add infos about nginx to stream also coturn turns

This commit is contained in:
Jakobus Schürz 2023-04-24 00:40:36 +02:00
parent bcfe5b711d
commit 7d355092a0

View file

@ -402,10 +402,12 @@ Now point your browser to `http://localhost:8080`.
# Coturn
## docker-compose
- copy `docker-compose-coturn_example.yml` to `docker-compose-coturn.yml`
- copy your ssl-certificates and privkey to `./letsencrypt` and `chown -R nobody:nogroup ./letsencrypt`
- create a dh-params file with `openssl dhparam -out coturn-dhparams.pem 4096`
- copy `rtc_config_example-coturn.json` to `rtc_config.json`
- copy `turnserver_example.conf` to `turnserver.conf`
- change <DOMAIN> in all three files to the domain, where your pairdrop is running
- change <DOMAIN> in all 2 files to the domain, where your pairdrop is running
- setup another domain <TURN-DOMAIN> for the turn-server if you want coturn listening on port 443 too. (Only then, it is needed)
- change user and password for turn-server in `turnserver.conf` and `rtc-config.json`
- To start the container including coturn run `docker-compose -f docker-compose-coturn.yml up -d`
- To restart the container including coturn run `docker-compose -f docker-compose-coturn.yml restart`
@ -417,6 +419,44 @@ To run PairDrop including its own coturn-server you need to punch holes in the f
- 5349 tcp/udp
- 10000:20000 tcp/udp
## Coturn listens also on port 443
### nginx
If you want coturn listening von port 443, to avoid firewall-problems, you have to create a ssl-stream-redirection. Because nginx is
listening on port 443 to serve pairdrop (and all other websites on this host) ssl-secured.
Create a file `/etc/nginx/modules-available/coturn-stream.conf` and link it to `/etc/nginx/modules-enabled/90-coturn-stream.conf`
Content:
```
stream {
map $ssl_preread_server_name $name {
<TURN-DOMAIN> turn_server;
default url_backend;
}
upstream url_backend {
server 127.0.0.1:4444;
}
upstream turn_server {
server <IP-ADDRESS>:5349;
}
server {
listen 443;
listen 443 udp;
listen [::]:443;
listen [::]:443 udp;
ssl_preread on;
proxy_pass $name;
proxy_buffer_size 10m;
}
}
```
And then you have to change in EVERY site-config EVERY https-listening port from 443 to 4444.
Test and reload nginx `nginx -t && nginx -s reload`
Now your websites should be availeable again, and coturn also listens on <TURN-DOMAIN>:443. The stream for coturn is redirected to <IP-ADDRESS>:5349.
## Testing PWA related features
PWAs require that the app is served under a correctly set up and trusted TLS endpoint.