|
| 1 | +# Deploying |
| 2 | + |
| 3 | +Deploying WebRTC applications can be cumbersome. |
| 4 | +Here are a few details you should keep in mind when trying to push your project into production. |
| 5 | + |
| 6 | +## Allow UDP traffic in your firewall |
| 7 | + |
| 8 | +In most cases, WebRTC uses UDP to exchange audio and video data. |
| 9 | +Therefore, you have to allow UDP traffic in your firewall. |
| 10 | +In Linux-based systems that use `ufw`, you can do this with the following command: |
| 11 | + |
| 12 | +```sh |
| 13 | +ufw allow 50000:60000/udp |
| 14 | +``` |
| 15 | + |
| 16 | +Our ICE implementation, by default, uses an ephemeral port range, so it might vary depending on your operating system. |
| 17 | +However, you can specify an exact port range that ICE will use when creating a new peer connection, e.g.: |
| 18 | + |
| 19 | +```elixir |
| 20 | +PeerConnection.start_link(ice_port_range: 50_000..60_000) |
| 21 | +``` |
| 22 | + |
| 23 | +## Allow TCP traffic in your firewall |
| 24 | + |
| 25 | +In some cases, when ICE really cannot find a UDP path, it may fall back to a TCP connection. |
| 26 | +However, since our ICE implementation does not support TCP yet, you don't need to take any extra steps here :) |
| 27 | + |
| 28 | +## Export ports in your Docker container |
| 29 | + |
| 30 | +If you are running your application using Docker, we recommend using the `--network host` option. |
| 31 | +If that's not possible (e.g. you are running on macOS), you have to manually export the ports used by ICE, e.g.: |
| 32 | + |
| 33 | +``` |
| 34 | +docker run -p 50000-50010/udp myapp |
| 35 | +``` |
| 36 | + |
| 37 | +Keep in mind that exporting a lot of ports might take a lot of time or even cause the Docker daemon to timeout. |
| 38 | +That's why we recommend using host's network. |
| 39 | + |
| 40 | +## Choose your cloud provider wisely |
| 41 | + |
| 42 | +Many cloud providers do not offer good support for UDP traffic. |
| 43 | +In such cases, deploying a WebRTC-based application might be impossible. |
| 44 | +We recommend using bare machines that you can configure as you need. |
| 45 | + |
| 46 | +## Enable HTTPS in your frontend |
| 47 | + |
| 48 | +The server hosting your frontend site must have HTTPS enabled. |
| 49 | +This is a requirement for accessing the user's microphone and camera devices. |
| 50 | +Not using HTTPS on addresses different than localhost will result in `navigator.mediaDevices` being `null`. |
| 51 | + |
| 52 | +## Proxy WebSocket connections |
| 53 | + |
| 54 | +WebSockets are a common option for the signalling channel. |
| 55 | +If you are using a reverse-proxy like nginx, to make your WebSocket connections work, |
| 56 | +you have to preserve the original (client) request headers. |
| 57 | +In other words, you need to add the following lines to your endpoint handling websocket connections configuration: |
| 58 | + |
| 59 | +``` |
| 60 | +proxy_http_version 1.1; |
| 61 | +proxy_set_header Upgrade $http_upgrade; |
| 62 | +proxy_set_header Connection "upgrade"; |
| 63 | +``` |
| 64 | + |
| 65 | +Read more [here](https://nginx.org/en/docs/http/websocket.html). |
| 66 | + |
| 67 | +## Configure STUN servers |
| 68 | + |
| 69 | +If you are deploying your application behind a NAT, you have to configure a STUN |
| 70 | +server that will allow it to discover its public IP address. |
| 71 | +In Elixir WebRTC this will be: |
| 72 | + |
| 73 | +```elixir |
| 74 | +PeerConnection.start_link(ice_servers: [%{urls: "stun:stun.l.google.com:19302"}]) |
| 75 | +``` |
| 76 | + |
| 77 | +Google's STUN server is publicaly available, but keep in mind that you depend on |
| 78 | +someone else's infrastructure. |
| 79 | +If it goes down, you can do nothing about it. |
| 80 | +To avoid that, you would need to host your own STUN server. |
| 81 | +Keep in mind, that TURN servers are also STUN servers so if you have already TURN deployed, |
| 82 | +you don't need to specify additional STUN servers. |
| 83 | +And as a TURN server, you can always use our [Rel](https://github.com/elixir-webrtc/rel)! |
| 84 | + |
| 85 | +## Configure TURN servers |
| 86 | + |
| 87 | +If your application is deployed behind a very restrictive NAT, which should be very rare (e.g. a symmetric NAT), |
| 88 | +you will need to configure a TURN server. |
| 89 | +In most cases, TURN servers are needed on the client side as you don't have any control |
| 90 | +over a network your clients connect from. |
| 91 | +For testing and experimental purposes, you can use our publicly available TURN called [Rel](https://github.com/elixir-webrtc/rel)! |
0 commit comments