Skip to content

Commit

Permalink
Merge pull request ant-media#137 from ant-media/md/doc-updates
Browse files Browse the repository at this point in the history 
Update the document to include changes according to latest releases
  • Loading branch information
@timantmedia
timantmedia authored Oct 13, 2023
2 parents af8df8f + 12510c1 commit 05a6dc8
Show file tree
Hide file tree
Showing 4 changed files with 114 additions and 83 deletions.
27 changes: 16 additions & 11 deletions docs/guides/configuration-and-testing/ams-application-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,24 @@ Ant Media Server can be configured either by editing a configuration file or thr

The configuration is set on the application level and is stored in a file located at ```<AMS_DIR>/webapps/<AppName>/WEB-INF/red5-web.properties```.

The management panel allows some changes however, the file is much more extensive. See the [Application Settings Javadoc](https://antmedia.io/javadoc/io/antmedia/AppSettings.html) to find a complete list of all available settings.
The management panel allows changing all the application settings however, the file is much more extensive. See the [Application Settings Javadoc](https://antmedia.io/javadoc/io/antmedia/AppSettings.html) to find a complete list of all available settings.

## Management panel settings

Login to the Ant Media Server dashboard and click on the application you want to configure from the left hand menu. Then click on the settings tab.
Login to the Ant Media Server dashboard and click on the application you want to configure from the left-hand menu. Then click on the settings tab.

Highlighted below is how to enable VP8 encoding in the management panel.
There are two options here: *Basic* and *Advanced*

![](@site/static/img/configuration-and-testing/application-settings-dashboard.png)
Basic settings have some of the most used application settings and the other application settings are under the Advanced settings option.

Starting from Ant Media Server version 2.6.2, all the application settings for both Standalone mode and Cluster mode of Ant Media Server can be changed from the management panel itself.

![](@site/static/img/configuration-and-testing/application-settings.png)


## Application properties file

To edit the configuration file directly, navigate to the file located at ```<AMS_DIR>/webapps/<AppName>/WEB-INF/red5-web.properties``` and open it using your preferred editor.
The application settings can also be modified by editing the configuration file directly. Navigate to the file located at ```<AMS_DIR>/webapps/<AppName>/WEB-INF/red5-web.properties``` and open it using your preferred editor.

Highlighted below is how to enable VP8 encoding by editing the configuration file.

Expand All @@ -32,7 +37,7 @@ Highlighted below is how to enable VP8 encoding by editing the configuration fil

## Adding additional settings

If a configuration setting has not been added to the ```red5-web.properites``` file, simply append the setting to the configuration file.
If a configuration setting has not been added to the ```red5-web. properties `` file or under `Advanced` settings, simply append the setting to the configuration file or add it from the management panel.

Follow the steps below to add an additional setting:

Expand All @@ -49,19 +54,19 @@ The description of each setting confirms the type and default value. For example
private boolean aacEncodingEnabled
```

To confirm the function of the setting, additional information is provided in the description .
To confirm the function of the setting, additional information is provided in the description.

If aacEncodingEnabled is true, aac encoding will be active even if mp4 or hls muxing is not enabled, If aacEncodingEnabled is false,
aac encoding is only activated if mp4 or hls muxing is enabled in the settings, This value should be true if you're sending stream to
aac encoding is only activated if mp4 or hls muxing is enabled in the settings, This value should be true if you're sending a stream to
RTMP endpoints or enable/disable mp4 recording on the fly

### 3 Update the confguration file
### 3 Update the configuration file

To add an additional setting to the configuration file, open the applications ```red5-web.properties``` file located at ```<AMS_DIR>/webapps/<AppName>/WEB-INF/red5-web.properties```.
To add an additional setting to the configuration file, open the application settings, navigate to Advanced Settings on the management panel, or go to ```red5-web.properties``` file located at ```<AMS_DIR>/webapps/<AppName>/WEB-INF/red5-web.properties```.

Following the example of ```aacEncodingEnabled``` setting, the below can be appended to the file:

```java
settings.aacEncodingEnabled=false
```
```
82 changes: 45 additions & 37 deletions docs/guides/installing-on-linux/setting-up-ssl.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,43 +7,68 @@ sidebar_position: 2

# Setting up SSL for Ant Media Server

Setting up SSL is a mandatory task when requesting access to the microphone and camera. Also, you need to enable HTTPS and WSS (WebSocket Secure) for Chrome to run WebRTC and WebSocket applications.
Setting up SSL is a mandatory task when requesting access to the microphone and camera. Also, you need to enable HTTPS and WSS (WebSocket Secure) for Chrome to run WebRTC and WebSocket applications. In addition, developers want to serve their content with a secure connection as well.
There are several options to get the SSL certificate. Please choose the one appropriate for you.

In addition, developers want to serve their content with a secure connection as well. The script in this document installs **Let's Encrypt** SSL certificate, however you can also use your own SSL installation method.
## Option 1: Enabling SSL from the Web Panel
In previous versions, configuring SSL involved intricate steps, such as accessing the server through SSH and executing the `enable_ssl.sh` script from the installation directory `usr/local/antmedia`.

First, create an `A` record for your domain name in your DNS records. This way, your domain name will be resolved to your server's public IP address. Note that this guide is for Ubuntu systems, but there are several guides on the internet for other Linux distributions as well.
However, with the release of Ant Media Server version 2.6.2, we have streamlined the SSL enablement process, allowing users to seamlessly secure their media server directly from the AMS Web Panel. This empowers users to enable SSL with utmost ease and convenience.

- After [installaling the Ant Media Server](https://antmedia.io/docs/guides/installing-on-linux/installing-ams-on-linux/), login to the web panel and navigate to SETTINGS > SSL.
![](@site/static/img/ssl-webpanel/ssl-settings.png)

- In the drop-down select box named Type, choose among the various options to enable SSL like [using your own domain](https://antmedia.io/docs/guides/installing-on-linux/setting-up-ssl/#option-2-create-lets-encrypt-certificate-with-http-01-challenge), [free subdomain of antmedia.cloud](https://antmedia.io/docs/guides/installing-on-linux/setting-up-ssl/#option-1-gets-a-free-subdomain-and-install-ssl-with-lets-encrypt), or to [import your own certificate](https://antmedia.io/docs/guides/installing-on-linux/setting-up-ssl/#option-3-import-your-custom-certificate) and then click Activate to enable the SSL and restart your server.
![](@site/static/img/ssl-webpanel/ssl-options.png)

- This will start to enable SSL for your Ant Media Server.
![](@site/static/img/ssl-webpanel/enabling-ssl.png)

- The Ant Media Server instance will restart and the server can now be accessed securely with SSL enabled.
![](@site/static/img/ssl-webpanel/ssl-status.png)

## Option 2: Installing SSL using the Terminal

Apart from the web panel, SSL for the Ant Media Server can also be installed using the terminal and there are a number of ways to do it as per your specific use case and requirements.

Go to the folder where Ant Media Server is installed. Default directory is `/usr/local/antmedia`
### Get a free subdomain and install SSL with Let's Encrypt

If you do not have a domain name and want to install an SSL certificate, you can use this feature. With this feature, **enterprise users** will have a free domain name with the extension **ams-[id].antmedia.cloud**, and the Let's Encrypt certificate will be automatically installed. This feature is available in versions after 2.5.2

- Go to the folder where Ant Media Server is installed. The default directory is `/usr/local/antmedia`

```shell
cd /usr/local/antmedia
```

 If there is a service that uses 80 port, you need to disable it. For example, if your system has Apache web server, you need to disable it using:
- Run the `enable_ssh.sh` command to install the SSL.

```shell
sudo service apache2 stop
sudo ./enable_ssl.sh
```

There are several options to get the SSL certificate. Please choose the one appropriate for you.
### Create Let's Encrypt certificate with HTTP-01 challenge

## Option 1: Gets a free subdomain and install SSL with Let's Encrypt
The script in this document installs **Let's Encrypt** SSL certificate.

If you do not have a domain name and want to install an SSL certificate, you can use this feature. With this feature, **enterprise users** will have a free domain name with the extension **ams-[id].antmedia.cloud** and the Let's Encrypt certificate will be automatically installed. This feature is available in versions after 2.5.2
First, create an `A` record for your domain name in your DNS records. This way, your domain name will be resolved to your server's public IP address. Note that this guide is for Ubuntu systems, but there are several guides on the internet for other Linux distributions as well.

- If there is a service that uses port 80, you need to disable it. For example, if your system has Apache web server, you need to disable it using:

```shell
sudo ./enable_ssl.sh
sudo service apache2 stop
```
- Go to the folder where Ant Media Server is installed. The default directory is `/usr/local/antmedia`

## Option 2: Create Let's Encrypt certificate with HTTP-01 challenge

Call enable_ssl.sh with your domain name.
```shell
cd /usr/local/antmedia
```
- Run the `enable_ssh.sh` command to install the SSL.

```shell
sudo ./enable_ssl.sh -d example.com
```

## Option 3: Import your custom certificate
### Import your custom certificate

`enable_ssl.sh` script supports external fullchain.pem, chain.pem and privkey.pem files in the following format.

Expand All @@ -58,7 +83,7 @@ sudo ./enable_ssl.sh -f yourdomain.crt -p yourdomain.key -c yourdomainchain.crt
sudo ./enable_ssl.sh -f yourdomain.pem -p yourdomain.key -c yourdomainchain.pem -d yourdomain.com
```

## Option 4: Create Let's Encrypt certificate with DNS-01 challenge
### Create Let's Encrypt certificate with DNS-01 challenge

In this method, there will be no HTTP requests back to your server. This method is useful to create an SSL certificate in restricted environments such AWS Wavelength. This feature is available in versions after 2.4.0.2.

Expand Down Expand Up @@ -89,9 +114,9 @@ After you create the TXT record, press Enter to continue.

The process should be completed successfully if you set everything correctly.

## Option 5: Create Let's Encrypt certificate with DNS-01 challenge and Route 53
### Create Let's Encrypt certificate with DNS-01 challenge and Route 53

Let's Encrypt have some plugins to simplify the authorization. Route 53 plugin creates TXT records and deletes them after authorization is done. It's useful while creating instances in AWS Wavelength Zones, as HTTP-01 challenge does not work in AWS Wavelength zone due to its nature.
Let's Encrypt have some plugins to simplify the authorization. Route 53 plugin creates TXT records and deletes them after authorization is done. It's useful while creating instances in AWS Wavelength Zones, as the HTTP-01 challenge does not work in the AWS Wavelength zone due to its nature.

- Create a Policy (i.e. dns-challenge-policy) in IAM service with the following content. [Check this out if you don't know how to create a Policy](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-and-attach-iam-policy.html).

Expand Down Expand Up @@ -135,7 +160,7 @@ sudo ./enable_ssl.sh -d {DOMAIN_NAME} -v route53

- If everything is set up properly, you can access the server via **http://{DOMAIN_NAME}:5443**

If you disable a service that binds to 80 port such as Apache Web Server, enable it again.
If you disabled a service that binds to port 80 such as Apache Web Server, enable it again.

```shell
sudo service apache2 start
Expand All @@ -147,21 +172,4 @@ If the scripts above return successfully, SSL will be installed on your server,
https://example.com:5443
```

Note that if port 80 is used by another process or it's forwarded to another port, `enable_ssl.sh` command will not be successful. Please disable the process or delete the port forwarding temporarily before running the `enable_ssl.sh` script above.

## Enabling SSL from the Web Panel
In previous versions, configuring SSL involved intricate steps, such as accessing the server through SSH and executing the `enable_ssl.sh` script from the installation directory `usr/local/antmedia`.

However, with the release of Ant Media Server version 2.6.2, we have streamlined the SSL enablement process, allowing users to seamlessly secure their media server directly from the AMS Web Panel. This empowers users to enable SSL with utmost ease and convenience.

- After [installaling the Ant Media Server](https://antmedia.io/docs/guides/installing-on-linux/installing-ams-on-linux/), login to the web panel and navigate to SETTINGS > SSL.
![](@site/static/img/ssl-webpanel/ssl-settings.png)

- In the drop-down select box named Type, choose among the various options to enable SSL like [using your own domain](https://antmedia.io/docs/guides/installing-on-linux/setting-up-ssl/#option-2-create-lets-encrypt-certificate-with-http-01-challenge), [free subdomain of antmedia.cloud](https://antmedia.io/docs/guides/installing-on-linux/setting-up-ssl/#option-1-gets-a-free-subdomain-and-install-ssl-with-lets-encrypt), or to [import your own certificate](https://antmedia.io/docs/guides/installing-on-linux/setting-up-ssl/#option-3-import-your-custom-certificate) and then click Activate to enable the SSL and restart your server.
![](@site/static/img/ssl-webpanel/ssl-options.png)

- This will start to enable SSL for your Ant Media Server.
![](@site/static/img/ssl-webpanel/enabling-ssl.png)

- The Ant Media Server instance will restart and the server can now be accessed securely with SSL enabled.
![](@site/static/img/ssl-webpanel/ssl-status.png)
Note that if port 80 is used by another process or it's forwarded to another port, the `enable_ssl.sh` command will not be successful. Please disable the process or delete the port forwarding temporarily before running the `enable_ssl.sh` script above.
Loading

0 comments on commit 05a6dc8

Please sign in to comment.