Add External Turn Server
- 
It would be super-useful if there were an option to use an external turn server instead of the Cloudron one. Since our server sits behind a Cloudflare proxy, the Cloudron turn doesn't work out-of-the-box. It can be made to work on an app-by-app basis by changing the turn server address from turn.example.com to the real IP address or by using an external turn server. But neither option is persistent, getting overwritten each time there is an app restart. So an option to set the preferred turn server would be super-helpful to avoid having to do this manually each time. 
- 
It would be super-useful if there were an option to use an external turn server instead of the Cloudron one. Since our server sits behind a Cloudflare proxy, the Cloudron turn doesn't work out-of-the-box. It can be made to work on an app-by-app basis by changing the turn server address from turn.example.com to the real IP address or by using an external turn server. But neither option is persistent, getting overwritten each time there is an app restart. So an option to set the preferred turn server would be super-helpful to avoid having to do this manually each time. sits behind a Cloudflare proxy This is your case, not everyone is using Cloudflare. Another Problem is the port choice for the turn. It should run on 443. 
 See my post here why:
 https://forum.cloudron.io/topic/1187/bigbluebutton-web-conferencing-system-for-on-line-learning/34?_=1628673180344
- 
sits behind a Cloudflare proxy This is your case, not everyone is using Cloudflare. Another Problem is the port choice for the turn. It should run on 443. 
 See my post here why:
 https://forum.cloudron.io/topic/1187/bigbluebutton-web-conferencing-system-for-on-line-learning/34?_=1628673180344@brutalbirdie said in Add External Turn Server: This is your case, not everyone is using Cloudflare. Indeed, I know that this is specific to my case and that not everyone uses something like Cloudflare. But it is a big player, so worth addressing. As I say, it can be worked around and still use the Cloudron turn by using the real IP instead of the domain name in turn configs. But that gets overwritten, and an option to use external turn server would, frankly, be very helpful indeed given some of the other challenges with the Cloudron turn server that you highlight. [By the way, and not related to my specific request, I will say, that I have had fits in the past trying to get the BigBlueButton's suggested turnserver configuration working and really have found the whole 443 setup to be too difficult. So even for our BigBlueButton server, we've just ended up using an external turn server running on 3478 and 5349. The challenge I think is that the turn server monopolizes 443] 
- 
sits behind a Cloudflare proxy This is your case, not everyone is using Cloudflare. Another Problem is the port choice for the turn. It should run on 443. 
 See my post here why:
 https://forum.cloudron.io/topic/1187/bigbluebutton-web-conferencing-system-for-on-line-learning/34?_=1628673180344@brutalbirdie I wanted to check whether there was any chance that this might be implemented. Its becoming increasingly necessary on our end. 
- 
@brutalbirdie I wanted to check whether there was any chance that this might be implemented. Its becoming increasingly necessary on our end. 
- 
This is currently not part of the next release, however I guess similar to email relays we can support external TURN servers as well, as long as we have the information on the platform to hand down to the apps. @nebulon Thanks. If there is someway to do it it would be much appreciated. I know it is somewhat niche, the problem we're having is caused because of proxying via Cloudflare. It impacts Nextcloud and, even more critically, Matrix/Element. With Nextcloud you can manually edit the external turnserver every time you've rebooted and it will work fine because you are doing it via the Nextcloud interface, so it is just an annoyance. But with Matrix/Element that does not work, as you need to edit the homeserver.yaml and then restart synapse. If you reboot the Matrix instance entirely, then it will completely override the turnserver settings in homeserver.yaml. And we've tried restarting synapse via synctl (in /app/code/bin, pointing to the homeserver.yaml in /app/data/configs), but that doesn't appear to perform a true running restart of synapse. So we're basically stumped there unless we stop proxying via Cloudflare, but that provides an important level of security for our system. Before we moved to Cloudron we were able to make it work using an external turnserver, so we know it works. We just cannot find a workaround with Cloudron's overwriting of the turnserver settings. So, in case the whole system change to allow an external turnserver is too much, we'd really appreciate if there was some change in the Cloudron matrix, as we roll it out across our community. 
- 
@nebulon Thanks. If there is someway to do it it would be much appreciated. I know it is somewhat niche, the problem we're having is caused because of proxying via Cloudflare. It impacts Nextcloud and, even more critically, Matrix/Element. With Nextcloud you can manually edit the external turnserver every time you've rebooted and it will work fine because you are doing it via the Nextcloud interface, so it is just an annoyance. But with Matrix/Element that does not work, as you need to edit the homeserver.yaml and then restart synapse. If you reboot the Matrix instance entirely, then it will completely override the turnserver settings in homeserver.yaml. And we've tried restarting synapse via synctl (in /app/code/bin, pointing to the homeserver.yaml in /app/data/configs), but that doesn't appear to perform a true running restart of synapse. So we're basically stumped there unless we stop proxying via Cloudflare, but that provides an important level of security for our system. Before we moved to Cloudron we were able to make it work using an external turnserver, so we know it works. We just cannot find a workaround with Cloudron's overwriting of the turnserver settings. So, in case the whole system change to allow an external turnserver is too much, we'd really appreciate if there was some change in the Cloudron matrix, as we roll it out across our community. @eganonoa what you describe is exactly the reason why we have to add it as a platform feature. Similarily to email settings, on every app restart, we ensure those things are setup again, this could be required for credentials or port changes or such. It is currently not part of the upcoming release, but it seems quite straightforward to implement and also the jitsi app package will benefit from this. I have created an issue to track this now https://git.cloudron.io/cloudron/box/-/issues/810 
- 
@eganonoa what you describe is exactly the reason why we have to add it as a platform feature. Similarily to email settings, on every app restart, we ensure those things are setup again, this could be required for credentials or port changes or such. It is currently not part of the upcoming release, but it seems quite straightforward to implement and also the jitsi app package will benefit from this. I have created an issue to track this now https://git.cloudron.io/cloudron/box/-/issues/810 
- 
Same request here,in my case,I'm using cloudflare arg tunnel to proxy my cloudron,but the tunnel can't set with turn server port. 
 I have a self hosted coturn server on other domain,I can change turn setting in Nextcloud without reboot,but not
 with synapse.
 So if we have a setting which can change turn server to point 3rd party server,or I can change settings in config without reboot overwrite,that would be very nice.
- 
Same request here,in my case,I'm using cloudflare arg tunnel to proxy my cloudron,but the tunnel can't set with turn server port. 
 I have a self hosted coturn server on other domain,I can change turn setting in Nextcloud without reboot,but not
 with synapse.
 So if we have a setting which can change turn server to point 3rd party server,or I can change settings in config without reboot overwrite,that would be very nice.
- 
 J james marked this topic as a regular topic on J james marked this topic as a regular topic on
 


