docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon bigbluebutton

Add --listening-ip to coturn command

Open matthijskooijman opened this issue 4 months ago • 2 comments

This ensures that coturn only listens on our external IP addresses, instead of listening on all interfaces, including internal docker-only interfaces. This prevents issues on some setups, where binding errors are produced, e.g.:

coturn-1                  | bind: Address not available
coturn-1                  | bind: Address not available
coturn-1                  | Cannot bind local socket to addr: Address not available
coturn-1                  | bind: Address not available
coturn-1                  | Cannot bind local socket to addr: Address not available
coturn-1                  | Cannot bind local socket to addr: Address not available
coturn-1                  | bind: Address not available
coturn-1                  | Cannot bind local socket to addr: Address not available
coturn-1                  | bind: Address not available
coturn-1                  | Cannot bind local socket to addr: Address not available
coturn-1                  | 0: (14): INFO: Trying to bind TLS/TCP listener socket to addr [fd00:dead:beef::1]:3478, again...
coturn-1                  | 0: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr [fd00:dead:beef::1]:3478
coturn-1                  | 0: (1): INFO: Trying to bind DTLS/UDP listener socket to addr [fd00:dead:beef::1]:3478, again...
coturn-1                  | 0: (15): INFO: Trying to bind TLS/TCP listener socket to addr [fd00:dead:beef::1]:3478, again...
coturn-1                  | 0: (17): WARNING: Trying to bind fd 99 to <[fd00:dead:beef::1]:3478>: errno=99
coturn-1                  | 0: (17): WARNING: Cannot bind TLS/TCP listener socket to addr [fd00:dead:beef::1]:3478
coturn-1                  | 0: (17): INFO: Trying to bind TLS/TCP listener socket to addr [fd00:dead:beef::1]:3478, again...
coturn-1                  | 0: (16): WARNING: Trying to bind fd 153 to <[fd00:dead:beef::1]:3478>: errno=99
coturn-1                  | 0: (16): WARNING: Cannot bind TLS/TCP listener socket to addr [fd00:dead:beef::1]:3478
coturn-1                  | 0: (16): INFO: Trying to bind TLS/TCP listener socket to addr [fd00:dead:beef::1]:3478, again...
coturn-1                  | 0: (14): WARNING: Trying to bind fd 124 to <[fd00:dead:beef::1]:3478>: errno=99
coturn-1                  | 0: (15): WARNING: Trying to bind fd 115 to <[fd00:dead:beef::1]:3478>: errno=99

Using the external address as the listening address should work in most setups. For servers behind a NAT, this will fail to start coturn, since the external address is not available. To support those usecases, two new variables (TURN_LISTENING_ADDRESS_IPv4 and TURN_LISTENING_ADDRESS_IPv6) were added that can be set to override the listening address.

matthijskooijman avatar Sep 15 '25 10:09 matthijskooijman

I've not been able to test if coturn still works after applying this commit. It starts and log output looks good, but I am not sure how to check that my client is actually using STUN/TURN when doing a conference call. Any suggestions on where to look?

I also do not have any way to test the server-behind-NAT usecase, but I guess that case is rare anyway.

matthijskooijman avatar Sep 15 '25 10:09 matthijskooijman

As extra rationale for this change: The BBB docs also document using listening-ip for older versions: https://docs.bigbluebutton.org/administration/turn-server/ and the current bbb-install script also uses it: https://github.com/bigbluebutton/bbb-install/blob/4092ceccc9748e964249702f21362c48e8148d8e/bbb-install.sh#L1760

matthijskooijman avatar Sep 15 '25 10:09 matthijskooijman