Ubuntu 16.04 Setup and SSL Help

OpenVidu v2 Issues with deployment
1

I have followed the steps in the url for “Deploying-Ubuntu”
https://openvidu.io/docs/deployment/deploying-ubuntu/

I can start the java via ssh, but if I reboot the server it needs restarting again.
how can i set it to start on bootup ?

I have got it running on a public IP Address but can’t see how to get it to use a FQDN

Also the ubuntu 16.04 server is using Webmin to manage it and Letsencrypt for SSL
how to I configure openvidu to use the letsencrypt ssl.

3

Hello Benjamin!

About your first question, you can automate the start of the application by creating a file: /etc/rc.local and put there the command that you want to run on startup:

For example you can put in your rc.local:

#!/bin/sh -e

# Start services
systemctl start kurento-media-server 
systemctl start redis-server
systemctl start coturn

# Start openvidu jar
(
  cd /home/ubuntu/somefolder # Your openvidu directory
  java -jar -Dopenvidu.secret=YOUR_SECRET -Dopenvidu.publicurl=https://YOUR_MACHINE_PUBLIC_IP:4443/ openvidu-server-{VERSION}.jar
)

About your last question, you have two options to do this.

  • Option1: A reverse proxy like nginx. This aproach is better if you have several services in this machine. There are several tutorials on the web to do this.
  • Option2: Use the embebbed tomcat in the application for your certificate. This is the easer way. You can follow this steps:
  1. Use certbot to create your letsencrypt certificate. (You need python installed):
git clone https://github.com/certbot/certbot
cd certbot
  1. Generate your certificate:
./certbot-auto certonly -a standalone \
     -d <your_domain>
  1. Generate PKCS12 files from PEM files:
    Go to /etc/letsencrypt/live/<your_domain>

And execute this:

openssl pkcs12 -export -in fullchain.pem \ 
    -inkey privkey.pem \ 
    -out keystore.p12 
    -name my_cert_alias \
    -CAfile chain.pem \
    -caname root

Now, you will have a file in this directory with called keystore.p12. This keystore can be used in your jar application.

I don’t know how you’re running your application, but an example to use this certificate is:

java -jar -Dopenvidu.secret=MY_SECRET -Dserver.ssl.key-store=/etc/letsencrypt/live/<your_domain>/keystore.p12 -Dserver.ssl.key-store-password=MY_KEYSTORE_SECRET -Dserver.ssl.key-alias=my_cert_alias openvidu-server-2.11.0.jar

You can automate all this process and use nginx with our cloudformation, and configure easily these kind of things. I recommend this option: https://openvidu.io/docs/deployment/deploying-aws/.

References:
https://www.heydari.be/spring-boot-application-secured-by-a-lets-encrypt-certificate/

Best Regards,
Carlos.

2 Likes
4

Thanks heaps Carlos,
worked a treat.

1 Like