I host Nextcloud at home, and I understand that normally, I should open 3478 TCP and UDP on my firewall and do port forwarding, but:
I use a offsite VPS as a reverse proxy. nc.mydomain.com points to that VPS instead of my home IP. It’s a simple TCP/UDP reverse proxy (FRP) and all traffic would go through there to my local docker host.
So should I…
Proxy 3478 TCP and UDP to the VPS as well, and open the port on the VPS?
Open 3478 TCP and UDP on my local router, and port forward to the docker host?
port 3478 is a STUN/TURN port and you must expose it to your TURN server (coturn is common). if your VPS is capable running coturn in term of resources I would place it there (better from network POV!)… if not open all the way from “outside” to your docker container running TURN server - but this might be not really stable… try it out or book a paid TURN service…
I wasn’t very familiar with TURN/STUN. Sorry for my dumb question. I didn’t know you can have a separate server for it, and I will definitely look into that.
At the meantime, I tried to proxy 3478 from the VPS all the way to the Talk container (the one with NC AIO), and video connection didn’t work. (Test with two phones on their own cell data)
But, when I port forward 3478 from my home router to that container, video chat DID work, which I couldn’t understand at all. There is no DNS record pointing to my home router WAN IP.
this exactly what you should do for STUN/ TURN. TURN doesn’t need any DNS record. coturn (and maybe other TURN products as well) can usually itself detect it’s public IP which is enough to make it work.
