mkrautz
commented
6 years ago Thank you. I have wanted WebSocket support in Murmur/Grumble for a long time -- but there are too many other issues that take up my time to be able to work on it. But I have thought about it quite a bit.
Just a few drive-by comments. Haven't done a thorough review yet:
For it to really work, I think we'd need good Let's Encrypt/ACME integration. Probably with the x/crypto/acme/autocert package. But that can always be added later. :-)
I'm happy that you've tested against https://github.com/Johni0702/mumble-web. That's what I would have suggested you test against.
The negotiation/sniffer is probably too simplistic. Also, Chrome doesn't negotiate http or h2 via ALPN? Aww. That's sad.
I've always wanted to expose the WebSocket on the native Mumble port like you've done, but perhaps we should expose it via port 443 as well. Perhaps with a protocol extension allowing you to pick the "real" port. (This is future work.)
Regarding client certs. Does Firefox bring up the picker when you connect to the WebSocket? I actually hoped that it wouldn't. I think that it's best not to use client certs directly for WebSockets, and instead move client cert handling into the application layer instead of TLS. (Mostly to avoid "bad" browser UI for client certs). Browsers are pretty clear that client certs are not something they like, so trying to force use of them via TLS is not going to work in the long term. (Not requesting a client certificate obviously clashes with the ability for WebSocket support to use the same port. So perhaps the rule should be that port 443 does not request a client cert, while native Mumble ports do.)
Hope to be able to do a full review sooner rather than later! Thanks again.
rubenseyer
NickSutton
I too dream of a Mumble on the web, so here's my attempt at giving Grumble built-in Websocket support. It's not quite ready for prime time, and would need a full-featured client to match, but I still think we can discuss the architecture. I'm a total Go noob, so any suggestions on the code are welcome as well. Sorry for also sticking another unrelated bug I found in here as well, but I didn't think a missing exclamation mark warranted it's own pull request.
(I'm using this client to test, although it isn't feature complete.)
Websockets and the Mumble protocol are exposed on the same port, since conveniently they both run on top of TLS. Protocol suggestions through NPN/ALPN are followed, but since neither the Mumble client nor some browsers (looking at you, Chrome) perform this negotiation the code looks at the first two bytes to see if they match "GE", otherwise we assume the Mumble protocol. There is no practical difference in the code for clients speaking the raw Mumble protocol. Websocket clients are upgraded and then wrapped into a mock connection which packs and unpacks messages transparently.
Even certificates work through the web, if the clients are set up correctly. The HTTP server is set to request but not force certificates. This causes Firefox to pop up a certificate selection UI, but sadly Chrome devs prefer not to (it does work if you trick it to cache a certificate for the host, but it's not very user-friendly). It's very useful to have a valid certificate for the server because the browser can otherwise silently refuse to connect.
Websockets are TCP-only and additionally has their own framing which may mess with the packets and affect performance. However, as long as the client is fairly cooperative you can tunnel voice over them with acceptable quality, although the browser really kills the performance if the tab isn't in focus. To really have full web voice support it should ideally also communicate over WebRTC (which would be UDP), but that is more complex to implement and requires an additional negotiation on the application layer which would mean a Mumble protocol extension.