enahum
commented
7 years ago I think this is totally unrelated to the mattermost server or this docker container and I think your best bet in to google for ERR_SSL_PROTOCOL_ERROR
Closed discostur closed 6 years ago
enahum
commented
7 years ago I think this is totally unrelated to the mattermost server or this docker container and I think your best bet in to google for ERR_SSL_PROTOCOL_ERROR
Aschen
commented
7 years ago Apparently it's because Janus doesn't enable WSS by default.
You have to recompile the application or use a proxy to have wss connection.
https://github.com/meetecho/janus-gateway/issues/768
If you want to use a proxy to upgrade ws to wss connection, you can use Nginx with this configuration :
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 4243 ssl;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_certificate /path/to/ssl/fullchain.pem;
ssl_certificate_key /path/to/ssl/privkey.pem;
location / {
proxy_pass http://localhost:8188;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}After you can use you wss connection like this : wss://you-server.com:4243
charles-passille-smartnets
commented
7 years ago @Aschen i dont have a ssl_dhparam with my certificate...is it necessary? Thanks
Edit: so doing that, I don't get the error messages anymore.. but it doesn't seem to work. simply says "There was a problem connecting the video call.", theres no error in console, chrome says my SSL is fine with no errors
is there a specific version of the docker that I am supposed to run?
I even did another one for the admin gateway,
accessing https://*mysite.com*:5253/admin will return
{"janus":"error","error":{"code":454,"reason":"Request payload missing"}}
(I assume this is because its supposed to be a post request with some json data?)
But the HTTPS properly works with the proxy, i really dont understand why the webrtc docker isnt working :/
By the way my Mattermost isn't running from a docker.
Edit2: Just some more info
Edit3: Nevermind, I'm stupid. The webrtc doesn' work if there is no video/audio input (d'uh). @Aschen 's fix solves the SSL issue.
Aschen
commented
7 years ago @charles-passille-smartnets
You don't have to specify ssl_dhparam, it's only for security reason.
Glad to hear that you finally succeed :)
mlutfy
commented
6 years ago +1, the solution proposed by @Aschen, with nginx, and works great.
I was having a lot of trouble debugging this, not seeing any warning/error in the Janus/Mattermost logs, except occasionally seeing ERR: SNI: Unknown ServerName: chat.example.org (but not systematically, so I thought it was a race condition, for which I saw a mention elsewhere).
I am running Mattermost instances on plain Debian 9 and Ubuntu 16.04 servers, using the Janus/dependencies packages available on those distributions (or rather, packages available respectively for Debian unstable and Ubuntu Artsy).
discostur
commented
6 years ago Just upgraded to Mattermost 4.5 and the latest WebRTC Docker Container and the solution from @Aschen works perfect! Thanks ;)
Hi,
i've a problem connecting to the webrtc container from our mattermost client:
This error occures wether i have the self signed certificate in the container or our valid certificate from mattermost (container runs on the same host as mattermost). In the mattermost system console i enabled outgoing connections to unsecure certificates (In Mattermost System Console -> Security -> Connections: Enable Insecure Outgoing Connections: true).
Greets Kilian