DEV Community

Leo
Leo

Posted on

Connecting streamtasks over the Internet

Streamtasks is build on a robust and flexible networking layer.

The networking layer, unlike the classical IP network, does not distinguish between communication inside a process, between processes or between different machines. Everything is handled over a uniform network.

This enables us to connect different computers running instances of streamtasks, to distribute data or workloads.

One interesting application is the connection of two instances, which can not directly connect to each other over the IP protocol.

This is when we need an intermediate server running in the cloud.

One way to solve this problem, is by running a tunneling server like ngrok. We can also solve this problem with streamtasks directly.

This demo will show, how you can run such an intermediate server and connect your instances over websockets. This will allow you to benefit from the software solutions present for websockets, like standardized encryption and nginx.

Security

To securely send data over an internet connection we need to use encryption.

We have great standards for this and don't need to reinvent the wheel.

On the cloud server, you can install streamtasks and run:

streamtasks --serve ws://127.0.0.1:9000 -C
Enter fullscreen mode Exit fullscreen mode

This will run streamtasks and accept websocket connections received on 127.0.0.1:9000.

In order to have encryption, we will use nginx as a proxy and use a TLS certificate to secure our connections.

Our config could look something like this:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    # SSL Configuration
    ssl_certificate /etc/nginx/ssl/yourdomain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/yourdomain.com.key;

    location / {
        proxy_pass http://localhost:9000;

        # Proxy headers for WebSocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;

        # Other proxy headers (optional)
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name yourdomain.com;

    location / {
        return 301 https://$host$request_uri;
    }
}
Enter fullscreen mode Exit fullscreen mode

Authentication

Right now there is a rather primitive authentication method integrated into streamtasks. You can specify an authentication token in the URL that, that will be verified by the server. In order for this to work, you must specify this token in the URL for both the client and server.

On the server side:

streamtasks --serve ws://127.0.0.1:9000?auth=1234 -C
Enter fullscreen mode Exit fullscreen mode

This will make sure only clients with the correct credentials are allowed to join.

Connecting

In order to connect to an instance, you must specify the connect URL when running the instance.

In this case we do:

streamtasks --connect wss://yourdomain.com?auth=1234
Enter fullscreen mode Exit fullscreen mode

Try streamtasks!
GitHub: https://github.com/leopf/streamtasks
Documentation/Homepage: https://streamtasks.3-klicks.de
X: https://x.com/leopfff

AWS Security LIVE!

Join us for AWS Security LIVE!

Discover the future of cloud security. Tune in live for trends, tips, and solutions from AWS and AWS Partners.

Learn More

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay