Vizrt iNEWS Command Plug-in Administrator Guide
Version 3.1 | Published December 18, 2023 ©
Configuration for https
The Vizrt iNews Command plugin and other Vizrt components can communicate using Hypertext Transfer Protocol Secure (HTTPS). Vizrt iNews Command Plugin communicates with Viz Pilot's Data Server (PDS), Media Sequencer, and Preview Server.
The Transport Layer Security (TLS) version supported is v1.2.
This section consists of:
Setting up HTTPS communication towards Pilot Data Server running behind caddy 2 server
This is an example of Pilot Data Server that runs behind a Proxy (Caddy 2 server). This setup is relevant as the Pilot Data Server might be running behind a caddy 2 server as part of a Viz Story setup.
Note: HTTPS setup without Caddy 2 is also possible.
A sample caddy configuration file is shown below:
{
http_port
80
https_port
443
}
(mytls) {
tls C:/certificates/pdshost.pem C:/certificates/key.pdshost.unencrypted.pem {
protocols tls1.
2
ciphers TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
}
}
https:
//pdshost {
## Configure logging
log {
output file
"C:/ProgramData/Vizrt/requests-Caddy2.log"
{
roll_keep_for 90d # Keep rotated files
for
90
days
roll_size 50Mib # Rotate after
50
MB
roll_keep
20
# Keep at most
20
log files
}
}
import
mytls
# Backend services
handle /.proxy {
reverse_proxy localhost:
82
{
}
}
handle /pds/* {
reverse_proxy localhost:
8177
{
}
}
handle /preview/* {
reverse_proxy localhost:
21098
{
}
}
## Mist ##
handle /* {
header Vary Origin
reverse_proxy localhost:
82
}
}
In this example, the Pilot Data Server and the caddy 2 server runs on machine 'pdshost'. The Pilot Data Server service document is available on: https://pdshost:443/pds/.
The certificate that the caddy server will present to its clients is set in the configuration file for the caddy server. This certificate must be recognized by both:
-
The java environment in which the plugin is running.
-
The java environment in which the plugin's configuration panel is running.
Note: The Avid installer for Media Central installs both of these Java environments. The certificate must be registered with the java environment's trust store, known as 'cacerts.'
For a default install, the java environment for the configuration panel is found here: C:\Program Files (x86)\Avid\Service Framework\jre\
and the Java environment for the plugin is found here: C:\Program Files (x86)\Avid\iNEWS Command\jre\.
To register the certificate with the java environment:
-
Open a Command prompt with admin rights (right-click > run as administrator)
-
Use the java tool 'keytool.exe' to import the certificate. This tool is found in the bin folder of java: Example import:
C:\Program Files (x86)\Avid\Service Framework\jre\bin>keytool.exe -
import
-trustcacerts -alias TRUST_PDS_MACHINE -file C:\certificates\pdshost.pem -keystore ..\lib\security\cacerts
And the same procedure for the second java installation:
C:\Program Files (x86)\Avid\iNEWS Command\jre\bin>keytool.exe -
import
-trustcacerts -alias TRUST_PDS_MACHINE -file C:\certificates\pdshost.pem -keystore ..\lib\security\cacerts
Note: The default password for the java cacerts is 'changeit'. As the name suggests, it is advisable to change it.
Graphic Device Service must be restarted after the certificate has been installed.
A successful Pilot Data Server configuration looks like this:
Configure the PDS URL for use by Media Sequencer
To configure the PDS URL for Media Sequencer either :
-
Viz Pilot's Director with the Media Sequencer configuration app " VdomConfig ", or
-
Only with VdomConfig .
Here is an example using Director and VdomConfig :
-
Open Director and go to Tools > Media Sequencer Configuration.
-
Select the Database tab then Pilot Data Server
-
Fill in the Host and the Port of the PDS server
-
Click Apply
-
Open a browser and go to http://'MS_HOST':8580/app/vdomconfig/vdomconfig.html
Note: The MS_HOST is the host where Media Sequencer is running. If the Media Sequencer is e.g accessible on a different port or via HTTPS, make the necessary changes to this URL.
-
On the left side of the VdomConfig window click on Scheduler > vcp_service which will show an XML configuration on the right side
-
Correct the URL in the <service_document> tag to use HTTPS instead of HTTP and add the postfix if a base URL is used for PDS
-
Click Apply
Keep note of the following:
-
The machine the Media Sequencer is running on needs to trust the certificate provided by the caddy 2 server. Example of installation on a Windows machine:
-
Double click the .crt file of the certificate.
-
Click on “Install certificate”.
-
Follow the instructions. If the certificate has not been correctly installed, the vcp_service handler might show an error like this:
status="error: Could not reach service document:
'https://pdshost:443/pds/'
: SSL peer certificate or SSH remote key was not OK
-
-
If the Media Sequencer running has a version number lower than 5.5.0, certificate validation needs to be turned off. Do this by adding the following XML entry to the XML configuration of the vcp_service handler, as a direct child of the <handler> entry:
<insecure_https>yes</insecure_https>
Notice for the Pilot Data Server install
In the above example, the Pilot Data Server was installed with support for the Base URL: https://pdshost/pds
See the Pilot Data Server Administrator Guide for more information.