# WebRTC Server Deployment Guide ## 🚀 Quick Deployment Commands ### Prerequisites - Ubuntu 20.04+ or Debian 11+ VM - At least 2 CPU cores, 4GB RAM - Python 3.10+ - Open ports: 80, 443, 8080, 3478 (UDP/TCP), 49152-65535 (UDP) ## Step-by-Step Deployment ### 1. Initial VM Setup (Run as regular user, not root) ```bash # Update system sudo apt-get update && sudo apt-get upgrade -y # Install essential packages sudo apt-get install -y python3.10 python3.10-venv python3-pip git curl wget ``` ### 2. Quick Install (One-liner) ```bash # Download and run setup script wget https://raw.githubusercontent.com/your-repo/scripts/setup_webrtc.sh && \ chmod +x setup_webrtc.sh && \ ./setup_webrtc.sh ``` ### 3. Manual Installation ```bash # Create application directory sudo mkdir -p /opt/goodspace-voice-webrtc sudo chown $USER:$USER /opt/goodspace-voice-webrtc cd /opt/goodspace-voice-webrtc # Clone repository (replace with your actual repo) git clone https://github.com/your-repo/goodspace-voice.git . # OR copy files manually # scp -r local/webrtc/* user@vm-ip:/opt/goodspace-voice-webrtc/webrtc/ # Create Python virtual environment python3.10 -m venv venv source venv/bin/activate # Install dependencies pip install --upgrade pip pip install -r requirements_webrtc.txt ``` ### 4. Configure Environment ```bash # Create environment file cat > /opt/goodspace-voice-webrtc/.env << EOF JWT_SECRET=$(openssl rand -hex 32) REDIS_URL=redis://localhost:6379 LOG_LEVEL=INFO EOF # Set permissions chmod 600 /opt/goodspace-voice-webrtc/.env ``` ### 5. Install and Start Redis ```bash # Install Redis sudo apt-get install -y redis-server # Start Redis sudo systemctl enable redis-server sudo systemctl start redis-server # Verify Redis is running redis-cli ping # Should return PONG ``` ### 6. Start WebRTC Server #### Option A: Direct Python Execution (Development) ```bash cd /opt/goodspace-voice-webrtc source venv/bin/activate # Start signaling server (basic) python webrtc/run_server.py --host 0.0.0.0 --port 8080 # Start with custom configuration python webrtc/run_server.py \ --host 0.0.0.0 \ --port 8080 \ --pool-min 20 \ --pool-max 500 \ --debug # Run in background with nohup nohup python webrtc/run_server.py > logs/server.log 2>&1 & ``` #### Option B: Using Screen/Tmux (Development) ```bash # Using screen screen -S webrtc cd /opt/goodspace-voice-webrtc source venv/bin/activate python webrtc/run_server.py --host 0.0.0.0 --port 8080 # Detach: Ctrl+A, then D # Reattach: screen -r webrtc # Using tmux tmux new -s webrtc cd /opt/goodspace-voice-webrtc source venv/bin/activate python webrtc/run_server.py --host 0.0.0.0 --port 8080 # Detach: Ctrl+B, then D # Reattach: tmux attach -t webrtc ``` #### Option C: Systemd Service (Production) ```bash # Create service file sudo tee /etc/systemd/system/webrtc-signaling.service > /dev/null << 'EOF' [Unit] Description=WebRTC Signaling Server After=network.target redis-server.service [Service] Type=simple User=$USER WorkingDirectory=/opt/goodspace-voice-webrtc Environment="PATH=/opt/goodspace-voice-webrtc/venv/bin" EnvironmentFile=/opt/goodspace-voice-webrtc/.env ExecStart=/opt/goodspace-voice-webrtc/venv/bin/python webrtc/run_server.py --host 0.0.0.0 --port 8080 Restart=always RestartSec=10 [Install] WantedBy=multi-user.target EOF # Reload systemd and start service sudo systemctl daemon-reload sudo systemctl enable webrtc-signaling sudo systemctl start webrtc-signaling # Check status sudo systemctl status webrtc-signaling # View logs sudo journalctl -u webrtc-signaling -f ``` ### 7. Setup Nginx Reverse Proxy (Optional but Recommended) ```bash # Install Nginx sudo apt-get install -y nginx # Create Nginx configuration sudo tee /etc/nginx/sites-available/webrtc > /dev/null << 'EOF' server { listen 80; server_name your-domain.com; # Replace with your domain or IP location /ws { proxy_pass http://localhost:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_read_timeout 86400; } location /health { proxy_pass http://localhost:8080; } } EOF # Enable site sudo ln -sf /etc/nginx/sites-available/webrtc /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl restart nginx ``` ### 8. Configure Firewall ```bash # Configure UFW firewall sudo ufw allow 22/tcp # SSH sudo ufw allow 80/tcp # HTTP sudo ufw allow 443/tcp # HTTPS sudo ufw allow 8080/tcp # WebSocket sudo ufw allow 3478/udp # STUN sudo ufw allow 49152:65535/udp # RTP/RTCP media # Enable firewall sudo ufw --force enable # Check status sudo ufw status numbered ``` ## 🔍 Verification Commands ```bash # Check if services are running sudo systemctl status webrtc-signaling redis-server nginx # Check if ports are listening sudo netstat -tlnp | grep -E ":(8080|6379|80)" # Test WebSocket endpoint curl http://localhost:8080/health # Check server logs tail -f /opt/goodspace-voice-webrtc/logs/signaling.log # Monitor resources htop # or top # Test WebSocket connection from command line python3 -c " import asyncio import websockets async def test(): uri = 'ws://localhost:8080/ws' async with websockets.connect(uri) as ws: print('Connected!') await ws.send('{\"type\":\"ping\"}') response = await ws.recv() print(f'Response: {response}') asyncio.run(test()) " ``` ## 🛠️ Troubleshooting ```bash # If service won't start sudo journalctl -xe | grep webrtc # Check Python errors cd /opt/goodspace-voice-webrtc source venv/bin/activate python -c "from webrtc.signaling import SignalingServer; print('Import OK')" # Check Redis connection redis-cli ping # Check disk space df -h # Check memory free -h # Kill stuck processes ps aux | grep python kill -9 # Restart everything sudo systemctl restart webrtc-signaling redis-server nginx ``` ## 🚨 Production Deployment ```bash # 1. Setup SSL/TLS with Let's Encrypt sudo apt-get install -y certbot python3-certbot-nginx sudo certbot --nginx -d your-domain.com # 2. Configure production environment cat > /opt/goodspace-voice-webrtc/.env.production << EOF JWT_SECRET=$(openssl rand -hex 32) REDIS_URL=redis://localhost:6379 LOG_LEVEL=WARNING TURN_SERVER_URL=turn:turnserver.com:3478 TURN_USERNAME=username TURN_PASSWORD=password EOF # 3. Setup monitoring with Prometheus # Add to run_server.py startup: # prometheus_client.start_http_server(9090) # 4. Setup log rotation sudo tee /etc/logrotate.d/webrtc > /dev/null << EOF /opt/goodspace-voice-webrtc/logs/*.log { daily rotate 7 compress delaycompress notifempty create 0644 $USER $USER sharedscripts postrotate systemctl reload webrtc-signaling endscript } EOF # 5. Setup automatic backups crontab -e # Add: 0 2 * * * tar -czf /backup/webrtc-$(date +\%Y\%m\%d).tar.gz /opt/goodspace-voice-webrtc ``` ## 📊 Monitoring Commands ```bash # Real-time monitoring watch -n 1 'echo "=== Connections ===" && \ netstat -an | grep :8080 | grep ESTABLISHED | wc -l && \ echo "=== CPU ===" && \ top -bn1 | head -5 && \ echo "=== Memory ===" && \ free -h' # Check WebRTC statistics curl http://localhost:8080/stats | python -m json.tool # Monitor WebSocket connections sudo tcpdump -i any -A 'port 8080' ``` ## 🐳 Docker Deployment (Alternative) ```bash # Create Dockerfile cat > Dockerfile << 'EOF' FROM python:3.10-slim WORKDIR /app COPY requirements_webrtc.txt . RUN pip install --no-cache-dir -r requirements_webrtc.txt COPY webrtc/ ./webrtc/ EXPOSE 8080 CMD ["python", "webrtc/run_server.py", "--host", "0.0.0.0", "--port", "8080"] EOF # Build and run docker build -t webrtc-server . docker run -d -p 8080:8080 --name webrtc webrtc-server # Using docker-compose cat > docker-compose.yml << 'EOF' version: '3.8' services: redis: image: redis:alpine ports: - "6379:6379" webrtc: build: . ports: - "8080:8080" environment: - REDIS_URL=redis://redis:6379 depends_on: - redis EOF docker-compose up -d ``` ## 📝 Summary The simplest way to start the WebRTC server on a VM: ```bash # Quick start (after setup) cd /opt/goodspace-voice-webrtc source venv/bin/activate python webrtc/run_server.py --host 0.0.0.0 --port 8080 # Production start sudo systemctl start webrtc-signaling # Check it's working curl http://localhost:8080/health ``` The server will be accessible at: - WebSocket: `ws://your-vm-ip:8080/ws` - Health check: `http://your-vm-ip:8080/health` - Statistics: `http://your-vm-ip:8080/stats`