Closed innerop closed 1 year ago
m1k1o
commented
1 year ago Hi. WebRTC works without HTTPS, its how I test all the time.
But of course HTTPS is encouraged to be used. You can set up reverse proxy and use certbot for free HTTPS certificates. Or you might be interested in simple install script for neko-rooms that does all of this automatically. You only need to have domain and exposed required ports.
https://github.com/m1k1o/neko-rooms/blob/master/traefik/README.md
innerop
commented
1 year ago I was reading more about it in one of the closed issues on this repo, and I came across NEKO_CERT and NEKO_KEY.
What is the advantage of using a reverse proxy vs neko?
Also, letsencrypt produced these files:
Certificate is saved at: /etc/letsencrypt/live/.../fullchain.pem Key is saved at: /etc/letsencrypt/live/.../privkey.pem
I don't recall from doing this in the past, but which one is the CERT and which one is the KEY? do I just use fullchain.pen for CERT and privkey.pem for KEY?
And if you recommend that i use a reverse proxy, I guess it will run outside the docker, and it would point to 127.0.0.1:8080 ?
Thanks for any info.
m1k1o
commented
1 year ago Yes, there is possibly to give certificates directly to neko. Privkey is KEY and the other one should be CERT.
But TLS support in neko is provided for convenience, it should not be used in production. Using a reverse proxy (apache nginx caddy) should be used instead.
Simply because there are tons of software whose main task is to handle HTTPS and they can do it much better (more configuration, frequently updated, enhanced security).
You can run reverse proxy in a different container or even on the host system and then point to neko's local IP.
innerop
commented
1 year ago Ok, that makes sense! ty!
Hi,
I don't think WebRTC works in the browser unless the connection is HTTPS.
Do you have any recommendation for setting up HTTPS? should the reverse proxy run inside the docker or outside of it?
p.s. I'm not interested in using a fake cert.