Tuesday, May 29, 2012

Big Blue Button Test Server is up!

Big Blue Button (BBB) test server in Seneca is up. Please spread the word and let Senecans use it and give us feed back.

The URL for the server is https://bbb.senecac.on.ca

You can read about BBB at Seneca CDOT Wiki and also at bigbluebutton.org

Please note that this is a test server, therefore the SSL certificate is self-signed, so if you get a warning, it is normal! Also, the server may go through update, builds and so on; so although we ask and encourage you to use it, make sure you don't rely on it as your only solution for lectures and conferences (always have a backup plan),

And again contact the contributors for any concern, suggestion, etc...

Thanks Javascript!!!

After having problem detecting a secure connection in Nginx/Tomcat, I did an easy work-around using java script!!!:

<script type="text/javascript">
if (window.location.protocol != "https:") {
   window.location = '<%=SecureLandingURL%>';

Tomcat 6 under secured Nginx?

In Big Blue Button Tomcat 6 is used under Nginx.
Tomcat documentation for "SSL - How to" in "SSL and Tomcat" section, clames that:
"It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself."
If Tomcat "knows" that communications are secure, how come "request.isSecure()" returns "false"?

update: Javascript Solution

Monday, May 28, 2012

Enabling Nginx SSL with a self-singed certificate for testing on Ubuntu 10.04

To enable secure connections to your test Nginx server (https) you first need to create a self-singed certificate.
Here are the steps: (you can have them created anywhere, but having them in /etc/ssl is standard)
1- Create a Certificate Signing Request (CSR):
$sudo openssl genrsa -des3 -out YourServerName.key 1024
You will be asked for a pass-phrase; while this makes the key secure, but for web-servers this may be inconvenient .  Because each time you restart the server, you should enter the pass phrase again. So for dev environments probably you want to have an  insecure key.

2- Create the insecure key and switch key names:
$sudo openssl rsa -in YourServerName.key -out YourServerName.key.insecure
$sudo mv YourServerName.key YourServerName.key.secure
$sudo mv YourServerName.key.insecure YourServerName.key

3- Create the CSR:
$sudo openssl req -new -key YourServerName.key -out YourServerName.csr

4- Create the Self-Signed Certificate:
$sudo openssl x509 -req -days 365 -in YourServerName.csr -signkey YourServerName.key -out YourServerName.crt

5- Add the following to your host file configuration to the server section under "listen 80;":
(in case of big blue button it is in : /etc/nginx/sites-available/bigbluebutton)

listen   443;
ssl    on;
ssl_certificate    /etc/ssl/YourServerName.crt;
ssl_certificate_key    /etc/ssl/YourServerName.key;

6- restart nginx

Wednesday, May 23, 2012

Seneca BBB landing page and SSL Certificates on Ubuntu 10.04

Now that the landing page / application of BBB in Seneca is ready to be tested, I need to install a self signed SSL certificate to be able to test it securely. I haven't done any linux admin before but, So far installing a certificate in Ubuntu seems to be pretty easy. Now I need to learn about nginx / tomcat and see how can I set them up so they can use the certificate and protect the login page behind https protocol...