Hey,
is it even possible to run Coturn behind a reverse proxy (Nginx) as a turn server?
I can’t connect to my turn server.
I want the turn-server to run on port 443.
But I can see the admin login at https://my.domain.de
The login just doesn’t work. (I created the admin with “turnadmin -A -u name -p PW”.)
My configuration:
The Nginx configuration and turnserver.conf use the same certificates, DH-key!
tunserver.conf:
#listening-port=3478
tls-listening-port=5349
listening-ip=127.0.0.1
relay-ip=127.0.0.1
fingerprint
lt-cred-mech
realm=my.domain.de
total-quota=100
bps-capacity=0
stale-nonce
use-auth-secret
static-auth-secret=cexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo5q
cert=/etc/nginx/ssl/my.domain.de_ecc/fullchain.cer
pkey=/etc/nginx/ssl/my.domain.de_ecc/my.domain.de.key
dh-file=/etc/nginx/ssl/dhparams.pem
cipher-list=“ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128”
ec-curve-name=prime256v1
no-stun
no-loopback-peers
no-multicast-peers
no-stdout-log
simple-log
log-file=/var/log/turn.log
syslog
no-tlsv1
no-tlsv1_1
Nginx config:
upstream coturn {
server 127.0.0.2:5349;
server 127.0.0.2:3478;
}
server {
listen 80;
#listen [::]:80;
server_name my.domain.de;
root /nowhere;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl;
#listen [::]:443 ssl;
server_name my.domain.de;
root /nowhere;
ssl on;
ssl_certificate /etc/nginx/ssl/my.domain.de_ecc/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/my.domain.de_ecc/my.domain.de.key;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128';
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_ecdh_curve prime256v1;
access_log /var/log/nginx/turn.log;
location / {
proxy_pass https://coturn;
}
}