-
Notifications
You must be signed in to change notification settings - Fork 33
coturn certificate renewal #92
Comments
ah, good point! A way I could imagine would be, that |
Hi @alangecker |
Are you looking to integrate an external certificate only for the coturn server, as this issue refers to the coturn certificates? In my setup, I'm using jwilder's docker proxy to handle letsencrypt certificates and ended up passing them to the coturn container in
and changing file paths in
Unfortunately these changes need to be reapplied after pulling updates, but maybe there is a way to add a more general support (via the setup.sh) for common external reverse proxy images like traefik and nginx-proxy? (pinging @alangecker) This would greatly improve the ease of integration for servers with multiple services. Specifically thinking of NGOs on a tight budget with single server solutions. For instance: The only other changes required to support jwilder's nginx-proxy for the entire bbb installations are in
With these changes I can disable onboard https support via setup.sh and integrate this BBB setup into an existing nginx-proxy environment with multiple other services. EDIT: Thinking about it .. maybe an easier way would have been just to enable the onboard letsencrypt service, disable the external letsencrypt service (from jwilder's proxy) for the bbb-domain and just pass the traffic through. Although I don't know whether the triple proxying might cause other issues. And in that case the service in docker-compose.https.yml must not run on "host" networking and host ports 80/443. |
@momenezes Rather use a common nginx & certbot setup without docker. Instructions for that are all over the web. In the docs here you can find then how you add bbb-docker to it. @cjhille For any customized setup in different environments I would always recommend not running the web server in docker and see no advantage worth the increase in complexity. Same for coturn, which is also quite easy to setup outside docker including letsencrypt without any modifications. |
Tks @cjhille for your answer; you're right, I put my question on the wrong issue. Sorry for that. |
@alangecker Thank you for you elaborate reply 🙏 IMHO low hanging fruits could be:
And once there are clear instructions on what exactly needs to be customized to enable proxy integration, why not add those steps to setup.sh? You're currently supporting orthogonal third party solutions like prometheus in exactly the same way (which I find to be a good idea). I'd be happy to have a go at a PR, if you decide that this argument is reasonable. Lastly I consider this to be a fantastic all in one bbb repo with well chosen customization options and great technical support and is on track to soon be the default way to install dockerized bbb services. In that regard user's expectations won’t be much different to those of other major dockerized repos like nextcloud, wordpress, jitsi, rocketchat and so on. And for those - if I’m not mistaken - the general approach is not to include an auto-ssl-proxy (rather give an example on how to add one if need be) and allow for good integration with existing proxies and external ssl or auto-ssl solutions via configuration, as the majority of users already has something in place. |
First of all: Thank you for this great work!
We're trying to replace the bundled https proxy with Traefik and need a way to transfer the SSL certificates to coturn. Along the way, I had a look at your implementation.
As far as I can see, the certificates are copied during coturn container start. But how do you handle renewal? Did I miss something or does this still require some work?
The text was updated successfully, but these errors were encountered: