Encrypting traffic between Edge and Origin Server on 8506.

Issue:

Encrypting traffic between Edge and Origin Server on 8506.

Solution:

By default, the traffic between external edge and origin server is in clear. To encrypt that, follow the steps below:

Step 1:

On the remote Edge servers, edit: /breeze/edgeserver/win32/conf/_defaultRoot_/_defaultVhost_/vHost.xml:

replace:
<RouteTable protocol=""> with
<RouteTable protocol="rtmps">
replace:
<RouteEntry></RouteEntry> with
<RouteEntry protocol="rtmps">*:*;*:*</RouteEntry>

Step 2:

Secure the 8506 traffic at the Origin server on 8506 exactly as though it were client traffic inbound to port 1935 except using port 8506 instead.

On the origin servers (or on the origin’s SSL accelerator), encrypt the inbound Edge to origin traffic on port 8506. The example below shows an stunnel.conf file on origin server, add for the IP receiving rtmp traffic on the meeting server VIP:

#[rtmps-vip for Origin]

accept = 10.40.2.54:8506

connect =InternalIP02:8506

 

Note:

One caveat with this technique of doing SSL, is that when you view the RTMP sequence from within a test meeting (Help>Shift>About Adobe Connect) the second leg of the RTMP sequence will read RTMP even though it is actually RTMPS. We are testing for a means to adjust that output, but it is very trivial as the first leg does read RTMPS and adjudicates both legs.

Comments are closed.