SSL/TLS encryption of WebRTC under localhost testing

based on the document of “set-up-webrtc-streaming-with-wowza-streaming-engine-manager”

“Encryption is required for all components of the WebRTC workflow. You must have a secure HTTP (HTTPS) connection to a web camera for WebRTC publishing and playback.”

But under localhost testing without outbound internet access, how to enable WebRTC?
if it possible to use WebRTC without SSL/TLS encryption?

thanks

Yes it is possible to run WebRTC on a localhost, and if you search the forums for “webrtc localhost”, you will find some discussion around this if those posts help you.


For a localhost, you will need to use your local IP address, this can be found with ipconfig or ifconfig command.

You will then request a certificate with this IP address.
https://www.wowza.com/docs/how-to-get-ssl-certificates-from-the-streamlock-service

Then in your webrtc Application.xml
[install-dir]/conf/webrtc

You will need to enter your IP address here:

Property>
	<!-- comma separated list of IP addresses and the transport information. For multiple IP's use a pipe character to separate the lists -->
	<Name>webrtcIceCandidateIpAddresses</Name>
	<Value>[wowza-streaming-engine-internal-ip-address],udp</Value>
	<Type>String</Type>
</Property>
<Property>
	<Name>webrtcUDPBindAddress</Name>
	<Value>0.0.0.0</Value>
	<Type>String</Type>
</Property>

Save and restart your application for changes to take effect.

I would recommend using TCP port 443 and this will be setup in the VHost.xml as shown in the StreamLock guide. If you are using your own SSL certificate: As long as the DNS the certificate belongs to can respond with a local IP of your server you can run webrtc on your local network.

if you need any help, please send us a a support ticket and we’ll be happy to help.

hi, i follow the steps from the link you provided
now i can access the file by https://[ ssl-certificate-domain-name ]:443/vod/mp4:sample.mp4/playlist.m3u8

but about the next step you mentioned above

Then in your webrtc Application.xml
[install-dir]/conf/webrtc
You will need to enter your IP address here:

may i know why i didn’t see the folder “webrtc” under [install-dir]/conf?

She’s implying that your application is named “webrtc”. You have two applications based on the directories shown - “live” and “vod”. Are you trying to build a webrtc application in either of those existing ones? Or are you trying to create a new application named “webrtc” to testing webrtc streaming?

[install/dir]/conf/<name-of-application>

many thanks!! it works now !!!

1 Like

I’m also struggling with this. In the Application.xml for my app, where exactly are these entries made? There is a WebRTC section - are they made there? I know this seems obvious, but from my experience “obvious” isn’t always what is needed. I also see a “Properties” section at the very end of the file. Do I need BOTH webrtcUDPBindAddress and the webrtcIceCandidateIpAddresses?

Can some kind soul post a completed example? With full context?

thanks…

Hi @David_Arndt2, no problem I can help. WebRTC configurations do indeed get a little confusing, so you are not alone. As you scroll through this doc, you will see two tabs:

  1. Engine Manager
  2. XML

If you click on the XML tab, the screen will change and provide you with full instructions for how to configure each step in the XML and with screenshots and code examples:

Also the answer is yes, you are in the right place: WebRTC and under Properties.

Make sure you go to Step 2 in what I linked to and you will see the instructions for the properties you asked about. You do need to configure the Ice candidate as it says.

As far as the UDP BindAddress, the directions will show you this statement:

UDPBindAddress The local IP address of the network card you want to use for WebRTC UDP traffic. (This value is not used if streaming WebRTC over TCP.) For UDP delivery in general, it’s okay to leave this property blank. The property is only needed if the server has multiple network interfaces.

I hope this helps!!

Thanks, Rose. I’ll give this a try and report back…

Does it matter if the IP addresses are 127.0.0.1 (localhost) vs. the machines network IP, (like “192.168.1.,NNN” ?

After verifying the Application.xml setup, and restarting, etc. I still cannot get this to work. When I press the “Open WebRTC Publish Page” and try to start publishing, I get this error:

Publish failed. Unable to connect.

Here is my XML for this application: (“live”):

<WebRTC>
	<!--  Enable WebRTC publishing to this application -->
	<EnablePublish>true</EnablePublish>
	<!-- Enable WebRTC playback from this application -->
	<EnablePlay>true</EnablePlay>
	<!--  Enable query of published stream names for this application -->
	<EnableQuery>true</EnableQuery>
	<!--  IP address, transport, and port used for WebRTC streaming. -->
	<!--TCP format: [wowza-streaming-engine-external-ip-address],tcp,[port] -->
	<!--UDP format: [wowza-streaming-engine-external-ip-address],udp -->
	<IceCandidateIpAddresses>192.168.1.151,udp</IceCandidateIpAddresses>
	<!-- Local IP address of the network card you want to use for WebRTC UDP traffic -->
	<UDPBindAddress>192.168.1.151</UDPBindAddress>
	<!-- Comma-deliniated list of audio codecs, in order of preference, for stream ingestion -->
	<PreferredCodecsAudio>opus,pcmu,pcma</PreferredCodecsAudio>
	<!-- Comma-deliniated list of video codecs, in order of preference, for stream ingestion -->
	<PreferredCodecsVideo>h264,vp8</PreferredCodecsVideo>
	<!-- Enable WebRTC debug logging -->
	<DebugLog>false</DebugLog>
	<!-- Properties for WebRTC -->
	<Properties>
	</Properties>
</WebRTC>

==-=-=-=-=

A little more on this: When I go to the application monitor, it says the application is not running. If I hit “Restart” it says it has restarted - no errors reported, but then the monitor says the app is still not running. Something is off somewhere. Where should I look?

Troubleshooting Section 1.

  1. What browser are you using? In Firefox, you will need to have UDP as the first Ice candidate which I see you do. If there is a weird firewall you don’t know about, try adding TCP and see if that works instead of UDP.
  2. Did you already configure that StreamLock cert with port 443 before trying to publish a stream? This is critical Step 1 before trying to stream.
  3. Are you sure that StreamLock cert is still active and not expired?

Troubleshooting Section 2:

What do the logs say? That may give us some valuable hints.

Troubleshooting Section 3

Did you do this first?

  1. Navigate to [ install-dir ]/conf/ and open VHost.xml in a text editor.
  2. Locate the Host Port container for the port you configured for SSL/TLS and add the following HTTPProvider as the second-to-last entry in the HTTPProviders container element. The new HTTP provider must be the second-to-last provider in the section.

com.wowza.wms.webrtc.http.HTTPWebRTCExchangeSessionInfo *webrtc-session.json none

  1. Save your changes to VHost.xml .
  2. Restart Wowza Streaming Engine.


Troubleshooting Section 4

  1. Test that SSL connection and that it’s bound properly to a port for WebRTC.

The instructions are here the bottom of this doc on how to do a quick ping test:

If the SSL cert is not working or configured properly nothing else will work when you try to stream.

Troubleshooting Section 5

Try configuring everything in Engine Manager, save it and restart it- all changes made in Engine manager will be saved in the XML. This is a good way to find out if it’s an issue with the XML config or there is an issue with the StreamLock SSL cert. The only other problem would be some hidden firewall.

All else looks good in your screenshot.

Here is a full tutorial for WebRTC and StreamLock config for Engine Manager if you want to test and see if it works instead of XML. Sometimes in the XML, it could be a silly thing like a space or comma that throws it off as you know. Be sure to let me know what the logs say though!! Those are valuable hints!

The restart issue you mentioned makes me suspicious about the ports being used here for WebRTC. Can you share what’s in the logs?

Thank-you, Rose.

I’m on the latest Chrome browser.

Re StreamLock, I followed the instructions for that very carefully. I’ll go back and double check.

The StreamLock cert was just setup this morning, so it shouldn’t be expired.

All of the settings in VHost.xml were already set as you described.

When testing the SSL cert as per (but using my own streamlock domain)-

https://5ab432XXXXX.streamlock.net:443/myApplication/mp4:sample.mp4/playlist.m3u8

I get this:

This site can’t be reached61780cbeedff9.streamlock.net’s server IP address could not be found.

So… I suspect it’s the cert (for whatever reason)… double checking…

Have ZIP files of the logs. I see no way to attach. (?) I’ll clear the logs, restart and paste in the new error log. I do see a lot of this:

WARN vhost comment 2021-10-26 11:54:37 - - - - - 4751.946 - - - - - - - defaultVHost Bind failed, try again ([any]:443): java.net.BindException: Address already in use: bind
WARN vhost comment 2021-10-26 11:54:42 - - - - - 4756.894 - - - - - - - defaultVHost Bind failed, try again ([any]:443): java.net.BindException: Address already in use: bind
WARN vhost comment 2021-10-26 11:54:42 - - - - - 4756.906 - - - - - - - defaultVHost Bind failed, try again ([any]:443): java.net.BindException: Address already in use: bind
WARN vhost comment 2021-10-26 11:54:42 - - - - - 4756.948 - - - - - - - defaultVHost Bind failed, try again ([any]:443): java.net.BindException: Address already in use: bind
WARN vhost comment 2021-10-26 11:54:47 - - - - - 4761.897 - - - - - - - defaultVHost Bind failed, try again ([any]:443): java.net.BindException: Address already in use: bind

Ok so I would suggest removing the port you configured for StreamLock in the VHost and starting over. The easiest way to do this is in the Manager- just go to VHost and click Edit. Make sure you are using a port that is not being used for anything else!

We tend to recommend port 443 if it’s available.

I also have a tutorial I made on setting up that port for StreamLock should that be of help. We’re getting closer to the issue though!

One last note here: If you just got that StreamLock today:

The cert is usually instant, but the DNS for the IP address on the streamlock.net address can take a while, it depends on their DNS servers, but it’s normally about an hour, sometimes up to a day (in extreme cases).

So don’t drive yourself crazy if it isn’t working and you just got that StreamLock today, it may not be your fault @David_Arndt2

So… this fails:

openssl s_client 617kqkqkqkqk9.streamlock.net:443

Is there anyway I can fix the problem with this cert? I don’t see a way to change settings? Generated a new one? (What step did I miss?).

Just saw this. So right now, it’s on 443. I stopped all other HTTP services, so nothing else should be on that port. Should I change it anyway?

Re DNS: I’m confused about the issue of having to use DNS. Does the streamlock service need to be able to reach my machine from outside my local network? It must. So… if that’s the case, that would surely be the issue.

Can’t I develop with Wowza & WebRTC strictly from localhost, within my network?