I doubt it that apache has something like that. Though I haven't used it for more than 10 years. There are so much better alternatives.. I think haproxy definitely should have such functionality,
It's not really about less ports as generally you don't want to tunnel everyone through tcp as it will add latency and hiccups if there are tcp retrains. But about providing ability of last resort to connect with users which are behind very restrictive firewalls. Like 443 port only. And you have only one IP-address on server and want both coturn and web server reside on one the same port for outside. So special magic is required. To archive that you need to provide ability to provide multiple TURN urls, including specifying the flavour of them. Like that: https://github.com/CkNoSFeRaTU/openmeetings/commit/abad92d6b4fcc03884de18143e3e96eaa3591d53 Then you setup something as frontend that analyze first incoming packet (typically TLS ClientHello) and decide if they need to redirect that connection to turn server or not. There are can be many configurations and what you can look as distinguisher: SNI, ALPN or even protocol... There I placed some of my experiments with nginx and two domains, one for coturn and one for om: https://nosferatu.g0x.ru/pub/openmeetings/443-only/ On chromium-based browsers It works like a charm. But last resort path doesn't work on firefox for some reason. Didn't investigated much why... P.S. Commented part in nginx`s configuration is how jitsi does it. That way it will break chromium-based browsers's websocket because they doesn't send ALPN extension for websocket connection for some reason.And in case of OM that means that there will be infinite spinning wheel for such browsers.. вс, 17 мая 2020 г. в 10:05, Maxim Solodovnik <[email protected]>: > > > On Sat, 16 May 2020 at 21:52, Konstantin Kuzov <[email protected]> > wrote: > >> The only thing Jitsi does regarding to ports in default configuration is >> using nginx's APLN map feature ( >> http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html) to >> hide default stun/turn ports behind nginx https port. But be aware that >> this feature can break secure websocket for some browsers like chrome. >> > > I'm not aware of this module > Does it exists for Apache? > Can it be used (with care) to create config with less ports required? > > >> >> )сб, 16 мая 2020 г. в 17:36, Maxim Solodovnik <[email protected]>: >> >>> This service uses Jitsi >>> I'm still not sure if it is possible to configure WebRTC to use less >>> ports >>> AFAIK it is impossible >>> >>> > > -- > Best regards, > Maxim >
