FR: Support JSON Web Keys
Closed this issue · 4 comments
I am trying to run this in combination with Nextcloud and Traefik for automated Letsencrypt certificates. Traefik stores those certificates in a file acme.json that are stored in a docker volume for persistence.
My idea is that this volume could also be mounted into the coturn container to be able to have coturn use auto-renewed TLS certificates without the need for any magic on the host machine. This requires coturn to handle acme.json which is a regular JSON Web Key. I am not sure whether it does so or how hard it is to implement, but it might also extend the scope of that tool.
Since it is propably relevant primarily in an environment involving traefik and thus docker, I figured it might be ok to ask here for whether something like that could be implemented in this image. There are tools like jwk-to-pem and there are sure more.
Hello @mcnesium ,
Thank you for using this image and creating this Feature Request.
This seems like an interesting idea, but I have to admit I do not have any practical experience with Traefik so I would not be able to help much with this...
As you mentioned though, this is something that can easily extend the scope of this tool so I'm wondering if it wouldn't be better to develop a separate, autonomous container that would be linked to traefik, listen to acme.json updates and automatically generate the pem files in a docker volume that other containers can easily use.
What do you think ?
We might give it a shot, but not until a few weeks, maybe months.
If coturn can handle updated .pem files without interaction, it is propably ok to have a separate container with e.g. some listener that fires this JS-snippet if the certificate has been updated. However, if coturn needs a restart after the certificate has been updated, I think it would be easier to handle that inside the coturn container itself.
I do not think coturn would be able to use a different pem file (cert1.pem then cert2.pem) without restart, but coturn should be able to reload itself automatically if the pem file was updated:
- https://github.com/coturn/coturn/blob/24397e896c93e0915ef8b8cf01f412849268228d/src/apps/relay/mainrelay.c#L2431
- https://github.com/coturn/coturn/blob/24397e896c93e0915ef8b8cf01f412849268228d/src/apps/relay/mainrelay.c#L3087-L3097
So the external container seems valid.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.