webrtc - How can I set up a reverse proxy for the Janus REST api and socket api in Nginx?

Question

I have a Janus Gateway which exposes a REST api on port 8088. The web socket transport is also enabled on my janus server on port 8188. I have an Nginx reverse proxy set up for https traffic to reach my Janus server. How do I add wss support to my Nginx reverse proxy? Here is my config file "janusserver5.example.com" in nginx/sites-available:

server {
    server_name   janusserver5.example.com;
    location / {
        proxy_pass         http://10.10.30.27:8088;


        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/janusserver5.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/janusserver5.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = janusserver5.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name   video518.doctogether.com;
    listen 80;
    return 404; # managed by Certbot


}

question from:https://stackoverflow.com/questions/65852228/how-can-i-set-up-a-reverse-proxy-for-the-janus-rest-api-and-socket-api-in-nginx

Answer 1

By default, the Janus REST api is at the /janus endpoint. To allow Nginx to proxy for the web socket and REST interfaces, create a location entry for /janus that passes to http://yourip:8088/janus and a second one for / that passes to http://yourip:8188.

server {
server_name   janusserver5.example.com;
location /janus {
   proxy_pass         http://10.10.30.20:8088/janus;
    proxy_http_version 1.1;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection keep-alive;
    proxy_set_header   Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
}

location / {
    proxy_pass        http://10.10.30.20:8188;
    proxy_http_version 1.1;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection keep-alive;
    proxy_set_header   Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;


    # WebSocket support
    proxy_set_header Connection "upgrade";
    proxy_read_timeout  90;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/janusserver5.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/janusserver5.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = janusserver5.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name   janusserver5.example.com;
    listen 80;
    return 404; # managed by Certbot


} 

With this configuration I can now connect to https://janusserver5.example.com/janus/info, and wss://janusserver5.example.com with protocol "janus-protocol"