search

l7mp / stunner

A Kubernetes media gateway for WebRTC. Contact: info@l7mp.io
https://l7mp.io
MIT License
751 stars 58 forks source link

add base64 encode for self-signed certificate and key pem data #82

Closed CodeDing closed 1 year ago

CodeDing commented 1 year ago

Establish a test environment for stunnerd locally. Follow the steps below.

Prerequisite

Installation

  1. Download the mediatx from the repository https://github.com/aler9/mediamtx.git as the streaming server.

Note Replace the host-ip field with your own host's ip.

  1. Download a binary tool called as ffmpeg which is used to publish a video stream to mediatx. For example, on macOS, run the command like below

    • brew install ffmpeg

  2. Download a video material http://vjs.zencdn.net/v/oceans.mp4.

  1. Publish the above video to the mediatx.
  1. Download the stunnerd source from the repository.
    • cd stunner
    • go build -o stunnerd cmd/stunnerd/main.go
    • ./stunnerd --log=all:TRACE turn://user1:passwd1@:3478?transport=dtls

Note Replace the host-ip with your own host's ip.

Before modifying the code, the stunnerd's log looks like:

15:35:24.141869 listener.go:57: stunner-listener-default-listener TRACE: NewListener: "default-listener":{DTLS://127.0.0.1:3478<32768-65535>,public=-:-,cert/key=<SECRET>/<SECRET>,routes=[allow-any]}
15:35:24.141876 listener.go:121: stunner-listener-default-listener TRACE: Reconcile: "default-listener":{DTLS://127.0.0.1:3478<32768-65535>,public=-:-,cert/key=<SECRET>/<SECRET>,routes=[allow-any]}
15:35:24.141898 reconcile.go:100: listener-manager ERROR: could not create new object: invalid TLS certificate: base64-decode error: illegal base64 data at input byte 0
15:35:24.141904 reconcile.go:131: stunner ERROR: could not reconcile listener config: invalid TLS certificate: base64-decode error: illegal base64 data at input byte 0
15:35:24.141911 reconcile.go:196: stunner INFO: rolling back to previous configuration: {version="v1alpha1",admin:{},auth:{},listeners=[],clusters=[]}
15:35:24.141918 main.go:163: stunnerd TRACE: reconciliation ready
15:35:24.141945 main.go:168: stunnerd ERROR: could not reconcile new configuration: plaintext: empty username or password, rolling back to last running config

After adding the base64 encode feature to the self-signed certificate and key pem data, the stunner's log looks like:

15:40:03.130721 handlers.go:66: stunner TRACE: NewPermissionHandler
15:40:03.130729 server.go:109: stunner DEBUG: setting up DTLS/UDP listener at 127.0.0.1:3478
15:40:03.131509 handlers.go:17: stunner TRACE: NewAuthHandler
15:40:03.131585 server.go:161: stunner INFO: listener default-listener: TURN server running
15:40:03.131595 reconcile.go:177: stunner INFO: reconciliation ready: new objects: 4, changed objects: 0, deleted objects: 0, started objects: 1, restarted objects: 0
15:40:03.131603 reconcile.go:181: stunner INFO: status: READY, realm: stunner.l7mp.io, authentication: plaintext, listeners: default-listener: [dtls://127.0.0.1:3478<32768:65535>], active allocations: 0
15:40:03.131609 main.go:163: stunnerd TRACE: reconciliation ready
  1. Browse the video with the following index.html. 
    
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<style>
html, body {
margin: 0;
padding: 0;
height: 100%;
overflow: hidden;
}
#video {
width: 100%;
height: 100%;
background: black;
}
</style>
</head>
<body>
<h1> WebRTC Host </h1>

rg0now commented 1 year ago

Thanks, applied! Welcome onboard.

By the way, I really like the detailed analysis, this is almost like a tutorial for setting up STUNner with MediaMTX. With a tiny extra work we could easily make this into a new STUNner tutorial, I would be happy to support you in this. You can find examples here. It can be a standalone deployment or something in Kubernetes, it does not matter: what matters is the way you configure the clients to talk to STUNner by setting webrtcICEServers in mediamtx.yml. Wdyt?