Recently i've been choosen as backend lider for course on my studies. We are suppossed to write BE for chat app that will allow users to communicate p2p without any server code (i know it means that there's no BE, but my proffessor isn't technical person). I've asked him if it could use webrtc, but he didn't like the idea of using STUN and TURN servers. So my main question is, is this possible at all? We are talking about an app that will run in browser, not directly in OS. And if it is, what protocols/apis can we use to achieve that?
I am not sure if I get your question right, so here are some general informations:
WebRTC as a P2P API relies heavily on servers.
"ICE":
To connect one Peer to the other Peer, the peers need to know their IP address to exchange data. They can "ask" their OS for the registered IP, but this will only yield 127.0.0.1 and their local Network IP. This works for connections on the same computer or between computers in the same local network, but it will fail for everything else.
The ICE Servers STUN and TURN are necessary, since your browser clients are behind your Routers Network Address Translation (NAT). STUN gets the NATs IP Address and Port and TURN forwards Packets as a known, public IP Address if STUN fails.
"Signaling":
Let's assume, that your Peers know their own reachable IP-Addresses (- probably the NATs IP and Port by using STUN and maybe even TURN). Even IF (!) they know their reachable IP, they have to tell the other Peer that this IP is in fact, their IP and the IP to use to contact them. They also have to tell the other Peer some other technical information to make the transmission of data work. To use WebRTC, you need to have a WebSocket-Server (or a combination of Server-Sent-Events and HTTP Post Messages), which forward this information.
After everything is established (they know their respective IPs and Ports, technical information, etc.), you can then send data over WebRTCs DataChannels.
My Advice:
Do not use WebRTC for the given use case. If you do not want to use a Backend-Server, you have to search for "serverless" Web-Apps. P2P will always rely on some sort of server to start the connection. If you use a "serverless" architecture, someone else is hosting the server / chat service you want to use (also commonly referred as "cloud based"). If it is about hosting costs for a prototype app, you may have a look at heroku.com, aws.amazon.com, zeit.co, firebase.google.com or other hosting providers with free, limited (test) plans.
Related
My goal is to create a p2p serverless web application and I'm not completely clear on the possibilities yet. I figured there was a need for peer discovery and that there would be NAT issues. After that, I searched on Google and read a lot of articles, I came to the conclusion that WebRTC is my only bet. However, there is a thing that I don't understand:
Why is it not possible to create a p2p connection through simply sending a sharable link with connection info in the GET parameters of the URL that only contains the offer? If Alice sends her public IP (and whatever else is in the offer) to Bob via example.com/?info=<IP_ADDRESS>&info2=<OTHER_STUFF>, then why can't Bob immediately connect to Alice? Why does Bob need to send a response to a signalling server?
This answer seems to suggest it's not possible: Establishing WebRTC peer connection
But I don't get why, there should be enough info. Is it a trust issue?
Is it possible with any technology (i.e. not only WebRTC) to create a p2p application in which only Alice sends her info and Bob can respond back to Alice by using the IP-address of Alice?
I implemented the following to get p2p working https://github.com/chr15m/bugout
He markets it as server in the browser, but it's also for peers in the browser, or clients, or any code that wants to communicate to another browser for whatever reason.
How it works: it uses open webtorrent trackers to create a peer discovery mechanism. By doing this, one does not need to implement their own signal server as they're hitching a ride from open-source infrastructure. Though, he also implemented his own signaling server. You also get STUN servers for free by doing this.
WebRTC signalling is driving me crazy. My use-case is quite simple: a bidirectional audio intercom between a kiosk and to a control room webapp. Both computers are on the same network. Neither has internet access, all machines have known static IPs.
Everything I read wants me to use STUN/TURN/ICE servers. The acronyms for this is endless, contributing to my migraine but if this were a standard application, I'd just open a port, tell the other client about it (I can do this via the webapp if I need to) and have the other connect.
Can I do this with WebRTC? Without running a dozen signalling servers?
For the sake of examples, how would you connect a browser running on 192.168.0.101 to one running on 192.168.0.102?
STUN/TURN is different from signaling.
STUN/TURN in WebRTC are used to gather ICE candidates. Signaling is used to transmit between these two PCs the session description (offer and answer).
You can use free STUN server (like stun.l.google.com or stun.services.mozilla.org). There are also free TURN servers, but not too many (these are resource expensive). One is numb.vigenie.ca.
Now there's no signaling server, because these are custom and can be done in many ways. Here's an article that I wrote. I ended up using Stomp now on client side and Spring on server side.
I guess you can tamper with SDP and inject the ICE candidates statically, but you'll still need to exchange SDP (and that's dinamycally generated each session) between these two PCs somehow. Even though, taking into account that the configuration will not change, I guess you can exchange it once (through the means of copy-paste :) ), stored it somewhere and use it every time.
If your end-points have static IPs then you can ignore STUN, TURN and ICE, which are just power-tools to drill holes in firewalls. Most people aren't that lucky.
Due to how WebRTC is structured, end-points do need a way to exchange call setup information (SDP) like media ports and key information ahead of time. How you get that information from A to B and back to A, is entirely up to you ("signaling server" is just a fancy word for this), but most people use something like a web socket server, the tic-tac-toe of client-initiated communication.
I think the simplest way to make this work on a private network without an internet connection is to install a basic web socket server on one of the machines.
As an example I recommend the very simple https://github.com/emannion/webrtc-web-socket which worked on my private network without an internet connection.
Follow the instructions to install the web socket server on e.g. 192.168.1.101, then have both end-points connect to 192.168.0.101:1337 with Chrome or Firefox. Share camera on both ends in the basic demo web UI, and hit Connect and you should be good to go.
If you need to do this entirely without any server, then this answer to a related question at least highlights the information you'd need to send across (in a cut'n'paste demo).
I'm trying to set up a cost-effective home security camera site where I can login and view the stream with very low latency. WebRTC seemed like a great solution to get very low latency and keep the connection peer to peer.
I am looking to view this from a mobile device and as a client device I am often behind a symmetric NAT. Since I know the static public IP the camera is behind and control that network I believe I should be able to create a peer connection for video without the need for a turn server I am struggling to figure out how to manage the ICE portion in this case. When I try to connect with just STUN video does not work.
Given my control of the serving peer's network, should this be possible without TURN? If so is there a way for me to sidestep/implement ICE to establish video with my known server peer IP and configuration? Or is there a better technology to use altogether that would allow very low latency?
Knowing the IP address of the camera isn't going to help you any. Since you are dealing with a symmetric NAT, the NAT device is going to bind every IP:port from inside the network reaching to an IP:port in the external network.
This means that if you pin-hole the data via a STUN server, the NAT device won't be impressed enough by that feat to let you connect into the internal network from any other machine other than that STUN server.
Which leads to the fact that you'll probably need a TURN server...
That said, you might have some issues with how you've set up the STUN server and its configuration.
An easy and rather cheap approach can be to use Twilio NAT traversal service - https://www.twilio.com/stun-turn
So a website of mine is hosted on godaddy, now I want to connect it with a server that is running socket.io, and I have some balance on digitalocean. However, I am not sure how I would do this, I think it should be like this for client side?
var socket = io.connect('http://Digital.ocean.ip.here:port');
and then server side like this
http.listen(port, function(){
console.log('listening on *:port');
});
the only thing is that if this is how I am supposed to do it (and it even is possible if it's not the localhost), than users will be able to see the ip of my droplet when they take a look in the source code, and perhaps DDOS it or maybe worse I don't know?
When I see other sites using socket.io for a chat for instance, I never see their IP. Does that mean they host their entire website on a service provider where they are able to use socket.io/node.js?
Any answer will be highly appreciated!
--Edit--
My client wouldn't accept http and therefore I decided to buy a domain and ssl so it would use https.
There's no way to every hide the IP address of a server that a browser connects to. It makes no difference whether the connection to the server is http or socket.io or any other TCP based connection. Anyone can see the IP address. So, that simply isn't something you can protect or should worry about.
In most cases, code will use a DNS host name (not an IP address), but the DNS service itself provides a way to lookup the IP address for a host name so the IP address can be fetched that way. Or, one can just load a debugger or local network snooper and easily see what IP address is being connected to. A host's IP address is simply not a secret.
If you are worried about DDOS, then you will have to implement server-side protection from those types of attacks. You can't do anything in the client to protect from those kinds of attacks.
I'm using an arduino UNO and an Ethernet Shield to create a web server to response HTTP requests.
The requests are sent by ajax XMLHttpRequest.
It's working fine with static ip address.
But a want the arduindo to get a DHCP ip, so I can use it in any local network (with DHCP).
I want to discover the ip of the arduino connected on the local network.
So I can use it as url to send HTTP requests.
Is it possible to do that in javascript?
OK, thanks for answering my questions above. That helped layout the network structure and the problem you're trying to solve.
Summary of the problem
Two computers: 1 web server whose address is dynamic (DHCP) and 1 web client running AJAX and HTML. How can browser find DHCP server?
Options
This is a classic problem solved many different ways throughout the history of computer networks. I've suggested some options below.
Scan for the server via TCP.
Scan for the server via UDP (requires special browser library).
Run a DNS server.
Have Arduino signal its IP.
Modify your router.
Don't run DHCP - use a static IP.
tl;dr - Use Option 6 if you don't control your router, Option 5 if you do.
Option: Scan for the server
I'm assuming you know your browser machine's IP address (for example, 192.168.1.17). In this case, run through all of the address from 192.168.1.0 through 192.168.1.254 (not .255 and skip you browser machine's IP) testing for a connection to port 80. This will find every web server on your subnet, so be aware you will need a way to recognize your arduino responded to the web request in case some other web server is also listening on the network. It will also take some time to set up, test and wait for timeouts on most (252) of the addresses which don't have web servers. You will eventually find it.
I'm not a fan of this one, but it gets the job done. Warning: if you don't "own" the network, someone may be angry with you for scanning their machines. A company, school or other institution may have policies about not scanning networks.
Option: UDP from the browser
This one is great, but requires a browser plug-in and some fancy coding. UDP allows one to broadcast a message to your subnet (try ping 255.255.255.255 at a command line and watch the machines echo back their IPs). If the arduino is set to listen for UDP packets on a particular port, it can echo back to the sender of the UDP packet and let that user know it's present. This is how DNS, DHCP, ping and Apple's Bonjour work. Many IP based systems advertise services by responding to UDP requests. Clients need not know the address of the servers on the subnet, they discover them through broadcast messages on well-known UDP ports.
Unfortunately, this requires a browser modification because Javascript does not support UDP for security reasons. I understand this and agree with the security restriction. However, it has cut out a really nice feature of dynamic service discovery. If you're on Apple on the browser, you might be able to find a Bonjour emulator you can run on the Arduino and it might work ("arduino.local" might attach). This might be possible with Windows service discovery, too, if you're using a Windows client for your browser. I don't know what's available in Linux for service discovery.
I don't like any of these modifications for you. Browser, Arduino (Apple, Windows or Linux), just because it adds more moving parts and you're counting on the browser to "know" how to find the service.
Option: Run a DNS server
This isn't as bad as it sounds, but I'm not sure the Arduino could handle it. Find a very small DNS server written for the Arduino and have it respond to DNS requests. On the browser, look for a well-known machine name (e.g. "my-arduino.lan"). This essentially finesses the UDP problem above by making the Arduino the UDP server (handles DNS requests) and the browser already has name resolution s/w (like every machine on the planet).
I didn't search for Arduino DNS code, it might be too large for the Arduino and writing it may be a real PITA (pain in the butt).
Option: Arduino signals IP
In this model, you can attach a LCD to the arduino and have it present its IP address on the display. Alternatively, the arduino can send a message (via TCP) to a well known server on the network (internet or otherwise) reporting its IP address there. Your browser can query that server, pick up the IP address and then contact the Arduino directly. This introduces a 3rd machine and acts like your own hacked form of DDNS (look it up, if you're not familiar with it).
Option: Modify the router
If you own the router, you can modify the router to assign a specific IP address to the Arduino, even with DHCP. This is your best bet. Here, you control the network, can allow the Arduino to come up in DHCP while still fixing its IP address. You'll have to go through your router API (web or CLI) and figure out how to do it, it's a bit hard directing you as there are thousands of types of commercial and SOHO routers.
If you don't control the router...
Option: Use Static IP
This option is really your best. Give up on DHCP and just set the static IP of the arduino. Just make sure the IP address you pick doesn't conflict with any other servers on the subnet. That shouldn't be difficult.
I hope this helps.
The 2 best options I think:
1) When arduino starts, gets an IP address from DHCP, arduino should make a connection to a well know service provided by you. Also, each device should have an ID, defined by you during manufacturing, like mac address or part of mac address.
So, you can print on the box something like: 5c4e6f.my-well-know-host.com
Than, as I was suggesting, each time arduino starts, it tries to connect to that service passing parameters like:
POST www.my-well-know-host.com
ID: 5c4e6f
IP: 192.168.1.55
than, at that service, you update a DNS table to reflect this relation:
5c4e6f.my-well-know-host.com -> resolves to 192.168.1.55
obviously, from anywhere in the world the host 5c4e6f.my-well-know-host.com will resolve to 192.168.1.55, but you will only access it from you local network.
Tip: this is some kind of DDNS, but with network discovery purposes.
Tip2: there is an linux dns service called MyDNS, where the hosts are simply records inside a MySQL table, easy to maintain.
2) Network discovery
I don't know if arduino is capable to do it, but, the idea is to make arduino listen on a specific UDP port, like 4444, on any address.
So, you can build a windows app, and Android APP (I already made one android discovery for another purpose, not arduino), or, the best solution that I still researching on, is to make a custom page with some javascript code, that "looks" for devices listening on that specific port.
Works like that:
Device gets IP from DHCP
device starts a thread listening for broadcast packets on port 4444
a discovery app listen on another port, like 4445.
the discovery app announces itself using a broadcast packet to 4444 port (255.255.255.255:4444)
each device listening, reports back with its identification and IP to app port 4445.
This is a code to find the server ip:
<script type="text/javascript">
var ip = "<?php echo $_SERVER['SERVER_ADDR']; ?>";
alert(ip);
</script>
If you are using Johnny Five framework, then you can find APIs in that framework