Also better to use domain name in p:turnUrl if user have one and port number can be omitted if it is default 3478.
сб, 16 мая 2020 г. в 17:22, Konstantin Kuzov <master.nosfer...@gmail.com>: > Hi there, I have a few suggestions about tutorials. > > 1) I don't really understand the purpose for setting both user and > use-auth-secret in coturn. According to documentation they are both > exclusive: > # Be aware that use-auth-secret overrides some parts of lt-cred-mech. > # The use-auth-secret feature depends internally on lt-cred-mech, so if > you set > # this option then it automatically enables lt-cred-mech internally > # as if you had enabled both. > # Note that you can use only one auth mechanism at the same time! This is > because, > # both mechanisms conduct username and password validation in different > ways. > # Use either lt-cred-mech or use-auth-secret in the conf > # to avoid any confusion. > > 2) Also for coturn I don't see the fingerprint option. Isn't it required > for webrtc? > 3) What the point for installing to something obscure like /opt/open504 > and using open504 as database name? IMHO it would just complicate upgrading > procedure for users.later on. > 4) Please use openmeetings.service on distributions which use systemd. > 5) User need to be aware that tomcat won't reload to new certificates upon > renewal and will keep using old certificates until full restart. So > typically after 3 month clients will be greated with expired certificate in > case of let's encrypt. If user don't want to restart tomcat every now and > then and terminate by that all currently active connections user need send > to it reloadSslHostConfig(host) or reloadSslHostConfigs() via jmx or > manager. But it is not something simple like in case of nginx which only > require SIGHUP signal to the process. And nor jmx or manager is shipped > with OM distribution anyway. As one solution to the problem on my test OM > installation VM with let's encrypt I'm using acme-tiny instead of certbot > (matter of preference) and this custom protocol > https://github.com/CkNoSFeRaTU/tomcat-reloadprotocol which will > automatically reload it for me every configured interval. > >> >>
