search
PricingAdd-onSupport ProgramBlog

SSL Configuration on AWS

This section, which includes this guide, describes the features of OvenMediaEngine Enterprise available for subscription on AWS Marketplace.

Modern web browsers such as Chrome, Safari, Firefox, and Edge enforce security restrictions that prevent the use of camera/microphone permissions and block playback of unsecured streams in environments without SSL (HTTPS). In particular, to use WebRTC publishing/playback and HLS playback smoothly, communication between the server and the client must be encrypted via HTTPS/WSS.

OvenMediaEngine Enterprise on AWS provides features that make this configuration easy. Completing the security setup described in this guide is a required step to build and operate a stable and secure streaming service.

hashtag
Configure and Verify SSL

1

hashtag
Configure SSL in the Web Console

  1. Click the [Settings] icon in the upper-right corner of the Web Console to open the Settings page, then select [SSL Configuration] from the left menu.

  2. In the Configuration Method section, click [Change Configuration] to switch to edit mode.

  1. Choose an SSL configuration method that fits your service environment.

    • OvenMediaEngine Enterprise–Provided Subdomain with Auto-Managed SSL Certificate: [Recommended] Without any complex setup, OvenMediaEngine Enterprise automatically creates a dedicated subdomain and SSL certificate required for SSL configuration and manages renewals before expiration.

    • Your Own Domain with Your Own Certificate: Register your domain and SSL certificate directly in OvenMediaEngine Enterprise. With this option, the instance IP is shown [SSL Configuration] page on the Web Console. To map your domain to this instance, update your domain’s DNS records in your DNS management console to point to the displayed IP.

triangle-exclamation

Important: Assign an Elastic IP before configuring SSL.

You must first associate an AWS Elastic IP (EIP) with the instance to keep its public IP address fixed. If the instance is stopped and started again without an Elastic IP, its public IP may change. This can break your domain mapping and cause service downtime. To ensure stable domain resolution and uninterrupted secure connections, secure a fixed public IP first, then proceed with the SSL configuration.

2

hashtag
Access via HTTPS

  1. Once SSL is applied successfully, you can access the Web Console using the URL shown on the [SSL Configuration] page.

    • For example, https://aws-xxxxxxx.cloud.ovenmedia.io:8443.

3

hashtag
Verify SSL playback and check URLs

  1. Following "Post-Setup Verification for OvenMediaEngine Enterprise", publish a media source to rtmp://{Public IPv4}:1935/app/stream, then confirm Stream List on the Web Console that the stream is being delivered properly.

  1. If playback works normally even after selecting TLS in the stream detail view, the SSL setup is complete.

  1. In the [URLs] tab, you can view the TLS-enabled Ingress URL and Egress URL at a glance. Your service is now ready to deliver stable and secure streaming over encrypted connections.

PreviousMonitoring on AWSNextTroubleshooting on AWS

Last updated