On Sun, 19 Jul 2020 at 00:26, Online Use <[email protected]> wrote:
> Can you please share with me the architecture of the OM system, showing > components and interfaces? > we don't have such diagram ATM > > I don't understand how https is secure while the KMS socket is not secure? > And what is the role of TURN in securing the connection? What should TURN > be used in case of https protocol? > Out-of-the-box OM provides HTTPS which ensures login and all UI actions are secured KMS out-of-the-box is NOT secured, and it is OM-server-admin task to secure it TURN is used to be able to negotiate connection with users without real IP It tries to resolve user IP so direct connection can be established established OR bypass all WebRTC traffic like SOCKS proxy if IT is NOT resolvable (I believe you can easily Google above info with much more details) So if you want fully secured system you have to ensure both KMS and TURN are secured as well > > I think security of the system is questionable. Did you try to use wss:// > in KMS url to test it before release? > I see no need in such test We are using KMS API to control connections (drop, create recording chains etc.) We are not working with audio/video streams directly this is the task of media server > > > بتاريخ السبت، 18 تموز 2020 6:21:15 م غرينتش+2، Maxim Solodovnik < > [email protected]> كتب: > > > > On Fri, 17 Jul 2020 at 15:29, Online Use <[email protected]> > wrote: > > I also used cert and key files for TLS in COTURN, I used https in turnurl > in the applicationContext.xml file, but I got and NS_ERROR_UNEXPECTED. > > Probably the application itself is not designed to use TLS for Kurento and > COTURN? > > > Not sure which application are you talking about :( > OM doesn't use TURN, WebRTC in browser uses TURN .... > > > > > بتاريخ الخميس، 16 تموز 2020 12:34:11 م غرينتش+2، Online Use < > [email protected]> كتب: > > > I found this note in Kurento documentation: > https://doc-kurento.readthedocs.io/en/stable/features/security.html > > *Keep in mind that serving your application through HTTPS, forces you to > use WebSockets Secure (WSS) if you are using websockets to control your > application server.* > > So how the OM system is working while the applicationContext.xml used > ws:// connection url? > > > I would check the traffic with some sniffer and the ask KMS devs > From my point of view right now everything works as expected > OM uses HTTPS and wss for internal websocket messages > AND it has KMS at ws URL .... > > > > Is it secure enough to use https in the browser without using wss > connection? Are all media streams including audio and video encrypted this > way? > > > I guess audio/video is NOT encrypted > this is why i wrote you need to secure KMS .... > > > > > Moreover, I edited the kurento.conf.json file to include path to the > certificate file, and edited the applicationContext.xml file to use > wss:// with secure port, but the OM raised an error message saying the > media server is inaccessible. What is the porblem? > > > I can't say from this description > you have to check > 1) KMS logs > 2) KMS URL (i guess port will be different in case of wss) > 3) OM logs > 4) browser console logs and/or browser's WebRTC debugging tools > > > > > > > بتاريخ الخميس، 16 تموز 2020 3:26:25 ص غرينتش+2، Maxim Solodovnik < > [email protected]> كتب: > > > > > On Tue, 14 Jul 2020 at 13:31, Online Use <[email protected]> > wrote: > > I installed KMS using podman not docker, I can't find the configuration > file path you mentioned, where could it be located? > > > Unfortunately I can't help here > I neve use podman > > > > So the steps are to edit the kurento.conf.json to enable secure > connection, then to edit the applicatonContext.xml file to use wss// > instead of ws:// in Kurento url, right? > > > most probably you will need to create certificate for KMS (never did it > myself, so you will have to experiment here) > > > > > In a previous reply you mentioned that: > In WebRTC tunneling is made by front-end proxy (the config is not trivial) > OR with TURN server if user is behind strict FW > > So how to enable WebRTC tunneling with TURN server? > > > TURN server was designed fo unhide user IP address (so tunneling is not > necessary) > Or to proxy WebRTC > So it will work out-of-the-box > > > > بتاريخ الثلاثاء، 14 تموز 2020 4:21:54 ص غرينتش+2، Maxim Solodovnik < > [email protected]> كتب: > > > > > On Mon, 13 Jul 2020 at 14:11, Online Use <[email protected]> > wrote: > > I tried using wss:// protocol in Kurento url in the ApplicationContext.xml > file, but in this case the media server wasn't accessible. So how the wss > protocol is supposed to be used? > > > You have to configure KMS to be secured BEFORE you you will made changes > to applicationContext.xml > > please check /etc/kurento/kurento.conf.json > And official KMS documentation > > > > Also how to configure tunneling with the TURN sever? > > Thank you. > > > بتاريخ الاثنين، 13 تموز 2020 6:55:48 ص غرينتش+2، Maxim Solodovnik < > [email protected]> كتب: > > > > > On Sun, 12 Jul 2020 at 23:46, Online Use <[email protected]> > wrote: > > Excuse me, but what is wss? > > > You can easily google this > WSS is secured version of WS > both WS and WSS are protocol prefix for WebSockets > > > > Will SSL and wss provide tunneling of audio and video streaming like RTMPS? > > > RTMPS doesn't provide tunneling, you need RTMPTS for tunneling > And NO > In WebRTC tunneling is made by front-end proxy (the config is not trivial) > OR with TURN server if user is behind strict FW > > > > Don't you have any plans for including red5 and RTMPS in future releases? > What is the alternative technology? > > > NO > RTMP if part of Adobe Flash which is discontinued > This is why we have moved from RTMP to WebRTC > > > Thanks. > > > بتاريخ الأحد، 12 تموز 2020 3:36:57 م غرينتش+2، Maxim Solodovnik < > [email protected]> كتب: > > > RTMP/RTMPT/RTMPS is for 4.0.x only > for 5.0.x+ you need to secure KMS i.e. set up certificate and use wss :)) > > On Sun, 12 Jul 2020 at 13:48, Online Use <[email protected]> > wrote: > > Hello, > > Is RTMPS enabled by default once SSL is implemented? > > I know red5 is not supported for M4 release, but how to enable RTMPS for > audio/video encryption? > > I understand red5 is only needed for IP telephone not for PC voip, is that > correct? > > > > -- > Best regards, > > Maxim > > > > -- > Best regards, > Maxim > > > > -- > Best regards, > Maxim > > > > -- > Best regards, > Maxim > > > > -- > Best regards, > Maxim > -- Best regards, Maxim
