oleg/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f90eb337d6b56f6f7d82a8e95d4a2ce3d5b45ce4
knowledge-base/projects/niikn/NC-Talk-Setup.md
Максимка a3eb7bf079 NetBird VPN inventory + cleanup report 13.03.2026 
- Full peer inventory (44 active peers)
- Groups mapping
- Deleted 12 stale peers (6+ months offline)
- Also staged pending NIIKN and video surveillance docs
2026-03-13 22:51:55 +03:00

4.5 KiB
Raw Blame History

NC Talk — Конфигурация для ГИИКН (niikn.com)

Архитектура (актуально на 2026-03-03)

Klient (browser/mobile) --> HTTPS niikn.com (85.235.181.190) MikroTik NAT --> NPM (192.168.1.22:443) / --> 192.168.1.200:11000 (Apache AIO, Nextcloud) /standalone-signaling/ --> 89.111.131.105:8081 (VPS signaling) Klient --> WSS niikn.com/standalone-signaling/ --> VPS 89.111.131.105:8081 Klient --> STUN 89.111.131.105:3478 Klient --> TURN 89.111.131.105:3478 (UDP+TCP)

Компоненты

1. Nextcloud Talk (Spreed) - v22.0.9

  • VM250 (192.168.1.200), NC AIO in Docker
  • URL: https://niikn.com/apps/talk
  • Docker: nextcloud-aio-nextcloud
  • occ: sudo docker exec -u 33 nextcloud-aio-nextcloud php occ
  • SSH: cloud@192.168.1.200 (пароль 1qaz!QAZ)

2. VPS 89.111.131.105 (SpaceWeb)

  • Ubuntu 24.04, SSH: root / 1qaz!QAZ
  • Все HPB-компоненты здесь

Signaling Server (nextcloud-spreed-signaling)

  • /usr/local/bin/nextcloud-spreed-signaling
  • Config: /etc/signaling/server.conf
  • Systemd: signaling.service
  • Port: 8081 (HTTP, проксируется через NPM с SSL)
  • Backend URL: https://niikn.com
  • Backend secret: eba8b0547b0285a475157911300720f99886fe1202a3ca98
  • MCU: ws://127.0.0.1:8188 (Janus)

Janus WebRTC Gateway - v1.1.2

  • Config: /etc/janus/janus.jcfg
  • Transport: /etc/janus/janus.transport.websockets.jcfg
  • Systemd: janus.service
  • Port: 8188 (WebSocket, localhost only)
  • NAT 1:1 mapping: 89.111.131.105
  • RTP ports: 20000-20100
  • ice_lite: true

Coturn (TURN/STUN) - v4.6.1

  • Config: /etc/turnserver.conf
  • Systemd: coturn.service
  • Port: 3478 (TCP+UDP)
  • Relay IP: 89.111.131.105
  • Relay ports: 49152-49252
  • Auth: use-auth-secret
  • Static auth secret: ebf6a8ce0fd1629c2da55356169feea7ab118a18368c2550
  • Realm: niikn.com

NATS - v2.10.24

  • Systemd: nats-server
  • Port: 4222 (localhost only)

Firewall (UFW)

  • 22/tcp, 3478/tcp+udp, 8081/tcp, 8188/tcp
  • 20000-20100/udp (Janus RTP)
  • 49152-49252/udp (Coturn relay)

3. NPM (192.168.1.22)

  • Docker: npm-app-1
  • Proxy host #4: niikn.com -> 192.168.1.200:11000 (SSL, Let's Encrypt)
  • Custom config: /data/compose/2/data/nginx/custom/server_proxy.conf
  • location /standalone-signaling/ -> http://89.111.131.105:8081/ (WebSocket upgrade, timeout 3600s)

Настройки NC Talk (spreed)

signaling_servers: server=https://niikn.com/standalone-signaling/, secret=eba8b0547b0285a475157911300720f99886fe1202a3ca98 stun_servers: 89.111.131.105:3478, stun.nextcloud.com:443 turn_servers: server=89.111.131.105:3478, protocols=udp,tcp

Управление через Некстклауд API

Читать nastroyki: curl -sk -u "admin:1qaz%21QAZ" "https://niikn.com/ocs/v2.php/apps/spreed/api/v3/signaling/settings" -H "OCS-APIRequest: true"

Обновить signaling: curl -sk -u "admin:1qaz%21QAZ" -X POST "https://niikn.com/ocs/v2.php/apps/provisioning_api/api/v1/config/apps/spreed/signaling_servers" -H "OCS-APIRequest: true" -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "value=..."

Диагностика

Проверка signaling: curl -sk https://niikn.com/standalone-signaling/api/v1/welcome

Проверка WebSocket: curl -sk --http1.1 -i -N -H 'Connection: Upgrade' -H 'Upgrade: websocket' -H 'Sec-WebSocket-Version: 13' -H 'Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==' https://niikn.com/standalone-signaling/spreed

Проверка сервисов на VPS: sshpass -p '1qaz!QAZ' ssh root@89.111.131.105 "systemctl status coturn janus signaling --no-pager"

Логи signaling: ssh root@89.111.131.105 "journalctl -u signaling -f"

История изменений

2026-03-03

  • VPS 89.111.131.105 переустановлен (SpaceWeb reset при добавлении SSH ключа)
  • Заново установлены: coturn 4.6.1, Janus 1.1.2, NATS v2.10.24, signaling (из исходников)
  • Первоначально signaling URL был http://89.111.131.105:8081 — mixed content, браузер блокировал WS
  • Создан NPM custom config для reverse proxy /standalone-signaling/ с WebSocket upgrade
  • URL переключен на https://niikn.com/standalone-signaling/
  • Исправлен формат TURN URLs (убран дубль turn: prefix)

2026-03-02

  • Миграция NC AIO на VM250
  • Баг: reverse-proxy.config.php перенаправлял на new.niikn.com — исправлено
  • NC Talk бот (LXC 133) настроен: webhook, pairing, ролевая модель
Reference in New Issue View Git Blame Copy Permalink