0

I am trying to deploy coturn on a server which is behind a restricted network, with only ports 80 and 443 (TCP) allowed.

As I have several services working in the same server, they are all behind a nginx reverse proxy. I want coturn to work the same way. This is my nginx configuration:

server{

listen 443 ssl;
listen [::]:443 ssl;
server_name turn.mydomain.com;
include /etc/nginx/conf/ssl.conf;

location / {


proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://coturn:3478;

}

}

and coturn configuration:

listening-port=3478
tls-listening-port=5349

fingerprint
lt-cred-mech


server-name=turn.mydomain.com
realm=turn.mydomain.com

total-quota=100
stale-nonce=600

proc-user=turnserver
proc-group=turnserver

coturn is up and working, with its internal IP resolved as "coturn" for proxy_pass to work. However, when testing connection with WebRTC Trickle ICE I am getting this result:

test result

It seems to find the server, but does not gather any candidate. Any idea of what could I be doing wrong?

pabpazjim
  • 1
  • have you tries the ip instead of the hostname? – djdomi Apr 21 '22 at 17:14
  • STUN/TURN is primarily intended to solve peers having connectivity issues for example because they are behind NAT. Having the STUN/TURN server itself behind NAT or worse behind a proxy will probably not fulfill its role. It's not even using HTTP or HTTPS. – A.B Apr 22 '22 at 23:47
  • If you are "tasked by above" to set this in place while keeping all *usual* security rules in place, you'll have to find a way to explain to them this won't work. You should study how STUN works first, and how it tries to figure out the various [types of NAT](https://en.wikipedia.org/wiki/Network_address_translation#Methods_of_translation) used by its clients. – A.B Apr 22 '22 at 23:58

0 Answers0