I've set up my turn server, and tested on IceTricklePage.
The non-secure port 3478 works just fine, I can gather a candidate with type "relay".
But with the secure port (TLS) 5349, it always failed.
The server turn:xx.xx.xx.xx:5349?transport=tcp returned an error with code=701.
Below is my turnserver.conf file:
# /etc/turnserver.conf
# STUN server port is 3478 for UDP and TCP, and 5349 for TLS.
# Allow connection on the UDP port 3478
listening-port=3478
# and 5349 for TLS (secure)
tls-listening-port=5349
external-ip= xx.xx.xx.xx
listening-ip=0.0.0.0
allow-loopback-peers
no-multicast-peers
min-port = 49152
max-port = 49365
verbose
# Require authentication
fingerprint
lt-cred-mech
# We will use the longterm authentication mechanism, but if
# you want to use the auth-secret mechanism, comment lt-cred-mech and
# uncomment use-auth-secret
# Check: https://github.com/coturn/coturn/issues/180#issuecomment-364363272
#The static auth secret needs to be changed, in this tutorial
# we'll generate a token using OpenSSL
#use-auth-secret
# static-auth-secret=replace-this-secret
# ----
# If you decide to use use-auth-secret, After saving the changes, change the auth-secret using the following command:
# sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
# This will replace the replace-this-secret text on the file with the generated token using openssl.
# Specify the server name and the realm that will be used
# if is your first time configuring, just use the domain as name
server-name=turn.mydomain.com
realm=turn.mydomain.com
#
# Important:
# Create a test user if you want
# You can remove this user after testing
user=user:password
total-quota=100
stale-nonce=600
# Path to the SSL certificate and private key. In this example we will use
# the letsencrypt generated certificate files.
cert=/etc/coturn/turn_cert/turn.mydomain.com/cert.pem
pkey=/etc/coturn/turn_cert/turn.mydomain.com/privkey.pem
# Specify the allowed OpenSSL cipher list for TLS/DTLS connections
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
# Specify the process user and group
proc-user=turnserver
proc-group=turnserver
# Log file path
log-file=/var/log/turnserver.log
simple-log
#syslog
I also config my router to port-redirect any transport to public xx.xx.xx.xx:5349 to the internal server running TURN server (similar to the way I did with 3478).
Below is the config:
Anyone get an idea how to fix this? Thanks
Try telnet xx.xx.xx.xx 5349 to see whether connecting successfully or not. If you got telnet: Unable to connect to remote host: Connection refused then your network config is incorrect and need to be changed. Here is something related
Ubuntu 16.04 / ROS v1.3.0
I am attempting to configure my ROS to use secure SSL connections.
If I do not make any changes to the configuration.yml - ROS is fine. I can sync and use the dashboard as I would expect.
I have obtained an SSL cert from Letsencrypt. I used the CertBot in standalone mode so that I did not have to install or configure Nginx. (My preference is to not install yet another tech/layer - keep it clean!)
I have the following certificates/key stored in this folder:
/etc/letsencrypt/live/data.mydomain.net/cert.pem
/etc/letsencrypt/live/data.mydomain.net/chain.pem
/etc/letsencrypt/live/data.mydomain.net/fullchain.pem
/etc/letsencrypt/live/data.mydomain.net/privkey.pem
As soon as I enable HTTPS in the configuration.yml I am unable to launch ROS.
There are no error messages written to:
/var/log/realm-object-server.log
Here is a copy of the proxy section of configuration.yml.
http:
## Whether or not to enable the HTTP proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
# enable: true
## The address/interface on which the HTTP proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
# listen_address: '::'
## The port that the HTTP proxy module should bind to.
# listen_port: 9080
https:
## Whether or not to enable the HTTPS proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
## Note that even if it enabled, the HTTPS proxy will only start if supplied
## with a valid pair of certificates through certificate_path and private_key_path below.
enable: true
## The path to the certificate and private keys (in PEM format) that will be used
## to set up the HTTPS server accepting connections.
## These configuration options are MANDATORY to start the HTTPS proxy module.
certificate_path: '/etc/letsencrypt/live/data.mydomain.net/fullchain.pem'
private_key_path: '/etc/letsencrypt/live/data.mydomain.net/privkey.pem'
## The address/interface on which the HTTPS proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
# listen_address: '::'
## The port that the HTTPS proxy module should bind to.
listen_port: 9443
As I mention. The issue appears to be that as soon as I configure HTTPS the ROS server fails to start. If I disable the HTTPS then the ROS server starts without issue.
The reason I believe ROS is failing to start is - if I attempt curl 127.0.0.1:9080 or curl 127.0.0.1:9443 from the terminal I get the message curl: (7) Failed to connect to 127.0.0.1 port 9443: Connection refused
I'd love to hear your ideas/thoughts/suggestions on how I can get this to work. Cheers. Ian
Thanks to user #Radu - the answer was Permissions.
The realm user did not have permission to read the .pem files.
I picked up the answer from this answer.
Https Proxy for Realm Object Server not working
#Radu - is the man!
I am trying to use httpd interface to view monit results in web browser.
I have used the below commands in my monitrc file.
set httpd port 2812
allow monit:monit
But when i try to log into web browser with http://localhost:2812/
The page fails with page not found error.
I have ensured that there is no firewall restriction for localhost:2812 port and also from the local host, the port is listening for monit.
$netstat -nlpt |grep 2812
tcp 0 0 0.0.0.0:2812 0.0.0.0:* LISTEN 42291/monit
I dont even get any failure logs under monit.log
Appreciate your help on this concern.
If you want to be able to access from "localhost", you need also the following line:
set httpd port 2812
allow localhost # <-----
allow monit:monit
Regards
Reference: https://www.mmonit.com/monit/documentation/monit.html#MONIT-HTTPD
I followed the steps in http://nil.uniza.sk/sip/installing-and-configuring-restund-stunturn-server to set up a restund server.
When I test it by stun, the result is
STUN client version 0.96
Primary: Blocked or could not reach STUN server
Return value is 0x00001c
Attached the config file
#
# restund.conf
#
# core
daemon yes
debug yes
realm myrealm
syncinterval 600
udp_listen 192.168.1.25:3478
#udp_listen 1.2.3.4:3478
udp_sockbuf_size 524288
tcp_listen 192.168.1.25:3478
#tcp_listen 1.2.3.4:3478
# modules
module_path /usr/local/lib/restund/modules
module stat.so
module binding.so
#module auth.so
module turn.so
#module mysql_ser.so
module syslog.so
module status.so
# auth
auth_nonce_expiry 3600
# turn
turn_max_allocations 512
turn_max_lifetime 600
turn_relay_addr 192.168.1.25
#turn_relay_addr6 ::1
# mysql
#mysql_host localhost
#mysql_user ser
#mysql_pass heslo
#mysql_db ser
#mysql_ser 0
# syslog
syslog_facility 24
# status
#status_udp_addr 127.0.0.1
#status_udp_port 33000
status_http_addr 192.168.1.25
status_http_port 8080
Any suggestion? Thanks in advance.
It looks like you are hosting your STUN/TURN server from behind a NAT. I'm guessing that from the looks of your conf file that lists 192.168.1.25 as the listening port. If your client is from the outside of your NAT, make sure you have the proper port forwarding setup.
Otherwise, the most common case for this problem is that the host server has a firewall rule that blocks incoming traffic by default. Check your firewall settings (iptables) on the host box as appropriate.
I am a newbie with Apache. I am learning .. after the installation when I tried to start the service I got the following errors.
The Apache service named reported the following error:
Unable to open logs .
The Apache service named reported the following error:
no listening sockets available, shutting down .
The Apache service named reported the following error:
(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 .
The Apache service named reported the following error:
httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.6 for ServerName .
The following error usually means that some other program is listening on the HTTP port (80).
(OS 10048)Only one usage of each
socket address (protocol/network
address/port) is normally permitted. :
make_sock: could not bind to address
0.0.0.0:80 .
In my experience, IM (chat) clients like to connect to port 80.
From a command prompt, (cmd.exe) run the command:
netstat -an
See if there is a listener on port 80 (Look for a line that says:
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
=== ====
the important thing being TCP and 80. If you find something, you'll need to track it down using something like TcpView
If Skype is your problem and it seems it usually is, alter Skype's port usage.
Click on Tools in Skype,
click on Options,
click Advanced,
click Connections.
In Connection is the option to use another port, I use a high numbered port such as 65432, then un-click the alternative use of port 80 and 443.
Close and restart Skype.
modifying C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd sloved the problem.
If you had installation problems, note that you might experience some errors such “ no services installed ”
if Apache is trying to share port 80 with another web server or application, such as a locally installed
firewall application. To fix this, you can tell Apache to use a different port. Open your httpd.conf file
in the conf subdirectory ( C:\Program Files\Apache Software Foundation\Apache2.2\conf by
default) and locate the following lines:
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the < VirtualHost >
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80
Change the last line of this block to read:
Listen 8080
skype uses port 80, try logout and shut down the program...
now run apache
if you are using windows os and believe that skype is not the suspect, then you might want to check the task manager and check the "Show processes from all users" and make sure that there is NO entry for httpd.exe. Otherwise, end its process. That solves my problem.
Changing in the config file every occurrence of the path to apache (eg: "C:/Users/xxxx/Desktop/Apache Software Foundation/") to the new location (in case you shifted directory of apache installation by copy paste) solved my problem. Hope it helps you too..
Please note that, not only http port 80, may your ssl port 443 is being used by any other service or software.
I have installed vmware workstation on my PC, so a process which was initiated by Vmware Workstation was using ssl port 443.
In my case, it was vmware-hostd.exe which was utilizing ssl port 443.
Try shutting down vmware-hostd.exe or simply change your ssl-httpd.conf and modify Listen from 443 to 8080 or something else.
While choosing the port number please be sure that you don't enter any port which can be used by any other software on your PC.
just provide the listen address and port in httpd.conf file. that will not show IP related error as
Listen IP_ADDRESS:PORT
If you change port ( not port 80) then port conflict will not occur and server comes up.
Below blog may help you :-
http://apache2-4-9-webserver-installation.blogspot.com/2014/06/how-to-install-apache-http-server.html
Port 80 conflict. There are a number of well-known Windows programs which use
port 80:
IIS
The most likely culprit is Microsoft Internet Information Server. Stop the
service with the command from the command line on Windows 7/Vista:
net stop was /y
If needed start the services again with the command from the command line on
windows /Vista:
net start was /y