Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WebRTC support with Coturn #16

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added .DS_Store
Binary file not shown.
1 change: 1 addition & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
!files/dev-perms.pub.pem
!files/dev-reticulum-jwk.json
!files/dev-reticulum.conf
!files/coturn/
bryanenders marked this conversation as resolved.
Show resolved Hide resolved
!services/reticulum/priv/dev-ssl.cert
!services/reticulum/priv/dev-ssl.key
13 changes: 7 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,13 @@ certificate at each of the Hubs ports mapped in
[`docker-compose.yml`](docker-compose.yml). At the time of this writing, that
means visiting these links in your web browser and following the prompts:

* [Proxy](https://hubs-proxy.local:4000)
* [Dialog](https://hubs.local:4443)
* [Spoke](https://hubs.local:9090)
* [Hubs Admin](https://hubs.local:8989)
* [Hubs Client](https://hubs.local:8080)
* [Reticulum](https://hubs.local:4000)
* [4000: Proxy](https://hubs-proxy.local:4000)
* [4443: Dialog](https://hubs.local:4443)
* [9090: Spoke](https://hubs.local:9090)
* [8989: Hubs Admin](https://hubs.local:8989)
* [8080: Hubs Client](https://hubs.local:8080)
* [4000: Reticulum](https://hubs.local:4000)
* [5349: Coturn](https://hubs.local:5349)
keianhzo marked this conversation as resolved.
Show resolved Hide resolved

### Admin panel access

Expand Down
55 changes: 54 additions & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,27 @@
version: "3.9"
services:
coturn:
environment:
REALM: ret
PSQL: host=db dbname=ret_dev user=postgres password=postgres options='-c search_path=coturn' connect_timeout=30
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need access to Reticulum’s database? If not, it should get its own and probably its own host too since the version of Postgres Reticulum needs may differ from that of coturn.

TLS_PORT: 5349
MIN_PORT: 50000
MAX_PORT: 50050
build:
context: .
dockerfile: dockerfiles/coturn.Dockerfile
entrypoint: /bin/sh /entrypoint.sh
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What would you think about moving this line directly into the dockerfile?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yep, I see that you have been moving those. What the benefit of doing that? image reusability?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It makes the compose file lighter and more focused on orchestration (rather than containerization). If that makes sense. 😄

volumes:
- coturn:/var/lib/coturn
ports:
- "5349:5349"
# This should be the same as MIN_PORT MAX_PORT.
# You might neeed to increase this number depending on how many client you are connecting.
# (Keep the ports range small to improve container statup time)
keianhzo marked this conversation as resolved.
Show resolved Hide resolved
- "50000-50050:50000-50050"
- "50000-50050:50000-50050/udp"
networks:
hubs_network:
db:
environment:
POSTGRES_PASSWORD: postgres
Expand All @@ -9,6 +31,10 @@ services:
user: postgres
volumes:
- pgdata:/var/lib/postgresql/data
ports:
- "5432:5432"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a smell. Why do we need to expose the database to the host OS?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Coturn needs to access the database. Is there another better way of inter container communication?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Containers on the same network can reach one another. The ports configuration maps the container port to the port on the host OS. So in this case, that’s HOST:CONTAINER which maps port 5432 from the container to the same port on the host OS. Will software on your local machine need to access the database directly?

networks:
hubs_network:
dialog:
build:
context: .
Expand All @@ -18,11 +44,22 @@ services:
HTTPS_CERT_FULLCHAIN: /etc/ssl/fullchain.pem
HTTPS_CERT_PRIVKEY: /etc/ssl/privkey.pem
INTERACTIVE: "false"
MEDIASOUP_MIN_PORT: 40000
MEDIASOUP_MAX_PORT: 40050
MEDIASOUP_ANNOUNCED_IP: 10.20.30.12
ports:
- "4443:4443"
# This should be the same as MEDIASOUP_MIN_PORT and MEDIASOUP_MAX_PORT
# You might neeed to increase this number depending on how many client you are connecting.
# (Keep the ports range small to improve container statup time)
- "40000-40050:40000-40050"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these ports need to be exposed to the host OS? If so, does the user need to accept proxy certificates in the browser for them?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This are used for Coturn <-> Dialog communication but again this is the only way I found to communicate two containers. Open to hear alternatives.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ports config shouldn’t affect communication between two services on the same network. They are able to communicate directly without the intervention of the host OS.

- "40000-40050:40000-40050/udp"
volumes:
- dialog:/code
working_dir: /code
networks:
hubs_network:
ipv4_address: 10.20.30.12
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is it necessary to fix the address to a static IP?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to listen in a specific IP address, you can't listen in all interfaces. Is there a better way to assign the current container IP without making it static?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don’t follow. Does it need to be the same between orchestrations? Who is listening?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we just need to know the current container IP, then # hostname -i should do the trick.

hubs-admin:
build:
context: .
Expand All @@ -38,6 +75,8 @@ services:
volumes:
- hubs:/code
working_dir: /code/admin
networks:
hubs_network:
hubs-client:
build:
context: .
Expand All @@ -54,6 +93,8 @@ services:
volumes:
- hubs:/code
working_dir: /code
networks:
hubs_network:
hubs-storybook:
build:
context: .
Expand All @@ -67,10 +108,14 @@ services:
volumes:
- hubs:/code
working_dir: /code
networks:
hubs_network:
postgrest:
build:
context: .
dockerfile: dockerfiles/postgrest.Dockerfile
networks:
hubs_network:
reticulum:
build:
context: ./services/reticulum
Expand All @@ -92,6 +137,8 @@ services:
volumes:
- reticulum:/code
- retstorage:/code/storage/dev
networks:
hubs_network:
spoke:
build:
context: .
Expand All @@ -104,10 +151,16 @@ services:
- "9090:9090"
volumes:
- spoke:/code
networks:
hubs_network:
networks:
default:
hubs_network:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default applies the custom network (mozilla-hubs) to all the services. When you remove default you then have to specify the network for each service. That makes sense when you are divvying up the services between multiple networks, but we aren’t doing that. What’s the benefit in ditching the default here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIRC it was required to assigning a static ip address.

name: mozilla-hubs
ipam:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Today I learned that ipam stands for IP address management.

config:
- subnet: 10.20.30.0/24
volumes:
coturn:
dialog:
hubs:
pgdata:
Expand Down
7 changes: 7 additions & 0 deletions dockerfiles/coturn.Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM coturn/coturn:alpine AS dev
USER root:root
RUN apk add curl netcat-openbsd
COPY files/coturn/certs/key.pem /certs/key.pem
COPY files/coturn/certs/cert.pem /certs/cert.pem
COPY files/coturn/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you chmod the file in the repo, then you don’t have to in the dockerfile.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add a newline to the end of the file?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are permissions kepts accross different OSs?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Affirmative. The file permission comes from the build context.

27 changes: 27 additions & 0 deletions files/coturn/certs/cert.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEqDCCApACCQD9yAV5B4xV9jANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApo
dWJzLmxvY2FsMCAXDTIyMTExMDE0MjQ0OFoYDzIxMjIxMDE3MTQyNDQ4WjAVMRMw
EQYDVQQDDApodWJzLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEA6uga2VrfqURqckX+dGwJzxXrzrOVxnAJw1sszl/IFgedhbYvrdcEbKjjl335
7i5pK6JRIslU0VscYLmCjr4ru9KOlJQFfpeix3ZjNR3djuh/bO62hZPS9LHqDDcv
AsrKV+pTmttfs4C7XSr4hVK5e/nbuOPVOCU+HsvxubV5OxlVQjRiU/XrzJluAyaA
e5xGG5eeUdUMgVX38qOynxzRGFTTJswMzOLxoIkVB1iTfoY/tCKI4t3z+45SICzg
gEUtv1mYn2s31tG+4jqRrZZB09NSaf+vvRlvv17hyhzIWUQnNtxU5A1CWy4Hsl+K
00kPYEQFIOKF9rrZbo/58cipLYl0h03OlsVgmDbFQz3zDQJK5VxdxUsSH8Hg8Y2C
L0yfehnCO+B4P3KkJ8UME4YyzFWpUeAGFELvJowG5HGAC2DVyaVoVrC6MbX+ZwZH
IT6BBLCyaygd3E1MS3nrNygsV6SUMGX5AiNxlpgBYg+uthykvlqDlBvN6rhK6rEI
3+Lx2Fcu5SzHCni1Y7m316T20xHYXpnZF3/OmIPHpFL2dS+hy7hds6SNye5I0TQE
zSCPD7kQpqh50V7feZ0T4iF5Xb2K7AnPRGbYTxqs/0RPRyR7ffEgNCGuenU333at
gsvvxzYbiw3PUK31uhZ6PRXmC7AVje6CffBXBmjlrI4iRMcCAwEAATANBgkqhkiG
9w0BAQsFAAOCAgEAn4WKLyZw1n1MP1XKEfVIuFD2j3nxCXIfFqSBoufmUiYJ0qbT
nGqWp5WqyQRcoboiz7jJFRu54f3OJjCxQ3EY/5ylyKLEPoRUFQlt1EA0MAJEZs8n
afB37RAsWIqANH/mgRqgSriKx4EVVZqeHhRvlx1CwdtQO5kPW5g1cKuym/Kw0MT/
Dw7sNBizsBUMaaPfR1QLN6R3WWysSRFLDMtK25LTJTYlm8veQSlmTVp2cAOjWYAF
xEAoOw3cnZcLKi2q1FiCeSf08VfvqyORiBkzohMJlV7xUy8c/sOgFVRLaFh05baX
GJdXs10sqOJr4HLWMUhYzpDdm5ZPmyb27TA3m5Z45E2Kq9S40BhWSYZgRIumJV5W
NVsGmnwqvyDD7pWfPLA7jXKQ8u+yrGBcyZchRoS+ltXgnDpP7HR980Rm6E8Jg3dT
YNhvKCKgyWr5g78omNXJtez9EwjpnxTqTf5xmjcLxuCI65oHs0xBzgIjQpWSoMc/
JVt7FpWXNxSirThMSeUSL7lAbYsm71Dsr/Av+jZKlSR0fSOD0Ee1ga9upbjyJYV3
2YglvaHSIyjtdf0qrvk5ABWZwzqM4fc2snAZKaP0wnuR13dujzWlRAIUdDETXldC
FFxYNVWYKzfxkGCb1GXUerAYidBlCRwxHlfp9+SYIARSNSa0/x0jJq6+fUQ=
-----END CERTIFICATE-----
52 changes: 52 additions & 0 deletions files/coturn/certs/key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDq6BrZWt+pRGpy
Rf50bAnPFevOs5XGcAnDWyzOX8gWB52Fti+t1wRsqOOXffnuLmkrolEiyVTRWxxg
uYKOviu70o6UlAV+l6LHdmM1Hd2O6H9s7raFk9L0seoMNy8CyspX6lOa21+zgLtd
KviFUrl7+du449U4JT4ey/G5tXk7GVVCNGJT9evMmW4DJoB7nEYbl55R1QyBVffy
o7KfHNEYVNMmzAzM4vGgiRUHWJN+hj+0Ioji3fP7jlIgLOCARS2/WZifazfW0b7i
OpGtlkHT01Jp/6+9GW+/XuHKHMhZRCc23FTkDUJbLgeyX4rTSQ9gRAUg4oX2utlu
j/nxyKktiXSHTc6WxWCYNsVDPfMNAkrlXF3FSxIfweDxjYIvTJ96GcI74Hg/cqQn
xQwThjLMValR4AYUQu8mjAbkcYALYNXJpWhWsLoxtf5nBkchPoEEsLJrKB3cTUxL
ees3KCxXpJQwZfkCI3GWmAFiD662HKS+WoOUG83quErqsQjf4vHYVy7lLMcKeLVj
ubfXpPbTEdhemdkXf86Yg8ekUvZ1L6HLuF2zpI3J7kjRNATNII8PuRCmqHnRXt95
nRPiIXldvYrsCc9EZthPGqz/RE9HJHt98SA0Ia56dTffdq2Cy+/HNhuLDc9QrfW6
Fno9FeYLsBWN7oJ98FcGaOWsjiJExwIDAQABAoICAQCvfEuqep/BtPGMgsuPr7I4
ORkbJr/KKaKxhWhYl+dCxdegrzS5Onr8rcKwRpUyoQtCZJUWVq99YwI1JADroBfN
zYNkbZwZMTCSr9d3M+NzQi8HcuF5srASyuKc05DUFijJOq3Qbvf0gkP2WwajmuQk
QMkrO1DrC693lEX1xSNWyhsORVH7hSjthOVRhy7OqTUaoc7NNUqNSGrdofrrsLxn
396KCj+5xARcOGw0O7CcAbCPYok+ai89itnBXaUtTgDaBRXmalOhsLlYCgcQVcLB
ewoDU9a2fs0jer9UnOHzBd4BtuHYKCudMCrhz0xHgTnyYX4vTepkIrwSQ46mWJBA
nPxmHegVrguEFDa32zswNgA7si6B0Dt/pNySzLB070KeWa5TEE3X4nIkC1+H4gui
SE3sHvDtoPZ9GN7tVUG9vzchVuJ+W45e2Ri24NxVgKPLLirOFkuCvaFUjTe3Uqmg
fXLy7BEglehWOW7Fc6D+y2+BA2WyQ4EtI1xnGzJIubNQ3RwfGakcX2Za3+9XtNKb
OWJ6htt/Eu8EmJj1sEGtH+oNjbP4CWNfcNBALewyyEwdZosER9c/etFstqOwndwV
l/T2eUjuEi1PTezSEPRSEnnXagOBIOKCe9r3TwBTh14706GNdOLx2hVcTPndGaW5
ZL2jbiwUrEm+Yar5Rmw6UQKCAQEA+8QNTdXmnY/M9INrqLkvHIHCxaluorOJ9egh
ETVkdIJijZAd9LhU1StJSQT2PlzTCJtIyUToqdATPzpVLAkS8mrox8Jy7aJGqJIg
OQ/27rL+e6eoZynsiEEd8yYGjusqcT614rS5qiOGwnOAMgWHSN3KGXtHQkaJXkpW
TaAynCfiE82pEQYc6Q7e1RDCqGtSIE5ZL73+K8+dWnbtOL6lj8pS/bt7ZA2qZGju
TWw6/psX6hkUHSVntu0aqbn7pWDCW1ijINYR9mcks1Zlp8bQV4K+vanVON8hzNyb
oX0a67QLfXhoTefXsMcm1krZzqwzWRtgW8Fyb1BkLYyiG3ps6QKCAQEA7tt3vqFn
or7E+aJx7cbRqTusy763w6matGza6m8ojrE3oWEtkU51pi2WJ/iE70LqX3bvTQOl
qUyDj9U+ZUF+rBUHKXT7nFVRkS6jiwGpYObQs08JttDzOFL2xwFnEiwf1cw0Bw9d
E0z2jcho2iZkH3FINDfOY3l1Kol6tiH6UD9qPg/ovun9dZ4MAsEM5t1LGMHW+aSv
uUSofrsrD9OLqWeDkISFaZY1+CyBQuIrLHarmCU+BTjm6G371PbRNfqF3y8ujNAE
kjFALj+2nf1pqAe6aCt2FkGC7QZbmR8t2lDEmxTrrUrlR1TT21h4eS72rjB36xJ5
kIBM+RijHkJWLwKCAQEA9Uf/Eirn3++eZUW4WIv6OxKsmHhGolq6eQorVSGoed4h
d/vFQ4tmkrv2TR55bS5wJ31p/zSUXAStC7egDSPWArlnil6GK8AiiM68d/t2vv1B
82TXK5Lrr5+JNz9/ujOgiO3otDMQg5LTEpUGezVppPL3l7XEKeygnm1cAYqmY/5z
QonmQgCrn99t9zS6AO11+KV8PIgknbhKfD1LRjJvCFS8YBkM0OCDdgnIyUM9gpnF
RbwjHXY4wj3j8SGR6oAHOolzfGUy4NWCKvpsVXXburZVcGCKrDqvKnBva3iABszF
OPta2zOZrs+HpdUMuE6KRDDowtwHyi0PPFU8BftTKQKCAQBmISUEN5NOfO9QJes8
1gQTrlZmD7gXS0/A0cKQ9tKKoK++qwSG2ttnIJrRoGuGuj/obbxIW8TbrMGcIHu7
Y9O71InpagGjiL+FqkF3UFCSBF88LBFlP9afQKoP0UO2+3LpQZUFZ8ZOWFwbp5Nd
o4iwAQn0eeAfnHFCrOHxOnoDEfplavwDlZ0wS1GrY8wWcoyHm2pF9+rC9t5swa7Z
54QR/Ra+FkvNJ9MPuEfUx0vaiSs5tMLeDMR+oXhKSPaPc/0FvvDSeKdbsv9URx3Y
U+B3XkaP//VP8tb+bfeAc1pxvJM0FC/pOtrqMxUa9qscdb44ILVFp/KenJ1M7QHi
EE81AoIBAQCOhn8io6TwnYtv1Ar/z3nQhQEbOwDADSNuhzLth3zLr9kpQyW+AhW7
s18KchXKu20Boplc8rDXyf/WnfdyA9xdjPq+QzFWf9ateEdZbyd0pK4mXMyXE0iP
FqO64yk47OUTvfbC8o1+1lInYxIVENPH/Qf9wefhr9SH6LIEUYWz5oxTME7v1oWL
Nie+oLDWrpSNB6pB6I2DXaFLcOw8IY1y5Q2RRMTKgjF13kZPVPA3+B0L8aq6xNtU
xKVJRRUN9HIieu2YtwmF9kGoDpokdM2gUl8qG13vpjp3bwc97Ay3Kvn/w0hkNinP
AkRImjgwts/xPStfNaFtRIX9irK5Z8tL
-----END PRIVATE KEY-----
18 changes: 18 additions & 0 deletions files/coturn/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash

echo "realm=${REALM}" > /etc/turnserver.conf
echo "min-port=${MIN_PORT}" >> /etc/turnserver.conf
echo "max-port=${MAX_PORT}" >> /etc/turnserver.conf
echo "tls-listening-port=${TLS_PORT}" >> /etc/turnserver.conf
echo "psql-userdb=${PSQL}" >> /etc/turnserver.conf
echo "lt-cred-mech=true" >> /etc/turnserver.conf
echo "use-auth-secret=true" >> /etc/turnserver.conf
echo "cert=/certs/cert.pem" >> /etc/turnserver.conf
echo "pkey=/certs/key.pem" >> /etc/turnserver.conf
echo "verbose" >> /etc/turnserver.conf

echo "####################################################"
cat /etc/turnserver.conf
echo "####################################################"

turnserver --log-file=stdout
keianhzo marked this conversation as resolved.
Show resolved Hide resolved