Launch OvenSpace (Advanced) #3
Description
Hi!
I am trying to run ovenspace with TLS certificates and Nginx but the OvenmediaEngine server returns the following error:
[[2022-03-09 17:20:30.157] E [SPAPIServer-T80:1916] OpenSSL | tls.cpp:193 | An error occurred while accept SSL connection: [OpenSSL] error:0A000418:SSL routines::tlsv1 alert unknown ca (167773208)
[2022-03-09 17:20:30.158] E [SPAPIServer-T80:1916] OpenSSL | tls_server_data.cpp:108 | An error occurred while accept TLS connection: error code: 1]
I detail below the steps followed and the configuration set up.
NGINX CONFIGURATION
First I set up the recommended NGINX configuration and restart NGINX.
server {
listen 443 ssl;
server_name my_domain;
ssl_certificate /your/path/to/my_cert_file.crt;
ssl_certificate_key /your/path/to/my_key_file.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:5000;
}
location /socket.io {
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://127.0.0.1:5000/socket.io;
}
}
server {
listen 80;
server_name my_domain;
rewrite ^(.*) https://my_domain$1 permanent;
}
I generated the self-signed certificates with openssl for the machine, where server_name is the name of the machine.
OVENMEDIAENGINE CONFIGURATION
After that I make OvenMediaEngine's REST API Server, WebRTC Provider, and WebRTC Publisher work with TLS and restart OvenMediaEngine.
<Managers>
<Host>
<Names>
<Name>*</Name>
</Names>
<TLS>
<CertPath>path/to/my_cert_file.crt</CertPath>
<KeyPath>path/to/my_cert_file.crt</KeyPath>
<!-- <ChainCertPath>airensoft_com_chain.crt</ChainCertPath> -->
</TLS>
</Host>
<API>
<AccessToken>my_access_token</AccessToken>
</API>
</Managers>
<Domain>
<Names>
<Name>*</Name>
</Names>
<TLS>
<CertPath>path/to/my_cert_file.crt</CertPath>
<KeyPath>path/to/my_key_file.key</KeyPath>
<!-- <ChainCertPath>path/to/file.crt</ChainCertPath> -->
</TLS>
</Domain>
Finally, I set up the OvenSpace configuration and run the .py file.
OVENSPACE CONFIGURATION
Finally, I set up the OvenSpace configuration and run the .py file.
OME_HOST = 'machine_name'
OME_API_ENABLE_TLS = 'true'
OME_API_PORT = '8082'
OME_API_ACCESS_TOKEN = 'access-token'
OME_VHOST_NAME = 'default'
OME_APP_NAME = 'app'
OME_STREAM_NAME = 'stream'
OME_WEBRTC_PROVIDER_ENABLE_TLS = 'true'
OME_WEBRTC_PROVIDER_PORT = '8333'
OME_WEBRTC_PUBLISHER_ENABLE_TLS = 'true'
OME_WEBRTC_PUBLISHER_PORT = '8333'
BROWSER CONSOLE
When I access the address 'https://machine_name' from the browser, it returns the following error in the browser console:
[/getStreams:1 Failed to load resource: the server responded with a status of 500 (INTERNAL SERVER ERROR)
ovenspace.js:486 Could not get streams from OME.]
OVENSPACE LOGS
The OvenSpace logs are follows:
- Restarting with stat
- Debugger is active!
- Debugger PIN: 327-571-840
(1969) wsgi starting up on http://0.0.0.0:5000
(1969) accepted ('127.0.0.1', 36050)
127.0.0.1 - - [09/Mar/2022 17:19:59] "GET / HTTP/1.0" 200 7553 0.006798
(1969) accepted ('127.0.0.1', 36052)
127.0.0.1 - - [09/Mar/2022 17:19:59] "GET /static/css/ovenspace.css HTTP/1.0" 30 4 163 0.002619
(1969) accepted ('127.0.0.1', 36054)
127.0.0.1 - - [09/Mar/2022 17:19:59] "GET /static/img/ovenspace_bi.svg HTTP/1.0" 304 166 0.001761
(1969) accepted ('127.0.0.1', 36056)
127.0.0.1 - - [09/Mar/2022 17:19:59] "GET /static/js/ovenspace.js HTTP/1.0" 304 162 0.001767
(1969) accepted ('127.0.0.1', 36058)
127.0.0.1 - - [09/Mar/2022 17:19:59] "GET /favicon.ico HTTP/1.0" 404 375 0.00051 0
(1969) accepted ('127.0.0.1', 36060)
(1969) accepted ('127.0.0.1', 36062)
127.0.0.1 - - [09/Mar/2022 17:20:02] "GET /getStreams HTTP/1.0" 500 443 0.027744
(1969) accepted ('127.0.0.1', 36064)
127.0.0.1 - - [09/Mar/2022 17:20:02] "GET /getStreams HTTP/1.0" 500 443 0.011921
(1969) accepted ('127.0.0.1', 36066)
127.0.0.1 - - [09/Mar/2022 17:20:02] "GET /static/img/ovenspace.ico HTTP/1.0" 30 4 163 0.001610
(1969) accepted ('127.0.0.1', 36068)
127.0.0.1 - - [09/Mar/2022 17:20:05] "GET /getStreams HTTP/1.0" 500 443 0.015352
(1969) accepted ('127.0.0.1', 36070)
127.0.0.1 - - [09/Mar/2022 17:20:07] "GET /static/img/ovenspace.ico HTTP/1.0" 30 4 163 0.001209
(1969) accepted ('127.0.0.1', 36072)
127.0.0.1 - - [09/Mar/2022 17:20:07] "GET /getStreams HTTP/1.0" 500 443 0.012447
(1969) accepted ('127.0.0.1', 36074)
127.0.0.1 - - [09/Mar/2022 17:20:10] "GET /getStreams HTTP/1.0" 500 443 0.012753
(1969) accepted ('127.0.0.1', 36076)
127.0.0.1 - - [09/Mar/2022 17:20:12] "GET /getStreams HTTP/1.0" 500 443 0.015085
(1969) accepted ('127.0.0.1', 36078)
127.0.0.1 - - [09/Mar/2022 17:20:14] "GET /static/css/ovenspace.css HTTP/1.0" 30 4 163 0.001055
(1969) accepted ('127.0.0.1', 36080)
127.0.0.1 - - [09/Mar/2022 17:20:15] "GET /getStreams HTTP/1.0" 500 443 0.012835
(1969) accepted ('127.0.0.1', 36084)
127.0.0.1 - - [09/Mar/2022 17:20:17] "GET /getStreams HTTP/1.0" 500 443 0.014948
(1969) accepted ('127.0.0.1', 36086)
127.0.0.1 - - [09/Mar/2022 17:20:20] "GET /getStreams HTTP/1.0" 500 443 0.011937
(1969) accepted ('127.0.0.1', 36088)
127.0.0.1 - - [09/Mar/2022 17:20:22] "GET /getStreams HTTP/1.0" 500 443 0.013110
(1969) accepted ('127.0.0.1', 36090)
127.0.0.1 - - [09/Mar/2022 17:20:25] "GET /getStreams HTTP/1.0" 500 443 0.012097
(1969) accepted ('127.0.0.1', 36092)
127.0.0.1 - - [09/Mar/2022 17:20:27] "GET /getStreams HTTP/1.0" 500 443 0.011840
(1969) accepted ('127.0.0.1', 36094)
127.0.0.1 - - [09/Mar/2022 17:20:30] "GET /getStreams HTTP/1.0" 500 443 0.015287
127.0.0.1 - - [09/Mar/2022 17:20:31] "GET /socket.io/?EIO=4&transport=websocket HTTP/1.1" 200 0 28.837320
OVENMEDIAENGINE LOGS
Furthermore, in the OvenMediaEngine logs, I get the error mentioned at the beginning of this message:
[[2022-03-09 17:20:30.157] E [SPAPIServer-T80:1916] OpenSSL | tls.cpp:193 | An error occurred while accept SSL connection: [OpenSSL] error:0A000418:SSL routines::tlsv1 alert unknown ca (167773208)
[2022-03-09 17:20:30.158] E [SPAPIServer-T80:1916] OpenSSL | tls_server_data.cpp:108 | An error occurred while accept TLS connection: error code: 1]