Hi @bkelm,
This is what we do in Calipso to properly proxy https to Kaltura CE with nginx.
We just add this file zzzkaltura.ssl.conf and restart apache:
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
<IfVersion < 2.4>
SSLMutex default
= 2.4>
Mutex sysvsem default
SSLCryptoDevice builtin
SSLCertificateFile /etc/ssl/certs/webcloudvideo.crt
SSLCertificateKeyFile /etc/ssl/certs/webcloudvideo.key
SSLCACertificateFile /etc/ssl/certs/ca-bundle.crt
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
ErrorLog "/opt/kaltura/log/kaltura_apache_errors_ssl.log"
CustomLog /opt/kaltura/log/kaltura_apache_access_ssl.log vhost_kalt
Include "/opt/kaltura/app/configurations/apache/conf.d/enabled.*.conf"
We forward all headers as Jess told you and Kaltura understands and generates the correct URLs.
You can see a self-signed cert for Apache but it’s only to let it start without errors. The proxy servers should have the real certificates.
Hope this helps,
David Eusse