-
Notifications
You must be signed in to change notification settings - Fork 381
How to deploy OWT server which can be connected from both internal and external networks
In some cases, you may need to deploy OWT server so that clients from both internal network and external networks can access. Here is a brief introduction on how to achieve this goal.
Clients will directly communicate with 3 types of OWT server modules: portal, access agents(webrtc-agent/streaming-agent/sip-agent) and webapp sample(you can customize your own webapp).
portal: The signaling server, handling service requests from Socket.IO clients.
access agents: There are 3 types of access agents in OWT server, including webrtc-agent, streaming-agent and sip-agent. Currently we don't support to deploy sip-agent in internal network while access from external network. For streaming-agent, OWT server always works as streaming client and is triggered by REST API, no need to configure the network mapping as a service. For webrtc-agent, we do provide configurations for internal and external network addresses mapping. So in this article, the access agents only refer to webrtc-agent.
webapp sample: The sample web application for reference, users should use their own application server.
Assume that there are 2 devices in local environment used to deploy OWT server, one device can only access to internal network and the other device can both access to internal and external network. The devices' info is listed as example:
device A: internal ip: 192.168.1.3 internal network access only, rabbitmq and mongodb are launched on this device.
device B: internal ip: 192.168.1.5, external ip:10.232.2.4 and the network interface for external ip is eth0. external network exposed TCP port:33004, 38080. External network exposed UDP port range: 20000-21000, this range is just an example, you can adjust the exposed UDP port range depends on the business requirement.
rabbitmq and mongodb service are launched on device A, OWT modules on device B need to connect to rabbitmq and mongodb service on device A too, so we need to modify rabbitmq and mongodb configuration so that they can be accessed from remote host with default account:
Configure rabbitmq following https://www.rabbitmq.com/access-control.html#loopback-users
Modify mongodb binding ip to 0.0.0.0
Note: this configuration is just a reference, it may have secure issue when deploying rabbitmq and mongodb, please refer to mongodb and rabbitmq deployment documents for a more secure deployment.
Launch all the OWT modules on device A, and configure region info in portal, webrtc-agent and webapp sample:
Modify portal/portal.toml:
regions = ["internal"]
Modify webrtc_agent/agent.toml:
regions = ["internal"]
Modify apps/current_app/samplertcservice.js:
var preference = {isp: 'isp', region: 'internal'};
Launch portal, webrtc-agent and webapp sample with following configuration:
Modify portal/portal.toml:
[portal]
ip_address = "10.232.2.4"
port = 38080
[capacity]
regions = ["external"]
[rabbit]
host = "192.168.1.3"
[mongo]
dataBaseURL = "192.168.1.3/owtdb"
Modify webrtc_agent/agent.toml:
host = "192.168.1.3"
[capacity]
regions = ["external"]
[rabbit]
host = "192.168.1.3"
[internal]
ip_address = "192.168.1.5"
[webrtc]
network_interfaces = [{name = "eth0", replaced_ip_address = "10.232.2.4"}]
minport = 20000
maxport = 21000
Modify apps/current_app/samplertcservice.js:
app.post('/tokens', function(req, res) {
'use strict';
var room = req.body.room || sampleRoom,
user = req.body.user,
role = req.body.role;
//Note: The actual *ISP* and *region* information should be retrieved from the *req* object and filled in the following 'preference' data.
var preference = {isp: 'isp', region: 'external'};
icsREST.API.createToken(room, username, role, preference, function(token) {
......
/////////////////////////////
//sampleserviceid and sampleservicekey should be the sampleserviceid and sampleservicekey printed on console when you run ./bin/init.sh on device A
/////////////////////////////
iceREST.API.init("sampleserviceid", "sampleservicekey", "https://192.168.1.3:3000/",false);
......
var cipher = require('./cipher');
cipher.unlock(cipher.k, 'cert/.woogeen.keystore', function cb(err, obj) {
if (!err) {
spdy.createServer({
pfx: fs.readFileSync('cert/certificate.pfx'),
passphrase: obj.sample
}, app).listen(33004, (error) => {
if (error) {
console.log('Failed to setup secured server: ', error);
return process.exit(1);
}
});
}
if (err) {
console.error('Failed to setup secured server:', err);
return process.exit();
}
});
Then clients in internal network can access to OWT with https://192.168.1.3:3004, and clients in external network can access to OWT with https://10.232.2.4:33004.