You have 30 minutes to complete this form before the CAPTCHA will expire.

Security image * Required field
This is a reported post for a post in the topic <input class="cms_keep_ui_controlled" size="45" title="[post param=&quot;Jitsi and a turnserver&quot;]957[/post]" type="button" value="post Comcode tag (dbl-click to edit/delete)" />, by LethalProtector<br /><br /><comcode-quote param="675">Hello Jacob and thanks for engaging. You are better that this than me.<br />My reading of this:<br /><comcode-code>stream {<br />map $ssl_preread_server_name $name {<br />jitsi-meet.example.com web_backend;<br />turn-jitsi-meet.example.com turn_backend;<br />}<br />upstream web_backend {<br />server 127.0.0.1:4444;<br />}</comcode-code><br />is that traffic to port 443 of the machine hosting the videobridge is redirected, depending on the domain specified. I think this is called SNI.<br />Thus port 443 traffic to jits-meet.example.com is sent to localhost port 4444 and port 443 traffic sent to turn-jitsi-meet.example.com is sent to the turnserver machine port 5349. Not 127.0.0.1:5349 but your_public_ip:5349.<br />Does it not follow that the turnserver in this scenario is on a different machine to that hosting the website? I&#39;ve come to the understanding that this is regarded as a more secure setup, hence this is what I have pursued.<br />I&#39;ve asked Google AI Studio for the answer to your question and after reading through some pretty bland comment ended up coming up with my own explanation that perhaps this setup assumes that on its own machine, the turnserver software e.g. coturn is not able to bind port 443, only the standard high numbered ports 5349 (TLS) and 4378.<br />5349 and 3478 are port numbers that a Jitsi user in a restrictive environment would not be able to access if their firewall bans stuff other than DNS, email, SSH, ports 80 and 443 for web traffic. Is that a good answer to your question?<br />Of course it then raises the other question of why not put nginx on the turnserver machine and send traffic for port 443 to port 5349.<br />The method that I thought was being proposed needs two machines and just one implementation of nginx. AIStudio suggests that might help with load balancing, which I regarded as it most sensible suggestion.<br />I hope that explains my reasoning behind choosing this strategy and why I am keen to get it to work on this basis.<br />Again you might be wondering why not just use the public IP address of the turnserver, why the extra domain. As this is supposed to be secure traffic over port 443, I expect that a domain name might help with certificate verification? Maybe?<br />Thanks again for engaging.<br /></comcode-quote><br />//// PUT YOUR REPORT BELOW \\\\<br /><br /> Add: Add: Font Size Color [Font] Arial Courier Georgia Impact Times Trebuchet Verdana Tahoma Geneva Helvetica [Size] 0.8 1 1.5 2 2.5 3 4 [Color] Black Blue Gray Green Orange Purple Red White Yellow This is a reported post for a post in the topic [post param="Jitsi and a turnserver"]957[/post], by LethalProtector [quote="675"] Hello Jacob and thanks for engaging. You are better that this than me. My reading of this: [code]stream { map $ssl_preread_server_name $name { jitsi-meet.example.com web_backend; turn-jitsi-meet.example.com turn_backend; } upstream web_backend { server 127.0.0.1:4444; }[/code] is that traffic to port 443 of the machine hosting the videobridge is redirected, depending on the domain specified. I think this is called SNI. Thus port 443 traffic to jits-meet.example.com is sent to localhost port 4444 and port 443 traffic sent to turn-jitsi-meet.example.com is sent to the turnserver machine port 5349. Not 127.0.0.1:5349 but your_public_ip:5349. Does it not follow that the turnserver in this scenario is on a different machine to that hosting the website? I&#39;ve come to the understanding that this is regarded as a more secure setup, hence this is what I have pursued. I&#39;ve asked Google AI Studio for the answer to your question and after reading through some pretty bland comment ended up coming up with my own explanation that perhaps this setup assumes that on its own machine, the turnserver software e.g. coturn is not able to bind port 443, only the standard high numbered ports 5349 (TLS) and 4378. 5349 and 3478 are port numbers that a Jitsi user in a restrictive environment would not be able to access if their firewall bans stuff other than DNS, email, SSH, ports 80 and 443 for web traffic. Is that a good answer to your question? Of course it then raises the other question of why not put nginx on the turnserver machine and send traffic for port 443 to port 5349. The method that I thought was being proposed needs two machines and just one implementation of nginx. AIStudio suggests that might help with load balancing, which I regarded as it most sensible suggestion. I hope that explains my reasoning behind choosing this strategy and why I am keen to get it to work on this basis. Again you might be wondering why not just use the public IP address of the turnserver, why the extra domain. As this is supposed to be secure traffic over port 443, I expect that a domain name might help with certificate verification? Maybe? Thanks again for engaging. [/quote] //// PUT YOUR REPORT BELOW \\\\ View all Use of this website implies that you agree to the website rules and privacy policy.