Installing turn server with TCP connections only and uses domain certificate

hi,

I am trying to install a jitsi server with turn server in which all traffic are TCP only. I need to use the domain certificate instead of LetsEncrypt certificate.

Please help me in this regard

This is not possible, you need a second domain name and certs to be able to do it.
If your certs are *.domain.com you can have meet.domain.com and turn.domain.com.

Thanks for the reply. I have followed the script given in installers/jitsi-base at main · jitsi-contrib/installers · GitHub and installed the same. I commented out the letsencrypt session and copied my wildcard certificates to /etc/jitsi/meet/.

But I think it is not using the TCP connections instead its using UDP. I have installed another server with letsencrypt certificates and its using all TCP connections.

It uses TCP/443 when the clients cannot connect to UDP/10000 directly.

@emrah Thanks for the reply. I noticed another behavior. After installation if I try all is working all traffic is going through TCP and using port 5349. I checked the same in wireshark. But when I do a restart i cannot see connections from the client network which does not allow udp.

Not sure if the restart is changing any settings.

Adding one more point. After restart all connections from my machine is udp and from the customer side there is no connections to the server. So I am assuming that those might be udp connections.

Another observation made. The nginx server is down after a day of idle time. I did not make any connections to the newly installed server for a day. When I check today all other services are running apart from ngnix. Below is the output from netstat -tunlp command

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.0.0.46:5349 0.0.0.0: LISTEN 42372/turnserver*
tcp 0 0 10.0.0.46:5349 0.0.0.0: LISTEN 42372/turnserver*
tcp 0 0 0.0.0.0:5222 0.0.0.0: LISTEN 951/lua5.2*
tcp 0 0 0.0.0.0:111 0.0.0.0: LISTEN 1/init*
tcp 0 0 0.0.0.0:5269 0.0.0.0: LISTEN 951/lua5.2*
tcp 0 0 127.0.0.53:53 0.0.0.0: LISTEN 839/systemd-resolve*
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 957/sshd: /usr/sbin*
tcp 0 0 0.0.0.0:5280 0.0.0.0: LISTEN 951/lua5.2*
tcp6 0 0 :::9090 ::: LISTEN 896/java*
tcp6 0 0 :::5222 ::: LISTEN 951/lua5.2*
tcp6 0 0 :::111 ::: LISTEN 1/init*
tcp6 0 0 127.0.0.1:8080 ::: LISTEN 896/java*
tcp6 0 0 :::5269 ::: LISTEN 951/lua5.2*
tcp6 0 0 :::22 ::: LISTEN 957/sshd: /usr/sbin*
tcp6 0 0 :::8888 ::: LISTEN 977/java*
tcp6 0 0 :::5280 ::: LISTEN 951/lua5.2*
udp 0 0 127.0.0.53:53 0.0.0.0: 839/systemd-resolve*
udp 0 0 10.0.0.46:68 0.0.0.0: 837/systemd-network*
udp 0 0 0.0.0.0:111 0.0.0.0: 1/init*
udp 0 0 0.0.0.0:5000 0.0.0.0: 896/java*
udp 0 0 10.0.0.46:5349 0.0.0.0: 42372/turnserver*
udp 0 0 10.0.0.46:5349 0.0.0.0: 42372/turnserver*
udp6 0 0 :::111 ::: 1/init*
udp6 0 0 10.0.0.46:10000 ::: 896/java*
udp6 0 0 :::5000 ::: 896/java*

After server restart nginx is working ok.

Hi, can someone please help in this regard. We are in the phase of loosing the project because of this issue. Setting up turn seems to be pain for us.