Skip to content

Commit

Permalink
Use go-tls-certificate-loader to load SSL certificate and key
Browse files Browse the repository at this point in the history
  • Loading branch information
@AgustinSRG
AgustinSRG committed Dec 22, 2024
1 parent f11b732 commit 8047af6
Show file tree
Hide file tree
Showing 4 changed files with 101 additions and 96 deletions.
75 changes: 38 additions & 37 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,56 +44,57 @@ You can configure the node using environment variables

### WebRTC options

| Variable Name | Description |
|---|---|
| STUN_SERVER | STUN server URL. Example: `stun:stun.l.google.com:19302` |
| TURN_SERVER | TURN server URL. Set if the server is behind NAT. Example: `turn:turn.example.com:3478` |
| TURN_USERNAME | Username for the TURN server. |
| TURN_PASSWORD | Credential for the TURN server. |
| Variable Name | Description |
| ------------- | --------------------------------------------------------------------------------------- |
| STUN_SERVER | STUN server URL. Example: `stun:stun.l.google.com:19302` |
| TURN_SERVER | TURN server URL. Set if the server is behind NAT. Example: `turn:turn.example.com:3478` |
| TURN_USERNAME | Username for the TURN server. |
| TURN_PASSWORD | Credential for the TURN server. |

### Redis

To configure the redis connection, set the following variables:

| Variable Name | Description |
|---|---|
| STAND_ALONE | Set it to `YES` if you want to disable redis and just use a single node. By default, `webrtc-cdn` will use redis |
| REDIS_PORT | Port to connect to Redis Pub/Sub. Default is `6379` |
| REDIS_HOST | Host to connect to Redis Pub/Sub. Default is `127.0.0.1` |
| REDIS_PASSWORD | Redis authentication password, if required. |
| REDIS_TLS | Set it to `YES` in order to use TLS for the connection. |
| Variable Name | Description |
| -------------- | ---------------------------------------------------------------------------------------------------------------- |
| STAND_ALONE | Set it to `YES` if you want to disable redis and just use a single node. By default, `webrtc-cdn` will use redis |
| REDIS_PORT | Port to connect to Redis Pub/Sub. Default is `6379` |
| REDIS_HOST | Host to connect to Redis Pub/Sub. Default is `127.0.0.1` |
| REDIS_PASSWORD | Redis authentication password, if required. |
| REDIS_TLS | Set it to `YES` in order to use TLS for the connection. |

### TLS for signaling

If you want to use TLS for the websocket connections (recommended), you have to set 3 variables in order for it to work:
If you want to use TLS for the websocket connections (recommended), you have to set the following variables in order for it to work:

| Variable Name | Description |
|---|---|
| SSL_PORT | HTTPS listening port. Default is `443` |
| SSL_CERT | Path to SSL certificate. |
| SSL_KEY | Path to SSL private key. |
| Variable Name | Description |
| ------------------------ | ----------------------------------------------------------------------------------- |
| SSL_PORT | HTTPS listening port. Default is `443` |
| SSL_CERT | Path to SSL certificate (REQUIRED). |
| SSL_KEY | Path to SSL private key (REQUIRED). |
| SSL_CHECK_RELOAD_SECONDS | Number of seconds to check for changes in the certificate or key (for auto renewal) |

### Authentication

Authentication options:

| Variable Name | Description |
|---|---|
| JWT_SECRET | Secret to validate JSON web tokens used for authentication in the signaling protocol. If not set, no authentication is required. |
| Variable Name | Description |
| ------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| JWT_SECRET | Secret to validate JSON web tokens used for authentication in the signaling protocol. If not set, no authentication is required. |

### More options

Here is a list with more options you can configure:

| Variable Name | Description |
|---|---|
| HTTP_PORT | HTTP listening port for insecure websocket connections, used for signaling. Default is `80` |
| BIND_ADDRESS | Bind address for signaling services. By default it binds to all network interfaces. |
| LOG_REQUESTS | Set to `YES` or `NO`. By default is `YES` |
| LOG_DEBUG | Set to `YES` or `NO`. By default is `NO` |
| MAX_IP_CONCURRENT_CONNECTIONS | Max number of concurrent connections to accept from a single IP. By default is 4. |
| CONCURRENT_LIMIT_WHITELIST | List of IP ranges not affected by the max number of concurrent connections limit. Split by commas. Example: `127.0.0.1,10.0.0.0/8` |
| MAX_REQUESTS_PER_SOCKET | Max number of active requests for a single websocket session. By default is `100` |
| Variable Name | Description |
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| HTTP_PORT | HTTP listening port for insecure websocket connections, used for signaling. Default is `80` |
| BIND_ADDRESS | Bind address for signaling services. By default it binds to all network interfaces. |
| LOG_REQUESTS | Set to `YES` or `NO`. By default is `YES` |
| LOG_DEBUG | Set to `YES` or `NO`. By default is `NO` |
| MAX_IP_CONCURRENT_CONNECTIONS | Max number of concurrent connections to accept from a single IP. By default is 4. |
| CONCURRENT_LIMIT_WHITELIST | List of IP ranges not affected by the max number of concurrent connections limit. Split by commas. Example: `127.0.0.1,10.0.0.0/8` |
| MAX_REQUESTS_PER_SOCKET | Max number of active requests for a single websocket session. By default is `100` |

## Firewall configuration

Expand All @@ -107,25 +108,25 @@ If you use a TURN server there is no need for the UDP ports to be opened, since

Check the documentation in order to connect to the nodes:

- [Signaling protocol](./doc/signaling.md)
- [Signaling protocol](./doc/signaling.md)

If you want to know about the inter-node communication protocol check:

- [Inter-Node communication protocol](./doc/redis.md)
- [Inter-Node communication protocol](./doc/redis.md)

## Client Libraries

Here is a list of available client libraries to connect to webrtc-cdn:

- [Javascript client for NodeJS and web browsers](https://github.com/AgustinSRG/webrtc-cdn-client)
- [Javascript client for NodeJS and web browsers](https://github.com/AgustinSRG/webrtc-cdn-client)

## Utilities / Experiments

Here is a list of utilities and experiments based of webrtc-cdn:

- [Video Publisher](https://github.com/AgustinSRG/webrtc-publish)
- [Forwarder](https://github.com/AgustinSRG/webrtc-forwarder)
- [Video filtering](https://github.com/AgustinSRG/webrtc-video-filter)
- [Video Publisher](https://github.com/AgustinSRG/webrtc-publish)
- [Forwarder](https://github.com/AgustinSRG/webrtc-forwarder)
- [Video filtering](https://github.com/AgustinSRG/webrtc-video-filter)

## License

Expand Down
3 changes: 2 additions & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
module github.com/AgustinSRG/webrtc-cdn

go 1.22
go 1.22.0

require (
github.com/AgustinSRG/go-tls-certificate-loader v1.0.0
github.com/go-redis/redis/v8 v8.11.5
github.com/golang-jwt/jwt/v5 v5.2.1
github.com/gorilla/websocket v1.5.3
Expand Down
Loading

0 comments on commit 8047af6

Please sign in to comment.