From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) by mail.toke.dk (Postfix) with ESMTPS id 0D8569E4E8C for ; Fri, 27 Jan 2023 10:11:59 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=rouillier-fr.20210112.gappssmtp.com header.i=@rouillier-fr.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=zYT4XiYi Received: by mail-wm1-x32c.google.com with SMTP id l41-20020a05600c1d2900b003daf986faaeso2931498wms.3 for ; Fri, 27 Jan 2023 01:11:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rouillier-fr.20210112.gappssmtp.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=lNhEsPZN8kqpGz9QcWCMm7s22SpvVV/VfGyBOcGiFXI=; b=zYT4XiYiY7uV3+ZIxt4SRv+x5kcUf1ZelZVnUcvgGRJetBsSBTGonbvDzFVsCO8igc nSba8I4lX117ropMMgVm5XZD+wl3lRLtNBxgtE6mxvxCIsQBnc5gx5RBR6Ds6NU5/TL5 OG80Pqh32vo0rEBrE3GxCzKVa52n+Hh0RYtqTxK1k5+k7DmJQMpxBlUe1/TUThEqeK52 bMQsphQECJJTnkTLIR/9oG7yxCFQf/phhxAjc0ukBPwYAGZ8s6AQQfhd3DMx2TrjZABi H2ypvCu1Lo/vxn1/30C5o1Daz+xz/n5eCO7I3minarxL5WZ0bfyz4u34PY6KZZW+F9Hy jgsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lNhEsPZN8kqpGz9QcWCMm7s22SpvVV/VfGyBOcGiFXI=; b=0utU1qwWipaGWjHI09c1bBePCIW2A8btuVlDOQZF4wwWMJzN/HfaZrSGG25LEB8wa/ +RYFSzaqatiwxAZpVY2KWXr/7+LxKUrMDVj7pL1LhFjkOWGQGhZByZufCWwNCpNBfcyF I1GaLaH8sPWNFyubsbk1ALF8+a6r9tJYrGPIlDeVDLk5sGwwaJ83pjnnlh6Pz/C7BjHY qOCan2JIb1LziTErCtW4ee7VKCvSFtFPEgh5TwtO9od270z2VOBGZz4vrDE3x8hMGeKM st4UpAYaPJjeSew5zKiWETEcG3UvKBaG/azu4qM4yu9koexQev5CB4VuQp+S1q8aAXPg HzWw== X-Gm-Message-State: AFqh2kptM7UYpGNPL7mDpB1+8ITtroYoaOnA89wmp4NGfibo/QCa3y2w VO+IjHu5B3P1WFyfeTlwU/VWUw== X-Google-Smtp-Source: AMrXdXvt6zpXyilQBcCemJHh2mQpM2Z7frtjglNHuu1IRe6JFdMxiqXHn/f0GQQ4Q70O5w7aqPubFA== X-Received: by 2002:a05:600c:3c92:b0:3d5:365b:773e with SMTP id bg18-20020a05600c3c9200b003d5365b773emr40131995wmb.39.1674810718205; Fri, 27 Jan 2023 01:11:58 -0800 (PST) Received: from smtpclient.apple (clt-128-93-181-226.vpn.inria.fr. [128.93.181.226]) by smtp.gmail.com with ESMTPSA id g12-20020a05600c310c00b003db012d49b7sm14497707wmo.2.2023.01.27.01.11.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Jan 2023 01:11:57 -0800 (PST) From: Fabrice Rouillier Message-Id: <7587B6EB-5F6A-4816-B084-999CD03A273B@rouillier.fr> Content-Type: multipart/alternative; boundary="Apple-Mail=_358F622B-A958-4678-92C6-778F3EB111F8" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\)) Date: Fri, 27 Jan 2023 10:11:45 +0100 In-Reply-To: <043A70BF-0D64-429D-A155-80D209B9CF47@rouillier.fr> To: Juliusz Chroboczek References: <87sfgg3nmy.wl-jch@irif.fr> <87r0w03ml3.wl-jch@irif.fr> <3EEAFE96-7303-41BA-B7A8-C54C8E07A3EB@rouillier.fr> <87a62o54ts.wl-jch@irif.fr> <39712e61-808a-7dc3-989f-c65410de7129@gmail.com> <878ri76i0n.wl-jch@irif.fr> <875ydb6c8c.wl-jch@irif.fr> <871qnz6abi.wl-jch@irif.fr> <20230112103442.14651e37@gato.skoll.ca> <410ea8f2-1981-8521-62bc-27f2cf5cb073@umontpellier.fr> <20230112131616.046f2f09@gato.skoll.ca> <87sfgf4f0i.wl-jch@irif.fr> <043A70BF-0D64-429D-A155-80D209B9CF47@rouillier.fr> X-Mailer: Apple Mail (2.3731.300.101.1.3) Message-ID-Hash: 7EL5EWCLNCCMVQLEA25C56TFKGBAFRP6 X-Message-ID-Hash: 7EL5EWCLNCCMVQLEA25C56TFKGBAFRP6 X-MailFrom: fabrice@rouillier.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Dianne Skoll , galene@lists.galene.org X-Mailman-Version: 3.3.8 Precedence: list Subject: [Galene] Re: Galene in Docker [was: ANNOUNCE: galene-0.6.2] List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --Apple-Mail=_358F622B-A958-4678-92C6-778F3EB111F8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi all, Some observations about this configuration behind a freebox after two = weeks of use : - does not work with firefox - works fine with all the the other navigators we have tested (chrome, = safari, chromium, brave, etc.) on all networks where ports 443 and 1194 = are open, in particular =E2=80=A6 eduroam. So my question is : what=E2=80=99s wrong with firefox ? The dream : replacing port 1194 with 443 for the turn server in order to = work with even more restrictive networks (for example the wired network = of sorbonne university) All the best, Fabrice. ------------------------- Fabrice Rouillier fabrice@rouillier.fr Bureau virtuel : http://visio-fabrice.rouillier.fr = =20 > Le 15 janv. 2023 =C3=A0 22:16, Fabrice Rouillier = a =C3=A9crit : >=20 >>=20 >> What both of you are doing is reverse proxying Galene's web server = and >> WebSocket endpoint while leaving the media endpoints exposed to the >> Internet. That's fine, and there are many circumstances where it is >> useful. >>=20 >=20 > Here a way to do it using Traefik version 2 , galene not running in a = container on a machine of local address 192.168.1.10 and of external = public name THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER >=20 > The DMZ of my nat (Freebox pop internet box) is set to 192.168.1.10 >=20 > In the docker-compose that contains the traefik service description , = in the label section just add >=20 > - "traefik.http.routers.visio.entrypoints=3Dweb,websecure" > - "traefik.http.routers.visio.service=3Dvisio@file" > - = "traefik.http.routers.visio.rule=3DHost(`THE_PUBLIC_HOSTNAME_OF_THE_GALENE= _SERVER`)" >=20 > Now in the file that describe the external service (in my case = service.toml: >=20 > [http] > [http.services] > [http.services.visio] > [http.services.visio.loadBalancer] > [[http.services.visio.loadBalancer.servers]] > url =3D "http://192.168.1.10:8443/" >=20 > Now, in galene data/config.json, put : >=20 > { > "proxyURL": "https://THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER/" > } >=20 >=20 > =46rom the galene installation directory run :=20 >=20 > ./galene -insecure -turn THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER:1194 >=20 >=20 >=20 > All the best=20 >=20 > Fabrice. >=20 >=20 --Apple-Mail=_358F622B-A958-4678-92C6-778F3EB111F8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = all,


Some observations about this = configuration behind a freebox after two weeks of use = :

- does not work with = firefox

- works fine with all the the other = navigators we have tested (chrome, safari, chromium, brave, etc.) on all = networks where ports 443 and 1194 are open, in particular =E2=80=A6 = eduroam.

So my question is : what=E2=80=99s = wrong with firefox ?

The dream : replacing port = 1194 with 443 for the turn server in order to work with even more = restrictive networks (for example the wired network of sorbonne = university)


All the = best,

Fabrice.

-------------------------
Fabrice Rouillier
fabrice@rouillier.fr







Le 15 janv. 2023 =C3=A0 22:16, = Fabrice Rouillier <fabrice@rouillier.fr> a =C3=A9crit :


What = both of you are doing is reverse proxying Galene's web server = and
WebSocket endpoint while leaving the media endpoints exposed to = the
Internet.  That's fine, and there are many circumstances = where it = is
useful.


Here a way = to do it using Traefik version 2 , galene not running in a container on = a machine of local address 192.168.1.10 and of external public = name THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER

The DMZ of my nat (Freebox pop internet box) is set to = 192.168.1.10

In the docker-compose that = contains the  traefik service description , in the label section = just add

      - = "traefik.http.routers.visio.entrypoints=3Dweb,websecure"
    =   - = "traefik.http.routers.visio.service=3Dvisio@file"
    =   - = "traefik.http.routers.visio.rule=3DHost(`THE_PUBLIC_HOSTNAME_OF_THE_GALENE= _SERVER`)"

Now in the file that = describe the external service (in my case = service.toml:

[http]
  [http.services]
    = [http.services.visio]
      = [http.services.visio.loadBalancer]
        = [[http.services.visio.loadBalancer.servers]]
    =       url =3D = "http://192.168.1.10:8443/"

Now, in = galene data/config.json, put :

{
    "proxyURL": = "https://THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER/"
}


=46rom = the galene installation directory run = : 

./galene -insecure = -turn THE_PUBLIC_HOSTNAME_OF_THE_GALENE_SERVER:1194
=


All the = best 

Fabrice.


=

= --Apple-Mail=_358F622B-A958-4678-92C6-778F3EB111F8--