search

networked-aframe / naf-janus-adapter

networked-aframe Janus network adapter
Mozilla Public License 2.0
12 stars 9 forks source link

Why wss not enabled but it works #61

Closed ViGeng closed 6 months ago

ViGeng commented 6 months ago

Hello!

I am new to NAF and Janus SFU. I try to setup a naf-janus-sfu for my research. I did the following steps:

  1. I run a docker container running janus-plugin-sfu built from the docker file here. I made no change to the confs and dockerfile. The server is ec2 of AWS.
  2. Also on this ec2 server, I run an nginx serving naf-janus-adapter examples on the web. I only changed the serverURL in the index.html with wss://MYDOMAIN:8080/janus.

The question is: why does it work since I found the janus.transport.websockets.jcfg in docker container set wss to false! I checked the docker logs -f janus and it shows that the wss has not started.

[Fri Mar  1 09:44:08 2024] Janus SFU plugin initialized!
[Fri Mar  1 09:44:08 2024] Transport plugins folder: /usr/lib/janus/transports
[Fri Mar  1 09:44:08 2024] [WARN] Transport plugin 'libjanus_pfunix.so' has been disabled, skipping...
[Fri Mar  1 09:44:08 2024] Loading transport plugin 'libjanus_websockets.so'...
[Fri Mar  1 09:44:08 2024] [WARN] libwebsockets has been built without IPv6 support, will bind to IPv4 only
[Fri Mar  1 09:44:08 2024] libwebsockets logging: 0
[Fri Mar  1 09:44:08 2024] Websockets server started (port 8188)...
[Fri Mar  1 09:44:08 2024] JANUS WebSockets transport plugin initialized!
[Fri Mar  1 09:44:08 2024] WebSockets thread started
[Fri Mar  1 09:44:08 2024] Loading transport plugin 'libjanus_http.so'...
[Fri Mar  1 09:44:08 2024] HTTP transport timer started
[Fri Mar  1 09:44:08 2024] Admin/monitor HTTP webserver started (port 7088, /admin path listener)...
[Fri Mar  1 09:44:08 2024] JANUS REST (HTTP/HTTPS) transport plugin initialized!
[Fri Mar  1 09:46:36 2024] Creating new session: 7118972994854644; 0x7f7a3c0018e0
[Fri Mar  1 09:46:36 2024] Creating new handle in session 7118972994854644: 4395789419916858; 0x7f7a3c0018e0 0x7f7a3c002080
[Fri Mar  1 09:46:36 2024] Initializing SFU session 0x5570858d4be0...
[Fri Mar  1 09:46:36 2024] [4395789419916858] Creating ICE agent (ICE Full mode, controlled)
[Fri Mar  1 09:46:36 2024] Processing JSEP offer from 0x5570858d4be0: Sdp { v=0

I have also tested this way in my LAN, and changed the domain by local private IP accordingly. But I found it does not work at all. I found the browser(chrome) alerts: WebSocket connection to 'wss://IP_or_LocalDomain:8080/janus' failed:. Both Mac(ARM) and WSL2 failed in this test.

To check whether my local environment(WSL) has any problems, I deployed a Janus-Gateway with self-assigned SSL certificates, and the demos seem to work well.

image

Could anyone please give any clue on these two problems? Let me know if I missed any additional information.

Thanks for your kind help!!!

vincentfretin commented 6 months ago

The documentation I wrote uses nginx to handle tls termination, that's why wss is not enabled in the janus configuration. You can indeed expose janus directly and enable wss in the config file, but even the janus-gateway team doesn't recommend it, and advice to use tls termination in some other front server, be it apache, nginx, or traefik or whatever you use on aws for https I'm not familiar with. Be aware that the current janus docker image is not up to date with latest openssl fixes and enabled ciphers, so you may be exposed to security vulnerabilities from 2022 and 2023 if you use my current docker image with wss enabled in janus config. I plan to update it to ubuntu 22.04 and latest janus-gateway and dependencies that has changes to use OpenSSL 3.0 api only in the near future.

If you want to use it locally, I recently added the proxy configuration in webpack config so that you can use the self-signed certificate that webpack-dev-server creates. Just run npm start and configure the url to be wss://ip:8080/janus Be sure to go to the same url https://ip:8080/ (and not localhost) so you accept the certificate.

If wss://MYDOMAIN:8080/janus is working, it means you ran npm start on your server. You don't need to run that on production, just serve the static folder that have your index.html via nginx, and forward the traffic to janus on port 8188 of the docker image. If you have access to 8080 port, that also means you didn't properly set your firewall, security group or whatever ec2 instance is using. Be sure to accept only 80 and 443. Ports like 8080 or 8188 shouldn't be accessible from your domain.