coturn server behind nginx reverse proxy not gathering candidates

pabpazjim

8/21/23, 1:02 PM

I am trying to deploy coturn on a server which is behind a restricted network, with only ports 80 and 443 (TCP) allowed.

As I have several services working in the same server, they are all behind a nginx reverse proxy. I want coturn to work the same way. This is my nginx configuration:

server{

listen 443 ssl;
listen [::]:443 ssl;
server_name turn.mydomain.com;
include /etc/nginx/conf/ssl.conf;

location / {


proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://coturn:3478;

}

}

and coturn configuration:

listening-port=3478
tls-listening-port=5349

fingerprint
lt-cred-mech


server-name=turn.mydomain.com
realm=turn.mydomain.com

total-quota=100
stale-nonce=600

proc-user=turnserver
proc-group=turnserver

coturn is up and working, with its internal IP resolved as "coturn" for proxy_pass to work. However, when testing connection with WebRTC Trickle ICE I am getting this result:

test result

It seems to find the server, but does not gather any candidate. Any idea of what could I be doing wrong?

0 + 0

nginx

reverse-proxy

webrtc

coturn

turn

djdomi

8/21/23, 5:14 PM

have you tries the ip instead of the hostname?

A.B

8/22/23, 11:47 PM

STUN/TURN is primarily intended to solve peers having connectivity issues for example because they are behind NAT. Having the STUN/TURN server itself behind NAT or worse behind a proxy will probably not fulfill its role. It's not even using HTTP or HTTPS.

A.B

8/22/23, 11:58 PM

If you are "tasked by above" to set this in place while keeping all *usual* security rules in place, you'll have to find a way to explain to them this won't work. You should study how STUN works first, and how it tries to figure out the various [types of NAT](https://en.wikipedia.org/wiki/Network_address_translation#Methods_of_translation) used by its clients.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: coturn server behind nginx reverse proxy not gathering candidates

TH: เซิร์ฟเวอร์ coturn ที่อยู่เบื้องหลัง nginx reverse proxy ไม่รวบรวมผู้สมัคร

RO: Serverul coturn din spatele proxy-ului invers nginx nu adună candidați

RU: сервер coturn за обратным прокси-сервером nginx не собирает кандидатов

VI: máy chủ coturn phía sau proxy ngược nginx không thu thập các ứng cử viên

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.