"Publish failed. Unable to connect" when trying to publish with webRTC from a remote server where wowza is installed using docker

Hello, i’m trying to publish a webRTC stream using the Wowza Streaming Engine installed on a server with a docker image, i have priviously streamed locally using webRTC with the Wowza Streaming Engine and it was working fine,so here is what i did exactly: i’ve set up the wowza container on the server following this tutorial:Set up Wowza Streaming Engine using Docker (Linux)
i’ve used this command to build the wowza container using the latest wowza image on docker:

docker run -it --name [ container-name ] --restart always --expose 1935/tcp --expose 8086/tcp --expose 8087/tcp --expose 8088/tcp --publish 1935:1935 --publish 8086:8086 --publish 8087:8087 --publish 8088:8088 --volume /Users/me/Documents/logs:/usr/local/WowzaStreamingEngine/logs --entrypoint /sbin/entrypoint.sh --env WSE_MGR_USER=[ username ] --env WSE_MGR_PASS=[ password ] [ repository ]:[ version ]

i didn’t specify a licence but changed the default one to a another trial one i was using before, i then procceded to download the streamlock certificate that i had for the licence to the docker container in "/usr/local/WowzaStreamingEngine/conf ",i also changed the certificate ip address to the one of the server. then accessed the wowza engine manager from http://[ wowza-ip-address ]:8087, where [ wowza-ip-address ] is the ip address of the server where WSE is installed . i accessed the dashboard and configured the Vhost adding a Streamlock port on 443 and adding the path for the certificate in the container , then configured the webRTC live application adding 2 ICE candidate with the server IP address one TCP(1935) and one UDP, finally after saving and restarting both i opened the publishing page WebRTC Publishing Test for Wowza Streaming Engine and put in the signaling URL relative to my streamLock certificate and tried to stream and got “Publish failed. Unable to connect” .
this is the log that gets generated when i try to publish :
image
when i inspect on the publish page i see this :
WebSocket connection to ‘wss://**********.streamlock.net/webrtc-session.json’ failed: WebSocket is closed before the connection is established.

Several things could be going on here which would throw that error:

  1. Just curious, are you sure that other trial license is still valid or that StreamLock cert?

  2. Are you entering the correct password for that StreamLock cert that was set up when you downloaded it?

  3. Did you properly configure the keystore path and enter the StreamLock cert info correctly?

  4. You need a separate port for SSL Cert from port for Engine Manger.

  5. Do you potentially have a firewall blocking this?

  6. Did you try entering an asterik (*) for the IP address when configuring host 443?


If you want to check if the SSL cert from an old trial is bound to the proper IP address, you can do this:

Run a simple OpenSSL command to quickly confirm you correctly configured your StreamLock certificate and SSL/TLS connection with Wowza Streaming Engine.

Use one of the following OpenSSL commands to quickly test your Wowza Streaming Engine server’s StreamLock certificate configuration and SSL/TLS connection, where [ ssl-certificate-domain-name ] is the certificate hostname:

To test the SSL/TLS connection to the server:

openssl s_client -connect [ *ssl-certificate-domain-name* ]:443

To test the SSL/TLS connection and display the certificates:

openssl s_client -showcerts -connect [ *ssl-certificate-domain-name* ]:443


You should get a response that begins with CONNECTED and references the certificate. If you do, you have correctly configured your StreamLock certificate and SSL/TLS connection with Wowza Streaming Engine.

There’s a lot going on here with the changes you made and with Docker in the mix, we’d need a support ticket to accurately diagnose, but no you wouldn’t need to download the SSL cert each time. You can typically actually assign several StreamLock certs to one engine server.

We also suspect this is an issue with the Docker configuration. Please submit a support ticket so we can properly review the entire configuration. Thanks.

Be sure that port 443 is open in your docker run statement. Docker will deploy default or placeholder information every time the image is launched unless you setup exceptions, which is specific to Docker. You may want to research how best leverage Docker for your use case, including the use of automation scripts to insert your unique server.license file and StreamLock certificate into the /conf folder on your image. I see that your Wowza configuration is configured to listen on port 443, which will support WebRTC when the application is configured to use the IP address of the host server/computer for the TCP ICE candidate(s).

1 Like