Certificat SSL

[Madriix]

Configure your SSL certificate & key in certs/ by either copying certs/fullchain.pem.example to certs/fullchain.pem and certs/privkey.pem.example to certs/privkey.pem or using your own certificate & key

Currently I am using the 2 unsigned certificates from the "certs" folder with an nginx + https proxy.
It is better to use unsigned certifcats with nginx-proxy with https enabled or is it better to have ssl certificates signed and use nginx-proxy in https?

In reality the only problem I encounter is that some Internet users cannot get the webcam to work, there is a bug at startup and sometimes not, it's random. Maybe because of the unsigned certificates problem?

[QVDev]

@lmangani and @jabis know more about the certificate.

Regarding the camera be sure to check permissions on the browser settings and make sure they are not blocked. And give it some seconds before pressing GO button to make sure it loaded you should see the preview

[lmangani]

@Madriix if you're behind a proxy and you also cover websockets this way you can potentially even disable it on meething side, as long as the remote browser gets a secure certificate they will enable webRTC to work with local devices. Same as when running on glitch or heroku, where the service has no certificate and the border proxies take care of everything.

The user issue is potentially more of a quick-startup of the options before the browser is ready as QVDev also suggested, if you have some logs from the console we can try catch them. Are you using your own gun-multisocket or the community one?

[jabis]

@Madriix for me I terminate the SSL on the Nginx and run the actual app non-https - this avoids multiple handshakes and app needing to worry about httpd-level stuff -> app can handle more requests/s

        location /gun {
          rewrite /gun/(.*) /$1 break;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $host;
          proxy_set_header X-NginX-Proxy true;
          proxy_pass_header  Set-Cookie;
          proxy_pass_header  P3P;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          proxy_redirect off;
          proxy_pass http://localhost:8801;
        }

and multisocket-gun instances identically (but with added header X-Room):

        location ~^/g/(.*) {
              #rewrite /nug /$1 break;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Room $1;
              proxy_set_header Host $host;
              proxy_set_header X-NginX-Proxy true;
              proxy_pass_header  Set-Cookie;
              proxy_pass_header  P3P;
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "Upgrade";
              proxy_redirect off;
              #proxy_pass https://localhost:4439;
              proxy_pass http://127.0.0.1:8800;
        }

Hopefully that helps :)