Problems with large port range binding
Ezwen opened this issue · 3 comments
I've tried the first command of the README:
docker run -d -p 3478:3478 -p 49152-65535:49152-65535/udp instrumentisto/coturn
But then I've encountered some problems due to trying to bind a large range of ports to a Docker container. By default Docker uses a userland proxy (userland-proxy=true in the docker daemon), which tends to eat a huge amount of RAM and CPU when large amounts of ports are binded (see moby/moby#11185).
Unfortunately, I also reach problems when disabling userland proxy (userland-proxy=false), which makes docker use iptables instead of spawning tons of proxy listening processes. Here, not only does creating the container takes forever, but in my case it eventually fails creating all the required redirections and gives an error on a port being already in use (while it's not the case).
This overall problem is nicely summarized in this post: https://www.engagespark.com/blog/rtp-port-ranges-for-freeswitch-in-docker (except for the last problem I've encountered)
In summary: this is not a bug in your image, this is a big weakness of Docker unable to satisfyingly handle large port ranges :). In case you had not encountered this problem, I just wanted to share this piece of information. And maybe a word on these issues could be given in the README, but this is up to you.
and thanks for your work on this image!
@Ezwen thank you for paying attention!
As for us, we're using --network=host for WebRTC/TURN/STUN and don't bother. I think we can mention this in README.md.
I ended up doing the same (--network=host), even though I would really prefer to keep sandboxing my containers. But I'll have to make an exception for this one :)
Yes advising to use --network=host in the README would be nice I think!