Set Up Stream Manager as SSL Proxy (for publishing/subscribing via WebRTC)

WebRTC publishing requires a valid SSL certificate. Because of the nature of autoscaling, it is impractical to install an SSL certificate on each origin server.

the problem:


To address this, we have implemented the option of using the Stream Manager as an SSL proxy for WebRTC. The proxy communication layer allows for publishing and subscribing using secure WebSockets via the Stream Manager.

the solution:



The Stream Manager uses Tyrus Client to establish a connection to the remote server internally. Once the user is connected to the Stream Manager WebSocket channel and the Tyrus Client is connected to the remote server, the proxy channel is said to be established.

All the data from the browser client is offloaded to the Tyrus Client, and the reverse is done for responses received from the host server.

The WebSocket layer is primarily used for relaying ICE Candidates, SDP, Status and Error messages between the browser client and the Red5 Pro node (edge/origin).