Hey there
I am trying to get my Coturn server running so I can use Videchats in Nextcloud Talk. Unfortunately, I am trying to get this working since 2 days and i have exhausted all possible solutions I know and was able to find on the internet.
Networking map:
Internet <–> Provider Modem (can’t eliminate) <–> PFSense <–> ReverseProxy (Apache2) <—>Nextcloud/Coturn/etc.
I am trying to route the connections through my ReveseProxy to my coturn server, like I do with all other services running. I have 1 domain with subdomains for each service and one of them is “turn(.)domain(.)org”.
My Apache2 server is running Certbot on it and pulls alls the certificates and manages the SSL between clients and my services. The communication from my ReverseProxy to my services is secured by self signed certificates.
What I tried, is to route everything through 443 as I do with all services. So the Apache2 config for “turn(.)domain(.)org” on vhost 80 is simply rewriting all requests to 443. Here is the COnfig
80 vhost config
ErrorLog ${APACHE_LOG_DIR}/turn/error.log
CustomLog ${APACHE_LOG_DIR}/turn/access.log combined
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName turn(.)domain(.)org
#HTTPS Redirect
RewriteEngine on
RewriteCond %{SERVER_NAME} =turn(.)domain(.)org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
In the SSL vhost config I redirect all requests and websockets to the Coturn internal ip on default port 3478. I have not setup any SSL self signed certificates on the Coturn server.
443 vhost config
IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/turn/error.log
CustomLog ${APACHE_LOG_DIR}/turn/access.log combined
ServerName turn(.)domain(.)org
ProxyPreserveHost On
ProxyVia On
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
<Location />
ProxyPass http://<Coturn IP>:3478/
ProxyPassReverse /
</Location>
<Location /ws>
ProxyPass ws://<Coturn IP>:3478/
</Location>
SSLCertificateFile /etc/letsencrypt/live/turn(.)domain(.)org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/turn(.)domain(.)org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
I have probably tried every single suggestion online and the one above was just the latest one I tried. I tried a solution with rewrite engine and upgrade the the connection, I tried to manually define the proxypass workers in every thinkable way, but didn’t have luck either.
The last thing I tried, was to basically have the 443 vhost config as the 80 vhost config and therefore have a regular http connection and forwarding to my Coturn server, but that didn’t work either. I am able to successfully add the coturn server in Nextcloud Talk through the internal IP.
The guide I used for setting up the Coturn server was from the official Nextcloud pages and my coturn settings match those, except the “realm” setting, which I set to turn(.)domain(.)org.
The reason i have to use the 3478 Port is because Nextcloud actually doesn’t support TLS connections yet.
Has anyone any possible solution to my problem or sees my configuration issue?
Thanks in advance.