1. Regarding ports.
8444 - dashboard panel HTTPS
8081 - dashboard panel HTTP
8443 - websocket WSS
8080 - websocket WS
So if you set AWS loadbalancer, it should forward ports, i.e.
8444 > 8081
8443 > 8080
or
8444 > 8444
8443 > 8443
In such a case you set SSL certificates on Load balancer only.
Make sure your load balancer supports receiving of HTTPS traffic and forwarding to HTTP.
Not sure if AWS load balancers support such forwarding.
See also auto-scaling article:
flashphoner.com
>We got the security issue resolved but in the dashboard player we are unable to establish the connection.
This is because player uses two different ports: 8444 (player page), 8443 (websocket connection for player)
2. Regarding SSL certs.
>In future if we go for autoscaling the flashphoner instances should we take certificate for each and every instance or one SSL certificate is valid.
The wildcard certificate can be applied for all instances.
For example, you have N instances:
1.company.com
2.company.com
...
etc
You import wildcard SSL certificate *.company.com into the first instance. Then you copy SSL config /usr/local/FlashphonerWebCallServer/conf/wss.jks across all instances or modify auto-scaling scripts to provision this file during auto-scale instance deployment.
3. It seems you are doing something wrong because you are trying to use WCS server as a web server in production. WCS is not tuned for serving and rendering web pages. Its primary purpose is handling 8443 websocket port and WebRTC streams.
This is the best practice:
1. Use your favorite web server like nginx.
2. Copy code of Player into your nginx-web dir, i.e:
These files are located in /usr/local/FlashphonerWebCallServer/client2/examples/demo/streaming/player
And dependencies. See
Minimal Player embedding sample.
3. Open player.html page on your nginx server
4. Connect from your player page to your instance i.e. wss://1.company.com:8443
As you can see in such a case you are using just single port 8443 and don't need access to dashboard panel in production.
Player page and associated scripts are completely under your control and web server nginx. Just single port websocket connection is open to WCS server 8443 either via AWS LB or directly.
