search

m1k1o / neko

A self hosted virtual browser that runs in docker and uses WebRTC.
https://neko.m1k1o.net/
Apache License 2.0
5.98k stars 449 forks source link

Docker Compose not running as expected #157

Closed DL6ER closed 2 years ago

DL6ER commented 2 years ago

I'm trying to setup Neko on my local machine for testing but fail to use the provided docker-compose script.

I tripple-checked that the file is identical with only <your-IP> being replaced (I tried my internal, my external and omitting the option altogether, doesn't seem to make a diffference). Furthermore, I tried both Firefox and Chromium. I tried this both on my local desktop as well as on a VPS connected through Wireguard. There is no firewall involved here.

Observation

I can connect to the interface at 127.0.0.1:8080 but as soon as I log in, nothing happens on the frontend. The backend being logging a lot of messages like

neko_1  | 1:43PM INF ICE connection state changed: checking module=webrtc subsystem=pc                                                                                                                     
neko_1  | 1:43PM INF connection state has changed connection_state=checking module=webrtc                                                                                                                  
neko_1  | 1:43PM WRN pingAllCandidates called with no candidate pairs. Connection is not possible yet. module=webrtc subsystem=ice                                                                         
neko_1  |                                                                                                                                                                                                  
neko_1  | 2022-03-20 13:43:05,290 DEBG 'neko' stdout output:                                         
neko_1  | 1:43PM WRN pingAllCandidates called with no candidate pairs. Connection is not possible yet. module=webrtc subsystem=ice                                                                         
neko_1  |                                         
neko_1  | 2022-03-20 13:43:05,491 DEBG 'neko' stdout output:                                         
neko_1  | 1:43PM WRN pingAllCandidates called with no candidate pairs. Connection is not possible yet. module=webrtc subsystem=ice                                                                         
neko_1  |                                         
neko_1  | 2022-03-20 13:43:05,691 DEBG 'neko' stdout output:                                         
neko_1  | 1:43PM WRN pingAllCandidates called with no candidate pairs. Connection is not possible yet. module=webrtc subsystem=ice                                                                         
neko_1  |                                         
neko_1  | 2022-03-20 13:43:05,892 DEBG 'neko' stdout output:                                         
neko_1  | 1:43PM WRN pingAllCandidates called with no candidate pairs. Connection is not possible yet. module=webrtc subsystem=ice                                                                         
neko_1  |                                         
neko_1  | 2022-03-20 13:43:06,093 DEBG 'neko' stdout output:                                         
neko_1  | 1:43PM WRN pingAllCandidates called with no candidate pairs. Connection is not possible yet. module=webrtc subsystem=ice
...

There is another warning higher up on the logs may or not be relevant here:

neko_1  | 2022-03-20 13:43:05,011 DEBG 'neko' stdout output:                                                                                                                                               
neko_1  | 1:43PM WRN could not get server reflexive address udp6 stun:stun.l.google.com:19302: write udp6 [::]:52068->[2a00:1450:4010:c0f::7f]:19302: sendto: cannot assign requested address              
neko_1  |  module=webrtc subsystem=ice

(Sort of but not really a) workaround

It does work when switching to network_mode: host but this isn't a setup I can use on my VPS (where I plan to run this setup). With host mode, the warning seen above (pingAllCandidates called with no candidate pairs. Connection is not possible yet.) is logged only once and then the login succeeds:

neko_1  | 2022-03-20 14:02:23,690 DEBG 'neko' stdout output:
neko_1  | 2:02PM INF Setting new connection state: Checking module=webrtc subsystem=ice
neko_1  | 2:02PM INF ICE connection state changed: checking module=webrtc subsystem=pc
neko_1  | 
neko_1  | 2022-03-20 14:02:23,690 DEBG 'neko' stdout output:
neko_1  | 2:02PM INF connection state has changed connection_state=checking module=webrtc
neko_1  | 2:02PM WRN pingAllCandidates called with no candidate pairs. Connection is not possible yet. module=webrtc subsystem=ice
neko_1  | 
neko_1  | 2022-03-20 14:02:23,713 DEBG 'neko' stdout output:
neko_1  | 2:02PM WRN discard success message from ([2a02:xxxx:xxxx:xxxx::51]:58913), no such remote module=webrtc subsystem=ice
neko_1  | 
neko_1  | 2022-03-20 14:02:23,714 DEBG 'neko' stdout output:
neko_1  | 2:02PM WRN discard success message from ([fd00::xxxx:xxxx:xxxx:114f]:58913), no such remote module=webrtc subsystem=ice

.... and some more, all with IPv6 addresses belonging to my machine, but then finally: ....

neko_1  | 2022-03-20 14:02:24,845 DEBG 'neko' stdout output:
neko_1  | 2:02PM INF Setting new connection state: Connected module=webrtc subsystem=ice
neko_1  | 
neko_1  | 2022-03-20 14:02:24,846 DEBG 'neko' stdout output:
neko_1  | 2:02PM INF ICE connection state changed: connected module=webrtc subsystem=pc
neko_1  | 2:02PM INF connection state has changed connection_state=connected module=webrtc
neko_1  | 
neko_1  | 2022-03-20 14:02:24,851 DEBG 'neko' stdout output:
neko_1  | 2:02PM INF peer connection state changed: connected module=webrtc subsystem=pc

I tried with disabling IPv6 on the machines

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1

to (hopefully) rule out IPv6 causing this, but the exact same issue remains (ip a confirmed all IPv6 addresses were gone).

As networking_mode: host works, I suspect a port (range) may be missing in the official docker-compose.yml?

Any suggestions?

m1k1o commented 2 years ago

I just tried the official docker compose and it works out of the box. When using networking_mode: host, WebRTC has access to all interfaces and sends their IP in SDP. Maybe you have been putting wrong IP? It must be the IP that client can reach.

You also might want to try using NEKO_ICELITE=true. It should not be required, but it simplifies and speeds up connecting procedure.

DL6ER commented 2 years ago

I tried both 127.0.0.1 and my eth0 address when trying it locally, but NEKO_ICELITE=true seems to be doing the trick. This is a very nice tool. Thanks a lot!