Add external-ip support for coturn (#1439)

Handles the case when users are running Coturn with peers in the same network, and these peers connect to the relay server via private IP addresses (e.g., Oracle cloud), which causes relay candidates to be allocated using private IP addresses. This causes issues with external peers who can't reach these private addresses. Use the provided IP address with NETBIRD_TURN_EXTERNAL_IP or discover the address via https://jsonip.com API. For quick-start guide with Zitadel, we only use the discover method with the external API
2025-07-01 07:00:46 +02:00 · 2024-01-10 13:03:46 +01:00
parent 72a1e97304
commit c61cb00f40
7 changed files with 53 additions and 2 deletions
--- a/infrastructure_files/getting-started-with-zitadel.sh
+++ b/infrastructure_files/getting-started-with-zitadel.sh
@ -402,6 +402,15 @@ read_nb_domain() {
  echo "$READ_NETBIRD_DOMAIN"
 }

+get_turn_external_ip() {
+  TURN_EXTERNAL_IP_CONFIG="#external-ip="
+  IP=$(curl -s -4 https://jsonip.com | jq -r '.ip')
+  if [[ "x-$IP" != "x-" ]]; then
+    TURN_EXTERNAL_IP_CONFIG="external-ip=$IP"
+  fi
+  echo "$TURN_EXTERNAL_IP_CONFIG"
+}
+
 initEnvironment() {
  CADDY_SECURE_DOMAIN=""
  ZITADEL_EXTERNALSECURE="false"
@ -413,6 +422,7 @@ initEnvironment() {
  TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g')
  TURN_MIN_PORT=49152
  TURN_MAX_PORT=65535
+  TURN_EXTERNAL_IP_CONFIG=$(get_turn_external_ip)

  if ! check_nb_domain "$NETBIRD_DOMAIN"; then
    NETBIRD_DOMAIN=$(read_nb_domain)
@ -560,6 +570,7 @@ EOF
 renderTurnServerConf() {
  cat <<EOF
 listening-port=3478
+$TURN_EXTERNAL_IP_CONFIG
 tls-listening-port=5349
 min-port=$TURN_MIN_PORT
 max-port=$TURN_MAX_PORT