libp2p / js-libp2p-websocket-star-rendezvous

The rendezvous service for libp2p-websocket-star enabled nodes meet and talk with each other
MIT License
24 stars 16 forks source link

Cannot connect to rendezvous from HTTPS pages (insecure pages work fine) #13

Closed ccashwell closed 4 years ago

ccashwell commented 6 years ago

The rendezvous server seems to reject requests over HTTPS. I can connect several browser peers without any issues to a deployed rendezvous server when the client app is served over HTTP, but as soon as the client is moved behind an HTTPS endpoint it becomes impossible to connect to a that same rendezvous server. Is this a bug or am I missing something?

I'm running the latest NPM release (libp2p-websocket-star-rendezvous@0.2.3) on Ubuntu 16.04, attempting to connect browser clients using ipfs-pubsub-room. The hosted rendezvous server similarly worked from localhost and deployed non-HTTPS client pages and failed over HTTPS.

victorb commented 6 years ago

Are you running nginx or something in between? How are you dealing with the certificates? Also, how are you connecting the browser peers to the rendezvous server?

The more info we can get, the better we can help you :)

mkg20001 commented 6 years ago

@ccashwell Self-hosted websocket-star-rendezvous instances run on HTTP by default. In order to use them on HTTPS you need to put the rendezvous server behind an SSL reverse-proxy

ccashwell commented 6 years ago

So, first thing's first: it's not my signaling server. I can verify this by replacing it with any of the hosted rendezvous servers, all of which are hosted over HTTPS:

/dnsaddr/ws-star.discovery.libp2p.io/tcp/443/wss/p2p-websocket-star
/dnsaddr/ws-star-signal-1.servep2p.com/tcp/443/wss/p2p-websocket-star
/dnsaddr/ws-star-signal-2.servep2p.com/tcp/443/wss/p2p-websocket-star
/dnsaddr/ws-star-signal-3.servep2p.com/tcp/443/wss/p2p-websocket-star

I have my private rendezvous server sitting behind nginx reverse proxy to enable SSL.

I'm using ipfs-pubsub-room to connect peers to the swarm using the following code:

  this.ipfs = new IPFS({
      EXPERIMENTAL: { pubsub: true },
      repo: `ipfs/mythereum/${Math.random()}`,
      config: {
        Addresses: {
          Swarm: [
            '/dnsaddr/ws-star.discovery.libp2p.io/tcp/443/wss/p2p-websocket-star',
            '/dnsaddr/ws-star-signal-1.servep2p.com/tcp/443/wss/p2p-websocket-star',
            '/dnsaddr/ws-star-signal-2.servep2p.com/tcp/443/wss/p2p-websocket-star',
            '/dnsaddr/ws-star-signal-3.servep2p.com/tcp/443/wss/p2p-websocket-star',
          ]
        }
      }
    })

    // IPFS node is ready, so we can start using ipfs-pubsub-room
    this.ipfs.on('ready', () => {
      this.ipfs.id((err, info) => {
        if (err) { throw err }
        console.log("Connected to IPFS as " + info.id)
        this.setState({ peerId: info.id, knownPeers: { [info.id]: this.state.player } })
      })

      this.gameLobby = Room(this.ipfs, 'game-lobby-079a4d')

      this.gameLobby.on('peer joined', (peer) => {
        let event = { event: "peer_joined", id: peer }
        console.log(JSON.stringify(event))
      })

      this.gameLobby.on('peer left', (peer) => {
        let event = { event: "peer_left", id: peer }
        console.log(JSON.stringify(event))
      })

      this.gameLobby.on('message', (message) => {
        let payload = JSON.parse(message.data.toString())
        console.log(payload)
      })
    })
victorb commented 6 years ago

@ccashwell are you getting any errors or something? What makes you sure things are not working?

Maybe it's your browser. Can you try running https://benchmark-js.ipfs.io/ and clicking "Start " in the top, then after that clicking "Run"? Should connect you to a signalling server under /dns4/star-signal.cloud.ipfs.team/wss/p2p-webrtc-star

ccashwell commented 6 years ago

Behavior

All clients over HTTP:

All clients over HTTPS:

Some clients over HTTP, others over HTTPS:

ccashwell commented 6 years ago

From IPFS benchmark: image

Is it possible this has to do with a difference between webrtc-star and websocket-star servers?

Regarding browsers, this issue is visible on a public server with clients from all over the world using various browser environments. I don't think that would make sense as a browser issue.

ccashwell commented 6 years ago

@VictorBjelkholm the "error" I'm seeing is that peers connecting over HTTPS can't see one another. Otherwise it seems to function great. I'm unsure whether this issue is related to websocket-star, the (hosted or self-hosted) rendezvous server(s), or just a weird quirk with ipfs-pubsub-room.

mkg20001 commented 6 years ago

Seems like this could be related to https://github.com/libp2p/js-libp2p-webrtc-star/issues/142

wasalm commented 6 years ago

I have the same problem and I found a workaround. In my case I have to change /ip4/10.0.0.106/tcp/443/wss/p2p-webrtc-star/ to /dns4/10.0.0.106/tcp/443/wss/p2p-webrtc-star/ This suggest that there is an error in the ipv4 url parser.