Secure Websockets for Janus / WebRTC

ssciberras · June 10, 2025, 7:33pm

1. The problem I’m having:

I am developing a videostreaming system, using a raspberry pi with a webcam as the source of video. Another computer is serving a Janus WebRTC server (in a docker), using websockets as the means of communication. On the same computer, I have Caddy installed in a separate docket, to act both as a reverse proxy, and as a webserver.

So far I am using the same computer to test, using both localhost and 192.168.1.133 in order to observe how it works. In the future, I plan to move everything to a separate Proxmox box.

I have managed to settle the webserving, including using a domain by duckdns. Before using caddy, everythign worked on localhost with http, but now moving on to https, I resorted to Caddy (as otherwise, webRTC will not work). unfortunately, now I am running in problems, the latest unresolved being that I have to use wss: rather. than ws: as otherwise, it will not work.

However, with secure websockets, I cannot get a connection between the local pc and the Janus server through caddy.

I have tried:

removing port from calling js script
using ws:
using *****.duckdns.org domain, with or without port specified
using a separate port, to redirect from 8189 → 8188

2. Error messages and/or full log output:

No Caddy logs relevant, including using Debug
From Chrome: janus.js:107 WebSocket connection to ‘wss://192.168.1.133:8188/’ failed:

3. Caddy version:

Caddy v 2.10.0 in Docker.

4. How I installed and ran Caddy:

a. System environment:

b. Command:

Docker, from https://hub.docker.com/_/caddy

c. Service/unit/compose file:

caddy:
image: caddy:2.10.0
restart: unless-stopped
cap_add:
- NET_ADMIN
ports:
- “80:80”
- “443:443”
- “443:443/udp”
- “8123:8123”
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- web_data:/usr/share/caddy
- caddy_data:/data
- caddy_config:/config

janus:
image: canyan/janus-gateway:latest
restart: unless-stopped
cap_add:
- NET_ADMIN
ports:
- “8188:8188”
volumes:
- janus_config:/usr/local/etc/janus

d. My complete Caddy config:

{
# debug
log {
format console
}
}

http://******.duckdns.org
{
# log
root * /usr/share/caddy
file_server
}

localhost {
# log
root * /usr/share/caddy
file_server
}

192.168.1.133 {
log
@websockets {
header Connection Upgrade
header Upgrade websocket
}
reverse_proxy @websockets 192.168.1.133:8188

}

******.duckdns.org {
log
@websockets {
header Connection Upgrade
header Upgrade websocket
}
reverse_proxy @websockets 192.168.1.133:8188

reverse_proxy 192.168.1.10:8123

}

5. Links to relevant resources:

Thanks

timelordx · June 11, 2025, 8:44am

Assuming you’re accessing your server via

https://YOURSITE.duckdns.org

you could try this:

YOURSITE.duckdns.org {
    log
    @websockets {
        header Connection Upgrade
        header Upgrade websocket
    }
    handle @websockets {
        reverse_proxy 192.168.1.133:8188
    }
    handle {
        reverse_proxy 192.168.1.10:8123
    }
}

Then, edit your Janus JavaScript file with this:

var server = "wss://" + window.location.hostname + ":443/";

Let me know if that works. I’m not familiar with Janus and making a lot of assumptions here. Seeing your Janus config would help.

ssciberras · June 11, 2025, 7:18pm

dear timelordx, I do not know what you did, but it is working perfectly

I hope this all works when I move everything to a new Proxmox server soon. All this was a proof of concept, so at least I know I am on the right track