access airtime web interface in https
  • Vote Up2Vote Down Albert FRAlbert FR
    Posts: 1,978Member, Airtime Moderator
    a good way to do,

    but that's seem break airtime configuration for the moment (with 1.8.2, not try with 1.9.0)

    How can we do that ?

    thank's
    ----
    Je peux le faire ;) [Pour vous] / I can do it [For You] Gnu/Linux & Media Architect
    Co-founder NessRadio.com
  • 14 Comments sorted by
  • Vote Up2Vote Down Daniel JamesDaniel James
    Posts: 844Member, Sourcefabric Team
    Hi Alvaro, I have documented the approach of modifying Airtime's Apache configuration, based on Andrey's example above. It works for me and does not require the installation of pound:

    http://sourcefabric.booktype.pro/airtime-25-for-broadcasters/secure-login-with-ssl/

    Cheers!

    Daniel
  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
    you need just add new virtual host configuration with enabled ssl like this:
    <VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCertificateFile /etc/ssl/cert.pem
    SSLCertificateKeyFile /etc/ssl/key.pem
    SSLCACertificateFile /etc/ssl/cacert.pem
   ServerAdmin foo@bar.org
   DocumentRoot /var/www/airtime/public
   php_admin_value upload_tmp_dir /tmp

  <Directory /var/www/airtime/public>
      DirectoryIndex index.php
      AllowOverride all
      Order allow,deny
      Allow from all
  </Directory>
</VirtualHost>
  • Vote Up0Vote Down Albert FRAlbert FR
    Posts: 1,978Member, Airtime Moderator
    I'll do that, but airtime (rabbitQM) seems to be have some problems to access
    ----
    Je peux le faire ;) [Pour vous] / I can do it [For You] Gnu/Linux & Media Architect
    Co-founder NessRadio.com
  • Vote Up0Vote Down Martin KonecnyMartin Konecny
    Posts: 1,860Member
    Currently we don't support https for Airtime. We'd be interested in hearing if you get it working.
    Airtime Pro Hosting: http://airtime.pro
  • Vote Up0Vote Down Albert FRAlbert FR
    Posts: 1,978Member, Airtime Moderator
    In fact, that's not working .
    RabbitQM and LiquidSoap semms to have some problems to connect in https.

    But that's really a great thing if you can accept https for the next versions
    ----
    Je peux le faire ;) [Pour vous] / I can do it [For You] Gnu/Linux & Media Architect
    Co-founder NessRadio.com
  • Vote Up0Vote Down DesmondDesmond
    Posts: 9Member
    Well after fixing my rabbitmq issue failing to install. Everything is working well... but how ever uploading media under https it dose not display importing media and fails to show up.. but looking into the file directory it is there just not accessible.... tried to change the watch directories and import folder but with no success... works fine under plain access (80)... other than this everything else just works... as far as rabbitmq isn't that done on the back end (local loop) that what i think cause that was mentioned in another forum about versions 1.8 & 2.0, but just maybe so... I did try to change the conf files to reflect the port assignment everything else still worked but the media problem...

    Anyway going to try something out if it works i'll let you all know and how i did it  to see if it helps out.....
  • Vote Up0Vote Down DesmondDesmond
    Posts: 9Member
    well no luck..... :-?
  • Vote Up0Vote Down Martin KonecnyMartin Konecny
    Posts: 1,860Member
    Hi,

    If you enable https you will need to leave http running as well for the services such as media-monitor to continue running on port 80.

    Currently, because media-monitor and the webserver are communicating via localhost this shouldn't cause any problems. We have this on our TODO list but is a lower priority at the moment.


    Airtime Pro Hosting: http://airtime.pro
  • Vote Up0Vote Down Alvaro G.Alvaro G.
    Posts: 20Member
    Did you try to put something different in front, like a nginx or varnish server as an SSL frontend?

    It may work, I should try it...
  • Vote Up0Vote Down Alvaro G.Alvaro G.
    Posts: 20Member
    So I finally did it using 'pound' as a SSL frontend, which, at the same time, communicates in localhost to Apache.

    I've tested it connecting from outside the radio, through NAT, with only port 443 open. I uploaded media and played it back, with no problems.

    The detailed solution, on my blog:

    http://pierdelacabeza.com/maruja/2012/10/protecting-airtime-web-admin-with-ssl/
  • Vote Up0Vote Down Douglas ArellanesDouglas Arellanes
    Posts: 97Member
    Alvaro, thank you so much for this! I'm tweeting it right now!

    doug
    Douglas Arellanes
    Director of Innovation
    Sourcefabric, o.p.s.

    Find a way or make one.
  • Vote Up0Vote Down Andrey PodshivalovAndrey Podshivalov
    Posts: 1,526Member, Administrator, Sourcefabric Team
    hmm, it always worked and works on https://airtime-demo.sourcefanric.org
    As I said before it requires just an additional virtual host with ssl instructions. That's it.

  • Vote Up0Vote Down Alvaro G.Alvaro G.
    Posts: 20Member
    My fault, I didn't understand correctly one of the last posts, and didn't even try, went directly around to using pound.

    Anyway, it still os a good way of putting ssl in front without changing Airtime Apache config ;)

    I'll state it in my blog post in some minutes.
    Post edited by Alvaro G. at 2012-10-10 09:14:01
  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    There is many advantage though of using pound.

    I have even found If you put p0f on a server with pound you greater reduce the security risk

    Thanks @Daniel James it greatly enhace securing the interface
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
Add a Comment