From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by mail.toke.dk (Postfix) with ESMTPS id 3646C9DE452 for ; Sun, 15 Jan 2023 22:16:18 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=rouillier-fr.20210112.gappssmtp.com header.i=@rouillier-fr.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=w3guxP5l Received: by mail-wm1-x329.google.com with SMTP id f12-20020a7bc8cc000000b003daf6b2f9b9so1410401wml.3 for ; Sun, 15 Jan 2023 13:16:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rouillier-fr.20210112.gappssmtp.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=OX3gKxq/dKgsq4RZ+32s4l1pLXqpiyWVuPV6ce48l8k=; b=w3guxP5l39jE9nSHOed2vV7nsMpPt0/buVd9TwbgrGhCYrcumvDMUYVKL6FVkUh30O v1S4ZB6ZcIWgnt9oHJsvLZSy00cBsluTRIy1Fo2g6jDVoFQMOnNOuPga/umjqZ83qDIU oYjvEMBN82Gmsffnsvl7xMY+2eiZMMhOr/FcB3oi4cKwaPnz168KytHgVsJXf2Cw2rpn pm/PlbK+E5lpprENh1yfn95hMZHV9GMVUEKedllv2Khivp6LHG5Nwm1x6SgzNBQQCDAo Yl9mi2kNaOB8cEPVn6HLZ7tfkryFPV64LYJOAtOcsAOSWlUKlT9/Y2N6whamqz5GclDF Fxgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OX3gKxq/dKgsq4RZ+32s4l1pLXqpiyWVuPV6ce48l8k=; b=02M8d3AdTb29ZnZIQVcd9HCj+jAvuHOJCGzImsPONNziltdBtCxX4XwU2u6GtmTxTB zc+Y0uWLMSBCIGH0VREfZfkU3WTBREkI1NHweYm6RCdbhtOoNXZwFYXK2gqHCmSqlQYe f6hBo63KYe47KbaZO+uxdtuk2dNui+/e66pdk85KYdvIF9MoBRDve+Tq8IzMMpfwL+k2 +9ErgqUpRZKHI04ACYwBEj487G3mSxlahIiQpTmD5Qyxt+mZavyWhBU3hxy58jFq16lL hdBRaze1PRRRo7IjH+dldPsjsu0ZNby9iUjwZDr5LRQlAJytELuB2tgKTFSWPEjxqDgk 2skg== X-Gm-Message-State: AFqh2kqR2sNzlsBBf7/2XdQ4oR46YeBIuh53yQw7CDpgE9EEY63OsaDq ZVQlQMd5EflWFiiRM9Kwkj4PYw== X-Google-Smtp-Source: AMrXdXv5m76/CrMoxaDy7FHv2/KJN91vOOCzXtG3K/g3kjy1eNn+QsR63TsGGnwrCFg/EBgGANZSZA== X-Received: by 2002:a05:600c:4349:b0:3da:f665:5b6b with SMTP id r9-20020a05600c434900b003daf6655b6bmr3250015wme.25.1673817376609; Sun, 15 Jan 2023 13:16:16 -0800 (PST) Received: from smtpclient.apple ([2a01:e0a:29d:4f90:4f6:4fe9:97e1:d6dd]) by smtp.gmail.com with ESMTPSA id r16-20020a05600c35d000b003d2157627a8sm39090567wmq.47.2023.01.15.13.16.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Jan 2023 13:16:16 -0800 (PST) From: Fabrice Rouillier Message-Id: <043A70BF-0D64-429D-A155-80D209B9CF47@rouillier.fr> Content-Type: multipart/alternative; boundary="Apple-Mail=_45FE0700-DF90-412F-BAFD-415CB14A91AB" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\)) Date: Sun, 15 Jan 2023 22:16:05 +0100 In-Reply-To: <87sfgf4f0i.wl-jch@irif.fr> To: Juliusz Chroboczek References: <87sfgg3nmy.wl-jch@irif.fr> <87r0w03ml3.wl-jch@irif.fr> <3EEAFE96-7303-41BA-B7A8-C54C8E07A3EB@rouillier.fr> <87a62o54ts.wl-jch@irif.fr> <39712e61-808a-7dc3-989f-c65410de7129@gmail.com> <878ri76i0n.wl-jch@irif.fr> <875ydb6c8c.wl-jch@irif.fr> <871qnz6abi.wl-jch@irif.fr> <20230112103442.14651e37@gato.skoll.ca> <410ea8f2-1981-8521-62bc-27f2cf5cb073@umontpellier.fr> <20230112131616.046f2f09@gato.skoll.ca> <87sfgf4f0i.wl-jch@irif.fr> X-Mailer: Apple Mail (2.3731.200.110.1.12) Message-ID-Hash: PHV22PEPQDO4TMRUGYZJAFREVPPQTYBE X-Message-ID-Hash: PHV22PEPQDO4TMRUGYZJAFREVPPQTYBE X-MailFrom: fabrice@rouillier.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Dianne Skoll , galene@lists.galene.org X-Mailman-Version: 3.3.7 Precedence: list Subject: [Galene] Re: Galene in Docker [was: ANNOUNCE: galene-0.6.2] List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --Apple-Mail=_45FE0700-DF90-412F-BAFD-415CB14A91AB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii >=20 > What both of you are doing is reverse proxying Galene's web server and > WebSocket endpoint while leaving the media endpoints exposed to the > Internet. That's fine, and there are many circumstances where it is > useful. >=20 Here a way to do it using Traefik version 2 , galene not running in a = container on a machine of local address 192.168.1.10 and of external = public name THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER The DMZ of my nat (Freebox pop internet box) is set to 192.168.1.10 In the docker-compose that contains the traefik service description , = in the label section just add - "traefik.http.routers.visio.entrypoints=3Dweb,websecure" - "traefik.http.routers.visio.service=3Dvisio@file" - = "traefik.http.routers.visio.rule=3DHost(`THE_PUBLIC_HOSTNAME_OF_THE_GALENE= _SERVER`)" Now in the file that describe the external service (in my case = service.toml: [http] [http.services] [http.services.visio] [http.services.visio.loadBalancer] [[http.services.visio.loadBalancer.servers]] url =3D "http://192.168.1.10:8443/" Now, in galene data/config.json, put : { "proxyURL": "https://THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER/" } =46rom the galene installation directory run :=20 ./galene -insecure -turn THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER:1194 All the best=20 Fabrice. --Apple-Mail=_45FE0700-DF90-412F-BAFD-415CB14A91AB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

What = both of you are doing is reverse proxying Galene's web server = and
WebSocket endpoint while leaving the media endpoints exposed to = the
Internet.  That's fine, and there are many circumstances = where it = is
useful.


Here a way = to do it using Traefik version 2 , galene not running in a container on = a machine of local address 192.168.1.10 and of external public = name THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER

The DMZ of my nat (Freebox pop internet box) is set to = 192.168.1.10

In the docker-compose that = contains the  traefik service description , in the label section = just add

      - = "traefik.http.routers.visio.entrypoints=3Dweb,websecure"

    =   - "traefik.http.routers.visio.service=3Dvisio@file"

    =   - = "traefik.http.routers.visio.rule=3DHost(`THE_PUBLIC_HOSTNAME_OF_THE_GALENE= _SERVER`)"


Now in the file that = describe the external service (in my case = service.toml:

[http]

  = [http.services]

    = [http.services.visio]

    =   [http.services.visio.loadBalancer]

    =     [[http.services.visio.loadBalancer.servers]]

    =       url =3D = "http://192.168.1.10:8443/"


Now, in galene = data/config.json, put :

{

    = "proxyURL": = "https://THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER/"

}



=46rom = the galene installation directory run = : 

./galene -insecure = -turn THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER:1194



All the = best 

Fabrice.


=
= --Apple-Mail=_45FE0700-DF90-412F-BAFD-415CB14A91AB--