search

GRVYDEV / Lightspeed-webrtc

A RTP -> WebRTC broadcast server for Project Lightspeed.
MIT License
75 stars 31 forks source link

wss:// support #13

Closed r4rdsn closed 3 years ago

r4rdsn commented 3 years ago

On https:// server browsers block insecure ws:// connections by default as mixed content. Changing url's protocol in react app to wss:// results in failed WebSocket connection with Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR. I was able to work around this by changing url in react app to wss://MYHOSTNAME/websocket and setting up reverse proxy in nginx config like this:

server {
        listen 443 ssl http2;
        server_name MYHOSTNAME;

        location /websocket {
                proxy_pass http://127.0.0.1:8080/websocket;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_read_timeout 86400s;
        }
}

Now if lightspeed-webrtc runs without arguments (on localhost) browser doesn't log any errors. It would be more convenient if wss:// was directly supported by lightspeed without the need of reverse proxy.

GRVYDEV commented 3 years ago

On https:// server browsers block insecure ws:// connections by default as mixed content. Changing url's protocol in react app to wss:// results in failed WebSocket connection with Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR. I was able to work around this by changing url in react app to wss://MYHOSTNAME/websocket and setting up reverse proxy in nginx config like this:

server {
        listen 443 ssl http2;
        server_name MYHOSTNAME;

        location /websocket {
                proxy_pass http://127.0.0.1:8080/websocket;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

Now if lightspeed-webrtc runs without arguments (on localhost) browser doesn't log any errors. It would be more convenient if wss:// was directly supported by lightspeed without the need of reverse proxy.

I will have to look into this. Im not sure how this will work with SSL certs etc but I will dig into this more!

ckramp commented 3 years ago

Until this gets supported properly, you can use the following workaround.

Given existing certs, all you have to change is line 90 in main.go:

log.Fatal(http.ListenAndServe(*addr+":8080", nil))

becomes

log.Fatal(http.ListenAndServeTLS(*addr+":8080", "your_cert.crt", "your_cert.key", nil))

followed by a go build and then you should be good to connect via WSS.

Ideally this could be setup via arguments or a configuration file as suggested in #23.

Stovoy commented 3 years ago

I put up a relatively simple PR adding args for this in #29.

GRVYDEV commented 3 years ago

Closed with #29