Try Live Demo

This blog post will help you to enable SSL for Ant Media Server with different methods. But the most exciting part is you will be able to install a free subdomain and your SSL certificate with a command on Ant Media Server. This feature is available in versions after 2.5.2 for enterprise users.

Enabling SSL is not mandatory for all cases. However,  it’s mandatory when requesting access to the mic and camera. It’s not mandatory for playing streams HTTPS and WSS (WebSocket Secure) are mandatory for Google Chrome to run WebRTC and WebSocket applications.

In addition, developers want to serve their content with a secure connection as well. The script in this post installs the Let’s Encrypt SSL certificate.

Enable SSL - Lets encrypt ssl ant media server

Enable SSL in Linux(Ubuntu, RockyLinux, Alma)

Let’s Encrypt

Let’s Encrypt is a free certificate authority developed by the Internet Security Research Group (ISRG).

If there is a service that uses 80 port, you need to disable it. If your system has Apache Web Server, you need to disable it first such a command below

sudo service apache2 stop

Make sure that your domain points to your server’s public IP address in the DNS records before running enable_ssl.sh script.

Option 1: Gets a free subdomain and install SSL with Let’s Encrypt

As I mentioned above, the most exciting part is that you have a subdomain and SSL certificate with one command.

If you do not have a domain name and want to install an SSL certificate, you can use this feature. With this feature, enterprise users will have a free domain name with the extension ams-[id].antmedia.cloud and the Let’s Encrypt certificate will be automatically installed. This feature is available in versions after 2.5.2

Go to the folder where Ant-Media-Server is installed. Default directory is /usr/local/antmedia

cd /usr/local/antmedia

Just call the enable_ssl.sh script without parameters.

sudo ./enable_ssl.sh

After a while, your subdomain and SSL certificate will be installed.

Option 2: Create a Let’s Encrypt certificate with your domain

Go to the folder where Ant-Media-Server is installed. Default directory is /usr/local/antmedia

cd /usr/local/antmedia

Call the enable_ssl.sh with your domain name

sudo ./enable_ssl.sh -d example.com

If Option 1 and Option 2 ‘s scripts return successfully, SSL will be installed on your server, you can use HTTPS through 5443. Like below

https://example.com:5443

Option 3: Use your own certificates

enable_ssl.sh script supports external fullchain.pem, chain.pem and privkey.pem files as in the following format

sudo ./enable_ssl.sh -f {FULL_CHAIN_FILE} -p {PRIVATE_KEY_FILE} -c {CHAIN_FILE} -d {DOMAIN_NAME} 

Ex:

sudo ./enable_ssl.sh -f yourdomain.crt -p yourdomain.key -c yourdomainchain.crt -d yourdomain.com
sudo ./enable_ssl.sh -f yourdomain.pem -p yourdomain.key -c yourdomainchain.pem -d yourdomain.com

If you disable any service that binds to 80 port such as Apache Web Server, enable it again

sudo service apache2 start

ATTENTION: If port 80 is used by some other process or it’s forwarded to some other port, enable_ssl.sh will not be successful. Please disable the process or delete the port forwarding temporarily before running the enable_ssl.sh script above

That’s all. I hope this small blog post will help you in enabling SSL. By the way, please let us know if you have a question or need help with this issue or any other one.

References

Categories: Tutorial

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published.