From b1c8419af57c7806379ae2adf175a679199c534d Mon Sep 17 00:00:00 2001 From: Sergiu Toma Date: Wed, 26 Feb 2025 10:24:09 +0200 Subject: [PATCH] LINXD-2836: Add connection type(udp, tcp) configurable from env --- .env | 13 ++++++++----- .gitignore | 1 + README.md | 19 ++++++++++++++++--- app.js | 6 +++--- server/ssl/cert-old.pem | 22 ++++++++++++++++++++++ server/ssl/cert.pem | 25 ------------------------- server/ssl/key-old.pem | 28 ++++++++++++++++++++++++++++ server/ssl/key.pem | 28 ---------------------------- 8 files changed, 78 insertions(+), 64 deletions(-) create mode 100644 server/ssl/cert-old.pem delete mode 100644 server/ssl/cert.pem create mode 100644 server/ssl/key-old.pem delete mode 100644 server/ssl/key.pem diff --git a/.env b/.env index 70ba1d1..7dc482e 100644 --- a/.env +++ b/.env @@ -1,7 +1,10 @@ PORT=3000 -IP=0.0.0.0 # Listening IPv4 or IPv6. -ANNOUNCED_IP=185.8.154.190 # Announced IPv4 or IPv6 (useful when running mediasoup behind NAT with private IP). -RTC_MIN_PORT=2000 -RTC_MAX_PORT=2020 +IP=0.0.0.0 # Listening IPv4 or IPv6. +ANNOUNCED_IP=192.168.1.199 # Announced IPv4 or IPv6 (useful when running mediasoup behind NAT with private IP). +RTC_MIN_PORT=40000 +RTC_MAX_PORT=49999 SERVER_CERT="./server/ssl/cert.pem" -SERVER_KEY="./server/ssl/key.pem" \ No newline at end of file +SERVER_KEY="./server/ssl/key.pem" +ENABLE_UDP=true +ENABLE_TCP=true +PREFER_UDP=true \ No newline at end of file diff --git a/.gitignore b/.gitignore index 8225baa..140e5f9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /node_modules /dist +.idea \ No newline at end of file diff --git a/README.md b/README.md index 712a9c6..d8ae7d2 100644 --- a/README.md +++ b/README.md @@ -6,14 +6,27 @@ 1. Go to `/server/ssl` 2. Execute `openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem` - ### Development ##### To start in development mode you must: 1. Install the dependencies `npm install`. -2. Run the `npm start:dev` command to start the server in dev mode. -(Any change will trigger a refresh of the server) +2. Go to the linx-devops project and run the `create_certificate_for_domain.sh` script from `private-system-trusted-cert`, it expects an ip/domain as the first argument. + ex: `sh create_certificate_for_domain.sh 192.168.1.199` + (Use your private IP-address) + +3. You need to update the Video Server in the provisioning to point to your private IP. ex: https://192.168.1.199:3000 + +4. The generated files must be moved to server/ssl and renamed as follows: +- device.key -> key.pem +- nginx-selfsigned.crt -> cert.pem + +5. Go to https://dev.linx.safemobile.com/dispatcher/resources/help/LINXHelp.html#safemobile-certificate-import and import the certificate for your system type + +6. The ANNOUNCED IP in .env must be configured to use the same private IP used in generating the certificate. + +7. Run the `npm start:dev` command to start the server in dev mode. + (Any change will trigger a refresh of the server) ### Production diff --git a/app.js b/app.js index adbf45e..f9e5b00 100644 --- a/app.js +++ b/app.js @@ -555,9 +555,9 @@ const createWebRtcTransportLayer = async (callId, callback) => { announcedIp: process.env.ANNOUNCED_IP, // Announced IPv4 or IPv6 (useful when running mediasoup behind NAT with private IP). }, ], - enableUdp: true, - enableTcp: true, - preferUdp: true, + enableUdp: process.env.ENABLE_UDP === 'true', + enableTcp: process.env.ENABLE_TCP === 'true', + preferUdp: process.env.PREFER_UDP === 'true', }; // https://mediasoup.org/documentation/v3/mediasoup/api/#router-createWebRtcTransport diff --git a/server/ssl/cert-old.pem b/server/ssl/cert-old.pem new file mode 100644 index 0000000..2829852 --- /dev/null +++ b/server/ssl/cert-old.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIUfpwrZVz3ogv3YeXbtL5wqIGEXGMwDQYJKoZIhvcNAQEL +BQAwZzELMAkGA1UEBhMCUk8xDTALBgNVBAgMBEFsYmExDTALBgNVBAcMBEFsYmEx +DDAKBgNVBAoMA0FBQTEQMA4GA1UEAwwHQUFBIENPTTEaMBgGCSqGSIb3DQEJARYL +YXNkQGFzZC5jb20wHhcNMjUwMjE4MTAwMDM5WhcNMzUwMjE2MTAwMDM5WjBnMQsw +CQYDVQQGEwJSTzENMAsGA1UECAwEQWxiYTENMAsGA1UEBwwEQWxiYTEMMAoGA1UE +CgwDQUFBMRAwDgYDVQQDDAdBQUEgQ09NMRowGAYJKoZIhvcNAQkBFgthc2RAYXNk +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7itjfKeuH5+f7c +43gAI+ppmxiwvzqhHLmkmlQrVbSC+P93yGekHIuXpbM3sqGRnvSJL3c9SIEdtVVj +yfJCs6KIsujxtiGn3hgQD01B6LqzFjSKnfYSGz8XDsjFW8cnpD1yRi3J7DhUjleM +bhQ0ileu9joS2OOhf84mtOkXJyY8q9xJH4ypimogcR98eM6ewnrb5Vhjo8YDaix2 +6rceNmO/g4biknhXnBGc58/MnyAHtwzZxsu/k1IYtZuBYMPcAo7CQEX4XxXqQpaF +zaaoEUYB8KzVDlsr+i5SJzLtrHkyiuJijHq6YyOFkTwUULuJ7Wz0YL1redDCZV4i +EIVzBAcCAwEAAaNTMFEwHQYDVR0OBBYEFErSYY3J7ukx2KaRcHmazbMlKNBlMB8G +A1UdIwQYMBaAFErSYY3J7ukx2KaRcHmazbMlKNBlMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAC3TQY6jMGeHIEDEYS7sUbNZxe+azdDlx0DdwgLK +t+Zo2O40F55nVTZOUfypjCnLJnZitekptl5P6CPGrp2VX4/C0Ok4swwr+xamsjWt +9RR9yG0IpVfnCEziT4dpBPhNf/6ilgdpnkJUWY3LO3BJhM4Js7rfP4D9NgEYHeSR +YDN3TuEbi//bp43bhDh8EBQtDx9lPGOSUiKd3I7KfRttsxvLG2wBz3M5HXRc++6p +pHE+64YfkwV5xZDvU2M/EqePLp7DdQ9g+vQ68FxI6jMCegBoz+ueyE9RhZOk/cUh +uIXwIdFowjkUXgNncuGrR1gWf1mJVCHOsdnGZf3VSykGdWg= +-----END CERTIFICATE----- diff --git a/server/ssl/cert.pem b/server/ssl/cert.pem deleted file mode 100644 index 57f2608..0000000 --- a/server/ssl/cert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEJTCCAw2gAwIBAgIURHg2am+RarQxIVY1f3CicUQgRowwDQYJKoZIhvcNAQEL -BQAwgaExCzAJBgNVBAYTAlJPMRIwEAYDVQQIDAlCdWNoYXJlc3QxEjAQBgNVBAcM -CUJ1Y2hhcmVzdDETMBEGA1UECgwKU2FmZW1vYmlsZTETMBEGA1UECwwKU2FmZW1v -YmlsZTETMBEGA1UEAwwKU2FmZW1vYmlsZTErMCkGCSqGSIb3DQEJARYcbWloYWku -Ym96aWVydUBzYWZlbW9iaWxlLmNvbTAeFw0yMjA4MDEyMjA0MjFaFw0zMjA3Mjky -MjA0MjFaMIGhMQswCQYDVQQGEwJSTzESMBAGA1UECAwJQnVjaGFyZXN0MRIwEAYD -VQQHDAlCdWNoYXJlc3QxEzARBgNVBAoMClNhZmVtb2JpbGUxEzARBgNVBAsMClNh -ZmVtb2JpbGUxEzARBgNVBAMMClNhZmVtb2JpbGUxKzApBgkqhkiG9w0BCQEWHG1p -aGFpLmJvemllcnVAc2FmZW1vYmlsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQCSEk80aBAbmWtPBLcTjFLbvVmxuzDgzrjH7h2Hg/ly8lE/o2nZ -1T2ESSuaQFsxw54ukqbj1ooQXF1DoIxSp+CiNzf/FTB6BaMkaG0ayE2Wnm2wkjKp -POnAzZgTabJoB/qeUlr9i4xiAyBhiQDk5KjdWYHxeZnSznqfIOPzAdw7ZJVYvqvT -GciHnoina5TzPUbpnLcR2LvHcLxuSuWQ6dTz/sfdZRx8lkbR3qltUazmJX+yxJJr -kagq2V3cfpfLM8DOzPPEzuKHM6sK6ZgTqbc4ti+ul7Q1V+e0v2xNDtuYHkbaOuyd -ucmaZ3R++0ryoWWan5OFWZIKjttKy/yq8MUrAgMBAAGjUzBRMB0GA1UdDgQWBBSM -nlDraef71C/filHpA7dDpwmB7zAfBgNVHSMEGDAWgBSMnlDraef71C/filHpA7dD -pwmB7zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBNySms9mXG -PVOmFAm9YjMjRY+cUpa0Gm6saxp9VOyrAg2KzdwG6LNGgauNsIra1ytM40NASspN -r+L49gUCmASUGOqeZCpJjkKAsGspQ4WQKKI6YW8h5dsSuud2qyQtm+w1RKDq+wih -A+B82xWXcFFd52gp6nerib4Pf9ATooOmBMCHFZwC+74sKCv7fXDlzLGdCII8lmI4 -uq5eFrSS1NeT3iQCwGb9SHfyFkCliaEdpskqmWhonckN0tJVV118SvknV/h9oIsw -uEMIib6YOBlrU+FInnpqpc8VuR4vv0Yro9XrvmurzLuN8k/lVVkr6NMzyNY9mbkF -9p/Sxd5yIeam ------END CERTIFICATE----- diff --git a/server/ssl/key-old.pem b/server/ssl/key-old.pem new file mode 100644 index 0000000..05ebbb9 --- /dev/null +++ b/server/ssl/key-old.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+4rY3ynrh+fn+ +3ON4ACPqaZsYsL86oRy5pJpUK1W0gvj/d8hnpByLl6WzN7KhkZ70iS93PUiBHbVV +Y8nyQrOiiLLo8bYhp94YEA9NQei6sxY0ip32Ehs/Fw7IxVvHJ6Q9ckYtyew4VI5X +jG4UNIpXrvY6EtjjoX/OJrTpFycmPKvcSR+MqYpqIHEffHjOnsJ62+VYY6PGA2os +duq3HjZjv4OG4pJ4V5wRnOfPzJ8gB7cM2cbLv5NSGLWbgWDD3AKOwkBF+F8V6kKW +hc2mqBFGAfCs1Q5bK/ouUicy7ax5MoriYox6umMjhZE8FFC7ie1s9GC9a3nQwmVe +IhCFcwQHAgMBAAECggEAMJWSjGuwUCDoZNqC2PGsMoczjxq5aWpFXejL0P2AoGOv +jZJGwz5Nd6ge6BkWkbH3M8VQ+/fwotBVbYjrBwq8HvPNGaYf1bwctqIryt2qJw7a +6X+Yid986NdtD2PQIsXvsyYJP7FDuuimnBjlkaX3yi6BhDF026co2OcYJ7WZZM0e +nc6JR7wGFZM3Dw3ybFvGrK4k7/Iq2N6wqedzCOvDbLXUC16UtmRVIOuiuNm+THrl +BiD37AKwB/LZRcdSQ1HeiWlK42Zc+IikHPJhl0PACcJNFNB3u2rdP8maSu5aMLku +yHnKCz6w9C1vDKrI/iszW2QCky+mGBD9WKK2u6hxFQKBgQDtcfL8hMKj6Ki/dsqR +McGPs1rLgZFAH9axubUth0uLdsEQDZtkoJIzXt8RLS3exuHMKt+Ln6YAOEhKm8Cl +OqIg0E/8SNi7QryU9yfqFqcE2QBZL0QVtvYZeUuiHIOrpc0bmTdNvp8i7zWw/oz6 +ymeJ6vpEWKDpOvUnfm79XJbh+wKBgQDNzVjUNfo5s6QNnZlJvwI3J2mAsfLMVQxp +++P41f+dUCoAsEPujxASthdDxRND9oIfsTodA+VkrlLhs1JyTe4PlPcfSl7D5QSV +ayXVHF9iLbGM8fWMf6zBTebdaw9GqY3KTOHBH+X+JOHPP9dI6a4l7Ok8tFE9ia8M +G8Ce7djUZQKBgDSfGDaWRXyFx0AHV4Ut/bOXD/whzsrjQ3VHrrtUTI2v18FzAoke +fMgdslngJVZFxSy2I6yRyPwrfPnr4pm7kMqs380NZ9q4Q4rP62yZcJJGdSlOrEwT +rB6hHv3iS9vydq4zGmqEYEghs0hyYVQDH0cVaDlVWvPVORdzka1co6OZAoGBAJHl +TV/DlExrqZVtcEnzeyKWchimDjYE5PQNeiPhsYBYYC50xvPLv91D8WI9x9aaXs0Q +2t3O8URawK74bS5TSL0LIdWw51WAeatjdkKKBqSXOBNvRGAB8vpmu4+kYgP6F2ae +8jvy3R06EErYO0qZPrfsJ7y9KAq0HMA8vGTuwJRxAoGBAMfWJLseheDXKUXndnR9 +ovNA+spTTFECtoLwhWxwgoL3GYVqSA96RfnmdKHY4d5isQ1g/JN05Uo6bL7HKJCG +BwS9WCsa6fHhbJR31fP16UQNNknNSwTtUoeJavwarQ7MB5CT9Fz5HsaC4NGaQkve +86Barwb6tt4iu4Y8a2bcG/sE +-----END PRIVATE KEY----- diff --git a/server/ssl/key.pem b/server/ssl/key.pem deleted file mode 100644 index 773d149..0000000 --- a/server/ssl/key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCSEk80aBAbmWtP -BLcTjFLbvVmxuzDgzrjH7h2Hg/ly8lE/o2nZ1T2ESSuaQFsxw54ukqbj1ooQXF1D -oIxSp+CiNzf/FTB6BaMkaG0ayE2Wnm2wkjKpPOnAzZgTabJoB/qeUlr9i4xiAyBh -iQDk5KjdWYHxeZnSznqfIOPzAdw7ZJVYvqvTGciHnoina5TzPUbpnLcR2LvHcLxu -SuWQ6dTz/sfdZRx8lkbR3qltUazmJX+yxJJrkagq2V3cfpfLM8DOzPPEzuKHM6sK -6ZgTqbc4ti+ul7Q1V+e0v2xNDtuYHkbaOuyducmaZ3R++0ryoWWan5OFWZIKjttK -y/yq8MUrAgMBAAECggEAMRH1iaVrw9nGMsViuy5op2j0uMApq1vGt2NGiD/NjM/a -e4ZqCMOZ5tatzyPPfug4O20Io4Fu4BAnRJCqkxnSXKwwI4D6yAMcyx5JiLXBWtfe -AXMbkb7kx+BJNjxLsqb7ijQgXQyEHGjwd9OOeVZXZAStonE3O5ohl1N1QC1fzpN5 -qBFPaAiNhZgaxrB+pp/uRruZXzNGCwLdhpd2HuryJfxkaAD53mqpHwHJbM7wRQl4 -NJCbFR/lf4sqPO7zWJGyfU8fFVLuNspSW8AdLcsapOUSMhXTEU+vKbdWM+MYRNuk -ltJVWG1nPkbyyGQoUNEh4rSFOX+3aiN435qkPw7wAQKBgQDEPFQJe+2DpS+M0zvq -sZVVkEDxwGZfHnO0h57C4dsGPyLSX7A1r+EM8ooZhCgrXZFru3EDzFuO5isCIeml -bBET5q2qGEozdb+wUfcHOBZZKR4imY0SYi3lyJdxBeNIOPhUkEpOg3uo2RRklpi6 -Fk4LYXReJ+t36yZyocTn3PfmxwKBgQC+juTHoJGZjqWtVMygUC8kP5G5GXxY9Yk1 -7j4Iv8ok1c5xWM6N4GBNG9rKKOD7WQX4dD9IOs35pZqGDaNE44q7na9UabRFR92M -I+VAsi1Q2gQPyihW84ESXw6uH85pO5FfGO3fF/ppLXBCVYN85VT+1HFxG+Je2GXE -50/3e4Q6fQKBgBl/zVu+IsrseBVQjYSdts37hLTlT2gkyNw4k0S3nIJfSeMUVA1l -4VSRX6iZJ68a5X6eSL05nNwgxI3uYjIArOdtHjvwFBRDxLjgrbzeaOkFEslkMpSk -9VnaivNA1JvZ60rxxPYW18bFDoVTnFzx8QpBi6GAhnR6tfBHXRLT/9KZAoGAStHI -OiltgaFko73b6kYRfGYJTWgYTsV5bldwu/ax4+ye9hosX8Btj1kUerO6QnYdxgO+ -pRmRrie7mE7agD3nRusO4FHwmhMxhcjCRriu2kP/vENfu2Q4lYIFPZD3dpIQ7gnX -u/SqOYnBvgndariQus2nDQYpx5unubwoxb8Vl/ECgYAV7nkyMjkakwbFyiAsUMz6 -QvSxWC+x5OBv79Nm02bgecdwJny/PULA/R/KHNI/WXHSkM2DdeoMv4XZPdI8TNRo -bBD217yfRfOMIX2jIhZeTtTAIiOafBdIG0fUtM9nMPkgQGTvgM0FZPdfAtNY/nFu -xvrhZIQLy0ujoDPPBE8+3Q== ------END PRIVATE KEY-----