From 26af1dc7f5600412961cd7b857a1c395ec9971c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= Date: Thu, 28 Mar 2024 23:31:22 +0100 Subject: [PATCH] add Nat Hairpinning deployment to docs #378. --- docs/getting-started/README.md | 43 ++++++++++++++++++++++++- docs/getting-started/troubleshooting.md | 1 + 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/docs/getting-started/README.md b/docs/getting-started/README.md index 6cbaba2d..fcce9f96 100644 --- a/docs/getting-started/README.md +++ b/docs/getting-started/README.md @@ -87,7 +87,48 @@ GHCR images are built using GitHub actions for every tag. ### Networking: - If you want to use n.eko in **external** network, you can omit `NEKO_NAT1TO1`. It will automatically get your Public IP. - If you want to use n.eko in **internal** network, set `NEKO_NAT1TO1` to your local IP address (e.g. `NEKO_NAT1TO1: 192.168.1.20`)- -- Currently, it is not supported to supply multiple NAT addresses (see https://github.com/m1k1o/neko/issues/47). + +Currently, it is not supported to supply multiple NAT addresses directly to neko (see https://github.com/m1k1o/neko/issues/47). + +But it can be acheived by deploying own turn server alongside neko that is accessible from your LAN: + +```yaml +version: "3.4" +services: + neko: + image: "m1k1o/neko:firefox" + restart: "unless-stopped" + shm_size: "2gb" + ports: + - "8080:8080" + - "52000-52100:52000-52100/udp" + environment: + NEKO_SCREEN: 1920x1080@30 + NEKO_PASSWORD: neko + NEKO_PASSWORD_ADMIN: admin + NEKO_EPR: 52000-52100 + NEKO_ICESERVERS: '[{ "urls": [ "turn:192.168.1.60:3478" ], "username":"neko", "credential":"neko" }, { "urls": [ "stun:stun.nextcloud.com:3478" ] }]' + coturn: + image: 'coturn/coturn:latest' + network_mode: "host" + command: | + -n + --realm=localhost + --fingerprint + --listening-ip=0.0.0.0 + --external-ip=192.168.1.60 + --listening-port=3478 + --min-port=49160 + --max-port=49200 + --log-file=stdout + --user=neko:neko + --lt-cred-mech +``` + +- Replace `192.168.1.60` with your LAN IP address, and allow ports `49160-49200/udp` and `3478/tcp` in your LAN. +- Make sure you don't use `NEKO_ICELITE: true` because ICE LITE does not support TURN servers. + +This setup adds local turn server to neko. It won't be reachable by your remote clients and your own IP won't be reachable from your lan. So it effectively just adds local candidate and allows connections from LAN. ### Why so many ports? - WebRTC needs UDP ports in order to transfer Audio/Video towards user and Mouse/Keyboard events to the server in real time. diff --git a/docs/getting-started/troubleshooting.md b/docs/getting-started/troubleshooting.md index 3a6ac55a..3965f318 100644 --- a/docs/getting-started/troubleshooting.md +++ b/docs/getting-started/troubleshooting.md @@ -129,6 +129,7 @@ Example for pfsense with truecharts docker container: - Test externally to confirm it works. - Internally you have to access it using `:port` +If your router does not support NAT Loopback (NAT Hairpinning), you can use turn servers to overcome this issue. See [more details here](https://neko.m1k1o.net/#/getting-started/?id=networking) on how to setup local coturn instance. ### Neko works locally, but not externally