Hi all,


Some observations about this configuration behind a freebox after two weeks of use :

- does not work with firefox

- works fine with all the the other navigators we have tested (chrome, safari, chromium, brave, etc.) on all networks where ports 443 and 1194 are open, in particular … eduroam.

So my question is : what’s wrong with firefox ?

The dream : replacing port 1194 with 443 for the turn server in order to work with even more restrictive networks (for example the wired network of sorbonne university)


All the best,

Fabrice.

-------------------------
Fabrice Rouillier
fabrice@rouillier.fr







Le 15 janv. 2023 à 22:16, Fabrice Rouillier <fabrice@rouillier.fr> a écrit :


What both of you are doing is reverse proxying Galene's web server and
WebSocket endpoint while leaving the media endpoints exposed to the
Internet.  That's fine, and there are many circumstances where it is
useful.


Here a way to do it using Traefik version 2 , galene not running in a container on a machine of local address 192.168.1.10 and of external public name THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER

The DMZ of my nat (Freebox pop internet box) is set to 192.168.1.10

In the docker-compose that contains the  traefik service description , in the label section just add

      - "traefik.http.routers.visio.entrypoints=web,websecure"
      - "traefik.http.routers.visio.service=visio@file"
      - "traefik.http.routers.visio.rule=Host(`THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER`)"

Now in the file that describe the external service (in my case service.toml:

[http]
  [http.services]
    [http.services.visio]
      [http.services.visio.loadBalancer]
        [[http.services.visio.loadBalancer.servers]]
          url = "http://192.168.1.10:8443/"

Now, in galene data/config.json, put :

{
    "proxyURL": "https://THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER/"
}


From the galene installation directory run : 

./galene -insecure -turn THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER:1194



All the best 

Fabrice.