<div dir="ltr">I'd recommend you to use HAPROXY as load-balancer for websockets as it can be simplier configured as statefull proxy.</div><div class="gmail_extra"><br><div class="gmail_quote">2016-12-24 12:05 GMT+02:00 Sergey Safarov <span dir="ltr"><<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello guys<div>I want configure user frendly WebRTC server based on FreeSwitch and SipML5 client.</div><div><br></div><div>It can be easy done in FreeSwitch and NGINX is bounded to different IP/ports. But if you wants use one IP and 443 port then you will try configre NGINX to proxy all reuests line "/fs-socket/" to FreeSwitch port 7443.</div><div><br></div><div>It is works fine but FreeSwitch cannot not see real client IP address like folowing. Captured on Amazon server.</div><div><br></div><div>freeswitch@ip-172-31-29-87.us-<wbr>west-2.compute.internal> sofia status profile internal reg </div><div><br></div><div>Registrations:</div><div>==============================<wbr>==============================<wbr>==============================<wbr>=======</div><div>Call-ID: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>f1e8c7ca-8f50-4285-fd1a-<wbr>148d2f1d1b88</div><div>User: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span><a href="mailto:23@46.218.201.23" target="_blank">23@46.218.201.23</a></div><div>Contact: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>"23" <sips:23@df7jal23ls0d.invalid;<wbr>rtcweb-breaker=no;transport=<wbr>wss;fs_nat=yes;fs_path=sips%<wbr>3A23%40172.31.29.87%3A37244%<wbr>3Brtcweb-breaker%3Dno%<wbr>3Btransport%3Dwss></div><div>Agent: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>IM-client/OMA1.0 sipML5-v1.2016.03.04</div><div>Status: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>Registered(TLS-NAT)(unknown) EXP(2016-12-24 09:42:43) EXPSECS(230)</div><div>Ping-Status:<span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>Reachable</div><div>Ping-Time:<span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>0.00</div><div>Host: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>ip-172-31-29-87.us-west-2.<wbr>compute.internal</div><div>IP: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>172.31.29.87</div><div>Port: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>37244</div><div>Auth-User: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>23</div><div>Auth-Realm: <span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span>46.218.201.23</div><div>MWI-Account:<span class="m_7780085034435318832Apple-tab-span" style="white-space:pre-wrap"> </span><a href="mailto:23@46.218.201.23" target="_blank">23@46.218.201.23</a></div><div><br></div><div>Total items returned: 1</div><div>==============================<wbr>==============================<wbr>==============================<wbr>=======</div><div><br></div><div>Displayed real IP address of NGINX</div><div><br></div><div>Also when received INVITE then variables like network_addr will cantain real IP of NGINX.</div><div><br></div><div>Then you can try confgire nginx like ng</div><div><pre style="margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-size:13px;width:auto;max-height:600px;overflow:auto;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;background-color:rgb(239,240,241);word-wrap:normal;color:rgb(36,39,41)"><code style="margin:0px;padding:0px;border:0px;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;white-space:inherit">proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</code></pre></div><div><br></div><div>But FreeSwitch wants SIP headers "X-AUTH-IP" and "X-AUTH-PORT" in every SIP message not only connection establishing. NGINX not understand SIP messages and cannot do it.</div><div><br></div><div>Then you will try cofigure Kamailio between NGINX and FreeSwitch. In this case Kamailio can parce http headers and add requred SIP header.</div><div>Are you can suggest other way to publish FreeSwitch socket on same port with http server?</div><div><br></div><div> </div></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Alexandru Covalschi<br><div>VoIP engineer and system administrator<br>tel: +37367398493<br><br></div></div></div></div></div></div></div>
</div>