working turn
This commit is contained in:
notplants
@ -1,12 +1,32 @@
|
||||
services:
|
||||
livekit:
|
||||
# Fix Docker Swarm's docker-proxy source address mangling on the TURN
|
||||
# relay → SFU path. Two fixes are applied:
|
||||
#
|
||||
# 1. Add NODE_IP to the first non-loopback interface so the kernel
|
||||
# delivers relay→SFU packets locally (via loopback) instead of
|
||||
# routing through docker-proxy.
|
||||
#
|
||||
# 2. SNAT SFU responses so the source address matches NODE_IP.
|
||||
# pion/ice may select a different socket (overlay IP) for responses,
|
||||
# which would fail TURN permission checks. The iptables rule ensures
|
||||
# all responses to relay ports come from NODE_IP.
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
entrypoint: ["/bin/sh", "-c"]
|
||||
command:
|
||||
- |
|
||||
IFACE=$$(ls /sys/class/net/ | grep -v lo | head -1)
|
||||
ip addr add $$LIVEKIT_NODE_IP/32 dev $$IFACE 2>/dev/null || true
|
||||
apk add --no-cache iptables >/dev/null 2>&1
|
||||
iptables -t nat -A POSTROUTING -p udp --sport 7882 -d $$LIVEKIT_NODE_IP -j SNAT --to-source $$LIVEKIT_NODE_IP
|
||||
exec /livekit-server --config /livekit-server.yaml
|
||||
ports:
|
||||
- target: 443
|
||||
published: 443
|
||||
protocol: udp
|
||||
mode: host
|
||||
# TURN relay ports — published in host mode so the SFU can reach them
|
||||
# via the public IP. Each concurrent TURN user needs ~3 relay ports.
|
||||
# TURN relay ports — each concurrent TURN user needs ~3 relay ports.
|
||||
- target: 30000
|
||||
published: 30000
|
||||
protocol: udp
|
||||
|
||||
Reference in New Issue
Block a user