From ffcccd12f9da5d7c9e84079d1e15319988e88479 Mon Sep 17 00:00:00 2001 From: Seungmin Kim <8457324+ehfd@users.noreply.github.com> Date: Sun, 3 Nov 2024 01:36:02 +0900 Subject: [PATCH] Fix IPv6 access --- addons/coturn/detect_external_ip.sh | 2 +- addons/coturn/entrypoint.sh | 2 +- addons/example/Dockerfile | 2 +- addons/example/selkies-gstreamer-entrypoint.sh | 4 ++-- docs/component.md | 2 +- docs/faq.md | 2 +- src/selkies_gstreamer/__main__.py | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/addons/coturn/detect_external_ip.sh b/addons/coturn/detect_external_ip.sh index 2ee9fae0..7d94482f 100755 --- a/addons/coturn/detect_external_ip.sh +++ b/addons/coturn/detect_external_ip.sh @@ -22,7 +22,7 @@ # limitations under the License. if [ -z "${TURN_EXTERNAL_IP}" ]; then - export TURN_EXTERNAL_IP="$(dig TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || dig -6 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || hostname -I 2>/dev/null | awk '{print $1; exit}' || echo '127.0.0.1')" + export TURN_EXTERNAL_IP="$(dig -4 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || dig -6 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "[$(echo $output | sed 's,\",,g')]"; fi } || hostname -I 2>/dev/null | awk '{print $1; exit}' || echo '127.0.0.1')" fi echo "${TURN_EXTERNAL_IP}" diff --git a/addons/coturn/entrypoint.sh b/addons/coturn/entrypoint.sh index c2825153..785de30d 100755 --- a/addons/coturn/entrypoint.sh +++ b/addons/coturn/entrypoint.sh @@ -37,7 +37,7 @@ turnserver \ --aux-server="0.0.0.0:${TURN_ALT_PORT:-8443}" \ --aux-server="[::]:${TURN_ALT_PORT:-8443}" \ --realm="${TURN_REALM:-example.com}" \ - --external-ip="${TURN_EXTERNAL_IP:-$(dig TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || dig -6 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || hostname -I 2>/dev/null | awk '{print $1; exit}' || echo '127.0.0.1')}" \ + --external-ip="${TURN_EXTERNAL_IP:-$(dig -4 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || dig -6 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "[$(echo $output | sed 's,\",,g')]"; fi } || hostname -I 2>/dev/null | awk '{print $1; exit}' || echo '127.0.0.1')}" \ --min-port="${TURN_MIN_PORT:-49152}" \ --max-port="${TURN_MAX_PORT:-65535}" \ --channel-lifetime="${TURN_CHANNEL_LIFETIME:--1}" \ diff --git a/addons/example/Dockerfile b/addons/example/Dockerfile index 3a27f2cd..139e21b7 100644 --- a/addons/example/Dockerfile +++ b/addons/example/Dockerfile @@ -277,7 +277,7 @@ turnserver \ --listening-ip=\"::\" \ --listening-port=\"\${SELKIES_TURN_PORT:-3478}\" \ --realm=\"\${TURN_REALM:-example.com}\" \ - --external-ip=\"\${TURN_EXTERNAL_IP:-\$(dig TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z \"\$output\" ] || echo \"\$output\" | grep -q '^;;'; then exit 1; else echo \"\$(echo \$output | sed 's,\\\",,g')\"; fi } || dig -6 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z \"\$output\" ] || echo \"\$output\" | grep -q '^;;'; then exit 1; else echo \"\$(echo \$output | sed 's,\\\",,g')\"; fi } || hostname -I 2>/dev/null | awk '{print \$1; exit}' || echo '127.0.0.1')}\" \ + --external-ip=\"\${TURN_EXTERNAL_IP:-\$(dig -4 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z \"\$output\" ] || echo \"\$output\" | grep -q '^;;'; then exit 1; else echo \"\$(echo \$output | sed 's,\\\",,g')\"; fi } || dig -6 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z \"\$output\" ] || echo \"\$output\" | grep -q '^;;'; then exit 1; else echo \"[\$(echo \$output | sed 's,\\\",,g')]\"; fi } || hostname -I 2>/dev/null | awk '{print \$1; exit}' || echo '127.0.0.1')}\" \ --min-port=\"\${TURN_MIN_PORT:-49152}\" \ --max-port=\"\${TURN_MAX_PORT:-65535}\" \ --channel-lifetime=\"\${TURN_CHANNEL_LIFETIME:--1}\" \ diff --git a/addons/example/selkies-gstreamer-entrypoint.sh b/addons/example/selkies-gstreamer-entrypoint.sh index 001757d3..0eac3dc1 100755 --- a/addons/example/selkies-gstreamer-entrypoint.sh +++ b/addons/example/selkies-gstreamer-entrypoint.sh @@ -34,8 +34,8 @@ export SELKIES_ENCODER="${SELKIES_ENCODER:-x264enc}" export SELKIES_ENABLE_RESIZE="${SELKIES_ENABLE_RESIZE:-false}" if [ -z "${SELKIES_TURN_REST_URI}" ] && { { [ -z "${SELKIES_TURN_USERNAME}" ] || [ -z "${SELKIES_TURN_PASSWORD}" ]; } && [ -z "${SELKIES_TURN_SHARED_SECRET}" ] || [ -z "${SELKIES_TURN_HOST}" ] || [ -z "${SELKIES_TURN_PORT}" ]; }; then export TURN_RANDOM_PASSWORD="$(tr -dc 'A-Za-z0-9' < /dev/urandom 2>/dev/null | head -c 24)" - export SELKIES_TURN_HOST="${SELKIES_TURN_HOST:-$(dig TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || dig -6 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || hostname -I 2>/dev/null | awk '{print $1; exit}' || echo '127.0.0.1')}" - export TURN_EXTERNAL_IP="${TURN_EXTERNAL_IP:-$(getent ahosts ${SELKIES_TURN_HOST} | awk '{print $1; exit}')}" + export SELKIES_TURN_HOST="${SELKIES_TURN_HOST:-$(dig -4 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "$(echo $output | sed 's,\",,g')"; fi } || dig -6 TXT +short @ns1.google.com o-o.myaddr.l.google.com 2>/dev/null | { read output; if [ -z "$output" ] || echo "$output" | grep -q '^;;'; then exit 1; else echo "[$(echo $output | sed 's,\",,g')]"; fi } || hostname -I 2>/dev/null | awk '{print $1; exit}' || echo '127.0.0.1')}" + export TURN_EXTERNAL_IP="${TURN_EXTERNAL_IP:-$(getent ahostsv4 $(echo ${SELKIES_TURN_HOST} | tr -d '[]') 2>/dev/null | awk '{print $1; exit}' || getent ahostsv6 $(echo ${SELKIES_TURN_HOST} | tr -d '[]') 2>/dev/null | awk '{print "[" $1 "]"; exit}')}" export SELKIES_TURN_PORT="${SELKIES_TURN_PORT:-3478}" export SELKIES_TURN_USERNAME="selkies" export SELKIES_TURN_PASSWORD="${TURN_RANDOM_PASSWORD}" diff --git a/docs/component.md b/docs/component.md index 5d75112c..24fadee2 100644 --- a/docs/component.md +++ b/docs/component.md @@ -229,7 +229,7 @@ Port 3478 and 65534-65535 (change the ports accordingly) are the ports for the i If UDP cannot be used, at the cost of higher latency and lower performance, omit the ports containing `/udp` and use the environment variable `-e SELKIES_TURN_PROTOCOL=tcp`. -All these ports must be exposed to the internet if you need access over the internet. If you need use TURN within a local network, add `-e SELKIES_TURN_HOST=[YOUR_INTERNAL_IP]` with `YOUR_INTERNAL_IP` to the internal hostname or IP of the local network. +All these ports must be exposed to the internet if you need access over the internet. If you need use TURN within a local network, add `-e SELKIES_TURN_HOST={YOUR_INTERNAL_IP}` with `{YOUR_INTERNAL_IP}` to the internal hostname or IP of the local network. IPv6 addresses must be enclosed with square brackets such as `[::1]`. Otherwise, to enable host networking, add `--network=host` to the DockerĀ® command to enable host networking and work around this requirement if your server is not behind a firewall. Note that running multiple desktop containers in one host under this configuration may be problematic and is not recommended. You must also pass a new `DISPLAY` environment variable such as `-e DISPLAY=:22` into the container, that is not used with any other X11 server or container in the same host. diff --git a/docs/faq.md b/docs/faq.md index 9278246b..9848973b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -15,7 +15,7 @@ Also check if the WebRTC video codec is supported in the web browser, as the ser Moreover, if using HTTP but not HTTPS on a remote host that is not `localhost`, use port forwarding to `localhost` as much as possible. Many browsers do not support WebRTC or relevant features including pointer and keyboard lock in HTTP outside localhost. -If you created the TURN server or the example container inside a VPN-enabled environment or virtual machine and the WebRTC connection fails, then you may need to add the `SELKIES_TURN_HOST` environment variable to the private VPN IP of the TURN server host, such as `192.168.0.2`. +If you created the TURN server or the example container inside a VPN-enabled environment or virtual machine and the WebRTC connection fails, then you may need to add the `SELKIES_TURN_HOST` environment variable to the private VPN IP of the TURN server host, such as `192.168.0.2` (IPv4) or `[fe80::2]` (IPv6, including the square brackets). Make sure to also check that you enabled automatic login with your display manager, as the remote desktop cannot access the initial login screen after boot without login. diff --git a/src/selkies_gstreamer/__main__.py b/src/selkies_gstreamer/__main__.py index bb4adc86..0e33db42 100644 --- a/src/selkies_gstreamer/__main__.py +++ b/src/selkies_gstreamer/__main__.py @@ -369,7 +369,7 @@ def main(): parser.add_argument('--turn_host', default=os.environ.get( 'SELKIES_TURN_HOST', 'staticauth.openrelay.metered.ca'), - help='TURN host when generating RTC config from shared secret or using long-term credentials') + help='TURN host when generating RTC config from shared secret or using long-term credentials, IPv6 addresses must be enclosed with square brackets such as [::1]') parser.add_argument('--turn_port', default=os.environ.get( 'SELKIES_TURN_PORT', '443'),