misi
commented
3 years ago I don't know how nginx could separate http from stun traffic.. I never heard of such setup yet. Can you share more how did you make it?
Open riker513 opened 3 years ago
misi
commented
3 years ago I don't know how nginx could separate http from stun traffic.. I never heard of such setup yet. Can you share more how did you make it?
riker513
commented
3 years ago HI @misi - please see the reference [1] in my post for an example using Nginx' stream directive in the case of port 443. For port 80 I simply separated between TCP and UDP.
riker513
commented
3 years ago So I conclude no one ever tried this? Suprising to me, because it is even suggested in the Jitsi docs - have they suggested something although it does in fact not work?
Hi everybody, thanks for all the work! I'm trying for quite some time to get the Coturn setup correctly for use with Jitsi, Nextcloud Talk and BigBlueButton. As a lst step I would like my Turn server to be reachable not only via 3478 and 5349, but also via 80 and 443. However, 80 and 443 are used by Nginx, so I wanted to set up port sharing via Nginx' stream module. That did work well up to the point that stun clients such as Stuntman-client and Stun-client can bind to the server on 80/udp->3478/udp, 443/tcp->5349/tcp,443/udp->5349/udp.
However, the output of Stuntman-client
./stunclient --mode filtering --protocol tcp turn.domain.com 443is:Binding test: successLocal address: 171.21.37.130:43257Mapped address: 84.56.196.29:50488whereas if I address the standard ports directly:./stunclient --mode filtering --protocol tcp turn.domain.com 5349Binding test: successLocal address: 171.21.37.130:43948Mapped address: 3.221.222.111:43948In the latter case, the mapped address is detected correctly as the external IP address of the client, and the ports match. In the first case. the mapped address is the external ip of the Coturn server, and the ports do not match.
Does anybody know a trick as to how this can be fixed? I thought it should be possible, as this setup is even a standard setup for Jitsi, see e.g. [1]. And what does [2] mean in this context?
Kind regards!
[1] https://jitsi.github.io/handbook/docs/devops-guide/turn#use-turn-server-on-port-443 [2] https://jitsi.github.io/handbook/docs/devops-guide/faq#how-to-migrate-away-from-multiplexing-and-enable-bridge-websockets