nginxwebrtcjwilder-nginx-proxyjanus-gateway

How can I set up a reverse proxy for the Janus REST api and socket api in Nginx?


I have a Janus Gateway which exposes a REST api on port 8088. The web socket transport is also enabled on my janus server on port 8188. I have an Nginx reverse proxy set up for https traffic to reach my Janus server. How do I add wss support to my Nginx reverse proxy? Here is my config file "janusserver5.example.com" in nginx/sites-available:

server {
    server_name   janusserver5.example.com;
    location / {
        proxy_pass         http://10.10.30.27:8088;


        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/janusserver5.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/janusserver5.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = janusserver5.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name   video518.doctogether.com;
    listen 80;
    return 404; # managed by Certbot


}

Solution

  • By default, the Janus REST api is at the /janus endpoint. To allow Nginx to proxy for the web socket and REST interfaces, create a location entry for /janus that passes to http://yourip:8088/janus and a second one for / that passes to http://yourip:8188.

    server {
    server_name   janusserver5.example.com;
    location /janus {
       proxy_pass         http://10.10.30.20:8088/janus;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
    
    location / {
        proxy_pass        http://10.10.30.20:8188;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    
    
        # WebSocket support
        proxy_set_header Connection "upgrade";
        proxy_read_timeout  90;
    }
    
    
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/janusserver5.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/janusserver5.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
    }
    
    server {
        if ($host = janusserver5.example.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
    
    
        server_name   janusserver5.example.com;
        listen 80;
        return 404; # managed by Certbot
    
    
    } 
    

    With this configuration I can now connect to https://janusserver5.example.com/janus/info, and wss://janusserver5.example.com with protocol "janus-protocol"