We haven't had any news since a couple of days. We've requested to have access to a live demo, to check their code, to see if there's something wrong. Also, there were some deployment issued that should be fixed by now, but we don't know the status of that. I'm attaching the thread, and Andrea Maestrini is also aware (cc-ed)
>>>>>>>>>>>>>>>>>>>>>>>
Hi Robert, did you check the logs?
Ivan Gracia
On Mon, May 30, 2016 at 5:14 PM, Ivan Gracia <igracia@kurento.org> wrote:
If it fails, it is because the WSS is not correctly enabled in the media server. Could you please check the logs?
Ivan Gracia
On Mon, May 30, 2016 at 4:42 PM, Robert Nolan <robert@vbot.tv> wrote:
I had already tried visiting https://40.113.159.166:8433/kurento but the connection fails. I also read the documentation in full and followed it, I am using a signed-certificate so according to the documentation all that is required is editing the config file, which I have done.
On Mon, May 30, 2016 at 3:31 PM, Ivan Gracia <igracia@kurento.org> wrote:
It doesn't matter if it's your own code or the tutorials. If you are using JS, you need to access the url of the KMS and accept also the WSS certificates there. Just visit this address https://40.113.159.166:8433/kurento
Also, it seems like WSS is not correctly configured. Please read the documentation on that. In there, apart from how to configure the secure websocket port, it says this
Browser applications: You’ll need to manually accept the certificate as trusted one before secure WebSocket connections can be established. By default, this can be done by connecting to connecting to https://localhost:8433/kurento and accepting the certificate in the browser.
Do read carefully the documentation, or this process can be endless.
I can't help you with Azure, sorry! In any case, UDP ports are closed there. Unless you don't figure that out, it will never work. Again, let me encourage you to move your solution to the FIWARE lab, which is a more friendly environment. You'll also get the images there for KMS.
P.S. I'm adding Andrea to the conversation so he's aware of the progress. I forgot to do that earlier.
Ivan Gracia
On Mon, May 30, 2016 at 4:16 PM, Robert Nolan <robert@vbot.tv> wrote:
I'm never asked to accept the certificates. I'm not sure if we'll be able to move away from Azure, I'll have to discuss that with my colleagues. I'm no longer using the JS tutorials, that error message is from our own JavaScript implementation but I've run the Java hello-world example and it also fails with the following error:
[KurentoClient] Error sending heartbeat to server. Exception: [KurentoClient] Exception connecting to WebSocket server wss://40.113.159.166:8433/kurento
On Mon, May 30, 2016 at 3:06 PM, Ivan Gracia <igracia@kurento.org> wrote:
Did you accept the certificates in the browser? You need to connect to the KMS url through the secure port to accept those.
For making your life incredibly easier I would suggest:
Running from Azure: it might be cheaper, but cheaper means shittier. Managing ports is hell there. You are with FIWARE, use the FIWARE-lab!
Don't use the JS tutorials. You'll keep forgetting that you need to accept the certificates for WSS in your browser too.
Cheers,
Ivan Gracia
On Mon, May 30, 2016 at 4:03 PM, Robert Nolan <robert@vbot.tv> wrote:
Hi Ivan,
I've tried to connect to the correct port but the connection is denied:
WebSocket connection to 'wss://40.113.159.166:8433/kurento' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
I have the secure port set in the config file on the kms machine to 8433 and a cert is provided. I've tried to run the Hello-world Java example and it fails also. Any idea what the problem might be?
On Thu, May 26, 2016 at 11:26 AM, Ivan Gracia <igracia@kurento.org> wrote:
The port is different. Check the documentation to see which configuration you have to change.
Ivan Gracia
On Thu, May 26, 2016 at 12:25 PM, Robert Nolan <robert@vbot.tv> wrote:
I'll try to get a demo available to you shortly. Maybe you could help me with securing the kms also? I have added a certificate to /etc/kurento/kurento.conf.json but I cannot connect, I get the following error -
WebSocket connection to 'wss://40.113.159.166:8888/kurento' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED
The platform on which they are deploying does not allow to open a range of UDP ports. Since media goes through UDP, there's not much more we can do, except advise them to switch to a more friendly platform. We've provided the developers with a guide on how to open port ranges in Azure, that we had for internal use based on some 2 year old experiments.
I don't see there's much more we can do to help them, as we have no control over the virtualisation provider the server is deployed in. I will proceed and close the issue, and will open it again should we get more info on the matter.
Here are the remaining messages exchanged.
>>>>>>>>>>>>>>>>>>>
Hi Robert,
If there's nothing else we can help you with, I will proceed to close the issue in JIRA. Please do let me know!
Cheers,
Ivan Gracia
On Thu, Jun 2, 2016 at 11:10 AM, Robert Nolan <robert@vbot.tv> wrote:
I had already checked the line endings and the certificate does have the correct header and footer so unfortunately that's not the problem. I will remove Coturn and try limiting the ports in the BaseRtpEndpoint.conf.ini file instead. Thanks for the pdf, I will have a look at it and see if we can get the full range of ports opened.
On Thu, Jun 2, 2016 at 9:49 AM, Ivan Gracia <igracia@kurento.org> wrote:
It got attached twice, sorry!
Check also if your certificate has these lines
----
BEGIN CERTIFICATE----your certificate goes here
----
END CERTIFICATE----Ivan Gracia
On Thu, Jun 2, 2016 at 10:38 AM, Ivan Gracia <igracia@kurento.org> wrote:
Strange about the certificate. I've done some searching, and there might be the possibility that the certificate got "corrupted" if you opened it in windows. Check this Stackoverflow answer, to see if that was the case.
Limiting the number of ports can be done by setting the maximum and minimum values in /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini. I would left Coturn out of the equation for now, as it's another thing that can go wrong
In any case, your main issue is getting those ports open. Just in case it helps, this is a test I did with Azure a couple of years ago, and managed to get all ports open. You can't do it in their console, though. It's crap!
Ivan Gracia
On Thu, Jun 2, 2016 at 10:20 AM, Robert Nolan <robert@vbot.tv> wrote:
Hi Ivan,
Yes I checked the logs, there was a permissions error regarding the cert. Got that sorted but it I hit a "no start line" error for the cert itself which I couldn't resolve. I removed ssl altogether for the time being and set up Coturn on the server so I could limit the number of ports as opening the required number of ports is just not possible but it is not behaving as expected.
On Wed, Jun 1, 2016 at 2:36 PM, Ivan Gracia <igracia@kurento.org> wrote:
By the way, if you are using a Java or Node.js tutorial, you don't need to secure the WSS connection. You can connect directly to ws://40.113.159.166:8888/kurento and no need to do anything with certificates.
Ivan Gracia