[1.x] Transport Websockets plugin binds to ANY network interface

[YtelDrew]

What version of Janus is this happening on? "version": 1203, "version_string": "1.2.3",

Have you tested a more recent version of Janus too? Yes, latest git release

Was this working before? I don't know, as i have not used this feature

Additional context It appears its identical to https://github.com/meetecho/janus-gateway/issues/3248 if you set the specific IP to bind to, its ignored and binds to the first IP it finds.

[lminiero]

The WS transport plugin uses a completely different approach from what the SIP plugin does, so it cannot physically be the same identical issue. Our settings pass whatever you specify directly to libwebsockets, which in turn enforces it (whereas in the SIP plugin we deal with those ourselves).

That said, I just tried enforcing a specific IP using ws_ip (for the non-encrypted Janus API backend) and it worked as expected (this is on libwebsockets 4.3.2). As such, unless libwebsockets itself made some big change, I suspect you're not using the configuration file correctly, so I'll close this. Feel free to add more info if you think this can be replicated consistently.

[YtelDrew]

1080-d1/janus.transport.websockets.jcfg:        ws_ip = "172.31.214.134"    
1080-d2/janus.transport.websockets.jcfg:        ws_ip = "172.31.215.1"      
1080-d3/janus.transport.websockets.jcfg:        ws_ip = "172.31.215.15"     
1080-d4/janus.transport.websockets.jcfg:        ws_ip = "172.31.215.16"     
1080-d5/janus.transport.websockets.jcfg:        ws_ip = "172.31.215.18"     
1080-d6/janus.transport.websockets.jcfg:        ws_ip = "172.31.215.19"     
1080-d7/janus.transport.websockets.jcfg:        ws_ip = "172.31.215.23"     
1080-d8/janus.transport.websockets.jcfg:        ws_ip = "172.31.215.24"     
1080-d9/janus.transport.websockets.jcfg:        ws_ip = "172.31.215.30"

general: {
        json = "indented"                               # Whether the JSON messages should be indented (default),
        ws = true                                               # Whether to enable the WebSockets API
        ws_port = 8188                                  # WebSockets server port
        ws_ip = "172.31.215.16"                 # Whether we should bind this server to a specific IP address only
        wss = false                                             # Whether to enable secure WebSockets
}

only shows 1 container listening on the web socket address, because the others can't bind to the same ip same port (even though in configs they are different)

17:42:01 ID1080LA 1080-d4 # netstat -lnp|grep 8188
tcp        0      0 208.XXX.XXX.32:8188      0.0.0.0:*               LISTEN      9535/janus

which belongs to d5, which has ws_ip = "172.31.215.18" set. but it bound to the sip IP of container d9. i use public for the sip side, and internal for the http, and websocket side.

it was also the first container i brought up on the system. I did confirm that if i shut down all of them, whichever gets started first is the one that gets the websocket ip. the rest won't bind. there is no mapping issue here either as i did confirm that. the configs are super simple. janus.jcfg, sip, http, and websockets, all other plugins are disabled.

[lminiero]

Forcing an IP will only work if it's one of the IPs the server, meaning listing the interfaces and IP on the terminal the IP would indeed appear. If not, libwebsockets will ignore the setting and bind to everything. In my case it's definitely doing its job, whether I set one of my local IPs or one of the interface names (in the other property).

You can try increasing the debugging of libwebsockets (IIRC we have a setting for that in the configuration) to see if it prints anything related to that when initializing.

[YtelDrew]

all of the ips in the config are on the server in question, i'll turn on debugging and see if i can get something further. the transport http is binding to the same ip and is working fine for all containers, each binding to their own internal IP. so websocket and http use the same internal ip, unique to each container.