I remember I have spent really long time about enabling SSL on my first try. It may take one or two days for me. Its my giftedness 🙂 Luckily, we have prepared a script to make enabling SSL on Ant Media Server very easy. It probably does not take more than 5 minutes. You just need to type one command.
The script I have been mentioning (enable_ssl.sh) will be available for 1.2.1+ version which is not published yet.
Then Why I am writing this blog post in advance, because Ant Media Server 1.2.0 has low latency 1:N WebRTC solution and it requires SSL in other words https and wss  to run WebRTC applications on remote Ant Media Server instances.
Anyway, If you use 1.2.1+ version, you just need to go to the installation directory and call the enable_ssl.sh script to enable ssl on Ant Media Server. Btw, make sure 80 port is not blocked on your firewall.
# go to the installation directory cd /usr/local/antmedia # call enable_ssl.sh with your domain name sudo ./enable_ssl.sh www.example.com
Update
If you use v1.5+, enable_ssl.sh script supports to external fullchain.pem and privkey.pem files. It’s usage has been changed to
sudo ./enable_ssl.sh -d {DOMAIN_NAME}
sudo ./enable_ssl.sh -f {FULL_CHAIN_FILE} -p {PRIVATE_KEY_FILE} -d {DOMAIN_NAME}
That’s all. If everything goes well, script will finish by writing https, wss(websocket) ports and your https URL.
if you are using version 1.2.0, follow the steps below
- Make sure that Ant Media Server is installed and running and again 80 port is not blocked by firewall.
- Download jee-container-ssl.xml ave it to conf folder of Ant Media Server
wget https://raw.githubusercontent.com/ant-media/Ant-Media-Server/master/src/main/server/conf/jee-container-ssl.xml
- Save jee-container-ssl.xml to Ant Media Server conf directory
sudo cp jee-container.xml /usr/local/antmedia/conf/
- Download enable_ssl.sh to your file system
wget https://raw.githubusercontent.com/ant-media/Ant-Media-Server/master/src/main/server/enable_ssl.sh
- It is time to do the magic again. Call enable_ssl.sh script with your domain name
sudo ./enable_ssl.sh www.example.com
enable_ssl.sh script will going to install SSL certificate by using letsencrypt. It may ask you to enter some basic things during installation like e-mail, etc. If everything goes well, script will finish by writing https, wss(websocket) ports and your https URL.
That’s all. I hope this small blog post will help you in enabling ssl. By the way, please let us know if you have a question or need help about this issue or any other one.
