Running Apache OpenMeetings with Nginx Reverse Proxy?

5
votes

I am trying to install Apache OpenMeetings. I however wants to use Nginx as the reverse proxy to run the application on port 443 using Let's Encrypt free SSL.

If I try to load the application on port 5080, I successfully get the interface, but when try using the domain name on port 443 HTTPS, It is not loading the resources.

Image with Errors.

Here's my nginx virtual host file.

upstream openmeetings {
server 127.0.0.1:5080;
}

server {
    listen 80;
    server_name openmeetings.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name openmeetings.example.com;

    ssl_certificate           /etc/letsencrypt/live/openmeetings.example.com/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/openmeetings.example.com/privkey.pem;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log  /var/log/nginx/openmeetings.access.log;

location / {
        proxy_pass http://openmeetings;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;
    }
  }
2
nginxproxyreverse-proxyopenmeetings
Did you write literally proxy_pass http://openmeetings; or are you just trying to hide your local domain name? - Dmitri Chubarov
I just want to run this application on https://openmeetings.mydomain.cominstead of http://openmeetings.mydomain.com:5080. , I was just trying this configuration but it does not work. Some websocket problem I guess. If you can help with the Nginx configuration, I will be thankful. - Campo Popo
what openmeetings version is it? 5? - Psychozoic

2 Answers

0
votes

I faced same problem. (vit Openmeetings 5.0.0-M4) I found next:

Openmeetings use ajax over WebSocket.

adding 

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

to http section

and

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

to location

It solve status 400 problem

Then I meet problem with Content Security Policy

I feel like connect-src policy configured automatic on first connect to server. So after change used domain I need restart Openmeetings.

Problem with media stream play

On Check setup recording produce long browser console message ending with

onaddstream is deprecated! Use peerConnection.ontrack instead.

...

Remote ICE candidate received

Look like it incompatibility with old Firefox 54.0 on Linux

On latest Firefox 75.0 on Windows it works!

0
votes

It is also necessary to rewrite server.xml referring to

nginx managed SSL with Tomcat 7

<Valve className="org.apache.catalina.valves.RemoteIpValve"
           remoteIpHeader="x-forwarded-for"
           remoteIpProxiesHeader="x-forwarded-by"
           protocolHeader="x-forwarded-proto"
    />