Request: Working WebRTC Config example #272
Description
Hi Folks
I set up my own turn server and confirmed it to be working, using two test suites.
However I struggle with the mistserver part.
I used to get it to work in the past, but not anymore.
It fails whenever I force my browser to use the proxy (via "WebRTC Network Limiter" plugin in Chrome).
Could you please help me with "the expected part" on Mistserver's side?
Mist version: 3.9.2
- https is nginx-proxied in front of Mistserver
- wss is working via the nginx-proxy
- the UDP port of Mist's WebRTC module is forwarded through the router.
- Turn fails
Question 1:
Can you confirm a working IceServers object syntax please:
[
{
"urls": [
"stun:myturn.example.com:13478"
]
},
{
"credential": "MyPass1234",
"urls": [
"turn:myturn.example.com:13478?transport=udp"
],
"username": "myturnuser"
},
{
"credential": "MyPass1234",
"urls": [
"turn:myturn.example.com:13478?transport=tcp"
],
"username": "myturnuser"
},
{
"credential": "MyPass1234",
"urls": [
"turns:myturn.example.com:15349?transport=udp"
],
"username": "myturnuser"
},
{
"credential": "MyPass1234",
"urls": [
"turns:myturn.example.com:15349?transport=tcp"
],
"username": "myturnuser"
}
]
or
[
{
"urls": [
"stun:myturn.example.com:13478"
]
},
{
"credential": "MyPass1234",
"urls": [
"turn:myturn.example.com:13478?transport=udp",
"turn:myturn.example.com:13478?transport=tcp",
"turns:myturn.example.com:15349?transport=udp",
"turns:myturn.example.com:15349?transport=tcp"
],
"username": "myturnuser"
},
]
Question 2:
Is there even a UDP variant for turnS? as in
"turns:myturn.example.com:15349?transport=udp",
Question 3:
Is the IceObject intended to be auto-generated/able via dynamic variable pointing to an external script?
(To use time-limited turn credentials)
Question 3b:
With regard to "time-limited turn credentials":
Is there a special syntax expected on Mist's part?
I read somewhere that these credentials are somewhat salted with a timestamp, and prefixing the timestamp in plain.
I wonder if this concerns Mistserver.
Question 4:
In the GUI:
- "Certificate:"
- "Key:"
Are these to be understood as public-cert-file, and private-key-file, as is normal for example with https?
What does this mean in terms of the Common-Name, ie Domain?
Is this domain intended to be the domain where Mistserver serves streams from? Or the domain under which the player is embedded?
Question 5:
In the GUI:
Is there a documentation for:
- "Prefix for control URL (DELETE/PATCH requests):"
Question 6:
dTLS runs via the forwarded UDP port, correct?
Question 7:
Do I even need to have a public-CA-verified TLS cert/key on the Mistserver, if all TLS is anyways terminated on the nginx-proxy?
I wonder if dTLS needs this.
Also: If my Mist's https service is not in use anyways (due to my nginx-proxy TLS termination), should I be able to set cert/privatekey in the WebRTC module only?
Big thanks!