is it possible to run coturn behind nginx proxy?

[celevra]

Hi,

is it possible to run coturn behind a nginx reverse proxy?
i have only 2 ip's on that maschine and need coturn to listen on port 443
so i want to configure nginx to forward name based to coturn, but no luck until now.
if that is known to working, can someone provide me a config?

regards

[mom040267]

No, it needs real clients with real IPs.

[partofthething]

Dang, 'cause yeah that's probably a relatively useful case for family servers these days. Everyone's home-page has SSL thanks to letsencrypt so web traffic goes through there. It'd be really slick to be able to redirect a subdomain's 443 traffic to localhost's 5349 or something. I'm up and running for all users except people behind corporate firewalls that block non-standard ports for this reason. At least I think that's what's going on.

[mom040267]

TURN specs do not have provisioning for that. That would be a custom
feature.

On Mon, Sep 5, 2016 at 6:54 PM, Nick Touran notifications@github.com
wrote:

Dang, 'cause yeah that's probably a relatively useful case for family
servers these days. Everyone's home-page has SSL thanks to letsencrypt so
web traffic goes through there. It'd be really slick to be able to redirect
a subdomain's 443 traffic to localhost's 5349 or something. I'm up and
running for all users except people behind corporate firewalls that block
non-standard ports for this reason. At least I think that's what's going
on.

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
#43 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AFq2UJlcFrXJsPPvPl5VVYiLzw6BfwEuks5qnMfdgaJpZM4IVNlU
.

[ieatcat]

This is incorrect. Coturn can definitely run behind NGINX using stream.

Learn more about it here: https://www.nginx.com/resources/admin-guide/tcp-load-balancing/#proxy_pass

[Zjemm]

or mayby ha-proxy?

[CraigZych]

@ieatcat
Do you happen to have an example config that would capture turn traffic and forward appropriately while still directing regular https:// and wss:// to the correct port?

[cguentherTUChemnitz]

@ieatcat: are you able to provide some example configuration for nginx and coturn?

[misi]

Be aware that AFAIU if you use reverse proxy then because of coTURN's internal architecture may it doesn't load balance the load between the threads, so between cpu core-s.
And this way may one thread will handle all incoming traffic!
As a workaround may use very lots of reverse proxies to somehow avoid this problem.

[card-b]

Did not try this with load balancing, but using the link posted by ieatcat I was able to proxy pass to turnserver in nginx and still route to my websockets. Not sure if this is the best way to do this, but it does work (inside nginx.conf):

http {
	(http and websocket routing in http block)
}

stream {
	server {
		listen 3478 udp;
		proxy_pass my.domain.com:3478;
	}

	server {
		listen 5349 udp;
		proxy_pass my.domain.com:5349;
	}
}

[ntinti]

Can confirm that streaming proxy works. I have to increase my "proxy_buffer_size" for video to work.

[mjsobrep]

@card-b and @ntinti Can you share a bit more about the system that you got to work? I have been trying to get coturn to run behind nginx, but can't seem to make a connection.

[GeovaneW96]

I could make it work behind nginx reverse proxy, problem is: stun gets the gateway machine's internal IP.

[acondura]

Could you please share your example of nginx proxy settings? I'm having trouble with mine not connecting.

[Ddvos]

I am also interested to see some settings in Nginx and coturn

[fabifrank]

Does only udp require to run coturn with stream in nginx so tcp turn is able to run behind reverse proxy with classic ssl termination?

[karolyi]

+1

[dhaminitinAltran]

Hi did anyone manage to do it if yes can you share the co-turn configuration and the ngnix conf file?

[Anurag2Yadav]

Hi @dhaminitinAltran ,
We will work together closely to resolve the issue !

[getarun]

Sorry to dig that up, but is there any progress yet? Tried something like #43 (comment) suggested, but i fail.

stream {

    map $ssl_preread_server_name $name {
        turn.domain.de turn_backend;
    }

    upstream turn_backend {
        server COTURN_IP:3478;
    }

    server {
        listen PROXY_IP:443 udp;
        proxy_pass $name;
        ssl_preread on;
       #access_log /var/log/proxy/access;
       error_log /var/log/proxy/error;
   }
}

Idea is to listen on port 443 for incoming udp traffic to send it to my coturn instance.

[karolyi]

@getarun see #702