[jitsi-users] Videobridge serving http content without exposing the REST API


#1

Hi,

We have a Jitsi-Videobridge with TCP 443 and UDP 10000 ports open to
the internet (no NAT). We'd like to also use that videobridge to serve
some web content on port 443.

Followed the instructions from
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md and
got it working, but then I figured out that the REST API is also being
served on 443.

Is there a way to set a different port, or disable or restrict access
only to the REST API, without affecting my web content?

Kind regards,
-- Alex


#2

Hi,

We have a Jitsi-Videobridge with TCP 443 and UDP 10000 ports open to
the internet (no NAT). We'd like to also use that videobridge to serve
some web content on port 443.

Followed the instructions from
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md and
got it working, but then I figured out that the REST API is also being
served on 443.

Is there a way to set a different port, or disable or restrict access
only to the REST API, without affecting my web content?

Kind regards,
-- Alex


#3

Hi Alex,

You can change the port for Jitsi's REST interface by adding/changing the following line in your configuration file:

org.jitsi.videobridge.rest.jetty.port=447

Cheers, Oliver.


#4

Hi Alex,

···

On 24/10/16 11:37, Alex Zanetti de Lima wrote:

Hi,

We have a Jitsi-Videobridge with TCP 443 and UDP 10000 ports open to
the internet (no NAT). We'd like to also use that videobridge to serve
some web content on port 443.

Followed the instructions from
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md and
got it working, but then I figured out that the REST API is also being
served on 443.

Is there a way to set a different port, or disable or restrict access
only to the REST API, without affecting my web content?

AFAIK this isn't currently possible. It does sound like a very useful feature.

Regards,
Boris


#5

Hi Alex,

I've just opened a PR[0,1] (specifically, see the updated docs in [1]) which separates the public and private parts of the HTTP interface. I think this is what you were looking for, so let me know if it works for you or if you have any suggestions.

[0] https://github.com/jitsi/jicoco/pull/25
[1] https://github.com/jitsi/jitsi-videobridge/pull/436

Regards,
Boris

···

On 24/10/2016 11:37, Alex Zanetti de Lima wrote:

Hi,

We have a Jitsi-Videobridge with TCP 443 and UDP 10000 ports open to
the internet (no NAT). We'd like to also use that videobridge to serve
some web content on port 443.

Followed the instructions from
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md and
got it working, but then I figured out that the REST API is also being
served on 443.

Is there a way to set a different port, or disable or restrict access
only to the REST API, without affecting my web content?

Kind regards,
-- Alex

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#6

Hi Oliver. Thanks for the reply.

This is the config I have inside sip-communicator.properties:

  org.jitsi.videobridge.rest.jetty.host=::
  org.jitsi.videobridge.rest.jetty.port=447

org.jitsi.videobridge.rest.jetty.ResourceHandler.resourceBase=/data/jitsi-videobridge/
  org.jitsi.videobridge.rest.jetty.RewriteHandler.regex=^/([a-zA-Z0-9]+)$
  org.jitsi.videobridge.rest.jetty.RewriteHandler.replacement=/
  org.jitsi.videobridge.rest.api.jetty.SSIResourceHandler.paths=/

The videobridge binds to the correct ports:

  # netstat -tunlp| grep java
  tcp6 0 0 10.0.95.52:443 :::*
LISTEN 28356/java
  tcp6 0 0 :::447 :::*
LISTEN 28356/java
  udp6 0 0 :::24873 :::*
       28356/java
  udp6 0 0 10.0.95.52:10000 :::*
       28356/java

But both the REST API and my static content (under /data/jitsi-videobridge)
is available under port 447.

  # curl -v http://localhost:447/about/health
  * About to connect() to localhost port 447 (#0)
  * Trying ::1...
  * Connected to localhost (::1) port 447 (#0)
  > GET /about/health HTTP/1.1
  > User-Agent: curl/7.29.0
  > Host: localhost:447
  > Accept: */*
  >
  < HTTP/1.1 200 OK
  < Date: Tue, 25 Oct 2016 14:30:21 GMT
  < Content-Type: application/json;charset=UTF-8
  < Access-Control-Allow-Origin: *
  < Content-Length: 0
  < Server: Jetty(9.2.10.v20150310)
  <
  * Connection #0 to host localhost left intact

  # curl -v http://localhost:447/index.html
  * About to connect() to localhost port 447 (#0)
  * Trying ::1...
  * Connected to localhost (::1) port 447 (#0)
  > GET /index.html HTTP/1.1
  > User-Agent: curl/7.29.0
  > Host: localhost:447
  > Accept: */*
  >
  < HTTP/1.1 200 OK
  < Date: Tue, 25 Oct 2016 14:32:42 GMT
  < Content-Type: text/html
  < Content-Length: 104
  < Server: Jetty(9.2.10.v20150310)
  <
  <!DOCTYPE html>
  <html>
    <head>
      <title>Test</title>
    </head>
    <body>
      <h1>Test</h1>
    </body>
  </html>
  * Connection #0 to host localhost left intact

I'd like to have only the static content available on 447, not the REST
API. Is it possible?

Cheers,
-- Alex

Hi Alex,

You can change the port for Jitsi's REST interface by adding/changing the

following line in your configuration file:

···

On Mon, Oct 24, 2016 at 7:50 PM, Oliver Hausler <oliver@closeup.cc> wrote:

org.jitsi.videobridge.rest.jetty.port=447

Cheers, Oliver.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#7

Hi,

Being able to turn on/off the /colibri/* REST API endpoints is enough for us.

Created this PR with a small change to the videobridge:

https://github.com/jitsi/jitsi-videobridge/pull/351

Hope it's useful to other folks.

Kind regards,
-- Alex

···

On Wed, Oct 26, 2016 at 12:29 AM, Boris Grozev <boris@jitsi.org> wrote:

Hi Alex,

On 24/10/16 11:37, Alex Zanetti de Lima wrote:

Hi,

We have a Jitsi-Videobridge with TCP 443 and UDP 10000 ports open to
the internet (no NAT). We'd like to also use that videobridge to serve
some web content on port 443.

Followed the instructions from
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md and
got it working, but then I figured out that the REST API is also being
served on 443.

Is there a way to set a different port, or disable or restrict access
only to the REST API, without affecting my web content?

AFAIK this isn't currently possible. It does sound like a very useful
feature.


#8

Hi Boris,

Cool! Having the ability to serve public/private contents on different
ports is great! I also checked that you didn't remove the config for
disabling just the /colibri endpoints in the videobridge private
server, which is still nice to have.

Both patches look good to me.

Thanks,
-- Alex

···

On Thu, Mar 23, 2017 at 9:33 PM, Boris Grozev <boris@jitsi.org> wrote:

Hi Alex,

I've just opened a PR[0,1] (specifically, see the updated docs in [1]) which
separates the public and private parts of the HTTP interface. I think this
is what you were looking for, so let me know if it works for you or if you
have any suggestions.

[0] https://github.com/jitsi/jicoco/pull/25
[1] https://github.com/jitsi/jitsi-videobridge/pull/436

Regards,
Boris

On 24/10/2016 11:37, Alex Zanetti de Lima wrote:

Hi,

We have a Jitsi-Videobridge with TCP 443 and UDP 10000 ports open to
the internet (no NAT). We'd like to also use that videobridge to serve
some web content on port 443.

Followed the instructions from
https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md and
got it working, but then I figured out that the REST API is also being
served on 443.

Is there a way to set a different port, or disable or restrict access
only to the REST API, without affecting my web content?

Kind regards,
-- Alex

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#9

Sorry, I don't know. You should be able to modify Jetty's rewrite handler so that it only captures part of the content. But I have never tried.

···

From: dev [mailto:dev-bounces@jitsi.org] On Behalf Of Alex Zanetti de Lima
Sent: Tuesday, October 25, 2016 07:38
To: Jitsi Developers <dev@jitsi.org>
Subject: Re: [jitsi-dev] Fwd: Videobridge serving http content without exposing the REST API

Hi Oliver. Thanks for the reply.

This is the config I have inside sip-communicator.properties:

  org.jitsi.videobridge.rest.jetty.host=::
  org.jitsi.videobridge.rest.jetty.port=447
  org.jitsi.videobridge.rest.jetty.ResourceHandler.resourceBase=/data/jitsi-videobridge/
  org.jitsi.videobridge.rest.jetty.RewriteHandler.regex=^/([a-zA-Z0-9]+)$
  org.jitsi.videobridge.rest.jetty.RewriteHandler.replacement=/
  org.jitsi.videobridge.rest.api.jetty.SSIResourceHandler.paths=/

The videobridge binds to the correct ports:

  # netstat -tunlp| grep java
  tcp6 0 0 10.0.95.52:443<http://10.0.95.52:443> :::* LISTEN 28356/java
  tcp6 0 0 :::447 :::* LISTEN 28356/java
  udp6 0 0 :::24873 :::* 28356/java
  udp6 0 0 10.0.95.52:10000<http://10.0.95.52:10000> :::* 28356/java

But both the REST API and my static content (under /data/jitsi-videobridge) is available under port 447.

  # curl -v http://localhost:447/about/health
  * About to connect() to localhost port 447 (#0)
  * Trying ::1...
  * Connected to localhost (::1) port 447 (#0)
  > GET /about/health HTTP/1.1
  > User-Agent: curl/7.29.0
  > Host: localhost:447
  > Accept: */*
  >
  < HTTP/1.1 200 OK
  < Date: Tue, 25 Oct 2016 14:30:21 GMT
  < Content-Type: application/json;charset=UTF-8
  < Access-Control-Allow-Origin: *
  < Content-Length: 0
  < Server: Jetty(9.2.10.v20150310)
  <
  * Connection #0 to host localhost left intact

  # curl -v http://localhost:447/index.html
  * About to connect() to localhost port 447 (#0)
  * Trying ::1...
  * Connected to localhost (::1) port 447 (#0)
  > GET /index.html HTTP/1.1
  > User-Agent: curl/7.29.0
  > Host: localhost:447
  > Accept: */*
  >
  < HTTP/1.1 200 OK
  < Date: Tue, 25 Oct 2016 14:32:42 GMT
  < Content-Type: text/html
  < Content-Length: 104
  < Server: Jetty(9.2.10.v20150310)
  <
  <!DOCTYPE html>
  <html>
    <head>
      <title>Test</title>
    </head>
    <body>
      <h1>Test</h1>
    </body>
  </html>
  * Connection #0 to host localhost left intact

I'd like to have only the static content available on 447, not the REST API. Is it possible?

Cheers,
-- Alex

On Mon, Oct 24, 2016 at 7:50 PM, Oliver Hausler <oliver@closeup.cc<mailto:oliver@closeup.cc>> wrote:

Hi Alex,

You can change the port for Jitsi's REST interface by adding/changing the following line in your configuration file:

org.jitsi.videobridge.rest.jetty.port=447

Cheers, Oliver.

_______________________________________________
dev mailing list
dev@jitsi.org<mailto:dev@jitsi.org>
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev