Question What is The Easy Method Of Enabling Xtream UI SSL

[jibran84pk]

As, Am trying to activate my Xtream UI panel HTTPS port.
Had searched all internet forums regarding Xtream UI SSL but didn't found any single relevant post, neither in this forum too.
Some threads are old and all links are dis functional. Can anyone here help me in this.

 

[redhat]

As, Am trying to activate my Xtream UI panel HTTPS port.
Had searched all internet forums regarding Xtream UI SSL but didn't found any single relevant post, neither in this forum too.
Some threads are old and all links are dis functional. Can anyone here help me in this.

Than you should may use the Search FUNCTION of the community: https://www.worldofiptv.com/search/153875/?q=SSL&o=relevance

and walla:

https://www.worldofiptv.com/threads/tutorial-how-to-use-ssl-on-the-panel.3437/

 

[thugthug]

I learned everything about activating the xtream-ui SSL panel as well as servers and load balancers through tutorials here on the forum, you just need to test several times and do several methods for you to understand the general context of the thing.

In fact, the tutorial mentioned above by the administrator was where I had success.

 

[jibran84pk]

Than you should may use the Search FUNCTION of the community: https://www.worldofiptv.com/search/153875/?q=SSL&o=relevance

and walla:

https://www.worldofiptv.com/threads/tutorial-how-to-use-ssl-on-the-panel.3437/

Brother before posting thread, I have gone through all threads and post for it. But all are old post and many links are not working.
I was asking for any method which can tell step by step

 

[jibran84pk]

I have followed the exact steps of the Tutorial but it didn't worked. When I open it with HTTPS, the page doesn't open

 

[redhat]

I have followed the exact steps of the Tutorial but it didn't worked. When I open it with HTTPS, the page doesn't open

Than you did someyhing wrong i guess. You should build your test envoirement on cheap vps and try such cases out.

 

[jibran84pk]

Than you did someyhing wrong i guess. You should build your test envoirement on cheap vps and try such cases out.

Exactly this is what am doing, Testing VPS
Installed Xtream UI checked it first, All features working fine.
Then Followed the instructions upated all codes
Then Cert Bot Installed for my domain.
After installation made a backup
and started config configuration of ngnix as per instruction.
Then given CHMOD 755 to nginx and xtream folder
command gone successfull all given ports listening
Nginix reboot
DONE
Still its working in HTTP only am opening it in HTTPS so no responding whats remaining now
I have done this steps and followed instructions 5 times and each time by doing OS fresh

 

[redhat]

Exactly this is what am doing, Testing VPS
Installed Xtream UI checked it first, All features working fine.
Then Followed the instructions upated all codes
Then Cert Bot Installed for my domain.
After installation made a backup
and started config configuration of ngnix as per instruction.
Then given CHMOD 755 to nginx and xtream folder
command gone successfull all given ports listening
Nginix reboot
DONE
Still its working in HTTP only am opening it in HTTPS so no responding whats remaining now
I have done this steps and followed instructions 5 times and each time by doing OS fresh

Sent me your Nginx conf files per DM, i will take a look

 

[redhat]

Exactly this is what am doing, Testing VPS
Installed Xtream UI checked it first, All features working fine.
Then Followed the instructions upated all codes
Then Cert Bot Installed for my domain.
After installation made a backup
and started config configuration of ngnix as per instruction.
Then given CHMOD 755 to nginx and xtream folder
command gone successfull all given ports listening
Nginix reboot
DONE
Still its working in HTTP only am opening it in HTTPS so no responding whats remaining now
I have done this steps and followed instructions 5 times and each time by doing OS fresh

I just check it. Your nginx.conf is wrong !
But you have to find out for your self what you have wrong

 

[jibran84pk]

I just check it. Your nginx.conf is wrong !
But you have to find out for your self what you have wrong

Thanks for figuring out the mistake, and not telling.
You don't think, before coming to this thread I have not read or researched about it.
Almost spend 10hrs already in this but didn't figure out.

 

[redhat]

Thanks for figuring out the mistake, and not telling.
You don't think, before coming to this thread I have not read or researched about it.
Almost spend 10hrs already in this but didn't figure out.

Where are your certificates located and how do you get them ?
Did you check all your cert lines in the config file?
Did you set the correct path to your certs ?

You said you have followed extactly the instruction, as i can saw in your conf, you did not !

 

[jibran84pk]

Where are your certificates located and how do you get them ?
Did you check all your cert lines in the config file?
Did you set the correct path to your certs ?

You said you have followed extactly the instruction, as i can saw in your conf, you did not !

After your comment, I have started to figure out by searching and doing some research
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
Will I need to insert this path after listen ?
server {
listen 25463 ssl;

 

[redhat]

After your comment, I have started to figure out by searching and doing some research
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
Will I need to insert this path after listen ?
server {
listen 25463 ssl;

Mate it is described already in the tutorial, you just need to read !

 

[jibran84pk]

Mate it is described already in the tutorial, you just need to read !

Brother, Believe me. I have read the tutorial again and again for 3 days but the part where its stated
use this config file as templete,
nginx.conf.ssl_for_xtreamui.txt.zip(2 KiB) Downloaded 157 times
Its confusing as the links are not opening and no such template regarding XTREAM UI can be found.
I have founded some template and edited it with my domain name and path.
Its working fine. Just SSL is showing not secure. I have given exceptional permission for admin panel and for streams it ask everytime to accept or abort.
How I can FIX it?


user xtreamcodes;
worker_processes auto;

worker_rlimit_nofile 300000;
events {
worker_connections 16000;
use epoll;
accept_mutex on;
multi_accept on;
}
thread_pool pool_xtream threads=32 max_queue=0;
http {

include mime.types;
default_type application/octet-stream;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;
gzip off;
fastcgi_read_timeout 200;
access_log /home/xtreamcodes/iptv_xtream_codes/logs/access.log;
keepalive_timeout 10;
include balance.conf;
send_timeout 20m;
sendfile_max_chunk 512k;
lingering_close off;
aio threads=pool_xtream;
client_body_timeout 13s;
client_header_timeout 13s;
client_max_body_size 3m;

limit_req_zone $binary_remote_addr zone=one:30m rate=20r/s;


#this part is broadcast port without ssl as default.

server {
listen 25461;
index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/wwwdir/;
server_name mydomain.com;
server_tokens off;
chunked_transfer_encoding off;

if ( $request_method !~ ^(GET|POST)$ ) {
return 200;
}

rewrite_log on;
rewrite ^/live/(.*)/(.*)/(.*)\.(.*)$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=$4 break;
rewrite ^/movie/(.*)/(.*)/(.*)$ /streaming/clients_movie.php?username=$1&password=$2&stream=$3&type=movie break;
rewrite ^/series/(.*)/(.*)/(.*)$ /streaming/clients_movie.php?username=$1&password=$2&stream=$3&type=series break;
rewrite ^/(.*)/(.*)/(.*).ch$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=ts break;
rewrite ^/(.*)\.ch$ /streaming/clients_live.php?extension=ts&stream=$1&qs=$query_string break;
rewrite ^/ch(.*)\.m3u8$ /streaming/clients_live.php?extension=m3u8&stream=$1&qs=$query_string break;
rewrite ^/hls/(.*)/(.*)/(.*)/(.*)/(.*)$ /streaming/clients_live.php?extension=m3u8&username=$1&password=$2&stream=$3&type=hls&segment=$5&token=$4 break;
rewrite ^/hlsr/(.*)/(.*)/(.*)/(.*)/(.*)/(.*)$ /streaming/clients_live.php?token=$1&username=$2&password=$3&segment=$6&stream=$4&key_seg=$5 break;
rewrite ^/timeshift/(.*)/(.*)/(.*)/(.*)/(.*)\.(.*)$ /streaming/timeshift.php?username=$1&password=$2&stream=$5&extension=$6&duration=$3&start=$4 break;
rewrite ^/timeshifts/(.*)/(.*)/(.*)/(.*)/(.*)\.(.*)$ /streaming/timeshift.php?username=$1&password=$2&stream=$4&extension=$6&duration=$3&start=$5 break;

rewrite ^/(.*)/(.*)/(\d+)$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=ts break;
#add pvr support
rewrite ^/server/load.php$ /portal.php break;

location /stalker_portal/c {
alias /home/xtreamcodes/iptv_xtream_codes/wwwdir/c;
}

#FFmpeg Report Progress
location = /progress.php {
allow 127.0.0.1;
deny all;
fastcgi_pass php;
include fastcgi_params;
fastcgi_ignore_client_abort on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}


location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}

#this part for broadcast port with ssl

server {
listen 25463 ssl;

ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# wget --no-check-certificate "https://ssl-config.mozilla.org/ffdhe2048.txt" -O /home/xtreamcodes/iptv_xtream_codes/nginx/conf/dhparam.pem
ssl_dhparam dhparam.pem;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve auto;
ssl_session_timeout 10m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
error_page 497 https://$host:25463$request_uri;

index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/wwwdir/;
server_name mydomain.com;
server_tokens off;
chunked_transfer_encoding off;

if ( $request_method !~ ^(GET|POST)$ ) {
return 200;
}

rewrite_log on;
rewrite ^/live/(.*)/(.*)/(.*)\.(.*)$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=$4 break;
rewrite ^/movie/(.*)/(.*)/(.*)$ /streaming/clients_movie.php?username=$1&password=$2&stream=$3&type=movie break;
rewrite ^/series/(.*)/(.*)/(.*)$ /streaming/clients_movie.php?username=$1&password=$2&stream=$3&type=series break;
rewrite ^/(.*)/(.*)/(.*).ch$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=ts break;
rewrite ^/(.*)\.ch$ /streaming/clients_live.php?extension=ts&stream=$1&qs=$query_string break;
rewrite ^/ch(.*)\.m3u8$ /streaming/clients_live.php?extension=m3u8&stream=$1&qs=$query_string break;
rewrite ^/hls/(.*)/(.*)/(.*)/(.*)/(.*)$ /streaming/clients_live.php?extension=m3u8&username=$1&password=$2&stream=$3&type=hls&segment=$5&token=$4 break;
rewrite ^/hlsr/(.*)/(.*)/(.*)/(.*)/(.*)/(.*)$ /streaming/clients_live.php?token=$1&username=$2&password=$3&segment=$6&stream=$4&key_seg=$5 break;
rewrite ^/timeshift/(.*)/(.*)/(.*)/(.*)/(.*)\.(.*)$ /streaming/timeshift.php?username=$1&password=$2&stream=$5&extension=$6&duration=$3&start=$4 break;
rewrite ^/timeshifts/(.*)/(.*)/(.*)/(.*)/(.*)\.(.*)$ /streaming/timeshift.php?username=$1&password=$2&stream=$4&extension=$6&duration=$3&start=$5 break;

rewrite ^/(.*)/(.*)/(\d+)$ /streaming/clients_live.php?username=$1&password=$2&stream=$3&extension=ts break;
#add pvr support
rewrite ^/server/load.php$ /portal.php break;

location /stalker_portal/c {
alias /home/xtreamcodes/iptv_xtream_codes/wwwdir/c;
}

#FFmpeg Report Progress
location = /progress.php {
allow 127.0.0.1;
deny all;
fastcgi_pass php;
include fastcgi_params;
fastcgi_ignore_client_abort on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}


location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}

#this part is admin panel port without ssl as default

server {
listen 25500;

index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/admin/;
server_name mydomain.com;

location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}

#you can use port 80 or you can delete port 80 redirect, it is up to you.
server {
listen 80;
server_name mydomain.com;
return 301 https://$host$request_uri;

#return 301 https://$host:$server_port$request_uri; #you can redirect an http port to https with same port
#return 301 https://$host:your_https_port$request_uri; #you can redirect any http port to an https port
}

#this part is admin panel port with ssl
#NOT- default nginx build of xc is old and doesn't support http2 and openssl 1.1.1d


server {

listen 443 ssl http;
listen 25443 ssl http;

ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# wget --no-check-certificate "https://ssl-config.mozilla.org/ffdhe2048.txt" -O /home/xtreamcodes/iptv_xtream_codes/nginx/conf/dhparam.pem
ssl_dhparam dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384;
# ssl_ecdh_curve auto;
ssl_session_timeout 10m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;

index index.php index.html index.htm;
root /home/xtreamcodes/iptv_xtream_codes/admin/;
server_name mydomain.com;
error_page 497 https://$host:$server_port$request_uri;

location ~ \.php$ {
limit_req zone=one burst=8;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass php;
include fastcgi_params;
fastcgi_buffering on;
fastcgi_buffers 96 32k;
fastcgi_buffer_size 32k;
fastcgi_max_temp_file_size 0;
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}

}