Merge branch 'locator'

Author: nick-dodonov

.github/workflows/general-stack.yml

@@ -5,8 +5,45 @@ run-name: General ${{ github.sha }}
 on:
   workflow_dispatch:
 
+env:
+  REGISTRY: ghcr.io
+  LOCATOR_IMAGE_NAME: ${{ github.repository }}/locator
+
 jobs:
+  ################################################################
+  build-locator:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+
+    outputs:
+      image_tag: ${{ steps.meta.outputs.tags }} # TODO: output SHA tag only
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3 
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.LOCATOR_IMAGE_NAME }}
+          tags: type=sha
+      - uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          file: src/Locator/Locator.Service/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  ################################################################
   deploy:
+    needs: build-locator
     runs-on: ubuntu-latest
     permissions:
       deployments: write
@@ -26,6 +63,9 @@ jobs:
           DATA_ROOT: /home/${{ secrets.REMOTE_USER }}
           SERVER_NAME: ${{ secrets.REMOTE_HOST }}
           DOMAIN_EMAIL: ${{ secrets.DOMAIN_EMAIL }}
+          LOCATOR_IMAGE: ${{ needs.build-locator.outputs.image_tag }}
+          TURN_USERNAME: ${{ secrets.TURN_USERNAME }}
+          TURN_PASSWORD: ${{ secrets.TURN_PASSWORD }}
         with:
           ssh_user: ${{ secrets.REMOTE_USER }}
           ssh_host: ${{ secrets.REMOTE_HOST }}

.github/workflows/stand-stack.yml

@@ -22,11 +22,6 @@ jobs:
       - uses: actions/checkout@v4
       - uses: rlespinasse/github-slug-action@v5
 
-      - uses: ./.github/composites/deploy-begin
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          environment: stand-${{ env.GITHUB_REF_POINT_SLUG }}
-
       ################################################################
       # Server Build
       - uses: docker/setup-buildx-action@v3 #https://github.com/marketplace/actions/docker-setup-buildx
@@ -55,13 +50,20 @@ jobs:
 
       ################################################################
       # Stand Deploy (custom docker stack deploy step much faster than docker-stack-deploy action)
+      - uses: ./.github/composites/deploy-begin
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          environment: stand-${{ env.GITHUB_REF_POINT_SLUG }}
+
       - uses: ./.github/composites/remote-deploy
         env:
           # environment variables that are used for compose
           STAND_NAME: ${{ env.GITHUB_REF_POINT_SLUG }}
           STACK_NAME: stand-${{ env.GITHUB_REF_POINT_SLUG }}
           SERVER_NAME: ${{ secrets.REMOTE_HOST }}
           SERVER_IMAGE: ${{ steps.meta.outputs.tags }}
+          TURN_USERNAME: ${{ secrets.TURN_USERNAME }}
+          TURN_PASSWORD: ${{ secrets.TURN_PASSWORD }}
         with:
           ssh_user: ${{ secrets.REMOTE_USER }}
           ssh_host: ${{ secrets.REMOTE_HOST }}

complex.sln.DotSettings

@@ -81,4 +81,5 @@
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=ffxx/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=ghcr/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=letsencrypt/@EntryIndexedValue">True</s:Boolean>
-	<s:Boolean x:Key="/Default/UserDictionary/Words/=mech/@EntryIndexedValue">True</s:Boolean></wpf:ResourceDictionary>
+	<s:Boolean x:Key="/Default/UserDictionary/Words/=mech/@EntryIndexedValue">True</s:Boolean>
+	<s:Boolean x:Key="/Default/UserDictionary/Words/=opencontainers/@EntryIndexedValue">True</s:Boolean></wpf:ResourceDictionary>

complex.slnx

@@ -1,6 +1,8 @@
 <Solution>
-  <Folder Name="/ext/">
-    <Project Path="ext\sipsorcery\src\SIPSorcery.csproj" Type="Classic C#" />
+  <Folder Name="/Locator/">
+    <Project Path="src\Locator\Locator.Api\Locator.Api.csproj" Type="Classic C#" />
+    <Project Path="src\Locator\Locator.Client\Locator.Client.csproj" Type="Classic C#" />
+    <Project Path="src\Locator\Locator.Service\Locator.Service.csproj" Type="Classic C#" />
   </Folder>
   <Folder Name="/Server/">
     <Project Path="src\Common\Runtime\Common.csproj" Type="Classic C#" />

deploy/_general/compose.override.yaml

@@ -27,3 +27,8 @@ services:
           -out    $$_PATH/fullchain.pem \
           -subj "/C=ZZ/ST=State/L=City/O=Development/CN=localhost"
         echo "<<<< certbot emulation finished" 
+
+  locator:
+    build:
+      context: ../..
+      dockerfile: src/Locator/Locator.Service/Dockerfile

deploy/_general/compose.swarm.yaml

@@ -52,3 +52,9 @@ services:
           /etc/letsencrypt/live
         echo "<<<< certbot finished"
         #read -n 1 -s -r -p "Press any key to exit (debugging)..."
+
+  locator:
+    networks:
+      - general_shared # allow access from nginx
+    environment:
+      LocatorConfig__StandUrlTemplate: "https://${SERVER_NAME:-localhost}/$$STAND_NAME"

deploy/_general/compose.yaml

@@ -7,13 +7,13 @@ services:
         condition: none
     volumes:
       # tmp DATA_ROOT from .env usage until image isn't built
-      - ${DATA_ROOT:-.}/deploy/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ${DATA_ROOT:-../..}/deploy/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       # templates to render environment variables
       #   https://github.com/docker-library/docs/tree/master/nginx#using-environment-variables-in-nginx-configuration-new-in-119
-      - ${DATA_ROOT:-.}/deploy/nginx/templates:/etc/nginx/templates:ro
-      - ${DATA_ROOT:-.}/pages:/usr/share/nginx/html:ro
-      - ${DATA_ROOT:-.}/certbot/www:/var/www/certbot:ro
-      - ${DATA_ROOT:-.}/certbot/conf:/etc/letsencrypt:ro
+      - ${DATA_ROOT:-../..}/deploy/nginx/templates:/etc/nginx/templates:ro
+      - ${DATA_ROOT:-../..}/pages:/usr/share/nginx/html:ro
+      - ${DATA_ROOT:-../..}/certbot/www:/var/www/certbot:ro
+      - ${DATA_ROOT:-../..}/certbot/conf:/etc/letsencrypt:ro
     environment:
       - SERVER_NAME=${SERVER_NAME:-localhost}
     ports:
@@ -29,8 +29,6 @@ services:
         published: 443
         target: 443
 
-  # TODO: user/pass setup for remote deployment
-  # TODO: --allowed-peer-ip for TURN in internal network only
   # Workaround to deploy multiple WebRTC servers in docker swarm infrastructure. 
   # Host mode cannot be used for several servers on minimum number of swarm nodes.
   #
@@ -44,9 +42,10 @@ services:
   #   (different load-balancer service types are available for the same server)
   coturn:
     image: coturn/coturn:latest
-    # -n is not used "Do not use configuration file, take all parameters from the command line only." 
-    #   as gives "CONFIGURATION ALERT: Unknown argument: "
+    # -n "Do not use configuration file, take all parameters from the command line only." 
+    #   not used as it gives "CONFIGURATION ALERT: Unknown argument: "
     # TODO: use config file instead
+    #
     # --listening-port=3478 mentions default value just to recall its value 
     # --relay-threads=1 to make less socket bindings in develop environments
     # --no-cli to get rid of "CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!"
@@ -61,7 +60,19 @@ services:
     # TODO: research is --fingerprint required increasing traffic
     #
     # TODO: enable/setup DTLS support (rm --no-dtls) for clients allowing "stuns:*" url
+    #
+    # TODO: remote --allowed-peer-ip for TURN in internal network only (additionally with auth)
+    # Local docker compose tested:
+    #   --listening-ip=10.211.55.4
+    #   --relay-ip=10.211.55.4
+    #   --denied-peer-ip="0.0.0.0-255.255.255.255"
+    #   --allowed-peer-ip="172.17.0.0-172.17.255.255"
+    #   rt -stun stun:host.docker.internal:3478
+    #   rt -stun turn:10.211.55.4
+    #   turnutils_uclient 10.211.55.4 -DgX -u user -w pass -n 1 -c -y
+    #   turnutils_uclient 172.17.0.1 -DgX -u user -w pass -n 1 -c -e 172.21.0.2
     command: >
+      -n
       --listening-port=3478
       --relay-threads=1
       --no-cli
@@ -70,9 +81,9 @@ services:
       --no-dtls
       --no-tcp-relay
       --no-multicast-peers
+      --user=${TURN_USERNAME:-user}:${TURN_PASSWORD:-pass}
+      --realm=default
       --lt-cred-mech
-      --user user:pass
-      --realm default
       --fingerprint
       --log-file=stdout
       --verbose
@@ -83,5 +94,11 @@ services:
     environment:
       - SERVER_NAME=${SERVER_NAME:-localhost}
     volumes:
-      - ${DATA_ROOT:-.}/certbot/www:/var/www/certbot:rw
-      - ${DATA_ROOT:-.}/certbot/conf:/etc/letsencrypt:rw
+      - ${DATA_ROOT:-../..}/certbot/www:/var/www/certbot:rw
+      - ${DATA_ROOT:-../..}/certbot/conf:/etc/letsencrypt:rw
+
+  locator:
+    image: ${LOCATOR_IMAGE:-locator}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    # WebAPI TCP port 8080 is internal as NGINX is used to access

deploy/nginx/templates/default.conf.template

@@ -11,12 +11,17 @@ server {
 
     #access_log  /var/log/nginx/host.access.log  main;
 
-    # NOTE: port 80 must be opened to renew cert (check it first)
+    ################################################################
+    # certbot requirement
+    # NOTE: port 80 must be opened to renew cert (check UFW if renew fails)
     location /.well-known/acme-challenge/ {
         root /var/www/certbot;
     }
 
-    location /api {
+    ################################################################
+    # Locator service
+    #   /-/stands
+    location ~ ^/-/(.*) {
         # DISABLED: CORS headers are added to service app instead (simplified local develop) 
 #         # enables CORS to develop client against deployed server
 #         #   https://docs.unity3d.com/Manual/webgl-networking.html
@@ -32,17 +37,19 @@ server {
 #         }
 #         add_header 'Access-Control-Allow-Origin' '*';
 
-        # using $stand variable to workaround '[emerg] host not found in upstream ".." in /etc/nginx/conf.d/default.conf'
+        # using $upstream variable to workaround '[emerg] host not found in upstream ".." in /etc/nginx/conf.d/default.conf'
         #   https://dev.to/danielkun/nginx-everything-about-proxypass-2ona#let-nginx-start-even-when-not-all-upstream-hosts-are-available
         #   https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1807
         #   https://stackoverflow.com/questions/50248522/nginx-will-not-start-with-host-not-found-in-upstream
         #   https://stackoverflow.com/questions/32845674/nginx-how-to-not-exit-if-host-not-found-in-upstream/32846603#32846603
         resolver 127.0.0.11 valid=30s;
-        set $stand server.main;
-        proxy_pass http://$stand:8080$request_uri;
+        set $upstream locator;
+        proxy_pass http://$upstream:8080/$1$is_args$args; # $request_uri contains full /-/..
     }
 
-    # /<stand>/api/foo -> http://<stand>:8080/api/foo
+    ################################################################
+    # Server services on stands
+    #   /<stand>/api/info -> http://<stand>:8080/api/info
     location ~* ^/([^/]+)/api {
         resolver 127.0.0.11 valid=30s;
         set $stand $1; # take first path part as stand name
@@ -51,6 +58,8 @@ server {
         proxy_pass http://server.$stand:8080$uri$is_args$args; # $request_uri isn't rewritten so mimic it w/ uri/args
     }
 
+    ################################################################
+    # Client WebGL builds
     location / {
         root   /usr/share/nginx/html;
         index  index.html index.htm;

deploy/sandbox/compose.yaml

@@ -25,10 +25,6 @@ services:
   #   # --external-ip='$$(detect-external-ip)'
   #  
   #   # Docker Desktop compose:
-  #   #   rt -stun stun:host.docker.internal:3478
-  #   #   rt -stun turn:192.168.65.3
-  #   #   rt -stun turn:10.211.55.4
-  #   #   turnutils_uclient 172.21.0.1 -DgX -u user -w pass -e 172.21.0.2 -n 1 -c -y
   #   #   --relay-ip=10.211.55.4 # --relay-ip=0.0.0.0
   #   command: >
   #     -n

src/Client/Assets/Scripts/Logic/ClientSession.cs

@@ -95,9 +95,6 @@ public void Finish(string reason)
 
             clientTap.SetActive(false);
 
-            _stateSyncer?.Dispose();
-            _stateSyncer = null;
-            
             _dumpLink = null;
             _timeLink = null;
             _link?.Dispose();
@@ -106,6 +103,10 @@ public void Finish(string reason)
             _api = null;
             _meta?.Dispose();
             _meta = null;
+
+            // destroy after link to not fail on latest Received
+            _stateSyncer?.Dispose();
+            _stateSyncer = null;
         }
 
         private void Update()