nginx: route /turn (REST) and /webrtc/signaling/ (WS) to selkies#153
nginx: route /turn (REST) and /webrtc/signaling/ (WS) to selkies#153DL6ER wants to merge 2 commits intolinuxserver:masterfrom
Conversation
The selkies signaling-server exposes two endpoints that the frontend
needs but that the bundled nginx config does not currently route:
- `GET /turn` returns the WebRTC ICE config (TURN/STUN servers + HMAC
credentials) as JSON. The dashboard fetches this on init.
- `wss://.../webrtc/signaling/` is the WebSocket upgrade endpoint used
in WebRTC mode (selkies-wr-core builds the URL as
`${pathname}<appName>/signaling/`, the dashboard sets `appName=webrtc`).
Without these locations the dashboard logs:
- a `JSON.parse: unexpected character` when /turn returns nginx's HTML
404 page,
- `NS_ERROR_WEBSOCKET_CONNECTION_REFUSED` on the signaling URL,
followed by a stuck loading state.
Both endpoints are served by the same selkies process listening on
127.0.0.1:CWS, so the proxy_pass target is unchanged from the existing
/websocket location.
Tested with `SELKIES_MODE=webrtc` and `SELKIES_ENABLE_DUAL_MODE=true`:
fetching /turn returns the expected RTC config JSON, and the WebRTC
peer connection is established.
There was a problem hiding this comment.
Pull request overview
Adds missing nginx routes so Selkies’ signaling server endpoints are reachable through the bundled reverse proxy configuration (both HTTP :3000 and HTTPS :3001 server blocks).
Changes:
- Add an HTTP location to proxy
SUBFOLDERturnto the Selkies signaling server. - Add a WebSocket-upgrade location intended to proxy
/webrtc/signaling/to the Selkies signaling server. - Duplicate these locations in both nginx server blocks (ports 3000 and 3001).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…UBFOLDER Two issues raised in review (both server blocks, :3000 and :3001): 1. The signaling regex was anchored at root: `^/webrtc/signaling/?$`. With a non-default SUBFOLDER deployment (e.g. SUBFOLDER=/foo/), the request path `/foo/webrtc/signaling/` would not match and would fall through to the static handler. Replace the leading `/` with the SUBFOLDER placeholder so the same sed substitution that processes every other location block also applies here. Default `SUBFOLDER=/` keeps the regex equivalent to before. 2. The new WebSocket location was missing the long timeouts and forwarded client headers that `SUBFOLDERwebsocket` already sets. Without them, signaling sessions can be cut by nginx defaults and selkies upstream sees only 127.0.0.1 as the client IP. Mirror the full set: X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, the three 3600s timeouts, and client_max_body_size 10M. /turn gains the same forwarded headers (no timeouts — short HTTP request).
There was a problem hiding this comment.
Pull request overview
Adds missing nginx routes so Selkies’ signaling server endpoints used by the dashboard don’t fall through to the default 404 handler (notably /turn for ICE config and /webrtc/signaling/ for WebRTC-mode signaling).
Changes:
- Add an HTTP proxy location for
SUBFOLDERturnto forward/turnto the Selkies signaling server. - Add a WebSocket-upgrade regex location for
SUBFOLDERwebrtc/signaling/?$to forward WebRTC signaling to the same backend. - Apply both routes in the
:3000(http) and:3001(https) nginx server blocks.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I am a bot, here are the test results for this PR:
|
|
I am a bot, here are the test results for this PR:
|
Description:
Add two missing nginx locations:
SUBFOLDERturn(HTTP) — proxiesGET /turnto the selkies signaling server, which returns the ICE configuration JSON.^/webrtc/signaling/?$(regex, WebSocket-upgrade) — proxies the WebRTC-mode signaling URL to the same selkies process.Done in both the
:3000and the:3001server blocks ofroot/defaults/default.conf.Benefits of this PR and context:
The selkies dashboard issues two requests during initialisation that currently fall through to nginx's default 404 handler:
fetch('./turn')— the dashboard expects the JSON response defined inselkies/signaling_server.py(if path == "/turn": ...). With no nginx route, the browser receives an HTML 404 page and the dashboard logsUncaught (in promise) SyntaxError: Unexpected token '<', "<html>...".new WebSocket('wss://.../webrtc/signaling/')— built byselkies-wr-core.js(new URL(protocol + window.location.host + pathname + appName + "/signaling/"), withappName === "webrtc"). The selkies signaling server upgrades any path ending in/signaling/but the bundled nginx config has no matching location, so the browser seesNS_ERROR_WEBSOCKET_CONNECTION_REFUSED.With these two locations in place, both
SELKIES_MODE=webrtcand dual mode work without any container-side patching.How Has This Been Tested?
Built locally on top of
master(debian-trixie), composed andebian-xfce-style downstream image, ran with:Validated with:
WebSocket upgrade for the WebRTC signaling URL returns 101:
Browser end-to-end: dashboard initialises, peer connection establishes, H.264 video and Opus audio render in Firefox 149 + Chromium 142.
Source / References:
src/selkies/signaling_server.py, the branchif path == "/turn/" or path == "/turn":inprocess_request.addons/selkies-web-core/selkies-wr-core.jsupstream, thenew URL(protocol + window.location.host + pathname + appName + "/signaling/")call withappName === "webrtc"from selkies-dashboard's WebRTC mode.