team-container icon indicating copy to clipboard operation
team-container copied to clipboard

Published 20 hours ago verified publisher icon ct-Open-Source

Which STUN-Servers does Jitsi use?

Open chjohn22 opened this issue 4 years ago • 10 comments

Sadly Jitsi uses Googles STUN-Servers by default. Do you know if this containerized version of Jitsi replaced them with more privacy respecting ones?

For example: stun.nextcloud.com:443 stun.stunprotocol.org:3478 stun.services.mozilla.com:3478

chjohn22 avatar Apr 14 '20 17:04 chjohn22

By default we are using the Google servers. But I can add a parameter to values.yaml so you would be free to change them. If you want to change them manually: deploy_jvb.yaml (line 52).

jamct avatar Apr 14 '20 17:04 jamct

This would be a great enhancement! I changed the entries in the template-file and it works like a charm, thanks! Edit: I manually set up a STUN-Server with coturn on a different VPS this weekend, the proposed inclusion of coturn in a container would be favorable to reduce the amount of manual configuration needed.

chjohn22 avatar Apr 14 '20 17:04 chjohn22

Why not adding a coturn STUN/TURN server to the whole setup (usable for jitsi and NC Talk)? At best you could then easily configure that you want to use coturn and it would set up the respective container and configure the others to use it. This would allow to keep things really "local" without hidden external dependencies (as to google, etc.), which people would not expect after reading the article.

janklostermann avatar Apr 20 '20 14:04 janklostermann

@janklostermann Nice idea. I will have a look at STUN/TURN implementations.

jamct avatar Apr 20 '20 14:04 jamct

I added a new branch to test the new feature: Custom STUN servers. Check out branch feature-custom-stun.

You can add custom STUN servers in values.yaml:

stun:
  server: yourserver:port,secondserver:port

@janklostermann and @chjohn22 Please test and give feedback.

I'm still working on a self hosted STUN server.

jamct avatar Apr 22 '20 16:04 jamct

Thanks, I will test it soon when I have some time for it. Some days ago, Mike Kuketz posted some other privacy related settings on his microblog: See https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/ Especially the removal of Gravatar and the change of the Logging-Level from INFO to WARNING could be included easily.

chjohn22 avatar Apr 23 '20 10:04 chjohn22

https://decatec.de/home-server/nextcloud-talk-mit-eigenem-turn-server-coturn/ might be helpful for a COTURN solution as self-hosted STUN server. There is a dockerized version of coturn available, too: https://github.com/coturn/coturn/tree/master/docker

janklostermann avatar Apr 23 '20 11:04 janklostermann

coturn would help Nextcloud Talk too...

ghost avatar Apr 24 '20 23:04 ghost

@janklostermann Do you know how to install coturn on the same VPS as team-container?

chjohn22 avatar Jun 10 '20 09:06 chjohn22

I'm working on a team-coturn integration - but honestly the coturn package is very small and the setup is easy... just install it (Debian/Ubuntu: apt-get install coturn) and edit the config:

# /etc/turnserver.conf:
listening-port=3478
fingerprint
no-tcp-relay
realm=your.coturnserver.name
use-auth-secret
static-auth-secret=# generate it with: pwgen -s 64 1 | base64 -w0
user-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers

ghost avatar Jun 11 '20 22:06 ghost