auracaster/bumble-auracast
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
3c33f4699012a148ba70a586bd27ed848f2fe49a
bumble-auracast/README.md

183 lines
6.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
## Local HTTP/HTTPS Setup with Custom CA
This project provides a dual-port Streamlit server setup for local networks:
- **HTTP** available on port **8502**
- **HTTPS** (trusted with custom CA) available on port **8503**
### How it works
- A custom Certificate Authority (CA) is generated for your organization.
- Each device/server is issued a certificate signed by this CA.
- Customers can import the CA certificate into their OS/browser trust store, so the device's HTTPS connection is fully trusted (no browser warnings).
### Usage
1. **Generate Certificates**
- Run `generate_ca_cert.sh` in `src/auracast/server/`.
- This creates:
- `certs/ca/ca_cert.pem` / `ca_key.pem` (CA cert/key)
- **Distribute `ca_cert.pem` or `ca_cert.crt` to customers** for installation in their trust store.
- This is a one-time operation for your organization.
2. **Start the Server**
- Run `run_http_and_https.sh` in `src/auracast/server/`.
- This starts:
- HTTP Streamlit on port 8500
- HTTPS Streamlit on port 8501 (using the signed device cert)
3. **Client Trust Setup**
- Customers should install `ca_cert.pem` in their operating system or browser trust store to trust the HTTPS connection.
- After this, browsers will show a secure HTTPS connection to the device (no warnings).
### Why this setup?
- **WebRTC and other browser features require HTTPS for local devices.**
- Using a local CA allows trusted HTTPS without needing a public certificate or exposing devices to the internet.
- HTTP is also available for compatibility/testing.
### Advertise Hostname with mDNS
```bash
cd src/auracast/server
sudo ./provision_domain_hostname.sh <new_hostname> <new_domain>
```
- Example:
```bash
sudo ./provision_domain_hostname.sh box1 auracast.local
```
- The script will:
- Validate your input (no dots in hostname)
- Set the system hostname
- Update `/etc/hosts`
- Set the Avahi domain in `/etc/avahi/avahi-daemon.conf`
- Restart Avahi
- Generate a unique per-device certificate and key signed by your CA, stored in `certs/per_device/<hostname>.<domain>/`.
- The certificate will have a SAN matching the device's mDNS name (e.g., `box1-summitwave.local`).
---
### Troubleshooting & Tips
- **Use .local domain** (e.g., `box1-summitwave.local`) - most clients will not resolve multi-label domains.
- **Hostnames must not contain dots** (`.`). Only use single-label names for the system hostname.
- **Avahi domain** can be multi-label (e.g., `auracast.local`).
- **Clients may need** `libnss-mdns` installed and `/etc/nsswitch.conf` configured with `mdns4_minimal` and `mdns4` for multi-label mDNS names.
- If you have issues with mDNS name resolution, check for conflicting mDNS stacks (e.g., systemd-resolved, Bonjour, or other daemons).
- Some Linux clients may not resolve multi-label mDNS names via NSS—test with `avahi-resolve-host-name` and try from another device if needed.
---
After completing these steps, your device will be discoverable as `<hostname>.<domain>` (e.g., `box1.auracast.local`) on the local network via mDNS.
---
## Checking Advertised mDNS Services
Once your device is configured, you can verify that its mDNS advertisement is visible on the network:
- **List all mDNS services:**
```bash
avahi-browse -a
```
Look for your hostname and service (e.g., `box1.auracast.local`).
- **Check specific hostname resolution:**
```bash
avahi-resolve-host-name box1.auracast.local
avahi-resolve-host-name -4 box1.auracast.local # IPv4 only
avahi-resolve-host-name -6 box1.auracast.local # IPv6 only
```
## Run the application with local webui
- for microphone streaming via the browser, https is required
- poetry run multicast_server.py
- sudo -E PATH="$PATH" bash ./start_frontend_https.sh
- bash start_mdns.sh
## Managing Auracast systemd Services
You can run the backend and frontend as systemd services for easier management and automatic startup on boot.
### 1. Install the service files
Copy the provided service files to your systemd directory (requires sudo):
```bash
sudo cp auracast-server.service /etc/systemd/system/
sudo cp auracast-frontend.service /etc/systemd/system/
```
### 2. Reload systemd
```bash
sudo systemctl daemon-reload
```
### 3. Enable services to start at boot
```bash
sudo systemctl enable auracast-server
sudo systemctl enable auracast-frontend
```
### 4. Start the services
```bash
sudo systemctl start auracast-server
sudo systemctl start auracast-frontend
```
### 5. Stop the services
```bash
sudo systemctl stop auracast-server
sudo systemctl stop auracast-frontend
```
### 6. Disable services to start at boot
```bash
sudo systemctl disable auracast-server
sudo systemctl disable auracast-frontend
```
### 7. Check service status
```bash
sudo systemctl status auracast-server
sudo systemctl status auracast-frontend
```
If you want to run the services as a specific user, edit the `User=` line in the service files accordingly.
# install port audio so it can see pipewire devices on raspian
sudo apt update
sudo apt install --no-install-recommends \
git build-essential cmake pkg-config \
libasound2-dev libpulse-dev libjack-jackd2-dev
git clone https://github.com/PortAudio/portaudio.git
cd portaudio # branch = master (19.7devel)
rm -rf build
cmake -S . -B build -G"Unix Makefiles" \
-DBUILD_SHARED_LIBS=ON \
-DPA_USE_ALSA=ON \
-DPA_USE_OSS=ON \
-DPA_USE_PULSEAUDIO=ON \
-DPA_USE_JACK=OFF
cmake --build build -j$(nproc)
sudo apt remove -y libportaudio2 portaudio19-dev libportaudiocpp0
sudo cmake --install build # installs to /usr/local/lib
sudo ldconfig # refresh linker cache
# Device commisioning
- generate id_ed25519 keypair
- setup hostname
- sudo bash src/auracast/server/provision_domain_hostname.sh box7-summitwave local
- activate aes67 service
- install udev rule for ptp4l
- sudo cp src/service/aes67/90-pipewire-aes67-ptp.rules /etc/udev/rules.d/
- sudo udevadm control --log-priority=debug --reload-rules
- sudo udevadm trigger
- bash src/service/update_and_run_aes67.sh
- activate server and frontend
- bash srv/service/update_and_run_server_and_frontend.sh
- update to latest stable kernel
- echo "y" | rpi-update stable
- place cert
- disable pw login
- reboot
# Known issues:
- When running on a laptop there might be issues switching between usb and browser audio input since they use the same audio device
Reference in New Issue View Git Blame Copy Permalink