Masui Masanori
Posted on September 2, 2022
Intro
I will try run coTurn behind Nginx like my WebRTC application with reverse proxy.
Wireshark
Install Wireshark to see if the specified port is accessed with the specified protocol (TCP or UDP).
sudo apt install wireshark
Because my account haven't had a permission to access "/usr/bin/dumpcap" by default, I couldn't start capturing.
sudo chmod +x /usr/bin/dumpcap
Load balancer
According this issue comments, I can run coTurn behind Nginx by a load balancing function of Nginx.
Before I edit nginx.conf, I added local domains into "/etc/hosts".
192.168.XX.YYY local-webrtc.jp
192.168.XX.YYY local-turn.jp
And Combine UDP and TCP listening ports into one in the turnserver.conf of coTurn.
turnserver.conf
...
# TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
#
listening-port=3478
# TURN listener port for TLS (Default: 5349).
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
# port(s), too - if allowed by configuration. The TURN server
# "automatically" recognizes the type of traffic. Actually, two listening
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
# functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs.
# For secure TCP connections, Coturn currently supports
# TLS version 1.0, 1.1 and 1.2.
# For secure UDP connections, Coturn supports DTLS version 1.
#
#tls-listening-port=5349
...
nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
map $ssl_preread_server_name $name {
local-webrtc.jp url_backend;
local-turn.jp turn_server;
}
upstream url_backend {
server 127.0.0.1:4444;
}
upstream turn_server {
server 192.168.XX.YYY:3478;
}
server {
listen 443;
ssl_preread on;
proxy_pass $name;
proxy_buffer_size 10m;
}
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
webrtcapp.conf
map $http_origin $cors {
'http://localhost:8080' $http_origin;
'https://127.0.0.1:4444' $http_origin;
'https://local-webrtc.jp:443' $http_origin;
}
...
server {
listen 4444 ssl;
server_name localhost;
...
}
Because 443 port is shared by the Web application and coTurn, TCP protocol is used for communication with coTurn,
Posted on September 2, 2022
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.