Try Live Demo

While setting up a scaling Azure Ant Media Solution, SSL needs to be set up for Azure Application Gateway, which acts as a load balancer.

SSL is required for enabling mic and camera in browsers. Otherwise, WebRTC will not work. In this post, I will explain how to enable SSL for Azure Application Gateway. Application Gateway is used for load balancing in a clustering Azure solution. Please have a look at this document for enabling SSL for standalone servers.

We are going to use Let’s Encrypt for enabling SSL. Let’s Encrypt is a FREE, automated and open Certificate Authority brought to you by the non-profit Internet Security Research Group (ISRG) and supported by big corps such as Google, Facebook, Microsoft, and many others, to have a more secure and privacy-respecting Web.

Create Certificate

  1. Open a terminal.
  2. Install certbot
    sudo apt-get install certbot
  3. Executed the following command by writng your email address and your domain.
    sudo certbot certonly --email your_email_address -d your_domain --agree-tos --manual
    
    Screen Shot 2019 12 12 at 01.11.40
  4. Follow the instructions and press Enter to continue.
  5. After successful operation, terminal output should something like belowScaling Azure Ant Media

Create PFX for Azure Application Gateway

We need a PFX file for Azure Application Gateway and we can create it using openssl by using
the files(cert.pem, chain.pem, fullchain.pem, privkey.pem) which are created under /etc/letsencrypt/live/{Your_Domain} in previous step.

Run the below command to have PFX file

sudo openssl pkcs12 -inkey ./privkey.pem -in ./cert.pem -export -out murat.antmedia.io.pfx

Now we have the PFX file.

Create Azure Application Gateway with Certificate for Scaling Azure Ant Media Solution

When creating the Azure Application Gateway, we will provide this certificate.

  • Upload certificate while creating rule (https_5443_edge) rule and provide a name and password for the certificate.

Upload certificate while creating https_5443_edge rule and provide a name for the certificate

  • While creating the listener for the https_443_origin rule, use the certificate which is previously uploaded.

Use the certificate previously uploaded for the listener which is created for the https_443_origin rule

After that, you can open your Ant Media Server instance with https://your_domain url. For the full guide that describes setting up a clustering solution in Azure, please have a look at this post.

 

If you have any questions, please drop a line to contact(at)antmedia.io .

References:

https://docs.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal