Hello and thank you for your reply MWillWallT.
From what I understand if I want to setup a SSL certificat I will need a fixed domain/URL for each pixel streaming instance.
Anybody with the URL of an instance will be able to connect to the session that is currently active, if there is one, and interfere with the session.
For me this is a big problem which I do not have at the moment since the URL to connect to an instance is based on the EC2 instances public IP that changes each time it is started (I know it is possible to have a fixed IP for an EC2 instance using Elastic IP).
Is this correct or is it possible to have an SSL certificat that I can use on EC2 instances with the URL changing each time it starts ?
Is there any other way to setup pixelstreaming over only TCP?
(maybe using a different port?)
Also one this that makes me doubt that turn is working properly, if I use the option “/?ForceTURN=true” in the URL no matter the configuration I use it does not work. Does this option actually implemented properly? Or is there something in the game code that I need to change for it to function?
Otherwise here is my latest advancements testing with only ports 53 and 443 open on UDP (I would like to be able to make it work over only TCP but already getting this to work reliably would be good):
One of the difficulties I have been having is that while testing it would randomly no longer work .
I have found that with my current configuration the connexion works 40% of the time.
So When I test I connect to the instance 10 times to be sure it is still or no longer working.
This is my current conf file changes (I saw issues in the logs binding to port 80) :
listening-port=443
alt-listening-port=444
tcp-proxy-port=443
tls-listening-port=443
alt-tls-listening-port=5349
Some of the port handling is hard coded in the scripts so I have made some changes there (I am not sure if the command line options or the conf file has priority so I changed the code to be sure of the configuration).
In the Start_Common.ps1 I changed 2 parts to force the use of port 443 :
if ($SetTurnServerVar -eq "y") {
$global:TurnServer = $global:PublicIP + ":443" #Here
}
if ($SetStunServerVar -eq "y") {
$global:StunServer = "stun.l.google.com:19302"
}
}
function use_args($arg) {
$CmdArgs = $arg -split (" ")
while($CmdArgs.count -gt 0) {
$Cmd, $CmdArgs = $CmdArgs
if ($Cmd -eq "--stun") {
$global:StunServer, $CmdArgs = $CmdArgs
} elseif ($Cmd -eq "--turn") {
$global:TurnServer, $CmdArgs = $CmdArgs
} elseif ($Cmd -eq "--publicip") {
$global:PublicIP, $CmdArgs = $CmdArgs
$global:TurnServer = $global:publicip + ":443" #And here
} elseif ($Cmd -eq "--build") {
$global:BuildFrontend, $CmdArgs = $CmdArgs
} elseif ($Cmd -eq "--help") {
print_usage
} else {
echo "Unknown command, adding to cirrus command line: $Cmd"
$global:CirrusCmd += " $Cmd"
}
}
}
I left the IP handling in the Start_TURNServer.ps1 script since it avoids me having to hard code the IPs, here is the line I have changed (I have removed the port option now set in the conf file and put the options full name for it to be easier to read) :
$Arguments = "-c ..\..\..\turnserver.conf --allowed-peer-ip=$LocalIP -r $Realm --external-ip $PublicIP/$LocalIP --relay-ip $LocalIP --listening-ip $LocalIP --no-cli --no-tls --no-dtls --pidfile `"C:\coturn.pid`" -f -a -u $TurnUsername`:$TurnPassword"