jitsi-meet: On Debian Buster, fresh install, coturn server fails to start
Description
I did a fresh install on Debian Buster using package jitsi-meet.
sudo apt install jitsi-meet
sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
Warning: this is a fresh install, not an upgrade.
After install, the coturn server does not start, altough it is marked as started by systemd.
Current behavior
The coturn service does not start properly:
- the port
4445is not listening:
root@test-visio-443:/home/debian# netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 14191/nginx: master
tcp 0 0 0.0.0.0:4444 0.0.0.0:* LISTEN 14191/nginx: master
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN 14146/lua5.2
tcp 0 0 127.0.0.1:5347 0.0.0.0:* LISTEN 14146/lua5.2
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN 14146/lua5.2
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14191/nginx: master
tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN 14146/lua5.2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9009/sshd
tcp6 0 0 :::4444 :::* LISTEN 14191/nginx: master
tcp6 0 0 :::5280 :::* LISTEN 14146/lua5.2
tcp6 0 0 ::1:5347 :::* LISTEN 14146/lua5.2
tcp6 0 0 :::5222 :::* LISTEN 14146/lua5.2
tcp6 0 0 :::80 :::* LISTEN 14191/nginx: master
tcp6 0 0 :::5269 :::* LISTEN 14146/lua5.2
tcp6 0 0 :::22 :::* LISTEN 9009/sshd
tcp6 0 0 :::8888 :::* LISTEN 11797/java
The service is marked as active:
sudo systemctl status coturn
● coturn.service - coTURN STUN/TURN Server
Loaded: loaded (/lib/systemd/system/coturn.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-04-01 08:37:41 UTC; 12s ago
Docs: man:coturn(1)
man:turnadmin(1)
man:turnserver(1)
Process: 16438 ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.p
Process: 16440 ExecStartPost=/bin/sleep 2 (code=exited, status=0/SUCCESS)
Main PID: 16439 (turnserver)
Tasks: 3 (limit: 4915)
Memory: 3.9M
CGroup: /system.slice/coturn.service
└─16439 /usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid
By adapting the service definition, I could get some logs:
Apr 01 09:43:01 test-visio-443 turnserver[17105]: 0: Trying to bind fd 16 to <127.0.0.1:443>: errno=13
Apr 01 09:43:01 test-visio-443 turnserver[17105]: 0: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:443
Apr 01 09:43:01 test-visio-443 turnserver[17105]: 0: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:443, again..
Expected Behavior
The coturn server should start and listen to port 4445.
Possible Solution
/etc/turnserver.confis maybe broken ? This is the content:
# jitsi-meet coturn config. Do not modify this line
lt-cred-mech
use-auth-secret
keep-address-family
static-auth-secret=xxxxxx
realm=visio443.xxx.be
cert=/etc/letsencrypt/live/visio443.xxx.be/fullchain.pem
pkey=/etc/letsencrypt/live/visio443.xxx.be/privkey.pem
no-tcp
listening-port=443
tls-listening-port=4445
external-ip=visio443.xxx.be
Steps to reproduce
See under title “Description” 😄
Environment details
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 34 (25 by maintainers)
Excellent! We are adding this to the Debian package.
Can you try to add this under
[service]?AmbientCapabilities=CAP_NET_BIND_SERVICEThen you probably need to
systemctl daemon-reloadand thensystemctl restart coturnMay I also suggest to add a line
syslogto /etc/turnserver.conf ?