I have gotten myself a strange issue that I am not sure I understand enough to figure out. Hopefully I will figure it out while writing this post, but if that doesn’t happen, thanks for reading.
It seems I am unable to connect webrtc transports when hosting my mediasoup-powered webapp with an aws s3 bucket/cloudfront.
I build my application, upload it to the s3 bucket, and distribute it globally via cloudfront. The signaling server is its own ec2 instance. The mediasoup server is also a separate ec2 instance. The issue arises when producing data or media to the mediasoup server from the client. Maybe a little more clearly: – client gets webapp from cloudfront/s3, client to signaling server for signaling dialog, and client to mediasoup servers for media exchange, according to what signaling tells client to do. This arrangement fails to connect to mediaservers, or even try ice candidates.
However, if I build the webapp on the signaling server itself and use the signaling server as the host for the webapp, everything works as expected.
If i build my webapp locally, and point my signaling to the signaling server, everything connects and works as expected.
This leads me to think that something am overlooking in the cloudfront/s3 or possibly the network handling mediasoup does. For instance, is there anything comparable to CORS headers that mediasoup client would need to communicate media to a server other than what it gets signaling from? I imagine this would be not the case because I pass the signaling from the mediasoup server back to the client untouched, so I think that would not matter but I don’t know it. Maybe there is something in the dtls fingerprints or some other value that gets generated client side by what domain you are currencly on or… guessing at that point.
When setup on the cloudfront/s3 bucket fails, I do indeed get ice parameters back with the correct IP of the mediasoup server with correct ports. And from what i read in the interface about:webrtc it has not even tried the ice(lite) candidates it gets in the offer/answer exchange. I do get the produce event on the client transport, and send up connection params to the mediasoup server and it returns an ID which is given to the produce callback. But… no dice on the client successfully connecting the transport. Ice/stun failure.
I am have also tried this with and without a paid-for stun/turn server, and it does not change the results.
My announce IP in the mediasoup config is set to the public IP of the aws server that mediasoup is running on and the local IP is the local interface address of the ec2 instance (local ipv4 address).
Does anyone know why I would get correct ice-lite in my sdp, but the client would not attempt to connect to them? I would hope to see all failed tries of the ice candidates at least…