search

anastasiia-zolochevska / turn-server-docker-image

A Docker container with the Coturn TURN server
40 stars 44 forks source link

TURN ports are not published #1

Open boldt opened 7 years ago

boldt commented 7 years ago

Hey Anastasia,

I'm using your docker image to run a stun/turn server for an WebRTC application. I'm starting your image as follows on my server/host (e.g., IP 1.2.3.4):

sudo docker run -d -p 3478:3478 -p 3478:3478/udp --name coturn --restart=always zolochevska/turn-server username password realm

netstat -tulpen on the host shows me, that's working:

$ netstat -tulpen
tcp6       0      0 :::3478                 :::*                    LISTEN      0          54938       4639/docker-proxy
tcp6       0      0 :::22                   :::*                    LISTEN      0          18123       1680/sshd       
udp6       0      0 :::3478                 :::*                                0          54991       4655/docker-proxy

Well, if WebRTC runs a turn request, I am getting a relay candidate (Chrome):

{"candidate":"candidate:3 1 UDP 92217087 1.2.3.4 54277 typ relay raddr 1.2.3.4 rport

Looking into netstat on the host, nothing changed. Thus I jumped into the container:

docker exec -it coturn /bin/bash

Running netstat -tulpen in the container (I installed the package net-tools), I see that the UDP port 54277 is bound inside the container:

$ netstat -tulpen
tcp        0      0 127.0.0.1:5766          0.0.0.0:*               LISTEN      0          55163       17/turnserver   
tcp        0      0 172.17.0.2:3478         0.0.0.0:*               LISTEN      0          55180       17/turnserver   
tcp        0      0 172.17.0.2:3478         0.0.0.0:*               LISTEN      0          55176       17/turnserver   
udp        0      0 172.17.0.2:54277        0.0.0.0:*                           0          58941       17/turnserver   
udp        0      0 172.17.0.2:3478         0.0.0.0:*                           0          55160       17/turnserver   
udp        0      0 172.17.0.2:3478         0.0.0.0:*                           0          55159       17/turnserver

Using 1.2.3.4 54277 fails, since the bound port is not exposed to the host.

Conclusion

The port range used by coturn to provide the TURN functionality must be exposed as well.

Possible Fix

Port range used by coturn: 49152-65535

Source: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L147

boldt commented 7 years ago

The solution is to use publish instead of expose (just used between containers)

sudo docker run -d --restart=always --name coturn -p 3478:3478 -p 3478:3478/udp -p 49152-65535/udp zolochevska/turn-server username password realm

Thus has one downside: It takes a lot of memory (up to 16 GB!)

Until that is fixed, I created a fork which opens just 100 ports (It can be configured as a fourth argument):

ali-heydari-1989 commented 4 years ago

I am trying to run it on Azure and have the same issue with port, Do you have any idea? I cannot open more than 5 ports in Azure