d/kurento-media-server start
> sudo /etc/init.d/tomcat3 start
>
> Did I forget something? Is there anywhere a log which could help?
>
> Have a good day!
> Xavier
>
> --
> *De :* Maxim Solodovnik 
> *Envoyé :* vendredi 5 juillet 2019 04:18
> *À :* Openmeetings user-list
> *Objet :* Re: Log-in and security
>
> Demo server uses Apache as frontend proxy
> The config is here:
> https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass
>
> On Fri, 5 Jul 2019 at 03:51, Xavier M  wrote:
>
> Ok, at the time being, I won't switch to root...
>
> I "sudo shutdown -r now" and waited. The server has gone on again (website
> "https://domain.eu " reachable). I
> connected through SSH and typed:
>
> sudo /etc/init.d/mysql start
> sudo /etc/init.d/tomcat3 start
>
>
> Now I'm waiting... But I can't connect at all to OpenMeetings with the URL
> that previously worked ("https://domain.eu:5443/openmeetings;): Firefox
> can not establish a connection with this address...
>
>
> Thank you all and have a good night,
>
> Xavier
>
>
> Le 04/07/2019 à 22:05, Stefan Kühl a écrit :
>
> Ok, please restart the server and it should work.
> If you use open500 as folder open500/conf is correct.
>
> Just restart it.
>
> Greetz
>
> Stefan
>
> PS: if you want to access to "permission denied" folders you need to
> switch to root, sudo won't work in this case. But be careful, keep in mind
> that you change the ownership if you change files as root.
>
>
> Bonne soiree
>
> Am 04.07.2019 21:57, schrieb Xavier M:
>
> Thank you!
>
>
> Each command line worked... But it did not change anything when I want to
> log in. Maybe shall I restart "a service"?
>
> NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory
> with a "keystore" file. But I have an "openmeetings" subdirectory too... to
> which I can not access (Permission denied).
>
>
> Greetings,
>
> Xavier
>
>
> Le 04/07/2019 à 21:35, Stefan Kühl a écrit :
>
> Yes, I'm sorry. Did this so many times and forgot an important point.
> First: the password is: password
>
> ;-)
>
>
> Let's go through the lines:
>
> "sudo openssl pkcs12 -export -in

RE: Log-in and security

2019-07-05 Thread Xavier M 
Hi all,

I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf (and 
nothing into /etc/apache2/sites-enabled/000-default.conf)

I can now access to "https://domain.eu:5443/openmeetings;, but with the error 
SSL_ERROR_RX_RECORD_TOO_LONG
How can I solve it? Could it be due to the changes I made yesterday thanks to 
Stefan's help?


sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file 
/etc/letsencrypt/live/domain.eu/chain.pem

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)


Bis demnächst,
Xavier





De : Xavier M 
Envoyé : vendredi 5 juillet 2019 10:36
À : user@openmeetings.apache.org
Objet : RE: Log-in and security

Hello Maxim,

That's a good idea... I had already heard of it, but I still have to look how I 
do it. But it seems that I forgot something, since I can not access to Open 
Meetings since I "shutdown -r now" the server. Any idea of which command it is?

Xavier


De : Maxim Solodovnik 
Envoyé : vendredi 5 juillet 2019 09:38
À : Openmeetings user-list
Objet : Re: Log-in and security

You need to set-up autostart for these services

On Fri, Jul 5, 2019, 14:04 Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm 
pretty sure I'll do it.

For the moment, I do not understand why I can not connect anymore to 
"https://domain.eu:5443/openmeetings; (while I can connect to 
"https://domain.eu") after I "shutdown -r 
now" the web server? It has been a full night since I typed after the "reboot":
sudo /etc/init.d/mysql start
sudo /etc/init.d/kurento-media-server start
sudo /etc/init.d/tomcat3 start

Did I forget something? Is there anywhere a log which could help?

Have a good day!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 04:18
À : Openmeetings user-list
Objet : Re: Log-in and security

Demo server uses Apache as frontend proxy
The config is here: 
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass

On Fri, 5 Jul 2019 at 03:51, Xavier M 
mailto:xa...@hotmail.com>> wrote:

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website 
"https://domain.eu" reachable). I 
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start


Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that 
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not 
establish a connection with this address...


Thank you all and have a good night,

Xavier


Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

PS: if you want to access to "permission denied" folders you need to switch to 
root, sudo won't work in this case. But be careful, keep in mind that you 
change the ownership if you change files as root.



Bonne soiree

Am 04.07.2019 21:57, schrieb Xavier M:

Thank you!


Each command line worked... But it did not change anything when I want to log 
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with 
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I 
can not access (Permission denied).


Greetings,

Xavier


Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First: 
the password is: password

;-)



Let's go through the lines:

"sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem"

Here you use the openssl library to export the the key from the letsencrypt 
certificate into the red5.p12 file and store it in youtr OM Folder (red5 is 
just an name - you could also

Kurento Port range

2019-07-05 Thread René Scholz 

Hello,

I try to use OM5 behind a firewall.

I open Port 5443 and .
The access to the web-interface is functionally and as moderator I can 
open my camera and microphone. Both is working, I see the

video and the green line is hopping funny when I sing a song...

After I send a invitation to my 2nd-email-address I open it, but I see 
no camera-picture.


What is wrong? Need Kurento himself a port-range too I have to open?

BTW: I cant send a email to the same email-account I logged in. I get an 
"internal error" when I do something like that.


Best regards,

René

RE: Log-in and security

2019-07-05 Thread Xavier M 
Hello Maxim,

That's a good idea... I had already heard of it, but I still have to look how I 
do it. But it seems that I forgot something, since I can not access to Open 
Meetings since I "shutdown -r now" the server. Any idea of which command it is?

Xavier


De : Maxim Solodovnik 
Envoyé : vendredi 5 juillet 2019 09:38
À : Openmeetings user-list
Objet : Re: Log-in and security

You need to set-up autostart for these services

On Fri, Jul 5, 2019, 14:04 Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm 
pretty sure I'll do it.

For the moment, I do not understand why I can not connect anymore to 
"https://domain.eu:5443/openmeetings; (while I can connect to 
"https://domain.eu") after I "shutdown -r 
now" the web server? It has been a full night since I typed after the "reboot":
sudo /etc/init.d/mysql start
sudo /etc/init.d/kurento-media-server start
sudo /etc/init.d/tomcat3 start

Did I forget something? Is there anywhere a log which could help?

Have a good day!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 04:18
À : Openmeetings user-list
Objet : Re: Log-in and security

Demo server uses Apache as frontend proxy
The config is here: 
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass

On Fri, 5 Jul 2019 at 03:51, Xavier M 
mailto:xa...@hotmail.com>> wrote:

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website 
"https://domain.eu" reachable). I 
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start


Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that 
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not 
establish a connection with this address...


Thank you all and have a good night,

Xavier


Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

PS: if you want to access to "permission denied" folders you need to switch to 
root, sudo won't work in this case. But be careful, keep in mind that you 
change the ownership if you change files as root.



Bonne soiree

Am 04.07.2019 21:57, schrieb Xavier M:

Thank you!


Each command line worked... But it did not change anything when I want to log 
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with 
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I 
can not access (Permission denied).


Greetings,

Xavier


Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First: 
the password is: password

;-)



Let's go through the lines:

"sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem"

Here you use the openssl library to export the the key from the letsencrypt 
certificate into the red5.p12 file and store it in youtr OM Folder (red5 is 
just an name - you could also use any other name)

"sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file 
/etc/letsencrypt/live/domain.eu/chain.pem"

by using keytool you import the certificate key by setting the password 
(-srcstorepass password -> deststorepass password) into the file keystore.jks 
and confirming the trust by the chain.pem

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks"

now creating the trustscore.jks by copying the keystore.jks

at least and only if you have OM 5.* installed:

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore"
this is neccesary because OM5-'looks only for keystore and not for 
keystore.jks. You can do "mv keystore.jks keystore" also. Otherwise you could 
update the config file to look for keystore.jks"

So if you will be asked for

Enter Export Password:
Verifying - Enter Export Password:

and again

Enter Import Password:
Verifying - Enter Import Password:

you need to enter password

Just to keep it simple, you can choose your own password, but keep in mind top 
change it within the command too;-)

Greetz

Stefan

Am 04.07.2019 21:18, schrieb

RE: Log-in and security

2019-07-05 Thread Xavier M 
Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm 
pretty sure I'll do it.

For the moment, I do not understand why I can not connect anymore to 
"https://domain.eu:5443/openmeetings; (while I can connect to 
"https://domain.eu") after I "shutdown -r 
now" the web server? It has been a full night since I typed after the "reboot":
sudo /etc/init.d/mysql start
sudo /etc/init.d/kurento-media-server start
sudo /etc/init.d/tomcat3 start

Did I forget something? Is there anywhere a log which could help?

Have a good day!
Xavier


De : Maxim Solodovnik 
Envoyé : vendredi 5 juillet 2019 04:18
À : Openmeetings user-list
Objet : Re: Log-in and security

Demo server uses Apache as frontend proxy
The config is here: 
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass

On Fri, 5 Jul 2019 at 03:51, Xavier M 
mailto:xa...@hotmail.com>> wrote:

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website 
"https://domain.eu" reachable). I 
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start


Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that 
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not 
establish a connection with this address...


Thank you all and have a good night,

Xavier


Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

PS: if you want to access to "permission denied" folders you need to switch to 
root, sudo won't work in this case. But be careful, keep in mind that you 
change the ownership if you change files as root.



Bonne soiree

Am 04.07.2019 21:57, schrieb Xavier M:

Thank you!


Each command line worked... But it did not change anything when I want to log 
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with 
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I 
can not access (Permission denied).


Greetings,

Xavier


Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First: 
the password is: password

;-)



Let's go through the lines:

"sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem"

Here you use the openssl library to export the the key from the letsencrypt 
certificate into the red5.p12 file and store it in youtr OM Folder (red5 is 
just an name - you could also use any other name)

"sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file 
/etc/letsencrypt/live/domain.eu/chain.pem"

by using keytool you import the certificate key by setting the password 
(-srcstorepass password -> deststorepass password) into the file keystore.jks 
and confirming the trust by the chain.pem

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks"

now creating the trustscore.jks by copying the keystore.jks

at least and only if you have OM 5.* installed:

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore"
this is neccesary because OM5-'looks only for keystore and not for 
keystore.jks. You can do "mv keystore.jks keystore" also. Otherwise you could 
update the config file to look for keystore.jks"

So if you will be asked for

Enter Export Password:
Verifying - Enter Export Password:

and again

Enter Import Password:
Verifying - Enter Import Password:

you need to enter password

Just to keep it simple, you can choose your own password, but keep in mind top 
change it within the command too;-)

Greetz

Stefan

Am 04.07.2019 21:18, schrieb Xavier M:

So...

After having changed the folder names, I entered the first command line to get:

Enter Export Password:
Verifying - Enter Export Password:

I wrote down a password - I guess I defined it at this step?


Then the second command line delivered:

Importing keystore /opt/open500/conf/red5.p12 to 
/opt/open500/conf/keystore.jks...
keytool error: java.io.IOException: keystore password was incorrect

Any idea of what happens and what I should do? I did not try the third command 
line.

By the way, can you explain me in a few words what I'm doing with

Re: new USB-camera Logitech Brio 4K

2019-07-05 Thread René Scholz 

Hello Maxim,

with local installed applications it works on USB2 and USB3.

For the moment it's OK to use USB2 - it's really not necessary to use a 
4k-videostream.


Have anyone a USB3-Cam in use?

Best regards,

René


Am 05.07.2019 um 04:23 schrieb Maxim Solodovnik:

Is this camera works in other applications while connected to usb2?

On Fri, 5 Jul 2019 at 01:35, R. Scholz 
> wrote:


Addendum:
coincidentally I use with the 4k-camera a "wrong" port - it was a
USB2.
Anr: All is functionally.

H, does anybody know if Kurento have a problem with USB3?
Or is the resolution too high?

Best regards,

René



Am 04.07.2019 um 15:03 schrieb René Scholz:

Hello,

today my new 4K-camera "Logitech Brio" arrives.

(Very nice to play. It feels al little bit like christmas.)

When I try to select it in my OM5 I get the access-question in my
Firefox, thats OK.
Then the red bubble (bottom( appears with:
/NotReadableError: Failed to allocate videosource./

When I use the internal Notebook-cam its  functionally. The
notebook cam and microphone works.

Have anybody an idea?

With best regards,

René





--
WBR
Maxim aka solomax