I'm using use-auth-secret without user in coturn's configuration and with empty p:turnUser in OM's applicationContext.xml. I haven't tried to configure user auth through applicationContext.xml...I only tried user auth by not touching applicationContext.xml at all and by configuring it in KMS's WebRtcEndpoint.conf.ini. That way it worked but most users had trouble to prolong their sessions on turn and so had disconnects by channel-lifetime (by default 10 minutes).
Looking at https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L335 if you want to try user auth you need to set p:TurnMode="", p:TurnUser="username" and p:turnSecret="password" сб, 16 мая 2020 г. в 20:39, Juan Antonio Moreno Carmona <[email protected]>: > Hi Konstantin > > Then, what mechanism do you use? user or use-auth-secret? > > And how do you fill applicationContext.xml file. I tried to comment > use-auth-secret and static-auth-secret in turnserver.conf file. > Furthermore, I leave p:turnSecret option empty in applicationContext.xml > file. > > But then I get following error in catalina.out and I can't get > camera/audio working > > ERROR 05-16 18:57:36.864 o.a.w.DefaultExceptionMapper:170 > [-apr-443-exec-6] - Unexpected error occurred > java.lang.IllegalArgumentException: Empty key > > Regards. > El 16/5/20 a las 16:22, Konstantin Kuzov escribió: > > Hi there, I have a few suggestions about tutorials. > > 1) I don't really understand the purpose for setting both user and > use-auth-secret in coturn. According to documentation they are both > exclusive: > # Be aware that use-auth-secret overrides some parts of lt-cred-mech. > # The use-auth-secret feature depends internally on lt-cred-mech, so if > you set > # this option then it automatically enables lt-cred-mech internally > # as if you had enabled both. > # Note that you can use only one auth mechanism at the same time! This is > because, > # both mechanisms conduct username and password validation in different > ways. > # Use either lt-cred-mech or use-auth-secret in the conf > # to avoid any confusion. > > 2) Also for coturn I don't see the fingerprint option. Isn't it required > for webrtc? > 3) What the point for installing to something obscure like /opt/open504 > and using open504 as database name? IMHO it would just complicate upgrading > procedure for users.later on. > 4) Please use openmeetings.service on distributions which use systemd. > 5) User need to be aware that tomcat won't reload to new certificates upon > renewal and will keep using old certificates until full restart. So > typically after 3 month clients will be greated with expired certificate in > case of let's encrypt. If user don't want to restart tomcat every now and > then and terminate by that all currently active connections user need send > to it reloadSslHostConfig(host) or reloadSslHostConfigs() via jmx or > manager. But it is not something simple like in case of nginx which only > require SIGHUP signal to the process. And nor jmx or manager is shipped > with OM distribution anyway. As one solution to the problem on my test OM > installation VM with let's encrypt I'm using acme-tiny instead of certbot > (matter of preference) and this custom protocol > https://github.com/CkNoSFeRaTU/tomcat-reloadprotocol which will > automatically reload it for me every configured interval. > > сб, 16 мая 2020 г. в 13:22, Alvaro <[email protected]>: > >> ...in Russian mailing-list, Konstantin gives an idea about >> help to solve the reconnection in Turn server: >> >> "stale-nonce=0" (at /etc/turnserver.conf) >> >> ...'ve added this parameter to the tutorials: >> >> >> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on >> CentOS 7-8.pdf >> >> ...and >> >> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on >> Ubuntu 18.04.pdf >> >> >> ...and reuploaded to: >> >> >> >> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools >> >> >> There it is at your disposal. >> >> >> Thanks to Maxim to comment it. >> >> >> Regards >> >> Alvaro >> >> >> .................... >> >> El jue, 23-04-2020 a las 18:18 +0200, Alvaro escribió: >> >> >> Hello, >> >> It is at your disposal two new tutorials called: >> >> >> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on >> CentOS 7-8.pdf >> >> ...and >> >> Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M4 on >> Ubuntu 18.04.pdf >> >> >> It is tested with an OpenMeetings 5.0.0-M4 server installed on a pc >> at home, after NAT router; and each in the room saw and heard the others >> cameras and your own correctly. >> Also in the tests done, we have uploaded files, recorded video >> and shared desktop without any error. >> >> You can find them here: >> >> >> >> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools >> >> >> Best regards >> >> Alvaro >> >> ..................... >> >>
