Janus and Amazon AWS

227 views
Skip to first unread message

siegmar....@siegmar.com.br

unread,
Oct 30, 2018, 10:18:23 PM10/30/18
to meetecho-janus
Hi,

I have the following installation:


(A) 3CX PABX Cloud


(B) Janus Server installed in a CentOS Amazon AWS VM

Janus Server (B) is compiled from source ( Janus and many Libraries ) and has HTTP, HTTPS, WEBSOCKET and SECURE WEBSOCKET enaled, both for API and ADMIN.
Eventually I get one error:

[ERR] [transports/janus_http.c:janus_http_handler:1215] Invalid url /ws/v1/cluster/apps/new-application

Below yo find the link for the Janus Log file:

https://gist.github.com/zig-github/d691661a4f86d714f7b34675829d2c41

Below you find all the changes I did in the .cfg files:

janus.cfg
{
stun_server = stun.l.google.com
stun_port = 19302

nat_1_1_mapping = 18.228.38.229
}

janus.transport.http.cfg
{
http = yes
port = 8088
https = yes
secure_port = 8089

admin_http = yes
admin_port = 7088
admin_https = yes
admin_secure_port = 7889
}

janus.transport.websockets.cfg
{
ws = yes
ws_port = 8188
wss = yes
wss_port = 8989

admin_ws = yes
admin_ws_port = 7188
admin_wss = yes
admin_wss_port = 7989
}

- What means the error above "Invalid url /ws/v1/cluster/apps/new-application" ?


(C) Janus HTML/Javascript installed in a Windows Amazon AWS VM

Does not work.
After inspecting ADMIN I found out it does not connect.

- How should I configure Amazon AWS to make it work with Janus HTML/JavaScript ?


(D) Janus HTML/Javascript installed in a Windows Server ( not a VM )

Works perfectly with HTTP and WEBSOCKET for API.
Works just with HTTP for ADMIN.
Does not work with HTTPS and SECUE WEBSOCKET, both for API and ADMIN.

- Why does Janus not work with HTTPS and SECURE WEB SOCKET ?
Is this an Amazon AWS problem ?

Thanks

siegmar....@siegmar.com.br

unread,
Oct 30, 2018, 10:50:17 PM10/30/18
to meetecho-janus
Hi,

Just to give some more information, below you find all the ports enabled in Linux Firewall:

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent

firewall-cmd --zone=public --add-port=8088/tcp --permanent
firewall-cmd --zone=public --add-port=8089/tcp --permanent

firewall-cmd --zone=public --add-port=8188/tcp --permanent
firewall-cmd --zone=public --add-port=8989/tcp --permanent

firewall-cmd --zone=public --add-port=7088/tcp --permanent
firewall-cmd --zone=public --add-port=7889/tcp --permanent
firewall-cmd --zone=public --add-port=7188/tcp --permanent
firewall-cmd --zone=public --add-port=7989/tcp --permanent

Thanks

Lorenzo Miniero

unread,
Oct 31, 2018, 5:20:17 AM10/31/18
to meetecho-janus
Are you an bugswheel94 working on the same thing? If so, can you please stop posting the same issue over and over?

Thanks,
Lorenzo

siegmar....@siegmar.com.br

unread,
Oct 31, 2018, 8:40:36 AM10/31/18
to meetecho-janus
Hi Lorenzo,

I don't know who bugswheel94 is.
Is there any other POST available about the same subject ?
If so, please let me know.

By the way, thanks for developing Janus.
I am using WebRTC for one year and Janus for 3 weeks.
It's really a very nice software with a very good documentation.
I guess the problems I am having are related to Amazon AWS, not to Janus.

Thanks

Lorenzo Miniero

unread,
Oct 31, 2018, 9:25:49 AM10/31/18
to meetecho-janus
Il giorno mercoledì 31 ottobre 2018 13:40:36 UTC+1, siegmar....@siegmar.com.br ha scritto:
Hi Lorenzo,

I don't know who bugswheel94 is.



Apologies for sounding so rude, re-reading the post I really sound like a jerk... I saw a couple of issues and then posts here, apparently all posted by the same person and with the same content, which annoyed me a bit. Anyway, it does sound like there may be something, more on that below.

 

Is there any other POST available about the same subject ?
If so, please let me know.



Yes, there is one posted almost at the same time as yours here:

Mirko explained how an HTTP client is apparently sending HTTP requests addressed at a path Janus is not handling. The HTTP plugin in Janus is not a web server, it only exposes an API on well known paths (e.g., /janus), so anything that doesn't match that will be rejected and notified in the logs.

 

By the way, thanks for developing Janus.
I am using WebRTC for one year and Janus for 3 weeks.
It's really a very nice software with a very good documentation.
I guess the problems I am having are related to Amazon AWS, not to Janus.

 


Yep, since you and others are all getting this /ws/v1/cluster/apps/new-application thing, it may be some AWS proxy that is acting weirdly: e.g., something that handles web traffic for you, and then forwards it to Janus using the wrong path. If so, that's probably what you have to fix.

Take into account that those requests may also be random requests coming from bots.

Lorenzo


Thanks

bugwheels94

unread,
Oct 31, 2018, 10:54:39 AM10/31/18
to meetecho-janus
There is only one bugwheels94 :) and feel free to tell me if I spam as I try to be very specific but my knowledge is limited in this area

siegmar....@siegmar.com.br

unread,
Nov 1, 2018, 9:14:29 AM11/1/18
to meetecho-janus
Hi Lorenzo,

I solved most of the problems:

1. WS
After disabling httpd service ( I have installed it in the same VM just for testing purpouses ) WS protocol started to work.

2. HTTPS and WSS
The fault was mine :-(
I was using your self-signed Certificates.
After creating a real one at ZeroSSL both protocols are working.

There are just two minor problems:

1. WS and WSS ADMIN
WS and WSS do not work for ADMIN.
They are both enabled as you can see in the Log below.
It´s not a problem for me as HTTP and HTTPS work fine.

2. Invalid url /ws/v1/cluster/apps/new-application
Eventually I get the error above.
I am not sure if this an error caused by AMAZON AWS or a Janus bug.
I set DEBUG LEVEL to 7 and below you find the full Log showing the error:

https://gist.github.com/zig-github/d691661a4f86d714f7b34675829d2c41

Thanks

Alessandro Amirante

unread,
Nov 1, 2018, 9:22:24 AM11/1/18
to siegmar....@siegmar.com.br, meetech...@googlegroups.com
Il giorno gio 1 nov 2018 alle ore 14:14 <siegmar....@siegmar.com.br> ha scritto:

2. Invalid url /ws/v1/cluster/apps/new-application
Eventually I get the error above.
I am not sure if this an error caused by AMAZON AWS or a Janus bug.

Definitely not a Janus bug. It's a well-known attack, more info here:


A.

Lorenzo Miniero

unread,
Nov 1, 2018, 9:51:46 AM11/1/18
to meetecho-janus
The Admin API over WS definitely works. My guess is you're trying the Admin API demo page, which only supports HTTP, not WebSockets. You'll have to edit the JavaScript code to make it use WS instead.

L.

siegmar....@siegmar.com.br

unread,
Nov 1, 2018, 10:20:42 AM11/1/18
to meetecho-janus
Hi Lorenzo,
Before testing WS and WSS ADMIN I have already changed the JavaScript code.
Are the configuration below correct ?

siptest.js ( API )
//var server = "http://webrtc.siegmar.com.br:8088/janus"
//var server = "https://webrtc.siegmar.com.br:8089/janus"
//var server = "ws://webrtc.siegmar.com.br:8188"
var server = "wss://webrtc.siegmar.com.br:8989"

admin.js ( ADMIN )
//var server = "http://webrtc.siegmar.com.br:7088/admin"
//var server = "https://webrtc.siegmar.com.br:7889/admin"
//var server = "ws://webrtc.siegmar.com.br:7188"
var server = "wss://webrtc.siegmar.com.br:7989"

Is there something else I should have changed ?

Thanks

Lorenzo Miniero

unread,
Nov 1, 2018, 10:44:17 AM11/1/18
to meetecho-janus
As I said, the Admin API demo page doesn't have any support for WS. It's not like the other demos: HTTP requests are hardcoded in the JS. You'll have to completely refactor the code to use WS instead. No problem in the SIP demo page instead.

L.
Reply all
Reply to author
Forward
0 new messages