0

I’ve setup Jitsi meet on my GCP instance for testing purposes with NGINX and Turn server(running as docker container).

In my My nginx.conf ,I added the following lines :

location /xmpp-websocket {
    proxy_pass https://myapp.one:443; ----(myapp.one being my domain, I've used an alias here to hide identity of my real domain)
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

location /colibri-ws {
    proxy_pass https://myapp.one:443;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

My docker-compose for turn server is as follows :

myapp_turnserver:
        container_name: myapp_turnserver
        image: coturn/coturn:4.5.2
        restart: ${RESTART_POLICY:-unless-stopped}
        volumes:
            - ${CONFIG}/coturn/turnserver.conf:/etc/coturn/turnserver.conf:Z
        shm_size: '2gb'
        cap_add:
            - SYS_ADMIN
        networks:
            meet.myapp:
        # network_mode: "host"      
        # environment:

My Turn credentials are as follows :

TURN_CREDENTIALS=secret
            - TURN_HOST=turnserver.myapp.one
            - TURNS_HOST=turnserver.myapp.one
            - TURN_PORT=443
            - TURNS_PORT=443

However, I’ve run into the following errors on GCP :

myapp_turnserver          | 0: : Config file found: //etc/coturn/turnserver.conf
myapp_turnserver          | 0: : Config file found: //etc/coturn/turnserver.conf
myapp_turnserver          | 0: : Config file found: //etc/coturn/turnserver.conf
myapp_turnserver          | 0: : Config file found: //etc/coturn/turnserver.conf
myapp_turnserver          | 0: : 
myapp_turnserver          | RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
myapp_turnserver          | Version Coturn-4.5.2 'dan Eider'
myapp_turnserver          | 0: : 
myapp_turnserver          | RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
myapp_turnserver          | Version Coturn-4.5.2 'dan Eider'
myapp_turnserver          | 0: : 
myapp_turnserver          | Max number of open files/sockets allowed for this process: 1048576
myapp_turnserver          | 0: : 
myapp_turnserver          | Max number of open files/sockets allowed for this process: 1048576
myapp_turnserver          | 0: : 
myapp_turnserver          | Due to the open files/sockets limitation,
myapp_turnserver          | max supported number of TURN Sessions possible is: 524000 (approximately)
myapp_turnserver          | 0: : 
myapp_turnserver          | Due to the open files/sockets limitation,
myapp_turnserver          | max supported number of TURN Sessions possible is: 524000 (approximately)
myapp_turnserver          | 0: : 
myapp_turnserver          | 
myapp_turnserver          | ==== Show him the instruments, Practical Frost: ====
myapp_turnserver          | 
myapp_turnserver          | 0: : 
myapp_turnserver          | 
myapp_turnserver          | ==== Show him the instruments, Practical Frost: ====
myapp_turnserver          | 
myapp_turnserver          | 0: : TLS supported
myapp_turnserver          | 0: : TLS supported
myapp_turnserver          | 0: : DTLS supported
myapp_turnserver          | 0: : DTLS supported
myapp_turnserver          | 0: : DTLS 1.2 supported
myapp_turnserver          | 0: : DTLS 1.2 supported
myapp_turnserver          | 0: : TURN/STUN ALPN supported
myapp_turnserver          | 0: : TURN/STUN ALPN supported
myapp_turnserver          | 0: : Third-party authorization (oAuth) supported
myapp_turnserver          | 0: : Third-party authorization (oAuth) supported
myapp_turnserver          | 0: : GCM (AEAD) supported
myapp_turnserver          | 0: : GCM (AEAD) supported
myapp_turnserver          | 0: : OpenSSL compile-time version: OpenSSL 1.1.1n  15 Mar 2022 (0x101010ef)
myapp_turnserver          | 0: : OpenSSL compile-time version: OpenSSL 1.1.1n  15 Mar 2022 (0x101010ef)
myapp_turnserver          | 0: : 
myapp_turnserver          | 0: : 
myapp_turnserver          | 0: : SQLite supported, default database location is /var/lib/coturn/turndb
myapp_turnserver          | 0: : SQLite supported, default database location is /var/lib/coturn/turndb
myapp_turnserver          | 0: : Redis supported
myapp_turnserver          | 0: : Redis supported
myapp_turnserver          | 0: : PostgreSQL supported
myapp_turnserver          | 0: : PostgreSQL supported
myapp_turnserver          | 0: : MySQL supported
myapp_turnserver          | 0: : MySQL supported
myapp_turnserver          | 0: : MongoDB supported
myapp_turnserver          | 0: : MongoDB supported
myapp_turnserver          | 0: : 
myapp_turnserver          | 0: : 
myapp_turnserver          | 0: : Default Net Engine version: 3 (UDP thread per CPU core)
myapp_turnserver          | 
myapp_turnserver          | =====================================================
myapp_turnserver          | 
myapp_turnserver          | 0: : Default Net Engine version: 3 (UDP thread per CPU core)
myapp_turnserver          | 
myapp_turnserver          | =====================================================
myapp_turnserver          | 
myapp_turnserver          | 0: : Domain name: 
myapp_turnserver          | 0: : Domain name: 
myapp_turnserver          | 0: : Default realm: 
myapp_turnserver          | 0: : Default realm: 
myapp_turnserver          | 0: : ERROR: 
myapp_turnserver          | CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
myapp_turnserver          | 0: : ERROR: 
myapp_turnserver          | CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
myapp_turnserver          | 0: : WARNING: cannot find certificate file: turn_server_cert.pem (1)
myapp_turnserver          | 0: : WARNING: cannot find certificate file: turn_server_cert.pem (1)
myapp_turnserver          | 0: : WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
myapp_turnserver          | 0: : WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
myapp_turnserver          | 0: : WARNING: cannot find private key file: turn_server_pkey.pem (1)
myapp_turnserver          | 0: : WARNING: cannot find private key file: turn_server_pkey.pem (1)
myapp_turnserver          | 0: : WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
myapp_turnserver          | 0: : WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
myapp_turnserver          | 0: : NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
myapp_turnserver          | 0: : NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
myapp_turnserver          | 0: : ===========Discovering listener addresses: =========
myapp_turnserver          | 0: : ===========Discovering listener addresses: =========
myapp_turnserver          | 0: : Listener address to use: 127.0.0.1
myapp_turnserver          | 0: : Listener address to use: 127.0.0.1
myapp_turnserver          | 0: : Listener address to use: 172.21.0.4
myapp_turnserver          | 0: : Listener address to use: 172.21.0.4
myapp_turnserver          | 0: : =====================================================
myapp_turnserver          | 0: : =====================================================
myapp_turnserver          | 0: : Total: 1 'real' addresses discovered
myapp_turnserver          | 0: : Total: 1 'real' addresses discovered
myapp_turnserver          | 0: : =====================================================
myapp_turnserver          | 0: : =====================================================
myapp_turnserver          | 0: : NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
myapp_turnserver          | 0: : NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
myapp_turnserver          | 0: : ===========Discovering relay addresses: =============
myapp_turnserver          | 0: : ===========Discovering relay addresses: =============
myapp_turnserver          | 0: : Relay address to use: 172.21.0.4
myapp_turnserver          | 0: : Relay address to use: 172.21.0.4
myapp_turnserver          | 0: : =====================================================
myapp_turnserver          | 0: : =====================================================
myapp_turnserver          | 0: : Total: 1 relay addresses discovered
myapp_turnserver          | 0: : Total: 1 relay addresses discovered
myapp_turnserver          | Cannot create pid file: /var/run/turnserver.pid: Permission denied
myapp_turnserver          | 0: : =====================================================
myapp_turnserver          | 0: : =====================================================
myapp_turnserver          | 0: : Cannot create pid file: /var/run/turnserver.pid
myapp_turnserver          | 0: : Cannot create pid file: /var/run/turnserver.pid
myapp_turnserver          | 0: : pid file created: /var/tmp/turnserver.pid
myapp_turnserver          | 0: : pid file created: /var/tmp/turnserver.pid
myapp_turnserver          | 0: : IO method (main listener thread): epoll (with changelist)
myapp_turnserver          | 0: : IO method (main listener thread): epoll (with changelist)
myapp_turnserver          | 0: : WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
myapp_turnserver          | 0: : WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
myapp_turnserver          | 0: : Wait for relay ports initialization...
myapp_turnserver          | 0: : Wait for relay ports initialization...
myapp_turnserver          | 0: :   relay 172.21.0.4 initialization...
myapp_turnserver          | 0: :   relay 172.21.0.4 initialization...
myapp_turnserver          | 0: :   relay 172.21.0.4 initialization done
myapp_turnserver          | 0: :   relay 172.21.0.4 initialization done
myapp_turnserver          | 0: : Relay ports initialization done
myapp_turnserver          | 0: : Relay ports initialization done
myapp_turnserver          | 0: : IO method (general relay thread): epoll (with changelist)
myapp_turnserver          | 0: : IO method (general relay thread): epoll (with changelist)
myapp_turnserver          | 0: : turn server id=1 created
myapp_turnserver          | 0: : turn server id=1 created
myapp_turnserver          | 0: : IO method (general relay thread): epoll (with changelist)
myapp_turnserver          | 0: : IO method (general relay thread): epoll (with changelist)
myapp_turnserver          | 0: : turn server id=0 created
myapp_turnserver          | 0: : turn server id=0 created
myapp_turnserver          | 0: : Total General servers: 2
myapp_turnserver          | 0: : Total General servers: 2
myapp_turnserver          | 0: : IO method (auth thread): epoll (with changelist)
myapp_turnserver          | 0: : IO method (auth thread): epoll (with changelist)
myapp_turnserver          | 0: : IO method (auth thread): epoll (with changelist)
myapp_turnserver          | 0: : IO method (auth thread): epoll (with changelist)
myapp_turnserver          | 0: : SQLite DB connection success: /var/lib/coturn/turndb
myapp_turnserver          | 0: : SQLite DB connection success: /var/lib/coturn/turndb
myapp_turnserver          | 0: : IO method (admin thread): epoll (with changelist)
myapp_turnserver          | 0: : IO method (admin thread): epoll (with changelist)
myapp_turnserver          | 0: : ERROR: 
myapp_turnserver          | Could not start Prometheus collector!
myapp_turnserver          | 0: : ERROR: 
myapp_turnserver          | Could not start Prometheus collector!

Also,

The turnserver.conf isnt being created as a file from etc/turnserver.conf to vol which contains all my containers locally → web, jibri & others

Help appreciated to set this up. Thanks in advance. Steps for successfully configuring Docker-Jitsi with Nginx and Turn would be appreciated.

Earthling
  • 83
  • 3
  • 13

1 Answers1

0

You are probably missing the external_ip set up in turnserver.conf, which should contain the host public IP address.

See for example https://community.jitsi.org/t/setting-up-coturn-for-jitsi/97576

giavac
  • 988
  • 7
  • 22