How to run Janus on a Google Cloud Compute instance and build your own WebRTC streaming server
Janus is sweet! Here in the good robot lab, we use Janus to stream video live from a Raspberry Pi all over the world with about 100ms latency. The actual transport technology is WebRTC, but Janus is an open source signalling server which allows computers to make Peer to Peer WebRTC connections for industrial grade, low latency communication. WebRTC is the future of media streaming, so if you’re interested in this kind of tech, go ahead and take a few minutes to read up. Don’t worry, we’ll wait!
Today, we’re going to go from zero to one hundred, meaning we’ll go from having no server at all, to running the full fledged Janus demo on a Google Compute Instance. Once Janus is up and running, you’re free to build whatever application you desire on top — maybe you make your own Twitch server, maybe you replace Skype with your own private video conferencing app, maybe you monitor a fleet of drones from the comfort of your living room — whatever it is, Janus is probably capable and flexible enough to let you do it. I chose Google Cloud to deploy this, because it has a fantastic console with integrated cloud based development tools (which I’ll talk about later), you get $300 free credits, and for some reason, nobody seems to be using or talking about it! The instructions should be pretty easy to adapt, if you choose to deploy somewhere else.
Step 1. Start your free Google Cloud trial.
Head over to console.cloud.google.com. This is pretty straightforward. Good start!
Step 2. Create a Compute Engine instance
Now we’re gonna get the wheels turning and carve ourselves out our first little piece of one of google’s mainframe. Go to the Compute Engine cloud portal console.cloud.google.com/compute
Hit ‘Create Instance’ to enter the new instance menu. Pick a name, choose a region near you, and choose either a small or micro instance. We’ve had no problems running Janus on a micro instance, but a funny hangup we encountered is that SFTP’ing in to a micro instance can cause it to crash, since SFTP clients like Sublime SFTP and Visual Studio Code run a ton of file listeners and if you’re creating a Node app, you’ll crash your server even when the project is quite small. A micro instance costs less than half a small instance, so if you’re not using SFTP, go ahead and use the micro!
Tick the boxes to allow HTTP and HTTPS traffic. Leave everything else as default.
Note: If you’re planning to send an RTP stream to Janus, you’ll also need to open the ports you’re gonna stream to. This is easy to set up, in the VPC Network portal of Google Cloud console.
Step 3. Attach an ssh key to your instance
An ssh key allows you to connect to the Compute instance, as if you were working from your own computer.
Google has instructions here, which I’ll briefly repeat cloud.google.com/compute/docs/instances/connecting-advanced
The rest of these instructions are to be carried out from the Google Cloud Shell. If you’re logged in to the console, hit the terminal looking button to access it. The Shell is awesome! It’s a floating, cloud based instance with all of google’s development tools preinstalled, which you can use from the browser to manage all of your machines. You can type commands in to the shell, and they execute on a google computer somewhere in the Bermuda Triangle (where are google’s servers, actually?). Any commands you should enter will be prefixed with a money sign like this:
$ enter_these_commands_in_google_shellSee the GIF below to open the Shell:
Enable OS Login
$ gcloud compute instances add-metadata instance-name \
— metadata enable-oslogin=TRUEReplace instance-name with the name of the instance you chose in step 1.
Generate an ssh key
Hit google to find out how to generate an ssh key on your machine. On the mac, it’s
$ ssh-keygen -t rsaUpload your public key to the cloud shell
In the top right corner of the Shell, hit the three dots, and then choose “Upload File”. Find id_rsa.pub or whatever your public key file is called. It will upload to the home directory of your Cloud Shell instance.
Add the public key to OS Login
Replace path/to/key with your key, probably something like ./id_rsa.pub.
$ gcloud compute os-login ssh-keys add —-key-file path/to/key.pub —- ttl 0Now, you’re ready to connect up to your machine!
Step 4. Install Janus
We’re almost there now! We’re going to follow the instructions at github.com/meetecho/janus-gateway to install Janus.
Find your IP in the Cloud Compute Instance portal, and SSH in to your machine from your terminal. Your username is typically the google email address you use, with spaces and chars replaced by underscores. Mine is ben_thekids_eu, so I do ssh ben_thekids_eu@123.456.789.012
$ ssh <user>@<ip>The instructions for installing Janus in the readme are pretty great, except that you don’t need to compile l̶i̶b̶n̶i̶c̶e̶ or libsrtp. Edit: BEWARE of the package manger version of libnice! Just like the instructions say, certain versions of libnice cause ice errors which can break your streams. After experimenting with several versions, I found the most stable one to be from libnice’s github, but an old commit, which you can get by doing
git clone https://github.com/libnice/libnice.git
cd libnice
git checkout dbaf8f5ccd76089e340883887c7e08e6c04de80a
./autogen.sh
./configure --prefix=/usr
make && sudo make installFor libsrtp, you can simply
$ sudo apt install libsrtp2-devThe instructions also require git and make, so
$ sudo apt install git makeFinally, I had to be sudo to make install, so
./configure --prefix=/opt/janus
make
sudo make installMake sure you install the default configuration files with
make configsIf everything went well, Janus should be installed at /opt/janus/bin/janus. Try running it to make sure it starts up without errors.
$ /opt/janus/bin/janusIf you want to configure Janus to use a STUN server, this a good time to do that. STUN allows WebRTC to work behind a NAT. To use google’s STUN server, run
$ sudo nano /opt/janus/etc/janus/janus.jcfgScroll down to the bottom, and change the STUN settings to the following
nat: {
stun_server = "stun.l.google.com"
stun_port=19302
nice_debug = false
#full_trickle = true
#ice_lite = true
#ice_tcp = true
}Step 5. Set up a reverse proxy
In order to use WebRTC, you need to use SSL. This means your website needs HTTPS. We’ll cover that in the next step, but for now, we need to use a reverse proxy so that when you add SSL to your domain, you can make http requests to the Janus server or to other servers on your machine using the same SSL connection.
I prefer NGINX as a robust web server, and it’s easy to set up a reverse proxy and SSL. While SSH’d in to your compute instance, do the following:
$ sudo apt install nginxThen, edit the default configuration files
$ sudo nano /etc/nginx/sites-enabled/defaultIf you’ve purchased a domain name, add it.
server_name <your_domain_name>We’re gonna follow the instructions given by Janus again for deploying behind a web frontend at janus.conf.meetecho.com/docs/deploy.html, but with some corrections.
Remove the following line
root /var/www/htmland replace it with the following
root /home/<user>/janus-gateway/htmllocation /janusbase/ { proxy_pass http://127.0.0.1:8088/;}
This tells nginx to serve the demo HTML files located in your home directory, and creates a reverse proxy so that any http requests directed to <your_site>/janusbase/ are redirected to port 8088, where Janus is listening by default. After making these changes, restart nginx.
$ sudo systemctl restart nginxNext, we need to modify the demo files, to tell our janus script to hit the reverse proxy.
$ sudo nano /home/<user>/janus-gateway/html/janus.jsGo to line 446, and change
var server = gatewayCallbacks.server;to
var server = “/janusbase/janus”;Now, run Janus
$ /opt/janus/bin/janusAnd if you visit the IP address assigned to your instance, you should see the Janus demo!
Step 6. Get SSL
To use the demos and WebRTC in general, you need to be connected with SSL. This means you’re hitting an HTTPS address, and you’ll see the little green lock in the address bar if you’re using Chrome or Safari.
You need a static IP and a domain name. Go to the Networking portal in Cloud Console console.cloud.google.com/networking/addresses/list
Click on “Ephemeral” in the Type column, next to your IP address, and change it to “Static”
Then, get your domain name to point to this IP. Google how to do it for your ISP.
To get SSL, we’re gonna use Let’sEncrypt, cause it’s free and easy. Once you’ve pointed your domain name to your static IP, follow instructions at https://certbot.eff.org/, and you’re DONE!!!!!
