WebRTC behind reverse proxy broken in upgrade 1.6.0 to 1.7.0

[elvis-epx]

WebRTC ceased to work when published through a reverse proxy

Which version are you using?

v1.8.5

Which operating system are you using?

• Linux amd64 standard
• Linux amd64 Docker
• Linux arm64 standard
• Linux arm64 Docker
• Linux arm7 standard
• Linux arm7 Docker
• Linux arm6 standard
• Linux arm6 Docker
• Windows amd64 standard
• Windows amd64 Docker (WSL backend)
• macOS amd64 standard
• macOS amd64 Docker
• Other (please describe)

Describe the issue

After upgrading from 1.4.2 to 1.8.5, the WebRTC ceased to work when it is published as a folder of external site using a reverse proxy (nginx). Internal access (direct to LAN IP) works normally.

The NGINX logs show that PATCH and DELETE are being sent to the root URL /camera/whep, while in 1.4.2 there is only the PATCH request (not DELETE) that goes to the correct URL /revproxy_folder/camera/whep

Edit: upgrade up to 1.6.0 keeps things working. Upgrade to 1.7.0 triggers the issue.

Describe how to replicate the issue

1. Configure MediaMTX to serve WebRTC
2. Configure a reverse proxy to publish a WebRTC stream "page" as a folder of a site

Did you attach the server logs?

no

Did you attach a network dump?

yes (NGINX logs)
teste.txt

[aler9]

Hello, between v1.6.0 and v1.7.0 we were forced to perform a change in the Location header and make all paths absolute for compatibility reasons (see #3195 #3177 #3240).

This broke compatibility with reverse proxies that put a prefix before every URL, like yours.

In order to fix the issue, you have to edit your reverse proxy in order to intercept the Location header in responses and put the prefix before its value too, for instance, you have to edit this:

Location: /camera/whep

Into this:

Location: /revproxy_folder/camera/whep

If you are using nginx as reverse proxy, you can do it in this way (more or less):

location /revproxy_folder/ {
    proxy_pass http://mediamtx:8889/;
    proxy_redirect $scheme://$host:$server_port/ /revproxy_folder/;
}

[andreymal]

@aler9 why not add a prefix in the mediamtx settings?

[aler9]

@andreymal because that would mean maintaining and bug-fixing an additional feature that is already provided in a better form by another component, and belongs to that other component.

[andreymal]

No better, nginx can't properly add prefixes in response bodies, for example. So I suspect that one day you will have to implement this additional feature

[RedShift1]

For future reference, how to do it with Apache httpd:

    <Location /abc>
        ProxyPass http://10.132.0.6:8889
        ProxyPassReverse http://10.132.0.6:8889

        Header edit Location ^(.*)$ "/abc$1"
    </Location>

You need to use the Header directive because ProxyPassReverse doesn't rewrite the Location header if the HTTP response is not a redirect. (See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse).

[elvis-epx]

TBH the general recommendation should be to put the reverse-proxied service in its own domain. MediaMTX is not the only one that does not like living in a proxied folder (Grafana is another).

[andreymal]

@elvis-epx I use root_url = https://%(domain)s/grafana_proxied_folder/ in grafana.ini and it seems to work fine (but it's starting to be offtopic here)