Streamtasks is build on a robust and flexible networking layer.
The networking layer, unlike the classical IP network, does not distinguish between communication inside a process, between processes or between different machines. Everything is handled over a uniform network.
This enables us to connect different computers running instances of streamtasks, to distribute data or workloads.
One interesting application is the connection of two instances, which can not directly connect to each other over the IP protocol.
This is when we need an intermediate server running in the cloud.
One way to solve this problem, is by running a tunneling server like ngrok. We can also solve this problem with streamtasks directly.
This demo will show, how you can run such an intermediate server and connect your instances over websockets. This will allow you to benefit from the software solutions present for websockets, like standardized encryption and nginx.
Security
To securely send data over an internet connection we need to use encryption.
We have great standards for this and don't need to reinvent the wheel.
On the cloud server, you can install streamtasks and run:
streamtasks --serve ws://127.0.0.1:9000 -C
This will run streamtasks and accept websocket connections received on 127.0.0.1:9000.
In order to have encryption, we will use nginx as a proxy and use a TLS certificate to secure our connections.
Our config could look something like this:
server {
listen 443 ssl;
server_name yourdomain.com;
# SSL Configuration
ssl_certificate /etc/nginx/ssl/yourdomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/yourdomain.com.key;
location / {
proxy_pass http://localhost:9000;
# Proxy headers for WebSocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Other proxy headers (optional)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# Redirect HTTP to HTTPS
server {
listen 80;
server_name yourdomain.com;
location / {
return 301 https://$host$request_uri;
}
}
Authentication
Right now there is a rather primitive authentication method integrated into streamtasks. You can specify an authentication token in the URL that, that will be verified by the server. In order for this to work, you must specify this token in the URL for both the client and server.
On the server side:
streamtasks --serve ws://127.0.0.1:9000?auth=1234 -C
This will make sure only clients with the correct credentials are allowed to join.
Connecting
In order to connect to an instance, you must specify the connect URL when running the instance.
In this case we do:
streamtasks --connect wss://yourdomain.com?auth=1234
Try streamtasks!
GitHub: https://github.com/leopf/streamtasks
Documentation/Homepage: https://streamtasks.3-klicks.de
X: https://x.com/leopfff
Top comments (0)