-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduces installing coturn as turn server for jitsi-meet #4959
Conversation
Activates http2 on the nginx host and uses the alpn send with the web requests to multiplex traffic to be served as web of proxied to the turn server. It needs nginx at least v1.13.10. Adds turncredentials module from Philipp Hancke, with small modification (all int values for hosts need to be strings/tostring()) in order to be able to use the module with prosody 0.11.
debian/jitsi-meet-prosody.postinst
Outdated
db_get jitsi-meet-prosody/turn-secret | ||
if [ -z "$RET" ] ; then | ||
# 8-chars random secret used for the turnserver | ||
TURN_SECRET=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A bit simpler? cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1
config.js
Outdated
@@ -329,6 +329,7 @@ var config = { | |||
|
|||
// The STUN servers that will be used in the peer to peer connections | |||
stunServers: [ | |||
{ urls: 'stun:jitsi-meet.example.com:443' }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe comment this out so the install without turn doesn't have a bogus entry?
TURN_SECRET="$RET" | ||
|
||
if [ ! -f $TURN_CONFIG ] ; then | ||
PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
neat!
|
||
no-tcp | ||
listening-port=443 | ||
tls-listening-port=4444 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why are we listening in 3 ports?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So udp goes to 443 directly (stun).
Coturn itself listens on 4444 and that port is used by nginx (localhost:4444) when multiplexing traffic coming on tcp 443.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are some ports wrong here (and duplicated config listening-port), I'm currently testing clean install and fixing all those.
Tested clean install and it works. Two more PRs needed before merging this (new and old bridge). |
Tested and seems upgrade works just fine from unstable, will test and from stable. |
Note: to test let's encrypt and to fix jvb user changing its password if already exists ... |
af30cf2
to
84c8bff
Compare
There are cases where deployments can still have configured prosody in the main prosody config in /etc/prosody.
@@ -132,7 +132,7 @@ case "$1" in | |||
|
|||
# Check whether prosody config has the internal muc, if not add it, | |||
# as we are migrating configs | |||
if ! grep -q "internal.auth.$JVB_HOSTNAME" $PROSODY_HOST_CONFIG; then | |||
if [ -f $PROSODY_HOST_CONFIG ] && ! grep -q "internal.auth.$JVB_HOSTNAME" $PROSODY_HOST_CONFIG; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you want to quote the string "$PROSODY_HOST_CONFIG" in case there's spaces or anything else.
* Adds package that can configure using turnserver for jitsi-meet. Activates http2 on the nginx host and uses the alpn send with the web requests to multiplex traffic to be served as web of proxied to the turn server. It needs nginx at least v1.13.10. Adds turncredentials module from Philipp Hancke, with small modification (all int values for hosts need to be strings/tostring()) in order to be able to use the module with prosody 0.11. * Moves loading of stream after loading stream module (50-..). * Leaves DISABLE_TCP_HARVESTER to be handled by jvb. * Fixes comments. * Properly detect first time coturn install and configure it. * Handles upgrading from jetty serving web. * Does not create jvb user if already exists. * Fixes let's encrypt and adds turnserver handling. * Enables use of turn server in config.js if available. * Adds a check whether prosody config exists. There are cases where deployments can still have configured prosody in the main prosody config in /etc/prosody.
Still WIP, need to test debian clean installation and upgrades. After merging this we can add it to jitsi-meet-debian-meta to be installed by default.
This is based on the previous PR which is still not merged and will rebase once that is done as it depends on jicofo and jvb PRs.