Hello Yarema,
sorry had no time and HW so far to experiment
it would be more reasonable to have
listening-port=80
in this case (due to it insecure)
>> The only problem remain, that session recording files are
>> wav file, not avi. Do you have a clue what is the reason is? Coul it
>> be a ffmpeg issue?
During session recording intermediate files are *.webm
Later *.wav is extracted/generated to create *.mp4 (not avi)
Could you check if you have *.webm in `data` folder?
On Sat, 28 Mar 2020 at 18:43, YUP <yupad...@gmail.com> wrote:
> Maxim,
> Finally I managed to launch openmeetings with kurento and coturn. The
> problem was in coturn server which didn't work as expected. I
> installed coturn server on my private laptop (no firewall and NAT)
> which listens on port 443, with the following configuration:
>
> listening-port=443
> tls-listening-port=5349
> verbose
> lt-cred-mech
> user=kurento:kurento
> realm=my_openmeetings_server_domain
> log-file=/var/log/turnserver/turn.log
>
> After that all openmeetings users can see each other cameras and hear
> each other. The only problem remain, that session recording files are
> wav file, not avi. Do you have a clue what is the reason is? Coul it
> be a ffmpeg issue?
>
> Best,
> Yarema
>
>
> On Thu, Mar 19, 2020 at 9:43 PM YUP <yupad...@gmail.com> wrote:
> >
> > Maxim,
> > I made a mistake, in nginx configuration section for openmetings port
> > should be 5443 instead of 5080, sorry for that.
> > I also forgot to mention that only tcp requests are allowed in our
> > firewall, udp if prohibited, as far as know.
> > Can you examine my configs and say what is wrong?
> >
> > Regards,
> > Yarema
> >
> > location /openmeetings {
> > proxy_pass http://localhost:5080/openmeetings;
> >
> > proxy_set_header Host $host;
> > proxy_http_version 1.1;
> > proxy_set_header Upgrade $http_upgrade;
> > proxy_set_header Connection "upgrade";
> >
> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > proxy_set_header Referer 'https://$host/openmeetings/';
> > proxy_set_header X-Real-IP $remote_addr;
> > }
> >
> > On Mon, Mar 16, 2020 at 5:01 PM YUP <yupad...@gmail.com> wrote:
> > >
> > > Please take your time.
> > > I gonna describe my set up briefly .
> > >
> > > Initial data:
> > > External nat has address external_nat_ip
> > > All external ports are closed except 443
> > > From inside allowed only http connections to ports 80, 8080, 443 and 22
> > >
> > > Openmeetings runs in docker, I use docker-compose with the following
> > > docker-compose.yml:
> > >
> > > version: '3.7'
> > > services:
> > > openmeetings:
> > > image: apache/openmeetings:min-5.0.0-M3
> > > ports:
> > > - "5080:5080"
> > > - "5443:5443"
> > > volumes:
> > > - ~/openmeetings/omdata:/opt/omdata
> > > - ~/openmeetings/logs:/opt/openmeetings/logs
> > > environment:
> > > - OM_KURENTO_WS_URL=ws://kurento:8888/kurento
> > > - TURN_USER=kurento
> > > - TURN_PASS=kurento
> > > - TURN_URL=external_nat_ip?transport=tcp
> > > - OM_DB_TYPE=mysql
> > > - OM_DB_HOST=172.17.0.1
> > > - OM_DB_PORT=3306
> > > - OM_DB_USER=om_user
> > > - OM_DB_PASS=om_passwd
> > > - OM_DB_NAME=openmeetings
> > > depends_on:
> > > - kurento
> > > - coturn
> > > restart: unless-stopped
> > > kurento:
> > > image: kurento/kurento-media-server
> > > ports:
> > > - "8888:8888"
> > > environment:
> > > - KMS_TURN_URL=kurento:kurento@external_nat_ip?transport=tcp
> > > restart: unless-stopped
> > > coturn:
> > > image: kurento/coturn-auth
> > > ports:
> > > - "3478:3478"
> > > environment:
> > > - LISTENING_PORT=3478
> > > - REALM=kurento.org
> > > - USER=kurento
> > > - PASSWORD=kurento
> > > restart: unless-stopped
> > >
> > > I use sslh https://github.com/yrutschle/sslh to connect do different
> > > services behind nat with the following configuration:
> > >
> > > verbose: true
> > > timeout: 18000;
> > > listen:
> > > (
> > > { host: "internal_nat_ip"; port: "443"; }
> > > );
> > > protocols:
> > > (
> > > # ssh:
> > > { name: "ssh"; service: "ssh"; host: "localhost"; port: "22";
> > > probe: "builtin"; },
> > > # openvpn:
> > > { name: "openvpn"; host: "localhost"; port: "1194"; probe:
> "builtin"; },
> > > # nginx:
> > > { name: "ssl"; host: "localhost"; port: "2443"; probe: "builtin";
> > > log_level: 0;},
> > > # coturn:
> > > { name: "regex"; host: "localhost"; port: "3478"; regex_patterns:
> > > [ "\x21\x12\xa4\x42" ]; }
> > > );
> > > transparent: true;
> > >
> > >
> > > And nginx configuration (there are another services, I left only
> > > openmeetings and kurento (do I really need to have kurento websocket
> > > outside nat?))
> > >
> > >
> > > server {
> > > listen 2443 ssl http2;
> > > listen [::]:2443 ssl http2;
> > > server_name localhost;
> > >
> > > autoindex on;
> > > root /srv/http/;
> > > index index.php index.html index.htm;
> > >
> > > # ssl_certificate /etc/httpd/conf/server.crt;
> > > # ssl_certificate_key /etc/httpd/conf/server.key;
> > >
> > > include conf/001-certbot.conf;
> > >
> > > # ssl on;
> > > ssl_session_cache builtin:1000 shared:SSL:10m;
> > > ssl_protocols TLSv1 TLSv1.1; #TLSv1.2;
> > > # ssl_ciphers
> HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
> > > # ssl_prefer_server_ciphers on;
> > >
> > >
> > > proxy_headers_hash_max_size 512;
> > > proxy_headers_hash_bucket_size 128;
> > >
> > > location ~ [^/]\.php(/|$) {
> > > fastcgi_split_path_info ^(.+\.php)(/.+)$;
> > > fastcgi_index index.php;
> > > fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
> > > include fastcgi.conf;
> > > fastcgi_param PATH_INFO $fastcgi_path_info;
> > > fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
> > > }
> > >
> > > # User directories, e.g. http://example.com/~user/ :
> > > location ~ ^/~(.+?)(/.*)?$ {
> > > alias /home/$1/public_html$2;
> > > index index.html index.htm;
> > > autoindex on;
> > > auth_pam "Restricted Zone";
> > > auth_pam_service_name "nginx";
> > > }
> > >
> > > # Deny static files
> > > location ~ ^/(README|LICENSE|ChangeLog|DCO)$ {
> > > deny all;
> > > }
> > >
> > > # Deny .md files
> > > location ~ ^/(.+\.md)$ {
> > > deny all;
> > > }
> > >
> > > # Deny setup directories
> > > location ~ ^/(doc|sql|setup)/ {
> > > deny all;
> > > }
> > > }
> > >
> > > location /openmeetings {
> > > proxy_pass http://localhost:5080/openmeetings;
> > >
> > > proxy_set_header Host $host;
> > > proxy_http_version 1.1;
> > > proxy_set_header Upgrade $http_upgrade;
> > > proxy_set_header Connection "upgrade";
> > >
> > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > > proxy_set_header Referer 'https://$host/openmeetings/';
> > > proxy_set_header X-Real-IP $remote_addr;
> > > }
> > >
> > > location /kurento {
> > > # prevents 502 bad gateway error
> > > proxy_buffers 8 32k;
> > > proxy_buffer_size 64k;
> > > # redirect all HTTP traffic to localhost:8088;
> > > proxy_pass http://0.0.0.0:8888/kurento;
> > > # proxy_set_header X-Real-IP $remote_addr;
> > > # proxy_set_header Host $http_host;
> > > # proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> > > #proxy_set_header X-NginX-Proxy true;
> > > # enables WS support
> > > proxy_http_version 1.1;
> > > proxy_set_header Upgrade $http_upgrade;
> > > proxy_set_header Connection "upgrade";
> > > proxy_read_timeout 999999999;
> > > }
> > >
> > > add_header X-Frame-Options SAMEORIGIN;
> > > add_header X-Content-Type-Options nosniff;
> > > }
> > >
> > >
> > >
> > > On Mon, Mar 16, 2020 at 1:39 PM Maxim Solodovnik <solomax...@gmail.com>
> wrote:
> > > >
> > > > Hello Yarema,
> > > >
> > > > sorry for keeping silence
> > > > I'll try to investigate this config later this week
> > > > To much day time job right now :(
> > > >
> > > > Please share your further findings here if any :)
> > > >
> > > > On Mon, 16 Mar 2020 at 09:04, YUP <yupad...@gmail.com> wrote:
> > > > >
> > > > > Maxim,
> > > > > I was also managed to install coturn on external server which
> listen
> > > > > on port 443. Kurento connects to this port (via TURN_URL,
> > > > > TURN_USER,TURN_PASS), I can see it in logs. I see in logs that
> > > > > openmeetings connects to kurento. But I don't understand why all my
> > > > > construction not working as needed? I still can't make settings
> test,
> > > > > record and play sample, two users can't see each other videos from
> > > > > cameras.
> > > > > Here I should to see to find the solution?
> > > > >
> > > > > On Sun, Mar 15, 2020 at 7:23 PM YUP <yupad...@gmail.com> wrote:
> > > > > >
> > > > > > I was able to connect to kurento websocket which is proxified by
> > > > > > nginx, the solution was very simple, put wss instead of https,
> > > > > > probably for some reasons openmeetings needs to have ws or wss
> in the
> > > > > > input url:
> > > > > > - OM_KURENTO_WS_URL=wss://external_server_ip_address/kurento
> > > > > > But it is not solved the issue with recording audio/video in
> test and
> > > > > > different users.
> > > > > >
> > > > > > On Sun, Mar 15, 2020 at 10:16 AM YUP <yupad...@gmail.com> wrote:
> > > > > > >
> > > > > > > No, it is not a reason, checked.
> > > > > > >
> > > > > > > On Sun, Mar 15, 2020 at 10:10 AM YUP <yupad...@gmail.com>
> wrote:
> > > > > > > >
> > > > > > > > Server has self-signed certificate, can it be a reason?
> > > > > > > >
> > > > > > > > On Sun, Mar 15, 2020 at 9:38 AM YUP <yupad...@gmail.com>
> wrote:
> > > > > > > > >
> > > > > > > > > Just to inform you, I made proxified kurento websocket in
> nginx and I
> > > > > > > > > can connect to it:
> > > > > > > > > $ wscat -n --connect
> https://external_server_ip_address/kurento
> > > > > > > > > (node:24082) [DEP0123] DeprecationWarning: Setting the TLS
> ServerName
> > > > > > > > > to an IP address is not permitted by RFC 6066. This will
> be ignored in
> > > > > > > > > a future version.
> > > > > > > > > Connected (press CTRL+C to quit)
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > > I set
> > > > > > > > > - OM_KURENTO_WS_URL=
> https://external_server_ip_address/kurento
> > > > > > > > > but got
> > > > > > > > > o.a.o.c.r.KurentoHandler:124 [pool-1-thread-1] - Fail to
> create
> > > > > > > > > Kurento client, will re-try in 10000 ms
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Sun, Mar 15, 2020 at 8:56 AM YUP <yupad...@gmail.com>
> wrote:
> > > > > > > > > >
> > > > > > > > > > Can we just proxify kurento websocket? Something like
> this
> > > > > > > > > > https://gist.github.com/steve-ng/ed6de1fa702ef70bd6ce ?
> > > > > > > > > >
> > > > > > > > > > On Sun, Mar 15, 2020 at 8:41 AM Maxim Solodovnik <
> solomax...@gmail.com> wrote:
> > > > > > > > > > >
> > > > > > > > > > > It seems I misread your previous email "all ports
> except 443, 80, 8080 and 22."
> > > > > > > > > > > I'm afraid you need more open ports ...
> > > > > > > > > > >
> > > > > > > > > > > I'm not sure but I would investigate if KMS/TURN URLs
> can be set up
> > > > > > > > > > > for context i.e.
> > > > > > > > > > > yourserver:4278/turn, yourserver:8888/kms in this case
> you can proxy them ....
> > > > > > > > > > >
> > > > > > > > > > > On Sun, 15 Mar 2020 at 14:32, YUP <yupad...@gmail.com>
> wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > It nothing changes, only 443 is open to the world.
> > > > > > > > > > > >
> > > > > > > > > > > > On Sun, Mar 15, 2020 at 8:24 AM Maxim Solodovnik <
> solomax...@gmail.com> wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > Maybe you can set up KMS to use 8080?
> > > > > > > > > > > > > TURN requires more open port to handle "totally
> closed" networks ...
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Sun, 15 Mar 2020 at 14:18, YUP <
> yupad...@gmail.com> wrote:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > It seems to me that I found what is happening.
> Firewall blocks all non
> > > > > > > > > > > > > > http requests out to all ports except 443, 80,
> 8080 and 22. That is
> > > > > > > > > > > > > > why I don't have connection to outside turn ans
> stun servers. Is it
> > > > > > > > > > > > > > possible to connect to those server in such
> conditions? Tunnels?
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On Fri, Mar 13, 2020 at 1:09 AM YUP <
> yupad...@gmail.com> wrote:
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Hello all,
> > > > > > > > > > > > > > > Could someone help me with configuration of my
> OM setup? Any help will
> > > > > > > > > > > > > > > be greatly appreciated.
> > > > > > > > > > > > > > > I have a server which is for several reasons
> behind NAT, only 443 port
> > > > > > > > > > > > > > > is open. There is sslh balancer, which
> redirect external traffic to
> > > > > > > > > > > > > > > different targets: nginx, openvpn, etc.
> Openmeetings 5.0.0-M3 minimal
> > > > > > > > > > > > > > > installed in container behind nginx proxy and
> works well, except audio
> > > > > > > > > > > > > > > and video. When I perform setup check after
> logged in (video camera
> > > > > > > > > > > > > > > and microphone) I can see myself in camera and
> can also see increasing
> > > > > > > > > > > > > > > and decreasing green line, which indicate
> microphone level, but I
> > > > > > > > > > > > > > > can't save and replay the testing record. As
> far I understand the
> > > > > > > > > > > > > > > problem is in NAT, so I had to use kurento
> server with TURN server. I
> > > > > > > > > > > > > > > did that by adding the environment variables
> for kurento server in
> > > > > > > > > > > > > > > docker container with the corresponding data
> for turn.anyfirewall.com:
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > - KMS_STUN_IP=130.211.143.110
> > > > > > > > > > > > > > > - KMS_STUN_PORT=443
> > > > > > > > > > > > > > > - KMS_TURN_URL=
> webrtc:webrtc@130.211.143.110:443?transport=tcp
> > > > > > > > > > > > > > > and the same for openmeetings docker container:
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > - TURN_USER=webrtc
> > > > > > > > > > > > > > > - TURN_PASS=webrtc
> > > > > > > > > > > > > > > - TURN_URL=
> 130.211.143.110:443?transport=tcp
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > After restarting it allowed me immediately to
> perform network test
> > > > > > > > > > > > > > > (except ip ping), but not resolved the issue
> with camera and
> > > > > > > > > > > > > > > microphone.
> > > > > > > > > > > > > > > When I connect to OM server with help of vpn
> (so I and OM server are
> > > > > > > > > > > > > > > in the same network) everything works as
> needed. I can save and replay
> > > > > > > > > > > > > > > video, I can hear myself, two OM users
> connected by vpn to OM server
> > > > > > > > > > > > > > > can talk to each other, etc. But it is not an
> option use vpn
> > > > > > > > > > > > > > > connection...
> > > > > > > > > > > > > > > I spent two days to find what I did wrong. I
> tried another TURN and
> > > > > > > > > > > > > > > STUN servers, different type of configurations
> and so on, nothing
> > > > > > > > > > > > > > > helped.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Regards,
> > > > > > > > > > > > > > > Yarema
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > --
> > > > > > > > > > > > > WBR
> > > > > > > > > > > > > Maxim aka solomax
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > --
> > > > > > > > > > > WBR
> > > > > > > > > > > Maxim aka solomax
> > > >
> > > >
> > > >
> > > > --
> > > > WBR
> > > > Maxim aka solomax
>
--
WBR
Maxim aka solomax
