Do I have the wrong ports open for mediasoup?

Question

I'm trying to launch this on AWS Ubuntu.

It works fine under Chrome on localhost. (There was an issue with Firefox, hopefully running remotely with HTTPS will make the problem disappear. But that's unrelated to this question.)

I opened the ports that are specified on readme.MD using the AWS console (inbound TCP to port 3000, inbound UDP to ports 40000-49999, all outgoing traffic is allowed.)

Then adapted config.json to:

module.exports = {
  // http server ip, port, and peer timeout constant
  //
  httpIp: "0.0.0.0",
  httpPort: 3000,
  httpPeerStale: 15000,

  // ssl certs. we'll start as http instead of https if we don't have
  // these
  sslCrt: "local.crt",
  sslKey: "local.key",

  mediasoup: {
    worker: {
      rtcMinPort: 40000,
      rtcMaxPort: 49999,
      logLevel: "debug",
      logTags: [
        "info",
        "ice",
        "dtls",
        "rtp",
        "srtp",
        "rtcp",
        // 'rtx',
        // 'bwe',
        // 'score',
        // 'simulcast',
        // 'svc'
      ],
    },
    router: {
      mediaCodecs: [
        {
          kind: "audio",
          mimeType: "audio/opus",
          clockRate: 48000,
          channels: 2,
        },
        {
          kind: "video",
          mimeType: "video/VP8",
          clockRate: 90000,
          parameters: {
            //                'x-google-start-bitrate': 1000
          },
        },
        {
          kind: "video",
          mimeType: "video/h264",
          clockRate: 90000,
          parameters: {
            "packetization-mode": 1,
            "profile-level-id": "4d0032",
            "level-asymmetry-allowed": 1,
            //                        'x-google-start-bitrate'  : 1000
          },
        },
        {
          kind: "video",
          mimeType: "video/h264",
          clockRate: 90000,
          parameters: {
            "packetization-mode": 1,
            "profile-level-id": "42e01f",
            "level-asymmetry-allowed": 1,
            //                        'x-google-start-bitrate'  : 1000
          },
        },
      ],
    },

    // rtp listenIps are the most important thing, below. you'll need
    // to set these appropriately for your network for the demo to
    // run anywhere but on localhost
    webRtcTransport: {
      listenIps: [
        { ip: "172.3.-.-", announcedIp: "18.255.8.87" },
        // { ip: "192.168.42.68", announcedIp: null },
        // { ip: '10.10.23.101', announcedIp: null },
      ],
      initialAvailableOutgoingBitrate: 800000,
    },
  },
};

Using values I found on the AWS console: (can't copy/paste this)

Subscribing to video isn't working as seen here: (can't copy/paste this)

(After a while Chrome's console reads mediasoup-client:Transport connection state changed to disconnected +17s)

It looks to me as if I need to open an additional port or two, I'm not sure which one(s) though.

I would be very grateful for some help. Thank you in advance... :)

Please post code, errors, sample data or textual output here as plain-text, not as images that can be hard to read, can’t be copy-pasted to help test code or use in answers, and are barrier to those who depend on screen readers or translation tools. You can edit your question to add the code in the body of your question. For easy formatting use the `{}` button to mark blocks of code, or indent with four spaces for the same effect. The contents of a **screenshot can’t be searched, run as code, or copied and edited to create a solution.** — tadman, Mar 12 '21 at 21:45
That mediasoup thing takes an above-average amount of server rigging to make it work. — O. Jones, Mar 14 '21 at 00:00

O. Jones · Accepted Answer · 2021-03-15T12:24:59.137

3

What's up with this?

listenIps: [
        { ip: "172.3.-.-", announcedIp: "18.255.8.87" },

Try putting the public IP of your EC2 in ip, and set announcedIp to null.

Or, do what I did here because I got sick of fiddling that config.js setting.

function getListenIps () {
  const listenIps = []
  if (typeof window === 'undefined') {
    const os = require('os')
    const networkInterfaces = os.networkInterfaces()
    const ips = []
    if (networkInterfaces) {
      for (const [key, addresses] of Object.entries(networkInterfaces)) {
        addresses.forEach(address => {
          if (address.family === 'IPv4') {
            listenIps.push({ ip: address.address, announcedIp: null })
          }
          /* ignore link-local and other special ipv6 addresses.
           * https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
           */
          else if (address.family === 'IPv6' 
                   && address.address[0] !== 'f') {
            listenIps.push({ ip: address.address, announcedIp: null })
          }
        })
      }
    }
  }
  if (listenIps.length === 0) {
    listenIps.push({ ip: '127.0.0.1', announcedIp: null })
  }
  return listenIps
}

And, be aware that WebRTC can connect with TLS on ports other than the mediasoup web server port.

edited Mar 15 '21 at 12:24

answered Mar 13 '21 at 23:58

O. Jones

103,626
17
118
172

The readme says `Make a listenIps entry with ip set to the instance's private IP address, and announcedIp set to the instance's public IPv4 address.` what I tried to do, why have you set announcedip to null? I'll try and run this and let you know the result. MS seemed more straight-forward than Janus. Thanks for your help :) – harry young Mar 14 '21 at 11:56
1

I had to fool around trying different things for a long time. I'm telling you what worked for me. – O. Jones Mar 14 '21 at 12:00
Firstly, thanks very much for the effort that you put in here! I'm using your GitHub config.js file, it looks much better, and, naturally, using dotenv is a much better idea. I hadn't gotten to that part, yet, I just wanted to get it working, remotely. Unfortunately, it still isn't working. I typed Navigator.madiaDevices.getUserMedia() and the console logged 'undefined' which indicates to me that it's probably because of self-signed certificates, after all. I made this conclusion previously and assumed I was wrong, because I am, technically using HTTPS. – harry young Mar 14 '21 at 19:52
Your adjustment of the cert and key file extensions threw me a little, but according to [this article](https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files) I can just rename the .crt and .key to .pem - is that correct? I'll try to set up a trusted cert and see if the app functions correctly. Thanks again and best regards. – harry young Mar 14 '21 at 19:52
Please would you tell me why you altered the value of initialAvailableOutgoingBitrate? – harry young Mar 14 '21 at 21:30
1

I'm a digital video old-timer. I'm working on a mobile-friendly talking-heads application, where peoples' faces appear in little windows: 352x288, also known historically as CIF resolution. It's efficient because it uses an integral multiple of 16x16 macroblocks. The point of my fork of mediasoup-sandbox is to figure out how low I can push the bandwidth and decoding power consumption without wrecking the user experience. That's why **I** messed with the bandwidth. Your mileage will vary. – O. Jones Mar 15 '21 at 12:22
Ah right, thanks. You mentioned that mediasoup takes a lot of server rigging to make it work. Comparatively with Janus, I didn't think so, but you know more than I do. Anyway, I read a [paper](https://mediasoup.org/resources/CoSMo_ComparativeStudyOfWebrtcOpenSourceSfusForVideoConferencing.pdf) that convinced me to use mediasoup. – harry young Mar 15 '21 at 12:35
I'm having [this nightmare](https://stackoverflow.com/questions/66631382/why-doesnt-npx-rollup-work-in-heroku-start-script) pushing to Heroku and imagine it'd be a quick fix for somebody who actually knows what they are doing. If you have a spare moment, would you please take a look? It isn't getting many views. – harry young Mar 15 '21 at 12:40
"And, be aware that WebRTC can connect with TLS on ports other than the mediasoup web server port." - yes I did guess that, I'm not sure how to establish the ports that need to be opened as webrtc TCP connection ports don't seem to be standardised. Any tips for figuring that out? – harry young Mar 15 '21 at 13:01
1

I don't think Heroku Web Dynos are good for this, because their firewall is too rigid. Same issue with AWS EC2. I used a small Digital Ocean droplet for my tests. If we decide to go forward with it, we can work out the port-security configuration needed for AWS or Azure. I read the same paper. – O. Jones Mar 15 '21 at 13:16
Let's move this to [chat](https://chat.stackoverflow.com/rooms/229937/mediasoup-deploy) – O. Jones Mar 15 '21 at 13:29

score 1 · Answer 2 · answered Jul 06 '21 at 17:45

I was facing the same issue, the following things helped me getting it to work:

1.) Make sure the UDP ports defined in config.json file (by default 4000-4999) are allowed in the security group used for your EC2 instance and the firewall of the OS (in case of Ubuntu it's ufw). For enabling the ports on ubuntu, you can use sudo ufw allow 4000:4999/udp.

2.) For listenIps, use [{ ip: "0.0.0.0", announcedIp: process.env.ANNOUNCED_IP }] where ANNOUNCED_IP env variable is equal to the Public IPV4 address of the EC2 instance.

Do I have the wrong ports open for mediasoup?

2 Answers2

Linked