Janus deployed in AWS

[sean lu]

This one puzzles me a lot:

I have Janus webRTC server deployed on AWS EC2. On my home network, I have tested the Demo plugins through Mac and Windows laptop.

1). On Mac, via Safari, Echo test plugin worked. Video Room plugin also worked.

(So this means server setting and AWS settings are all good)

2). On Windows, with Firefox, Echo test plugin failed with "Error connecting to the Janus WebSockets server: Is the server down?" Video Room plugin comes with the same error.

However, on Windows laptop, with Firefox, test the same browser with demo page through https://janus.conf.meetecho.com/echotest.html and it worked. (So this means browser setting it good)

What could be the possible ways to trouble shoot this issue?

Sean

[Murilo Moura]

Hi Sean!

Have you enabled the websockets feature on the Janus server? If not, it will be necessary.

Murilo Moura

[sean lu]

Hi, Murilo:

Thanks for the suggestion.

Yes, Websockets are enabled on the Janus server in AWS. I can test the plugins successfully from browsers on my Mac. It is just with the browser on my Windows laptop that they don't work. (both mac and windows laptop resides in my home network)

But, if I use my windows laptop to connect to official janus site https://janus.conf.meetecho.com/echotest.html then it works. 

So I am not sure where the problem might be.

Sean

[Murilo Moura]

Do you have any evidence that the websocket is indeed enabled (and that you can share it here for us to review)?

I ask to see if you are not confusing transport via http with websocket, since in the browser console the status displayed is transport via http and not websocket.

Murilo Moura

[sean lu]

Hi, Murilo:

Thanks for trouble shooting with me. Yes, I have a nginx installed (with self signed cert) for external traffic terminated at 443. Then have the reverse proxy setup for janus, port 8088 for janus api, port 8188 for websocket

On starting up Janus, I have the following from the terminal running janus status

ubuntu@ip-XX-XX-XX-XX:/var/log/nginx$ sudo service janus status

● janus.service - Janus WebRTC Server

   Loaded: loaded (/etc/systemd/system/janus.service; disabled; vendor preset: enabled)

   Active: active (running) since Mon 2022-04-25 21:31:09 UTC; 5s ago

 Main PID: 21447 (sudo)

    Tasks: 24 (limit: 2347)

   CGroup: /system.slice/janus.service

           ├─21447 /usr/bin/sudo /opt/janus/bin/janus

           └─21458 /opt/janus/bin/janus

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: Loading transport plugin 'libjanus_websockets.so'...

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: [WARN] libwebsockets has been built without IPv6 support, will bind to IPv4 only

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: libwebsockets logging: 0

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: WebSockets server started (port 8188)...

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: JANUS WebSockets transport plugin initialized!

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: Loading transport plugin 'libjanus_http.so'...

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: HTTP webserver started (port 8088, /janus path listener)...

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: JANUS REST (HTTP/HTTPS) transport plugin initialized!

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: HTTP transport timer started

Apr 25 21:31:09 ip-XX-XX-XX-XX sudo[21447]: WebSockets thread started

 In each of the demo js file, for example, i have the following line:

var server = "wss://DNS_name_for_this_server";

Please let me know if you need any additional information.

[Murilo Moura]

From what I understand you mentioned port 8188 for websocket, however your "server" variable is pointing to secure websocket (wss).

Also, in the "server" variable you need to indicate the port at the end of the address (example: ws://xxxxx:8188 [or another port that you have configured for websocket] ).


Murilo Moura

[Murilo Moura]

Hi Sean!

Let us know if you were successful.

[sean lu]

Hi, Murilo:

Thanks again for working with me.

Here is what I have so far, I have a nginx server running in AWS for external traffic, let's call it server1.example.com which have a self signed cert attached to it so traffic will terminate on port 443. On the same VM, Janus is installed.

Nginx have reverse proxy enabled for Janus so Janus is not exposed to outside.

This block is defined in the conf file under /etc/nginx/sites-available

+++++++++++++++++++

    location /janus {

            proxy_set_header Host $host;

            proxy_set_header Connection "";

            proxy_http_version 1.1;

            proxy_pass http://127.0.0.1:8088;

    }

    location / {

            proxy_http_version 1.1;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "Upgrade";

            proxy_set_header Host $host;

            proxy_pass http://127.0.0.1:8188;

    }  
++++++++++++++++++++++

So HTTPS is at the Nginx level, thus I did not explicitly enable secure websocket port 8189 anymore in janus.transport.websockets.jcfg because it is already within the SSL turnel. Is it required to use 8189 for secure websocket even it is already wrapped with ssl? 

hitting https://server1.example.com return code 403 which from the doc, it suggests websockets test is working?

Really appreciated for your help.

[Murilo Moura]

First, I would do a direct test without the proxy as an intermediary.

Once you are able to validate that the websocket connection works without the proxy, you will have one less doubt point to evaluate.

[Lorenzo Miniero]

Of course you need to open ports. For media ports are dynamic. Specify an RTP range in janus.jcfg and open the related ports.

L.

Il giorno lunedì 2 maggio 2022 alle 21:37:20 UTC+2 seanl...@gmail.com ha scritto:

One thing i am not sure, since the server is in AWS, do I need to open ports? Current port HTTPS 443, HTTP 8088, HTTPS 8089, WS 8188, WSS 8989 are open.

On Monday, May 2, 2022 at 2:26:01 PM UTC-5 sean lu wrote:

So here is what I did so far. 

I have installed Janus WebRTC and Janus demo on the same test box, let's call it test.example.com

Janus API is listening on Port 8088 (HTTP) and 8089 (HTTPS), http://test.example.com:8088/janus/info and http://test.example.com:8089/janus/info return correct information.

Janus WebSocket is listening on Port 8188 (plain) and 8989(secure) and verified with nc command.

Here HTTPS and WSS is using a self signed cert, let's call it cert1

Janus demo installed with Ngnix (self signed certificate), webpages shows under https://test.example.com, here Nginx is installed with self signed cert (cert2) so traffic terminate at port 443

To test echotest, have the following defined in echotest.js

var server = "wss://test.example.com:8989";

var server = "wss://vstest.apt.cv700-telematics.net:8989";var server = "wss://vstest.apt.cv700-telematics.net:8989";

When trying to launch the test, local stream is trying to publish and I can see the video stream, but the remote stream is trying to establish but did not show anything, and after couple of seconds, it stopped with following message (The echo test is over)

Same thing when trying to test Video Room, I have the same modification in videoroomtest.js

And when trying to launch, it asked me to enter the room name, and then it tried to publish the stream but again stopped after couple of seconds

[sean lu]

Hi:

Thank you very much for working with me. I changed the port range for outgoing traffic. However, it is still giving me the same outcome. To recap:

So here is what I did so far. 

I have installed Janus WebRTC and Janus demo on the same test box, let's call it test.example.com

Janus API is listening on Port 8088 (HTTP) and 8089 (HTTPS), http://test.example.com:8088/janus/info and http://test.example.com:8089/janus/info return correct information.

Janus WebSocket is listening on Port 8188 (plain) and 8989(secure) and verified with nc command.

Here HTTPS and WSS is using a self signed cert, let's call it cert1

Janus demo installed with Ngnix (self signed certificate), webpages shows under https://test.example.com, here Nginx is installed with self signed cert (cert2) so traffic terminate at port 443

To test echotest, have the following defined in echotest.js

var server = "wss://test.example.com:8989";

When trying to launch the test, local stream is trying to publish and I can see the video stream, but the remote stream is trying to establish but did not show anything, and after couple of seconds, it stopped with following message (The echo test is over)

Same thing when trying to test Video Room, I have the same modification in videoroomtest.js

And when trying to launch, it asked me to enter the room name, and then it tried to publish the stream but again stopped after couple of seconds

Any advice will be greatly appreciated. 

Sean

On Tuesday, April 26, 2022 at 9:31:20 AM UTC-5 muriloma...@gmail.com wrote:

[Erwin Dee Junio Villejo]

Hello,

It's hard to pinpoint your exact issue because you didn't provide any logs. You should at least provide logs from the browser console.

Anyway, I have some tips:

1. Buy an SSL cert from a commercial CA or use LetsEncrypt (free) instead of using self-signed certificates. Your browser should have rejected your self-signed certs (unless you also installed your root CA to your system).
2. Terminate your HTTPS and WSS transports through the reverse proxy (NGINX), e.g.:

• • port 443, server name janusdemos.domain.tld (Demo pages)
    • serve static files in /usr/share/janus/demos
  • port 443, server name janus.domain.tld (HTTPS and WSS transports)
    • location /janus
      • proxy pass to http://localhost:8088 (HTTP transport)
    • location /
      • proxy pass to http://localhost:8188 (WebSocket transport)
      • handle connection upgrade from HTTP 1.1 to WebSocket

and use a wildcard SSL certificate (for server name *.domain.tld) for the above 2 subdomains.

I have successfully used the above config in my VPS. As for the demo pages, I changed the Janus servers config to:

const server = [

    'wss://janus.domain.tld',

    'https://janus.domain.tld/janus',

];

or even fancier:

const [tld, domain] = window.location.hostname.split('.').reverse();

const domainname = `${domain}.${tld}`;

const server = [

    `wss://janus.${domainname}`,

    `https://janus.${domainname}/janus`,

];

Hope this helps!

Br, Erwin

[sean lu]

Hi, Erwin:

Thank you so much for your help!

You are right on spot. Changing the self signed cert to a valid cert solved my issue. The strange thing about self signed cert is it allowed the browser (safari) to work on the mac so I was under impression it was not the cause of the issue. But sure it is.

Again, greatly appreciate for your help!

Sean