Coturn server behind ReverseProxy and NAT

Hey there

I am trying to get my Coturn server running so I can use Videchats in Nextcloud Talk. Unfortunately, I am trying to get this working since 2 days and i have exhausted all possible solutions I know and was able to find on the internet.

Networking map:
Internet <–> Provider Modem (can’t eliminate) <–> PFSense <–> ReverseProxy (Apache2) <—>Nextcloud/Coturn/etc.

I am trying to route the connections through my ReveseProxy to my coturn server, like I do with all other services running. I have 1 domain with subdomains for each service and one of them is “turn(.)domain(.)org”.

My Apache2 server is running Certbot on it and pulls alls the certificates and manages the SSL between clients and my services. The communication from my ReverseProxy to my services is secured by self signed certificates.

What I tried, is to route everything through 443 as I do with all services. So the Apache2 config for “turn(.)domain(.)org” on vhost 80 is simply rewriting all requests to 443. Here is the COnfig

80 vhost config
	ErrorLog ${APACHE_LOG_DIR}/turn/error.log
	CustomLog ${APACHE_LOG_DIR}/turn/access.log combined

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ServerName      turn(.)domain(.)org

    #HTTPS Redirect
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =turn(.)domain(.)org
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

In the SSL vhost config I redirect all requests and websockets to the Coturn internal ip on default port 3478. I have not setup any SSL self signed certificates on the Coturn server.

443 vhost config

IfModule mod_ssl.c>
<VirtualHost *:443>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/turn/error.log
    CustomLog ${APACHE_LOG_DIR}/turn/access.log combined

    ServerName      turn(.)domain(.)org

    ProxyPreserveHost On
    ProxyVia On
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS

    <Location />
        ProxyPass http://<Coturn IP>:3478/
        ProxyPassReverse /
    </Location>

    <Location /ws>
        ProxyPass ws://<Coturn IP>:3478/
    </Location>

    SSLCertificateFile /etc/letsencrypt/live/turn(.)domain(.)org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/turn(.)domain(.)org/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

I have probably tried every single suggestion online and the one above was just the latest one I tried. I tried a solution with rewrite engine and upgrade the the connection, I tried to manually define the proxypass workers in every thinkable way, but didn’t have luck either.

The last thing I tried, was to basically have the 443 vhost config as the 80 vhost config and therefore have a regular http connection and forwarding to my Coturn server, but that didn’t work either. I am able to successfully add the coturn server in Nextcloud Talk through the internal IP.

The guide I used for setting up the Coturn server was from the official Nextcloud pages and my coturn settings match those, except the “realm” setting, which I set to turn(.)domain(.)org.

The reason i have to use the 3478 Port is because Nextcloud actually doesn’t support TLS connections yet.
Has anyone any possible solution to my problem or sees my configuration issue?

Thanks in advance.

Hey!

You don’t need to proxy a Coturn, just port forward it!

BTW I’m deep in that topic as well, if you want to see check out my post here!

How does that work with TLS encryption? I assume it does have to get a certificate for the coturn domain you specify in the nextcloud talk config?

You really shoud set up your avatar, something like this:

:rofl: