# NC Talk — Конфигурация для ГИИКН (niikn.com) ## Архитектура (актуально на 2026-03-03) Klient (browser/mobile) --> HTTPS niikn.com (85.235.181.190) MikroTik NAT --> NPM (192.168.1.22:443) / --> 192.168.1.200:11000 (Apache AIO, Nextcloud) /standalone-signaling/ --> 89.111.131.105:8081 (VPS signaling) Klient --> WSS niikn.com/standalone-signaling/ --> VPS 89.111.131.105:8081 Klient --> STUN 89.111.131.105:3478 Klient --> TURN 89.111.131.105:3478 (UDP+TCP) ## Компоненты ### 1. Nextcloud Talk (Spreed) - v22.0.9 - VM250 (192.168.1.200), NC AIO in Docker - URL: https://niikn.com/apps/talk - Docker: nextcloud-aio-nextcloud - occ: sudo docker exec -u 33 nextcloud-aio-nextcloud php occ - SSH: cloud@192.168.1.200 (пароль 1qaz!QAZ) ### 2. VPS 89.111.131.105 (SpaceWeb) - Ubuntu 24.04, SSH: root / 1qaz!QAZ - Все HPB-компоненты здесь #### Signaling Server (nextcloud-spreed-signaling) - /usr/local/bin/nextcloud-spreed-signaling - Config: /etc/signaling/server.conf - Systemd: signaling.service - Port: 8081 (HTTP, проксируется через NPM с SSL) - Backend URL: https://niikn.com - Backend secret: eba8b0547b0285a475157911300720f99886fe1202a3ca98 - MCU: ws://127.0.0.1:8188 (Janus) #### Janus WebRTC Gateway - v1.1.2 - Config: /etc/janus/janus.jcfg - Transport: /etc/janus/janus.transport.websockets.jcfg - Systemd: janus.service - Port: 8188 (WebSocket, localhost only) - NAT 1:1 mapping: 89.111.131.105 - RTP ports: 20000-20100 - ice_lite: true #### Coturn (TURN/STUN) - v4.6.1 - Config: /etc/turnserver.conf - Systemd: coturn.service - Port: 3478 (TCP+UDP) - Relay IP: 89.111.131.105 - Relay ports: 49152-49252 - Auth: use-auth-secret - Static auth secret: ebf6a8ce0fd1629c2da55356169feea7ab118a18368c2550 - Realm: niikn.com #### NATS - v2.10.24 - Systemd: nats-server - Port: 4222 (localhost only) #### Firewall (UFW) - 22/tcp, 3478/tcp+udp, 8081/tcp, 8188/tcp - 20000-20100/udp (Janus RTP) - 49152-49252/udp (Coturn relay) ### 3. NPM (192.168.1.22) - Docker: npm-app-1 - Proxy host #4: niikn.com -> 192.168.1.200:11000 (SSL, Let's Encrypt) - Custom config: /data/compose/2/data/nginx/custom/server_proxy.conf - location /standalone-signaling/ -> http://89.111.131.105:8081/ (WebSocket upgrade, timeout 3600s) ## Настройки NC Talk (spreed) signaling_servers: server=https://niikn.com/standalone-signaling/, secret=eba8b0547b0285a475157911300720f99886fe1202a3ca98 stun_servers: 89.111.131.105:3478, stun.nextcloud.com:443 turn_servers: server=89.111.131.105:3478, protocols=udp,tcp ## Управление через Некстклауд API Читать nastroyki: curl -sk -u "admin:1qaz%21QAZ" "https://niikn.com/ocs/v2.php/apps/spreed/api/v3/signaling/settings" -H "OCS-APIRequest: true" Обновить signaling: curl -sk -u "admin:1qaz%21QAZ" -X POST "https://niikn.com/ocs/v2.php/apps/provisioning_api/api/v1/config/apps/spreed/signaling_servers" -H "OCS-APIRequest: true" -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "value=..." ## Диагностика Проверка signaling: curl -sk https://niikn.com/standalone-signaling/api/v1/welcome Проверка WebSocket: curl -sk --http1.1 -i -N -H 'Connection: Upgrade' -H 'Upgrade: websocket' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==' https://niikn.com/standalone-signaling/spreed Проверка сервисов на VPS: sshpass -p '1qaz!QAZ' ssh root@89.111.131.105 "systemctl status coturn janus signaling --no-pager" Логи signaling: ssh root@89.111.131.105 "journalctl -u signaling -f" ## История изменений ### 2026-03-03 - VPS 89.111.131.105 переустановлен (SpaceWeb reset при добавлении SSH ключа) - Заново установлены: coturn 4.6.1, Janus 1.1.2, NATS v2.10.24, signaling (из исходников) - Первоначально signaling URL был http://89.111.131.105:8081 — mixed content, браузер блокировал WS - Создан NPM custom config для reverse proxy /standalone-signaling/ с WebSocket upgrade - URL переключен на https://niikn.com/standalone-signaling/ - Исправлен формат TURN URLs (убран дубль turn: prefix) ### 2026-03-02 - Миграция NC AIO на VM250 - Баг: reverse-proxy.config.php перенаправлял на new.niikn.com — исправлено - NC Talk бот (LXC 133) настроен: webhook, pairing, ролевая модель