Piasy · Shark-y · Sep 14, 2020 · Sep 15, 2020 · Mar 21, 2021 · Mar 28, 2021
diff --git a/README.md b/README.md
@@ -1,6 +1,19 @@
-# WebRTC-Docker
+# WebRTC-Docker for SSL
 
-Out-of-the-box docker images for AppRTC dev/test purpose.
+Out-of-the-box docker images for AppRTC dev/test purposes. Updated for SSL support.
+
++ Deploy the super slick https://appr.tc/ in your local docker env for personal enjoyment.
++ Note: FireFox/Chrome require valid SSL certificates to open WebRTC Audio/Video streams and thus run AppRTC
+
+SSL Changes:
+
++ CA cert/key provided using Let'sEncrypt Pebble
++ SSL certs generated using hostname signed and deployed to /cert
++ GAE SSL params: dev_appserver.py /apprtc/out/app_engine --skip_sdk_update_check --enable_host_checking=False --host=0.0.0.0 --ssl_certificate_path=/cert/cert.pem --ssl_certificate_key_path=/cert/key.pem --specified_service_ports default:442
++ Collider (WS server in SSL mode): /goWorkspace/bin/collidermain -port=8089 -tls=true --room-server=0.0.0.0
++ ICE NodeJS app changed to start in HTTPS mode
++ run.sh changed to create host cert signed with CA certs using openssl
++ Docker file updated
 
 ## AppRTC-Server
 
@@ -22,6 +35,22 @@ docker run --rm --net=host \
   -it piasy/apprtc-server
 ```
 
+Manual build Linux host (must have docker installed):
++ Copy files to your Linux host: git clone https://github.com/Shark-y/WebRTC-Docker rtc
++ Navigate to: apprtc-server then chmod +x *.sh
++ Run the bash commands below
++ Install the CA certificate (chain-pebble.pfx) in your FF/Chrome cert store 
++ Open https://MYHOSTNAME/
+
+``` bash
+$ mkdir rtc
+$ git clone https://github.com/Shark-y/WebRTC-Docker rtc
+$ cd rtc/apprtc-server
+$ chmod +x *.sh
+$ sudo ./build.sh         # Build the docker image - docker build -t webrtc . (takes 5mins to build)
+$ sudo ./docker-run.sh    # create SSL certs for hostname and start servers
+```
+
 About port publish:
 
 + TCP `8080` is used for room server;

diff --git a/apprtc-server/Dockerfile b/apprtc-server/Dockerfile
@@ -5,7 +5,7 @@ EXPOSE 8080 8089 3478 3033 59000-65000
 
 WORKDIR /
 
-ENV GAE_VER 1.9.74
+ENV GAE_VER 1.9.91
 ENV GOLANG_VER 1.8.3
 ENV LIBEVENT_VER 2.1.8
 ENV COTURN_VER 4.5.0.7
@@ -15,13 +15,26 @@ ENV PUBLIC_IP 127.0.0.1
 RUN apt-get update -y
 
 # Deps
-RUN apt-get install -y build-essential vim git curl wget unzip python2.7 python-pil python-webtest python-pip libssl-dev openjdk-8-jdk && \
+RUN apt-get install -y build-essential vim git curl wget unzip python2.7 python-pil python-webtest python-pip libssl-dev openjdk-8-jdk apache2 && \
     rm -rf /usr/lib/python2.7/dist-packages/supervisor* && \
     pip install supervisor requests && \
     pip install git+https://github.com/bendikro/supervisord-dependent-startup
 
+########### Apache2 SSL vsilva
+RUN a2enmod proxy* ssl headers
+RUN a2ensite *ssl
+
+# apache 2 proxy SSL -> 8080
+#COPY apache2-proxy.conf /etc/apache2/conf-enabled
+
+# WS copy CA ssl certs
+RUN mkdir -p /cert
+COPY cert-pebble.pem /cert
+COPY key-pebble.pem /cert
+###########
+
 # NodeJS
-RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
+RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
 RUN apt-get install -y nodejs
 
 # Golang
@@ -37,6 +50,7 @@ ENV GAE_ZIP google_appengine_$GAE_VER.zip
 RUN wget https://storage.googleapis.com/appengine-sdks/featured/$GAE_ZIP
 RUN unzip $GAE_ZIP -d /usr/local
 ENV PATH $PATH:/usr/local/google_appengine
+COPY wsgi_server.py /usr/local/google_appengine/google/appengine/tools/devappserver2/
 
 # Coturn server
 RUN wget https://github.com/libevent/libevent/releases/download/release-$LIBEVENT_VER-stable/libevent-$LIBEVENT_VER-stable.tar.gz
@@ -69,17 +83,20 @@ RUN npm install -g grunt-cli
 RUN npm install
 RUN grunt build
 
-WORKDIR /
+#vsilva WORKDIR /
 
 RUN npm install express
-COPY ice.js /
+COPY ice.js /apprtc
 COPY constants.py /apprtc/out/app_engine/constants.py
 
 # Clean up APT when done.
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 COPY apprtc_supervisord.conf /
 
+# vsilva
+RUN mkdir /webrtc_avconf
+
 COPY run.sh /
 RUN chmod +x /run.sh
 CMD /run.sh
diff --git a/apprtc-server/apprtc_supervisord.conf b/apprtc-server/apprtc_supervisord.conf
@@ -24,7 +24,7 @@ autostart=true
 events=PROCESS_STATE
 
 [program:ice_server]
-command = nodejs /ice.js
+command = nodejs /apprtc/ice.js
 stdout_logfile = /webrtc_avconf/ice_server.log
 stdout_logfile_maxbytes = 20MB
 stdout_logfile_backups = 500
@@ -36,7 +36,7 @@ autostart=false
 dependent_startup=true
 
 [program:collider]
-command = /goWorkspace/bin/collidermain -port=8089 -tls=false --room-server=0.0.0.0
+command = /goWorkspace/bin/collidermain -port=8089 -tls=true --room-server=0.0.0.0
 stdout_logfile = /webrtc_avconf/collider.log
 stdout_logfile_maxbytes = 20MB
 stdout_logfile_backups = 500
@@ -48,7 +48,7 @@ autostart=false
 dependent_startup=true
 
 [program:apprtc_rs]
-command = dev_appserver.py /apprtc/out/app_engine --skip_sdk_update_check --enable_host_checking=False --host=0.0.0.0
+command = dev_appserver.py /apprtc/out/app_engine --skip_sdk_update_check --enable_host_checking=False --host=0.0.0.0 --ssl_certificate_path=/cert/cert.pem --ssl_certificate_key_path=/cert/key.pem --specified_service_ports default:442
 stdout_logfile = /webrtc_avconf/apprtc_rs.log
 stdout_logfile_maxbytes = 20MB
 stdout_logfile_backups = 500

diff --git a/apprtc-server/build.sh b/apprtc-server/build.sh
@@ -0,0 +1,3 @@
+#
+
+docker build -t webrtc .
diff --git a/apprtc-server/cert-pebble.pem b/apprtc-server/cert-pebble.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAjigAwIBAgIIEgmTTjWiyQAwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
+AxMVUGViYmxlIFJvb3QgQ0EgMTdkODIzMCAXDTIwMDkxMzAyNTcwNVoYDzIwNTAw
+OTEzMDI1NzA1WjAoMSYwJAYDVQQDEx1QZWJibGUgSW50ZXJtZWRpYXRlIENBIDc5
+ZWQ4OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/lIebn+Ti8jPUP
+pseY+Du73oWhzFmBtGyfG04alMG8PpUCDa+XclCTU4cmDo7ZL7+WaPFFymlKDfUl
+GgmNjDEw0JmuBdy5rdXZxUngmX4qMYBq+pfvU/qKiI9DKYMq0+C0blSSitrr17I8
+vs3WrGvh59cmD0euBZPsRCy77Q7/1PrIDAHGUvctuZzbhMtrJRIFjU48k66tiOaE
+6dZBYRVjwdzwULeUBUiqMNpg0J8iYwx85VSPIMwJKdFxCqP0hSJR+ATpYNfjqbTb
+DOYaswiNbFXP5Y4R1TNZi7lT7MBTKKODjjVIgjju+x/qOW75gB2BCzD+rYZ9nEzZ
+NrXzedECAwEAAaOBgzCBgDAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFqpcFY3
+K7Y6BhNXt1wffAV4PgdgMB8GA1UdIwQYMBaAFP5M3plGqHBGy2U27RipmWRqZV9r
+MA0GCSqGSIb3DQEBCwUAA4IBAQAkSncjMv5pOA/3GR52GQgIEhB1NdxJkGRu6AQ+
+PDLsvTK1WsUJCJhkjB6xalmoFe2oetrVS4sGnkFEO3UNAJWGe7euoyfDufr/fXZ+
+X9ZEbVLuh57zpD5LFZwiMxd18U2BmDrDd9Qyx0V+hPjhOfAY/RfTgq8PdJ9m8IF2
+TF0QGPKr9XEjkdIe9QvCKN03lqHh75Ev7CQ2wirbmDSJF7mrAozdYDItojIGZxgr
+hcJIghOO4O7GLeZQfB6IRozDk6dFdaEOZSEgaPbzGEm3HeImxtQPElY5WPJTxlub
+2PXtg3FkFoir4UYjJeGtuDoF755uCFbSkVRzvlkJjq7WKP0Q
+-----END CERTIFICATE-----
diff --git a/apprtc-server/chain-pebble.pfx b/apprtc-server/chain-pebble.pfx
diff --git a/apprtc-server/constants.py b/apprtc-server/constants.py
@@ -37,7 +37,7 @@
 #   }
 # ]
 
-ICE_SERVER_BASE_URL = 'http://SERVER_PUBLIC_IP:3033'
+ICE_SERVER_BASE_URL = 'https://SERVER_PUBLIC_IP:3033'
 ICE_SERVER_URL_TEMPLATE = '%s/iceconfig?key=%s'
 ICE_SERVER_API_KEY = os.environ.get('ICE_SERVER_API_KEY')
 
@@ -81,3 +81,6 @@
 
 # BigQuery table within the dataset.
 BIGQUERY_TABLE = 'analytics'
+
+# vsilva
+HEADER_MESSAGE = 'Web RTC'
diff --git a/apprtc-server/docker-run.sh b/apprtc-server/docker-run.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+ip=`hostname -i`
+
+if [ "$1" != "" ] ; then
+	ip=$1
+fi
+
+#docker run --rm --net=host -e PUBLIC_IP=`hostname -i` -it webrtc
+docker run --rm --net=host -e PUBLIC_IP=$ip -it webrtc
diff --git a/apprtc-server/ice-http.js b/apprtc-server/ice-http.js
@@ -0,0 +1,40 @@
+var express = require('express')
+var crypto = require('crypto')
+var app = express()
+
+var hmac = function (key, content) {
+  var method = crypto.createHmac('sha1', key)
+  method.setEncoding('base64')
+  method.write(content)
+  method.end()
+  return method.read()
+}
+
+function handleIceRequest(req, resp) {
+  var query = req.query
+  var key = '4080218913'
+  var time_to_live = 600
+  var timestamp = Math.floor(Date.now() / 1000) + time_to_live
+  var turn_username = timestamp + ':ninefingers'
+  var password = hmac(key, turn_username)
+
+  return resp.send({
+    iceServers: [
+      {
+        urls: [
+          'stun:SERVER_PUBLIC_IP:3478',
+          'turn:SERVER_PUBLIC_IP:3478'
+        ],
+        username: turn_username,
+        credential: password
+      }
+    ]
+  })
+}
+
+app.get('/iceconfig', handleIceRequest)
+app.post('/iceconfig', handleIceRequest)
+
+app.listen('3033', function () {
+  console.log('server started')
+})
diff --git a/apprtc-server/ice.js b/apprtc-server/ice.js
@@ -1,6 +1,12 @@
 var express = require('express')
 var crypto = require('crypto')
 var app = express()
+const https = require("https"), fs = require("fs");
+
+const options = {
+  key: fs.readFileSync("/cert/key.pem"),
+  cert: fs.readFileSync("/cert/cert.pem")
+};
 
 var hmac = function (key, content) {
   var method = crypto.createHmac('sha1', key)
@@ -18,6 +24,13 @@ function handleIceRequest(req, resp) {
   var turn_username = timestamp + ':ninefingers'
   var password = hmac(key, turn_username)
 
+	// http://expressjs.com/en/4x/api.html#res.set
+	resp.set({
+		'Access-Control-Allow-Origin': '*',
+		'Access-Control-Allow-Methods': 'DELETE,GET,PATCH,POST,PUT',
+		'Access-Control-Allow-Headers': 'Content-Type,Authorization'
+	});
+
   return resp.send({
     iceServers: [
       {
@@ -35,6 +48,8 @@ function handleIceRequest(req, resp) {
 app.get('/iceconfig', handleIceRequest)
 app.post('/iceconfig', handleIceRequest)
 
-app.listen('3033', function () {
+app.listen('4033', function () {
   console.log('server started')
 })
+
+https.createServer(options, app).listen(3033);
diff --git a/apprtc-server/key-pebble.pem b/apprtc-server/key-pebble.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAn+Uh5uf5OLyM9Q+mx5j4O7vehaHMWYG0bJ8bThqUwbw+lQIN
+r5dyUJNThyYOjtkvv5Zo8UXKaUoN9SUaCY2MMTDQma4F3Lmt1dnFSeCZfioxgGr6
+l+9T+oqIj0MpgyrT4LRuVJKK2uvXsjy+zdasa+Hn1yYPR64Fk+xELLvtDv/U+sgM
+AcZS9y25nNuEy2slEgWNTjyTrq2I5oTp1kFhFWPB3PBQt5QFSKow2mDQnyJjDHzl
+VI8gzAkp0XEKo/SFIlH4BOlg1+OptNsM5hqzCI1sVc/ljhHVM1mLuVPswFMoo4OO
+NUiCOO77H+o5bvmAHYELMP6thn2cTNk2tfN50QIDAQABAoIBAFAYWnQtjbUzFjUI
+AxaG9QoPIPe1xgSsKXIj/WyReiTWJE9GOQ7VgWkFc9kGYlKCTx3cvXLm7+7wLq+3
+RySz6B8YAdaJytv3kzHFpcNNI/aEMknOzPrg4yNk0+VX0mqnQH2WRJJO2gmyDFl3
+fmjj+XkNL7KhmRPiA19HAhuag7R3/hc2ide4o6XpEKmnfc88Jhi5DzhFkeAfdVNQ
+Mc76DKfiORISbxzCCT/fTjazMKQSE1bzTRxRmklT7bGusEXmhfr3PIABcmN2xYE0
+9yNZ8i07tifHocpssxcOwExtYgMlO7GJcDlbJxxO/Ou86JKARG5gEglBHKpPDQ0s
+hOfUThUCgYEAwabCm3JoYy8e+Gy3znn+MPSkyK86AtDspUFrA6rNhzw6TrWO5hNz
+ORMP0F8uLaZ6/YIoyDd1A8klcQ9J/iJ+r7yDJRpXD4zhwyLIp6U5C+Z4avTqz0CU
+wTlveDFygteCTWulw9UkoE6jbNqIRcp7Ad2MulmulC+eX+77DRquci8CgYEA02AW
+blnmc/v0mIIWWcIVWTN17qZRgPPzpI+fGHMl97MR2H5+5DnNLAwdCgphl+lnO0xo
+V1obnRX+MBoOZFhrzGsb3UUnQYazIiu2PHutdvKv0NMNHBaePyPUayPFwjWtvEcS
+R9bCmVf1GQPPisukKG+Qn4cp/6hFAySwRVFd0/8CgYAcFHE9lx5Z23hTL3iLoRbh
+xGesjfQMen0GDXFWC8tXo70UsrDw3bskeIYfgd2xUuWcouYE+j2meeFK/puNFTVn
+iB9AHwymvZfy8rVD0eputlGZuL/fo46uYgSu2gSvwk4rqcNUnTB9akm6PAnsjMq/
+X3/Lebud0zXU1VNj+A15kwKBgGwoGJIykgb6/zciKUmYU9Am0stgcwfmy96CVsft
+85mBGTqLz2X8ZY2KTTmcAj/3AAmJmUJJKyP/4ua+DmsuC0q367QW9HVE9VggwcjF
+CAd7OpdBxs1+jU6FiOWhkklDqjhSrXnw2/YW2aUJHCNK/B5sp7XZNZZJhbaMCV4O
+ulIFAoGActtKw2pEieUkShJnYBvZHSIGhEncRt/p09XkHoUzyiKwXVAOLof/V/Z9
+nFwdW2+3aTb/H7ZmEsj6dzdJc4ZsV5mZfoL0mJ3Tn6heFBcVAGoS7U2c0rdQSkrC
+34Vu8Of2sYg7Ww4Jw1kc3OIEyCGIcWUtO5623H2GLtxs3R7y0Bs=
+-----END RSA PRIVATE KEY-----
diff --git a/apprtc-server/run.sh b/apprtc-server/run.sh
@@ -1,7 +1,30 @@
-sed -i "s/SERVER_PUBLIC_IP/${PUBLIC_IP}/g" /ice.js
-sed -i 's/wss:\/\//ws:\/\//g' /apprtc/out/app_engine/apprtc.py
-sed -i 's/https:\/\//http:\/\//g' /apprtc/out/app_engine/apprtc.py
+#PUBLIC_IP=`hostname`
 
+sed -i "s/SERVER_PUBLIC_IP/${PUBLIC_IP}/g" /ice.js
 sed -i "s/SERVER_PUBLIC_IP/${PUBLIC_IP}/g" /apprtc/out/app_engine/constants.py
 
+# vsilva
+# Generate ssl certs for domain
+echo "Generating SSL certs for domain $PUBLIC_IP"
+domain=$PUBLIC_IP
+openssl req -subj "/CN=$domain/O=C1AS/C=US" -newkey rsa:2048 -sha256 -nodes -keyout $domain-key.pem -out $domain.csr -outform PEM
+openssl req -in $domain.csr -text -noout -verify
+openssl x509 -req -in $domain.csr -CA /cert/cert-pebble.pem -CAkey /cert/key-pebble.pem -CAcreateserial -text -out $domain.pem -days 1024 -sha256
+
+# copy to proper place (collider WS server)
+mv $domain.pem /cert/cert.pem
+mv $domain-key.pem /cert/key.pem
+
+# apache2 SSL (deprecated)
+#cp /cert/key.pem  /etc/ssl/private/ssl-cert-snakeoil.key
+#cp /cert/cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+#echo Starting apache server
+#service apache2 start
+
+echo "************ STARTUP ******************"
+echo "* PUBLIC_IP=${PUBLIC_IP}"
+echo "* Open https://${PUBLIC_IP}"
+echo "***************************************"
 supervisord -c /apprtc_supervisord.conf
+