78cf8e68b2
This is a large change to how the snowflake broker metrics are implemented. This change removes all uses of mutexes from the metrics implementation in favor of atomic operations on counters stored in sync.Map. There is a small change to the actual metrics output. We used to count the same proxy ip multiple times in our snowflake-ips-total and snowflake-ips country stats if the same proxy ip address polled more than once with different proxy types. This was an overcounting of the number of unique proxy IP addresses that is now fixed. If a unique proxy ip polls with more than one proxy type or nat type, these polls will still be counted once for each proxy type or nat type in our proxy type and nat type specific stats (e.g., snowflake-ips-nat-restricted and snowflake-ips-nat-unrestricted). |
||
|---|---|---|
| .. | ||
| amp.go | ||
| bridge-list.go | ||
| bridge-list_test.go | ||
| broker.go | ||
| http.go | ||
| ipc.go | ||
| metrics.go | ||
| README.md | ||
| snowflake-broker_test.go | ||
| snowflake-heap.go | ||
| sqs.go | ||
| sqs_test.go | ||
| test_bridgeList.txt | ||
| test_geoip | ||
| test_geoip6 | ||
Table of Contents
This is the Broker component of Snowflake.
Overview
The Broker handles the rendezvous by matching Snowflake Clients with Proxies, and passing their WebRTC Session Descriptions (the "signaling" step). This allows Clients and Proxies to establish a Peer connection.
It is analogous to Flashproxy's Facilitator, but bidirectional and domain-fronted.
The Broker expects:
- Clients to send their SDP offer in a POST request, which will then block until the Broker responds with the answer of the matched Proxy.
- Proxies to announce themselves with a POST request, to which the Broker responds with some Client's SDP offer. The Proxy should then send a second POST request soon after containing its SDP answer, which the Broker passes back to the same Client.
Running your own
The server uses TLS by default.
There is a --disable-tls option for testing purposes,
but you should use TLS in production.
The server automatically fetches certificates
from Let's Encrypt as needed.
Use the --acme-hostnames option to tell the server
what hostnames it may request certificates for.
You can optionally provide a contact email address,
using the --acme-email option,
so that Let's Encrypt can inform you of any problems.
In order to fetch certificates automatically,
the server needs to open an additional HTTP listener on port 80.
On Linux, you can use the setcap program,
part of libcap2, to enable the broker to bind to low-numbered ports
without having to run as root:
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
You can control the listening broker port with the --addr option. Port 443 is the default.
You'll need to provide the URL of the custom broker
to the client plugin using the --url $URL flag.