Closed discostur closed 6 years ago
I think this is totally unrelated to the mattermost server or this docker container and I think your best bet in to google for ERR_SSL_PROTOCOL_ERROR
Apparently it's because Janus doesn't enable WSS by default.
You have to recompile the application or use a proxy to have wss connection.
https://github.com/meetecho/janus-gateway/issues/768
If you want to use a proxy to upgrade ws to wss connection, you can use Nginx with this configuration :
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 4243 ssl;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_certificate /path/to/ssl/fullchain.pem;
ssl_certificate_key /path/to/ssl/privkey.pem;
location / {
proxy_pass http://localhost:8188;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
After you can use you wss connection like this : wss://you-server.com:4243
@Aschen i dont have a ssl_dhparam with my certificate...is it necessary? Thanks
Edit: so doing that, I don't get the error messages anymore.. but it doesn't seem to work. simply says "There was a problem connecting the video call.", theres no error in console, chrome says my SSL is fine with no errors
is there a specific version of the docker that I am supposed to run?
I even did another one for the admin gateway,
accessing https://*mysite.com*:5253/admin will return
{"janus":"error","error":{"code":454,"reason":"Request payload missing"}}
(I assume this is because its supposed to be a post request with some json data?)
But the HTTPS properly works with the proxy, i really dont understand why the webrtc docker isnt working :/
By the way my Mattermost isn't running from a docker.
Edit2: Just some more info
Edit3: Nevermind, I'm stupid. The webrtc doesn' work if there is no video/audio input (d'uh). @Aschen 's fix solves the SSL issue.
@charles-passille-smartnets
You don't have to specify ssl_dhparam
, it's only for security reason.
Glad to hear that you finally succeed :)
+1, the solution proposed by @Aschen, with nginx, and works great.
I was having a lot of trouble debugging this, not seeing any warning/error in the Janus/Mattermost logs, except occasionally seeing ERR: SNI: Unknown ServerName: chat.example.org
(but not systematically, so I thought it was a race condition, for which I saw a mention elsewhere).
I am running Mattermost instances on plain Debian 9 and Ubuntu 16.04 servers, using the Janus/dependencies packages available on those distributions (or rather, packages available respectively for Debian unstable and Ubuntu Artsy).
Just upgraded to Mattermost 4.5 and the latest WebRTC Docker Container and the solution from @Aschen works perfect! Thanks ;)
Hi,
i've a problem connecting to the webrtc container from our mattermost client:
This error occures wether i have the self signed certificate in the container or our valid certificate from mattermost (container runs on the same host as mattermost). In the mattermost system console i enabled outgoing connections to unsecure certificates (In Mattermost System Console -> Security -> Connections: Enable Insecure Outgoing Connections: true).
Greets Kilian