docker-jitsi-meet
docker-jitsi-meet copied to clipboard
jitsi
Coturn
Based on PR163 from netaskd : https://github.com/jitsi/docker-jitsi-meet/pull/163/
-
Fix prosody configuration -
Fix web configuration -
Fix name : turn => coturn -
Update README.md
Oh, great. Maybe this has a better chance to succeed than the previous PR!
Really hope this one will be merged. We will be testing this on our infrastructure ASAP and let u know
I have two questions about this PR.
First, why aren't we adding the turncredentials and turncredentials_secret to jitsi-meet.cfg.lua?, I do not see how mod_turncredentials could work without this.
Second, is out of the scope of this PR implementing some kind of multiplexing base on dns (or protocol) so the turn can work with firewalls that only allow 80 and 443? I'm talking about sth like https://jitsi.github.io/handbook/docs/devops-guide/turn#use-turn-server-on-port-443
I have two questions about this PR.
First, why aren't we adding the turncredentials and turncredentials_secret to jitsi-meet.cfg.lua?, I do not see how mod_turncredentials could work without this.
Well this way it works, but maybe possible to make it work in another way, I didn't test.
Second, is out of the scope of this PR implementing some kind of multiplexing base on dns (or protocol) so the turn can work with firewalls that only allow 80 and 443? I'm talking about sth like https://jitsi.github.io/handbook/docs/devops-guide/turn#use-turn-server-on-port-443
I miss this, very interresting. Some work to do to implement.
About the dns multiplexing. I had to update nginx in the web container for ssl_preread_module to work. Executing this in the container should be enough:
#/bin/sh apt install -y wget echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx deb-src http://nginx.org/packages/mainline/debian/ stretch nginx" > /etc/apt/sources.list.d/nginx.list wget -qO - https://nginx.org/keys/nginx_signing.key | apt-key add - apt update; apt install -y nginx" >> test.sh
Then something activate it with something like this in nginx.conf
stream { map $ssl_preread_server_name $name { ${subdomain}.${domain} web_backend; turn.${subdomain}.${domain} turn_backend; } upstream web_backend { server 127.0.0.1:4444; } upstream turn_backend { server 127.0.0.1:5349; } server { listen 443; listen [::]:443; # since 1.11.5 ssl_preread on; proxy_pass $name; # Increase buffer to serve video proxy_buffer_size 10m; } }
And change default so the web nginx listens at 4444 instead of 443
Could you implement it based on this PR ? #163 seems to old from now...
I'll certainly try but unfortunately in the short term I'm too busy to dedicate enough time to it :(
@saghul : when TURN will be merged, ENABLE_STUN_TURN need be false by default
when TURN will be merged, ENABLE_STUN_TURN need be false by default
No way. Why do you think that is the case?
when TURN will be merged, ENABLE_STUN_TURN need be false by default
No way. Why do you think that is the case?
My bad, I'm rebasing this PR and indeed, it is not the case.
Sure thing! I just need to find the time to properly test it, which I haven't managed to do yet. Btw, did you add Let's Encrypt support to the TURN setup?
Hi,
We have faced many situations with only 80 and 443 ports allowed, so we followed this guide[0] with nginx in front of containers. Now we are trying to put nginx stream configuration in web container but there would be invasive changes on .env. There should be a correlation between TURN_PORT and HTTPS_PORT or maybe adding another variable. Are you going to consider to have turn listening possibly on 443/tcp?
[0]https://jitsi.github.io/handbook/docs/devops-guide/turn
Hi,
We have faced many situations with only 80 and 443 ports allowed, so we followed this guide[0] with nginx in front of containers. Now we are trying to put nginx stream configuration in web container but there would be invasive changes on .env. There should be a correlation between TURN_PORT and HTTPS_PORT or maybe adding another variable. Are you going to consider to have turn listening possibly on 443/tcp?
[0]https://jitsi.github.io/handbook/docs/devops-guide/turn
I considere that turn run in another port that the one use by jisti-meet web. If someone can implement nginx configuration to handle both turn/web that will be perfect.
Sure thing! I just need to find the time to properly test it, which I haven't managed to do yet. Btw, did you add Let's Encrypt support to the TURN setup?
Done
I considere that turn run in another port that the one use by jisti-meet web. If someone can implement nginx configuration to handle both turn/web that will be perfect.
OK. I can work on it. I assume that if TURN_PORT is set as 443, turn container will bind 5349 (default port) on host and web container will bind 443 and HTTPS_PORT (set different from 443) on host.
I considere that turn run in another port that the one use by jisti-meet web. If someone can implement nginx configuration to handle both turn/web that will be perfect.
OK. I can work on it. I assume that if TURN_PORT is set as 443, turn container will bind 5349 (default port) on host and web container will bind 443 and HTTPS_PORT (set different from 443) on host.
@nestorconde (see earlier msg) post about handle web and coturn on the same nginx and so same port https://github.com/jitsi/docker-jitsi-meet/pull/163
@saghul is there something I can do to help merge it
Long awaited PR, I always hope it is merged asap. But maybe Jitsi team forget it now.
A couple of quick observations:
- Don't use Alpine, use our base Debian image please (this is non-negotiable)
- Use a different domain for Let's Encrypt, and SNI on the web container to direct traffic at the TURN server, so we can run it on port 443.
I've started out work on the Let's Encrypt part with the attached patch file. Unfortunately I don't quite understand all the details reading the docs. Especially the prosody configuration and let's encrypt hook. I'll add what else I spot via review.
0001-Add-TURN-configuration-to-web-container.txt
Hope this is of any help.
