HTTPS embeds

[ofadam]

What would be the easiest/best way to get an HTTPS embed out of rtsp-stream? I'm running into issues embedding on a secure site.

[bigjohnson]

I've just embedded it on a https site behind an apache webserver that act as a reverse proxy with autentication and works great!

[tlonovoi]

how did you do that?...

[bigjohnson]

<VirtualHost *:443>

#   General setup for the virtual host
DocumentRoot "/htdocs/rtspstream.pippo.it"
ServerName rtspstream.pippo.it:443
#ServerAdmin admin@pippo.it
    ProxyRequests Off
    ProxyPreserveHost On
    SSLProxyEngine on
        Alias "/.well-known/" "/htdocs/rtspstream.pippo.it/.well-known/"
        Alias "/index.html"  "/htdocs/rtspstream.pippo.it/index.html"
        <Directory /htdocs/rtspstream.pippo.it>
                AllowOverride None
                Require all granted
        </Directory>

        ProxyPassMatch ^/.well-known/ !
        ProxyPassMatch ^/index.html !
        ProxyPassMatch ^/libs/ !
        ProxyPassMatch ^/$ !
        ProxyPass / http://localhost:8080/
        ProxyPassReverse  / http://localhost:8080/

SSLCertificateFile /etc/letsencrypt/live/rtspstream.pippo.it/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/rtspstream.pippo.it/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rtspstream.pippo.it/privkey.pem

ErrorLog /etc/httpd/logs/ssl_rtspstream.pippo.it.error.log

CustomLog /etc/httpd/logs/ssl_rtspstream.pippo.it.access.log ssllog env=!dontlog
CustomLog /etc/httpd/logs/ssl_rtspstream.pippo.it.request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_COMPRESS_METHOD}x \"%r\" %b %{cookie}n" env=!dontlog

    <Location />
             IndexOptions NameWidth=*
             AuthName "Reserved area"
             AuthType Basic
             require user user
             SSLRequireSSL
             AuthBasicProvider "google_authenticator"
             GoogleAuthUserPath /etc/httpd/ga_auth
             GoogleAuthCookieLife 3600
             GoogleAuthEntryWindow 2
    </Location>

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. Use
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


</VirtualHost>

[tlonovoi]

OMG... so complicated
we are using shared hosting, not sure we can implement it...