javascript - Can't connect securely (wss) to AWS Kurento to get Remote Stream in "Hello World" node.js

admin管理员组

文章数量:1181355

I'm testing locally on Windows 11. I'm able to get the remote stream if using http://localhost and ws://47.128.254.233:8888/kurento

but, after several attempts, still don't know how to get this working in https with wss.

The keys included with the node project don't work, but I generated some new ones with mkcert which do and allow me to run localhost as https:

var options =
{
   //key:  fs.readFileSync('keys/server.key'),
   //cert: fs.readFileSync('keys/server.crt')
    key: fs.readFileSync('keys/localhost+2-key.pem'),
    cert: fs.readFileSync('keys/localhost+2.pem')
};

...though https://localhost doesn't work with ws, which is probably normal.

In the AWS console, I've got the following Inbound Rules for my Kurento Instance's Security Group:

IP Version | Type      | Protocol | Port Range | Source
IPv4       | SSH       | TCP      | 22         | 0.0.0.0/0
IPv4       | All UDP   | UDP      | 0-65535    | 0.0.0.0/0
IPv6       | Custom TCP| TCP      | 8433       | ::/0
IPv4       | All TCP   | TCP      | 0-65535    | 0.0.0.0/0
IPv4       | Custom TCP| TCP      | 8888       | 0.0.0.0/0
IPv4       | Custom TCP| TCP      | 8433       | 0.0.0.0/0

The Instance has been auto-assigned an IPv6 uri: 2406:da18:3ae:d570:72fa:2620:b08e:6c37.

Connecting to the AWS Kurento Instance via SSH, I can run sudo netstat -tulnp | grep kurento and I get:

tcp6       0      0 :::8433                 :::*                    LISTEN      2299/kurento-media-
tcp6       0      0 :::8888                 :::*                    LISTEN      2299/kurento-media-

In the tutorial's server.js, I've tried setting the ws_uri in different ways:

var argv = minimist(process.argv.slice(2), {
    default: {
        as_uri: 'https://localhost:8443/', // Local Node.js tutorial server
        ws_uri: 'wss://47.128.254.233:8433/kurento' // AWS Kurento Media Server
        //ws_uri: 'wss://[2406:da18:3ae:d570:72fa:2620:b08e:6c37]:8433/kurento'
    }
});

but it doesn't work. Furthermore, checking the wss uri in PieHost or running Test-NetConnection -ComputerName 2406:da18:3ae:d570:72fa:2620:b08e:6c37 -Port 8433 fails.

Copilot suggested I'd need to make openSSL key and certificate on the AWS computer and reference them in kurento.conf.json. I tried this with self-signed openSSL key and cert and it didn't help. There seems to be an issue with checking the key using: openssl rsa -noout -modulus -in /etc/kurento/kurento-key-no-pass.pem | openssl md5 where permission is denied unless you prepend that command with sudo. But attempts to lower its protection or move it to another directory didn't help.

I tried to install coturn on the AWS server but it was already installed with the correct external-ip address already set in etc/turnserver.conf. I didn't see a WebRtcEndpoint.conf.ini in the etc folder, so I made one and filled it this way:

stunServerAddress=stun.l.google
stunServerPort=19302
turnURL=kurento:[email protected]:3478

and the Trickle ICE test seems to return good results:

0.006   host    2299836197  udp d0e51d97-6cff-4c2d-ada1-11cf46d06144.local  62880   126 | 30 | 255      
0.576   srflx   4082115708  udp 84.239.6.141    62880   100 | 30 | 255  stun:47.128.254.233:3478    
1.193   relay   1139691178  udp 47.128.254.233  62384   2 | 31 | 255    turn:47.128.254.233:3478?transport=udp  udp

...but the Remote stream still doesn't connect and I get the WebSocket is already in CLOSING or CLOSED state. error message in the Edge dev console.

Not sure what to try next. At this point, I've probably tried TOO many things that are possibly interfering each other, so any hints are appreciated.

本文标签：