External coturn docker image

Hi all, hi @cruizba

we are currently testing the coturn docker image as described here: Allow users behind firewalls - OpenVidu Docs

Two question about your implementation:

  • when we check the SSL certificate using SSL Server Test (Powered by Qualys SSL Labs) we can see that the certificate chain is not fully sent. In our own coturn implementation we used the file “fullchain.pem” as value for the “cert” parameter in the turnserver.conf file, but you obviously use “cert.pem”. Is there a reason for this?

  • does your coturn implementation listen for IPv6 connections? Is this necessary?

Thanks!

I thing SSL Server test check the SSL via HTTP protocol. But TURN works with transport layer protocol TCP/UDP.

The best way to check it works is by allowing only connections to 443 TCP in the Coturn server and configuring at OPENVIDU_WEBRTC_ICE_SERVERS a turn url like this:

OPENVIDU_WEBRTC_ICE_SERVERS=["turns:<YOUR_DOMAIN>:443?transport=tcp"]

In firefox, if you enable media.peerconnection.ice.relay_only to true, in about:webrtc, you will see while doing a call in OpenVidu, a working candidate at about:webrtc with relay-tls as candidate type.

If you have doubts about how external coturn with certificates works, install it with letsencrypt and check the certificates generated.

Regards.

I have installed coturn in one of our machines and openvidu on different machine.
Also i have set the configuration in openvidu env file as below:
OPENVIDU_WEBRTC_ICE_SERVERS=[“url=turns:ngvideoccoturn.centralindia.cloudapp.azure.com:443,username=test,credential=test123”]

But how to verify the same is being used. Because if i see the logs, it shows Coturn IP : COTURN IP: 14.142.3.154. This is not IP of my coturn machine.
Do i need to remove coturn image from openvidu server that gets installed at time of installation of openvidu?
Please suggest.

It shows Coturn IP : COTURN IP: 14.142.3.154.

While in a video call using firefox, check at about:webrtc if the iceServer corresponds to your configured value.

I think this log trace should be removed in favor of the configured TURN. I’ll make a commit to show te correct configuration in the logs.