Licode over HTTPS

#1

Hi,
I’ve been trying to run Licode over HTTPS but failing. The config changes I have done are below:

config.erizoController.hostname = ‘my_domain’;
config.erizoController.port = 443;
config.erizoController.ssl = true;

config.erizoController.listen_ssl = true;
config.erizoController.listen_port = 443;

config.erizoController.ssl_key = ‘/my/path/to/ssl.key’;
config.erizoController.ssl_cert = ‘/my/path/to/ssl.crt’;

After restarting Licode I get a CORS header error saying " A wildcard ‘*’ cannot be used in the ‘Access-Control-Allow-Origin’ header when the credentials flag is true".
So I set appropriate header for CORS in Nuve.js.
After that I got another error saying that “Credentials flag is ‘true’, but the ‘Access-Control-Allow-Credentials’ header is ‘’. It must be ‘true’ to allow credentials”.
Again I had to set Access-Control-Allow-Credentials header in Nuve.js.

At last I got error 401 from licode saying {“WWW-Authenticate”:“MAuth realm=“http://marte3.dit.upm.es””}.

Any help would be appreciated.
Thanks.

#2

Personally I have decided to use a reverse proxy. In that way you do not need to configure the certificates for node. Haproxy is an excellent alternative, but you can use Nginx or Apache for the purpose.

Have your clients using HTTPS and communicating to a suitable port. For example
config.erizoController.hostname = ‘my_domain’;
config.erizoController.port = 443; /* You may want to use some other port, however */
config.erizoController.ssl = true;

And then have your erizoController server listening in http and another port like 8080
config.erizoController.listen_ssl = false;
config.erizoController.listen_port = 8080;

Use the reverse proxy to drop encryption from incoming traffic and route it to 8080. The proxy will add encryption to the outgoing traffic and use the port 443 for communicating with the outside world.

In that way you will have encrypted traffic (https) between the proxy and the clients, but you are not required to configure node to use https. In addition, I find it much more convenient to handle the certificate files with only one application (the proxy).

#3

have you solve the proplems?