To begin, obtain a complimentary server through Tencent Cloud's lightweight application server offering at https://cloud.tencent.com/act/free?from=12639.

First-time registration requires identity verification via WeChat. After a brief setup period, your server will be ready. Access the backend to reset your password for remote login capabilities.

Remote connection instructions are available at https://cloud.tencent.com/document/product/1207/44578

Domain Registration and SSL Configuration

Consider the promotional offer for domain acquisition, cloud resolution, and SSL certificates at https://cloud.tencent.com/act/domainsales

After purchasing a domain, complete the verification process. Domain management occurs at https://console.cloud.tencent.com/domain

Without a domain, HTTPS functionality cannot be enabled.

Configure domain resolution at https://console.cloud.tencent.com/cns by adding your server's IP address as shown in the configuration interface.

SSL certificates can be obtained at https://console.cloud.tencent.com/ssl with installation guidance at https://cloud.tencent.com/document/product/400/4143

This project utilizes the Caddy server, which has a slightly different installation process detailed in subsequent sections.

Before accessing your server, configure the cloud firewall rules. Initially, expose all ports for debugging purposes (note: this is insecure for production environments). After debugging, retain only the default ports: TCP 80 and 443, and UDP 5300-5500 (these are the SFU-exposed ports defined in docker-compose.yml).

Docker Installation on Cloud Server

The Docker package is included in the default CentOS-Extras software repository. Install Docker using the following yum command:

yum install docker-io -y

Verify the installation by checking the version:

docker -v

Start the Docker service:

systemctl enable docker
service docker start

Configure Docker to start automatically on boot:

chkconfig docker on

Since Docker's default registry is not based in China, image pulls can be slow. Add a mirror accelerator by editing /etc/docker/daemon.json:

{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}

Installing Docker Compose

First, install and upgrade pip:

yum install python-pip -y
pip install --upgrade pip

Then install Docker Compose via pip:

pip install docker-compose --ignore-installed

Verify the installation with:

docker-compose -v

If you encounter a SyntaxError, use pip3 instead:

yum install -y python3 python3-pip
sudo pip3 install -U pip
sudo pip3 install docker-compose

If the error persists, uninstall any previous Docker Compose installations:

pip uninstall docker-compose

At this point, Docker Compose should be successfully installed. Verify with docker-compose -v.

Running PION-ION on the Cloud Server

The official approach uses Git for installation:

Server Installation:

1. Clone the repository: git clone https://github.com/pion/ion.git
2. Create a Docker network: docker network create ionnet
3. Navigate to the ion directory and start the services: cd ion && docker-compose up --build

For background operation, use docker-compose up --build -d. Press Ctrl+C to stop the foreground process.

Web Client Installation:

1. Clone the repository: git clone https://github.com/pion/ion-app-web.git
2. Navigate to the ion-app-web directory and start the services: cd ion-app-web && docker-compose up --build

If Git clone operations are slow, consider downloading the archives locally and uploading them to the server:

Alternative Server Installation:

1. Download the server archive: https://sf6-dycdn-tos.pstatp.com/obj/eden-cn/nuhpeuhdlo/class/ion_all.tar
2. Create a new directory, extract the archive, and load the Docker images: docker load --input xxxx.tar
3. Start the application with docker-compose up

Alternative Web Client Installation:

1. Download the client archive: https://sf6-dycdn-tos.pstatp.com/obj/eden-cn/nuhpeuhdlo/class/ion_app_web.tar
2. Create a new directory, extract the archive, and load the Docker images: docker load --input xxxx.tar
3. Start the application with docker-compose up

After extraction, upload the files to your server using SCP:

scp -r ion root@SERVER_IP:/root

Once uploaded, navigate to each directory and load the Docker images:

cd /root/ion/ion_all
docker load --input gcr.io_etcd-development_etcd_v3.4.9.tar
docker load --input nats_latest.tar
docker load --input pionwebrtc_ion-avp_latest.tar
docker load --input pionwebrtc_ion-biz_latest.tar
docker load --input pionwebrtc_ion-islb_latest.tar
docker load --input pionwebrtc_ion-sfu_latest.tar
docker load --input redis_5.0.9.tar

cd /root/ion/ion_app_web
docker load --input ion-app-web_web_latest.tar

If you encounter a "Cannot connect to the Docker daemon" error, start the Docker service with service docker start.

After loading the images, start the services in separate terminal sessions:

cd /root/ion/ion_all
sudo docker-compose up -d

cd /root/ion/ion_app_web
sudo docker-compose up -d

The -d flag runs the containers in detached mode. Use docker-compose logs in each directory to view the logs.

If you encounter a "docker-compose: command not found" error, reinstall using pip3 or create a symbolic link:

sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

Open the necessary ports for service access: TCP 80 and 443, and UDP 5300-5500 (as defined in docker-compose.yml).

SSL Certificate Installation for Caddy Server

To identify your server type, run:

curl -I https://localhost:9090 -k

Caddy reads its configuration from the Caddyfile in the current directory. In this project, it's located at /root/ion/ion_app_web/configs/caddy/local.Caddyfile.

The Dockerfile contains the line COPY configs/certs/ /app/certs/, which mounts the certificates directory to /app/certs/ within the container.

The original local.Caddyfile TLS configuration looks like:

tls /app/certs/cert.pem /app/certs/key.pem

To use your own SSL certificate, place it in /root/ion/ion_app_web/configs/certs/ and modify the Caddyfile:

tls /app/certs/2_yourdomain.crt /app/certs/3_yourdomain.key

Additionally, mount the certs directory in /root/ion/ion_app_web/docker-compose.yml:

volumes:
  - "./configs/certs/:/app/certs/"

After making these changes, restart the container. Accessing https://yourdmoain:9090 should now show a valid certificate (green lock icon).

Once DNS resolution and SSL certificates are configured, replace all instances of "localhost" in the Caddyfile with your domain name to enable external access.

Enhancing Website Deployment

The web application's docker-compose.yml defines the exposed ports, while the local.Caddyfile specifies the content served on each port.

Previously, we accessed the service via specific ports with HTTPS. To improve this, we can redirect HTTP to HTTPS and use standard ports 80 and 443. This ensures all external access is properly redirected to HTTPS connections.

Replace localhost entries in the Caddyfile with your domain name. The reverse_proxy directive forwards requests to the biz service, whose port is defined in the ion_all docker-compose.yml.

Here's an optimized local.Caddyfile configuration, with the web application's docker-compose.yml exposing only ports 80 and 443:

www.yourdomain {
    redir https://yourdomain{url}
}

yourdomain {
  root * /app/dist
  file_server

  tls /app/certs/2_yourdomain.crt /app/certs/3_yourdomain.key

  reverse_proxy /ws biz:8443 {
    header_up Sec-WebSocket-Protocol {>Sec-WebSocket-Protocol}
  }
}

ION's Cascading SFU Functionality

SFU (Selective Forwarding Unit) uses a star topology where all participants communicate through a central SFU. However, users in different geographic regions may experience varying performance due to distance.

The solution involves allowing users to connect to the nearest SFU for uploading and downloading content, with SFUs communicating through cascading connections.

For more information on SFU-to-SFU relaying, refer to these GitHub discussions:

• https://github.com/pion/ion/pull/344
• https://github.com/pion/ion/pull/350

The source code indicates that this feature is not yet fully implemented:

# islb relay isn't finished yet, so only 1 sfu is supported
# when relay is ready, we'll switch to DaemonSet (1 pod per node)
# so the connections will be spread across the cluster

Current limitations include:

• Only one SFU is currently supported (pending ISLB Relay Feature)
• SFU is configured as a Deployment (scale=1); this will change to a DaemonSet (one pod per node) once Relay is supported

Bonus: Creating Custom Domain Email Accounts

Custom domain email addresses (e.g., @yourdomain.com) can be configured through Tencent Cloud's domain reoslution service.

Access the enterprise email service at https://exmail.qq.com/cgi-bin/readtemplate?t=new_index/versionCmp to register for the basic version and set up WeChat Work.

After binding your WeChat account, log in to your administrator or member account at https://exmail.qq.com/login

Through the administrator account, you can modify member account names (limited to one change). Access "My Enterprise" in the top-right corner, then "Enterprise Information" to add your enterprise domain.

For domains purchased through Tencent Cloud, verification can be automatic. Otherwise, manually configure DNS records at https://console.cloud.tencent.com/cns by adding the email template.

Bonus: Building Scalable Multi-Party Video Applications

For those interested in building large-scale video conferencing solutions, consider these alternatives:

Jitsi Meet - A secure, simple, and scalable video conferencing solution:

• GitHub: https://github.com/jitsi/jitsi-meet
• Documentation: https://jitsi.org/jitsi-videobridge/