While setting up a scaling Azure Ant Media Solution, SSL needs to be set up for Azure Application Gateway, which acts as a load balancer.
SSL is required for enabling mic and camera in browsers. Otherwise, WebRTC will not work. In this post, I will explain how to enable SSL for Azure Application Gateway. Application Gateway is used for load balancing in a clustering Azure solution. Please have a look at this document for enabling SSL for standalone servers.
We are going to use Let’s Encrypt for enabling SSL. Let’s Encrypt is a FREE, automated and open Certificate Authority brought to you by the non-profit Internet Security Research Group (ISRG) and supported by big corps such as Google, Facebook, Microsoft, and many others, to have a more secure and privacy-respecting Web.
Create Certificate
- Open a terminal.
- Install certbot
sudo apt-get install certbot
- Executed the following command by writng your email address and your domain.
sudo certbot certonly --email your_email_address -d your_domain --agree-tos --manual
- Follow the instructions and press Enter to continue.
- After successful operation, terminal output should something like below
Create PFX for Azure Application Gateway
We need a PFX file for Azure Application Gateway and we can create it using openssl by using
the files(cert.pem, chain.pem, fullchain.pem, privkey.pem) which are created under /etc/letsencrypt/live/{Your_Domain}
in previous step.
Run the below command to have PFX file
sudo openssl pkcs12 -inkey ./privkey.pem -in ./cert.pem -export -out murat.antmedia.io.pfx
Now we have the PFX file.
Create Azure Application Gateway with Certificate for Scaling Azure Ant Media Solution
When creating the Azure Application Gateway, we will provide this certificate.
- Upload certificate while creating rule (
https_5443_edge
) rule and provide a name and password for the certificate.
- While creating the listener for the
https_443_origin
rule, use the certificate which is previously uploaded.
After that, you can open your Ant Media Server instance with https://your_domain url
. For the full guide that describes setting up a clustering solution in Azure, please have a look at this post.
If you have any questions, please drop a line to contact(at)antmedia.io .
References:
https://docs.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal