fix:Change the turns port used in WebRTC to 443

nginx(website on server) listens on port 4443 and then forwards to the frontend and backend. nginx main configuration adds a stream block to uniformly listen on port 443, then forwards based on domain to coturn(5349) and website(4443). The TURN port used in WebRTC is changed to 443. The deployment document adds a script action to delete extra configurations generated by certbot.
2025-07-23 23:07:59 +08:00
parent 7e055643c5
commit 7950aec063
7 changed files with 339 additions and 111 deletions
@@ -11,6 +11,38 @@ events {
 	# multi_accept on;
 }

+stream {
+    # Define backend services
+    upstream turns_backend {
+        # Coturn's TURNS service, listening on local port 5349
+        server 127.0.0.1:5349;
+    }
+    upstream website_backend {
+        # Your website is now listening on the internal HTTPS port
+        server 127.0.0.1:4443;
+    }
+
+    # Use SNI hostname to determine traffic destination
+    map $ssl_preread_server_name $backend {
+        turn.privydrop.app    turns_backend;   # If accessing the turn subdomain, hand it over to Coturn
+        default               website_backend; # All other domains are handed over to the website
+    }
+
+    # Listening for all TCP traffic on port 443
+    server {
+        listen 443;
+        listen [::]:443;
+
+        # Enable SSL pre-read feature to obtain SNI hostname
+        ssl_preread on;
+
+        # Proxy traffic to the corresponding backend based on map results
+        proxy_pass $backend;
+        proxy_timeout 1d; # Suggest setting a longer timeout for TURN
+        proxy_connect_timeout 5s;
+    }
+}
+
 http {

 	##