Comments (9)
So, I was able to get voice and video calls working with my Matrix/Riot VM by running this coturn docker image on the host machine on the host network (instead of a bridge, br0, or whatever), as you suggested. I then added the correct turn uris to my matrix homeserver.yaml:
matrix_synapse_turn_uris: |
{{
[
'turns:my.domain?transport=udp',
'turns:my.domain?transport=tcp',
'turn:my.domain?transport=udp',
'turn:my.domain?transport=tcp'
]
}}
My turnserver.conf looks like this:
listening-port=3478
tls-listening-port=5349
external-ip=<my_external_ip>
min-port=49152
max-port=49172
use-auth-secret
static-auth-secret=<share-secret>
userdb=/var/lib/coturn/turndb
realm=my.domain
user-quota=12
total-quota=1200
no-tcp-relay
cert=/etc/ssl/fullchain.pem
pkey=/etc/ssl/privkey.pem
stdout
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
allowed-peer-ip=10.0.0.1
pidfile="/var/run/turnserver.pid"
no-cli
and /etc/ssl is mapped to the location of my LetsEncrypt certificates and keys on the host machine.
The base web domain for matrix is hosted on the host web server and connections to matrix are accepted via an NGINX reverse proxy from port 443 WAN to port 8008 on the VM. Port 8448 is forwarded directly to the VM for federation and ports 3478, 5349, and 49152:49172 are forwarded to the web server where this Coturn docker container is running and accepting connections on those ports.
from coturn-docker-image.
I had it in there, but according to the Coturn documentation the use of static-auth-secret
negates the need to include lt-cred-mech in the conf. Here is info from the default turnserver.conf example:
Be aware that use-auth-secret overrides some parts of lt-cred-mech.
The use-auth-secret feature depends internally on lt-cred-mech, so if you set
this option then it automatically enables lt-cred-mech internally
as if you had enabled both.
Note that you can use only one auth mechanism at the same time! This is because,
both mechanisms conduct username and password validation in different ways.
Use either lt-cred-mech or use-auth-secret in the conf
to avoid any confusion.
from coturn-docker-image.
@xthursdayx debugging this part is always tricky and some sort of luck. Some tips that helped us (we're dealing with Kurento):
- Running Docker image in host network.
- We have tried using
turns:
but without success, so we just switched it off as our WebRTC traffic is encrypted already. We also usestun:
. Here is an example:{ "ice_servers":[ { "urls":[ "stun:my.domain:9934" ] }, { "urls":[ "turn:my.domain:9934", "turn:my.domain:9934?transport=tcp" ], "username":"<static-user>", "credential":"<static-path>" } ] }
- We don't restrict with
min-port
/max-port
as that worked much worse in our case (we didn't figure out why). - Verbose logging CLI flags:
-v, --verbose 'Moderate' verbose mode. -V, --Verbose 'Extra' verbose mode, very annoying and not recommended.
from coturn-docker-image.
Thanks for the advice @tyranron
Are you using 9934 in place of the default 3478?
Also, did you find no way to use a static-auth-secret instead of of a static user/pw combo?
from coturn-docker-image.
Are you using 9934 in place of the default 3478?
Yes, but even when we're using default one, we specify port explicitly. Actually, this is just a part of our Helm chart templating.
Also, did you find no way to use a static-auth-secret instead of of a static user/pw combo?
No, we don't need it in our case, actually. Firstly, we had used static user/pass, but then switched to dynamic credentials backed by Redis (media server generates required credentials, puts them into Redis, forms ICE servers and returns them to user, then user connects and Coturn finds required credentials in Redis).
from coturn-docker-image.
Okay, I'll keep trying things.
After running turnutils_uclient I realized that my static-auth-secret may have been causing problems because it contained a symbol. I switched it to an alphanumeric password and now I'm getting these messages in my coturn log:
522: check_stun_auth: Cannot find credentials of user <1573310683:@zandrsn:my.domain>
Nov 08 15:29:18 matrix matrix-coturn[30928]: 522: ERROR: check_stun_auth: Cannot find credentials of user <1573310683:@zandrsn:my.domain>
Nov 08 15:29:18 matrix matrix-coturn[30928]: 522: check_stun_auth: Cannot find credentials of user <1573310683:@zandrsn:my.domain>
This seems to indicate that there is a problem with Matrix and Coturn exchanging the user credentials. From what I understand, when you use a static-auth-secret the user name should be a combo of "timestamp:userid", but this doesn't seem to be happening (if I'm interpreting this message correctly).
from coturn-docker-image.
@xthursdayx hmm... I'm missing the lt-cred-mech
in your configuration, which is vital for WebRTC, did you try it?
from coturn-docker-image.
Hi @xthursdayx are you running it on a bear metal kubernetes or any of the PAAS offerings like AKS?
1.
We are using AKS to host out CoTurn server. We enabled hostNetwork:true
but still unable to establish connection with the server. Are we missing something ?
2.
We kept the clsuter piece aside as we are unable to proceed with the AKS,
Now when we are running the coturn docker image on a azure ubuntu VM and tried static-auth-secret
and use turnutils_uclient
it always gives 401 unauthorised,(we are following the TURN REST API standard to get the username and password)
we are currently hardcoding the secret used to encrypt pwd instead of getting from the DB.
Are we missing something?
from coturn-docker-image.
@Sudheerkumar I'm running the container as a normal docker container not kubernetes or AKS. Sorry not to be able to help more...
from coturn-docker-image.
Related Issues (20)
- Dockerfile states configuration file is not taken into account by default HOT 1
- Starting docker halts HOT 5
- env variables HOT 6
- Turnadmin usage HOT 1
- Does this image support exclusive turn/turns over 80/443 ? HOT 3
- Run in Azure docker HOT 1
- Feature - Support others architectures HOT 7
- Merging of Docker image into official repo? HOT 3
- Deploy to kubernets HOT 2
- letsencrypt certbot HOT 1
- SQLite connection closed HOT 2
- What is the username and password for accessing the turn server HOT 2
- Where can I set the username and password for the Turn service? HOT 2
- turn server username password HOT 1
- TURN server issue HOT 2
- Image for RPI4 HOT 1
- Update to 4.5.2 HOT 2
- Service 'coturn' failed to build: COPY failed: stat /var/lib/docker/tmp/docker-builder360299840/rootfs: no such file or directory HOT 3
- Prometheus? HOT 4
- Running turnserver as non-root using privileged ports HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coturn-docker-image.