oleg/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6705286718764a03a618b848f7d4186c43a6c960
knowledge-base/projects/niikn/NC-Talk-Setup.md
Максимка a3eb7bf079 NetBird VPN inventory + cleanup report 13.03.2026 
- Full peer inventory (44 active peers)
- Groups mapping
- Deleted 12 stale peers (6+ months offline)
- Also staged pending NIIKN and video surveillance docs
2026-03-13 22:51:55 +03:00

111 lines
4.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# NC Talk — Конфигурация для ГИИКН (niikn.com)
## Архитектура (актуально на 2026-03-03)
Klient (browser/mobile) --> HTTPS niikn.com (85.235.181.190)
MikroTik NAT --> NPM (192.168.1.22:443)
/ --> 192.168.1.200:11000 (Apache AIO, Nextcloud)
/standalone-signaling/ --> 89.111.131.105:8081 (VPS signaling)
Klient --> WSS niikn.com/standalone-signaling/ --> VPS 89.111.131.105:8081
Klient --> STUN 89.111.131.105:3478
Klient --> TURN 89.111.131.105:3478 (UDP+TCP)
## Компоненты
### 1. Nextcloud Talk (Spreed) - v22.0.9
- VM250 (192.168.1.200), NC AIO in Docker
- URL: https://niikn.com/apps/talk
- Docker: nextcloud-aio-nextcloud
- occ: sudo docker exec -u 33 nextcloud-aio-nextcloud php occ
- SSH: cloud@192.168.1.200 (пароль 1qaz!QAZ)
### 2. VPS 89.111.131.105 (SpaceWeb)
- Ubuntu 24.04, SSH: root / 1qaz!QAZ
- Все HPB-компоненты здесь
#### Signaling Server (nextcloud-spreed-signaling)
- /usr/local/bin/nextcloud-spreed-signaling
- Config: /etc/signaling/server.conf
- Systemd: signaling.service
- Port: 8081 (HTTP, проксируется через NPM с SSL)
- Backend URL: https://niikn.com
- Backend secret: eba8b0547b0285a475157911300720f99886fe1202a3ca98
- MCU: ws://127.0.0.1:8188 (Janus)
#### Janus WebRTC Gateway - v1.1.2
- Config: /etc/janus/janus.jcfg
- Transport: /etc/janus/janus.transport.websockets.jcfg
- Systemd: janus.service
- Port: 8188 (WebSocket, localhost only)
- NAT 1:1 mapping: 89.111.131.105
- RTP ports: 20000-20100
- ice_lite: true
#### Coturn (TURN/STUN) - v4.6.1
- Config: /etc/turnserver.conf
- Systemd: coturn.service
- Port: 3478 (TCP+UDP)
- Relay IP: 89.111.131.105
- Relay ports: 49152-49252
- Auth: use-auth-secret
- Static auth secret: ebf6a8ce0fd1629c2da55356169feea7ab118a18368c2550
- Realm: niikn.com
#### NATS - v2.10.24
- Systemd: nats-server
- Port: 4222 (localhost only)
#### Firewall (UFW)
- 22/tcp, 3478/tcp+udp, 8081/tcp, 8188/tcp
- 20000-20100/udp (Janus RTP)
- 49152-49252/udp (Coturn relay)
### 3. NPM (192.168.1.22)
- Docker: npm-app-1
- Proxy host #4: niikn.com -> 192.168.1.200:11000 (SSL, Let's Encrypt)
- Custom config: /data/compose/2/data/nginx/custom/server_proxy.conf
- location /standalone-signaling/ -> http://89.111.131.105:8081/ (WebSocket upgrade, timeout 3600s)
## Настройки NC Talk (spreed)
signaling_servers: server=https://niikn.com/standalone-signaling/, secret=eba8b0547b0285a475157911300720f99886fe1202a3ca98
stun_servers: 89.111.131.105:3478, stun.nextcloud.com:443
turn_servers: server=89.111.131.105:3478, protocols=udp,tcp
## Управление через Некстклауд API
Читать nastroyki:
curl -sk -u "admin:1qaz%21QAZ" "https://niikn.com/ocs/v2.php/apps/spreed/api/v3/signaling/settings" -H "OCS-APIRequest: true"
Обновить signaling:
curl -sk -u "admin:1qaz%21QAZ" -X POST "https://niikn.com/ocs/v2.php/apps/provisioning_api/api/v1/config/apps/spreed/signaling_servers" -H "OCS-APIRequest: true" -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "value=..."
## Диагностика
Проверка signaling:
curl -sk https://niikn.com/standalone-signaling/api/v1/welcome
Проверка WebSocket:
curl -sk --http1.1 -i -N -H 'Connection: Upgrade' -H 'Upgrade: websocket' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==' https://niikn.com/standalone-signaling/spreed
Проверка сервисов на VPS:
sshpass -p '1qaz!QAZ' ssh root@89.111.131.105 "systemctl status coturn janus signaling --no-pager"
Логи signaling:
ssh root@89.111.131.105 "journalctl -u signaling -f"
## История изменений
### 2026-03-03
- VPS 89.111.131.105 переустановлен (SpaceWeb reset при добавлении SSH ключа)
- Заново установлены: coturn 4.6.1, Janus 1.1.2, NATS v2.10.24, signaling (из исходников)
- Первоначально signaling URL был http://89.111.131.105:8081 — mixed content, браузер блокировал WS
- Создан NPM custom config для reverse proxy /standalone-signaling/ с WebSocket upgrade
- URL переключен на https://niikn.com/standalone-signaling/
- Исправлен формат TURN URLs (убран дубль turn: prefix)
### 2026-03-02
- Миграция NC AIO на VM250
- Баг: reverse-proxy.config.php перенаправлял на new.niikn.com — исправлено
- NC Talk бот (LXC 133) настроен: webhook, pairing, ролевая модель
Reference in New Issue View Git Blame Copy Permalink