Another approach would be to leave Asterisk as-is, and build a WebRTC-to-SIP layer over it. This can be done on the same box, using something like OpenSIPS. It would mean that the DTLS streams are unencrypted by something like RTPengine. This approach also allows you to upgrade Asterisk at a later stage as the heavy lifting is done with OpenSIPS & RTPengine, while Asterisk acts independently.
I have experience with this architecture.