I am trying to add NGINX infront of my TURN server, I am using the coturn package.
My NGINX conf looks like this.
stream {
upstream turn
{
server 127.0.0.1:5349;
}
server {
listen 443 udp;
resolver 1.1.1.1;
proxy_connect_timeout 5s;
proxy_timeout 15s;
proxy_protocol on;
proxy_pass turn;
ssl_preread on;
}
}
This works on the Chrome browser. I get srflx and relay candidates.
But on Firefox get none of these candidates.
Even on chrome there is a slight difference in the candidates I get with and without NGINX which could be the cause.
Without NGINX:
candidate:3646143538 1 udp 1677729535 <my_ip> 59271 typ srflx raddr 0.0.0.0 rport 0 generation 0 ufrag xmIu network-cost 999
candidate:1499094430 1 udp 33562623 <public_ip_of_my_turn> 63683 typ relay raddr <my_ip> rport 59271 generation 0 ufrag xmIu network-cost 999
With NGINX:
candidate:4227863252 1 udp 1677729535 127.0.0.1 54974 typ srflx raddr 0.0.0.0 rport 0 generation 0 ufrag 0nJM network-cost 999
candidate:601945334 1 udp 33562623 <public_ip_of_my_turn> 60590 typ relay raddr 127.0.0.1 rport 54974 generation 0 ufrag 0nJM network-cost 999
As we can see i get raddr as localhost. Passing the client IP properly to the backend could solve the issue.
Even in coturn logs:
without NGINX:
remote <my_ip>:59271
with NGINX:
remote 127.0.0.1:54974
Tried to proxy $remote_addr variable. since in the access logs i get the proper ip (my ip).
You're using nginx as a generic TCP proxy. In this configuration, nginx receives external connection from the client and makes a (localhost) TCP connection to the TURN server. This kind of configuration does not allow to preserve user's IP address for the destination.
You would need to use some kind of ip-preserving methods, like using PROXY protocol (which require support from the destination software, I doubt that coturn supports it) or TPROXY configuration.