Running WCS 5.2 with Reverse Proxy

lerxstrulz

New Member
Hi,

I'm trying WCS on Ubuntu 16.04 (I know 18.04 is recommended) and have verified my java install as well as glibc. I also received my trial license today.

I am setting up reverse proxy through apache to WCS so that I don't have to expose the ports to the world (I currently do this with another websocket system) and am running into issues where I can't go to host.domain.com (where 'host' is my host mapped to the 8444 endpoint). I have a host mapped to127.0.0.1 on port 8444 and am seeing this in the log files (IP addresses/host names obfuscated):

NOTE: I'm not actually using "host.domain.com", that's just here to obfuscate the real domain (it's not public yet)

[Thu May 21 20:09:34.616016 2020] [proxy_http:error] [pid 37956] (20014)Internal error (specific information not available): [client [remote ip]:60734] AH01102: error reading status line from remote server 127.0.0.1:8444
[Thu May 21 20:09:34.616063 2020] [proxy:error] [pid 37956] [client [remote ip]:60734] AH00898: Error reading from remote server returned by /
==> /var/log/apache2/videotest_access_ssl.log <==
[remote ip] - - [21/May/2020:20:09:34 +0000] "GET / HTTP/1.1" 502 4037 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
==> /var/log/apache2/videotest_error_ssl.log <==
[Thu May 21 20:09:35.088212 2020] [proxy_http:error] [pid 37956] (20014)Internal error (specific information not available): [client [remote ip]:60734] AH01102: error reading status line from remote server 127.0.0.1:8444, referer: https://host.domain.com/
==> /var/log/apache2/videotest_access_ssl.log <==
[remote ip] - - [21/May/2020:20:09:35 +0000] "GET /favicon.ico HTTP/1.1" 200 31 "https://host.domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"
==> /var/log/apache2/videotest_error_ssl.log <==
[Thu May 21 20:09:35.227801 2020] [proxy_http:error] [pid 37957] (20014)Internal error (specific information not available): [client [remote ip]:60741] AH01102: error reading status line from remote server 127.0.0.1:8444, referer: https://host.domain.com/
[Thu May 21 20:09:35.227843 2020] [proxy:error] [pid 37957] [client [remote ip]:60741] AH00898: Error reading from remote server returned by /favicon.ico, referer: https://host.domain.com/
==> /var/log/apache2/videotest_access_ssl.log <==
[remote ip] - - [21/May/2020:20:09:35 +0000] "GET /favicon.ico HTTP/1.1" 502 854 "https://host.domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"


My Apache config looks like (I have a redirect from 80 to 443 with a valid cert):

<VirtualHost *:443>

ServerAdmin webmaster@localhost
DocumentRoot /var/www

ErrorLog ${APACHE_LOG_DIR}/videotest_error_ssl.log
CustomLog ${APACHE_LOG_DIR}/videotest_access_ssl.log combined

ServerName host.domain.com

ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full

<Proxy *>
Require all granted
</Proxy>

ProxyPass / http://127.0.0.1:8444/
ProxyPassReverse / http://127.0.0.1:8444/

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/host.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/host.domain.com/privkey.pem
</VirtualHost>


I do not have any of the other ports setup via reverse proxy yet. My plan is to do those once I get the admin panel working. I can telnet to 8444 locally on the server, and the service seems to be running:

/etc/apache2/sites-available# service webcallserver status

webcallserver.service - Flashphoner WebCallServer
Loaded: loaded (/etc/systemd/system/webcallserver.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-05-21 20:05:30 UTC; 19min ago
Process: 38395 ExecStop=/bin/bash webcallserver stop (code=exited, status=0/SUCCESS)
Main PID: 38503 (java)
CGroup: /system.slice/webcallserver.service
└─38503 java -Xmx1024M -XX:+UseConcMarkSweepGC -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=70 -Djava.net.preferIPv4Stack=true -Dcom.sun.management.jmxremote

May 21 20:05:30 www.domain.com systemd[1]: Started Flashphoner WebCallServer.
May 21 20:05:33 www.domain.com bash[38455]: FlashphonerWebCallServer: starting


I only plan to ingest a WebRTC stream then relay it to a 3rd party RTMP service such as Youtube. Is WCS compatible with this setup or do I have to expose ports?

Thank you!
 

Max

Administrator
Staff member
Good day.
8444 is secure websocket (wss) port, so you should proxy to this post as HTTPS, not HTTP
There is also insecure websocket port (ws) 8081, but WebRTC publishing will not work via insecure connection.
I only plan to ingest a WebRTC stream then relay it to a 3rd party RTMP service such as Youtube. Is WCS compatible with this setup or do I have to expose ports?
WebRTC is a multiport protocol. You can proxy websocket connection, but you must expose UDP media ports for incoming connections to publish WebRTC stream. By default, the following media ports range is used
Code:
media_port_from=31001
media_port_to=32000
If you do not want to expose ports range, please consider TURN server usage, in this case you should expose websocket port and TURN server port (3478/TCP by default).
 

lerxstrulz

New Member
I upgraded to Ubuntu 18.04, opened up all the ports as specified here:


Rebooted the server, ran sudo service webcallserver start and checked status:

Code:
● webcallserver.service - Flashphoner WebCallServer
   Loaded: loaded (/etc/systemd/system/webcallserver.service; enabled; vendor preset: enabled)
   Active: active (exited) since Fri 2020-05-22 15:08:01 UTC; 56s ago
  Process: 780 ExecStart=/bin/bash webcallserver start (code=exited, status=0/SUCCESS)
 Main PID: 780 (code=exited, status=0/SUCCESS)

May 22 15:08:01 host.domain.com systemd[1]: Started Flashphoner WebCallServer.
May 22 15:08:11 host.domarin.com bash[780]: FlashphonerWebCallServer: starting
But it looks like it exited? I cannot ssh to port 2001 locally, cannot get to host.domain.com:8444. Checking the /logs folder there is nothing but startup.log and dtls-error.log (which is empty.) The startup log has:

Code:
[2020-05-22 15:08:10] Checking JVM options
openjdk version "11.0.7" 2020-04-14
OpenJDK Runtime Environment (build 11.0.7+10-post-Ubuntu-2ubuntu218.04)
OpenJDK 64-Bit Server VM (build 11.0.7+10-post-Ubuntu-2ubuntu218.04, mixed mode, sharing)
[2020-05-22 15:08:10] Starting Flashphoner Web Call Server
the /server_logs folder is empty.

My flashphoner.properties file:

Code:
# Config flashphoner.properties
# To get more settings:
# ssh -p 2001 admin@localhost
# default password: admin
# show node-settings
# show node-settings | grep port

#server ip
ip                     =xxx.xxx.xxx.xxx <-- this is my external IP address
ip_local               =xxx.xxx.xxx.xxx

#webrtc ports range
media_port_from        =31001
media_port_to          =32000

#codecs
codecs                   =opus,alaw,ulaw,g729,speex16,g722,mpeg4-generic,telephone-event,h264,vp8,flv,mpv
codecs_exclude_sip       =mpeg4-generic,flv,mpv
codecs_exclude_streaming =flv,telephone-event
codecs_exclude_sip_rtmp  =opus,g729,g722,mpeg4-generic,vp8,mpv

#websocket ports
ws.port                 =8080
wss.port                =8443
What else am I missing?
 

lerxstrulz

New Member
I uninstalled and reinstalled, and it seems to be running now. I can SSH locally to port 2001, but the admin interface is still not coming up. When I go to https://<my website url>:8444 it just hangs for a while then eventually says the server took too long to respond.

Code:
 webcallserver.service - Flashphoner WebCallServer
   Loaded: loaded (/etc/systemd/system/webcallserver.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-05-22 17:44:02 UTC; 11min ago
  Process: 1617 ExecStop=/bin/bash webcallserver stop (code=exited, status=0/SUCCESS)
Main PID: 1701 (java)
    Tasks: 51 (limit: 1113)
   CGroup: /system.slice/webcallserver.service
           └─1701 java -Xmx1024M -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=70 -Djava.net.preferIPv4Stack=true -Dcom.sun.management.jmxremote=true -Dcom.sun.management.
Made a little progress ;)
 

Max

Administrator
Staff member
Please make a report and send to support@flashphoner.com
We will check configuration.
Code:
cd /usr/local/FlashphonerWebCallServer/tools
sudo ./report.sh
Make sure port 8444 is open and listening.
Code:
netstat  -nlp | grep java | grep 8444
 

Max

Administrator
Staff member
It seems you have wrong IP configuration.
If you test in the LAN, set
Code:
ip={LAN_IP}
ip_local={LAN_IP}
Example:
Code:
ip=192.168.88.22
ip_local=192.168.88.22
Here 192.168.88.22 is IP of your PC or server in the LAN.

Then open URL in the LAN

If you prefer WAN, then do not use a local PC. Take a server with public static IP address to avoid any NAT issues.

DigitalOcean

Or another VPS hosting provider
 

lerxstrulz

New Member
My flashphoner.properties file has the public static IP address of my server in both fields. This is on a public server with a fixed IP address hosting several publicly available websites.

I can curl the admin login locally from the server:

curl -v http://localhost:8081/admin/login.html

But I cannot curl it outside of the server. I get a connection timeout. I completely shut down my firewall and rebooted the server, but still could not connect from outside the server.

So I am thinking it is a configuration issue, just trying to figure out what I need to set ;)

Thank you for the help so far!
 
Top