Hi Fabrice, Thanks. That could be helpful. Nevertheless, I have done a couple of things that could also be useful for your script. If you want, feel free to pick things/change your script accordingly. First, there is a nginx configuration available from Yunohost package here : https://github.com/YunoHost-Apps/galene_ynh/blob/testing/conf/nginx.conf This configuration file was very useful to me. I am using it for proxying Galène on HTTPS. Here is a resulting configuration using it in/etc/nginx/sites-enabled/galene : server {     listen 443 ssl default_server;     listen [::]:443 ssl default_server;     server_name galene.domain.tld visio.domain.tld;     ssl_certificate /etc/letsencrypt/live/galene.domain.tld/fullchain.pem;     ssl_certificate_key /etc/letsencrypt/live/galene.domain.tld/privkey.pem;     location / {       # Force usage of https       if ($scheme = http) {         rewrite ^ https://$server_name$request_uri? permanent;       }       proxy_pass        https://127.0.0.1:8443;       proxy_redirect    off;       proxy_set_header  Host $host;       proxy_set_header  X-Real-IP $remote_addr;       proxy_set_header  X-Forwarded-Proto $scheme;       proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;       proxy_set_header  X-Forwarded-Host $server_name;       # WebSocket support       proxy_http_version 1.1;       proxy_set_header Upgrade $http_upgrade;       proxy_set_header Connection "upgrade";     } } To avoid any issue with let's encrypt renew crons and scripts (that would need another copy in ~galene/data), I added the acl package to allow galene user to read /etc/letsencrypt/ (instead of just copying the certs in /home/galene/data/: apt-get install acl setfacl -R -m u:galene:r /etc/letsencrypt setfacl -m u:galene:x /etc/letsencrypt setfacl -m u:galene:x /etc/letsencrypt/live setfacl -m u:galene:x /etc/letsencrypt/live/galene.domain.tld setfacl -m u:galene:x /etc/letsencrypt/archive/galene.domain.tld setfacl -m u:galene:x /etc/letsencrypt/archive ln -s /etc/letsencrypt/live/galene.domain.tld/chain.pem ~galene/data/chain.pem ln -s /etc/letsencrypt/live/galene.domain.tld/privkey.pem ~galene/data/key.pem ln -s /etc/letsencrypt/live/galene.domain.tld/privkey.pem ~galene/data/privkey.pem ln -s /etc/letsencrypt/live/galene.domain.tld/cert.pem ~galene/data/cert.pem ln -s /etc/letsencrypt/live/galene.domain.tld/fullchain.pem ~galene/data/fullchain.pem Then, I also added a configuration file to source in /etc/default/galene, containing (after creating the /var/log directories) : ARGS=" -memprofile /var/log/galene/mem.log -cpuprofile /var/log/galene/cpu.log" But you could add your turn configuration or whatever option... Modification to the systemd script is very simple; just change: ExecStart=/home/galene/galene to: EnvironmentFile=/etc/default/galene ExecStart=/home/galene/galene $ARGS By the way, if anyone knows how to use these {cpu,mem} profile files ...? Thanks, Best regards, Rémy Le 12/04/2021 à 09:10, Fabrice Rouillier a écrit : > Hi, > > I have implemented and tested a script to install Galene and a TURN > that works behind a Router, even a domestic one. > > You can doowload it here : > https://gitlab.inria.fr/rouillie/visio/-/tree/master/galene > > > It works only for Ubuntu 20.04 or Debian buster for the moment, mainly > because I am lazy :-) but it opens the door to an very easy deployment > on a cloud or simply at home. > > Cheers, > > Fabrice > ------------------------- > Fabrice Rouillier > fabrice@rouillier.fr > > Bureau virtuel : https://www.rouillier > .fr/visio/fabrice > > > > > >> Le 10 avr. 2021 à 16:41, Fabrice Rouillier > > a écrit : >> >> Hi Juliusz, >> >> Thanks for your help. >> See below for a simple setting that works with our external coturn. >> >>> The problem is probably that your NAT doesn't implement hairpinning, so >>> Galène and the TURN server cannot communicate. >>>  Coturn is probably >>> connecting over IPv6, which the built-in server doesn't handle. >> >> I have deactivated the IPV6 everywhere and double checked (inspecting >> about:websocket ) in Firefox that it does not use IPV6. >> >>> Could you please check Galène's log for mentions of a relay test? >>>  If the >>> server-side relay test (the one in Galène's log) fails, that's probably >>> indicative of a problem with hairpinning. >> >> Server side : the relay-test do not fails. >> >> Client side : >>    - using the builtin turn, the relay test fails , >>    - using coturn (on the same server) it works. >> >>> Fabrice — if your instance of Galène is behind NAT, then I strongly >>> recommend running an instance of coturn on a host that is not behind >>> NAT. >> >> The following works : >> >> - port forwarding from my router (Freebox) to a Linux 20.04  VM >> (virtual box) : >> >>    49152-65535 (UDP/TCP) >>    3478 (UDP/TCP) >>    8443 (UDP/TCP) >> >> - coturn on the VM with the following configuration >> >>   listening-port=3478 >>   fingerprint >>   lt-cred-mech >>   user=: >>   server-name= >>   realm= >> >> - galene on the VM launched with the option -turn auto >>   and data/ice-servers.json with the following contents >> >> [ >>     { >>         "Urls": [ >> "turn::3478", >> « turn::3478?transport=tcp" >>         ], >>         "username": "", >> "credential": "" >>     } >> ] >> > > > _______________________________________________ > Galene mailing list -- galene@lists.galene.org > To unsubscribe send an email to galene-leave@lists.galene.org -- Rémy Dernat Chef de projet SI IR CNRS - ISI / ISEM