Wowza Community

WebRTC streaming with Cert in NLB

Hi, I’m trying to playback an rtmp stream on my Wowza instance via webRTC, but running into some issues.

I’ve got my Wowza configured behind an NLB in AWS, and this NLB is configured with an SSL cert.
I have TLS:443 forwarding to the wowza server, but when I use this test page, and enter ‘wss:///webrtc-session.json’, it hangs for a long time, and then simply says the wss connection failed in the console.
As I’m not using a Streamlock cert (as I’m managing the cert at the LB level), when I was doing the virtual host setup, I just entered ‘/’ for both the keystore path & password, as it wouldn’t accept blank. Perhaps that is the issue.

Please help me resolve this issue.
Thank you kindly.

The standard way to do SSL offloading via load balancer is to use application load balancer and create a HTTPS (secure) to HTTP (unsecure) rule. Just curious why you are using a NLB here?

Also if you absolutely must use NLB you have to explain the port configurations and all the forwarding rules. I just entered ‘/’ for both the keystore path & password, as it wouldn’t accept blank. Perhaps that is the issue. - This might be the issue. Normally if you are using SSL offloading you wont have a keystore and password configuration locally.

1 Like

Understood. I’m using NLB out of habit I guess, I can switch to ALB and see if there is a difference. Concerning port configuration, I simply had TLS:443 forwarding to 443 on the Wowza server, as mentioned in the original post.
Concerning the keystore & password: What is the expected setup if one wants to terminate SSL at the LB? We can’t leave them blank, so what do we do in this case?

Unfortunately I could not find a reference article on this. But based on what I have working in other software, you should have a listener on https port (443) of lb which should forward to normal unsecure (http) port of the server. You should not be configuring keystore password etc etc.

But don’t I need to put something in the keystore & password fields in order to enable webRTC?
Or is that just for the streaming, and playback is enabled by default anyway?

WebRTC mainly requires secure origin. Keystore and password are part of configuring ssl on a java based server like wowza. However playback and ssl are still two different things. If you use ssl offload via load balancer you shouldn’t have to worry about configuring ssl on the wowza instance yourself. Additionally if you use via local host I believe you should even have need ssl to test WebRTC publish and playback.