Can you please share with me the architecture of the OM system, showing
components and interfaces?
I don't understand how https is secure while the KMS socket is not secure? And
what is the role of TURN in securing the connection? What should TURN be used
in case of https protocol?
I think security of the system is questionable. Did you try to use wss:// in
KMS url to test it before release?
بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Fri, 17 Jul 2020 at 15:29, Online Use <[email protected]> wrote:
I also used cert and key files for TLS in COTURN, I used https in turnurl in
the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED.
Probably the application itself is not designed to use TLS for Kurento and
COTURN?
Not sure which application are you talking about :(OM doesn't use TURN, WebRTC
in browser uses TURN ....
بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use
<[email protected]> كتب:
I found this note in Kurento documentation:
https://doc-kurento.readthedocs.io/en/stable/features/security.html
Keep in mind that serving your application through HTTPS, forces you to use
WebSockets Secure (WSS) if you are using websockets to control your application
server.
So how the OM system is working while the applicationContext.xml used ws://
connection url?
I would check the traffic with some sniffer and the ask KMS devsFrom my point
of view right now everything works as expectedOM uses HTTPS and wss for
internal websocket messagesAND it has KMS at ws URL ....
Is it secure enough to use https in the browser without using wss connection?
Are all media streams including audio and video encrypted this way?
I guess audio/video is NOT encryptedthis is why i wrote you need to secure KMS
....
Moreover, I edited the kurento.conf.json file to include path to the
certificate file, and edited the applicationContext.xml file to use wss:// with
secure port, but the OM raised an error message saying the media server is
inaccessible. What is the porblem?
I can't say from this descriptionyou have to check 1) KMS logs2) KMS URL (i
guess port will be different in case of wss)3) OM logs4) browser console logs
and/or browser's WebRTC debugging tools
بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Tue, 14 Jul 2020 at 13:31, Online Use <[email protected]> wrote:
I installed KMS using podman not docker, I can't find the configuration file
path you mentioned, where could it be located?
Unfortunately I can't help hereI neve use podman
So the steps are to edit the kurento.conf.json to enable secure connection,
then to edit the applicatonContext.xml file to use wss// instead of ws:// in
Kurento url, right?
most probably you will need to create certificate for KMS (never did it myself,
so you will have to experiment here)
In a previous reply you mentioned that:In WebRTC tunneling is made by front-end
proxy (the config is not trivial)OR with TURN server if user is behind strict FW
So how to enable WebRTC tunneling with TURN server?
TURN server was designed fo unhide user IP address (so tunneling is not
necessary)Or to proxy WebRTCSo it will work out-of-the-box
بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Mon, 13 Jul 2020 at 14:11, Online Use <[email protected]> wrote:
I tried using wss:// protocol in Kurento url in the ApplicationContext.xml
file, but in this case the media server wasn't accessible. So how the wss
protocol is supposed to be used?
You have to configure KMS to be secured BEFORE you you will made changes to
applicationContext.xml
please check /etc/kurento/kurento.conf.jsonAnd official KMS documentation
Also how to configure tunneling with the TURN sever?
Thank you.
بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
On Sun, 12 Jul 2020 at 23:46, Online Use <[email protected]> wrote:
Excuse me, but what is wss?
You can easily google thisWSS is secured version of WS both WS and WSS are
protocol prefix for WebSockets
Will SSL and wss provide tunneling of audio and video streaming like RTMPS?
RTMPS doesn't provide tunneling, you need RTMPTS for tunnelingAnd NO In WebRTC
tunneling is made by front-end proxy (the config is not trivial)OR with TURN
server if user is behind strict FW
Don't you have any plans for including red5 and RTMPS in future releases? What
is the alternative technology?
NORTMP if part of Adobe Flash which is discontinued This is why we have moved
from RTMP to WebRTC
Thanks.
بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik
<[email protected]> كتب:
RTMP/RTMPT/RTMPS is for 4.0.x onlyfor 5.0.x+ you need to secure KMS i.e. set
up certificate and use wss :))
On Sun, 12 Jul 2020 at 13:48, Online Use <[email protected]> wrote:
Hello,
Is RTMPS enabled by default once SSL is implemented?
I know red5 is not supported for M4 release, but how to enable RTMPS for
audio/video encryption?
I understand red5 is only needed for IP telephone not for PC voip, is that
correct?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
