Skip to content

Bluewing Server build 39 - CG-NAT/IPv6 fixes, stats, admin cmds

Latest
Latest

Choose a tag to compare

View all tags
@SortaCore SortaCore released this 08 Aug 07:33
build-39
b76d765

Unicode + HTML5/UWP build, with no caps on uploads/downloads, and with flash policy enabled. This server supports clients on Windows, Android, iOS, Mac, HTML5, and UWP, including the very ancient Relay Client itself. If other client OSes are used, they should also be supported.

Build 39: introduces better statistics, two admin commands, and a ton of fixes, mostly based around IPv6 privacy extensions, server cleanup, and CG-NAT clients.

WebSocket (HTML5/UWP client) notes

Hosts WebSocket on ports 80 and 443, the default HTTP and HTTPS ports.

  1. TLS (a.k.a. SSL) certificates will be loaded from "fullchain.pem" and "privkey.pem" in the application folder, on both Unix and Windows. On Windows, you can also host using "sslcert.pfx". Make sure the private key is included in the PFX or loading will fail.
  2. WebSocket connections must be secured by TLS certificates if the HTML5 app is on a HTTPS page. The browser will block the connection otherwise.
  3. Let's Encrypt and similar services will give you free TLS certificates with a short lifetime.
  4. You can also self-sign a certificate for testing - it won't be useful outside of your local machine, though.
  5. The TLS certificate's expiry date will be displayed in local time on server startup.
  6. "privkey.pem" should not have a password. (Private key password support is currently unavailable.)
  7. Sudo privileges are usually necessary for websocket hosting on Unix. Workarounds are available; see below.
  8. TLS certificates normally verify for localhost or for a domain/IP. They will not usually verify for both. A hosts file redirect, domain -> localhost, will allow you to do a localhost test when your domain is live elsewhere.
  9. You can test these webserver connections and TLS certificates are working by accessing the Lacewing WebSocket port with a web browser (http or https). You will get a valid, albeit sarcastic, webpage in response.

Inactivity timeout

Includes a 10-minute inactivity timeout; activity is any of:

  1. Message to server (if server has set a server message handler)
  2. Message to channel (if there's any peers in the channel)
  3. Message to peer

When kicked for inactivity, a message is sent from server -> client on subchannel 0 just before disconnect.

Name check

This server includes an ASCII human-readable name check. Channel names, client names and text messages sent to server have this check applied.
A-Z, a-z, 0-9, spaces and punctuation are valid characters.
Denied names result in On Name Denied/On Join Channel Denied on client-side, with deny reasons warning the server is not a Unicode server.

Server statistics

Total statistics are included since build 31, for highest server load moments, and total over the whole server hosting session. These stats are listed to console output at the end of app, and can be requested with send report. Press Ctrl-C to abort the server, then read from the console.

Admin access

Admin commands are available by messaging the server on text subchannel 0. Commands include:

  • send report: sends a report of current channel list, client list, ban list, and server statistics.
  • unban 127.x.x.1: unbans the IP from the ban entry list.

To be an admin, you must use a LAN IP address, or Darkwire's IP address. Check the IsIPTrusted() function to modify this behavior.

Changing server behavior

Code can be modified to remove flash policy, or to use a fixed custom port; to disable or modify websocket hosting, or to load websocket TLS certificate from system store on Windows.
Flash policy will be looked for in the application folder, or generated if missing.

Be aware the Unix-based OSes will get permission denied hosting on WebSocket ports 80 and 443, and Flash policy port 843, since ports 1024 and less are privileged and usually sudo-only. You can run server as sudo, or give an exception using CAP_NET_BIND_SERVICE.
If you modify this source code, you can also host on a higher port and redirect users on the lower port using iptables. The server will also host fine without Flash policy, regular server and/or WebSocket servers.

Download differences

Both x86 and x64 Windows are available, x86, x64, ARM and ARM64 Linux included.

Code signing is used on the Windows EXEs included, signed to Darkwire Software.
Due to the stupidity of Sectigo and the UK government's lack of ability to prove an unlimited business exists, after months of attempts, still no code signing is available for build 39. This will be rectified when the situation progresses.

One download waits for you to enter a port on the console then press Enter.
The other uses port 6121, no user input required - good for if you want to automatically reboot your server.
HTML5 is always hosted on port 80 and 443.

Assets 6
Loading