Introduces installing coturn as turn server for jitsi-meet #4959
Conversation
Activates http2 on the nginx host and uses the alpn send with the web requests to multiplex traffic to be served as web of proxied to the turn server. It needs nginx at least v1.13.10. Adds turncredentials module from Philipp Hancke, with small modification (all int values for hosts need to be strings/tostring()) in order to be able to use the module with prosody 0.11.
debian/jitsi-meet-prosody.postinst
Outdated
| db_get jitsi-meet-prosody/turn-secret | ||
| if [ -z "$RET" ] ; then | ||
| # 8-chars random secret used for the turnserver | ||
| TURN_SECRET=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'` |
There was a problem hiding this comment.
A bit simpler? cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1
config.js
Outdated
| @@ -329,6 +329,7 @@ var config = { | |||
|
|
|||
| // The STUN servers that will be used in the peer to peer connections | |||
| stunServers: [ | |||
| { urls: 'stun:jitsi-meet.example.com:443' }, | |||
There was a problem hiding this comment.
maybe comment this out so the install without turn doesn't have a bogus entry?
| TURN_SECRET="$RET" | ||
|
|
||
| if [ ! -f $TURN_CONFIG ] ; then | ||
| PUBLIC_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) |
|
|
||
| no-tcp | ||
| listening-port=443 | ||
| tls-listening-port=4444 |
There was a problem hiding this comment.
So udp goes to 443 directly (stun).
Coturn itself listens on 4444 and that port is used by nginx (localhost:4444) when multiplexing traffic coming on tcp 443.
There was a problem hiding this comment.
There are some ports wrong here (and duplicated config listening-port), I'm currently testing clean install and fixing all those.
|
Tested clean install and it works. Two more PRs needed before merging this (new and old bridge). |
|
Tested and seems upgrade works just fine from unstable, will test and from stable. |
|
Note: to test let's encrypt and to fix jvb user changing its password if already exists ... |
damencho
force-pushed
the
coturn-dep
branch
5 times, most recently
from
af30cf2
to
84c8bff
Compare
There are cases where deployments can still have configured prosody in the main prosody config in /etc/prosody.
| @@ -132,7 +132,7 @@ case "$1" in | |||
|
|
|||
| # Check whether prosody config has the internal muc, if not add it, | |||
| # as we are migrating configs | |||
| if ! grep -q "internal.auth.$JVB_HOSTNAME" $PROSODY_HOST_CONFIG; then | |||
| if [ -f $PROSODY_HOST_CONFIG ] && ! grep -q "internal.auth.$JVB_HOSTNAME" $PROSODY_HOST_CONFIG; then | |||
There was a problem hiding this comment.
I think you want to quote the string "$PROSODY_HOST_CONFIG" in case there's spaces or anything else.
* Adds package that can configure using turnserver for jitsi-meet. Activates http2 on the nginx host and uses the alpn send with the web requests to multiplex traffic to be served as web of proxied to the turn server. It needs nginx at least v1.13.10. Adds turncredentials module from Philipp Hancke, with small modification (all int values for hosts need to be strings/tostring()) in order to be able to use the module with prosody 0.11. * Moves loading of stream after loading stream module (50-..). * Leaves DISABLE_TCP_HARVESTER to be handled by jvb. * Fixes comments. * Properly detect first time coturn install and configure it. * Handles upgrading from jetty serving web. * Does not create jvb user if already exists. * Fixes let's encrypt and adds turnserver handling. * Enables use of turn server in config.js if available. * Adds a check whether prosody config exists. There are cases where deployments can still have configured prosody in the main prosody config in /etc/prosody.
Still WIP, need to test debian clean installation and upgrades. After merging this we can add it to jitsi-meet-debian-meta to be installed by default.
This is based on the previous PR which is still not merged and will rebase once that is done as it depends on jicofo and jvb PRs.