Coturn chronicles

yes.

As an alternative, you can delete /etc/nginx/modules-enabled/60-jitsi-meet.conf and set the port in the site config but an upgrade can break this, I didn’t tested

1 Like

I tested Firefox again and I’m sure that it’s working. I found that my old problem was caused by the proxy. After disabling the proxy, Firefox started to work correctly through turn.

Firefox Quantum 68.12.0esr

What proxy??

That is not an proxy issue. I dont have any set. I habe direct internet connection with port 10000 blocked by me. It is not working

Whats you exact turnserver.conf?

Gruß,
R. Kluth

My current issue is the 401 error that comes by using FF. the connection is established but the way FF offers credentials seems to be not the „format“ coturn wants. Coturn logs an 401 Unauthorized if FF connects to it.

Gruß,
R. Kluth

I use the turn server config produced by jitsi-meet-turnserver with the following changes

  • disabled external-ip line
  • added listening-ip and allowed-peer-ip (the container IP)
  • added no-udp line
# jitsi-meet coturn config. Do not modify this line
use-auth-secret
keep-address-family
static-auth-secret=MYSECRET
realm=meet.mydomain.com
cert=/etc/jitsi/meet/meet.mydomain.com.crt
pkey=/etc/jitsi/meet/meet.mydomain.com.key
no-multicast-peers
no-cli              
no-loopback-peers   
no-tcp-relay        
no-tcp              
listening-port=3478 
tls-listening-port=5349
#external-ip=1.2.3.4
no-tlsv1            
no-tlsv1_1          
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
# jitsi-meet coturn relay disable config. Do not modify this line
denied-peer-ip=0.0.0.0-0.255.255.255  
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255 
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255  
denied-peer-ip=192.0.2.0-192.0.2.255  
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
syslog

# the following lines added by eb-jitsi
listening-ip=172.22.22.14
allowed-peer-ip=172.22.22.14
no-udp

Hi @emrah
Thank you for your share.
I tried that but still get UDP traffic on meeting. Sometimes external user drop on meet. After adding rule on their security product they can access. But sometimes some external user dont want this. How can only use TCP 443 port for meeting traffic.
PS: I delete 60-jitsi-meet.conf file for Load Balancer configuration
Thanks