Problem with connection by wss, no response

[Michał Pawłowski]

Hi.

I'm trying to connect with other person by Vid Channel at Janus-Gateway. We are in the same LAN Network. When I've connecting to myself (localhost) there was no problem. But when I wanted to cooperate with other person I got error: must be connected by https/wss.

At first moment i wanted to connect by https. I'm using Ubuntu. I installed nginx and generated SelfSigned certs. After while I've got it, I connected to directory with SSL.

But later on, I wanted to test Video Conn. It has told me, that I need https connection of janus server,. I generated next certificates and run script. But I couldn't connect, cause of erors.

But now I changed approach, I tryied to use WSS.

And now: the problem is, that I have running janus-gateway wss, I got message:

Secure Websockets server started (port xxxx)...
JANUS WebSockets transport plugin initialized!
WebSockets thread started

It looks like it works.

I edited html/settings.js and inserted:

var server = "wss://my_local_ip:my_port";

but after entering into nginx root and trying establish connection i got error:

Error connecting to the Janus WebSockets server: Is the server down?

janus.js:97 WebSocket connection to 'wss://192.168.x.x:yyyy/' failed: 

What shall I do? In console janus is not printing anything about connection. When I was using http/s it printed every request. Now nothing, I disabled FieWall

Please help

Thanks

[Lorenzo Miniero]

If it's a self-signed certificate, you'll have to open the link to wss address in the browser first (e.g., https://192.168.x.x:yyyy) and accept it, or attempts to connect to it via WS will fail.

That said, a much better approach is to stitck to plain WS in Janus itself, and put a proxy like nginx or httpd in front of it to deal with WSS. This way, both the static content (web pages, javascript) and the Janus API are handled by the same server, and so accepting a self signed certificate when opening the web page will authorize Janus too.

https://janus.conf.meetecho.com/docs/deploy

L.

[Michał Pawłowski]

Thank you for answer. Is it possible to write tutorial how to do this? (Step by step). I'm little confused, the docs is not clear for me at all.

I've accepted https SSL Cert (Self Signed) at browser (Chrome). Now I've run such command:

wscat -c "wss://192.168.x.x"
error: self signed certificate

It looks that cert is not accepted. Does cert has to be in the same location for both, wss [ JANUS ] and https [ NGINX ] connections confs?

My cert of nginx lies at /etc/ssl/certs/ and /etc/ssl/private

But for janus at /var/snap/janus-gateway/common/share. But they are exact copies. Do i need to link them?

Please, If you are able and have time, please print a step by step tutorial. I'm trying to work with janus from a week. Probably somehow I'll complete the task, but tutorial would be easier for me to achieve my goal.

Thanks!

[Michał Pawłowski]

I'm sorry I don't understand the "put a proxy like nginx or httpd in front of it to deal with WSS" Could you explain steb by step or reference to other site that it explains, how to deal with it? [But global site, not docs, cause unfortunately I'm not sure I understand it :(    ]

[Mirko Brankovic]

Set up the nginx wss or https server with certificates and then add a proxy-pass rule to pass to janus socket (ip/port) that will listen on ws or http so with no certs

--
You received this message because you are subscribed to the Google Groups "meetecho-janus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to meetecho-janu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/meetecho-janus/43283658-1c07-47c3-9e96-1ae2a66c7ab0n%40googlegroups.com.

[Michał Pawłowski]

Thank you. I think Im doing something wrong.

I've done this:

1) created new nginx vhost on port xxxx
server {

    listen       xxxx ssl;
    server_name  www.some-address.com;
    location / {
        proxy_pass ws://192.168.x.x:yyyy;
    }

    access_log   /var/log/nginx/www.addr.log;
    error_log    /var/log/nginx/www.addr.log error;

    ssl_certificate_key nginx-selfsigned.key;
    ssl_certificate     nginx-selfsigned.crt;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers off;

    add_header Strict-Transport-Security max-age=31536000;

}

2) set ws://192.168.x.x:yyyy; [file: /var/snap/janus-gateway/common/etc/janus.transport.websockets.jcfg]

general: {
        #events = true                          # Whether to notify event handlers about transport events (default=true)
        json = "indented"                       # Whether the JSON messages should be indented (default),
                                                # plain (no indentation) or compact (no indentation and no spaces)
        #pingpong_trigger = 30                  # After how many seconds of idle, a PING should be sent
        #pingpong_timeout = 10                  # After how many seconds of not getting a PONG, a timeout should be detected

        ws = true                               # Whether to enable the WebSockets API
        ws_port = yyyy                          # WebSockets server port
        #ws_interface = "eth0"                  # Whether we should bind this server to a specific interface only
        ws_ip = "192.168.x.x"

cleared certs

3) Next, edited /var/www/html/html/settings.js

var server = "https://192.168.x.x:xxxx";

Restarted NGinx and janus. 

Got error:

POST https://192.168.x.x:xxxx/ net::ERR_CONNECTION_REFUSED
janus.js:955 Probably a network error, is the server down?:
{message: 'Probably a network error, is the server down?', error: TypeError: Failed to fetch

What shall I do? :(

[Lorenzo Miniero]

In settings.js remove the port (:xxxx), since WSS is now handled by nginx.

L.

[Lorenzo Miniero]

Besides, you have to put wss://, hot https://

[Mirko Brankovic]

also i don't see certificate and key location in nginx ssl site?

To view this discussion on the web visit https://groups.google.com/d/msgid/meetecho-janus/9c9cd511-f0e5-4657-b63a-02bd2cc3d00dn%40googlegroups.com.

--

Regards,

Mirko

[Mirko Brankovic]

aaah self signed ... will that we accepted for wss ?

--

Regards,

Mirko

[Lorenzo Miniero]

Once you accept those for the page, yes.

L.

[Michał Pawłowski]

Thank you so much. I have found tutorial:

https://facsiaginsa.com/janus/basic-janus-configuration-with-ssl

It's really helpful, but I have some issue which I can bypass. When I create config in /etc/nginx/sites-available/pass.conf and ln it into /etc/nginx/sites-enabled/pass.conf nqinx crashes. I get error:

Job for nginx.service failed.

In log i get:

polkitAuthenticationAgent: Received 2identities that can be used for authentication. Only considering one.

The pass.conf is looking like that:                                                                                         

server {
    listen 9975 ssl http2;
    server_name my.site.com;

    ssl_certificate_key nginx-selfsigned.key;
    ssl_certificate     nginx-selfsigned.crt;

    access_log   /var/log/nginx/my.site.com.log;
    error_log    /var/log/nginx/my.site.com.log error;

    #location /janus {
    #        proxy_set_header Host $host;
    #        proxy_set_header Connection "";
    #        proxy_http_version 1.1;

    #        proxy_pass http://127.0.0.1:9998;
    #}

    location / {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_pass http://127.0.0.1:9999;
    }
}

What am I doing wrong :((

[Mirko Brankovic]

As far as I know, you only need to place your config in sites-available and nginx on reload/startup will enable it by placing it in sites-enabled, you don't have to link anything

To view this discussion on the web visit https://groups.google.com/d/msgid/meetecho-janus/3e686623-d6ec-4d25-9966-1009fd274841n%40googlegroups.com.

--

Regards,

Mirko

[Michał Pawłowski]

Oh, but when I put it only inside available, server starts, but the site is not working properly (janus is not visible by proxy)

[Michał Pawłowski]

OK, I've figured ot what was wrong. The file of config was corrupted. I've used other and it works but ...

I can connect locally but people from other IPs in lan not

What can it be?  HTTPS is working

[Michał Pawłowski]

OK IT works, firewall was blocking the connection thank you!! :)

[Mirko Brankovic]

great  success :D

To view this discussion on the web visit https://groups.google.com/d/msgid/meetecho-janus/dcbc8da0-399e-4807-9414-2dc0de462c49n%40googlegroups.com.

--

Regards,

Mirko