oxofrmbl/jitsi-meet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(coturn): shift STUN/TURN cleartext port to 3479 (3478 taken by OpenDesk-NC-Talk)
All checks were successful
deploy / deploy (push) Successful in 36s
Details

Browse Source
This commit is contained in:
Dennis Paradzinski 2026-05-13 14:05:43 +02:00
parent cebcf4f567
commit ed27e707a2
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
infra/k3s/10-config.yaml
View File

@ -48,10 +48,13 @@ data:
# learn the TURN endpoints from Prosody via mod_external_services and # learn the TURN endpoints from Prosody via mod_external_services and
# fall back to relay when direct UDP doesn't reach JVB:10001 (typical # fall back to relay when direct UDP doesn't reach JVB:10001 (typical
# for mobile-carrier NATs). === # for mobile-carrier NATs). ===
JVB_STUN_SERVERS: "meet.it.financeflow.de:3478" # 3478 is taken on this host by OpenDesk's bundled Nextcloud-Talk
# TURN; we shift to 3479 (same trick as JVB on 10001 vs OpenDesk on
# 10000). TLS port 5349 was free.
JVB_STUN_SERVERS: "meet.it.financeflow.de:3479"
TURN_HOST: "meet.it.financeflow.de" TURN_HOST: "meet.it.financeflow.de"
TURNS_HOST: "meet.it.financeflow.de" TURNS_HOST: "meet.it.financeflow.de"
TURN_PORT: "3478" TURN_PORT: "3479"
TURNS_PORT: "5349" TURNS_PORT: "5349"
TURN_TRANSPORT: "udp,tcp" TURN_TRANSPORT: "udp,tcp"

12
infra/k3s/80-coturn.yaml
View File

@ -13,8 +13,10 @@
# Secret entry so they stay in lockstep. # Secret entry so they stay in lockstep.
# #
# Port plan (mirrors required FritzBox forwards): # Port plan (mirrors required FritzBox forwards):
# UDP 3478 STUN + TURN (cleartext) # UDP 3479 STUN + TURN (cleartext) — 3478 is taken by an
# TCP 3478 TURN over TCP — first cleartext fallback # OpenDesk-bundled Nextcloud-Talk TURN on this host,
# same shift trick we used on JVB (10000 → 10001).
# TCP 3479 TURN over TCP — first cleartext fallback
# UDP 5349 TURN over DTLS # UDP 5349 TURN over DTLS
# TCP 5349 TURN over TLS — works through most firewalls # TCP 5349 TURN over TLS — works through most firewalls
# UDP 50000-50100 relay range — actual media flows on these # UDP 50000-50100 relay range — actual media flows on these
@ -45,7 +47,7 @@ spec:
- | - |
set -eu set -eu
cat > /tmp/turnserver.conf <<EOF cat > /tmp/turnserver.conf <<EOF
listening-port=3478 listening-port=3479
tls-listening-port=5349 tls-listening-port=5349
listening-ip=0.0.0.0 listening-ip=0.0.0.0
external-ip=${PUBLIC_IP} external-ip=${PUBLIC_IP}
@ -83,8 +85,8 @@ spec:
name: jitsi-secrets name: jitsi-secrets
key: TURN_CREDENTIALS_SECRET key: TURN_CREDENTIALS_SECRET
ports: ports:
- { name: stun-udp, containerPort: 3478, hostPort: 3478, protocol: UDP } - { name: stun-udp, containerPort: 3479, hostPort: 3479, protocol: UDP }
- { name: stun-tcp, containerPort: 3478, hostPort: 3478, protocol: TCP } - { name: stun-tcp, containerPort: 3479, hostPort: 3479, protocol: TCP }
- { name: turns-udp, containerPort: 5349, hostPort: 5349, protocol: UDP } - { name: turns-udp, containerPort: 5349, hostPort: 5349, protocol: UDP }
- { name: turns-tcp, containerPort: 5349, hostPort: 5349, protocol: TCP } - { name: turns-tcp, containerPort: 5349, hostPort: 5349, protocol: TCP }
volumeMounts: volumeMounts: