turn-server-docker-image icon indicating copy to clipboard operation
turn-server-docker-image copied to clipboard

Published 20 hours ago verified publisher icon anastasiia-zolochevska

TURN ports are not published

Open boldt opened this issue 7 years ago • 2 comments

Hey Anastasia,

I'm using your docker image to run a stun/turn server for an WebRTC application. I'm starting your image as follows on my server/host (e.g., IP 1.2.3.4):

sudo docker run -d -p 3478:3478 -p 3478:3478/udp --name coturn --restart=always zolochevska/turn-server username password realm

netstat -tulpen on the host shows me, that's working:

$ netstat -tulpen
tcp6       0      0 :::3478                 :::*                    LISTEN      0          54938       4639/docker-proxy
tcp6       0      0 :::22                   :::*                    LISTEN      0          18123       1680/sshd       
udp6       0      0 :::3478                 :::*                                0          54991       4655/docker-proxy

Well, if WebRTC runs a turn request, I am getting a relay candidate (Chrome):

{"candidate":"candidate:3 1 UDP 92217087 1.2.3.4 54277 typ relay raddr 1.2.3.4 rport

Looking into netstat on the host, nothing changed. Thus I jumped into the container:

docker exec -it coturn /bin/bash

Running netstat -tulpen in the container (I installed the package net-tools), I see that the UDP port 54277 is bound inside the container:

$ netstat -tulpen
tcp        0      0 127.0.0.1:5766          0.0.0.0:*               LISTEN      0          55163       17/turnserver   
tcp        0      0 172.17.0.2:3478         0.0.0.0:*               LISTEN      0          55180       17/turnserver   
tcp        0      0 172.17.0.2:3478         0.0.0.0:*               LISTEN      0          55176       17/turnserver   
udp        0      0 172.17.0.2:54277        0.0.0.0:*                           0          58941       17/turnserver   
udp        0      0 172.17.0.2:3478         0.0.0.0:*                           0          55160       17/turnserver   
udp        0      0 172.17.0.2:3478         0.0.0.0:*                           0          55159       17/turnserver

Using 1.2.3.4 54277 fails, since the bound port is not exposed to the host.

Conclusion

The port range used by coturn to provide the TURN functionality must be exposed as well.

Possible Fix

Port range used by coturn: 49152-65535

Source: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L147

boldt avatar Jul 28 '17 14:07 boldt

The solution is to use publish instead of expose (just used between containers)

sudo docker run -d --restart=always --name coturn -p 3478:3478 -p 3478:3478/udp -p 49152-65535/udp zolochevska/turn-server username password realm

Thus has one downside: It takes a lot of memory (up to 16 GB!)

  • See: moby/moby#34328

Until that is fixed, I created a fork which opens just 100 ports (It can be configured as a fourth argument):

  • See https://github.com/boldt/turn-server-docker-image

boldt avatar Jul 31 '17 15:07 boldt

I am trying to run it on Azure and have the same issue with port, Do you have any idea? I cannot open more than 5 ports in Azure

ali-heydari-1989 avatar Apr 04 '20 12:04 ali-heydari-1989