WebRTC with Behind Reverse Proxy

[Timur]

Hi all,

I'm considering to deploy WebRTC clients behind a reverse proxy. So we have a set of clients behind reverse proxy and these connect to other clients on the other side of reverse proxy using WebRTC. I have questions regarding this setting: Do you have exprience with WebRTC behind reverse proxies? Can the WebRTC protocol be used without a TURN server in a setting with a reverse proxy or do we need a TURN server in every case. If I'm not wrong reverse proxy acts as a relay in this setting, if that is possible to set up, so we would not need a TURN server but rather a STUN will be sufficient.

Any input will be appreciated, thanks you for your answers!

Regards,

Timur

[Warren McDonald]

Clarifying some terminology first

A Reverse Proxy is usually used to provided access to server interface or API in a Secure Zone, from Internet or a less secure network. 

Any process inside uses a Forward Proxy, or NAT Gateway, if they need to connect out of the Secure Zone to Internet or other networks.

You would use a Reverse Proxy if clients need to reach a server process in a Secure Zone.    

So if you have a WebRTC Peer  in a Secure Zone you need to provide either a NAT Gateway or a Forward Proxy to allow it to reach a Peer on another network.

This is the same regardless of whether the route between the 2 Secure Zones needs to traverse Internet or private networks.  

If you have 2 Peers in 2 different Secure Zones, then NAT Gateways with access to a STUN server, on the outside either of the Gateways should be sufficient, as long as UDP egress and ingress is available.

The ICE negotiation will establish a connection via the 2 NAT Gateways. That's its reason for being.  

If UDP traversal is not available at either end, you will a TURN server to provide TCP to UDP relay. (This also works if both ends can only do TCP, as the TURN server relays TCP to UDP internally)  

[shakeeb nazmus]

Hi Timur,

Can you please explain what you have meant by "WebRTC clients behind a reverse proxy". 

Normally 

"WebRTC clients behind a NAT/firewall" means all request of the client will go through NAT/firewall.

"WebRTC clients a behind proxy"  means all request of the client will go through the proxy.

but  "WebRTC clients behind a reverse proxy" doesn't mean that all request of the client will go through the reverse proxy.

By proxy people normally mean http proxy. I think by "reverse proxy" you have meant reverse http proxy and by  "WebRTC clients behind a reverse proxy"  I think you have meant your client is accessing WebRTC page by a reverse proxy. Am I right?

Can you please explain your client side network setup.

Thanks,

Shakeeb  

[Timurhan Sungur]

Thanks for the clarification and detailed answer!

--

---
You received this message because you are subscribed to a topic in the Google Groups "discuss-webrtc" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/discuss-webrtc/BvtRmXCoedY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/c84e6bb0-9e77-4761-b7bb-ab3369826f93%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.