Re: Openmeetings, kurento and TURN behind NAT
turnUrl is set in applicationContext and then passed to JS it never works for me if set in KMS config, and i have no time for further investigation Hopefully will get back to this topic after 5.0.0 will be final On Sun, 29 Mar 2020 at 23:54, YUP wrote: > BTW, just wondering, why in the full version of OM in docker the > kurento server doesn't have turn-environments, but have it for OM? It > should be in the line in the file > /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini > with > turnURL=:@:[?transport=] > > If kurento server runs in docker, it is very easy via KMS_TURN_URL. > > If I understand correctly, OM connects to kurento media server which > next connects to turn server, turn-server is something like a meeting > point for different streams from different clients. Please correct me. > I'm trying to figure out how to correctly setup OM in my environment. > > Regards, > Yarema > > > > On Sun, Mar 29, 2020 at 9:37 AM YUP wrote: > > > > It's ok, at least now I know what the problem is. > > Best, > > Yarema > > > > On Sun, Mar 29, 2020 at 5:25 AM Maxim Solodovnik > wrote: > > > > > > I'm installing KMS inside docker to avoid this > > > Not sure if I can help with your advanced config :( > > > > > > On Sun, Mar 29, 2020, 08:57 YUP wrote: > > >> > > >> Hi Maxim, > > >> Probably I found what caused that issue with *.webm files. I run > > >> openmeetings in a docker container which load dependent kurento > > >> container (see my docker-compose.yml file in my first email). > > >> Something is wrong with communication between them, maybe permission > > >> issue, different users, don't know now. > > >> > > >> > it would be more reasonable to have > > >> > listening-port=80 > > >> > in this case (due to it insecure) > > >> > > >> Good advice, I forgot that firewall allows connection to 80 port too > :) > > >> > > >> Regards, > > >> Yarema > -- WBR Maxim aka solomax
Re: Openmeetings, kurento and TURN behind NAT
BTW, just wondering, why in the full version of OM in docker the kurento server doesn't have turn-environments, but have it for OM? It should be in the line in the file /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini with turnURL=:@:[?transport=] If kurento server runs in docker, it is very easy via KMS_TURN_URL. If I understand correctly, OM connects to kurento media server which next connects to turn server, turn-server is something like a meeting point for different streams from different clients. Please correct me. I'm trying to figure out how to correctly setup OM in my environment. Regards, Yarema On Sun, Mar 29, 2020 at 9:37 AM YUP wrote: > > It's ok, at least now I know what the problem is. > Best, > Yarema > > On Sun, Mar 29, 2020 at 5:25 AM Maxim Solodovnik wrote: > > > > I'm installing KMS inside docker to avoid this > > Not sure if I can help with your advanced config :( > > > > On Sun, Mar 29, 2020, 08:57 YUP wrote: > >> > >> Hi Maxim, > >> Probably I found what caused that issue with *.webm files. I run > >> openmeetings in a docker container which load dependent kurento > >> container (see my docker-compose.yml file in my first email). > >> Something is wrong with communication between them, maybe permission > >> issue, different users, don't know now. > >> > >> > it would be more reasonable to have > >> > listening-port=80 > >> > in this case (due to it insecure) > >> > >> Good advice, I forgot that firewall allows connection to 80 port too :) > >> > >> Regards, > >> Yarema
Re: Openmeetings, kurento and TURN behind NAT
It's ok, at least now I know what the problem is. Best, Yarema On Sun, Mar 29, 2020 at 5:25 AM Maxim Solodovnik wrote: > > I'm installing KMS inside docker to avoid this > Not sure if I can help with your advanced config :( > > On Sun, Mar 29, 2020, 08:57 YUP wrote: >> >> Hi Maxim, >> Probably I found what caused that issue with *.webm files. I run >> openmeetings in a docker container which load dependent kurento >> container (see my docker-compose.yml file in my first email). >> Something is wrong with communication between them, maybe permission >> issue, different users, don't know now. >> >> > it would be more reasonable to have >> > listening-port=80 >> > in this case (due to it insecure) >> >> Good advice, I forgot that firewall allows connection to 80 port too :) >> >> Regards, >> Yarema
Re: Openmeetings, kurento and TURN behind NAT
I'm installing KMS inside docker to avoid this Not sure if I can help with your advanced config :( On Sun, Mar 29, 2020, 08:57 YUP wrote: > Hi Maxim, > Probably I found what caused that issue with *.webm files. I run > openmeetings in a docker container which load dependent kurento > container (see my docker-compose.yml file in my first email). > Something is wrong with communication between them, maybe permission > issue, different users, don't know now. > > > it would be more reasonable to have > > listening-port=80 > > in this case (due to it insecure) > > Good advice, I forgot that firewall allows connection to 80 port too :) > > Regards, > Yarema >
Re: Openmeetings, kurento and TURN behind NAT
Hi Maxim, Probably I found what caused that issue with *.webm files. I run openmeetings in a docker container which load dependent kurento container (see my docker-compose.yml file in my first email). Something is wrong with communication between them, maybe permission issue, different users, don't know now. > it would be more reasonable to have > listening-port=80 > in this case (due to it insecure) Good advice, I forgot that firewall allows connection to 80 port too :) Regards, Yarema
Re: Openmeetings, kurento and TURN behind NAT
Hello Yarema,
sorry had no time and HW so far to experiment
it would be more reasonable to have
listening-port=80
in this case (due to it insecure)
>> The only problem remain, that session recording files are
>> wav file, not avi. Do you have a clue what is the reason is? Coul it
>> be a ffmpeg issue?
During session recording intermediate files are *.webm
Later *.wav is extracted/generated to create *.mp4 (not avi)
Could you check if you have *.webm in `data` folder?
On Sat, 28 Mar 2020 at 18:43, YUP wrote:
> Maxim,
> Finally I managed to launch openmeetings with kurento and coturn. The
> problem was in coturn server which didn't work as expected. I
> installed coturn server on my private laptop (no firewall and NAT)
> which listens on port 443, with the following configuration:
>
> listening-port=443
> tls-listening-port=5349
> verbose
> lt-cred-mech
> user=kurento:kurento
> realm=my_openmeetings_server_domain
> log-file=/var/log/turnserver/turn.log
>
> After that all openmeetings users can see each other cameras and hear
> each other. The only problem remain, that session recording files are
> wav file, not avi. Do you have a clue what is the reason is? Coul it
> be a ffmpeg issue?
>
> Best,
> Yarema
>
>
> On Thu, Mar 19, 2020 at 9:43 PM YUP wrote:
> >
> > Maxim,
> > I made a mistake, in nginx configuration section for openmetings port
> > should be 5443 instead of 5080, sorry for that.
> > I also forgot to mention that only tcp requests are allowed in our
> > firewall, udp if prohibited, as far as know.
> > Can you examine my configs and say what is wrong?
> >
> > Regards,
> > Yarema
> >
> > location /openmeetings {
> > proxy_pass http://localhost:5080/openmeetings;
> >
> > proxy_set_header Host $host;
> > proxy_http_version 1.1;
> > proxy_set_header Upgrade $http_upgrade;
> > proxy_set_header Connection "upgrade";
> >
> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > proxy_set_header Referer 'https://$host/openmeetings/';
> > proxy_set_header X-Real-IP $remote_addr;
> > }
> >
> > On Mon, Mar 16, 2020 at 5:01 PM YUP wrote:
> > >
> > > Please take your time.
> > > I gonna describe my set up briefly .
> > >
> > > Initial data:
> > > External nat has address external_nat_ip
> > > All external ports are closed except 443
> > > From inside allowed only http connections to ports 80, 8080, 443 and 22
> > >
> > > Openmeetings runs in docker, I use docker-compose with the following
> > > docker-compose.yml:
> > >
> > > version: '3.7'
> > > services:
> > > openmeetings:
> > > image: apache/openmeetings:min-5.0.0-M3
> > > ports:
> > > - "5080:5080"
> > > - "5443:5443"
> > > volumes:
> > > - ~/openmeetings/omdata:/opt/omdata
> > > - ~/openmeetings/logs:/opt/openmeetings/logs
> > > environment:
> > > - OM_KURENTO_WS_URL=ws://kurento:/kurento
> > > - TURN_USER=kurento
> > > - TURN_PASS=kurento
> > > - TURN_URL=external_nat_ip?transport=tcp
> > > - OM_DB_TYPE=mysql
> > > - OM_DB_HOST=172.17.0.1
> > > - OM_DB_PORT=3306
> > > - OM_DB_USER=om_user
> > > - OM_DB_PASS=om_passwd
> > > - OM_DB_NAME=openmeetings
> > > depends_on:
> > > - kurento
> > > - coturn
> > > restart: unless-stopped
> > > kurento:
> > > image: kurento/kurento-media-server
> > > ports:
> > > - ":"
> > > environment:
> > > - KMS_TURN_URL=kurento:kurento@external_nat_ip?transport=tcp
> > > restart: unless-stopped
> > > coturn:
> > > image: kurento/coturn-auth
> > > ports:
> > > - "3478:3478"
> > > environment:
> > > - LISTENING_PORT=3478
> > > - REALM=kurento.org
> > > - USER=kurento
> > > - PASSWORD=kurento
> > > restart: unless-stopped
> > >
> > > I use sslh https://github.com/yrutschle/sslh to connect do different
> > > services behind nat with the following configuration:
> > >
> > > verbose: true
> > > timeout: 18000;
> > > listen:
> > > (
> > > { host: "internal_nat_ip"; port: "443"; }
> > > );
> > > protocols:
> > > (
> > > # ssh:
> > > { name: "ssh"; service: "ssh"; host: "localhost"; port: "22";
> > > probe: "builtin"; },
> > > # openvpn:
> > > { name: "openvpn"; host: "localhost"; port: "1194"; probe:
> "builtin"; },
> > > # nginx:
> > > { name: "ssl"; host: "localhost"; port: "2443"; probe: "builtin";
> > > log_level: 0;},
> > > # coturn:
> > > { name: "regex"; host: "localhost"; port: "3478"; regex_patterns:
> > > [ "\x21\x12\xa4\x42" ]; }
> > > );
> > > transparent: true;
> > >
> > >
> > > And nginx configuration (there are another services, I left only
> > > openmeetings and kurento (do I really need to have kurento websocket
> > > outside nat?))
> > >
> > >
> > > server {
> > > listen 2443 ssl http2;
> > > listen [::]:2443 ssl http2;
> > > server_name localhost;
> > >
> > > autoindex
Re: Openmeetings, kurento and TURN behind NAT
Maxim,
Finally I managed to launch openmeetings with kurento and coturn. The
problem was in coturn server which didn't work as expected. I
installed coturn server on my private laptop (no firewall and NAT)
which listens on port 443, with the following configuration:
listening-port=443
tls-listening-port=5349
verbose
lt-cred-mech
user=kurento:kurento
realm=my_openmeetings_server_domain
log-file=/var/log/turnserver/turn.log
After that all openmeetings users can see each other cameras and hear
each other. The only problem remain, that session recording files are
wav file, not avi. Do you have a clue what is the reason is? Coul it
be a ffmpeg issue?
Best,
Yarema
On Thu, Mar 19, 2020 at 9:43 PM YUP wrote:
>
> Maxim,
> I made a mistake, in nginx configuration section for openmetings port
> should be 5443 instead of 5080, sorry for that.
> I also forgot to mention that only tcp requests are allowed in our
> firewall, udp if prohibited, as far as know.
> Can you examine my configs and say what is wrong?
>
> Regards,
> Yarema
>
> location /openmeetings {
> proxy_pass http://localhost:5080/openmeetings;
>
> proxy_set_header Host $host;
> proxy_http_version 1.1;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Referer 'https://$host/openmeetings/';
> proxy_set_header X-Real-IP $remote_addr;
> }
>
> On Mon, Mar 16, 2020 at 5:01 PM YUP wrote:
> >
> > Please take your time.
> > I gonna describe my set up briefly .
> >
> > Initial data:
> > External nat has address external_nat_ip
> > All external ports are closed except 443
> > From inside allowed only http connections to ports 80, 8080, 443 and 22
> >
> > Openmeetings runs in docker, I use docker-compose with the following
> > docker-compose.yml:
> >
> > version: '3.7'
> > services:
> > openmeetings:
> > image: apache/openmeetings:min-5.0.0-M3
> > ports:
> > - "5080:5080"
> > - "5443:5443"
> > volumes:
> > - ~/openmeetings/omdata:/opt/omdata
> > - ~/openmeetings/logs:/opt/openmeetings/logs
> > environment:
> > - OM_KURENTO_WS_URL=ws://kurento:/kurento
> > - TURN_USER=kurento
> > - TURN_PASS=kurento
> > - TURN_URL=external_nat_ip?transport=tcp
> > - OM_DB_TYPE=mysql
> > - OM_DB_HOST=172.17.0.1
> > - OM_DB_PORT=3306
> > - OM_DB_USER=om_user
> > - OM_DB_PASS=om_passwd
> > - OM_DB_NAME=openmeetings
> > depends_on:
> > - kurento
> > - coturn
> > restart: unless-stopped
> > kurento:
> > image: kurento/kurento-media-server
> > ports:
> > - ":"
> > environment:
> > - KMS_TURN_URL=kurento:kurento@external_nat_ip?transport=tcp
> > restart: unless-stopped
> > coturn:
> > image: kurento/coturn-auth
> > ports:
> > - "3478:3478"
> > environment:
> > - LISTENING_PORT=3478
> > - REALM=kurento.org
> > - USER=kurento
> > - PASSWORD=kurento
> > restart: unless-stopped
> >
> > I use sslh https://github.com/yrutschle/sslh to connect do different
> > services behind nat with the following configuration:
> >
> > verbose: true
> > timeout: 18000;
> > listen:
> > (
> > { host: "internal_nat_ip"; port: "443"; }
> > );
> > protocols:
> > (
> > # ssh:
> > { name: "ssh"; service: "ssh"; host: "localhost"; port: "22";
> > probe: "builtin"; },
> > # openvpn:
> > { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin";
> > },
> > # nginx:
> > { name: "ssl"; host: "localhost"; port: "2443"; probe: "builtin";
> > log_level: 0;},
> > # coturn:
> > { name: "regex"; host: "localhost"; port: "3478"; regex_patterns:
> > [ "\x21\x12\xa4\x42" ]; }
> > );
> > transparent: true;
> >
> >
> > And nginx configuration (there are another services, I left only
> > openmeetings and kurento (do I really need to have kurento websocket
> > outside nat?))
> >
> >
> > server {
> > listen 2443 ssl http2;
> > listen [::]:2443 ssl http2;
> > server_name localhost;
> >
> > autoindex on;
> > root /srv/http/;
> > index index.php index.html index.htm;
> >
> > #ssl_certificate /etc/httpd/conf/server.crt;
> > #ssl_certificate_key /etc/httpd/conf/server.key;
> >
> > include conf/001-certbot.conf;
> >
> > #ssl on;
> > ssl_session_cache builtin:1000 shared:SSL:10m;
> > ssl_protocols TLSv1 TLSv1.1; #TLSv1.2;
> > #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
> > #ssl_prefer_server_ciphers on;
> >
> >
> > proxy_headers_hash_max_size 512;
> > proxy_headers_hash_bucket_size 128;
> >
> > location ~ [^/]\.php(/|$) {
> > fastcgi_split_path_info ^(.+\.php)(/.+)$;
> > fastcgi_indexindex.php;
> > fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
> >
Re: Openmeetings, kurento and TURN behind NAT
Maxim,
I made a mistake, in nginx configuration section for openmetings port
should be 5443 instead of 5080, sorry for that.
I also forgot to mention that only tcp requests are allowed in our
firewall, udp if prohibited, as far as know.
Can you examine my configs and say what is wrong?
Regards,
Yarema
location /openmeetings {
proxy_pass http://localhost:5080/openmeetings;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer 'https://$host/openmeetings/';
proxy_set_header X-Real-IP $remote_addr;
}
On Mon, Mar 16, 2020 at 5:01 PM YUP wrote:
>
> Please take your time.
> I gonna describe my set up briefly .
>
> Initial data:
> External nat has address external_nat_ip
> All external ports are closed except 443
> From inside allowed only http connections to ports 80, 8080, 443 and 22
>
> Openmeetings runs in docker, I use docker-compose with the following
> docker-compose.yml:
>
> version: '3.7'
> services:
> openmeetings:
> image: apache/openmeetings:min-5.0.0-M3
> ports:
> - "5080:5080"
> - "5443:5443"
> volumes:
> - ~/openmeetings/omdata:/opt/omdata
> - ~/openmeetings/logs:/opt/openmeetings/logs
> environment:
> - OM_KURENTO_WS_URL=ws://kurento:/kurento
> - TURN_USER=kurento
> - TURN_PASS=kurento
> - TURN_URL=external_nat_ip?transport=tcp
> - OM_DB_TYPE=mysql
> - OM_DB_HOST=172.17.0.1
> - OM_DB_PORT=3306
> - OM_DB_USER=om_user
> - OM_DB_PASS=om_passwd
> - OM_DB_NAME=openmeetings
> depends_on:
> - kurento
> - coturn
> restart: unless-stopped
> kurento:
> image: kurento/kurento-media-server
> ports:
> - ":"
> environment:
> - KMS_TURN_URL=kurento:kurento@external_nat_ip?transport=tcp
> restart: unless-stopped
> coturn:
> image: kurento/coturn-auth
> ports:
> - "3478:3478"
> environment:
> - LISTENING_PORT=3478
> - REALM=kurento.org
> - USER=kurento
> - PASSWORD=kurento
> restart: unless-stopped
>
> I use sslh https://github.com/yrutschle/sslh to connect do different
> services behind nat with the following configuration:
>
> verbose: true
> timeout: 18000;
> listen:
> (
> { host: "internal_nat_ip"; port: "443"; }
> );
> protocols:
> (
> # ssh:
> { name: "ssh"; service: "ssh"; host: "localhost"; port: "22";
> probe: "builtin"; },
> # openvpn:
> { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
> # nginx:
> { name: "ssl"; host: "localhost"; port: "2443"; probe: "builtin";
> log_level: 0;},
> # coturn:
> { name: "regex"; host: "localhost"; port: "3478"; regex_patterns:
> [ "\x21\x12\xa4\x42" ]; }
> );
> transparent: true;
>
>
> And nginx configuration (there are another services, I left only
> openmeetings and kurento (do I really need to have kurento websocket
> outside nat?))
>
>
> server {
> listen 2443 ssl http2;
> listen [::]:2443 ssl http2;
> server_name localhost;
>
> autoindex on;
> root /srv/http/;
> index index.php index.html index.htm;
>
> #ssl_certificate /etc/httpd/conf/server.crt;
> #ssl_certificate_key /etc/httpd/conf/server.key;
>
> include conf/001-certbot.conf;
>
> #ssl on;
> ssl_session_cache builtin:1000 shared:SSL:10m;
> ssl_protocols TLSv1 TLSv1.1; #TLSv1.2;
> #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
> #ssl_prefer_server_ciphers on;
>
>
> proxy_headers_hash_max_size 512;
> proxy_headers_hash_bucket_size 128;
>
> location ~ [^/]\.php(/|$) {
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> fastcgi_indexindex.php;
> fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
> include fastcgi.conf;
> fastcgi_param PATH_INFO $fastcgi_path_info;
> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
> }
>
> # User directories, e.g. http://example.com/~user/ :
> location ~ ^/~(.+?)(/.*)?$ {
> alias /home/$1/public_html$2;
> index index.html index.htm;
> autoindex on;
> auth_pam "Restricted Zone";
> auth_pam_service_name "nginx";
> }
>
> # Deny static files
>location ~ ^/(README|LICENSE|ChangeLog|DCO)$ {
> deny all;
>}
>
># Deny .md files
>location ~ ^/(.+\.md)$ {
> deny all;
>}
>
># Deny setup directories
>location ~ ^/(doc|sql|setup)/ {
> deny all;
>}
> }
>
> location /openmeetings {
> proxy_pass http://localhost:5080/openmeetings;
>
> proxy_set_header Host $host;
> proxy_http_version 1.1;
> proxy_set_header
Re: Openmeetings, kurento and TURN behind NAT
Please take your time.
I gonna describe my set up briefly .
Initial data:
External nat has address external_nat_ip
All external ports are closed except 443
>From inside allowed only http connections to ports 80, 8080, 443 and 22
Openmeetings runs in docker, I use docker-compose with the following
docker-compose.yml:
version: '3.7'
services:
openmeetings:
image: apache/openmeetings:min-5.0.0-M3
ports:
- "5080:5080"
- "5443:5443"
volumes:
- ~/openmeetings/omdata:/opt/omdata
- ~/openmeetings/logs:/opt/openmeetings/logs
environment:
- OM_KURENTO_WS_URL=ws://kurento:/kurento
- TURN_USER=kurento
- TURN_PASS=kurento
- TURN_URL=external_nat_ip?transport=tcp
- OM_DB_TYPE=mysql
- OM_DB_HOST=172.17.0.1
- OM_DB_PORT=3306
- OM_DB_USER=om_user
- OM_DB_PASS=om_passwd
- OM_DB_NAME=openmeetings
depends_on:
- kurento
- coturn
restart: unless-stopped
kurento:
image: kurento/kurento-media-server
ports:
- ":"
environment:
- KMS_TURN_URL=kurento:kurento@external_nat_ip?transport=tcp
restart: unless-stopped
coturn:
image: kurento/coturn-auth
ports:
- "3478:3478"
environment:
- LISTENING_PORT=3478
- REALM=kurento.org
- USER=kurento
- PASSWORD=kurento
restart: unless-stopped
I use sslh https://github.com/yrutschle/sslh to connect do different
services behind nat with the following configuration:
verbose: true
timeout: 18000;
listen:
(
{ host: "internal_nat_ip"; port: "443"; }
);
protocols:
(
# ssh:
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22";
probe: "builtin"; },
# openvpn:
{ name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
# nginx:
{ name: "ssl"; host: "localhost"; port: "2443"; probe: "builtin";
log_level: 0;},
# coturn:
{ name: "regex"; host: "localhost"; port: "3478"; regex_patterns:
[ "\x21\x12\xa4\x42" ]; }
);
transparent: true;
And nginx configuration (there are another services, I left only
openmeetings and kurento (do I really need to have kurento websocket
outside nat?))
server {
listen 2443 ssl http2;
listen [::]:2443 ssl http2;
server_name localhost;
autoindex on;
root /srv/http/;
index index.php index.html index.htm;
#ssl_certificate /etc/httpd/conf/server.crt;
#ssl_certificate_key /etc/httpd/conf/server.key;
include conf/001-certbot.conf;
#ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1; #TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_indexindex.php;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
include fastcgi.conf;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# User directories, e.g. http://example.com/~user/ :
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
auth_pam "Restricted Zone";
auth_pam_service_name "nginx";
}
# Deny static files
location ~ ^/(README|LICENSE|ChangeLog|DCO)$ {
deny all;
}
# Deny .md files
location ~ ^/(.+\.md)$ {
deny all;
}
# Deny setup directories
location ~ ^/(doc|sql|setup)/ {
deny all;
}
}
location /openmeetings {
proxy_pass http://localhost:5080/openmeetings;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer 'https://$host/openmeetings/';
proxy_set_header X-Real-IP $remote_addr;
}
location /kurento {
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
# redirect all HTTP traffic to localhost:8088;
proxy_pass http://0.0.0.0:/kurento;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header Host $http_host;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-NginX-Proxy true;
# enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 9;
}
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
}
On Mon, Mar 16, 2020 at 1:39 PM
Re: Openmeetings, kurento and TURN behind NAT
Hello Yarema, sorry for keeping silence I'll try to investigate this config later this week To much day time job right now :( Please share your further findings here if any :) On Mon, 16 Mar 2020 at 09:04, YUP wrote: > > Maxim, > I was also managed to install coturn on external server which listen > on port 443. Kurento connects to this port (via TURN_URL, > TURN_USER,TURN_PASS), I can see it in logs. I see in logs that > openmeetings connects to kurento. But I don't understand why all my > construction not working as needed? I still can't make settings test, > record and play sample, two users can't see each other videos from > cameras. > Here I should to see to find the solution? > > On Sun, Mar 15, 2020 at 7:23 PM YUP wrote: > > > > I was able to connect to kurento websocket which is proxified by > > nginx, the solution was very simple, put wss instead of https, > > probably for some reasons openmeetings needs to have ws or wss in the > > input url: > > - OM_KURENTO_WS_URL=wss://external_server_ip_address/kurento > > But it is not solved the issue with recording audio/video in test and > > different users. > > > > On Sun, Mar 15, 2020 at 10:16 AM YUP wrote: > > > > > > No, it is not a reason, checked. > > > > > > On Sun, Mar 15, 2020 at 10:10 AM YUP wrote: > > > > > > > > Server has self-signed certificate, can it be a reason? > > > > > > > > On Sun, Mar 15, 2020 at 9:38 AM YUP wrote: > > > > > > > > > > Just to inform you, I made proxified kurento websocket in nginx and I > > > > > can connect to it: > > > > > $ wscat -n --connect https://external_server_ip_address/kurento > > > > > (node:24082) [DEP0123] DeprecationWarning: Setting the TLS ServerName > > > > > to an IP address is not permitted by RFC 6066. This will be ignored in > > > > > a future version. > > > > > Connected (press CTRL+C to quit) > > > > > > > > > > > > > > > > I set > > > > > - OM_KURENTO_WS_URL=https://external_server_ip_address/kurento > > > > > but got > > > > > o.a.o.c.r.KurentoHandler:124 [pool-1-thread-1] - Fail to create > > > > > Kurento client, will re-try in 1 ms > > > > > > > > > > > > > > > > > > > > On Sun, Mar 15, 2020 at 8:56 AM YUP wrote: > > > > > > > > > > > > Can we just proxify kurento websocket? Something like this > > > > > > https://gist.github.com/steve-ng/ed6de1fa702ef70bd6ce ? > > > > > > > > > > > > On Sun, Mar 15, 2020 at 8:41 AM Maxim Solodovnik > > > > > > wrote: > > > > > > > > > > > > > > It seems I misread your previous email "all ports except 443, 80, > > > > > > > 8080 and 22." > > > > > > > I'm afraid you need more open ports ... > > > > > > > > > > > > > > I'm not sure but I would investigate if KMS/TURN URLs can be set > > > > > > > up > > > > > > > for context i.e. > > > > > > > yourserver:4278/turn, yourserver:/kms in this case you can > > > > > > > proxy them > > > > > > > > > > > > > > On Sun, 15 Mar 2020 at 14:32, YUP wrote: > > > > > > > > > > > > > > > > It nothing changes, only 443 is open to the world. > > > > > > > > > > > > > > > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > Maybe you can set up KMS to use 8080? > > > > > > > > > TURN requires more open port to handle "totally closed" > > > > > > > > > networks ... > > > > > > > > > > > > > > > > > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > > > > > > > > > > > > > > > > > It seems to me that I found what is happening. Firewall > > > > > > > > > > blocks all non > > > > > > > > > > http requests out to all ports except 443, 80, 8080 and 22. > > > > > > > > > > That is > > > > > > > > > > why I don't have connection to outside turn ans stun > > > > > > > > > > servers. Is it > > > > > > > > > > possible to connect to those server in such conditions? > > > > > > > > > > Tunnels? > > > > > > > > > > > > > > > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > Hello all, > > > > > > > > > > > Could someone help me with configuration of my OM setup? > > > > > > > > > > > Any help will > > > > > > > > > > > be greatly appreciated. > > > > > > > > > > > I have a server which is for several reasons behind NAT, > > > > > > > > > > > only 443 port > > > > > > > > > > > is open. There is sslh balancer, which redirect external > > > > > > > > > > > traffic to > > > > > > > > > > > different targets: nginx, openvpn, etc. Openmeetings > > > > > > > > > > > 5.0.0-M3 minimal > > > > > > > > > > > installed in container behind nginx proxy and works well, > > > > > > > > > > > except audio > > > > > > > > > > > and video. When I perform setup check after logged in > > > > > > > > > > > (video camera > > > > > > > > > > > and microphone) I can see myself in camera and can also > > > > > > > > > > > see increasing > > > > > > > > > > > and decreasing green line, which indicate microphone > > > > > > > > > > > level, but I > > > > > > > > > > > can't save and replay the
Re: Openmeetings, kurento and TURN behind NAT
Maxim, I was also managed to install coturn on external server which listen on port 443. Kurento connects to this port (via TURN_URL, TURN_USER,TURN_PASS), I can see it in logs. I see in logs that openmeetings connects to kurento. But I don't understand why all my construction not working as needed? I still can't make settings test, record and play sample, two users can't see each other videos from cameras. Here I should to see to find the solution? On Sun, Mar 15, 2020 at 7:23 PM YUP wrote: > > I was able to connect to kurento websocket which is proxified by > nginx, the solution was very simple, put wss instead of https, > probably for some reasons openmeetings needs to have ws or wss in the > input url: > - OM_KURENTO_WS_URL=wss://external_server_ip_address/kurento > But it is not solved the issue with recording audio/video in test and > different users. > > On Sun, Mar 15, 2020 at 10:16 AM YUP wrote: > > > > No, it is not a reason, checked. > > > > On Sun, Mar 15, 2020 at 10:10 AM YUP wrote: > > > > > > Server has self-signed certificate, can it be a reason? > > > > > > On Sun, Mar 15, 2020 at 9:38 AM YUP wrote: > > > > > > > > Just to inform you, I made proxified kurento websocket in nginx and I > > > > can connect to it: > > > > $ wscat -n --connect https://external_server_ip_address/kurento > > > > (node:24082) [DEP0123] DeprecationWarning: Setting the TLS ServerName > > > > to an IP address is not permitted by RFC 6066. This will be ignored in > > > > a future version. > > > > Connected (press CTRL+C to quit) > > > > > > > > > > > > > I set > > > > - OM_KURENTO_WS_URL=https://external_server_ip_address/kurento > > > > but got > > > > o.a.o.c.r.KurentoHandler:124 [pool-1-thread-1] - Fail to create > > > > Kurento client, will re-try in 1 ms > > > > > > > > > > > > > > > > On Sun, Mar 15, 2020 at 8:56 AM YUP wrote: > > > > > > > > > > Can we just proxify kurento websocket? Something like this > > > > > https://gist.github.com/steve-ng/ed6de1fa702ef70bd6ce ? > > > > > > > > > > On Sun, Mar 15, 2020 at 8:41 AM Maxim Solodovnik > > > > > wrote: > > > > > > > > > > > > It seems I misread your previous email "all ports except 443, 80, > > > > > > 8080 and 22." > > > > > > I'm afraid you need more open ports ... > > > > > > > > > > > > I'm not sure but I would investigate if KMS/TURN URLs can be set up > > > > > > for context i.e. > > > > > > yourserver:4278/turn, yourserver:/kms in this case you can > > > > > > proxy them > > > > > > > > > > > > On Sun, 15 Mar 2020 at 14:32, YUP wrote: > > > > > > > > > > > > > > It nothing changes, only 443 is open to the world. > > > > > > > > > > > > > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik > > > > > > > wrote: > > > > > > > > > > > > > > > > Maybe you can set up KMS to use 8080? > > > > > > > > TURN requires more open port to handle "totally closed" > > > > > > > > networks ... > > > > > > > > > > > > > > > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > > > > > > > > > > > > > > > It seems to me that I found what is happening. Firewall > > > > > > > > > blocks all non > > > > > > > > > http requests out to all ports except 443, 80, 8080 and 22. > > > > > > > > > That is > > > > > > > > > why I don't have connection to outside turn ans stun servers. > > > > > > > > > Is it > > > > > > > > > possible to connect to those server in such conditions? > > > > > > > > > Tunnels? > > > > > > > > > > > > > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > Hello all, > > > > > > > > > > Could someone help me with configuration of my OM setup? > > > > > > > > > > Any help will > > > > > > > > > > be greatly appreciated. > > > > > > > > > > I have a server which is for several reasons behind NAT, > > > > > > > > > > only 443 port > > > > > > > > > > is open. There is sslh balancer, which redirect external > > > > > > > > > > traffic to > > > > > > > > > > different targets: nginx, openvpn, etc. Openmeetings > > > > > > > > > > 5.0.0-M3 minimal > > > > > > > > > > installed in container behind nginx proxy and works well, > > > > > > > > > > except audio > > > > > > > > > > and video. When I perform setup check after logged in > > > > > > > > > > (video camera > > > > > > > > > > and microphone) I can see myself in camera and can also see > > > > > > > > > > increasing > > > > > > > > > > and decreasing green line, which indicate microphone level, > > > > > > > > > > but I > > > > > > > > > > can't save and replay the testing record. As far I > > > > > > > > > > understand the > > > > > > > > > > problem is in NAT, so I had to use kurento server with TURN > > > > > > > > > > server. I > > > > > > > > > > did that by adding the environment variables for kurento > > > > > > > > > > server in > > > > > > > > > > docker container with the corresponding data for > > > > > > > > > > turn.anyfirewall.com: > > > > > > > > > > > > > > > > > > > > -
Re: Openmeetings, kurento and TURN behind NAT
I was able to connect to kurento websocket which is proxified by nginx, the solution was very simple, put wss instead of https, probably for some reasons openmeetings needs to have ws or wss in the input url: - OM_KURENTO_WS_URL=wss://external_server_ip_address/kurento But it is not solved the issue with recording audio/video in test and different users. On Sun, Mar 15, 2020 at 10:16 AM YUP wrote: > > No, it is not a reason, checked. > > On Sun, Mar 15, 2020 at 10:10 AM YUP wrote: > > > > Server has self-signed certificate, can it be a reason? > > > > On Sun, Mar 15, 2020 at 9:38 AM YUP wrote: > > > > > > Just to inform you, I made proxified kurento websocket in nginx and I > > > can connect to it: > > > $ wscat -n --connect https://external_server_ip_address/kurento > > > (node:24082) [DEP0123] DeprecationWarning: Setting the TLS ServerName > > > to an IP address is not permitted by RFC 6066. This will be ignored in > > > a future version. > > > Connected (press CTRL+C to quit) > > > > > > > > > > I set > > > - OM_KURENTO_WS_URL=https://external_server_ip_address/kurento > > > but got > > > o.a.o.c.r.KurentoHandler:124 [pool-1-thread-1] - Fail to create > > > Kurento client, will re-try in 1 ms > > > > > > > > > > > > On Sun, Mar 15, 2020 at 8:56 AM YUP wrote: > > > > > > > > Can we just proxify kurento websocket? Something like this > > > > https://gist.github.com/steve-ng/ed6de1fa702ef70bd6ce ? > > > > > > > > On Sun, Mar 15, 2020 at 8:41 AM Maxim Solodovnik > > > > wrote: > > > > > > > > > > It seems I misread your previous email "all ports except 443, 80, > > > > > 8080 and 22." > > > > > I'm afraid you need more open ports ... > > > > > > > > > > I'm not sure but I would investigate if KMS/TURN URLs can be set up > > > > > for context i.e. > > > > > yourserver:4278/turn, yourserver:/kms in this case you can proxy > > > > > them > > > > > > > > > > On Sun, 15 Mar 2020 at 14:32, YUP wrote: > > > > > > > > > > > > It nothing changes, only 443 is open to the world. > > > > > > > > > > > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik > > > > > > wrote: > > > > > > > > > > > > > > Maybe you can set up KMS to use 8080? > > > > > > > TURN requires more open port to handle "totally closed" networks > > > > > > > ... > > > > > > > > > > > > > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > > > > > > > > > > > > > It seems to me that I found what is happening. Firewall blocks > > > > > > > > all non > > > > > > > > http requests out to all ports except 443, 80, 8080 and 22. > > > > > > > > That is > > > > > > > > why I don't have connection to outside turn ans stun servers. > > > > > > > > Is it > > > > > > > > possible to connect to those server in such conditions? Tunnels? > > > > > > > > > > > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > > > > > > > > > > > > > > > > > Hello all, > > > > > > > > > Could someone help me with configuration of my OM setup? Any > > > > > > > > > help will > > > > > > > > > be greatly appreciated. > > > > > > > > > I have a server which is for several reasons behind NAT, only > > > > > > > > > 443 port > > > > > > > > > is open. There is sslh balancer, which redirect external > > > > > > > > > traffic to > > > > > > > > > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 > > > > > > > > > minimal > > > > > > > > > installed in container behind nginx proxy and works well, > > > > > > > > > except audio > > > > > > > > > and video. When I perform setup check after logged in (video > > > > > > > > > camera > > > > > > > > > and microphone) I can see myself in camera and can also see > > > > > > > > > increasing > > > > > > > > > and decreasing green line, which indicate microphone level, > > > > > > > > > but I > > > > > > > > > can't save and replay the testing record. As far I understand > > > > > > > > > the > > > > > > > > > problem is in NAT, so I had to use kurento server with TURN > > > > > > > > > server. I > > > > > > > > > did that by adding the environment variables for kurento > > > > > > > > > server in > > > > > > > > > docker container with the corresponding data for > > > > > > > > > turn.anyfirewall.com: > > > > > > > > > > > > > > > > > > - KMS_STUN_IP=130.211.143.110 > > > > > > > > > - KMS_STUN_PORT=443 > > > > > > > > > - > > > > > > > > > KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > > > > > > > > > and the same for openmeetings docker container: > > > > > > > > > > > > > > > > > > - TURN_USER=webrtc > > > > > > > > > - TURN_PASS=webrtc > > > > > > > > > - TURN_URL=130.211.143.110:443?transport=tcp > > > > > > > > > > > > > > > > > > After restarting it allowed me immediately to perform network > > > > > > > > > test > > > > > > > > > (except ip ping), but not resolved the issue with camera and > > > > > > > > > microphone. > > > > > > > > > When I connect to OM server with help of vpn (so I and OM > > > > > > > > > server are > > > > > > > > >
Re: Openmeetings, kurento and TURN behind NAT
No, it is not a reason, checked. On Sun, Mar 15, 2020 at 10:10 AM YUP wrote: > > Server has self-signed certificate, can it be a reason? > > On Sun, Mar 15, 2020 at 9:38 AM YUP wrote: > > > > Just to inform you, I made proxified kurento websocket in nginx and I > > can connect to it: > > $ wscat -n --connect https://external_server_ip_address/kurento > > (node:24082) [DEP0123] DeprecationWarning: Setting the TLS ServerName > > to an IP address is not permitted by RFC 6066. This will be ignored in > > a future version. > > Connected (press CTRL+C to quit) > > > > > > > I set > > - OM_KURENTO_WS_URL=https://external_server_ip_address/kurento > > but got > > o.a.o.c.r.KurentoHandler:124 [pool-1-thread-1] - Fail to create > > Kurento client, will re-try in 1 ms > > > > > > > > On Sun, Mar 15, 2020 at 8:56 AM YUP wrote: > > > > > > Can we just proxify kurento websocket? Something like this > > > https://gist.github.com/steve-ng/ed6de1fa702ef70bd6ce ? > > > > > > On Sun, Mar 15, 2020 at 8:41 AM Maxim Solodovnik > > > wrote: > > > > > > > > It seems I misread your previous email "all ports except 443, 80, 8080 > > > > and 22." > > > > I'm afraid you need more open ports ... > > > > > > > > I'm not sure but I would investigate if KMS/TURN URLs can be set up > > > > for context i.e. > > > > yourserver:4278/turn, yourserver:/kms in this case you can proxy > > > > them > > > > > > > > On Sun, 15 Mar 2020 at 14:32, YUP wrote: > > > > > > > > > > It nothing changes, only 443 is open to the world. > > > > > > > > > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik > > > > > wrote: > > > > > > > > > > > > Maybe you can set up KMS to use 8080? > > > > > > TURN requires more open port to handle "totally closed" networks ... > > > > > > > > > > > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > > > > > > > > > > > It seems to me that I found what is happening. Firewall blocks > > > > > > > all non > > > > > > > http requests out to all ports except 443, 80, 8080 and 22. That > > > > > > > is > > > > > > > why I don't have connection to outside turn ans stun servers. Is > > > > > > > it > > > > > > > possible to connect to those server in such conditions? Tunnels? > > > > > > > > > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > > > > > > > > > > > > > > > Hello all, > > > > > > > > Could someone help me with configuration of my OM setup? Any > > > > > > > > help will > > > > > > > > be greatly appreciated. > > > > > > > > I have a server which is for several reasons behind NAT, only > > > > > > > > 443 port > > > > > > > > is open. There is sslh balancer, which redirect external > > > > > > > > traffic to > > > > > > > > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 > > > > > > > > minimal > > > > > > > > installed in container behind nginx proxy and works well, > > > > > > > > except audio > > > > > > > > and video. When I perform setup check after logged in (video > > > > > > > > camera > > > > > > > > and microphone) I can see myself in camera and can also see > > > > > > > > increasing > > > > > > > > and decreasing green line, which indicate microphone level, but > > > > > > > > I > > > > > > > > can't save and replay the testing record. As far I understand > > > > > > > > the > > > > > > > > problem is in NAT, so I had to use kurento server with TURN > > > > > > > > server. I > > > > > > > > did that by adding the environment variables for kurento server > > > > > > > > in > > > > > > > > docker container with the corresponding data for > > > > > > > > turn.anyfirewall.com: > > > > > > > > > > > > > > > > - KMS_STUN_IP=130.211.143.110 > > > > > > > > - KMS_STUN_PORT=443 > > > > > > > > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > > > > > > > > and the same for openmeetings docker container: > > > > > > > > > > > > > > > > - TURN_USER=webrtc > > > > > > > > - TURN_PASS=webrtc > > > > > > > > - TURN_URL=130.211.143.110:443?transport=tcp > > > > > > > > > > > > > > > > After restarting it allowed me immediately to perform network > > > > > > > > test > > > > > > > > (except ip ping), but not resolved the issue with camera and > > > > > > > > microphone. > > > > > > > > When I connect to OM server with help of vpn (so I and OM > > > > > > > > server are > > > > > > > > in the same network) everything works as needed. I can save and > > > > > > > > replay > > > > > > > > video, I can hear myself, two OM users connected by vpn to OM > > > > > > > > server > > > > > > > > can talk to each other, etc. But it is not an option use vpn > > > > > > > > connection... > > > > > > > > I spent two days to find what I did wrong. I tried another TURN > > > > > > > > and > > > > > > > > STUN servers, different type of configurations and so on, > > > > > > > > nothing > > > > > > > > helped. > > > > > > > > > > > > > > > > Regards, > > > > > > > > Yarema > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > WBR
Re: Openmeetings, kurento and TURN behind NAT
Server has self-signed certificate, can it be a reason? On Sun, Mar 15, 2020 at 9:38 AM YUP wrote: > > Just to inform you, I made proxified kurento websocket in nginx and I > can connect to it: > $ wscat -n --connect https://external_server_ip_address/kurento > (node:24082) [DEP0123] DeprecationWarning: Setting the TLS ServerName > to an IP address is not permitted by RFC 6066. This will be ignored in > a future version. > Connected (press CTRL+C to quit) > > > > I set > - OM_KURENTO_WS_URL=https://external_server_ip_address/kurento > but got > o.a.o.c.r.KurentoHandler:124 [pool-1-thread-1] - Fail to create > Kurento client, will re-try in 1 ms > > > > On Sun, Mar 15, 2020 at 8:56 AM YUP wrote: > > > > Can we just proxify kurento websocket? Something like this > > https://gist.github.com/steve-ng/ed6de1fa702ef70bd6ce ? > > > > On Sun, Mar 15, 2020 at 8:41 AM Maxim Solodovnik > > wrote: > > > > > > It seems I misread your previous email "all ports except 443, 80, 8080 > > > and 22." > > > I'm afraid you need more open ports ... > > > > > > I'm not sure but I would investigate if KMS/TURN URLs can be set up > > > for context i.e. > > > yourserver:4278/turn, yourserver:/kms in this case you can proxy them > > > > > > > > > On Sun, 15 Mar 2020 at 14:32, YUP wrote: > > > > > > > > It nothing changes, only 443 is open to the world. > > > > > > > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik > > > > wrote: > > > > > > > > > > Maybe you can set up KMS to use 8080? > > > > > TURN requires more open port to handle "totally closed" networks ... > > > > > > > > > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > > > > > > > > > It seems to me that I found what is happening. Firewall blocks all > > > > > > non > > > > > > http requests out to all ports except 443, 80, 8080 and 22. That is > > > > > > why I don't have connection to outside turn ans stun servers. Is it > > > > > > possible to connect to those server in such conditions? Tunnels? > > > > > > > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > > > > > > > > > > > > > Hello all, > > > > > > > Could someone help me with configuration of my OM setup? Any help > > > > > > > will > > > > > > > be greatly appreciated. > > > > > > > I have a server which is for several reasons behind NAT, only 443 > > > > > > > port > > > > > > > is open. There is sslh balancer, which redirect external traffic > > > > > > > to > > > > > > > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 > > > > > > > minimal > > > > > > > installed in container behind nginx proxy and works well, except > > > > > > > audio > > > > > > > and video. When I perform setup check after logged in (video > > > > > > > camera > > > > > > > and microphone) I can see myself in camera and can also see > > > > > > > increasing > > > > > > > and decreasing green line, which indicate microphone level, but I > > > > > > > can't save and replay the testing record. As far I understand the > > > > > > > problem is in NAT, so I had to use kurento server with TURN > > > > > > > server. I > > > > > > > did that by adding the environment variables for kurento server in > > > > > > > docker container with the corresponding data for > > > > > > > turn.anyfirewall.com: > > > > > > > > > > > > > > - KMS_STUN_IP=130.211.143.110 > > > > > > > - KMS_STUN_PORT=443 > > > > > > > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > > > > > > > and the same for openmeetings docker container: > > > > > > > > > > > > > > - TURN_USER=webrtc > > > > > > > - TURN_PASS=webrtc > > > > > > > - TURN_URL=130.211.143.110:443?transport=tcp > > > > > > > > > > > > > > After restarting it allowed me immediately to perform network test > > > > > > > (except ip ping), but not resolved the issue with camera and > > > > > > > microphone. > > > > > > > When I connect to OM server with help of vpn (so I and OM server > > > > > > > are > > > > > > > in the same network) everything works as needed. I can save and > > > > > > > replay > > > > > > > video, I can hear myself, two OM users connected by vpn to OM > > > > > > > server > > > > > > > can talk to each other, etc. But it is not an option use vpn > > > > > > > connection... > > > > > > > I spent two days to find what I did wrong. I tried another TURN > > > > > > > and > > > > > > > STUN servers, different type of configurations and so on, nothing > > > > > > > helped. > > > > > > > > > > > > > > Regards, > > > > > > > Yarema > > > > > > > > > > > > > > > > > > > > -- > > > > > WBR > > > > > Maxim aka solomax > > > > > > > > > > > > -- > > > WBR > > > Maxim aka solomax
Re: Openmeetings, kurento and TURN behind NAT
Just to inform you, I made proxified kurento websocket in nginx and I can connect to it: $ wscat -n --connect https://external_server_ip_address/kurento (node:24082) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version. Connected (press CTRL+C to quit) > I set - OM_KURENTO_WS_URL=https://external_server_ip_address/kurento but got o.a.o.c.r.KurentoHandler:124 [pool-1-thread-1] - Fail to create Kurento client, will re-try in 1 ms On Sun, Mar 15, 2020 at 8:56 AM YUP wrote: > > Can we just proxify kurento websocket? Something like this > https://gist.github.com/steve-ng/ed6de1fa702ef70bd6ce ? > > On Sun, Mar 15, 2020 at 8:41 AM Maxim Solodovnik wrote: > > > > It seems I misread your previous email "all ports except 443, 80, 8080 and > > 22." > > I'm afraid you need more open ports ... > > > > I'm not sure but I would investigate if KMS/TURN URLs can be set up > > for context i.e. > > yourserver:4278/turn, yourserver:/kms in this case you can proxy them > > > > > > On Sun, 15 Mar 2020 at 14:32, YUP wrote: > > > > > > It nothing changes, only 443 is open to the world. > > > > > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik > > > wrote: > > > > > > > > Maybe you can set up KMS to use 8080? > > > > TURN requires more open port to handle "totally closed" networks ... > > > > > > > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > > > > > > > It seems to me that I found what is happening. Firewall blocks all non > > > > > http requests out to all ports except 443, 80, 8080 and 22. That is > > > > > why I don't have connection to outside turn ans stun servers. Is it > > > > > possible to connect to those server in such conditions? Tunnels? > > > > > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > > > > > > > > > > > Hello all, > > > > > > Could someone help me with configuration of my OM setup? Any help > > > > > > will > > > > > > be greatly appreciated. > > > > > > I have a server which is for several reasons behind NAT, only 443 > > > > > > port > > > > > > is open. There is sslh balancer, which redirect external traffic to > > > > > > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 > > > > > > minimal > > > > > > installed in container behind nginx proxy and works well, except > > > > > > audio > > > > > > and video. When I perform setup check after logged in (video camera > > > > > > and microphone) I can see myself in camera and can also see > > > > > > increasing > > > > > > and decreasing green line, which indicate microphone level, but I > > > > > > can't save and replay the testing record. As far I understand the > > > > > > problem is in NAT, so I had to use kurento server with TURN server. > > > > > > I > > > > > > did that by adding the environment variables for kurento server in > > > > > > docker container with the corresponding data for > > > > > > turn.anyfirewall.com: > > > > > > > > > > > > - KMS_STUN_IP=130.211.143.110 > > > > > > - KMS_STUN_PORT=443 > > > > > > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > > > > > > and the same for openmeetings docker container: > > > > > > > > > > > > - TURN_USER=webrtc > > > > > > - TURN_PASS=webrtc > > > > > > - TURN_URL=130.211.143.110:443?transport=tcp > > > > > > > > > > > > After restarting it allowed me immediately to perform network test > > > > > > (except ip ping), but not resolved the issue with camera and > > > > > > microphone. > > > > > > When I connect to OM server with help of vpn (so I and OM server are > > > > > > in the same network) everything works as needed. I can save and > > > > > > replay > > > > > > video, I can hear myself, two OM users connected by vpn to OM server > > > > > > can talk to each other, etc. But it is not an option use vpn > > > > > > connection... > > > > > > I spent two days to find what I did wrong. I tried another TURN and > > > > > > STUN servers, different type of configurations and so on, nothing > > > > > > helped. > > > > > > > > > > > > Regards, > > > > > > Yarema > > > > > > > > > > > > > > > > -- > > > > WBR > > > > Maxim aka solomax > > > > > > > > -- > > WBR > > Maxim aka solomax
Re: Openmeetings, kurento and TURN behind NAT
Can we just proxify kurento websocket? Something like this https://gist.github.com/steve-ng/ed6de1fa702ef70bd6ce ? On Sun, Mar 15, 2020 at 8:41 AM Maxim Solodovnik wrote: > > It seems I misread your previous email "all ports except 443, 80, 8080 and > 22." > I'm afraid you need more open ports ... > > I'm not sure but I would investigate if KMS/TURN URLs can be set up > for context i.e. > yourserver:4278/turn, yourserver:/kms in this case you can proxy them > > On Sun, 15 Mar 2020 at 14:32, YUP wrote: > > > > It nothing changes, only 443 is open to the world. > > > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik > > wrote: > > > > > > Maybe you can set up KMS to use 8080? > > > TURN requires more open port to handle "totally closed" networks ... > > > > > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > > > > > It seems to me that I found what is happening. Firewall blocks all non > > > > http requests out to all ports except 443, 80, 8080 and 22. That is > > > > why I don't have connection to outside turn ans stun servers. Is it > > > > possible to connect to those server in such conditions? Tunnels? > > > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > > > > > > > > > Hello all, > > > > > Could someone help me with configuration of my OM setup? Any help will > > > > > be greatly appreciated. > > > > > I have a server which is for several reasons behind NAT, only 443 port > > > > > is open. There is sslh balancer, which redirect external traffic to > > > > > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 minimal > > > > > installed in container behind nginx proxy and works well, except audio > > > > > and video. When I perform setup check after logged in (video camera > > > > > and microphone) I can see myself in camera and can also see increasing > > > > > and decreasing green line, which indicate microphone level, but I > > > > > can't save and replay the testing record. As far I understand the > > > > > problem is in NAT, so I had to use kurento server with TURN server. I > > > > > did that by adding the environment variables for kurento server in > > > > > docker container with the corresponding data for turn.anyfirewall.com: > > > > > > > > > > - KMS_STUN_IP=130.211.143.110 > > > > > - KMS_STUN_PORT=443 > > > > > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > > > > > and the same for openmeetings docker container: > > > > > > > > > > - TURN_USER=webrtc > > > > > - TURN_PASS=webrtc > > > > > - TURN_URL=130.211.143.110:443?transport=tcp > > > > > > > > > > After restarting it allowed me immediately to perform network test > > > > > (except ip ping), but not resolved the issue with camera and > > > > > microphone. > > > > > When I connect to OM server with help of vpn (so I and OM server are > > > > > in the same network) everything works as needed. I can save and replay > > > > > video, I can hear myself, two OM users connected by vpn to OM server > > > > > can talk to each other, etc. But it is not an option use vpn > > > > > connection... > > > > > I spent two days to find what I did wrong. I tried another TURN and > > > > > STUN servers, different type of configurations and so on, nothing > > > > > helped. > > > > > > > > > > Regards, > > > > > Yarema > > > > > > > > > > > > -- > > > WBR > > > Maxim aka solomax > > > > -- > WBR > Maxim aka solomax
Re: Openmeetings, kurento and TURN behind NAT
It seems I misread your previous email "all ports except 443, 80, 8080 and 22." I'm afraid you need more open ports ... I'm not sure but I would investigate if KMS/TURN URLs can be set up for context i.e. yourserver:4278/turn, yourserver:/kms in this case you can proxy them On Sun, 15 Mar 2020 at 14:32, YUP wrote: > > It nothing changes, only 443 is open to the world. > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik wrote: > > > > Maybe you can set up KMS to use 8080? > > TURN requires more open port to handle "totally closed" networks ... > > > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > > > It seems to me that I found what is happening. Firewall blocks all non > > > http requests out to all ports except 443, 80, 8080 and 22. That is > > > why I don't have connection to outside turn ans stun servers. Is it > > > possible to connect to those server in such conditions? Tunnels? > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > > > > > > > Hello all, > > > > Could someone help me with configuration of my OM setup? Any help will > > > > be greatly appreciated. > > > > I have a server which is for several reasons behind NAT, only 443 port > > > > is open. There is sslh balancer, which redirect external traffic to > > > > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 minimal > > > > installed in container behind nginx proxy and works well, except audio > > > > and video. When I perform setup check after logged in (video camera > > > > and microphone) I can see myself in camera and can also see increasing > > > > and decreasing green line, which indicate microphone level, but I > > > > can't save and replay the testing record. As far I understand the > > > > problem is in NAT, so I had to use kurento server with TURN server. I > > > > did that by adding the environment variables for kurento server in > > > > docker container with the corresponding data for turn.anyfirewall.com: > > > > > > > > - KMS_STUN_IP=130.211.143.110 > > > > - KMS_STUN_PORT=443 > > > > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > > > > and the same for openmeetings docker container: > > > > > > > > - TURN_USER=webrtc > > > > - TURN_PASS=webrtc > > > > - TURN_URL=130.211.143.110:443?transport=tcp > > > > > > > > After restarting it allowed me immediately to perform network test > > > > (except ip ping), but not resolved the issue with camera and > > > > microphone. > > > > When I connect to OM server with help of vpn (so I and OM server are > > > > in the same network) everything works as needed. I can save and replay > > > > video, I can hear myself, two OM users connected by vpn to OM server > > > > can talk to each other, etc. But it is not an option use vpn > > > > connection... > > > > I spent two days to find what I did wrong. I tried another TURN and > > > > STUN servers, different type of configurations and so on, nothing > > > > helped. > > > > > > > > Regards, > > > > Yarema > > > > > > > > -- > > WBR > > Maxim aka solomax -- WBR Maxim aka solomax
Re: Openmeetings, kurento and TURN behind NAT
It nothing changes, only 443 is open to the world. On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik wrote: > > Maybe you can set up KMS to use 8080? > TURN requires more open port to handle "totally closed" networks ... > > On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > > > It seems to me that I found what is happening. Firewall blocks all non > > http requests out to all ports except 443, 80, 8080 and 22. That is > > why I don't have connection to outside turn ans stun servers. Is it > > possible to connect to those server in such conditions? Tunnels? > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > > > > > Hello all, > > > Could someone help me with configuration of my OM setup? Any help will > > > be greatly appreciated. > > > I have a server which is for several reasons behind NAT, only 443 port > > > is open. There is sslh balancer, which redirect external traffic to > > > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 minimal > > > installed in container behind nginx proxy and works well, except audio > > > and video. When I perform setup check after logged in (video camera > > > and microphone) I can see myself in camera and can also see increasing > > > and decreasing green line, which indicate microphone level, but I > > > can't save and replay the testing record. As far I understand the > > > problem is in NAT, so I had to use kurento server with TURN server. I > > > did that by adding the environment variables for kurento server in > > > docker container with the corresponding data for turn.anyfirewall.com: > > > > > > - KMS_STUN_IP=130.211.143.110 > > > - KMS_STUN_PORT=443 > > > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > > > and the same for openmeetings docker container: > > > > > > - TURN_USER=webrtc > > > - TURN_PASS=webrtc > > > - TURN_URL=130.211.143.110:443?transport=tcp > > > > > > After restarting it allowed me immediately to perform network test > > > (except ip ping), but not resolved the issue with camera and > > > microphone. > > > When I connect to OM server with help of vpn (so I and OM server are > > > in the same network) everything works as needed. I can save and replay > > > video, I can hear myself, two OM users connected by vpn to OM server > > > can talk to each other, etc. But it is not an option use vpn > > > connection... > > > I spent two days to find what I did wrong. I tried another TURN and > > > STUN servers, different type of configurations and so on, nothing > > > helped. > > > > > > Regards, > > > Yarema > > > > -- > WBR > Maxim aka solomax
Re: Openmeetings, kurento and TURN behind NAT
Maybe you can set up KMS to use 8080? TURN requires more open port to handle "totally closed" networks ... On Sun, 15 Mar 2020 at 14:18, YUP wrote: > > It seems to me that I found what is happening. Firewall blocks all non > http requests out to all ports except 443, 80, 8080 and 22. That is > why I don't have connection to outside turn ans stun servers. Is it > possible to connect to those server in such conditions? Tunnels? > > On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > > > Hello all, > > Could someone help me with configuration of my OM setup? Any help will > > be greatly appreciated. > > I have a server which is for several reasons behind NAT, only 443 port > > is open. There is sslh balancer, which redirect external traffic to > > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 minimal > > installed in container behind nginx proxy and works well, except audio > > and video. When I perform setup check after logged in (video camera > > and microphone) I can see myself in camera and can also see increasing > > and decreasing green line, which indicate microphone level, but I > > can't save and replay the testing record. As far I understand the > > problem is in NAT, so I had to use kurento server with TURN server. I > > did that by adding the environment variables for kurento server in > > docker container with the corresponding data for turn.anyfirewall.com: > > > > - KMS_STUN_IP=130.211.143.110 > > - KMS_STUN_PORT=443 > > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > > and the same for openmeetings docker container: > > > > - TURN_USER=webrtc > > - TURN_PASS=webrtc > > - TURN_URL=130.211.143.110:443?transport=tcp > > > > After restarting it allowed me immediately to perform network test > > (except ip ping), but not resolved the issue with camera and > > microphone. > > When I connect to OM server with help of vpn (so I and OM server are > > in the same network) everything works as needed. I can save and replay > > video, I can hear myself, two OM users connected by vpn to OM server > > can talk to each other, etc. But it is not an option use vpn > > connection... > > I spent two days to find what I did wrong. I tried another TURN and > > STUN servers, different type of configurations and so on, nothing > > helped. > > > > Regards, > > Yarema -- WBR Maxim aka solomax
Re: Openmeetings, kurento and TURN behind NAT
It seems to me that I found what is happening. Firewall blocks all non http requests out to all ports except 443, 80, 8080 and 22. That is why I don't have connection to outside turn ans stun servers. Is it possible to connect to those server in such conditions? Tunnels? On Fri, Mar 13, 2020 at 1:09 AM YUP wrote: > > Hello all, > Could someone help me with configuration of my OM setup? Any help will > be greatly appreciated. > I have a server which is for several reasons behind NAT, only 443 port > is open. There is sslh balancer, which redirect external traffic to > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 minimal > installed in container behind nginx proxy and works well, except audio > and video. When I perform setup check after logged in (video camera > and microphone) I can see myself in camera and can also see increasing > and decreasing green line, which indicate microphone level, but I > can't save and replay the testing record. As far I understand the > problem is in NAT, so I had to use kurento server with TURN server. I > did that by adding the environment variables for kurento server in > docker container with the corresponding data for turn.anyfirewall.com: > > - KMS_STUN_IP=130.211.143.110 > - KMS_STUN_PORT=443 > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > and the same for openmeetings docker container: > > - TURN_USER=webrtc > - TURN_PASS=webrtc > - TURN_URL=130.211.143.110:443?transport=tcp > > After restarting it allowed me immediately to perform network test > (except ip ping), but not resolved the issue with camera and > microphone. > When I connect to OM server with help of vpn (so I and OM server are > in the same network) everything works as needed. I can save and replay > video, I can hear myself, two OM users connected by vpn to OM server > can talk to each other, etc. But it is not an option use vpn > connection... > I spent two days to find what I did wrong. I tried another TURN and > STUN servers, different type of configurations and so on, nothing > helped. > > Regards, > Yarema
Re: Openmeetings, kurento and TURN behind NAT
Hello Yarema, I'm afraid you need to set-up turn server "visible to KMS" Which means 1) your KMS port should be opened OR 2) TURN server should be on the same server as KMS and TURN ports should be opened 3*) (I'm not nginx expert) maybe you can proxy TURN requests/responses, I'm not aware on such option ... On Fri, 13 Mar 2020 at 07:10, YUP wrote: > > Hello all, > Could someone help me with configuration of my OM setup? Any help will > be greatly appreciated. > I have a server which is for several reasons behind NAT, only 443 port > is open. There is sslh balancer, which redirect external traffic to > different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 minimal > installed in container behind nginx proxy and works well, except audio > and video. When I perform setup check after logged in (video camera > and microphone) I can see myself in camera and can also see increasing > and decreasing green line, which indicate microphone level, but I > can't save and replay the testing record. As far I understand the > problem is in NAT, so I had to use kurento server with TURN server. I > did that by adding the environment variables for kurento server in > docker container with the corresponding data for turn.anyfirewall.com: > > - KMS_STUN_IP=130.211.143.110 > - KMS_STUN_PORT=443 > - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp > and the same for openmeetings docker container: > > - TURN_USER=webrtc > - TURN_PASS=webrtc > - TURN_URL=130.211.143.110:443?transport=tcp > > After restarting it allowed me immediately to perform network test > (except ip ping), but not resolved the issue with camera and > microphone. > When I connect to OM server with help of vpn (so I and OM server are > in the same network) everything works as needed. I can save and replay > video, I can hear myself, two OM users connected by vpn to OM server > can talk to each other, etc. But it is not an option use vpn > connection... > I spent two days to find what I did wrong. I tried another TURN and > STUN servers, different type of configurations and so on, nothing > helped. > > Regards, > Yarema -- WBR Maxim aka solomax
Openmeetings, kurento and TURN behind NAT
Hello all, Could someone help me with configuration of my OM setup? Any help will be greatly appreciated. I have a server which is for several reasons behind NAT, only 443 port is open. There is sslh balancer, which redirect external traffic to different targets: nginx, openvpn, etc. Openmeetings 5.0.0-M3 minimal installed in container behind nginx proxy and works well, except audio and video. When I perform setup check after logged in (video camera and microphone) I can see myself in camera and can also see increasing and decreasing green line, which indicate microphone level, but I can't save and replay the testing record. As far I understand the problem is in NAT, so I had to use kurento server with TURN server. I did that by adding the environment variables for kurento server in docker container with the corresponding data for turn.anyfirewall.com: - KMS_STUN_IP=130.211.143.110 - KMS_STUN_PORT=443 - KMS_TURN_URL=webrtc:webrtc@130.211.143.110:443?transport=tcp and the same for openmeetings docker container: - TURN_USER=webrtc - TURN_PASS=webrtc - TURN_URL=130.211.143.110:443?transport=tcp After restarting it allowed me immediately to perform network test (except ip ping), but not resolved the issue with camera and microphone. When I connect to OM server with help of vpn (so I and OM server are in the same network) everything works as needed. I can save and replay video, I can hear myself, two OM users connected by vpn to OM server can talk to each other, etc. But it is not an option use vpn connection... I spent two days to find what I did wrong. I tried another TURN and STUN servers, different type of configurations and so on, nothing helped. Regards, Yarema
