This is the multi-page printable view of this section. Click here to print.
Start with the Installation guide to deploy Browsolate in your AWS environment, or check out the Introduction for a high-level overview of how it works.
If you have any questions or need assistance, don’t hesitate to reach out through our Support page.
Designed for both desktop and mobile devices, Browsolate ensures user activity remains isolated from the local environment and is protected from malicious websites.
A secure browsing session can be launched by accessing a predefined URL. This simplifies session initiation, allowing users to start an isolated session without additional configuration or setup.
Browsolate runs each browsing session in its own container within AWS ECS. This ensures strict process separation and complete isolation of user activity, safeguarding the environment from external threats.
Sessions are streamed to users via WebRTC, ensuring low-latency video and real-time interaction. This allows users to interact with the remote browser session as if it were running locally.
browsolate.com for simpler deployment.Browsolate supports routing traffic through custom anonymizer or security proxies, with optional authentication credentials in the URL.
To support reliable WebRTC streaming in restricted network environments, Browsolate includes integrated STUN/TURN servers for robust connection handling.
All session activity, including navigation and interactions, is logged for security and auditing purposes.
Provides seamless performance across both mobile and desktop devices.
Browsolate allows you to take a URL, and launch it in a Remote Isolated Session in a container in AWS.
sequenceDiagram
participant User
participant API as Browsolate API
participant SecretsManager
participant Viewer as Browsolate Viewer
participant ECS as ECS (Browsolate container)
User->>User: Select site to visit
User->>API: Generate encrypted URL
API->>SecretsManager: Retrieve encryption key
SecretsManager-->>API: Encryption key
API->>User: Encrypted URL
User->>Viewer: Navigate to encrypted URL
Viewer->>SecretsManager: Retrieve decryption key
SecretsManager-->>Viewer: Decryption key
Viewer->>ECS: Launch isolated browser session
ECS-->>Viewer: Browser session launched
loop Continuous interaction
Viewer->>User: Stream video of session
User-->>Viewer: Send keyboard and mouse input
end
ECS-->>Viewer: Terminate session
Viewer-->>User: End video stream
User->>User: Session terminated
See Creating an Isolated link to learn more.
browsolate.com). SSL certificates are managed via AWS Secrets Manager.See Bring your own Certificate to learn more.
See Screen Settings to learn more.
See Clipboard Access to learn more.
See Custom Themes to learn more.
https://user:password@proxy.example.com, enabling secure or anonymized routing.See Configuring a Proxy to learn more.
See Logging to learn more.
See STUN & TURN Services to learn more.
When setting up Browsolate from AWS Marketplace, several parameters can be configured to customize the solution to fit your organization’s requirements.
These parameters affect security, performance, session handling, and the overall behavior of the service.
See Installation parameters to learn more.
This guide is targeted at developers and system administrators who need to install Browsolate using AWS CloudFormation. This installation method is required for certain configurations and license agreements.
For security assurance, you are encouraged to inspect the provided CloudFormation templates to review settings, including role and IAM policies.
The following AWS IAM permissions are required for deploying Browsolate via CloudFormation:
AmazonEC2ContainerRegistryFullAccessAmazonEC2FullAccessAmazonECS_FullAccessAmazonSSMReadOnlyAccessAWSCloudFormationFullAccessAWSLambda_FullAccessCloudWatchLogsFullAccessIAMFullAccessDeploying the Template: Using the AWS Management Console, AWS CLI, or SDK, initiate the CloudFormation template deployment using the provided S3 URL.
Parameters: Follow the parameters listed in the Installation Options Documentation to configure the template. Additionally, you will need to pass your secret key, provided in your installation email. Ensure you check this email for any additional installation notes or customer-specific instructions.
Deployment Verification: Once the deployment is complete, check the Outputs section in the CloudFormation template. Here you will find URLs, deployment details, and other relevant configuration information.
DNS Propagation: If using a browsolate.com domain, DNS propagation may take some time. To monitor the progress, consult the CloudWatch logs.
If you enabled the Launcher UI you can use the built-in example page to create and launch arbitrary URLs. The URL of the Launcher will be published in the Outputs section of the CloudFormation deployment.
NOTES
When setting up Browsolate using AWS Marketplace or AWS CloudFormation, several parameters can be configured to customize the solution to fit your organization’s requirements. These parameters affect security, performance, session handling, and the overall behavior of the service. Below are detailed explanations of each parameter group and the associated options.
This parameter sets the password used to access management APIs. If left blank, management pages such as KeyManager and Launcher will not be enabled.
'' (blank)Determines whether the launcher page, which is the interface users interact with to initiate isolated sessions, is enabled. Disabling the launcher UI may be useful if you’re directly controlling session creation through APIs.
truetrue, falseThis parameter determines whether the encryption key management page is enabled.
truetrue, falseSpecifies the Amazon Resource Name (ARN) of a custom CSS file that contains themes to modify the look and feel of the Browsolate user interface. This allows you to brand the user interface with your company’s identity or create a custom experience for your users.
''Controls whether the API ports (default 5443) are publicly accessible. Setting this to true allows external users to access the APIs, which might be useful for testing or other use cases. For production environments, you may want to restrict access by setting it to false.
falsetrue, falseThis parameter defines the maximum allowed duration for a single user session, in seconds. After the specified duration, the session will automatically end, helping to prevent long, inactive sessions and optimize resource usage.
600 (10 minutes)Sets the maximum period (in seconds) during which a session can remain inactive before being terminated. This is useful in cases where a user leaves a session open but inactive, allowing resources to be reclaimed after the dead time has passed.
90 (seconds)URL for the proxy server that will be used to route user traffic. This can include authentication credentials within the URL if required (e.g., https://user:password@proxy.example.com). Setting a proxy server allows you to route traffic through a secure or anonymized network.
''Determines the type of EC2 instance used to host Browsolate. The instance type you choose affects the computational power and memory available, which can impact the performance of the service. You need to ensure that the instance type you specify is available in your AWS region. Choose a larger instance for higher performance and scalability.
m5.largeDetermines the maximum number of EC2 instances which can be deployed into the ECS cluster. Choose more instances for higher scalability.
1Specifies the value stored in AWS Secrets Manager that contains your HTTPS certificates. This allows Browsolate to serve HTTPS traffic securely using your own certificates.
''Allows you to specify a custom domain name for your organization. If left blank, Browsolate will register your service with the default domain browsolate.com. Using your own domain requires additional setup to configure DNS and certificates.
''Specifies the index of the AWS Availability Zone (AZ) where the service will be deployed. Choose 0 for the first AZ, 1 for the second, and so on. Ensure that the selected instance type is available in the chosen Availability Zone.
002Defines the AWS region where your custom theme CSS file is stored. This is useful when hosting theme files in regions other than the default region of your deployment. Providing this value ensures that the correct region is used to retrieve the CSS file.
''This parameter defines the EC2 instance type for the STUN/TURN servers. STUN/TURN servers are responsible for relaying WebRTC traffic when direct peer-to-peer connections are not possible (such as when users are behind firewalls). A more powerful instance type can handle a higher volume of traffic.
t3.largeThe shared secret used by the STUN/TURN server for authenticating clients. This secret is used to secure WebRTC connections between clients.
''If using existing STUN/TURN servers, specify a comma-separated list of stun: URLs here. This parameter allows you to connect to external STUN servers instead of creating new instances.
STUNUrls
''If using existing STUN/TURN servers, specify a comma-separated list of turn: URLs here. This parameter allows you to connect to external TURN servers instead of creating new instances.
TURNUrls
''Specifies the number of STUN/TURN server instances to deploy.
More instances can improve redundancy and performance, particularly for users behind firewalls or on mobile networks.
You can scale the number of instances depending on the expected traffic.
This field is ignored if STUNUrls or TURNUrls are provided.
WebRTCInstances
1120These parameters allow you to customize various aspects of Browsolate during installation, from session management and EC2 instance types to the configuration of STUN/TURN servers and UI themes. Adjust these settings based on your organization’s requirements for performance, security, and scalability.
The following network ports are used by Browsolate:
The security configuration, as shown in the CloudFormation template, controls which of these ports are exposed to external access.
For enhanced security, you can restrict access to Port 5443 using AWS Security Groups. By default, this port is used for API and UI access and can be limited to internal networks only if public API access is not required.
Browsolate offers an API endpoints for URL encryption, and several user interface pages for creatings sessions and managing keys. These are available on Port 5443.
To disable the API or UI pages:
false to limit API access.For the highest level of security, you can protect session links with a shared secret stored in AWS Secrets Manager, and completely disable external access to the API, setting PublicAPIAccess to false
See Creating an Isolated Link to learn more about using Browsolate with AWS Secrets Manager.
In Browsolate, you can fully customize the look and feel of the interface by providing a custom CSS file. This CSS file should be stored in an S3 bucket, and the ARN of the CSS file must be provided during the setup process.
This guide will walk you through the steps for creating and using a custom theme.
Here is an example of a CSS file that customizes various elements of the Browsolate interface:
:root.b8-theme-cp-default {
--theme-display-name: Cherrypops Inc;
--company-logo: 'https://cherrypops.inc/assets/logo.png';
--toolbar-background: linear-gradient(145deg, #ff7bff, #ff56b3);
--toolbar-button-hover-background: linear-gradient(145deg, #ff56b3, #ff7bff);
--toolbar-button-active-background: linear-gradient(145deg, #ff3366, #ff4085);
--toolbar-button-text-colour: white;
--toolbar-button-box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1), 0 2px 4px rgba(0, 0, 0, 0.1);
--toolbar-button-active-box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2), 0 1px 3px rgba(0, 0, 0, 0.2);
--toolbar-button-focus-box-shadow: 0 0 0 4px rgba(0, 23, 55, 0.5);
--toolbar-button-font-size: 24px;
--toolbar-button-width: 40px;
--toolbar-button-height: 40px;
--toolbar-button-padding: 8px 8px;
--toolbar-height: 55px;
--toolbar-menu-font-size: 16px;
--toolbar-url-background-colour: #090909;
--toolbar-url-text-colour: #ece;
--session-end-content: 'https://media.istockphoto.com/id/944014530/video/animation-of-digital-human-head-on-colorful-noisy-moving-lines.mp4?s=mp4-640x640-is&k=20&c=vhYdSXvu3CDPXjtwtv6ExxOBg44nPU0_14aYbeHAOyM=';
}
--theme-display-name: The name of your theme, displayed in the Browsolate interface.--company-logo: The URL of your company’s logo, which is shown in the interface.--toolbar-background: The background style for the toolbar, in this case, a gradient.--toolbar-button-hover-background: The background style when hovering over toolbar buttons.--toolbar-button-active-background: The background style for active toolbar buttons.--toolbar-button-text-colour: The text color of the toolbar buttons.--toolbar-button-box-shadow: The box-shadow applied to the toolbar buttons by default.--toolbar-button-active-box-shadow: The box-shadow for active toolbar buttons.--toolbar-button-focus-box-shadow: The box-shadow applied when a toolbar button is focused.--toolbar-button-font-size: The font size of toolbar button text.--toolbar-button-width: The width of toolbar buttons.--toolbar-button-height: The height of toolbar buttons.--toolbar-button-padding: Padding around toolbar buttons.--toolbar-height: The height of the entire toolbar.--toolbar-menu-font-size: The font size used in the toolbar menu.--toolbar-url-background-colour: The background color of the URL input box.--toolbar-url-text-colour: The color of the text in the URL input box.--session-end-content: URL of a video or image displayed when the session ends.Create a CSS file with your custom styles, following the example above. Save the file locally, ensuring that the .css extension is used.
To retrieve the ARN of your CSS file in S3:
arn:aws:s3:::bucket-name/path-to-your-file.css
During the installation of Browsolate, you will need to specify the ARN of your custom CSS file in the ThemeCSS . This can be done either in the CloudFormation template or the AWS Marketplace configuration.
Parameters:
ThemeCSS:
Type: String
Description: "ARN of the custom theme CSS file in S3"
Default: "arn:aws:s3:::bucket-name/path-to-your-file.css"
By setting the ThemeCSS parameter to the ARN of your stored CSS file, Browsolate will apply your custom theme during operation.
Instead of using the default Let’s Encrypt certificate provided by Browsolate, administrators can specify their own x509 certificate and private key. This is done by uploading the certificate and key to AWS Secrets Manager and providing the ARN during the setup process.
browsolate.com domain. You are responsible for managing your own domain name and DNS settings.You need to have both an x509 private key and an x509 certificate ready. These should be in .pem format (or a similar format). These files are usually provided by your Certificate Authority (CA) when you purchase an SSL certificate.
Browsolate requires the private key and certificate to be combined into a single file for ease of use. You can do this easily in a terminal.
# Concatenate the private key and certificate
cat my_private_key.pem my_certificate.pem > my_combined_cert.pem
This will create a new file called my_combined_cert.pem, which contains both your private key and certificate in the correct order.
You can now upload the concatenated file to AWS Secrets Manager. This will allow Browsolate to securely retrieve your certificate and private key during operation.
-----BEGIN PRIVATE KEY-----)-----BEGIN CERTIFICATE-----)If you prefer the command line, you can upload the concatenated file directly:
# Upload the concatenated certificate and private key to Secrets Manager
aws secretsmanager create-secret --name MyWebServerCert --secret-string file://my_combined_cert.pem
The output of this command will include the ARN of the secret, which you will need later.
To retrieve the ARN of the secret you stored in AWS Secrets Manager, follow these steps:
arn:aws:secretsmanager:region:account-id:secret:MyWebServerCert-xxxxxx
Copy this ARN as you will need it for the next step.
During the installation of Browsolate, whether through the AWS Marketplace or a CloudFormation template, you will need to provide the ARN of the secret that holds your certificate and private key.
In the CloudFormation template or the Marketplace configuration, this is specified as the HttpsConfig parameter.
Parameters:
HttpsConfig:
Type: String
Description: "ARN of the certificate and private key in Secrets Manager"
Default: "arn:aws:secretsmanager:region:account-id:secret:MyWebServerCert-xxxxxx"
By setting the HttpsConfig parameter to the ARN of your stored secret, Browsolate will use your custom certificate and private key for HTTPS communication.
When deploying Browsolate, you can configure a proxy server to route all traffic through an external network. This is particularly useful for enhancing security, anonymity, or enforcing network policies.
The proxy configuration is passed through the Proxy parameter from the AWS Marketplace installer or the the CloudFormation template.
The format of the Proxy parameter follows standard URL syntax. It supports various types of proxy servers, including HTTP, HTTPS, and SOCKS (SOCKS4 and SOCKS5). Authentication can also be included in the URL if required.
HTTP / HTTPS Proxy:
http://proxy.example.com:8080
https://proxy.example.com:443
https://username:password@proxy.example.com:443
SOCKS4 / SOCKS5 Proxy:
socks4://proxy.example.com:1080
socks5://proxy.example.com:1080
socks5://username:password@proxy.example.com:1080
In this format:
username and password are your proxy authentication credentials (if required).proxy.example.com is the hostname or IP address of your proxy server.8080, 443, and 1080 are the ports that the proxy server is listening on.In addition to proxy configuration, Browsolate allows the addition of custom headers at runtime through the customRequestHeaders field in the URL JSON configuration. This feature provides flexibility in injecting headers into requests, giving fine-grained control over how requests are handled by an upstream proxy.
To include a custom header, modify the customRequestHeaders field in the URL configuration:
{
"url": "https://example.com",
"customRequestHeaders": {
"X-Custom-Header1": "custom-value1",
"X-Proxy-Username": "protected@mycompany.com"
}
}
STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays around NAT) servers play essential roles in WebRTC communication by helping manage NAT (Network Address Translation) traversal and facilitating peer-to-peer connectivity. These services ensure smooth media flow even when direct peer-to-peer connections are not possible.
Note: While there are several free STUN servers available, TURN functionality is generally not provided for free due to the high resource demand of relaying media traffic.
Browsolate includes the open-source Eturnal STUN/TURN server. If no alternative STUN/TURN servers are specified during setup, Browsolate will deploy an Eturnal server instance for you.
To use alternative servers, specify them as comma-separated URLs in the STUNUrls and TURNUrls parameters in the CloudFormation template or AWS Marketplace installation. This option can be particularly helpful for enterprises already using third-party WebRTC providers.
Browsolate supports username/password authentication for TURN services as defined in RFC 8489. You can set the shared secret required for this authentication in the CloudFormation template during installation, as detailed in the WebRTCSecret parameter.
The size and number of STUN/TURN server instances you deploy depend on your traffic volume and user network conditions:
t3.large for moderate usage).Currently, autoscaling is not supported, so it’s important to select the appropriate instance size and count to meet your expected usage.
If your use case requires specific password requirements or you need to integrate Browsolate with third-party WebRTC providers, we offer customization options. For more details or to discuss custom integration needs, please contact us through the Contact Page.
If EnableLauncherUI and PublicAPIAccess have been enabled at installation, a launcher page is available at
https://<aws_region>.<your_subdomain>.isolated.browsolate.com:5443/launcher.html
This page provides an easy-to-use interface for configuring and launching secure, isolated browsing sessions.
Advanced session options can be accessed by appending the advanced query parameter to the URL.
https://<aws_region>.<your_subdomain>.isolated.browsolate.com:5443/launcher.html?advanced
At its core, launching a session simply involves navigating the end-users browser to a properly formatted URL. The launcher page is designed to generate these URLs based on the session settings you define. However, you are not limited to using the launcher page; URLs can be programmatically constructed within your own application.
To create session URLs programmatically, follow the guide Creating an Isolated Link.
These extensions must be installed in developer mode.
For Chromium-based Browsers (Edge/Chrome)
Configure the extension with the root URL for your Browsolate instance.
You may either use the extension with the API (Enter management password), or include the base64 URL encryption key in the extension configuration.
Browsolate is a secure, isolated browser environment designed to safely render and interact with websites. To facilitate secure communication and configuration, Browsolate uses encrypted URLs containing JSON blobs that define browser session settings. These URLs are constructed with sensitive data that needs to be encrypted for safe transfer.
This documentation outlines how developers can construct such URLs, using encryption keys sourced from an API or AWS Secrets Manager.
At the core of Browsolate’s system, URLs are used to initiate browser sessions with encrypted JSON data. This data is required to configure each session and contains sensitive information such as session parameters, permissions, and other settings.
Encryption Process:
b8data).https://<aws_region>.<your_subdomain>.isolated.browsolate.com/viewer.html?keyId=default&b8data=ENCRYPTED_BASE64_DATA
Where:
<aws_region> is the AWS region where the instance is hosted.<your_subdomain> is the unique subdomain assigned to you as a customer using Browsolate.If the API has been enabled at deployment time, the data may be encrypted via a POST to the /encrypt HTTP endpoint
API Endpoint:
b8admin(Specified during marketplace deployment)default is created upon deployment{"encryptedData":"ENCRYPTED_BASE64_DATA"}API Example:
POST /encrypt HTTP/1.1
Host: us-east-1.abc123_custid.isolated.browsolate.com
Authorization: Basic b8admin:password
Content-Type: application/json
{
"keyName": "default",
"data": {
"url": "https://example.com",
"linkExpiry": -1
}
}
The response contains the encrypted base64 data:
{
"encryptedData": "ENCRYPTED_BASE64_DATA"
}
AWS Secrets Manager is used to secure the encryption keys. When deployed from AWS Marketplace, the secret b8_urlencryption_secrets-v1.json is created (if not already present).
b8_urlencryption_secrets-v1.jsonSecrets Manager Fetch Example:
aws secretsmanager get-secret-value --secret-id b8_urlencryption_secrets-v1.json
This returns the encryption keys stored as a JSON blob.
b8data query parameter to the base URL along with the keyId, which identifies the source of the encryption key.https://<aws_region>.<your_subdomain>.isolated.browsolate.com/viewer.html?keyId=default&b8data=ENCRYPTED_BASE64_DATA
For generating a URL, the API can be called via cURL as follows:
curl -X POST "https://us-west-1.your_subdomain.isolated.browsolate.com:5443/encrypt" \
-H "Authorization: Basic B64(b8admin:password)" \
-H "Content-Type: application/json" \
-d '{
"keyName": "default",
"data": {
"url": "https://example.com",
"linkExpiry": -1
},
"returnBase64": true
}'
const crypto = require('crypto');
const base64url = require('base64url');
function encrypt(key, data) {
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
const encrypted = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);
return base64url(Buffer.concat([iv, encrypted]));
}
const key = Buffer.from('your-256-bit-secret-key', 'utf8');
const jsonData = JSON.stringify({
"url": "https://example.com",
"linkExpiry": -1
});
const encryptedData = encrypt(key, jsonData);
const url = `https://us-east-1.your_subdomain.isolated.browsolate.com/viewer.html?keyId=default&b8data=${encryptedData}`;
console.log(url);
Sample code for Java, Python, JavaScript and shell-scripting.
Depending on the environment, the encryption key may be sourced differently:
b8_urlencryption_secrets-v1.jsonThe following table describes all the fields that may appear in the JSON object.
| Name | Type | Description | Default Value |
|---|---|---|---|
url* |
string |
URL to be browsed | "" |
linkExpiry* |
abstime |
Absolute time this link expires (or -1 for no expiry) | -1 |
clipboardRead |
boolean |
Allow reading from clipboard | false |
clipboardWrite |
boolean |
Allow writing to clipboard | false |
userAgent |
string |
User Agent string | "" |
readOnly |
boolean |
Enable read-only mode | false |
navigation |
boolean |
Allow navigation | true |
urlEditable |
boolean |
URL is editable | false |
sessionLifetime |
integer |
Session lifetime (secs) | 300 |
sessionExtensionAllowed |
boolean |
Allow session extension | false |
sessionExtensionTime |
integer |
Time to extend session by (secs) | 30 |
screenWidth |
integer |
Screen width, or -1 for auto | 1024 |
screenHeight |
integer |
Screen height, or -1 for auto | 768 |
mobileAutoSize |
boolean |
Automatically size screen on mobile devices | true |
debugModeEnabled |
boolean |
Enable debug mode | false |
customRequestHeaders |
keyValue |
Custom request headers | "" |
themeName |
string |
Theme name for the UI | default |
linkId |
string |
Identifier for link, will be logged with all events generated by this URL | "" |
logDirectUrlNavigation |
boolean |
Log whenever a page navigation occurs within a session | false |
logIndirectUrlNavigation |
boolean |
Log whenever a URL is fetched from within a session | false |
Note: Fields marked with * are required.
When creating URLs to launch sessions in Browsolate, you can pass various runtime arguments to customize session behavior dynamically. These options allow for flexible control over user interactions, security, and session parameters during runtime.
Below is a detailed explanation of the available runtime arguments and their effects.
The URL that will be opened in the isolated browser session. This must be a valid web address.
""Specifies the absolute time when the session link will expire, or -1 for no expiry.
-1Specifies whether the session is allowed to read content from the user’s clipboard. If set to true, the session can access clipboard data.
falseSpecifies whether the session can write content to the user’s clipboard. If set to true, the session can modify clipboard content.
falseSpecifies the theme to use for the session’s user interface.
"default"Enables or disables read-only mode for the session. When enabled, the session restricts user actions such as input or interaction with web forms.
falseDetermines if the user is allowed to navigate to different URLs during the session.
trueSpecifies whether the URL bar is editable by the user during the session.
falseDefines the total duration (in seconds) of the session before it is automatically terminated.
300Specifies whether the session can be extended beyond its original lifetime.
falseDefines the amount of time (in seconds) to extend the session when allowed.
30Specifies the width of the browser window. Use -1 for automatic sizing.
-1Specifies the height of the browser window. Use -1 for automatic sizing.
-1Automatically size the screen on mobile devices, ignore any fixed width and height.
trueDefines the User-Agent string for the session. This is an advanced option and can be used to modify how the browser identifies itself to websites.
""Allows custom request headers to be sent with each HTTP request. This is an advanced option for customizing how requests are made.
""An identifier for the session link, which will be logged with all events generated by the session.
""Logs whenever the user navigates directly to a new URL within the session.
falseLogs when URLs are fetched indirectly from within the session, such as through JavaScript.
falseTurns on debug mode for the session, which may provide additional diagnostic information.
falseBrowsolate logs all session activity for auditing and security purposes. These logs are accessible through AWS CloudWatch in the log group named browsolate-logs. Each day has its own logfile, named according to the format sessions-YYYY-MM-DD.
Logs are stored in the region where your Browsolate instance is deployed, and you can view them directly in CloudWatch.
sessions-YYYY-MM-DD.Logs capture key events such as the start and end of a session, along with various session parameters and configurations. Below are sample log entries for session start and session end events.
{
"event": "session_start",
"sessionId": "SESSION:94e31200-7991-4c4b-8a3e-a211a43f8723",
"startTime": "2024-10-23T10:18:34.838Z",
"clipboardRead": true,
"sessionExtensionTime": 30,
"screenWidth": 1024,
"customRequestHeaders": {
"header1": "value1",
"header2": "value2"
},
"urlEditable": false,
"screenHeight": 768,
"readOnly": false,
"userAgent": "",
"sessionExtensionAllowed": false,
"url": "https://www.redacted .com/",
"logIndirectUrlNavigation": false,
"navigation": true,
"linkId": "",
"clipboardWrite": true,
"linkExpiry": -1,
"logDirectUrlNavigation": false,
"sessionLifetime": 300,
"debugMode": false
}
{
"event": "session_end",
"sessionId": "SESSION:94e31200-7991-4c4b-8a3e-a211a43f8723",
"startTime": "2024-10-23T10:18:34.838Z",
"endTime": "2024-10-23T10:18:47.937Z",
"sessionLengthSeconds": 13,
"reason": "Session ended",
"clipboardRead": true,
"sessionExtensionTime": 30,
"screenWidth": 1024,
"customRequestHeaders": {
"header1": "value1",
"header2": "value2"
},
"urlEditable": false,
"screenHeight": 768,
"readOnly": false,
"userAgent": "",
"sessionExtensionAllowed": false,
"url": "https://www.redacted.com/",
"logIndirectUrlNavigation": false,
"navigation": true,
"linkId": "",
"clipboardWrite": true,
"linkExpiry": -1,
"logDirectUrlNavigation": false,
"sessionLifetime": 300,
"debugMode": false
}
These logs help in tracking down issues related to deployment, configuration, and the overall health of the system.
System logs are stored in AWS CloudWatch under the ComputeStack log group. This log group is identified by the unique ID assigned during the installation process by the AWS Marketplace.
System logs are especially useful for:
The Eturnal STUN/TURN server handles WebRTC traffic routing for Browsolate, allowing real-time video and audio streaming through firewalls and NATs. Logging for Eturnal is crucial for diagnosing connectivity issues and monitoring the performance of WebRTC sessions.
Eturnal logs are stored in the eturnal-logs log group in AWS CloudWatch.
At Browsolate, we are proud to use open-source software to build and enhance our products. We recognize the hard work and dedication of the open-source community. This product includes software developed by many contributors from around the world, and we are committed to acknowledging their efforts and adhering to the terms of each license.