SaturdayFridayThursdayWednesdayTuesdayMondaySunday

Make any site multiplayer in a few lines. Serverless WebRTC matchmaking

haxiomic 219 points oxism.com
kabes
This isn't serverless. It's just using someone else's servers for the SDP signaling. And in a production app you'd likely also need turn servers and maybe SFU servers.

There are some true serverless approaches out there for the signaling, e.g. where both peers scan each other's QR code, but that obviously has very limited use.

haxiomic
You're not wrong! Serverless is a funny term. Cloud companies use serverless to mean you don't have to provision and manage the server yourself, but it is still very much serverful technically speaking. This is neat in that you don't even need to setup anything with a cloud provider yourself to enable p2p connections
_heimdall
I've always seen the distinction as "serverless" meaning there wasn't a set group of servers always on and instead they provision up and down on demand.

Only avoiding provisioning and managing the server just means you are renting rather than self-hosting.

layoric
The VPS is like renting office space. You don't own the space, but for the most part get to use it how you want, and all the responsibilities that come with that.

"Serverless" is like paying for a hot desk by the minute, with little control of your surroundings, but it is convenient and cheap if you only need it for an hour.

sidewndr46
At one job I had access to some paid AWS support tier. It's basically a bunch of consultants. We needed to process a datastream of events from user actions on a website. We asked about serverless / AWS Lambda. Their answer was something like "Well yeah it'll work but don't do that. It'll cost too much money and you'll wind up rebuilding it around EC2 anyways"
layoric
Yup. If you want something to plumb some pretty low volume events, sure serverless like Lambda can be useful. Anything which would be considered high levels of compute, you are just wayyy over paying. Hell, even EC2 on spot instance is expensive compute. I do like some AWS services, but yeah they come at a premium that is just getting more and more expensive.
numpad0
My mental model is "we handle interpreter restarts for you, so forget about systemd unit files and CEO's laptop with minimized tmux"
6r17
I didn't know about the QR-Code solution how does it work ?
numpad0
Normally you need a "lobby" server that collects and lists available other clients and pass along connection details. You have no servers in P2P setup, so the "signaling" information has to be shared "out-of-band", like through QR code or super secret invite link or avian IPv4 or something.
6r17
wait but this should only work on locals / close networks shouldn't it ? i thought you still need some proxying in other cases (hence the turn) - i really need to study this again asap tough
cybrox
Yes. Unless the party generating the QR code first obtains its external IP address by other means, which would still require some kind of echo server. Even then, ignoring outdated approaches like UPnP, a commonly accessible host would be needed to establish signalling with e.g. NAT hole punching for anything but the most basic of setups.
numpad0
STUN gives back your public IP:port, TURN gives you assigned proxied IP:port.

You take that data and send to the peer over signaling connection, and they call you back on that IP:port. Most NAT implementations make and keep a temporary mapping between public port to private IP consistent[1] for few minutes, and not completely random per destination[2], so it usually works.

1: e.g. router.public.ip.example:23456 <-> 192.168.0.12:12345

2: e.g. if stun.l.google.com:12345 sent from port 23456 but if yourfriend.router.ip.example:12345 sent from port 45678

6r17
woaw thank you ; will definitely hop back on this topic now ; very much appreciate the answer
kaoD
I've always been obsessed with true P2P WebRTC with QR codes but, at least back in the day, Firefox fails the offer under a very short timeout (~5 secs IIRC) which made out of band signaling completely impossible.
aketsu
I have done this a couple of weeks ago on firefox and it worked fine even with a 1 minute delay. An even easier way to share the SDP offer, at laest when the clients are in physical proximity, is using a data over sound library like ggwave.
LtdJorge
We've circled back to dial-up modems :D
moffkalast
They say that serverless stacks have the highest server bills.
littlecranky67
serverless nowadays means "no server in YOUR infrastructure"
dsign
Just a reminder that this kind of user-to-user interaction feature makes your website a "social network" according to UK regulation (and Mississippi's, and more jurisdictions coming soon), and therefore you must get copies of government ID of your users so that you can deny them access if they are underage, and rattle them to the police if you suspect they are committing thought crime by sending certain fruits. Obey the law.
ronsor
Do those laws even apply to P2P apps without central servers?
drawfloat
They do, but unlike what the OP claims, you do not need to age verify your site just because you added a social element. If the purpose is not to distribute pornography/other age restricted materials and you are able to moderate the site (ie: are not facebook scale), this is not required.

The law sucks but the misinformation around it is getting out of hand.

koolala
So if a site is completely p2p, it's illegal because it is unmoderatable?
drawfloat
No. If you are operating a p2p video chat site that is accessed by minors and you have no way for users to block or report content, then you are indeed going to face issues.

If a user is downloading a Linux image via bit torrent, or using WebRTC data channels to synchronise many clients using a p2p mechanism, what is the risk that needs age restricting?

This is what I meant, the OP is factually incorrect that just adding P2P technology to a service means it must age gate.

ronsor
And if so, is BitTorrent also completely illegal now, even if there's no piracy? IPFS? I2P? Tor?
shakna
Yes. Its defined without a technical requirement - just legal ones.

Each host will carry a legal responsibility for both what they push, and what they pull.

andai
I made a little multiplayer arcade game last year. I added a chat feature with TTS. About an hour after launch it was just the n word over and over again. (Also zalgo text, which somehow strained the browser more than a video game!)

I removed the chat feature.

At any rate, getting banned by OFCOM is starting to sound like a badge of honor these days.

drawfloat
This is factually untrue and either venting or wilfully ignorant of the actual law.
dsign
Hm? Have you taken a look at the law?

https://www.legislation.gov.uk/ukpga/2023/50/section/12

What's even "harmful content to minors"? Even if it were restricted only to pornography--which is not--I wouldn't count with being able to "moderate" all the ways users can draw penises.

The act regulates "user-to-user" services:

https://www.legislation.gov.uk/ukpga/2023/50/section/3

In this Act “user-to-user service” means an internet service by means of which content that is generated directly on the service by a user of the service, or uploaded to or shared on the service by a user of the service, may be encountered by another user, or other users, of the service.

The legal text is dense but there is some analysis here:

https://www.eff.org/deeplinks/2023/09/uk-online-safety-bill-...

And some news about Reddit: https://www.eff.org/deeplinks/2025/08/americans-be-warned-le...

drawfloat
Ofcom has a clear guide on how harmful to minors is defined. It is even clearly referenced in your own links:

https://www.ofcom.org.uk/siteassets/resources/documents/cons...

Your own links also reference the fact that moderation of content by platforms will allow them to comply with the law.

I don’t like this law and not here to defend its existence. But it is factually untrue just adding this would mean you also need to age verify users.

Case in point (which is not a rare use case), I use webrtc signalling to establish data connections in a multiplayer online game. Why would that require age verification when users are unable to send random content to one another?

pharrington
Agree, with caveat - Obey the law, unless that law is made by a tyrant!
dudefeliciano
how are these laws enforced outside of the UK and Mississippi?
Reubend
WOW this is cool! I love this, but as a nitpick, how scalable is it to do each connection peer to peer? Doesn't that mean that I have to keep a stream connection open for everyone who I want to include in the room?
michaelt
> how scalable is it to do each connection peer to peer?

I can tell you roughly how it works for webrtc video calls.

If you're in a 5-person peer-to-peer webrtc video call where you receive 4 streams of video, you also need to send 4 streams of video. This is scalable in a sense; the uplink and downlink requirements are equal.

The problem comes if you're in a 100-person meeting, and the application logic has hidden 95 people's video to save on bandwidth. In that case, while you'd only receive 4 streams of video you'd have to send 99.

In practice, webrtc video calling often uses an 'SFU' or 'Selective Forwarding Unit' where you send one video stream to the vendor's cloud server and they forward it to the other people in the meeting. This also benefits people on asymmetric connections, and mobile users where uploading costs battery life, and users behind highly restrictive firewalls where webrtc's NAT traversal fails to work.

jech
If you're in a 5-person peer-to-peer webrtc video call where you receive 4 streams of video, you also need to send 4 streams of video. This is scalable in a sense; the uplink and downlink requirements are equal.

The issue is not with the throughput: a typical videoconference requires 700kbit/s per stream, so even 12Mbit/s upstream should be enough for 20 streams or so. The issue is with having to encode the video separately for every receiver.

WebRTC adapts to the available throughput by encoding the video separately for every receiver, with different parameters. If you're in a five-person peer-to-peer conference, you decode four videos simultaneously, which is fine, but you're also encoding your video four times, which is not.

An SFU works around the issue by not reencoding the video: the SFU merely decrypts the video and reencrypts it with the public key of every receiver. Since AES is implemented in hardware, the reencryption comes essentially for free.

(Of course, that implies that the SFU needs to use other techniques for bandwidth adaptation, such as simulcast or scalable video coding (SVC). See slides 10-12 of https://galene.org/galene-20250610.pdf if you're interested.)

Wowfunhappy
This is scalable in a sense; the uplink and downlink requirements are equal.

But don't most home connections have a slower uplink than downlink? Mine certainly does.

ermir
When I experimented with this a few years back a true NxN room would cap around 8 people when using PCs and 4 on mobile, the bottleneck is encoding/decoding of the video. For larger rooms you need a server to route the video to all recipients, this is called an SFU. With an SFU you can have hundreds of participants, but not everyone can speak or be seen at once.

For audio-only the sky is the limit. I used to work on a voice-based social media and you also need an SFU here as well, but I added a few mixing features so that multiple incoming audio streams would be mixed together into a single outgoing one. Was very fun (and scalable).

kabes
It's not very scalable. Regular rules of webrtc apply, so once you go to a certain number of users, you would have to use an SFU approach.
bhaney
how scalable is it

Considering the site just spams my error console with

  DOMException: Failed to construct 'RTCPeerConnection': Cannot create so many PeerConnections
I'd say not very.
Razengan
It'd be cool if you could easily publish multiplayers games to itch.io or similar websites from Godot or Unity and have automatic matchmaking: the first player to visit the game pages gets matched automatically with the next, and so on.

Is there anything like that?

tasuki
I've been looking for this too!

I'd love to use an existing protocol to get (distributed?) user accounts and chat and stuff, and just build my game as a plugin for that. Or something.

jckahn
I used Trystero in exactly this way for https://www.farmhand.life/!
numpad0
You can't find the first one without the first one having static IP found from something in the page, which this thing solves using external services of developer choice, including commercial Supabase and Firebase systems. But the docs says it supports Bittorrent for that, so it's probably good.
araes
Small nitpick. Tried logging in simultaneously with a desktop and a phone to make it wasn't BSing, and it was actually sending moves/fruit correctly. Yes, appears to. However, found out phones don't update on touchmove. Only on final touch.

Be nice if it used:

  const [sendMove, getMove] = room.makeAction('pointerMove')

  window.addEventListener('pointermove', e => sendMove([e.clientX, e.clientY]))
It's part of the Pointer Events API and provides a unified event model for handling mouse, pen/stylus, and touchscreens.

If necessary it can then use "PointerEvent.pointerType" to find the actual type.

https://developer.mozilla.org/en-US/docs/Web/API/Element/poi...

Otherwise, neat capability, and there's at least several different concepts it seems like it would be enabling of. Mapping / GIS, you could see where other people are browsing on somewhere like Google Maps. Maybe leave little markers that fade with time. Temporary file sharing where you broadcast a list of available files after logging on and peers can send requests. Dropbox-esque send yourself stuff with a home system that's always logged on. Computer-aided design (CAD/CAE/CAM) or stuff like blender/photoshop, work on models/images together. Obvious stuff like word/excel. Field Service Management, collaborative service calls.

Admittedly, also enabling of botnets, darkweb, and other such ideas. However, such is the nature of a lot of these types of technologies.

sotspecatcle
Cool, not working in Safari for me though.
quietfox
It worked for me in Safari for a while, but then the entire browser stopped working.
pacha3000
it's laggy as hell on firefox. but works nice on chrome. won't use it
evbogue
I use Trystero as one of the transfer methods on wiredove. it's super cool. it doesn't always work because punching thru NAT is a pain, but when it does work it's awesome. Trystero is also cool if you want to hook up a webcam or a video meeting with the minimal amount of code.
kamranjon
Awesome way to demonstrate exactly what your library does - also the library itself is a great concept - was just looking for something just like this the other day.
philipallstar
I remember cloning the twilio code for video conferencing for webrtc and it working instantly. Very cool.
dudefeliciano
On the other hand setting up the turn servers and so on for signaling before the webrtc connection is established can be a nightmare, if not using a third party service like twilio
peterleiser
The site says "Right now youʼre the only person with the page open, but you can cheat and just open this URL in another tab to see what itʼs like with others." I'm using Firefox and Chrome on Ubuntu. When I try a second tab or one in Firefox and one in Chrome my computer's network connection locks up (pings stop). I have to close the tabs and then pings to google.com come back at 30 seconds and slowly come back to normal. It appears that http://playground.nostrcheck.me/relay is the problem.
jsomedon
This is so fun. You know what, you should change the picture of cursor from hand to something like, bee, or even fly, that should make it even more hilarious :-p
jjangkke
Few things

1) Serverless isn't really serverless and we are sick of this AWS speak. The trend lasted briefly but it isn't appealing when you are metered for every little thing and unable to SSH into a host and resolve issues

2) You can already do matchmaking easily with FOSS self-hosted solutions. These don't cost a lot of computing or bandwidth but some developers think its a chaotic and resource heavy problem.

Paedor
Hey cool! I once hacked together a serverless game like this using firebase as an intermediary. https://github.com/amdson/rtcpvp / https://amdson.github.io/rtcpvp. I remember wishing this existed, setting up ICE p2p was truly not enjoyable.
zknowledge
to the person who's cursor I chased around for more than a couple of minutes, I don't know why I did that and I apologize.
wewewedxfgdf
I wanted to throw objects at others and to make things explode. That's just what it brought up in me.
jehnnysmith
HN should add downvote option.
kzrdude
I wonder if we can make a live heatmap of text selections on the page, smoothed and decaying with time.
maxlin
This is mad, I love it. Way more "serverless" than what the term is commonly used for!
florians
Sweet API design!
jojohack
Love it
dmotz
https://github.com/dmotz/trystero

Direct link to the underlying source code.

kookamamie
Serverless

uses someone else's network for signaling

allknowingfrog
I've been exploring PeerJS (https://peerjs.com/) recently. This seems like a similar concept. Would it give me anything that PeerJS doesn't?
dmotz
I'm the Trystero author and I'd say both libs attempt to accomplish the same goal but with very different APIs. One key difference is PeerJS uses a single centralized server by default for matchmaking, whereas Trystero offers lots of flexibility and redundancy, using various signaling connections in parallel.