Recently I wrote that AntMedia does not support IPv6, see also Ant Media Server mit Apache Reverse Proxy.
This problem is now fixed. Many thanks at this point for the quick help from the Ant Media team, who contacted me personally!
The reason for the behavior were two things:
- The systemd unit for Ant Media,
/etc/systemd/system/antmedia.service
, contains the option-Djava.net.preferIPv4stack=true
for starting the server which means that Ant Media Server will prefer IPv4 even if IPv6 is available. - The configuration
/usr/local/antmedia/conf/red5.properties
contains the following entry which defines the IP addresses from which it is allowed to connect to the dashboard:server.allowed_dashboard_CIDR=0.0.0.0/0
. However this forbids clients using IPv6.
The fix is relatively simple and will probably also be included in one of the next updates from Ant Media:
In the file /etc/systemd/system/antmedia.service remove the option -Djava.net.preferIPv4stack=true
.
In the file /usr/local/antmedia/conf/red5.properties
add the following entry (or update the existing entry accordingly) to allow connections to the dashboard using IPv4 and IPv6 likewise:
# Default value is open everyone server.allowed_dashboard_CIDR=::/0,0.0.0.0/0
After that restart the server as following:
systemctl daemon-reload systemctl restart antmedia
After these changes you can now use the reverse proxy in Apache without the option ProxyAddHeaders off
and AntMedia will now see the real IP address of the client and not just 127.0.0.1:
RewriteEngine on RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://localhost:5080/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket [NC] RewriteRule /(.*) http://localhost:5080/$1 [P,L] ProxyPass / http://localhost:5080/ ProxyPassReverse / http://localhost:5080/
Update 2022-09-11
When using the reverse proxy it seems, the change in the systemd unit is not required. In my case it is enough to add ::/0,0.0.0.0/0
as allowed IP addresses to the server configuration. That makes sense as the proxy is connecting via IPv4 and just passing the IP address as header to the server.