fix(oven): rsa2048 cert

OvenMediaEngine hardcodes TLS_RSA_WITH_AES_128_CBC_SHA cipher https://github.com/AirenSoft/OvenMediaEngine/pull/313 https://github.com/AirenSoft/OvenMediaEngine/issues/352
2026-01-27 18:18:26 +00:00 · 2023-06-25 14:23:08 +08:00
parent 8968b145d0
commit c4fd1f694d
2 changed files with 4 additions and 3 deletions
--- a/kube/deploy/apps/livestream/deps/tls.yaml
+++ b/kube/deploy/apps/livestream/deps/tls.yaml
@@ -10,10 +10,11 @@ spec:
    name: letsencrypt-production
    kind: ClusterIssuer
  privateKey:
-    algorithm: ECDSA
-    size: 384
+    algorithm: RSA
+    size: 2048
    rotationPolicy: Always
  commonName: "${DNS_STREAM}"
  dnsNames:
    - "${DNS_STREAM}"
    - "*.${DNS_STREAM}"
+    - "*.prod.${DNS_STREAM}"
--- a/kube/deploy/apps/livestream/oven/engine/hr.yaml
+++ b/kube/deploy/apps/livestream/oven/engine/hr.yaml
@@ -556,4 +556,4 @@ spec:
        command:
          - /bin/sh
          - -c
-          - awk -v cert_num=0 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt > /tls/ca.pem && awk -v cert_num=1 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt >> /tls/ca.pem && awk -v cert_num=2 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt > /tls/server.pem
+          - awk -v cert_num=0 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt > /tls/server.pem && awk -v cert_num=1 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt > /tls/ca.pem && awk -v cert_num=2 "split_after==1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} n==cert_num {print}" /ssl/tls.crt >> /tls/ca.pem