Signaling server WebRTC 2.0 usage

To use the WebRTC 2.0 signaling server in a production environment, it is necessary to set up secure HTTPS communication using your own SSL certificates. Although the Docker image includes self-signed certificates for testing purposes, these are not suitable for production use and should be replaced.

This article explains what kind of certificates are required, how to validate them using the openssl tool, and how to properly configure the signaling server, including changing the default port.

Required SSL Certificates

By default, the Docker image provides self-signed certificates for test purposes. However, when deploying in production, you must replace them with your own trusted certificates.

The following certificate files are required (all in PEM format):

• privkey.pem – Private key (without the certificate)
• cert.pem – Domain certificate only (without CA or intermediate certificates)
• chain.pem – Intermediate and root CA certificates (excluding your main certificate)
• fullchain.pem – Combined full certificate chain (your certificate + intermediate + root CA)

These files must be placed in the /etc/ssl directory. This is the default path expected by the Docker image.

Validating SSL Certificates

To verify the correctness of your certificates, we recommend using the openssl tool. Below are the most common commands used for validation:

# Check private key openssl rsa -in privkey.pem -check -noout # Check certificate openssl x509 -in cert.pem -text -noout # Check certificate chain openssl crl2pkcs7 -nocrl -certfile chain.pem | openssl pkcs7 -print_certs -noout # Check full certificate chain openssl crl2pkcs7 -nocrl -certfile fullchain.pem | openssl pkcs7 -print_certs -noout 

Installing and Running the Signaling Server

Once your certificates are ready, follow these steps to install and start the WebRTC 2.0 signaling server:

1. Download the Docker image for the WebRTC 2.0 signaling server.
2. Unzip the archive to any location where you want the server files to reside.
3. Navigate to the folder containing the docker-compose.yml file.
4. Place your SSL certificates (privkey.pem, cert.pem, chain.pem, and fullchain.pem) into the /etc/ssl folder.
5. Make sure TCP port 8080 is available and open to the public on your server.

Changing the Default Port

By default, the signaling server uses TCP port 8080 for all connections. You can change this to another port by modifying the configuration files as follows:

1. Open the file:
   %your_server_folder%\videosdk-bundle-1.0.1.1.external.docker\public-api-endpoint\etc\public-api-endpoint\conf.d\30_public_api_endpoint.conf
2. Find the server block and update the port:

   server { listen 8080 ssl; ... }

3. Open the docker-compose.yml file and change all 8080 references to your new port number.

Starting the Server

After configuring the certificates and ports, use the following commands to build and start the server:

docker compose build docker compose up -d 

After successful execution, the WebRTC 2.0 signaling server will be running with your configured certificates and settings.

If everything is set up correctly, the signaling server will establish secure HTTPS connections and be ready for production use.