You have 30 minutes to complete this form before the CAPTCHA will expire.

Security image * Required field
This is a reported post for a post in the topic <input class="cms_keep_ui_controlled" size="45" title="[post param=&quot;Jitsi and a turnserver&quot;]963[/post]" type="button" value="post Comcode tag (dbl-click to edit/delete)" />, by LethalProtector<br /><br /><comcode-quote param="675">Hi Jacob,<br />You asked <i>Why do you think your setup is &quot;more secure?&quot;</i><br />I am using coturn as my turnserver software on Debian. By default on install, this adds the private IP of the server to the turnserver configuration files &#39;denied-peer-ip&#39; along with some other IP address e.g. 10.0.0.0 to 10.255.255.255. The reason &quot;is to prevent an attack that tries to connect to a port on the machine running coturn (some other service, internal service, etc)&quot;.<br /><a class="user_link" href="http://https://github.com/coturn/coturn/issues/1407" rel="nofollow noopener external" target="_blank" title="https://github.com/coturn/coturn/issues/1407 (this link will open in a new window)">https://github.com/coturn/coturn/issues/1407</a><br />Running my turnserver on another machine also reduces the services exposed to a single SSH key being lost.<br />Thus to run on the same machine, I would have to allow the local IP.<br />I&#39;ve now got it working by running coturn on the same machine. I have followed the docs but could not get coturn to start with the public IP as the listening-ip or tls-listening-ip in turnserver.conf. I changed this to the private IP, which then needs to match the IP in the stream block. I then have to disable the line in turnserver.conf that denies the machine&#39;s private IP.<br />However, when I set my client to a restrictive firewall, it now works. It&#39;s a bit disatisfactory.<br />As for what you are calling the official docs, I would describe them instead as &#39;a set up that worked at some point for some user&#39;. The instructions on how to create the certificates simply did not work on my machine, giving an error &quot;/opt/acmesh/.acme.sh/acme.sh&quot; does not exist. This undermines confidence in the rest of the instructions &quot;it must be the docs again, not me&quot; potentially leading to more errors being introduced.<br />You and I have had a bit of to-and-fro as to whether the instructions here: https://jitsi.github.io/handbook/docs/devops-guide/turn/ are for running a turnserver on a different machine to jitsi or not. I will repeat that it is very confusing to be specifiying an IP other than 127.0.0.1 to nginx if the turnserver is running on the same machine. I guess it is the case that what is specified in nginx needs to match how the turnserver expects the world to call it.<br />Moreover, I couldn&#39;t get this to work as an nginx &#39;module&#39; as per the instructions and only was it working when placed as an instruction in the stream-enabled directory, which I had to create.<br />Substantial departures were made to get this working. If you think I&#39;m mistaken, give it one hour of your time and see if you can make this work using what you are calling the turnserver docs. At worst, you will have a turnserver implementation.<br />I couldn&#39;t have done this without your brilliant youtube video, or your prompting which made me think to try another direction today. Many thanks<br /><br /></comcode-quote><br />//// PUT YOUR REPORT BELOW \\\\<br /><br /> Add: Add: Font Size Color [Font] Arial Courier Georgia Impact Times Trebuchet Verdana Tahoma Geneva Helvetica [Size] 0.8 1 1.5 2 2.5 3 4 [Color] Black Blue Gray Green Orange Purple Red White Yellow This is a reported post for a post in the topic [post param="Jitsi and a turnserver"]963[/post], by LethalProtector [quote="675"] Hi Jacob, You asked [i]Why do you think your setup is &quot;more secure?&quot;[/i] I am using coturn as my turnserver software on Debian. By default on install, this adds the private IP of the server to the turnserver configuration files &#39;denied-peer-ip&#39; along with some other IP address e.g. 10.0.0.0 to 10.255.255.255. The reason &quot;is to prevent an attack that tries to connect to a port on the machine running coturn (some other service, internal service, etc)&quot;. [url="https://github.com/coturn/coturn/issues/1407" rel="nofollow noopener external" target="_blank"]http://https://github.com/coturn/coturn/issues/1407[/url] Running my turnserver on another machine also reduces the services exposed to a single SSH key being lost. Thus to run on the same machine, I would have to allow the local IP. I&#39;ve now got it working by running coturn on the same machine. I have followed the docs but could not get coturn to start with the public IP as the listening-ip or tls-listening-ip in turnserver.conf. I changed this to the private IP, which then needs to match the IP in the stream block. I then have to disable the line in turnserver.conf that denies the machine&#39;s private IP. However, when I set my client to a restrictive firewall, it now works. It&#39;s a bit disatisfactory. As for what you are calling the official docs, I would describe them instead as &#39;a set up that worked at some point for some user&#39;. The instructions on how to create the certificates simply did not work on my machine, giving an error &quot;/opt/acmesh/.acme.sh/acme.sh&quot; does not exist. This undermines confidence in the rest of the instructions &quot;it must be the docs again, not me&quot; potentially leading to more errors being introduced. You and I have had a bit of to-and-fro as to whether the instructions here: https://jitsi.github.io/handbook/docs/devops-guide/turn/ are for running a turnserver on a different machine to jitsi or not. I will repeat that it is very confusing to be specifiying an IP other than 127.0.0.1 to nginx if the turnserver is running on the same machine. I guess it is the case that what is specified in nginx needs to match how the turnserver expects the world to call it. Moreover, I couldn&#39;t get this to work as an nginx &#39;module&#39; as per the instructions and only was it working when placed as an instruction in the stream-enabled directory, which I had to create. Substantial departures were made to get this working. If you think I&#39;m mistaken, give it one hour of your time and see if you can make this work using what you are calling the turnserver docs. At worst, you will have a turnserver implementation. I couldn&#39;t have done this without your brilliant youtube video, or your prompting which made me think to try another direction today. Many thanks [/quote] //// PUT YOUR REPORT BELOW \\\\ View all Use of this website implies that you agree to the website rules and privacy policy.