Closed phere-x closed 1 year ago
You should change NEKO_NAT1TO1
to your public IP. See docs: https://neko.m1k1o.net/#/getting-started/?id=networking
from #/getting-started/networking
If you want to use n.eko in external network, you can omit NEKO_NAT1TO1. It will automatically get your Public IP.
Tried exactly this. Did not work. also tried these (verified on local ip, public ip, domain name):
setting NEKO_NAT1TO1: <my_public_ip>
(this made neko unusable/forever loading)
completely omitting it (as mentioned here) with the same outcome as # 1
omitting & adding NEKO_IPFETCH: http://checkip.amazonaws.com
(from here)
setting NEKO_NAT1TO1: <my_public_ip>
& adding NEKO_IPFETCH: https://checkip.amazonaws.com
Also tried pointing my nginx proxy manager to my public IP & opening port 8080
from #/getting-started/networking
If you want to use n.eko in external network, you can omit NEKO_NAT1TO1. It will automatically get your Public IP.
Tried exactly this. Did not work. also tried these (verified on local ip, public ip, domain name):
1. setting `NEKO_NAT1TO1: <my_public_ip>` (this made neko unusable/forever loading) 2. completely omitting it (as mentioned [here](https://neko.m1k1o.net/#/getting-started/?id=networking)) with the same outcome as **# 1** 3. omitting & adding `NEKO_IPFETCH: http://checkip.amazonaws.com` (from [here](https://neko.m1k1o.net/#/getting-started/configuration?id=neko_ipfetch)) 4. setting `NEKO_NAT1TO1: <my_public_ip>` & adding `NEKO_IPFETCH: https://checkip.amazonaws.com` 5. Also tried pointing my nginx proxy manager to my public IP & opening port `8080`
I had some issues getting it to work with NGINX Proxy because we have other stuff on the network forwarding to 8080. What I had to do was set a Port in the docker-compose file.
ports: (Just an example. Can be any port not being used) "1234:8080"
I set NEKO_ROOMS_NAT01=(My public ip) I set NEKO_ROOMS_INSTANCE_URL=https://subdomain.domain.com/ (Any domain if you want to use one. You can also use your outside ip https://outsideip/)
I then setup my router firewall to open the port I just used and assigned it to the local ip of the neko-room host.
Then in Nginx Proxy I set it up like in the photos below: https://i.imgur.com/Ylj16en.jpg https://i.imgur.com/Cs8suCg.jpg Note: I did setup an SSL (let's encrypt) as well because I am using a domain
Not sure if this will work for you but it's what got it working for me.
Check if you have properly forwarded ports using troubleshooting guide.
Also when specifying NEKO_UDPMUX
means, that NEKO_EPR
will not be used anymore. If you want to have EPR, remove MUX or vice versa. Or only way could be TCPMUX + EPR.
Going through troubleshooting guide
Validate UDP
Was successful
Running docker-compose logs neko | grep nat_ips
:
INF webrtc starting ephemeral_port_range=52000-52100 ice_lite=true ice_servers="[{URLs:[stun:stun.l.google.com:19302] Username: Credential:<nil> CredentialType:password}]" module=webrtc nat_ips=192.168.1.217
That's when I set NEKO_NAT1TO1
to my local IP 192.168.1.217
. And this makes the room function. I can locally access it & also through my domain while on the same network as the app.
But again, when I change NEKO_NAT1TO1
to my public IP or omit it & set NEKO_IPFETCH: https://ifconfig.co/ip
, it falls into a forever loading screen.
I'll try doing exactly what you did with neko-rooms
& get back. If all else fails, I'll rent a VPS & use the reverse proxy script & work backwards to see what I can figure out.
Hey I use Nginx reverse proxy manager too and here's what I've found.
I believe if you set neko_nat to your local IP then your friend won't be able to connect but you will be able to. If you set it to public IP, you won't be able to connect on the local network but your friend will be able to.
The solution here is to leave neko_nat alone so its set to your public IP. Turn on nat hairpinning on your router, then connect to your public ip with port on your web browser. That should work. So for you it would be public ip:8080.
Try it in a different browser too, it could be a cache issue (that isn't resolved in a private browsing window). I normally use Firefox but I tried it in Chrome and it worked fine in Chrome but didn't work in Firefox.
Ok so I managed to make it work (currently tested with one UDP port). I didn't think to try it 'cause every app I've hosted has never needed all ports be exposed to the world.
On my router, I had to expose the neko_bind
AND UDP ports on my router (before I only ever had port 80
& 443
exposed for nginx manager, with 10+ apps running)
Basically all that I changed:
In my compose, I manually set my public IP & used the aws service. Both worked.
NEKO_NAT1TO1: <MY_PUBLIC_IP> / https://checkip.amazonaws.com
In my router settings, I exposed both the default NEKO_BIND
port & the UDP port (NEKO_UDPMUX
) - both of these are ofcourse opened in the compose file.
And in NGX-PM, I couldn't use the service name
(neko
in my case), I had to set the local IP of that machine.
But I don't know how safe it is to keep it like this as I've always heard it's best not to do that.
You can forward NEKO_BIND
using proxy, and therefore adding HTTPS layer to your connection - this is the prefered solution. Only NEKO_UDPMUX
and/or NEKO_TCPMUX
need to be exposed for WebRTC. They are only used to multiplex connections from clients, secured by password that is exchanged using signaling protocol over HTTP(s).
You could use turn servers (either custom deployed in DMZ or bought as a service) to get rid of the ports.
Connection from proxy -> neko service can use local IP addresses. Only NEKO_NAT1TO1
needs public IP, and that is only needed for ports NEKO_UDPMUX
and NEKO_TCPMUX
or NEKO_EPR
.
You can forward
NEKO_BIND
using proxy, and therefore adding HTTPS....
Done. I've made the changes you've mentioned & left it at that. Currently working & trust it's safe enough. If it ever becomes a worry I'll try to look into the turn
servers. Thank you & Apuru for helping me stop drilling my nails into my head over this. No doubt I'll come back with another issue :D
Weirdly enough, it works when accessing on my local network through the domain. But when I gave it to a friend to join it came up with 'peer connecting failed'.
I had only port 80 & 443 forwarded to NGXPM to handle reverse proxying.
logs at the time: