Add the following destination domains and the corresponding ports to your firewall whitelist.
.appearin.com
.appearin.net
.appearin.video
.whereby.cloud
.whereby.com
.whereby.com.mx
.whereby.info
.whereby.jp
.whereby.vc
*.whereby.com ;-)
All traffic flows on port 443 TCP/UDP.
Control messages between the clients and the Whereby servers when in a call ("signaling") is transmitted over secure websockets (wss). These utilize the same ports as https, but will set up persistent two-way connections. Proxies and firewalls that intercept https traffic need to be configured to allow websocket traffic towards these hosts/domains (some of these are legacy and will be phased out in the near future, but for the time being still need to be accessible):
signal.srv.whereby.com
any.sfu.whereby.com
*.sfu.whereby.com
rtcstats.srv.whereby.com
signal.appearin.net
sfu.appearin.net
rtcstats.appearin.net
In order to transmit video and audio, the participants must be allowed to send and receive packets containing media content. The optimal path for these packets is directly between participants, but where this is not possible/allowed, Whereby provides a network of TURN servers that can act as relays for this. These servers are placed across the globe, and participants will connect to the closest ones. Participants will connect to port 443 on these servers, on either UDP or TCP. For call quality and experience, UDP is the preferred protocol.
The TURN servers are identified by the hostname patterns:
*.turn.whereby.com
turnserver.appearin.net
| Service | Dest. | Port | Protocol | Mandatory |
|---|---|---|---|---|
| Signaling (wss) | any | 443 | TCP | Yes, see above |
| turn relay (tcp/tls)* | any | 443 | TCP | Yes, please see note 1 |
| turn relay (udp)* | any | 443 | UDP | Optional, pls see note 1 |
| turn/sfu highport** | any | 1024-65535 | UDP | Optional, pls see note 2 |