Component Communication and Ports for On-Premises Deployment of OpenVidu

I am planning to deploy OpenVidu on-premises and need some clarification on the communication between the various components as I need to explain this to our security team. It is not posible to extract this information from docker compose file becouse you are using networking in “host” mode. Could you please provide detailed information on how the following components interact with each other, including the ports and protocols they use?

  1. OpenVidu Server (openvidu-server)
  2. Kurento Media Server (kms)
  3. Coturn (coturn)
  4. Redis (redis)
  5. Nginx (nginx)
  6. Videoconference Application (app)

Additionally, if you could provide a diagram illustrating the communication between these components, it would be extremely helpful for our deployment process.

Thank you for your assistance.

Best regards,

Are you able to help me ?

Hello, I assume you are going to use OpenVidu CE, am I right?

  • OpenVidu Server:
    Listening at port 5443 (Protocol HTTP)

    It is used by Nginx to reverse proxy from 443 to 5443 for /openvidu* requests and it is also used by Videoconference Application.

  • Kurento Media Server

    • Listening at port 8888 (Protocol HTTP (websocket)). It is used by OpenVidu for the control plane.
    • Listen at port: 40000-57000 UDP-SRTP. It is used by Browsers when a selected ICE candidate is able to connect to it and by Coturn if browsers can connect only via TURN candidates, which I am going to explain in the Coturn Service.
  • Coturn

    • Listening at port 3478 (UDP/TCP Protocol STUN/TURN).
    • Listenting at ports (57000-65535 UDP/TCP - Relays SRTP to Kurento)

    Summary of STUN/TURN and Coturn Usage: STUN allows browsers to announce their public IP and open router ports for direct media server connections (see STUN RFC). If STUN fails, TURN is used. With TURN, browsers send media to Coturn on port 3478 (UDP/TCP), which then relays traffic to Kurento via ports 57000-60000 to 40000-57000. Generally, Coturn helps clients connect to Kurento for TURN relay candidates. STUN uses only port 3478 UDP for communication without media traffic, while TURN uses port 3478 UDP/TCP for media relay.

  • Redis

    • Redis is not used in recent versions. Only in Enterprise HA environments.
  • nginx

    • Listens by default at 80 and 443 TCP (HTTP/S)

      It reverse proxy request from 443 to 5443 to /openvidu in websocket requests and /openvidu/api to HTTP to OpenVidu Server. The rest of the requests goes to 5442 (Videoconference application)

  • Videoconference Application (app)

    • Listen at port 5442. Protocol TCP (HTTP)

    It is used by nginx to proxy requests from 443 to 5442.