watchRTC uses a websocket connection from the users to our servers in order to collect the WebRTC statistics and telemetry data necessary for monitoring your service.
At times, you may want to use an intermediary proxy which the client devices connect to instead of directly to our servers. The main reason for that is when you want control over the IP addresses customers need to open up and configure in their firewalls and wish to keep these addresses limited to your pool.
For that purpose, watchRTC offers the ability to work via a proxy URL, as well as other firewall configuration alternatives.
Architecture
By default, the watchRTC SDK connects directly to the watchRTC backend service via the watchRTC relay. The diagram below illustrates what happens when you add your own watchRTC Proxy component:
In such a configuration, the watchRTC SDK will communicate with the watchRTC Proxy. The watchRTC Proxy will then send the data it receives from the SDK to the watchRTC backend service via the watchRTC relay.
This gives you the flexibility of deploying the watchRTC Proxy on your own servers and add another layer of control over the data being routed. The data being proxied uses secure websockets and secure HTTPS connections.
Install your proxy server
You can install and use any websocket proxy server.
nginx has such a websocket proxy, along with a Docker configuration of one.
Other proxies should work just as well.
Make sure the proxy server can handle the amount of concurrent users you plan on working with, as these will now rely on your own infrastructure.
Configure the proxy server
The proxy server installed should redirect incoming websocket traffic to one of these addresses:
- wss://watchrtc.testrtc.com if you are running watchRTC from our production environment
- wss://watchrtc-staging2.testrtc.com if you are running watchRTC from our staging environment
In both cases, be sure to also configure HTTPS to be proxied. When a websocket is unavailable, the watchRTC SDK will send its messages via HTTPS.
Passing IP’s when there are Proxies
When using a proxy server location, the standard for passing IPs is to use the ‘X-Forwarded-For’ header
x-forwarded-for: "180.166.146.241, 43.176.32.192"
- When a client connects directly to a server, the client’s IP address is sent to the server (and is often written to server access logs).
- If a client connection passes through any ‘forward’ proxies, the server only sees the final proxy’s IP address.
To provide a more-useful client IP address to the server, the ‘X-Forwarded-For’ request header is used.
502 Health Check Error
All of our watchRTC servers (AWS) have a /healthcheck
endpoint, which you
should use to do a health probe check, (i.e. https://watchrtc-server.cyara.com/healthcheck - returns 200 success code)
Proxy
watchRTC Server URLs:
-
Production (default): wss://watchrtc-server.cyara.com
-
Staging: wss://watchrtc.spearline.dev
If you would like to programmatically control redirection here’s the list of connection URLs you must make sure to build:
{watchRTC-server-url}?apiKey={apiKey}×tamp={Date.now()}&apiVersion=v1&sessionId={sessionID}
Configure the SDK
To use the proxy, add in your watchRTC.init() call under proxyURL the server address you are using:
watchRTC.init({
proxyUrl: "wss://my.domain.com:8080/websocket"
});