Overview
You may be unable to use the TRTC web SDK in your corporate network due to the use of firewalls. We offer two solutions to this issue:
- Add the ports and domain names used by the TRTC web SDK to your firewall allowlist.
- Set up NGINX and Coturn servers.
This document shows you how to set up NGINX + Coturn proxies.
Prerequisites
- Update the TRTC Web SDK version to 4.12.0 or higher.
- You need to set up two servers: an NGINX server and a TURN server. Please contact your company’s IT support staff for help.
- The NGINX proxy server is responsible for forwarding the WebSocket signaling data packets of the TRTC web SDK, and the TURN server forwards audio/video data packets.
- Use Client.setProxyServer to set the NGINX server. The SDK will use the NGINX server you specify for signaling interactions.
- Use Client.setTurnServer to set the TURN server. The SDK will use the TURN server you specify for audio/video data transmission.
Directions
| Scheme | Description | Requirements |
|---|---|---|
| Scheme 1 | Allows your webpages to access specific external proxy servers. | Set up the proxy servers outside your corporate network and add the proxy servers to your firewall allowlist. |
| Scheme 2 | Allows your webpages to access public networks through internal proxy servers. | Set up the proxy servers inside your corporate network and allow the proxy servers to access the TRTC server. |
API examples
const client = TRTC.createClient({
mode: 'rtc',
sdkAppId,
userId,
userSig
});
// Set the NGINX server. proxy.example.com is the domain name of the NGINX server.
client.setProxyServer({
// Set the WebSocket proxy, which is used to transfer data packets between the SDK and the TRTC backend
websocketProxy: 'wss://proxy.example.com/ws/',
// By default, the SDK sends logs to yun.tim.qq.com. If this domain is inaccessible from your corporate network, add the domain to your allowlist or configure a logging proxy as follows:
// Set the logging proxy. We strongly recommend you set a logging proxy because logs are crucial to troubleshooting. This parameter is valid in v4.8.0 and later versions of the SDK.
loggerProxy: 'https://proxy.example.com/logger/'
});
// Set the TURN server. 14.3.3.3:3478 is the IP address and port number of the TURN server.
client.setTurnServer({ url: '14.3.3.3:3478', username: 'turn', credential: 'turn', credentialType: 'password' });
await client.join({ roomId });
Scheme 1
Set up the NGINX server
-
Deploy an NGINX server
Refer to tutorials on the internet to set up and deploy an NGINX server for your company.
-
Configure the NGINX server.
vi /etc/nginx/nginx.confhttp { server { # The domain of the NGINX server server_name proxy.example.com; # The port number of the NGINX server listen 443; ssl on; location /ws/ { # The `websocketProxy` parameter in `setProxyServer` proxy_pass https://intl-signaling.rtc.qcloud.com/; # The TRTC server proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /logger/ { # The `loggerProxy` parameter in `setProxyServer` proxy_pass https://videoapi-sgp.im.qcloud.com/; } # The SSL certificate of the domain, which you need to obtain by yourself ssl_certificate ./crt/1_proxy.trtcapi.com_bundle.crt; ssl_certificate_key ./crt/2_proxy.trtcapi.com.key; } } -
Reload NGINX.
sudo nginx -s reload -
Check that the IP address and port of the NGINX server are no longer blocked by your corporate firewall.
Set up the TURN server
Refer to tutorials on the internet to set up a TURN server or use the script below to set up a TURN server on Centos.
-
Create a script file
turn.shin Linux. Below is the content of the file:#!/usr/bin/env bash # current file name is turn.sh # ref: # https://gabrieltanner.org/blog/turn-server STEP 3 testing turn server # https://medium.com/av-transcode/what-is-webrtc-and-how-to-setup-stun-turn-server-for-webrtc-communication-63314728b9d0 # as super-user # usage: current_program <external-ip> set -x set -e ip a pwd whoami display_usage() { echo "This script must be run with super-user privileges." echo -e "\nUsage: $0 <external-ip> \ne.g. $0 154.8.246.205" } # if less than two arguments supplied, display usage if [ $# -lt 1 ] then display_usage exit 1 fi if [[ $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "get external ip $1" else echo "wrong external ip $1 , must not have whitespace, tab and other char" exit 2 fi yum install -y coturn # $1 is <external-ip> cat <<EOF > /etc/coturn/turnserver.conf external-ip=$1 listening-port=3478 lt-cred-mech max-port=65535 min-port=20000 no-dtls no-tls realm=tencent user=turn:turn verbose EOF -
Allow executable permissions.
chmod +x turn.sh -
Run
sudo ./turn.sh <The server IP address in public networks>as root. Below is an example:sudo ./turn.sh 14.3.3.3 -
Start the TURN server.
systemctl start coturn # Check whether the TURN server is started successfully. ps aux | grep coturn # To restart the service, run the command below. service coturn restart -
Configure the firewall of the TURN server: Open the inbound port 3478 (TCP & UDP) and the outbound ports (UDP) between the minimum and maximum port numbers configured above.
-
Configure your corporate firewall: Allow access to the IP address of the TURN server and open the outbound port 3478 (TCP & UDP).
-
Test the TURN server.
Use this test page to test whether you can access the TURN server. "done" indicates that the TURN server is accessible.
Scheme 2
Scheme 2 differs from scheme 1 only in terms of two settings.
- When setting up the TURN server, set
external-ipto a server address in your corporate network.
# In scheme 1, the parameter is set to a server address in a public network, such as `14.3.3.3`.
sudo ./turn.sh 14.3.3.3
# In scheme 2, the parameter is set to a server address in your corporate network, such as `10.0.0.4`.
sudo ./turn.sh 10.0.0.4
- Configure the firewall:
- Allow the NGINX server to access TRTC domains. For information about the ports and domain names used by the TRTC web SDK, see Firewall Restrictions.
- Allow the TURN server to access public networks.