moq icon indicating copy to clipboard operation
moq copied to clipboard
verified publisher icon kixelated

Figuring out a proper setup for accessing moq-rs from other hosts

Open pellju opened this issue 9 months ago • 3 comments

Greetings @kixelated!

As mentioned in the issue #314, I have some issues accessing moq-rs from other devices outside of the local devices, so I decided to try if adding a TLS-certificate/-key would overcome the situation. I tried creating my own certificate, but it did not work, but also tried creating myself a proper TLS-certificate using Let’s encrypt and a custom domain.

When starting moq-rs with just all (after modifying the certificates and IP-address to match mine), moq-rs seems to start fine, and I can access the page. However, when accessing the page (http://192.168.1.185:8080/), the page itself loads fine, but keeps loading the stream. Network-tab itself does not show anything indicating that a WebTransport-connection would have been initialized. Has this something to do with the fact that not using HTTPS prevents the initialization of WebTransport connection, or something else? (Accessing http://localhost:8080/ doesn’t start the stream either.)

Also, I had a look at the demo in quic.video, and at least there my Chrome is establishing a connection to https://relay.quic.video/. Would you mind sharing what kind of setup you are using with the Big Buck Bunny demo?

pellju avatar Mar 16 '25 19:03 pellju

Here's the terraform for quic.video: https://github.com/kixelated/quic.video/tree/main/infra

It's using LetsEncrypt (via a terraform module that I would not recommend) to generate the cert for relay.quic.video. If you use a proper cert, make sure you're connecting via https and using the domain name, not the IP address.

If you use http, then we use a hack that fetches the certificate fingerprint but that only works when self-signed (must be valid <14 days). You could find another way to transfer that certificate hash to the client but it's a pain.

kixelated avatar Mar 16 '25 21:03 kixelated

Greetings @kixelated, and apologizes for a very late reply. I managed to get this work as wanted to. Apparently, HTTPS-connection to moq-web was required. I had to modify webpack.config.mjs to allow external domains using allowedHosts: [ * ], in devServer, and to configure the server to be an HTTPS-server and give paths to certificate and key files using fs:

		server: {
			type: 'https',
			options: {
				key: fs.readFileSync(path.join(__dirname, './moq-rs-key.pem')),
				cert: fs.readFileSync(path.join(__dirname, './moq-rs-crt.pem')),
			}
		}

Also, I made a slight change to moq-web/src/demo/index.html, where I changed the url used to the one I'm using (including https:// as the beginning of the URL). Then I did some changes to justfile. I set relay to be bounded to 0.0.0.0:4443 instead of localhost, gave the certificate and key files. A small change to the parameters of pub was also done, changed the URL to http://my-domain:4443 (not https://, which is quite interesting).

Well, seems that I have gotten moq-rs to run as wanted to, at least for now. This issue and #314 can be closed on my behalf unless you have something to say about this. A small suggestion: this information (or something similar) would be added to README.md in case someone wants to set up this and access the application from other hosts.

pellju avatar Mar 29 '25 18:03 pellju

Yeah I'm going to work on consolidating the web hosting and requiring HTTPS. Certs are a pain for local development, but they're absolutely needed for non-local development.

kixelated avatar Mar 29 '25 19:03 kixelated