Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More detailed information about docker compose #411

Open
masterxq opened this issue Jan 27, 2023 · 5 comments
Open

More detailed information about docker compose #411

masterxq opened this issue Jan 27, 2023 · 5 comments

Comments

@masterxq
Copy link

It could be nice if the README would contain more detailed information about how-to use docker compose with this project.

At least I think I am not using it like as intended. I always run into other issues, and I think more that 50% are not because the software is broken, but because it hard to use it as intended without documentation.

Thank you!

@Emporea
Copy link

Emporea commented Apr 21, 2023

same problem.

I want to deploy it into this setup:

version: "3.9"

services:
  nextcloud_redis:
    container_name: nextcloud_redis
    image: redis:alpine
    environment:
      - TZ=${TIMEZONE}
    restart: unless-stopped
    tmpfs:
      - /var/lib/redis

  nextcloud_db:
    container_name: nextcloud_db
    build: ./mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    environment:
      - TZ=${TIMEZONE}
      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
      - MYSQL_DATABASE=${NEXTCLOUD_DB_DATABASE}
      - MYSQL_USER=${NEXTCLOUD_DB_USER}
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    restart: unless-stopped
    volumes:
      - nextcloud_db:/var/lib/mysql

  nextcloud_app:
    container_name: nextcloud_app
    build: ./nextcloud/app
    environment:
      - TZ=${TIMEZONE}
      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
      - MYSQL_DATABASE=${NEXTCLOUD_DB_DATABASE}
      - MYSQL_USER=${NEXTCLOUD_DB_USER}
      - MYSQL_HOST=nextcloud_db
      - REDIS_HOST=nextcloud_redis
    restart: unless-stopped
    volumes:
      - nextcloud:/var/www/html

  nextcloud_web:
    container_name: nextcloud_web
    build: ./nextcloud/web
    environment:
      - TZ=${TIMEZONE}
      - VIRTUAL_HOST=${NEXTCLOUD_WEB_HOST}
      - LETSENCRYPT_HOST=${NEXTCLOUD_WEB_HOST}
    restart: unless-stopped
    volumes:
      - nextcloud:/var/www/html:ro

  nextcloud_cron:
    container_name: nextcloud_cron
    build: ./nextcloud/app
    entrypoint: /cron.sh
    environment:
      - TZ=${TIMEZONE}
    restart: unless-stopped
    volumes:
      - nextcloud:/var/www/html

  proxy_nginx:
    container_name: proxy_nginx
    build: ./proxy_nginx
    environment:
      - TZ=${TIMEZONE}
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - proxy_nginx_conf:/etc/nginx/conf.d
      - proxy_nginx_vhost:/etc/nginx/vhost.d
      - proxy_nginx_html:/usr/share/nginx/html
      - proxy_nginx_dhparam:/etc/nginx/dhparam
      - proxy_nginx_certs:/etc/nginx/certs:ro

  proxy_acme:
    container_name: proxy_acme
    image: nginxproxy/acme-companion:latest
    environment:
      - TZ=${TIMEZONE}
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - proxy_nginx_certs:/etc/nginx/certs
      - proxy_nginx_acme:/etc/acme.sh
    volumes_from:
      - proxy_nginx

volumes:
  nextcloud:
  nextcloud_db:
  proxy_nginx_acme:
  proxy_nginx_certs:
  proxy_nginx_conf:
  proxy_nginx_dhparam:
  proxy_nginx_html:
  proxy_nginx_vhost:

I know this seems lazy. But i tried a lot of different configurations, but i cant seem to figure out what to do.

Which configs do I need to add where?
And how could my docker-compose.yml file look like with the docker-compose.yml file of this repo included?

@PentaPaetzold
Copy link

PentaPaetzold commented Jun 13, 2023

Update: Got it working. Needed to use ws at 8188 of janus and option full-trickle. Updated code to fit.

i added:

# nextcloud coturn
# Be sure to open 3478/tcp+udp on Firewall if needed
  coturn:
    image: coturn/coturn:latest
    command:
      - "--realm"
      - "signaling.your.site"
#Does not make sense to use both, but either one of lt-cred-mech OR use-auth-secret
#      - "--lt-cred-mech"
      - "--use-auth-secret"
      - "--static-auth-secret"
      - "thisisyourrandomcoturnsecret"
      - "--no-stdout-log"
      - "--log-file"
      - "stdout"
      - "--stale-nonce=600"
      - "--fingerprint"
      - "--no-software-attribute"
      - "--no-multicast-peers"
    volumes:
      - coturn:/var/lib/coturn
    restart: unless-stopped
    ports:
      - 3478:3478
    networks:
      - proxy-tier

# Janus Webrtc Gatway
  janus:
    image: 'canyan/janus-gateway:0.10.7'
    command: ["/usr/local/bin/janus", "-F", "/usr/local/etc/janus", "--stun-server=coturn:3478", "--full-trickle"]
    restart: unless-stopped
    networks:
      - proxy-tier

# Nextcloud Signaling Webserver
# Docs: https://github.com/strukturag/nextcloud-spreed-signaling/tree/master/docker
  spreedbackend:
    platform: linux/amd64
    image: strukturag/nextcloud-spreed-signaling:master
    restart: unless-stopped
    environment:
      - HTTP_LISTEN=spreedbackend:8080
      - COUNTRY=DE
      - HASH_KEY=yourhashkey
      - BLOCK_KEY=yourblockkey
      - INTERNAL_SHARED_SECRET_KEY=yoursharedsecret
      - BACKENDS=site1
      - BACKEND_SITE1_URL=https://nextcloud.your.site
      - BACKEND_SITE1_SHARED_SECRET=yoursharedsecret
# Janus/WebRTC
      - USE_JANUS=1
      - JANUS_URL=ws://janus:8188
# No need for nats when only one Spreed-Server
#      - NATS_URL=nats://nats:4222
# Turn
      - TURN_SERVERS=turn:coturn:3478?transport=udp,turn:coturn:3478?transport=tcp
      - TURN_API_KEY=thisisyourrandomcoturnsecret
      - TURN_SECRET=thisisyourrandomcoturnsecret
# Nginx- Proxy vhost
      - VIRTUAL_HOST=signaling.your.site
      - LETSENCRYPT_HOST=signaling.your.site
      - LETSENCRYPT_EMAIL=admin@your.site
      - VIRTUAL_PORT=8080
    networks:
      - proxy-tier
    depends_on:
      - coturn
      - janus

Adjust your networks or delete mine. And add a coturn- volume.
With that setup you can use signaling.your.site:3478 as stun and turn-server using the secret of coturn in Nextcloud- Talk- Setup.
Than add hpb to nextcloud: https://signaling.your.site given the shared secret.

Problems solved. I would appreachiate this to see described as an alternative to the current setup, where janus and spreed needs to be compiled on the client (which would not work for me).

@PentaPaetzold
Copy link

@fancycode Hi Joachim, as a maintainer of nc-spreed: what would you think of using build images for janus and spreed as proposed above?
Imo this would reduce the need to build those tools and reduce maintanance of this repo for janus.

If you agree, i could implement my changes into a pull request for your repo.

@dounoit
Copy link

dounoit commented Mar 5, 2024

Update: Got it working. Needed to use ws at 8188 of janus and option full-trickle. Updated code to fit.

i added:

# nextcloud coturn
# Be sure to open 3478/tcp+udp on Firewall if needed
  coturn:
    image: coturn/coturn:latest
    command:
      - "--realm"
      - "signaling.your.site"
#Does not make sense to use both, but either one of lt-cred-mech OR use-auth-secret
#      - "--lt-cred-mech"
      - "--use-auth-secret"
      - "--static-auth-secret"
      - "thisisyourrandomcoturnsecret"
      - "--no-stdout-log"
      - "--log-file"
      - "stdout"
      - "--stale-nonce=600"
      - "--fingerprint"
      - "--no-software-attribute"
      - "--no-multicast-peers"
    volumes:
      - coturn:/var/lib/coturn
    restart: unless-stopped
    ports:
      - 3478:3478
    networks:
      - proxy-tier

# Janus Webrtc Gatway
  janus:
    image: 'canyan/janus-gateway:0.10.7'
    command: ["/usr/local/bin/janus", "-F", "/usr/local/etc/janus", "--stun-server=coturn:3478", "--full-trickle"]
    restart: unless-stopped
    networks:
      - proxy-tier

# Nextcloud Signaling Webserver
# Docs: https://github.com/strukturag/nextcloud-spreed-signaling/tree/master/docker
  spreedbackend:
    platform: linux/amd64
    image: strukturag/nextcloud-spreed-signaling:master
    restart: unless-stopped
    environment:
      - HTTP_LISTEN=spreedbackend:8080
      - COUNTRY=DE
      - HASH_KEY=yourhashkey
      - BLOCK_KEY=yourblockkey
      - INTERNAL_SHARED_SECRET_KEY=yoursharedsecret
      - BACKENDS=site1
      - BACKEND_SITE1_URL=https://nextcloud.your.site
      - BACKEND_SITE1_SHARED_SECRET=yoursharedsecret
# Janus/WebRTC
      - USE_JANUS=1
      - JANUS_URL=ws://janus:8188
# No need for nats when only one Spreed-Server
#      - NATS_URL=nats://nats:4222
# Turn
      - TURN_SERVERS=turn:coturn:3478?transport=udp,turn:coturn:3478?transport=tcp
      - TURN_API_KEY=thisisyourrandomcoturnsecret
      - TURN_SECRET=thisisyourrandomcoturnsecret
# Nginx- Proxy vhost
      - VIRTUAL_HOST=signaling.your.site
      - LETSENCRYPT_HOST=signaling.your.site
      - LETSENCRYPT_EMAIL=admin@your.site
      - VIRTUAL_PORT=8080
    networks:
      - proxy-tier
    depends_on:
      - coturn
      - janus

Adjust your networks or delete mine. And add a coturn- volume. With that setup you can use signaling.your.site:3478 as stun and turn-server using the secret of coturn in Nextcloud- Talk- Setup. Than add hpb to nextcloud: https://signaling.your.site given the shared secret.

Problems solved. I would appreachiate this to see described as an alternative to the current setup, where janus and spreed needs to be compiled on the client (which would not work for me).

thank you so much for this example. I've been trying to get this runnig in docker desparately. I've tried so many different options. I haven't tested your standalone docker-compose.yaml yet. I did convert and deploy it for my docker swarm cluster. I've been able to pinpoint the issue to the spreedbackend server. the port 8080 acts odd. i have to make it listen to ip localhost:8080 instead of spreedbackend:8080- else it says its already listening.

current config

# Nextcloud Signaling Webserver
  # Docs: https://github.com/strukturag/nextcloud-spreed-signaling/tree/master/docker
  spreedbackend:
    image: strukturag/nextcloud-spreed-signaling:master
    ports:
      - {target: 8080, published: 8080, mode: host, protocol: tcp}
      - {target: 8080, published: 8080, mode: host, protocol: udp}
    deploy:
      replicas: 1
      placement:
        constraints:
          - "node.labels.node==node1"

    environment:
      - HTTP_LISTEN=localhost:8080
      #- HTTP_LISTEN=spreedbackend:8080
      - COUNTRY=US
      - HASH_KEY=dddddddddddddddddddd==
      - BLOCK_KEY=eeeeeeeeeeeeeeeeeeee=
      - INTERNAL_SHARED_SECRET_KEY=ccccccccccccccccccccccc
      - BACKENDS=site1
      - BACKEND_SITE1_URL=https://nextcloud.some.url.tld
      - BACKEND_SITE1_SHARED_SECRET=bbbbbbbbbbbbbb
      # Janus/WebRTC
      - USE_JANUS=1
      - JANUS_URL=ws://janus:8188
      # No need for nats when only one Spreed-Server
      #      - NATS_URL=nats://nats:4222
      # Turn
      - TURN_SERVERS=turn:coturn:3478?transport=udp,turn:coturn:3478?transport=tcp
      - TURN_API_KEY=aaaaaaaaaaaa
      - TURN_SECRET=bbbbbbbbbbbbbb
      # Nginx- Proxy vhost
      - VIRTUAL_HOST=signaling.some.url.tld
      - LETSENCRYPT_HOST=signaling.some.url.tld
      - LETSENCRYPT_EMAIL=admin@your.site
      - VIRTUAL_PORT=8080

    networks:
      - holospreed-signaling

please help me with my troubleshooting- i could use another pair of eyes- am i missing how this is suppose to be behaving / tested? I would expect the welcome string when i execute this inside the container - this testing is with host mode port enabled:

b05f468ea31a:/$ netstat -na |grep 8080
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      
b05f468ea31a:/$ wget  http://localhost:8080/standalone-signaling/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: server returned error: HTTP/1.1 404 Not Found
b05f468ea31a:/$ wget  http://localhost:8080/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: can't open 'welcome': Permission denied

since i have this listening on the host too - i tried it on the docker host as well:

dockerhost$ wget  http://localhost:8080/standalone-signaling/api/v1/welcome
--2024-03-05 15:54:34--  http://localhost:8080/standalone-signaling/api/v1/welcome
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

dockerhost$ wget  http://localhost:8080/api/v1/welcome
--2024-03-05 15:56:24--  http://localhost:8080/api/v1/welcome
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

i then removed the host mode listening port and listens on localhost:8080

environment:
  - HTTP_LISTEN=localhost:8080

inside the spreedbackend container

f44d55587e5a:/$ netstat -na |grep 8080
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      

f44d55587e5a:/$ wget  http://localhost:8080/standalone-signaling/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: server returned error: HTTP/1.1 404 Not Found

f44d55587e5a:/$ wget  http://localhost:8080/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: can't open 'welcome': Permission denied

from the nginx container in docker swarm on the same network (the resolving ip is incorrect due to docker dns-ip mapping)

wget  http://spreedbackend:8080/api/v1/welcome
root@2fe7949918b6:/# wget  http://spreedbackend:8080/standalone-signaling/api/v1/welcome
Connecting to spreedbackend:8080 (172.16.38.250:8080)
wget: can't connect to remote host (172.16.38.250): Connection refused

root@2fe7949918b6:/# wget  http://spreedbackend:8080/api/v1/welcome
Connecting to spreedbackend:8080 (172.16.38.250:8080)
wget: can't connect to remote host (172.16.38.250): Connection refused

inside the spreedbackend container- regarding the ip allocation to to the swarm container - i read something about this being an issue assigning dns name to n-1 for container ip - im less worried about this atm:

inside spreedbackend container:

f44d55587e5a:/$ ip a
28634: eth0@if28635: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1424 qdisc noqueue state UP 
    link/ether 02:42:ac:10:26:fb brd ff:ff:ff:ff:ff:ff
    inet 172.16.38.251/24 brd 172.16.38.255 scope global eth0

this is from the nginx container using the real ip of the spreedbackend container - i want to focus on the spreedbackend working before working on this weird docker swarm behavior - im just adding this for thoroughness:

root@2fe7949918b6:/# wget  http://172.16.38.251:8080/standalone-signaling/api/v1/welcome
Connecting to 172.16.38.251:8080 (172.16.38.251:8080)
wget: can't connect to remote host (172.16.38.251): Connection refused

root@2fe7949918b6:/# wget  http://172.16.38.251:8080/api/v1/welcome
Connecting to 172.16.38.251:8080 (172.16.38.251:8080)
wget: can't connect to remote host (172.16.38.251): Connection refused

i think im zeroing in on the problem but need help getting this across the line- i look forward to sharing my work too in hopes of saving someone a weekend and days of working on this ;-) thank you so much for your work friend!
-chefboyrdave2.1 aka daveK

@dounoit
Copy link

dounoit commented Mar 5, 2024

Using your standalone docker-compose- i was able to SUCCESSFULLY test for the welcome response

my standalone docker-compose.yaml:

version: "3.2"

networks:
  proxy-tier:

## docker standalone

# nextcloud coturn
# Be sure to open 3478/tcp+udp on Firewall if needed
services:
  coturn:
    image: coturn/coturn:latest
    command:
      - "--realm"
      - "signaling.local"
#Does not make sense to use both, but either one of lt-cred-mech OR use-auth-secret
#      - "--lt-cred-mech"
      - "--use-auth-secret"
      - "--static-auth-secret"
      - "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      - "--no-stdout-log"
      - "--log-file"
      - "stdout"
      - "--stale-nonce=600"
      - "--fingerprint"
      - "--no-software-attribute"
      - "--no-multicast-peers"
    volumes:
      - /var/data/runtime/spreed-standalone/coturn/:/var/lib/coturn
    restart: unless-stopped
    ports:
      - 3478:3478
    networks:
      - proxy-tier

# Janus Webrtc Gatway
  janus:
    image: 'canyan/janus-gateway:0.10.7'
    command: ["/usr/local/bin/janus", "-F", "/usr/local/etc/janus", "--stun-server=coturn:3478", "--full-trickle"]
    restart: unless-stopped
    networks:
      - proxy-tier

  nginx:
    image: lscr.io/linuxserver/nginx

    ports:
      - 80:80
      - 443:443
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York

    volumes:
      - /var/data/spreed-standalone/nginx/conf:/config
      - /var/data/spreed-standalone/certbot/conf/:/etc/nginx/ssl/:ro
    networks:
      - proxy-tier


  certbot:
    image: certbot/certbot:latest
    networks:
      - proxy-tier
    volumes:
      - /var/data/spreed-standalone/nginx/conf/www:/var/www/certbot/:rw
      - /var/data/spreed-standalone/certbot/conf/:/etc/letsencrypt/:rw



# Nextcloud Signaling Webserver
# Docs: https://github.com/strukturag/nextcloud-spreed-signaling/tree/master/docker
  spreedbackend:
    platform: linux/amd64
    image: strukturag/nextcloud-spreed-signaling:master
    restart: unless-stopped
    ports:
      - {target: 8080, published: 8080, mode: host, protocol: tcp}
      - {target: 8080, published: 8080, mode: host, protocol: udp}
    environment:
      #- HTTP_LISTEN=localhost:8080
      - HTTP_LISTEN=spreedbackend:8080
      #- HTTP_LISTEN=0.0.0.0:8080
      - COUNTRY=US
      - HASH_KEY=bbbbbbbbbbbbbbbb==
      - BLOCK_KEY=cccccccccccccccccccccc==
      - INTERNAL_SHARED_SECRET_KEY=ddddddddddddddddddddddddddddddddddddddddd
      - BACKENDS=site1
      - BACKEND_SITE1_URL=https://nextcloudinstance.some.url.tld
      - BACKEND_SITE1_SHARED_SECRET=eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
      # Janus/WebRTC
      - USE_JANUS=1
      - JANUS_URL=ws://janus:8188
      # No need for nats when only one Spreed-Server
      #      - NATS_URL=nats://nats:4222
      # Turn
      - TURN_SERVERS=turn:coturn:3478?transport=udp,turn:coturn:3478?transport=tcp
      - TURN_API_KEY=ffffffffffffffffffffffff
      - TURN_SECRET=eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
      # Nginx- Proxy vhost
      - VIRTUAL_HOST=signaling.some.url.tld
      - LETSENCRYPT_HOST=signaling.some.url.tld
      - LETSENCRYPT_EMAIL=admin@your.site
      - VIRTUAL_PORT=8080

    networks:
      - proxy-tier
    depends_on:
      - coturn
      - janus

inside the spreedbackend container

0afe36caaf35:/$ netstat -na |grep 8080
tcp        0      0 172.20.0.6:8080         0.0.0.0:*               LISTEN      

0afe36caaf35:/$ wget  http://localhost:8080/standalone-signaling/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: can't connect to remote host (127.0.0.1): Connection refused

0afe36caaf35:/$ wget  http://localhost:8080/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: can't connect to remote host (127.0.0.1): Connection refused

0afe36caaf35:/$ wget  http://172.20.0.6:8080/standalone-signaling/api/v1/welcome
Connecting to 172.20.0.6:8080 (172.20.0.6:8080)
wget: server returned error: HTTP/1.1 404 Not Found

0afe36caaf35:/$ wget  http://172.20.0.6:8080/api/v1/welcome
Connecting to 172.20.0.6:8080 (172.20.0.6:8080)
wget: can't open 'welcome': Permission denied

i tried this with host mode too - from the docker host:

added:
ports:
- {target: 8080, published: 8080, mode: host, protocol: tcp}
- {target: 8080, published: 8080, mode: host, protocol: udp}

successful testing directly to spreedbackend :8080

dockerhost:/var/data/spreed-standalone# wget  http://localhost:8080/api/v1/welcome
--2024-03-05 20:16:12--  http://localhost:8080/api/v1/welcome
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: 101 [application/json]
Saving to: ‘welcome’

welcome                           100%[=============================================================>]     101  --.-KB/s    in 0s      

2024-03-05 20:16:12 (2.93 MB/s) - ‘welcome’ saved [101/101]

root@dockerhost:/var/data/spreed-standalone# cat welcome 
{"nextcloud-spreed-signaling":"Welcome","version":"e2266a676580c9568d409dbcdd595e7f1c5532a5~docker"}

root@dockerhost:/var/data/spreed-standalone# wget  http://localhost:8080/standalone-signaling/api/v1/welcome
--2024-03-05 20:15:42--  http://localhost:8080/standalone-signaling/api/v1/welcome
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... 404 Not Found
2024-03-05 20:15:42 ERROR 404: Not Found.

successful testing directly to nginx :443 <-- only port 443 is setup with proxypass

root@dockerhost:/var/data/spreed-standalone# wget --no-check-certificate https://localhost/standalone-signaling/api/v1/welcome
--2024-03-05 20:13:51--  https://localhost/standalone-signaling/api/v1/welcome
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:443... connected.
WARNING: cannot verify localhost's certificate, issued by ‘CN=*,OU=LSIO Server,O=Linuxserver.io,L=Carlsbad,ST=CA,C=US’:
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 101 [application/json]
Saving to: ‘welcome’

welcome                           100%[=============================================================>]     101  --.-KB/s    in 0s      

2024-03-05 20:13:51 (18.5 MB/s) - ‘welcome’ saved [101/101]

root@norap0017:/var/data/spreed-standalone# cat welcome 
{"nextcloud-spreed-signaling":"Welcome","version":"e2266a676580c9568d409dbcdd595e7f1c5532a5~docker"}

test docker-compose standalone with - disable host mode port 8080 and just use HTTP_LISTEN

environment:
  - HTTP_LISTEN=localhost:8080
root@dockerhost:/var/data/config/spreed-standalone# docker exec -it 35339bee5dab  bash
35339bee5dab:/$ netstat -na 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.11:43181        0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      
tcp        0      0 172.20.0.6:43100        172.20.0.3:8188         ESTABLISHED 
udp        0      0 127.0.0.11:40488        0.0.0.0:*                           
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                     46869 @00013
35339bee5dab:/$ wget  http://localhost:8080/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: can't open 'welcome': Permission denied

from nginx port 443 on the host:

root@dockerhost:/var/data/config/spreed-standalone# wget --no-check-certificate  https://localhost/standalone-signaling/api/v1/welcome
--2024-03-05 20:58:00--  https://localhost/standalone-signaling/api/v1/welcome
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:443... connected.
WARNING: cannot verify localhost's certificate, issued by ‘CN=*,OU=LSIO Server,O=Linuxserver.io,L=Carlsbad,ST=CA,C=US’:
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 502 Bad Gateway
2024-03-05 20:58:00 ERROR 502: Bad Gateway.

test docker-compose standalone with - disable host mode port 8080 and just use HTTP_LISTEN - SUCCESS via nginx ONLY

environment:
  - HTTP_LISTEN=spreedbackend:8080
root@dockerhost:/var/data/config/spreed-standalone# docker exec -it 28f10e1babe6 bash

28f10e1babe6:/$ wget  http://localhost:8080/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: can't connect to remote host (127.0.0.1): Connection refused <-- this makes sense since its only bound n listening to the continer ip

28f10e1babe6:/$ netstat -na 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.11:42149        0.0.0.0:*               LISTEN      
tcp        0      0 172.20.0.6:8080         0.0.0.0:*               LISTEN      
tcp        0      0 172.20.0.6:42320        172.20.0.2:8188         ESTABLISHED 
udp        0      0 127.0.0.11:41872        0.0.0.0:*                           
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                     53919 @00014

28f10e1babe6:/$ wget  http://spreedbackend:8080/api/v1/welcome
Connecting to spreedbackend:8080 (172.20.0.6:8080)
wget: can't open 'welcome': Permission denied <-- is there an acl or something that is blocking this? accepting traffic from only one subnet or ip? 

SUCCESS from nginx port 443 on the host:

root@dockerhost:/var/data/config/spreed-standalone# wget --no-check-certificate  https://localhost/standalone-signaling/api/v1/welcome
--2024-03-05 21:02:51--  https://localhost/standalone-signaling/api/v1/welcome
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:443... connected.
WARNING: cannot verify localhost's certificate, issued by ‘CN=*,OU=LSIO Server,O=Linuxserver.io,L=Carlsbad,ST=CA,C=US’:
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 101 [application/json]
Saving to: ‘welcome’

welcome                           100%[=============================================================>]     101  --.-KB/s    in 0s      

2024-03-05 21:02:51 (17.6 MB/s) - ‘welcome’ saved [101/101]

root@norap0017:/var/data/config/spreed-standalone# cat welcome 
{"nextcloud-spreed-signaling":"Welcome","version":"e2266a676580c9568d409dbcdd595e7f1c5532a5~docker"}

test docker-compose standalone with - disable host mode port 8080 and just use HTTP_LISTEN - SUCCESS from nginx :443 on host and container via port spreedbackend:8080 too

environment:
  - HTTP_LISTEN=0.0.0.0:8080
efff1ffb82fc:/$ netstat -na 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.11:33479        0.0.0.0:*               LISTEN      
tcp        0      0 172.20.0.6:41876        172.20.0.4:8188         ESTABLISHED 
tcp        0      0 :::8080                 :::*                    LISTEN      
udp        0      0 127.0.0.11:44048        0.0.0.0:*                           
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                     61455 @00015

efff1ffb82fc:/$ wget  http://spreedbackend:8080/api/v1/welcome
Connecting to spreedbackend:8080 (172.20.0.6:8080)
wget: can't open 'welcome': Permission denied

efff1ffb82fc:/$ wget  http://localhost:8080/api/v1/welcome
Connecting to localhost:8080 (127.0.0.1:8080)
wget: can't open 'welcome': Permission denied

when i try from the nginx container i get the following:

root@dockerhost:/var/data/config/spreed-standalone# docker ps 
CONTAINER ID   IMAGE                                          COMMAND                  CREATED          STATUS         PORTS                                                                         NAMES
efff1ffb82fc   strukturag/nextcloud-spreed-signaling:master   "/entrypoint.sh"         8 minutes ago    Up 8 minutes                                                                                 spreed-standalone-spreedbackend-1
25a16f6751b5   lscr.io/linuxserver/nginx                      "/init"                  40 minutes ago   Up 8 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp      spreed-standalone-nginx-1
e03a4ae9c386   canyan/janus-gateway:0.10.7                    "/usr/local/bin/janu…"   49 minutes ago   Up 8 minutes   7088-7089/tcp, 8000/tcp, 8088-8089/tcp, 8188/tcp, 8889/tcp, 10000-10200/udp   spreed-standalone-janus-1
720736b691e1   coturn/coturn:latest                           "docker-entrypoint.s…"   49 minutes ago   Up 8 minutes   3478/udp, 5349/udp, 0.0.0.0:3478->3478/tcp, :::3478->3478/tcp, 5349/tcp       spreed-standalone-coturn-1

root@norap0017:/var/data/config/spreed-standalone# docker exec -it 25a16f6751b5 bash

root@25a16f6751b5:/# wget http://spreedbackend:8080/api/v1/welcome
Connecting to spreedbackend:8080 (172.20.0.6:8080)
saving to 'welcome'
welcome              100% |****************************************************************************************|   101  0:00:00 ETA
'welcome' saved
root@25a16f6751b5:/# cat welcome 
{"nextcloud-spreed-signaling":"Welcome","version":"e2266a676580c9568d409dbcdd595e7f1c5532a5~docker"}

and from the nginx port 443 on the host - SUCCESS!!

root@dockerhost:/var/data/config/spreed-standalone# wget --no-check-certificate  https://localhost/standalone-signaling/api/v1/welcome
--2024-03-05 20:54:15--  https://localhost/standalone-signaling/api/v1/welcome
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:443... connected.
WARNING: cannot verify localhost's certificate, issued by ‘CN=*,OU=LSIO Server,O=Linuxserver.io,L=Carlsbad,ST=CA,C=US’:
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 101 [application/json]
Saving to: ‘welcome.1’

welcome.1                         100%[=============================================================>]     101  --.-KB/s    in 0s      

2024-03-05 20:54:15 (8.17 MB/s) - ‘welcome.1’ saved [101/101]

root@dockerhost:/var/data/config/spreed-standalone# cat welcome.1 
{"nextcloud-spreed-signaling":"Welcome","version":"e2266a676580c9568d409dbcdd595e7f1c5532a5~docker"}

As you can see i have some scenarios that appear to be working - some weird behavior re: testing directly against the spreedbackend container

thank you for all the help! I hope this helps someone else troubleshoot their configurations - the direct backendspreed:8080 api uses te uri: /api/v1/welcome - if you followed the webserver/caddy instructions then you will be looking for the uri: /standalone-signaling/api/v1/welcome - ie,url for nginx setup is https://localhost/standalone-signaling/api/v1/welcome - remember port 80 is NOT setup for proxypass - it must be port 443 unless you modify the instructions

next:

  1. testing a nextcloud instance against it
  2. then onto the docker swarm config ;-)

-D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants