You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by René Scholz <re...@abakus-edv-systems.de> on 2019/09/03 12:46:43 UTC
Problem: OM5 - Coturn - NAT: my Solution
Hello,
since yesterday my "Server with NAT" working.
Many thanks at Juan and Maxim helping me a lot.
If anybody have the same problems like me - here are my further steps
after installation from Alavaros fantastic manual.
It's possible that I forget something I modified - I tried a lot of
ways. Feel free to correct me.
1.) It's important for me to use https.
I use LetsEncrypt for this so I got LetsEncrypt certificates for my
subdomain (named: "subdomain.domain.xxx") and configurate the IP of this
subdomain in the DNS of my provider to the external IP-address.
2a.) Install coturn:
apt-get install coturn
2b.) edit /etc/turnserver.conf
my config:
verbose
fingerprint
use-auth-secret
static-auth-secret=SECRETSECRET
realm=subdomain.domain.xxx
simple-log
log-file=/var/log/turn.log
min-port=49152
max-port=55000
3.) Config firewall
Open and forward ports to IP of your OM-server
5443
3478
49152-55000
(When you put your OM-Server in a DMZ (like me) don't forget to forward
to port 22 for SSH-access.)
4.) Edit section "<Connector port="5443"" in the
"/opt/openmeetings/conf/server.xml"
...
<Connector port="5443".
SSLEnabled="true">
<SSLHostConfig>
/ <Certificate
certificateFile="/etc/letsencrypt/live/subdomain.domain.xxx/cert.pem"//
//certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.xxx/privkey.pem"//
//certificateChainFile="/etc/letsencrypt/live/subdomain.domain.xxx/fullchain.pem"
/>//
/// </SSLHostConfig>
</Connector>
...
5.) Edit
"/opt/openmeetings/webapps/openmeetings/WEB-INF/classes/applicationContext.xml"
In my Example: "123.456.789.123:3478", replace it with your own external IP
at the end of this file edit the last section:
...
<bean id="kurentoHandler"
class="org.apache.openmeetings.core.remote.KurentoHandler"
init-method="init" destroy-method="destroy"
p:kurentoWsUrl="ws://127.0.0.1:8888/kurento"
p:checkTimeout="10000"
p:watchThreadCount="10"
/p:turnUrl="123.456.789.123:3478"/
p:turnUser=""
/p:turnSecret="SECRETSECRET"/
p:turnMode="rest"
p:turnTtl="60"
p:objCheckTimeout="200"
/>
With best regards,
René
Re: Problem: OM5 - Coturn - NAT: my Solution
Posted by Maxim Solodovnik <so...@gmail.com>.
yes,
this config is almost identical to what i'm using ...
On Wed, 25 Mar 2020 at 23:40, Daniel Baker <in...@collisiondetection.biz>
wrote:
> Maxim you mean this set up for TURN :
>
>
> -------- Forwarded Message --------
> Subject: Problem: OM5 - Coturn - NAT: my Solution
> Date: Tue, 3 Sep 2019 14:46:43 +0200
> From: René Scholz <re...@abakus-edv-systems.de>
> <re...@abakus-edv-systems.de>
> Reply-To: user@openmeetings.apache.org
> To: user@openmeetings.apache.org
>
> Hello,
>
> since yesterday my "Server with NAT" working.
>
> Many thanks at Juan and Maxim helping me a lot.
>
> If anybody have the same problems like me - here are my further steps
> after installation from Alavaros fantastic manual.
> It's possible that I forget something I modified - I tried a lot of ways.
> Feel free to correct me.
>
> 1.) It's important for me to use https.
> I use LetsEncrypt for this so I got LetsEncrypt certificates for my
> subdomain (named: "subdomain.domain.xxx") and configurate the IP of this
> subdomain in the DNS of my provider to the external IP-address.
>
> 2a.) Install coturn:
> apt-get install coturn
>
> 2b.) edit /etc/turnserver.conf
> my config:
>
> verbose
> fingerprint
> use-auth-secret
> static-auth-secret=SECRETSECRET
> realm=subdomain.domain.xxx
> simple-log
> log-file=/var/log/turn.log
> min-port=49152
> max-port=55000
>
> 3.) Config firewall
> Open and forward ports to IP of your OM-server
> 5443
> 3478
> 49152-55000
> (When you put your OM-Server in a DMZ (like me) don't forget to forward to
> port 22 for SSH-access.)
>
> 4.) Edit section "<Connector port="5443"" in the
> "/opt/openmeetings/conf/server.xml"
>
> ...
> <Connector port="5443".
> SSLEnabled="true">
> <SSLHostConfig>
> * <Certificate
> certificateFile="/etc/letsencrypt/live/subdomain.domain.xxx/cert.pem"*
> *
> certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.xxx/privkey.pem"*
> *
> certificateChainFile="/etc/letsencrypt/live/subdomain.domain.xxx/fullchain.pem"
> />*
> </SSLHostConfig>
> </Connector>
> ...
>
> 5.) Edit
> "/opt/openmeetings/webapps/openmeetings/WEB-INF/classes/applicationContext.xml"
> In my Example: "123.456.789.123:3478", replace it with your own external IP
>
> at the end of this file edit the last section:
> ...
> <bean id="kurentoHandler"
> class="org.apache.openmeetings.core.remote.KurentoHandler"
> init-method="init" destroy-method="destroy"
> p:kurentoWsUrl="ws://127.0.0.1:8888/kurento"
> p:checkTimeout="10000"
> p:watchThreadCount="10"
> *p:turnUrl="123.456.789.123:3478"*
> p:turnUser=""
> *p:turnSecret="SECRETSECRET"*
> p:turnMode="rest"
> p:turnTtl="60"
> p:objCheckTimeout="200"
> />
>
> With best regards,
>
> René
>
>
--
WBR
Maxim aka solomax
Fwd: Problem: OM5 - Coturn - NAT: my Solution
Posted by Daniel Baker <in...@collisiondetection.biz>.
Maxim you mean this set up for TURN :
-------- Forwarded Message --------
Subject: Problem: OM5 - Coturn - NAT: my Solution
Date: Tue, 3 Sep 2019 14:46:43 +0200
From: René Scholz <re...@abakus-edv-systems.de>
Reply-To: user@openmeetings.apache.org
To: user@openmeetings.apache.org
Hello,
since yesterday my "Server with NAT" working.
Many thanks at Juan and Maxim helping me a lot.
If anybody have the same problems like me - here are my further steps
after installation from Alavaros fantastic manual.
It's possible that I forget something I modified - I tried a lot of
ways. Feel free to correct me.
1.) It's important for me to use https.
I use LetsEncrypt for this so I got LetsEncrypt certificates for my
subdomain (named: "subdomain.domain.xxx") and configurate the IP of this
subdomain in the DNS of my provider to the external IP-address.
2a.) Install coturn:
apt-get install coturn
2b.) edit /etc/turnserver.conf
my config:
verbose
fingerprint
use-auth-secret
static-auth-secret=SECRETSECRET
realm=subdomain.domain.xxx
simple-log
log-file=/var/log/turn.log
min-port=49152
max-port=55000
3.) Config firewall
Open and forward ports to IP of your OM-server
5443
3478
49152-55000
(When you put your OM-Server in a DMZ (like me) don't forget to forward
to port 22 for SSH-access.)
4.) Edit section "<Connector port="5443"" in the
"/opt/openmeetings/conf/server.xml"
...
<Connector port="5443".
SSLEnabled="true">
<SSLHostConfig>
/ <Certificate
certificateFile="/etc/letsencrypt/live/subdomain.domain.xxx/cert.pem"//
//certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.xxx/privkey.pem"//
//certificateChainFile="/etc/letsencrypt/live/subdomain.domain.xxx/fullchain.pem"
/>//
/// </SSLHostConfig>
</Connector>
...
5.) Edit
"/opt/openmeetings/webapps/openmeetings/WEB-INF/classes/applicationContext.xml"
In my Example: "123.456.789.123:3478", replace it with your own external IP
at the end of this file edit the last section:
...
<bean id="kurentoHandler"
class="org.apache.openmeetings.core.remote.KurentoHandler"
init-method="init" destroy-method="destroy"
p:kurentoWsUrl="ws://127.0.0.1:8888/kurento"
p:checkTimeout="10000"
p:watchThreadCount="10"
/p:turnUrl="123.456.789.123:3478"/
p:turnUser=""
/p:turnSecret="SECRETSECRET"/
p:turnMode="rest"
p:turnTtl="60"
p:objCheckTimeout="200"
/>
With best regards,
René
Re: Problem: OM5 - Coturn - NAT: my Solution
Posted by Maxim Solodovnik <so...@gmail.com>.
Thanks for sharing :)))
On Tue, 3 Sep 2019 at 19:46, René Scholz <re...@abakus-edv-systems.de>
wrote:
> Hello,
>
> since yesterday my "Server with NAT" working.
>
> Many thanks at Juan and Maxim helping me a lot.
>
> If anybody have the same problems like me - here are my further steps
> after installation from Alavaros fantastic manual.
> It's possible that I forget something I modified - I tried a lot of ways.
> Feel free to correct me.
>
> 1.) It's important for me to use https.
> I use LetsEncrypt for this so I got LetsEncrypt certificates for my
> subdomain (named: "subdomain.domain.xxx") and configurate the IP of this
> subdomain in the DNS of my provider to the external IP-address.
>
> 2a.) Install coturn:
> apt-get install coturn
>
> 2b.) edit /etc/turnserver.conf
> my config:
>
> verbose
> fingerprint
> use-auth-secret
> static-auth-secret=SECRETSECRET
> realm=subdomain.domain.xxx
> simple-log
> log-file=/var/log/turn.log
> min-port=49152
> max-port=55000
>
> 3.) Config firewall
> Open and forward ports to IP of your OM-server
> 5443
> 3478
> 49152-55000
> (When you put your OM-Server in a DMZ (like me) don't forget to forward to
> port 22 for SSH-access.)
>
> 4.) Edit section "<Connector port="5443"" in the
> "/opt/openmeetings/conf/server.xml"
>
> ...
> <Connector port="5443".
> SSLEnabled="true">
> <SSLHostConfig>
> * <Certificate
> certificateFile="/etc/letsencrypt/live/subdomain.domain.xxx/cert.pem"*
> *
> certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.xxx/privkey.pem"*
> *
> certificateChainFile="/etc/letsencrypt/live/subdomain.domain.xxx/fullchain.pem"
> />*
> </SSLHostConfig>
> </Connector>
> ...
>
> 5.) Edit
> "/opt/openmeetings/webapps/openmeetings/WEB-INF/classes/applicationContext.xml"
> In my Example: "123.456.789.123:3478", replace it with your own external IP
>
> at the end of this file edit the last section:
> ...
> <bean id="kurentoHandler"
> class="org.apache.openmeetings.core.remote.KurentoHandler"
> init-method="init" destroy-method="destroy"
> p:kurentoWsUrl="ws://127.0.0.1:8888/kurento"
> p:checkTimeout="10000"
> p:watchThreadCount="10"
> *p:turnUrl="123.456.789.123:3478"*
> p:turnUser=""
> *p:turnSecret="SECRETSECRET"*
> p:turnMode="rest"
> p:turnTtl="60"
> p:objCheckTimeout="200"
> />
>
> With best regards,
>
> René
>
>
--
WBR
Maxim aka solomax
Re: Problem: OM5 - Coturn - NAT: my Solution
Posted by Juan Antonio Moreno Carmona <ja...@gmail.com>.
Hi all.
That is almost exactly my configuration except that I use port 443 for
https. That way, I don't need to put the port number explicitly in the url.
To achieve this I change line 57 to
redirectPort = "443" />
and line 84 to
<Connector port = "443" ...
Of course in the server.xml file
Best regards.
El 3/9/19 a las 14:46, René Scholz escribió:
> Hello,
>
> since yesterday my "Server with NAT" working.
>
> Many thanks at Juan and Maxim helping me a lot.
>
> If anybody have the same problems like me - here are my further steps
> after installation from Alavaros fantastic manual.
> It's possible that I forget something I modified - I tried a lot of
> ways. Feel free to correct me.
>
> 1.) It's important for me to use https.
> I use LetsEncrypt for this so I got LetsEncrypt certificates for my
> subdomain (named: "subdomain.domain.xxx") and configurate the IP of
> this subdomain in the DNS of my provider to the external IP-address.
>
> 2a.) Install coturn:
> apt-get install coturn
>
> 2b.) edit /etc/turnserver.conf
> my config:
>
> verbose
> fingerprint
> use-auth-secret
> static-auth-secret=SECRETSECRET
> realm=subdomain.domain.xxx
> simple-log
> log-file=/var/log/turn.log
> min-port=49152
> max-port=55000
>
> 3.) Config firewall
> Open and forward ports to IP of your OM-server
> 5443
> 3478
> 49152-55000
> (When you put your OM-Server in a DMZ (like me) don't forget to
> forward to port 22 for SSH-access.)
>
> 4.) Edit section "<Connector port="5443"" in the
> "/opt/openmeetings/conf/server.xml"
>
> ...
> <Connector port="5443".
> SSLEnabled="true">
> <SSLHostConfig>
> / <Certificate
> certificateFile="/etc/letsencrypt/live/subdomain.domain.xxx/cert.pem"//
> //certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.xxx/privkey.pem"//
> //certificateChainFile="/etc/letsencrypt/live/subdomain.domain.xxx/fullchain.pem"
> />//
> /// </SSLHostConfig>
> </Connector>
> ...
>
> 5.) Edit
> "/opt/openmeetings/webapps/openmeetings/WEB-INF/classes/applicationContext.xml"
> In my Example: "123.456.789.123:3478", replace it with your own
> external IP
>
> at the end of this file edit the last section:
> ...
> <bean id="kurentoHandler"
> class="org.apache.openmeetings.core.remote.KurentoHandler"
> init-method="init" destroy-method="destroy"
> p:kurentoWsUrl="ws://127.0.0.1:8888/kurento"
> p:checkTimeout="10000"
> p:watchThreadCount="10"
> /p:turnUrl="123.456.789.123:3478"/
> p:turnUser=""
> /p:turnSecret="SECRETSECRET"/
> p:turnMode="rest"
> p:turnTtl="60"
> p:objCheckTimeout="200"
> />
>
> With best regards,
>
> René
>