-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebRTC support with Coturn #16
base: main
Are you sure you want to change the base?
Changes from all commits
f9d818f
9829c0b
11190bc
2eca74a
2f06d2b
da0befd
27fb467
3e0f7bb
80aa013
96f1a32
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,26 @@ | ||
version: "3.9" | ||
services: | ||
coturn: | ||
environment: | ||
REALM: ret | ||
PSQL: host=db dbname=ret_dev user=postgres password=postgres options='-c search_path=coturn' connect_timeout=30 | ||
TLS_PORT: 5349 | ||
MIN_PORT: 50000 | ||
MAX_PORT: 50050 | ||
build: | ||
context: . | ||
dockerfile: dockerfiles/coturn.Dockerfile | ||
volumes: | ||
- coturn:/var/lib/coturn | ||
ports: | ||
- "5349:5349" | ||
# This should be the same as MIN_PORT MAX_PORT. | ||
# You might neeed to increase this number depending on how many clients you are connecting. | ||
# (Keep the ports range small to improve container startup time) | ||
- "50000-50050:50000-50050" | ||
- "50000-50050:50000-50050/udp" | ||
networks: | ||
hubs_network: | ||
db: | ||
environment: | ||
POSTGRES_PASSWORD: postgres | ||
|
@@ -9,6 +30,10 @@ services: | |
user: postgres | ||
volumes: | ||
- pgdata:/var/lib/postgresql/data | ||
ports: | ||
- "5432:5432" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is a smell. Why do we need to expose the database to the host OS? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Coturn needs to access the database. Is there another better way of inter container communication? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Containers on the same network can reach one another. The ports configuration maps the container port to the port on the host OS. So in this case, that’s |
||
networks: | ||
hubs_network: | ||
dialog: | ||
build: | ||
context: . | ||
|
@@ -18,11 +43,22 @@ services: | |
HTTPS_CERT_FULLCHAIN: /etc/ssl/fullchain.pem | ||
HTTPS_CERT_PRIVKEY: /etc/ssl/privkey.pem | ||
INTERACTIVE: "false" | ||
MEDIASOUP_MIN_PORT: 40000 | ||
MEDIASOUP_MAX_PORT: 40050 | ||
MEDIASOUP_ANNOUNCED_IP: 10.20.30.12 | ||
ports: | ||
- "4443:4443" | ||
# This should be the same as MEDIASOUP_MIN_PORT and MEDIASOUP_MAX_PORT | ||
# You might neeed to increase this number depending on how many clients you are connecting. | ||
# (Keep the ports range small to improve container startup time) | ||
- "40000-40050:40000-40050" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do these ports need to be exposed to the host OS? If so, does the user need to accept proxy certificates in the browser for them? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This are used for Coturn <-> Dialog communication but again this is the only way I found to communicate two containers. Open to hear alternatives. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The ports config shouldn’t affect communication between two services on the same network. They are able to communicate directly without the intervention of the host OS. |
||
- "40000-40050:40000-40050/udp" | ||
volumes: | ||
- dialog:/code | ||
working_dir: /code | ||
networks: | ||
hubs_network: | ||
ipv4_address: 10.20.30.12 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why is it necessary to fix the address to a static IP? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You need to listen in a specific IP address, you can't listen in all interfaces. Is there a better way to assign the current container IP without making it static? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don’t follow. Does it need to be the same between orchestrations? Who is listening? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If we just need to know the current container IP, then # |
||
hubs-admin: | ||
build: | ||
context: . | ||
|
@@ -38,6 +74,8 @@ services: | |
volumes: | ||
- hubs:/code | ||
working_dir: /code/admin | ||
networks: | ||
hubs_network: | ||
hubs-client: | ||
build: | ||
context: . | ||
|
@@ -54,6 +92,8 @@ services: | |
volumes: | ||
- hubs:/code | ||
working_dir: /code | ||
networks: | ||
hubs_network: | ||
hubs-storybook: | ||
build: | ||
context: . | ||
|
@@ -67,10 +107,14 @@ services: | |
volumes: | ||
- hubs:/code | ||
working_dir: /code | ||
networks: | ||
hubs_network: | ||
postgrest: | ||
build: | ||
context: . | ||
dockerfile: dockerfiles/postgrest.Dockerfile | ||
networks: | ||
hubs_network: | ||
reticulum: | ||
build: | ||
context: ./services/reticulum | ||
|
@@ -92,6 +136,8 @@ services: | |
volumes: | ||
- reticulum:/code | ||
- retstorage:/code/storage/dev | ||
networks: | ||
hubs_network: | ||
spoke: | ||
build: | ||
context: . | ||
|
@@ -104,10 +150,16 @@ services: | |
- "9090:9090" | ||
volumes: | ||
- spoke:/code | ||
networks: | ||
hubs_network: | ||
networks: | ||
default: | ||
hubs_network: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. IIRC it was required to assigning a static ip address. |
||
name: mozilla-hubs | ||
ipam: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Today I learned that |
||
config: | ||
- subnet: 10.20.30.0/24 | ||
volumes: | ||
coturn: | ||
dialog: | ||
hubs: | ||
pgdata: | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
FROM coturn/coturn:alpine AS dev | ||
USER root:root | ||
RUN apk add curl netcat-openbsd | ||
COPY files/coturn/certs/key.pem /certs/key.pem | ||
COPY files/coturn/certs/cert.pem /certs/cert.pem | ||
COPY files/coturn/entrypoint.sh /entrypoint.sh | ||
RUN chmod +x /entrypoint.sh | ||
ENTRYPOINT ["/bin/sh", "entrypoint.sh"] |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIEqDCCApACCQD9yAV5B4xV9jANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApo | ||
dWJzLmxvY2FsMCAXDTIyMTExMDE0MjQ0OFoYDzIxMjIxMDE3MTQyNDQ4WjAVMRMw | ||
EQYDVQQDDApodWJzLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC | ||
AgEA6uga2VrfqURqckX+dGwJzxXrzrOVxnAJw1sszl/IFgedhbYvrdcEbKjjl335 | ||
7i5pK6JRIslU0VscYLmCjr4ru9KOlJQFfpeix3ZjNR3djuh/bO62hZPS9LHqDDcv | ||
AsrKV+pTmttfs4C7XSr4hVK5e/nbuOPVOCU+HsvxubV5OxlVQjRiU/XrzJluAyaA | ||
e5xGG5eeUdUMgVX38qOynxzRGFTTJswMzOLxoIkVB1iTfoY/tCKI4t3z+45SICzg | ||
gEUtv1mYn2s31tG+4jqRrZZB09NSaf+vvRlvv17hyhzIWUQnNtxU5A1CWy4Hsl+K | ||
00kPYEQFIOKF9rrZbo/58cipLYl0h03OlsVgmDbFQz3zDQJK5VxdxUsSH8Hg8Y2C | ||
L0yfehnCO+B4P3KkJ8UME4YyzFWpUeAGFELvJowG5HGAC2DVyaVoVrC6MbX+ZwZH | ||
IT6BBLCyaygd3E1MS3nrNygsV6SUMGX5AiNxlpgBYg+uthykvlqDlBvN6rhK6rEI | ||
3+Lx2Fcu5SzHCni1Y7m316T20xHYXpnZF3/OmIPHpFL2dS+hy7hds6SNye5I0TQE | ||
zSCPD7kQpqh50V7feZ0T4iF5Xb2K7AnPRGbYTxqs/0RPRyR7ffEgNCGuenU333at | ||
gsvvxzYbiw3PUK31uhZ6PRXmC7AVje6CffBXBmjlrI4iRMcCAwEAATANBgkqhkiG | ||
9w0BAQsFAAOCAgEAn4WKLyZw1n1MP1XKEfVIuFD2j3nxCXIfFqSBoufmUiYJ0qbT | ||
nGqWp5WqyQRcoboiz7jJFRu54f3OJjCxQ3EY/5ylyKLEPoRUFQlt1EA0MAJEZs8n | ||
afB37RAsWIqANH/mgRqgSriKx4EVVZqeHhRvlx1CwdtQO5kPW5g1cKuym/Kw0MT/ | ||
Dw7sNBizsBUMaaPfR1QLN6R3WWysSRFLDMtK25LTJTYlm8veQSlmTVp2cAOjWYAF | ||
xEAoOw3cnZcLKi2q1FiCeSf08VfvqyORiBkzohMJlV7xUy8c/sOgFVRLaFh05baX | ||
GJdXs10sqOJr4HLWMUhYzpDdm5ZPmyb27TA3m5Z45E2Kq9S40BhWSYZgRIumJV5W | ||
NVsGmnwqvyDD7pWfPLA7jXKQ8u+yrGBcyZchRoS+ltXgnDpP7HR980Rm6E8Jg3dT | ||
YNhvKCKgyWr5g78omNXJtez9EwjpnxTqTf5xmjcLxuCI65oHs0xBzgIjQpWSoMc/ | ||
JVt7FpWXNxSirThMSeUSL7lAbYsm71Dsr/Av+jZKlSR0fSOD0Ee1ga9upbjyJYV3 | ||
2YglvaHSIyjtdf0qrvk5ABWZwzqM4fc2snAZKaP0wnuR13dujzWlRAIUdDETXldC | ||
FFxYNVWYKzfxkGCb1GXUerAYidBlCRwxHlfp9+SYIARSNSa0/x0jJq6+fUQ= | ||
-----END CERTIFICATE----- |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
-----BEGIN PRIVATE KEY----- | ||
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDq6BrZWt+pRGpy | ||
Rf50bAnPFevOs5XGcAnDWyzOX8gWB52Fti+t1wRsqOOXffnuLmkrolEiyVTRWxxg | ||
uYKOviu70o6UlAV+l6LHdmM1Hd2O6H9s7raFk9L0seoMNy8CyspX6lOa21+zgLtd | ||
KviFUrl7+du449U4JT4ey/G5tXk7GVVCNGJT9evMmW4DJoB7nEYbl55R1QyBVffy | ||
o7KfHNEYVNMmzAzM4vGgiRUHWJN+hj+0Ioji3fP7jlIgLOCARS2/WZifazfW0b7i | ||
OpGtlkHT01Jp/6+9GW+/XuHKHMhZRCc23FTkDUJbLgeyX4rTSQ9gRAUg4oX2utlu | ||
j/nxyKktiXSHTc6WxWCYNsVDPfMNAkrlXF3FSxIfweDxjYIvTJ96GcI74Hg/cqQn | ||
xQwThjLMValR4AYUQu8mjAbkcYALYNXJpWhWsLoxtf5nBkchPoEEsLJrKB3cTUxL | ||
ees3KCxXpJQwZfkCI3GWmAFiD662HKS+WoOUG83quErqsQjf4vHYVy7lLMcKeLVj | ||
ubfXpPbTEdhemdkXf86Yg8ekUvZ1L6HLuF2zpI3J7kjRNATNII8PuRCmqHnRXt95 | ||
nRPiIXldvYrsCc9EZthPGqz/RE9HJHt98SA0Ia56dTffdq2Cy+/HNhuLDc9QrfW6 | ||
Fno9FeYLsBWN7oJ98FcGaOWsjiJExwIDAQABAoICAQCvfEuqep/BtPGMgsuPr7I4 | ||
ORkbJr/KKaKxhWhYl+dCxdegrzS5Onr8rcKwRpUyoQtCZJUWVq99YwI1JADroBfN | ||
zYNkbZwZMTCSr9d3M+NzQi8HcuF5srASyuKc05DUFijJOq3Qbvf0gkP2WwajmuQk | ||
QMkrO1DrC693lEX1xSNWyhsORVH7hSjthOVRhy7OqTUaoc7NNUqNSGrdofrrsLxn | ||
396KCj+5xARcOGw0O7CcAbCPYok+ai89itnBXaUtTgDaBRXmalOhsLlYCgcQVcLB | ||
ewoDU9a2fs0jer9UnOHzBd4BtuHYKCudMCrhz0xHgTnyYX4vTepkIrwSQ46mWJBA | ||
nPxmHegVrguEFDa32zswNgA7si6B0Dt/pNySzLB070KeWa5TEE3X4nIkC1+H4gui | ||
SE3sHvDtoPZ9GN7tVUG9vzchVuJ+W45e2Ri24NxVgKPLLirOFkuCvaFUjTe3Uqmg | ||
fXLy7BEglehWOW7Fc6D+y2+BA2WyQ4EtI1xnGzJIubNQ3RwfGakcX2Za3+9XtNKb | ||
OWJ6htt/Eu8EmJj1sEGtH+oNjbP4CWNfcNBALewyyEwdZosER9c/etFstqOwndwV | ||
l/T2eUjuEi1PTezSEPRSEnnXagOBIOKCe9r3TwBTh14706GNdOLx2hVcTPndGaW5 | ||
ZL2jbiwUrEm+Yar5Rmw6UQKCAQEA+8QNTdXmnY/M9INrqLkvHIHCxaluorOJ9egh | ||
ETVkdIJijZAd9LhU1StJSQT2PlzTCJtIyUToqdATPzpVLAkS8mrox8Jy7aJGqJIg | ||
OQ/27rL+e6eoZynsiEEd8yYGjusqcT614rS5qiOGwnOAMgWHSN3KGXtHQkaJXkpW | ||
TaAynCfiE82pEQYc6Q7e1RDCqGtSIE5ZL73+K8+dWnbtOL6lj8pS/bt7ZA2qZGju | ||
TWw6/psX6hkUHSVntu0aqbn7pWDCW1ijINYR9mcks1Zlp8bQV4K+vanVON8hzNyb | ||
oX0a67QLfXhoTefXsMcm1krZzqwzWRtgW8Fyb1BkLYyiG3ps6QKCAQEA7tt3vqFn | ||
or7E+aJx7cbRqTusy763w6matGza6m8ojrE3oWEtkU51pi2WJ/iE70LqX3bvTQOl | ||
qUyDj9U+ZUF+rBUHKXT7nFVRkS6jiwGpYObQs08JttDzOFL2xwFnEiwf1cw0Bw9d | ||
E0z2jcho2iZkH3FINDfOY3l1Kol6tiH6UD9qPg/ovun9dZ4MAsEM5t1LGMHW+aSv | ||
uUSofrsrD9OLqWeDkISFaZY1+CyBQuIrLHarmCU+BTjm6G371PbRNfqF3y8ujNAE | ||
kjFALj+2nf1pqAe6aCt2FkGC7QZbmR8t2lDEmxTrrUrlR1TT21h4eS72rjB36xJ5 | ||
kIBM+RijHkJWLwKCAQEA9Uf/Eirn3++eZUW4WIv6OxKsmHhGolq6eQorVSGoed4h | ||
d/vFQ4tmkrv2TR55bS5wJ31p/zSUXAStC7egDSPWArlnil6GK8AiiM68d/t2vv1B | ||
82TXK5Lrr5+JNz9/ujOgiO3otDMQg5LTEpUGezVppPL3l7XEKeygnm1cAYqmY/5z | ||
QonmQgCrn99t9zS6AO11+KV8PIgknbhKfD1LRjJvCFS8YBkM0OCDdgnIyUM9gpnF | ||
RbwjHXY4wj3j8SGR6oAHOolzfGUy4NWCKvpsVXXburZVcGCKrDqvKnBva3iABszF | ||
OPta2zOZrs+HpdUMuE6KRDDowtwHyi0PPFU8BftTKQKCAQBmISUEN5NOfO9QJes8 | ||
1gQTrlZmD7gXS0/A0cKQ9tKKoK++qwSG2ttnIJrRoGuGuj/obbxIW8TbrMGcIHu7 | ||
Y9O71InpagGjiL+FqkF3UFCSBF88LBFlP9afQKoP0UO2+3LpQZUFZ8ZOWFwbp5Nd | ||
o4iwAQn0eeAfnHFCrOHxOnoDEfplavwDlZ0wS1GrY8wWcoyHm2pF9+rC9t5swa7Z | ||
54QR/Ra+FkvNJ9MPuEfUx0vaiSs5tMLeDMR+oXhKSPaPc/0FvvDSeKdbsv9URx3Y | ||
U+B3XkaP//VP8tb+bfeAc1pxvJM0FC/pOtrqMxUa9qscdb44ILVFp/KenJ1M7QHi | ||
EE81AoIBAQCOhn8io6TwnYtv1Ar/z3nQhQEbOwDADSNuhzLth3zLr9kpQyW+AhW7 | ||
s18KchXKu20Boplc8rDXyf/WnfdyA9xdjPq+QzFWf9ateEdZbyd0pK4mXMyXE0iP | ||
FqO64yk47OUTvfbC8o1+1lInYxIVENPH/Qf9wefhr9SH6LIEUYWz5oxTME7v1oWL | ||
Nie+oLDWrpSNB6pB6I2DXaFLcOw8IY1y5Q2RRMTKgjF13kZPVPA3+B0L8aq6xNtU | ||
xKVJRRUN9HIieu2YtwmF9kGoDpokdM2gUl8qG13vpjp3bwc97Ay3Kvn/w0hkNinP | ||
AkRImjgwts/xPStfNaFtRIX9irK5Z8tL | ||
-----END PRIVATE KEY----- |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
#!/bin/bash | ||
|
||
echo "realm=${REALM}" > /etc/turnserver.conf | ||
echo "min-port=${MIN_PORT}" >> /etc/turnserver.conf | ||
echo "max-port=${MAX_PORT}" >> /etc/turnserver.conf | ||
echo "tls-listening-port=${TLS_PORT}" >> /etc/turnserver.conf | ||
echo "psql-userdb=${PSQL}" >> /etc/turnserver.conf | ||
echo "lt-cred-mech=true" >> /etc/turnserver.conf | ||
echo "use-auth-secret=true" >> /etc/turnserver.conf | ||
echo "cert=/certs/cert.pem" >> /etc/turnserver.conf | ||
echo "pkey=/certs/key.pem" >> /etc/turnserver.conf | ||
echo "verbose" >> /etc/turnserver.conf | ||
|
||
echo "####################################################" | ||
cat /etc/turnserver.conf | ||
echo "####################################################" | ||
|
||
turnserver --log-file=stdout |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need access to Reticulum’s database? If not, it should get its own and probably its own host too since the version of Postgres Reticulum needs may differ from that of coturn.