I have a coturn issue with my AWS openvidu - server - kurento deployment. I need help

Hello.

I am making a webRTC based video conferencing application.
While looking for various materials, I found openvidu, which has a well-guided guide, and there are some issues in the process.

First, I followed the v2.19.0 version guide document to deploy to AWS.
->> https://docs.openvidu.io/en/2.19.0/deployment/ce/aws/

Deployed to AWS with the SELF-SIGNED CERTIFICATE method following those instructions, and it was handled correctly.( A basic application, openvidu-call, is included. )

https://docs.openvidu.io/en/2.19.0/tutorials/openvidu-mvc-java/

In addition, I tested the application made with Spring-boot by following the link above. So, there are currently an instance (A) where openvidu server is deployed and an instance (B) where Spring-boot application is deployed.

Currently, instance B is authenticated with a certificate issued by AWS and is serviced as https, and operates on port 5442 tomcat.

I completed the configuration of the security group so that each instance can be connected, and tested whether each instance communicates with each other by pinging.

Everything seemed to be going smoothly, but it wasn’t.
In the Spring Boot application, when starting a video conference after logging in, there was a problem that the socket was not connected.

The openvidu server side log looks like this:

No processing after Coturn message.


But, by chance, I have identified a situation that is difficult to understand.


If you run the call application provided by default on the openvidu server (instance A) and connect, the device with the above issue is connected correctly in the call application.

And after accessing the call application, if you access the Spring boot application of instance B, the socket connection is correct. And working well.

I don’t know if it’s a problem with allowed ports, so I set up a security group to open all ports used.

Instance A’s openvidu server does not have ssl applied. Maybe this is the problem?

webRTC , kurento, openvidu etc … The knowledge related to these is so lacking, the question seems to be quite difficult and insincere. I am so sorry. I tried to find and solve a lot of data on my own, but there was no result, so I asked this question. Please don’t think too badly and if you can give me a little help so that I can solve this problem, I will be very very grateful and will not forget it. thank you.

The problem is due to using self-signed certicates in OpenVidu deployment. You should have a domain and use real certificates (they are free using Lets Encrypt).

If you use a self-signed certificate in OpenVidu server you should go to OpenVidu server first and accept the certificate in your browser. Then you can open another app using that OpenVidu server without issues.

So, you will need a real certificate in a real domain to avoid the issue or deploy your application in the same server than OpenVidu.

Regards

First of all, thank you very much for your reply.
I was very happy to think that it could be solved because I expected that there would be a problem.

As explained, I just want to ask a few more questions before I go into action. This is pure curiosity, and also because I want to be sure before I start working on it.

I’m attaching some pictures because I think the explanation was not enough.

The picture above is the current state of the instance I have configured.

In picture A , if you try to access the “red root” in this state, the connection will not be correct as in the issue in the main text.

However, as shown in the picture B, the connection is completed after the Coturn message by first trying to connect with the orange route. And if you try to connect again with the purple route, the device’s browser will connect correctly.

In summary, the cause of this problem is that the method of configuring the openvidu server that I followed was a method that could not be approached correctly, so the instance configuring the openvidu server must be reconfigured using the Let’s Encrypt method instead of self-signing. Is my understanding correct ?

Thank you so much for replying again!

++
I’m sorry. There is a media item registration issue, so I’m uploading a photo separately.

Picture A

Picture B

Oh my gosh, thank you so much. As directed, I have created a new openvido server stack and it works successfully. Thank you so much! You must be blessed.