Skip to main content

Setting up a proxy for watchRTC traffic

watchRTC uses a websocket connection from the users to our servers in order to collect the WebRTC statistics and telemetry data necessary for monitoring your service.

At times, you may want to use an intermediary proxy which the client devices connect to instead of directly to our servers. The main reason for that is when you want control over the IP addresses customers need to open up and configure in their firewalls and wish to keep these addresses limited to your pool.

For that purpose, watchRTC offers the ability to work via a proxy URL, as well as other firewall configuration alternatives.

Architecture

By default, the watchRTC SDK connects directly to the watchRTC backend service via the watchRTC relay. The diagram below illustrates what happens when you add your own watchRTC Proxy component:



In such a configuration, the watchRTC SDK will communicate with the watchRTC Proxy. The watchRTC Proxy will then send the data it receives from the SDK to the watchRTC backend service via the watchRTC relay.

This gives you the flexibility of deploying the watchRTC Proxy on your own servers and add another layer of control over the data being routed. The data being proxied uses secure websockets and secure HTTPS connections.

Install your proxy server

You can install and use any websocket proxy server.

nginx has such a websocket proxy, along with a Docker configuration of one.

Other proxies should work just as well.

Make sure the proxy server can handle the amount of concurrent users you plan on working with, as these will now rely on your own infrastructure.

Configure the proxy server

The proxy server installed should redirect incoming websocket traffic to one of these addresses:

  1. wss://watchrtc.testrtc.com if you are running watchRTC from our production environment
  2. wss://watchrtc-staging2.testrtc.com if you are running watchRTC from our staging environment

In both cases, be sure to also configure HTTPS to be proxied. When a websocket is unavailable, the watchRTC SDK will send its messages via HTTPS.

Passing IP’s when there are Proxies

When using a proxy server location, the standard for passing IPs is to use the ‘X-Forwarded-For’ header

Note: Header should contain IPs in specific order. Where the left-most IP should be the client IP. For example; client, proxy1, proxy2 and so on…
x-forwarded-for: "180.166.146.241, 43.176.32.192"
  • When a client connects directly to a server, the client’s IP address is sent to the server (and is often written to server access logs).
  • If a client connection passes through any ‘forward’ proxies, the server only sees the final proxy’s IP address.

To provide a more-useful client IP address to the server, the ‘X-Forwarded-For’ request header is used.

502 Health Check Error

All of our watchRTC servers (AWS) have a /healthcheck endpoint, which you should use to do a health probe check, (i.e. https://watchrtc-server.cyara.com/healthcheck - returns 200 success code)

Proxy

watchRTC Server URLs:

  • Production (default): wss://watchrtc-server.cyara.com

  • Staging: wss://watchrtc.spearline.dev

If you would like to programmatically control redirection here’s the list of connection URLs you must make sure to build:

{watchRTC-server-url}?apiKey={apiKey}&timestamp={Date.now()}&apiVersion=v1&sessionId={sessionID}

Configure the SDK

To use the proxy, add in your watchRTC.init() call under proxyURL the server address you are using:

watchRTC.init({
  proxyUrl: "wss://my.domain.com:8080/websocket"
});

Was this article helpful?

0 out of 0 found this helpful