Cannot connect to rendezvous from HTTPS pages (insecure pages work fine)

[ccashwell]

The rendezvous server seems to reject requests over HTTPS. I can connect several browser peers without any issues to a deployed rendezvous server when the client app is served over HTTP, but as soon as the client is moved behind an HTTPS endpoint it becomes impossible to connect to a that same rendezvous server. Is this a bug or am I missing something?

I'm running the latest NPM release ([email protected]) on Ubuntu 16.04, attempting to connect browser clients using ipfs-pubsub-room. The hosted rendezvous server similarly worked from localhost and deployed non-HTTPS client pages and failed over HTTPS.

[victorb]

Are you running nginx or something in between? How are you dealing with the certificates? Also, how are you connecting the browser peers to the rendezvous server?

The more info we can get, the better we can help you :)

[mkg20001]

@ccashwell Self-hosted websocket-star-rendezvous instances run on HTTP by default. In order to use them on HTTPS you need to put the rendezvous server behind an SSL reverse-proxy

[ccashwell]

So, first thing's first: it's not my signaling server. I can verify this by replacing it with any of the hosted rendezvous servers, all of which are hosted over HTTPS:

/dnsaddr/ws-star.discovery.libp2p.io/tcp/443/wss/p2p-websocket-star
/dnsaddr/ws-star-signal-1.servep2p.com/tcp/443/wss/p2p-websocket-star
/dnsaddr/ws-star-signal-2.servep2p.com/tcp/443/wss/p2p-websocket-star
/dnsaddr/ws-star-signal-3.servep2p.com/tcp/443/wss/p2p-websocket-star

I have my private rendezvous server sitting behind nginx reverse proxy to enable SSL.

I'm using ipfs-pubsub-room to connect peers to the swarm using the following code:

  this.ipfs = new IPFS({
      EXPERIMENTAL: { pubsub: true },
      repo: `ipfs/mythereum/${Math.random()}`,
      config: {
        Addresses: {
          Swarm: [
            '/dnsaddr/ws-star.discovery.libp2p.io/tcp/443/wss/p2p-websocket-star',
            '/dnsaddr/ws-star-signal-1.servep2p.com/tcp/443/wss/p2p-websocket-star',
            '/dnsaddr/ws-star-signal-2.servep2p.com/tcp/443/wss/p2p-websocket-star',
            '/dnsaddr/ws-star-signal-3.servep2p.com/tcp/443/wss/p2p-websocket-star',
          ]
        }
      }
    })

    // IPFS node is ready, so we can start using ipfs-pubsub-room
    this.ipfs.on('ready', () => {
      this.ipfs.id((err, info) => {
        if (err) { throw err }
        console.log("Connected to IPFS as " + info.id)
        this.setState({ peerId: info.id, knownPeers: { [info.id]: this.state.player } })
      })

      this.gameLobby = Room(this.ipfs, 'game-lobby-079a4d')

      this.gameLobby.on('peer joined', (peer) => {
        let event = { event: "peer_joined", id: peer }
        console.log(JSON.stringify(event))
      })

      this.gameLobby.on('peer left', (peer) => {
        let event = { event: "peer_left", id: peer }
        console.log(JSON.stringify(event))
      })

      this.gameLobby.on('message', (message) => {
        let payload = JSON.parse(message.data.toString())
        console.log(payload)
      })
    })

[victorb]

@ccashwell are you getting any errors or something? What makes you sure things are not working?

Maybe it's your browser. Can you try running https://benchmark-js.ipfs.io/ and clicking "Start " in the top, then after that clicking "Run"? Should connect you to a signalling server under /dns4/star-signal.cloud.ipfs.team/wss/p2p-webrtc-star

[ccashwell]

Behavior

All clients over HTTP:

• All clients successfully subscribe
• All clients can discover one another
• All broadcasts are received by all clients

All clients over HTTPS:

• All clients successfully subscribe
• No client can discover any other client
• No broadcasts from any client are received by any other client

Some clients over HTTP, others over HTTPS:

• All clients successfully subscribe
• Clients connected over HTTPS can discover other clients NOT connected over HTTPS
• No clients connected over HTTPS can discover any other clients connected over HTTPS
• All clients connected over HTTPS can discover all clients connected over HTTP
• All clients connected over HTTP can discover other HTTP clients as well as HTTPS clients
• Broadcasts from HTTP clients are received by all HTTP and HTTPS clients
• Broadcasts from HTTPS clients are received only by HTTP clients

[ccashwell]

From IPFS benchmark:

Is it possible this has to do with a difference between webrtc-star and websocket-star servers?

Regarding browsers, this issue is visible on a public server with clients from all over the world using various browser environments. I don't think that would make sense as a browser issue.

[ccashwell]

@victorbjelkholm the "error" I'm seeing is that peers connecting over HTTPS can't see one another. Otherwise it seems to function great. I'm unsure whether this issue is related to websocket-star, the (hosted or self-hosted) rendezvous server(s), or just a weird quirk with ipfs-pubsub-room.

[mkg20001]

Seems like this could be related to libp2p/js-libp2p-webrtc-star#142

[wasalm]

I have the same problem and I found a workaround.
In my case I have to change
/ip4/10.0.0.106/tcp/443/wss/p2p-webrtc-star/
to
/dns4/10.0.0.106/tcp/443/wss/p2p-webrtc-star/
This suggest that there is an error in the ipv4 url parser.