Wowza Streaming Engine Manager over https
May 7, 2018 Leave a comment
I am using let’s encrypt certificates for this how’to. First of all we install certbot and generate certificate for our domain.
# git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
# cd /opt/letsencrypt/ # ./letsencrypt-auto certonly --standalone -d origin01.streaming.sk Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for origin01.streaming.sk Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/origin01.streaming.sk/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/origin01.streaming.sk/privkey.pem Your cert will expire on 2018-01-22. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Now we need to convert generated certificate to .jks form. We use wowza-letsencrypt-converter for converting.Tool is looking for certifcate/key in default live folder.
# /usr/local/WowzaStreamingEngine/java/bin/java -jar /root/ssl/wowza-letsencrypt-converter-0.1.jar -v /usr/local/WowzaStreamingEngine/content/ /etc/letsencrypt/live/ Converting certificates: /etc/letsencrypt/live/ => /usr/local/WowzaStreamingEngine/content/ Reading origin01.dubnik.sk -> origin01.dubnik.sk Writing origin01.dubnik.sk.jks Writing jksmap.txt
Last step is edit WowzaStreamingEngineManager startup script.We just simply add folowing parmaeters to /usr/local/WowzaStreamingEngine/manager/bin/startmgr.sh file. We put the this parameters after –httpPort=8088.
--httpsPort=8090 --httpsKeyStore="/usr/local/WowzaStreamingEngine/content/origin01.streaming.sk.jks" --httpsKeyStorePassword="secret"
Now we can restart WowzaStreamingEngineManager and check https for WSE.
# systemctl restart WowzaStreamingEngineManager # netstat -tapn | grep -i 8090 tcp 0 0 0.0.0.0:8090 0.0.0.0:* LISTEN 15758/java