-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After update of coturn can not connect to 443 #421
Comments
I'm not sure if you noticed the |
The Only the new server has a
After removing the coturn
Now the So this issue seems to be in the systemd |
Thx. You saved my day. |
Add |
Thanks @zhu Cheers |
In my case the turnserver user did not have access to the private key so the TLS listening port was not binding. |
This indeed fixed it - but what is the cause? I've set up the coturn some month ago and changed nothing. Now it was siply not working/binding. A simple update of the system & packages was causing this? Is a fix on the way for the systemd config? |
No it will not be fixed by default in systemd. Lines 55 to 69 in 4417fd2
|
We run a dedicated Stun/TURN server and have the best experience to circumvent restrictive firewalls by offering ports 80 and 443 for TURN(S).
Adding |
It is mentioned in debian package README but I need to move it to upstream doc too. |
I've been trying to set alt-listening-port and alt-tls-listening-port in the configuration but they are always ignored. (I've tried with two alt ips for each) |
Same issue here. I've been trying to set both alternative listening ports with no success. Based on the logs the server does not even attempt to listen on those ports. For now just modifying the main ports to 80 and 443 does the trick |
I've tried that but it behaves a lot better with these two: listening-port=3478 & tls-listening-port=443 than with: listening-port=80 & tls-listening-port=443. This causes more connection failures in my case. I will let you know if I find how to set alt ports or let me know if you find it cause it would probably help to have more opened ports. |
Hello, I just can not get it to work with Ubuntu version 20.04.2 LTS , the 443 port just does not come up, I have tried everything written here, it just will not work. this is my current working config (NAT)under 18.02: listening-port=3478 tls-listening-port=443 external-ip=195.165.215.100/10.10.10.13 fingerprint colt-cred-mech use-auth-secret realm=turn.gh-immo.de cert=/home/matrix/turn_gh-immo_de_crt.pem pkey=/home/matrix/turn_gh-immo_de.pem cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS" dh2066 log-file=/var/log/coturn.log simple-log no-tlsv1 at the end i had this config under 20.04 (not worked): listening-port=3478 tls-listening-port=443 external-ip=195.165.215.100/10.10.10.13 min-port=32769 cert=/home/matrix/turn_gh-immo_de_crt.pem cipher-list="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" no-loopback-peers Permission SSL certificate |
Did you try ? sudo rm /lib/systemd/system coturn.service |
yes sure
|
What dose you log say ? Silly question you rebooted server after applying that commend ?
…Sent from my iPhone
On May 4, 2021, at 10:06 AM, MeinhartEsrohr ***@***.***> wrote:
yes sure
Did you try ?
sudo rm /lib/systemd/system coturn.service
sudo systemctl daemon-reload
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Have you tried Adding AmbientCapabilities=CAP_NET_BIND_SERVICE as described above by @rasos ? Sounds like it could be a permissions issue that can be fixed with that setting in your systemd startup script. |
yes sure i did a reboot after applying I have to say , in the logs I never saw anything that would help me, maybe I need to change the log ?! I meant the coturn.log file |
@MeinhardEsrohr Change the line |
cool, i will try this , thank you |
Hey rawtaz, this is my LOG: 0: log file opened: /var/log/coturn/coturn.log But I don't see any error in the log or what the problem is why it doesn't open the port 443 |
@MeinhartEsrohr I believe that the What are you trying to accomplish? In my config I have |
Hi @rawtaz , thanks for your detailed answer, my current configuration works under Ubuntu Server version 18.04 without problems ( even without Listining IP), above I had posted the configuration under 18.04. As we work with NAT, I would enter my DMZ internal address in Listining IP. |
I just edited two files to bind on 80 and 443:
to
and in coturn system service file, change
to
then run |
@amirphl What's the reason to make it run as root instead of the dedicated If it's just to be able to listen on the privileged ports, a better approach is to put this in your systemd file for the service (e.g.
Then you shouldn't have to make it run as root. |
@rawtaz |
The directlry mentioned in the test @misi mentioned in his January 13th 2021 message ( coturn/debian/README.Debian Lines 55 to 69 in 4417fd2 The correct file is /lib/systemd/system/coturn.service as stated by several above. We may want to correct the documentation. |
Also to correct the certificate access problem mentioned above, the certbot documentation now states:
this documention is here I followed the instructions ans problem gone. We may want to add these instructions to the COTURN documentation. Will save people tons of time. |
Hi, 0: Trying to bind fd 88 to <[2003:f2:c70d:d400:ba27:345r:fe53:7777]:8346>: errno=99 ...only for ipv6, after some iterations: 0: Trying to bind TLS/TCP listener socket to addr [2003:f2:c70d:d400:ba27:345r:fe53:7777]:8346, again... But only at first boot. If I restart only coturn no such errors in logfile. Any idea? Thanks, best regards |
Perhaps Coturn is trying to start before the network is ready? Depending on how you start it, make sure it's set to start when the network is ready. You can do that with systemd etc by configuring the unit file. |
how can I throttle coturn or ensure that nw ipv6 is up? u mean in config file /lib/systemd/system/coturn.service? |
A good start would be to read the documentation for systemd and/or DDG/Google something like "systemd network ready".. |
thx for pointing in that direction: [Service] again, thx a ton |
There's a cleaner way to define that a service requires the network to be ready before it starts, should be easy to find the configuration line you need for that. But your interesting solution is intriguing, glad it works! |
u mean: [Unit] would it replace the AFTER=network.target??????????? [Unit] |
Version Coturn-4.5.1.1 'dan Eider' Was getting error rather than remove as suggested above (in case it didn't work) using: I renamed 'coturn.service' to: then Now everything works! |
@rushglen |
Hi,
After I updated my Coturn server on AWS from version 4.5.0.7-1+b1 to 4.5.1.0-1~bpo9+1 I get error on connection to port 443. I used the Debian Stretch backports for the installation of Coturn. If I remove
alt-listening-port=443
from the config file. It seems to work correctly.Is there still a way to directly connect to port 443 by Coturn or do I need to use something like iptables to fix this issue?
The text was updated successfully, but these errors were encountered: