I have an application that has video and sound communication.
I used Webrtc I created the connection like the following code
foundedPC.createOffer(function(desc) {
foundedPC.setLocalDescription(desc, function() {
console.log("Create offer" + callId);
hub.invoke("sendSignal", JSON.stringify({
"sdp": foundedPC.localDescription
}), callId);
});
}, function(error) {
console.log('Error creating session description: ' + error);
});
then I created the answer and return the answer packet
evrey thing works on the local system, I rent a stun server because I found the answer in this linkstack he said the problem is stun and turn server.
but it didn't work for me.
whenever I turn on my VPN and my client also turn on the VPN Webrtc work nicely.
I don't know how the vpn effect on webrtc connection
I am pretty sure the problem is still the lack of a TURN server. I would guess the configuration to access the rented STUN/TURN server was not right.
Maybe try something different, also a very cheap alternative, I use Digital Ocean and installed CoTurn as my STUN/TURN server on a Ubuntu droplet. You pay only $0.007 per hour for the droplet. If you don't use it anymore (I use it for testing at this moment) you just destroy the droplet and you don't pay anymore. If you make a snapshot of the droplet, you can easy reinstall the droplet when you want to use it again. Snapshots costs $0.05/GB/month.
Installing CoTurn on a Ubuntu machine is very easy:
Select Ubuntu 16.04.3 x64 or 17.10 x64 when creating a droplet.
Installing:
sudo apt-get update
sudo apt-get install coturn
Next, edit sudo vi /etc/turnserver.conf and change the following options:
fingerprint
lt-cred-mech
realm=ip-address-public-droplet
listening-ip=ip-address-public-droplet
user=test:test
Next, edit sudo vi /etc/default/coturn and add the following options:
TURNSERVER_ENABLED=1
Create or modify service package for our program:
sudo vi /etc/systemd/system/coturn.service
Then paste the content of this.
After modifying a unit file, you should reload the systemd process itself to pick up your changes:
sudo systemctl daemon-reload
Now the installation is complete, we'll start the Coturn daemon:
sudo systemctl start coturn
Since systemctl doesn't provide output, we'll check the status to verify that the service has started properly:
sudo systemctl status coturn
Now that we've manually started the daemon and verified that it’s running, we'll ensure that it restarts automatically at boot:
sudo systemctl enable coturn
In your app you need something like:
var pcConfig = {
'iceServers': [
{'urls': 'stun:ip-address-public-droplet:5349'},
{'urls': 'turn:ip-address-public-droplet:5349', 'username': 'test', 'credential': 'test'}
]
};
You can force your app using TURN by:
var pcConfig = {
iceTransportPolicy: "relay",
'iceServers': [
{'urls': 'stun:ip-address-public-droplet:5349'},
{'urls': 'turn:ip-address-public-droplet:5349', 'username': 'test', 'credential': 'test'}
]
};
When the connection is established you can check if TURN server (relay) is used by going through the stats page.
Chrome address bar: chrome://webrtc-internals or Firefox address bar: about:webrtc.
Look for the 'bold' header: Conn-audio-1-0 (googCandidatePair)
Use Nothing: googRemoteCandidateType: local
Use of STUN: googRemoteCandidateType: stun
Use of TURN: googRemoteCandidateType: relay
STUN might not be enough and you may need to use TURN as well.
Free servers are great, but they don't cut it for WebRTC - no one exposes his TURN server for others to use as that costs money (a more detailed explanation here).
You will need to install and run your own TURN server or use a third party service such as XirSys or Twilio NAT Traversal.
Related
I want to have a server (webpack dev server) running in codeanywhere using https. How do I go about generating an SSL certificate so I can connect?
Chrome preferably however I will consider other browsers that could handle d3.js.
And the answer is: Run your service on port 3000. Codeanywhere will then auto configure a certificate for you.
To do this edit your webpack.config.js and ensure the following is in your dev server config:
devServer: {
host: '0.0.0.0',
port: 3000
}
If your container is running Apache you will need to stop it first (see http://www.learn4master.com/programming-language/shell/start-restart-and-stop-apache-on-linux the command depends on your host OS).
I have my stun / turn server running on local pc (CoTurn). It is tested on "https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/" and works. I have a domain name and configured the modem with public ip. I configured apache2 to make the site visible to the world. I have active and valid letsencript certificates. Everything works in short. But the test application starts the connection (the external pc communicates with the local via socket.io) but then the video is not seen and the console returns the error: ICE failed, your TURN server appears to be broken, see about:webrtc for more details.
The link of the application that I use as a test, because with my original I had no comparisons to make. First time with socket.io. But socket.io send and receive messages so these not appear a problem for now.
https://github.com/anoek/webrtc-group-chat-example
P.S.:
Ok. Server is behind the nat. My app (but linked app too) work very fine on local network (sorry I checked this point first before). These with my turn/stun server, than with public stun/turns google servers. This evidently indicates a bad setting of apache2 server or/and turn server. Where could I find a guide about it?
My server situation: myServerIpLocal-xxx.xxx.xxx.xxx -> nat/router/modem WithPublicIpStatic-xx.xx.xx.xx. I can see my sites from all the world, but turn server not work outside the local network. Inside local network work ok.
these my turn config:
listening-port=3478
tls-listening-port=5349
alt-listening-port=3479
alt-tls-listening-port=5350
listening-ip=xxx.xxx.xxx.xxx /*mylocal ip*/
relay-ip=xxx.xxx.xxx.xxx /*mylocal ip*/
external-ip=xx.xx.xx.xx /*my public ip on nat/ruter/modem */
min-port=49152
max-port=65535
verbose
fingerprint
userdb=/var/lib/turn/turndb
realm=mysite.com
cert=/etc/ssl/certificate.pem
pkey=/etc/ssl/private.key
dh-file=/etc/turn/dhparam.pem
no-stdout-log
log-file=/myhome/.turn/turn.log
lt-cred-mech
user=myusername:mypasswd
# Turn OFF the CLI support.
# By default it is always ON.
# See also options cli-ip and cli-port.
#
no-cli
#Local system IP address to be used for CLI server endpoint. Default value
# is 127.0.0.1.
#
cli-ip=127.0.1.1
# CLI server port. Default is 5766.
#
cli-port=5766
# CLI access password. Default is empty (no password).
#
cli-password=logen
no-sslv3
no-tlsv1
my old code on turn.conf:
lt-cred-mech
user=myusername:mypasswd
but turn work only locally .... probabily because I use:
sudo turnserver -L myPublicIp -o -a myrealm
at every coturn start command ....
actually I try not use the command "turnserver" and I try to use onlu sudo coturn start .....
basically in my turn.conf file I change these:
lt-cred-mech
user=mypasswd:myusername /***** mind the gap ;) *****/
these because my index.js file debug never see my external connection as authrized user ..... magically at these time my app perform webrtc multiple connection with every pc and mobile .... inside and outside my lan .... (I try connect my appa from phone in barcelona spain to other one in london with good result).
May be coturn wiki need to update?
Finally I would like to thank the serverfault and super-user guys who rejected my question. Since I had to make arrangements, I was able to acquire new and interesting information on this subject.
regards
Just a bit of background first.
I have installed coturn server in my local machine (Behind a firewall and with local IP).
I have created a port forwarding for cotrun server lets say my local ip is: 192.168.0.11:3478 is mapped with my public ip 10.1.10.212:3478.
When I use some online utility to check my public IP has this port open it? that utility shows that it is open.
I am trying to test this server using this fiddle: Code to test TURN server
I removed the stun configuration from it, and added my live ip and port. And when I try to test it, it says your TURN server is broken in console on web browser. And I see failed as output.
I have also used following commands to create a user from this link.
Wiki to Coturn Configuration
// created test user
sudo turnadmin -a -u test -r test -p test
// enabling admin support in web (not sure how to access it in browser)
sudo turnadmin -A -u test -p test
I start the turn server using following command:
turnserver -L 192.168.0.11 -a -f -v -X -r test
I have enabled the "TURNSERVER_ENABLED"
/etc/default/coturn
TURNSERVER_ENABLED=1
Screenshot of my about:webrtc:
Please find the below attached Screen shot for my about:webrtc. I am not sure what is missing.
EDIT-1
I can also see the incoming packet message processed, error 401: Unauthorized in the console of TURN server
EDIT-2
I resolved the TURN server related issue, added the turn server in client code as well, still facing issue, call is not going through,
Update
Here is what I found, the reason why it wasn't working earlier was due to a defective router in the network. This thing has harassed me for almost a month (however the internet used to work fine). But I found that there is a loss of packets and I switch to LAN cable I even avoided the firewall of the organization and there it was working just fine. Then I configured the rules in firewall and it started working as well.
A few issues that might be causing this:
The -X option requires an argument - the external IP if the TURN server is behind a NAT.
If you are setting all your parameters on the command line, you should include -n to ensure that it does not load an unrelated configuration file.
TURNSERVER_ENABLED=1 is to start turnserver with default configuration at system boot. You do not want this if you are starting turnserver manually from the command line.
https://github.com/coturn/coturn/blob/master/README.turnserver
" I have created a port forwarding for CoTurn server lets say my local ip is: 192.168.0.11:3478 is mapped with my public ip 10.1.10.212:3478."
Now surely you are aware that the private address-spaces in IPV4 are (private IP ranges):
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
So, your first IP is in the last private IP range, and your so-called "public IP" is in the first private IP-range. Now you need to find your TRUE REAL public-IP address to try to connect to it from outside. I would say that it looks like your ISP has you behind a NAT. So your TURN server might be behind two NATs. Which is kind of ironic situation for a server designed to help penetrate NATs of webRTC-clients. You might want to try to put CoTurn somewhere where it is possible for it to work like AWS (special case of CoTurn friendly NAT).
Just recently got (well with lots of help -- that even did the most of the work) CoTurn to work in cloud and on local Ubuntu ;-) (never stopped me from bragging though). Though there is troubling few srflx-call-successes yet (mostly local network or relay(TURN) calls). :-D
I have a problem with my registry docker. My "server" VM is on kali-linux. I created the registry docker in HTTP and use a centOS VM as a client. I declared the registry insecure in the client VM and it worked perfectly.
Now I try to put it in HTTPS. In order to do that, I use nginx as a proxy. I followed this tutorial : Step 5 — Setting Up SSL except for Part 8 to make it a service (I don't know why but i can't do it).
Because I don't have a domain name, I used a fake one. In order to be recognized, I added my IP (192.168.X.X) and the domain name I used (myregistryexemple) to the /etc/hosts file on both VM.
As asked by the tutorial, I generated the certificat on my "server" VM (the kali one), and send it by scp to my client VM. I make the centOS vm trust the certificate thanks to this commands :
yum install ca-certificates
update-ca-trust force-enable
cp cert.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
I restart the service docker on the client VM. And launch the docker registry and the nginx proxy with "docker-compose up" on my kali VM.
I tag and try to push an ubuntu on the registry :
docker tag ubuntu myregistryexemple/ubuntu
docker push myregistryexemple/ubuntu
But I get this error :
The push refers to a repository [docker.io/myregistryexemple/ubuntu]
56827159aa8b: Preparing
440e02c3dcde: Preparing
29660d0e5bb2: Preparing
85782553e37a: Preparing
745f5be9952c: Preparing
denied: requested access to the resource is denied
Then I try to push to localhost directly :
docker tag ubuntu localhost:5000/ubuntu & docker push localhost:5000/ubuntu
then I docker login on the domain from the client VM, it worked, but when i tried to pull from my domain registry on the client VM, docker cannot find on the registry the docker images i tried to push.
Do someone has any idea why and knows how to help me ?
Ok so i found a way to make it work.
It is quite simple : Juste follow the complete tutorial I quote on the question ( https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04#step-5-%E2%80%94-setting-up-ssl )
After you created the repository, and before you push/pull a docker image.
You need to go, in both client and server VM, on /etc/hosts .
Add the line : domainChosen serverVmIp
Save and quit it.
Now we need the client to trust the certificate generated. In order to do that, you can use this tutorial : http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html .
Then restart your registry and your docker deamon. And you normaly can use your domain name to push/pull in your registry in https.
Trying to put together a project running an express server and gulp, browsersync, nodemon and mongodb. However I seem to be an Error: listen EADDRINUSE when I add browsersync. Any idea how to do this?
This means you already have a program listening on the port you are trying to use. What port are you running your application on? Is it 3000? If so, stop all other programs you have running that are using that port and you'll be good to go.
Are you defining in the browser-sync configuration the port to use?
In that case, the port needs to be something different from the one (if any) defined from the proxy. This works in my setup:
gulp.task('browser-sync', ['nodemon'], function() {
browserSync.init(null, {
proxy: "http://localhost:3000",
browser: ['google chrome'],
port: 4000
});
});
As reference, the full gulpfile.js (that uses nodemon and browsersync) is here.