Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nextcloud with Coturn and Nginx Reverse Proxy #1435

Open
AlbiRadtke opened this issue Feb 17, 2024 · 4 comments
Open

Nextcloud with Coturn and Nginx Reverse Proxy #1435

AlbiRadtke opened this issue Feb 17, 2024 · 4 comments

Comments

@AlbiRadtke
Copy link

My configuration is pretty similar to the problem here #702. Unfortunately, the solution does not work for me for some inexplicable reason

I have Nginx as a reverse proxy on web server A, the Coturn server on web server B
Via stream I also manage the forwarding to the coturn server, so that Nextcloud confirms the connection. But no telephony or video telephony traffic arrives at the coturn server.

Config Nginx:

stream {
        server {
                listen 5720 ssl;

                ssl_certificate             /etc/letsencrypt/live/turn.url/fullchain.pem;
                ssl_certificate_key         /etc/letsencrypt/live/turn.ulr/privkey.pem;
                ssl_dhparam                 /etc/letsencrypt/ssl-dhparams.pem;

                ssl_protocols               TLSv1.2 TLSv1.3;
                ssl_prefer_server_ciphers   on;

                ssl_session_timeout         4h;
                ssl_session_tickets         on;

                proxy_ssl                   off;
                proxy_pass                  192.168.xxx.xxx:3478;
        }
}

Config turnserver.conf

realm=turn.url
server-name=turnserver
fingerprint
total-quota=100
bps-capacity=0
stale-nonce=600
no-multicast-peers
listening-ip=0.0.0.0
external-ip=192.168.xxx.xxx
syslog
verbose
use-auth-secret
static-auth-secret=my_secret
cli-password=myclipw

# SSL certificates
cert=/etc/letsencrypt/live/turn.url/cert.pem
pkey=/etc/letsencrypt/live/turn.url/privkey.pem

# for TURN over TLS, which can bypass firewalls
#tls-listening-port=5720
listening-port=3478
min-port=39500
max-port=39700

Fritzbox ports to/from reverseproxy:
HTTP: 80
HTTPS: 443
HTTPS: 5720
(39500-39700 UDP) Tested, no success

Fritzbox ports to/from turnserver:
39500-39700 UDP Tested, no success

I hope one of you can help me?
Many thanks in advance! :)
@AlbiRadtke
Copy link
Author

Does anyone has an idea? Thank you very much! :)

@AlbiRadtke
Copy link
Author

@tyranron or @eakraly:
Do any of you have any ideas or know someone I can turn to?

Many thanks in advance! :)

@jonesmz
Copy link
Contributor

jonesmz commented Mar 17, 2024

have you asked nginx support? if the traffic doesn't reach the coturn process, then there's not much coturn devs can do to help out unless they're also nginx experts.

@eakraly
Copy link
Collaborator

eakraly commented Mar 18, 2024
edited

Hi @AlbiRadtke
Using nginx in front of coturn adds a lot of complexity if not making it impossible (UDP for example)

As @jonesmz suggested you will need help from nginx experts - what you are missing is proxy (see --tcp-proxy-port option for turnserver). I think that can address your problem (though it works for TCP only)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jonesmz @eakraly @AlbiRadtke