search

openmeetings / openmeetings-docker

Docker image for OM
Apache License 2.0
110 stars 57 forks source link

udp communication filtered by docker (kurento udp streams) #29

Closed ffrouin closed 4 years ago

ffrouin commented 4 years ago

Hello,

I'm trying to run the openmeetings container on a public server : docker run -d --name openmeetings --expose=5443 --expose=8888 -p 5443:5443 -p 8888:8888 apache/openmeetings:5.0.0-M4

Yet, it looks like DOCKER only forward TCP packets : Chain DOCKER (1 references) target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:8888 ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:5443

When I go into a room in end user interface, I can see the kurento session is not able to start normally. It just reset constantly.

I've got a working turn server and published public IP in /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini

It is not clear to me the UDP port range that will be used by Kurento Media Server for communications. I can see in /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini it could be 50000-55000 ?

You can try the service to see what happen, you can log in with a google for facebook account : https://openmeetings.linuxtribe.fr

So if you have any advices that could help to fix this, it would be nice.

Thanks, Best Regards, Freddy.

ffrouin commented 4 years ago

I finally set min and max port to 50000-55000 in /etc/kurento/modules/kurento/BaseRtpEndpoint.conf.ini.

From my own testing it only works if TCP communications are allowed for src and dst range 50000-55000. In this case, I can see drop on UDP packets but the kurento session is working as expected with TURN NAT traversal.

Any time I allow the UDP stream for src and dst range 50000-55000 it looks to make TURN NAT traversal inefficient. The kurento server does not seem to received any data from clients.

Then, taking a look to kurento error logs, I created this : mkdir -p /nonexistent/.cache/gstreamer-1.5/ chown nobody /nonexistent/.cache/gstreamer-1.5/

kurento media server created the registry.x86_64.bin file after it starts... I don't know what it is used for.

and maybe we could do a chown nobody to /var/lib/kurento as it runs with the nobody user and not the kurento one. Yet, it looks like it does not record anything in /var/lib/kurento when it's called from openmeetings.

solomax commented 4 years ago

Hello @ffrouin,

do you think it worth to add 

mkdir -p /nonexistent/.cache/gstreamer-1.5/
chown nobody /nonexistent/.cache/gstreamer-1.5/

to the scripts? could you create PR? :))

ffrouin commented 4 years ago

Hello,

I'm sorry I miss time to do it and I don't know as well if this is really relevant.

I'm an end-user of openmeetings, I miss free time to collaborate on the project, but I can point out what I see to make my instance working...

Best Regards, Freddy.

solomax commented 4 years ago

Required lines were added in https://github.com/openmeetings/openmeetings-docker/commit/891748a51506c41621654c5edc8856a7a900f872