Closed JobberRT closed 2 years ago
@JobberRT your problem is that you are using http
to connect from nginx to mumble-server.
I think it will help more if you provide minimal configs for nginx and mumble.
Nevertheless there are some options.
stream
without SSL termination.stream
and terminate SSL encryption.Check this docs https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/. Though I'm not sure if the required function are present in open source version.
@vitoyucepi Yes, I' trying to use http
to mumble cause I think http
is also a TCP package.
BTW, I just gave up, I expose the port to the public, and everything works~ Thanks for helping!
@JobberRT you could also publish both tcp and udp ports using docker.
For some reason I've never tried to strip ssl in nginx for mumble, because I've found a way to properly rotate LE certs in docker container without restarting mumble process.
The issue
My situation is that, I deploy mumble inside a docker container, mount the TLS key and cert(for mumble and for nginx) to the container, and expose its
64738
port to the host's10004
. Then I use a nginx as a reserve proxy for it, Nginx'smumble.XXX.com
reserve tolocalhost:10004
. But after few attemps, I still can't figure how to achieve this.My network to mumble is good and I don't need that kind of low latency or performance that UDP brings, TCP is enough to me.
Here's why I do or need this
crontab
Here's my problem:
host
inmurmur.ini or mumble-server.ini
to0.0.0.0
to make it start. If I set tomumble.XXX.com
, since its DNS points to my host's public IP, and mumble-server is in the container, so it shows the erroraddress XXX.XXX.XXX.XXX:64738 not reachable
.this server is using an older encryption standard
, I will put my log, container'sopenssl
version, nginx'sssl_protocols
below.64738
and expose it to the host's10004
(see logs), since mumble doesn't know it's in a container, and it will look formumble.XXX.com
for IP(which is my host's public IP) and use the port64738
in the config file to connect. And because on the host onlylocalhost:10004
will be used by nginx, so it showsConnection failed, please make sure your server is publicly reachable.
Any idea that can help me deploy my mumble-server inside the container with nginx reserve proxy to it, and have TLS enabled at the same time?
Mumble version
Server: 1.5.0(from log) Client: 1.4.230
Mumble component
Both
OS
Linux, Windows
Additional information
Mumble's log
Nginx's config:
ssl_protocols TLSv1.2 TLSv1.3;