diff --git a/docs/host-your-own.md b/docs/host-your-own.md index 3e4cba6..603c132 100644 --- a/docs/host-your-own.md +++ b/docs/host-your-own.md @@ -402,10 +402,12 @@ Now point your browser to `http://localhost:8080`. # Coturn ## docker-compose -- copy `docker-compose-coturn_example.yml` to `docker-compose-coturn.yml` +- copy your ssl-certificates and privkey to `./letsencrypt` and `chown -R nobody:nogroup ./letsencrypt` +- create a dh-params file with `openssl dhparam -out coturn-dhparams.pem 4096` - copy `rtc_config_example-coturn.json` to `rtc_config.json` - copy `turnserver_example.conf` to `turnserver.conf` -- change in all three files to the domain, where your pairdrop is running +- change in all 2 files to the domain, where your pairdrop is running +- setup another domain for the turn-server if you want coturn listening on port 443 too. (Only then, it is needed) - change user and password for turn-server in `turnserver.conf` and `rtc-config.json` - To start the container including coturn run `docker-compose -f docker-compose-coturn.yml up -d` - To restart the container including coturn run `docker-compose -f docker-compose-coturn.yml restart` @@ -417,6 +419,44 @@ To run PairDrop including its own coturn-server you need to punch holes in the f - 5349 tcp/udp - 10000:20000 tcp/udp +## Coturn listens also on port 443 +### nginx +If you want coturn listening von port 443, to avoid firewall-problems, you have to create a ssl-stream-redirection. Because nginx is +listening on port 443 to serve pairdrop (and all other websites on this host) ssl-secured. + +Create a file `/etc/nginx/modules-available/coturn-stream.conf` and link it to `/etc/nginx/modules-enabled/90-coturn-stream.conf` +Content: +``` +stream { + map $ssl_preread_server_name $name { + turn_server; + default url_backend; + } + + upstream url_backend { + server 127.0.0.1:4444; + } + + upstream turn_server { + server :5349; + } + + server { + listen 443; + listen 443 udp; + listen [::]:443; + listen [::]:443 udp; + ssl_preread on; + proxy_pass $name; + proxy_buffer_size 10m; + } +} +``` +And then you have to change in EVERY site-config EVERY https-listening port from 443 to 4444. +Test and reload nginx `nginx -t && nginx -s reload` + +Now your websites should be availeable again, and coturn also listens on :443. The stream for coturn is redirected to :5349. + ## Testing PWA related features PWAs require that the app is served under a correctly set up and trusted TLS endpoint.