WSS on Port 443

280 views
Skip to first unread message

lennart_...@msn.com

unread,
Sep 4, 2015, 5:15:37 AM9/4/15
to kurento
Hello,

I am trying to use KMS with wss on Port 443.

With kurento.conf.json like this...

"websocket": {
"port": 8888,
"secure": {
"port": 11111,
"certificate": "mycertificate.pem",
"password": ""

netstat -l -n gives this...

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::8888                 :::*                    LISTEN
tcp6       0      0 :::11111                :::*                    LISTEN

...and everything works as expected.


However, with kurento-conf.json like this...

"websocket": {
"port": 8888,
"secure": {
"port": 443,
"certificate": "mycertificate.pem",
"password": ""

netstat -l -n gives this...

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::8888                 :::*                    LISTEN


It works for every Port >1025. How can I make it listen on Port 443?

Related question: how can I make it listen on a specific IP?

Thanks for you help! It is really appreciated.
Lennart

Ivan Gracia

unread,
Sep 4, 2015, 5:22:45 AM9/4/15
to Kurento Public
You'll have to change the user under which the service runs. Ports < 1025 can only be bound by the root user. You can change that in /etc/default/kurento-media-server-6.0.

About binding it to a certain address, it binds to all. I've done that with other services, but not sure I see the use case in a media server.

Ivan Gracia



--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Oliver

unread,
Sep 4, 2015, 5:46:33 AM9/4/15
to kurento
Thank you, this is very helpful!

The reason for binding it to a certain adress is that it is supposed to run on the same machine as the TURN Server, which listens on Port 443 as well.

KMS:
xxx.xxx.xxx.250:443
TURN:
xxx.xxx.xxx.252:443

With KMS binding to all adresses, TURN server wont start.

Regards,
Oliver

Ivan Gracia

unread,
Sep 4, 2015, 6:21:24 AM9/4/15
to Kurento Public
Ok I see. Maybe co-locating TURN and KMS in the same machine is that good, as TURN will take some juice that the media server could use. Take into account that there will be extra encryption/decryption going on in there.

Also, are you planning on having the KMS accessible from the internet? If that's not the case, I go with plain WS, as they would be inside your infrastructure. I suggest to use WSS only if the signaling takes place outside of your infrastructure (i.e. you are providing KMS as a service, or you have browsers connecting directly to the KMS)

Cheers,

Ivan Gracia


Oliver

unread,
Sep 4, 2015, 7:01:00 AM9/4/15
to kurento
Yes, unfortunately KMS has to be accesible from the Internet.

I will consider not using the same machine for KMS and TURN.

Thanks.
Reply all
Reply to author
Forward
0 new messages