DEVHIDE
Login Or Sign up

cannot connect to turn server (coturn) with Let's Encrypt SSL/TLS

457 Views Asked by At

I configured the server as below

Coturn-4.5.1.1 'dan Eider'

tls-listening-port=5349
fingerprint
use-auth-secret
server-name=turn.***.com
realm=turn.****.com
verbose
cert=/etc/coturn/certs/turn.***.com.fullchain.pem
pkey=/etc/coturn/certs/turn.***.com.privkey.pem
dh-file=/etc/coturn/certs/ssl-dhparams.pem
mobility
min-port=49152
max-port=65535

Nginx ( the problem is not Nginx because the problem is still alive when I don't use Nginx )

stream {
    ...
    ...
    error_log /var/log/nginx/str.error.log;
    upstream turnTls {
        server turn_tls_IP:5349;
    }
    map $ssl_preread_server_name $upstream {
        ....
        ....
        ...
        turn.****.com turnTls;
    }
   
    server {
    
        error_log /var/log/nginx/xxx.err.log;
        listen 443;         
        listen [::]:443;
        proxy_pass $upstream;
        ssl_preread on;
        proxy_buffer_size 10m;
       
    }
}

When I access the server with Android phones with turns protocol like

  {
            'urls': ['turns:turn.***.com:443?transport=tcp'],
            'username': $username,
            'credential': $password,
}

The server cannot get user credentials, and the server log is as follows

7: session 002000000000000001: closed (2nd stage), user <> realm <turn.****.com> origin <>, local ****:5349, remote ***:53712, reason: TLS/TCP socket buffer operation error (callback)

As you can see, the user's access user <> information is empty and I got reason: TLS/TCP socket buffer operation error (callback)

with Trickle ICE tools sometimes work


0.783   Done
0.782   relay   2831610 udp *****   65082   0 | 31519 | 255 turns:turn.***.com:443?transport=tcp    tls

Coturn log

session 000000000000000025: new, realm=<turn.****.com>, username=<1674486335:user_80_156>, lifetime=600, cipher=ECDHE-RSA-AES256-GCM-SHA384, method=TLSv1.2

I did the following but the problem was not solved

disable some TlS protocols

no-tlsv1
no-tlsv1_1
no-tlsv1_2
no-tlsv3
...

I copied lets encrypt keys to /etc/coturn which is chmodded with 600 and owned by turnserver:turnserve

I stopped NGINX and contacted Turn directly via TLS on port 443

With Nginx, I decrypt in server block and then transferred it to the Turn server

stream {
    server {
        listen 443 ssl;

        ssl_certificate             ... fullchain.pem;
        ssl_certificate_key         ... privkey.pem;
  
        ssl_dhparam                 ... dhparam.pem;
        proxy_ssl                   off;
        proxy_pass                  turn_Ip_NoTLS:3478;
    }
}

I tested in many android device with ISRG Root X1 and DST Root CA X3

nginx ssl lets-encrypt turn coturn
Original Q&A
1

There are 1 best solutions below

0
Avrum Ben Yishai On

you configured use-auth-secret but did not define a secret. it should be like this:

use-auth-secret
static-auth-secret=your-secret

Related Questions in NGINX

Related Questions in SSL

Related Questions in LETS-ENCRYPT

Related Questions in TURN

Related Questions in COTURN

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.