Run coTurn behind Nginx

masanori_msl

Masui Masanori

Posted on September 2, 2022

Run coTurn behind Nginx

Intro

I will try run coTurn behind Nginx like my WebRTC application with reverse proxy.

Wireshark

Install Wireshark to see if the specified port is accessed with the specified protocol (TCP or UDP).



sudo apt install wireshark


Enter fullscreen mode Exit fullscreen mode

Because my account haven't had a permission to access "/usr/bin/dumpcap" by default, I couldn't start capturing.

Image description



sudo chmod +x /usr/bin/dumpcap


Enter fullscreen mode Exit fullscreen mode

Load balancer

According this issue comments, I can run coTurn behind Nginx by a load balancing function of Nginx.

Before I edit nginx.conf, I added local domains into "/etc/hosts".



192.168.XX.YYY local-webrtc.jp
192.168.XX.YYY local-turn.jp


Enter fullscreen mode Exit fullscreen mode

And Combine UDP and TCP listening ports into one in the turnserver.conf of coTurn.

turnserver.conf



...
# TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
#
listening-port=3478

# TURN listener port for TLS (Default: 5349).
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
# port(s), too - if allowed by configuration. The TURN server
# "automatically" recognizes the type of traffic. Actually, two listening
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
# functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs.
# For secure TCP connections, Coturn currently supports
# TLS version 1.0, 1.1 and 1.2.
# For secure UDP connections, Coturn supports DTLS version 1.
#
#tls-listening-port=5349
...


Enter fullscreen mode Exit fullscreen mode

nginx.conf



user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}
stream {
    map $ssl_preread_server_name $name {
        local-webrtc.jp url_backend;
        local-turn.jp turn_server;
    }
    upstream url_backend {
        server 127.0.0.1:4444;
    }

    upstream turn_server {
        server 192.168.XX.YYY:3478;
    }
    server {
        listen 443;
        ssl_preread on;
        proxy_pass $name;
        proxy_buffer_size 10m;
    }
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    include /etc/nginx/conf.d/*.conf;
}


Enter fullscreen mode Exit fullscreen mode

webrtcapp.conf



map $http_origin $cors {
    'http://localhost:8080' $http_origin;
    'https://127.0.0.1:4444' $http_origin;
    'https://local-webrtc.jp:443' $http_origin;
}
...
server {
    listen 4444 ssl;
    server_name localhost;
...
}


Enter fullscreen mode Exit fullscreen mode

Because 443 port is shared by the Web application and coTurn, TCP protocol is used for communication with coTurn,

💖 💪 🙅 🚩
masanori_msl
Masui Masanori

Posted on September 2, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Run coTurn behind Nginx
coturn Run coTurn behind Nginx

September 2, 2022