Back to Home

P2P video service on WebRTC: development from scratch in 9 months

Vizavi project — P2P video service developed from scratch in 9 months. Architecture based on WebRTC with its own STUN/TURN server and signaling server on Node.js. The solution runs on a modest VPS without using databases, storing data in JSON files.

How to assemble a video service in 9 months on a VPS with 1 core
Advertisement 728x90

# Building a P2P Video Service from Scratch: 9 Months of Development on a 1-Core VPS

Over nine months of free time, an electrician from a remote area created a fully functional P2P video service called "Vizavi"—no registration or app installs required. Built from scratch on a modest VPS (1 core, 512 MB RAM), it uses WebRTC for direct peer-to-peer connections and gets around blocks. The result: a browser-based solution with a Russian domain that keeps working even under local network restrictions.

From Idea to Reality: How "Vizavi" Came to Be

The project started when its creator ran into blocks on mainstream video services and had to look for alternatives. While experimenting with a neural network, the idea hit: "Can you build a video caller?" Diving into WebRTC basics, STUN/TURN servers, and ICE candidates, the author got deep into the tech. The first successful test calls sparked further development. A standout feature: no sign-ups or apps needed—connections happen right in the browser using a short numeric room code.

The architecture follows a "building with rooms" model: users enter a room number on https://vizavi.rf/, and the system auto-connects them once two participants are in. Sharing the room code is up to the users—via messaging apps, a phone call, or even in person. This keeps barriers low: just click the link and grant camera/mic access.

Google AdInline article slot

Tech Stack: Minimalism as a Philosophy

The service runs on a rented VPS in a Moscow data center with bare-minimum specs:

  • 1 CPU core
  • 512 MB RAM
  • 10 GB SSD disk (3.3 GB used)
  • OS Debian 11

Infrastructure includes:

  • Coturn — in-house STUN/TURN server for NAT traversal
  • Node.js (signaling server) managed by PM2
  • Nginx as a reverse proxy
  • SSL from Let’s Encrypt with automatic renewal
  • UFW and Fail2Ban for basic security
  • Client and server logic in vanilla JavaScript
  • Express for static files and REST API
  • Socket.io for real-time WebRTC signaling

Data storage uses JSON files instead of traditional databases. This fits the server's limited resources and simplifies deployment. A custom admin panel, built from scratch, shows live connection stats and monitors activity in real time.

Google AdInline article slot

Room Types: From Basic to VIP

The system supports three room types:

  • Standard rooms — basic setup for two users. Enter the same number, and you're connected automatically. No call recording, IP logging, or message storage.
  • VIP rooms — adds hierarchy: the owner controls the chat, records meetings, and can kick guests. Guests can screen share and send files. Includes a queue for multiple connections and a message board at the entrance.
  • Observation rooms (in development) — like a "baby monitor": one device acts as the camera, the other as the viewer. Plans to repurpose old smartphones as video feeds.

A key strength: no extra steps before connecting. Unlike competitors that demand registration or usernames, "Vizavi" links users instantly after entering the room code.

Security and Privacy: Current Status

End-to-end encryption comes built-in with WebRTC, securing audio and video streams. That said, some areas need work:

Google AdInline article slot
  • Chat history is stored in plain text in the browser's localStorage
  • VIP entrance messages are saved in unencrypted JSON files
  • No authentication for room access

The author points out it's not built for sensitive data but knows protection needs beefing up. On a resource-constrained VPS (512 MB RAM), adding full encryption means balancing security and performance.

Key Takeaways for Developers

  • Architecture minimalism — JSON over databases and ditching unnecessary dependencies are crucial for running on low-end VPS.
  • Signaling server flexibility — Socket.io handles WebRTC signals smoothly, even under heavy bot and scanner traffic.
  • User experience — Skipping steps like registration or name entry boosts engagement right away.
  • Security as an ongoing process — Basics like UFW and Fail2Ban are must-haves for any project, but audit regularly.

The system deals with constant probes from scanners and bots, so it filters them: non-browser clients get a stripped-down HTML page without JavaScript. This cuts server load and helps with SEO.

The project proves technologies like WebRTC are within reach for beginner devs. Success came from phased builds, focusing on core features, and leveraging ready-made tools (Coturn, Let’s Encrypt). Next up: message encryption and scaling for more simultaneous connections.

— Editorial Team

Advertisement 728x90

Read Next