processone/eturnal

Run Eturnal as root in docker

FarisZR opened this issue · 25 comments

currently there doesn't seem to be a clear way to run eturnal as root, the docker user directive has no effect on which user runs Eturnal.

This is needed, as it isn't always possible to control who owns files needed by eturnal such as SSL certs.

there is a workaround here:
#55 (comment)

Can you test with the recent commit, if that works for your setup?

sudo docker run --rm --user 0 --name eturnal -e ETURNAL_USER=root -d ghcr.io/processone/eturnal:edge
test-eturnal-1  | su: unknown user root

using this test compose file:

services:
  eturnal:
    image: ghcr.io/processone/eturnal:edge
    user: 0:0 # to access caddy certs
    # ports:
      # - '3478:3478'
      # - '49000-49200:49000-49200'
      # - '3478:3478/udp'
      # - '49000-49200:49000-49200/udp'
    environment:
      - ETURNAL_USER=root
    volumes:
      - caddy_data:/caddy-data:ro
    configs:
        - source: eturnal
          target: /etc/eturnal.yml

configs:
  eturnal:
    file: ./eturnal.yml

volumes:
  caddy_data:
    external: true

This works for me:

saarko@raspberrypi:~ $ sudo docker compose up -d
[+] Running 2/2
 ✔ Network saarko_default      Created                                                                                                                                          0.1s 
 ✔ Container saarko-eturnal-1  Started                                                                                                                                          1.0s 
saarko@raspberrypi:~ $ sudo docker logs saarko-eturnal-1  
Cannot query stun.conversations.im:3478: can't assign requested address
Exec: /opt/eturnal/erts-14.0.2/bin/erlexec -noinput +Bd -boot /opt/eturnal/releases/1.12.0+17/start -mode embedded -boot_var SYSTEM_LIB_DIR /opt/eturnal/lib -config /opt/eturnal/releases/1.12.0+17/sys.config -args_file /opt/eturnal/releases/1.12.0+17/vm.args -erl_epmd_port 3470 -start_epmd false -- foreground
Root: /opt/eturnal
/opt/eturnal
2023-10-01 20:41:03.959067+00:00 [notice] Starting eturnal 1.12.0+17 on Erlang/OTP 26 (ERTS 14.0.2)
2023-10-01 20:41:03.959294+00:00 [info] Got no NOTIFY_SOCKET, notifications disabled
2023-10-01 20:41:03.959412+00:00 [info] Relay IPv4 address: xxx.xxx.xxx.xxx (port range: 49152-65535)
2023-10-01 20:41:03.959478+00:00 [info] Relay IPv6 address not configured
2023-10-01 20:41:03.959568+00:00 [info] Listening on 127.0.0.1:3470 (tcp) (Erlang protocol version 5)
2023-10-01 20:41:03.959877+00:00 [info] Started mod_log_stun
2023-10-01 20:41:03.961166+00:00 [info] Listening on [::]:3478 (udp) (STUN/TURN)
2023-10-01 20:41:03.962004+00:00 [info] Listening on [::]:3478 (tcp) (STUN/TURN)
saarko@raspberrypi:~ $ cat docker-compose.yml 
services:
  eturnal:
    image: ghcr.io/processone/eturnal:edge@sha256:34fe2746fd48fbf31203d0a3f9e43aefb12d639cd6ea2c4f7a7dff9af2ad68b5
    user: 0:0 # to access caddy certs
    # ports:
      # - '3478:3478'
      # - '49000-49200:49000-49200'
      # - '3478:3478/udp'
      # - '49000-49200:49000-49200/udp'
    environment:
      - ETURNAL_USER=root
saarko@raspberrypi:~ $ sudo docker exec saarko-eturnal-1  ps aux
PID   USER     TIME  COMMAND
    1 0         0:00 /sbin/tini -- /bin/sh -c run.sh
    7 0         0:03 {beam.smp} /opt/eturnal/bin/eturnal -Bd -- -root /opt/eturnal -bindir /opt/eturnal/erts-14.0.2/bin -progname opt/eturnal/bin/eturnal -- -home / -- -noshell -noinput -boot /opt/eturnal/releases/1.12.0+17/start -mode embedded -boot_var SYSTEM_LIB_DIR /opt/eturnal/lib -config /opt/eturnal/releases/1.12.0+17/sys.config -name eturnal@127.0.0.1 -kernel inet_dist_use_interface {127,0,0,1} -setcookie eturnal -- -erl_epmd_port 3470 -start_epmd false -- foreground --
  126 0         0:00 erl_child_setup 1048576
  149 0         0:00 /opt/eturnal/erts-14.0.2/bin/inet_gethost 4
  150 0         0:00 /opt/eturnal/erts-14.0.2/bin/inet_gethost 4
  343 0         0:00 ps aux

I just tried it on X86 and it still doesn't work, not sure where the issue is.

ocker compose up
[+] Running 1/1
 ✔ eturnal Pulled                                                                                        0.2s 
[+] Running 1/1
 ✔ Container test-eturnal-1  Recreated                                                                   0.2s 
Attaching to test-eturnal-1
test-eturnal-1  | Cannot query stun.conversations.im:3478: can't assign requested address
test-eturnal-1  | su: unknown user root
test-eturnal-1 exited with code 1

removing user: 0:0 fixes it, but then there is still the permission issue.

You have the newest edge image?

im using the hash you used in your example
ghcr.io/processone/eturnal:edge@sha256:34fe2746fd48fbf31203d0a3f9e43aefb12d639cd6ea2c4f7a7dff9af2ad68b5

Just to make sure, can you bring the compose down with docker compose down and start it up again with docker compose up -d?

Huh, that fixed it. even though docker explictly rebuilt the container.
i will test it if it works now.

it works now, but it doesn't seem to start to actually listen on the ports?

docker compose up
[+] Running 2/2
 ✔ Network test_default      Created                                                                     0.1s 
 ✔ Container test-eturnal-1  Created                                                                     0.4s 
Attaching to test-eturnal-1
test-eturnal-1  | Cannot query stun.conversations.im:3478: can't assign requested address
test-eturnal-1  | Exec: /opt/eturnal/erts-14.0.2/bin/erlexec -noinput +Bd -boot /opt/eturnal/releases/1.12.0+17/start -mode embedded -boot_var SYSTEM_LIB_DIR /opt/eturnal/lib -config /opt/eturnal/releases/1.12.0+17/sys.config -args_file /opt/eturnal/releases/1.12.0+17/vm.args -erl_epmd_port 3470 -start_epmd false -- foreground
test-eturnal-1  | Root: /opt/eturnal
test-eturnal-1  | /opt/eturnal

compose:

services:
  eturnal:
    image: ghcr.io/processone/eturnal:edge@sha256:34fe2746fd48fbf31203d0a3f9e43aefb12d639cd6ea2c4f7a7dff9af2ad68b5
    userns_mode: host
    user: 0:0 # to access caddy certs
    ports:
      - '3478:3478'
      - '49000-49200:49000-49200'
      - '3478:3478/udp'
      - '49000-49200:49000-49200/udp'
    environment:
      - ETURNAL_USER=root
    volumes:
      - caddy_data:/caddy-data:ro
    configs:
        - source: eturnal
          target: /etc/eturnal.yml

configs:
  eturnal:
    file: ./eturnal.yml

volumes:
  caddy_data:
    external: true

What log level have you set?

You may check with:

$ sudo docker exec test-eturnal-1 netstat -tuna 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.1:3470          0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.11:41645        0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:43338         127.0.0.1:3470          TIME_WAIT   
tcp        0      0 :::3478                 :::*                    LISTEN      
udp        0      0 127.0.0.11:36733        0.0.0.0:*                           
udp        0      0 :::3478                 :::*  

The relay port range will not appear here, because it is dynamically opened only.

What log level have you set?

i've just set it to debug, still no logs about listening on the specified ports
it shows up in netstat, but its from dockerd, not sure that means eturnal is actually listening.

Can you provide the logs you are sseeing?

docker compose up
[+] Running 2/2
 ✔ Network test_default      Created                                                                     0.3s 
 ✔ Container test-eturnal-1  Created                                                                     0.7s 
Attaching to test-eturnal-1
test-eturnal-1  | Cannot query stun.conversations.im:3478: can't assign requested address
test-eturnal-1  | Exec: /opt/eturnal/erts-14.0.2/bin/erlexec -noinput +Bd -boot /opt/eturnal/releases/1.12.0+17/start -mode embedded -boot_var SYSTEM_LIB_DIR /opt/eturnal/lib -config /opt/eturnal/releases/1.12.0+17/sys.config -args_file /opt/eturnal/releases/1.12.0+17/vm.args -erl_epmd_port 3470 -start_epmd false -- foreground
test-eturnal-1  | Root: /opt/eturnal
test-eturnal-1  | /opt/eturnal

compose:

services:
  eturnal:
    image: ghcr.io/processone/eturnal:edge@sha256:34fe2746fd48fbf31203d0a3f9e43aefb12d639cd6ea2c4f7a7dff9af2ad68b5
    userns_mode: host
    user: 0:0 # to access caddy certs
    ports:
      - '3478:3478'
      - '49000-49200:49000-49200'
      - '3478:3478/udp'
      - '49000-49200:49000-49200/udp'
    environment:
      - ETURNAL_USER=root
    volumes:
      - caddy_data:/caddy-data:ro
    configs:
        - source: eturnal
          target: /etc/eturnal.yml

configs:
  eturnal:
    file: ./eturnal.yml

volumes:
  caddy_data:
    external: true

Eturnal.yml

# eturnal STUN/TURN server configuration file.
#
# This file is written in YAML. The YAML format is indentation-sensitive, please
# MAKE SURE YOU INDENT CORRECTLY.
#
# See: https://eturnal.net/doc/#Global_Configuration

eturnal:

  ## Shared secret for deriving temporary TURN credentials (default: $RANDOM):
  secret: "xxxxx"

  ## The server's public IPv4 address (default: autodetected):
  relay_ipv4_addr: "89.168.104.205"
  ## The server's public IPv6 address (optional):
  relay_ipv6_addr: "2603:c020:8011:9ede::23"
  realm: turn.fariszr.com

  listen:
    -
      ip: "::"
      port: 3478
      transport: udp
    -
      ip: "::"
      port: 3478
      transport: auto #TLS AND TCP

  ## TLS certificate/key files (must be readable by 'eturnal' user!):
  tls_crt_file: /caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.fariszr.com/turn.fariszr.com.crt
  tls_key_file: /caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.fariszr.com/turn.fariszr.com.key

  ## UDP relay port range (usually, several ports per A/V call are required):
  relay_min_port: 49000     # This is the default.
  relay_max_port: 49200     # This is the default.

  ## Reject TURN relaying to the following addresses/networks:
  blacklist_peers:
    - recommended           # Expands to various addresses/networks recommended
                            # to be blocked. This is the default.

  ## If 'true', close established calls on expiry of temporary TURN credentials:
  strict_expiry: false      # This is the default.

  ## Logging configuration:
  log_level: debug           # critical | error | warning | notice | info | debug
  log_rotate_size: 10485760 # 10 MiB (default: unlimited, i.e., no rotation).
  log_rotate_count: 2      # Keep 10 rotated log files.
  #log_dir: stdout          # Enable for logging to the terminal/journal.

  ## See: https://eturnal.net/doc/#Module_Configuration
  modules:
    mod_log_stun: {}        # Log STUN queries (in addition to TURN sessions).
    #mod_stats_influx: {}   # Log STUN/TURN events into InfluxDB.
    #mod_stats_prometheus:  # Expose STUN/TURN and VM metrics to Prometheus.
    #  ip: any              # This is the default: Listen on all interfaces.
    #  port: 8081           # This is the default.
    #  tls: false           # This is the default.
    #  vm_metrics: true     # This is the default.

Can you set in your eturnal.yml

log_dir: stdout

Looks like its working, but it's not clear if its also listening on IPv4 or not.

test-eturnal-1  | Cannot query stun.conversations.im:3478: can't assign requested address
test-eturnal-1  | Exec: /opt/eturnal/erts-14.0.2/bin/erlexec -noinput +Bd -boot /opt/eturnal/releases/1.12.0+17/start -mode embedded -boot_var SYSTEM_LIB_DIR /opt/eturnal/lib -config /opt/eturnal/releases/1.12.0+17/sys.config -args_file /opt/eturnal/releases/1.12.0+17/vm.args -erl_epmd_port 3470 -start_epmd false -- foreground
test-eturnal-1  | Root: /opt/eturnal
test-eturnal-1  | /opt/eturnal
test-eturnal-1  | 2023-10-02 08:07:07.316000+00:00 [notice] Starting eturnal 1.12.0+17 on Erlang/OTP 26 (ERTS 14.0.2) (eturnal_app:start/2:34)
test-eturnal-1  | 2023-10-02 08:07:07.317506+00:00 [debug] Starting supervisor: eturnal_sup (eturnal_sup:start_link/0:31)
test-eturnal-1  | 2023-10-02 08:07:07.317554+00:00 [debug] Configuring eturnal_sup supervisor: [#{id => systemd,
test-eturnal-1  |                                        start =>
test-eturnal-1  |                                            {eturnal_systemd,start_link,[]}},
test-eturnal-1  |                                      #{id => eturnal,
test-eturnal-1  |                                        start => {eturnal,start_link,[]}}] (eturnal_sup:init/0:39)
test-eturnal-1  | 2023-10-02 08:07:07.319881+00:00 [info] Got no NOTIFY_SOCKET, notifications disabled (eturnal_systemd:init/1:86)
test-eturnal-1  | 2023-10-02 08:07:07.319914+00:00 [debug] PROGRESS REPORT:
test-eturnal-1  |     supervisor: {local,eturnal_sup}
test-eturnal-1  |     started: [{pid,<0.600.0>},
test-eturnal-1  |               {id,systemd},
test-eturnal-1  |               {mfargs,{eturnal_systemd,start_link,[]}},
test-eturnal-1  |               {restart_type,permanent},
test-eturnal-1  |               {significant,false},
test-eturnal-1  |               {shutdown,5000},
test-eturnal-1  |               {child_type,worker}]
test-eturnal-1  |  (supervisor:report_progress/2:1563)
test-eturnal-1  | 2023-10-02 08:07:07.320556+00:00 [info] Relay IPv4 address: 89.168.104.205 (port range: 49000-49200) (eturnal:log_relay_addresses/0:347)
test-eturnal-1  | 2023-10-02 08:07:07.320588+00:00 [info] Relay IPv6 address: 2603:c020:8011:9ede::23 (port range: 49000-49200) (eturnal:log_relay_addresses/0:354)
test-eturnal-1  | 2023-10-02 08:07:07.321719+00:00 [info] Listening on 127.0.0.1:3470 (tcp) (Erlang protocol version 5) (eturnal:log_control_listener/0:367)
test-eturnal-1  | 2023-10-02 08:07:07.322384+00:00 [debug] Using run directory run (eturnal:ensure_run_dir/0:858)
test-eturnal-1  | 2023-10-02 08:07:07.322738+00:00 [debug] TURN configuration seems fine (eturnal:check_turn_config/0:602)
test-eturnal-1  | 2023-10-02 08:07:07.322932+00:00 [debug] Updating PEM file (run/cert.pem) (eturnal:check_pem_file/0:813)
test-eturnal-1  | 2023-10-02 08:07:07.325295+00:00 [debug] Copied /caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.fariszr.com/turn.fariszr.com.key into run/cert.pem (eturnal:copy_file/3:843)
test-eturnal-1  | 2023-10-02 08:07:07.326091+00:00 [debug] Copied /caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.fariszr.com/turn.fariszr.com.crt into run/cert.pem (eturnal:copy_file/3:843)
test-eturnal-1  | 2023-10-02 08:07:07.326131+00:00 [debug] Calling mod_log_stun:start/0 (eturnal_module:start/1:143)
test-eturnal-1  | 2023-10-02 08:07:07.326179+00:00 [debug] Starting mod_log_stun (mod_log_stun:start/0:38)
test-eturnal-1  | 2023-10-02 08:07:07.326440+00:00 [info] Started mod_log_stun (eturnal:start_modules/0:383)
test-eturnal-1  | 2023-10-02 08:07:07.326471+00:00 [debug] Starting listener [::]:3478 (udp) with options:
test-eturnal-1  | [{use_turn,true},
test-eturnal-1  |  {auth_type,user},
test-eturnal-1  |  {turn_ipv4_address,{89,168,104,205}},
test-eturnal-1  |  {turn_ipv6_address,{9731,49184,32785,40670,0,0,0,35}},
test-eturnal-1  |  {turn_min_port,49000},
test-eturnal-1  |  {turn_max_port,49200},
test-eturnal-1  |  {turn_max_allocations,10},
test-eturnal-1  |  {turn_max_permissions,10},
test-eturnal-1  |  {shaper,none},
test-eturnal-1  |  {auth_realm,<<"turn.fariszr.com">>},
test-eturnal-1  |  {server_name,<<"eturnal">>},
test-eturnal-1  |  {auth_fun,fun eturnal:get_password/2},
test-eturnal-1  |  {hook_fun,fun eturnal:run_hook/2},
test-eturnal-1  |  {turn_blacklist_clients,[]},
test-eturnal-1  |  {turn_blacklist_peers,[{{10,0,0,0},8},
test-eturnal-1  |                         {{100,64,0,0},10},
test-eturnal-1  |                         {{127,0,0,0},8},
test-eturnal-1  |                         {{169,254,0,0},16},
test-eturnal-1  |                         {{172,16,0,0},12},
test-eturnal-1  |                         {{192,0,0,0},24},
test-eturnal-1  |                         {{192,0,2,0},24},
test-eturnal-1  |                         {{192,88,99,0},24},
test-eturnal-1  |                         {{192,168,0,0},16},
test-eturnal-1  |                         {{198,18,0,0},15},
test-eturnal-1  |                         {{198,51,100,0},24},
test-eturnal-1  |                         {{203,0,113,0},24},
test-eturnal-1  |                         {{224,0,0,0},4},
test-eturnal-1  |                         {{240,0,0,0},4},
test-eturnal-1  |                         {{0,0,0,0,0,0,0,1},128},
test-eturnal-1  |                         {{100,65435,0,0,0,0,0,0},96},
test-eturnal-1  |                         {{256,0,0,0,0,0,0,0},64},
test-eturnal-1  |                         {{64512,0,0,0,0,0,0,0},7},
test-eturnal-1  |                         {{65152,0,0,0,0,0,0,0},10},
test-eturnal-1  |                         {{65280,0,0,0,0,0,0,0},8}]},
test-eturnal-1  |  {turn_whitelist_clients,[]},
test-eturnal-1  |  {turn_whitelist_peers,[]}] (eturnal:start_listeners/0:418)
test-eturnal-1  | 2023-10-02 08:07:07.333116+00:00 [info] Listening on [::]:3478 (udp) (STUN/TURN) (eturnal:start_listeners/0:425)
test-eturnal-1  | 2023-10-02 08:07:07.333166+00:00 [debug] Starting listener [::]:3478 (auto) with options:
test-eturnal-1  | [{use_turn,true},
test-eturnal-1  |  {auth_type,user},
test-eturnal-1  |  {tls,optional},
test-eturnal-1  |  {certfile,<<"run/cert.pem">>},
test-eturnal-1  |  {ciphers,<<"HIGH:!aNULL:@STRENGTH">>},
test-eturnal-1  |  {protocol_options,<<"cipher_server_preference">>},
test-eturnal-1  |  {turn_ipv4_address,{89,168,104,205}},
test-eturnal-1  |  {turn_ipv6_address,{9731,49184,32785,40670,0,0,0,35}},
test-eturnal-1  |  {turn_min_port,49000},
test-eturnal-1  |  {turn_max_port,49200},
test-eturnal-1  |  {turn_max_allocations,10},
test-eturnal-1  |  {turn_max_permissions,10},
test-eturnal-1  |  {shaper,none},
test-eturnal-1  |  {auth_realm,<<"turn.fariszr.com">>},
test-eturnal-1  |  {server_name,<<"eturnal">>},
test-eturnal-1  |  {auth_fun,fun eturnal:get_password/2},
test-eturnal-1  |  {hook_fun,fun eturnal:run_hook/2},
test-eturnal-1  |  {turn_blacklist_clients,[]},
test-eturnal-1  |  {turn_blacklist_peers,[{{10,0,0,0},8},
test-eturnal-1  |                         {{100,64,0,0},10},
test-eturnal-1  |                         {{127,0,0,0},8},
test-eturnal-1  |                         {{169,254,0,0},16},
test-eturnal-1  |                         {{172,16,0,0},12},
test-eturnal-1  |                         {{192,0,0,0},24},
test-eturnal-1  |                         {{192,0,2,0},24},
test-eturnal-1  |                         {{192,88,99,0},24},
test-eturnal-1  |                         {{192,168,0,0},16},
test-eturnal-1  |                         {{198,18,0,0},15},
test-eturnal-1  |                         {{198,51,100,0},24},
test-eturnal-1  |                         {{203,0,113,0},24},
test-eturnal-1  |                         {{224,0,0,0},4},
test-eturnal-1  |                         {{240,0,0,0},4},
test-eturnal-1  |                         {{0,0,0,0,0,0,0,1},128},
test-eturnal-1  |                         {{100,65435,0,0,0,0,0,0},96},
test-eturnal-1  |                         {{256,0,0,0,0,0,0,0},64},
test-eturnal-1  |                         {{64512,0,0,0,0,0,0,0},7},
test-eturnal-1  |                         {{65152,0,0,0,0,0,0,0},10},
test-eturnal-1  |                         {{65280,0,0,0,0,0,0,0},8}]},
test-eturnal-1  |  {turn_whitelist_clients,[]},
test-eturnal-1  |  {turn_whitelist_peers,[]}] (eturnal:start_listeners/0:418)
test-eturnal-1  | 2023-10-02 08:07:07.336753+00:00 [info] Listening on [::]:3478 (auto) (STUN/TURN) (eturnal:start_listeners/0:425)
test-eturnal-1  | 2023-10-02 08:07:07.336799+00:00 [debug] Started 1 modules (eturnal:init/1:105)
test-eturnal-1  | 2023-10-02 08:07:07.336815+00:00 [debug] Started 2 listeners (eturnal:init/1:106)
test-eturnal-1  | 2023-10-02 08:07:07.336844+00:00 [debug] PROGRESS REPORT:
test-eturnal-1  |     supervisor: {local,eturnal_sup}
test-eturnal-1  |     started: [{pid,<0.601.0>},
test-eturnal-1  |               {id,eturnal},
test-eturnal-1  |               {mfargs,{eturnal,start_link,[]}},
test-eturnal-1  |               {restart_type,permanent},
test-eturnal-1  |               {significant,false},
test-eturnal-1  |               {shutdown,5000},
test-eturnal-1  |               {child_type,worker}]
test-eturnal-1  |  (supervisor:report_progress/2:1563)
test-eturnal-1  | 2023-10-02 08:07:07.337347+00:00 [debug] No NOTIFY_SOCKET, dropping READY=1 notification (eturnal_systemd:handle_cast/2:99)
test-eturnal-1  | 2023-10-02 08:07:07.337398+00:00 [debug] PROGRESS REPORT:
test-eturnal-1  |     application: eturnal
test-eturnal-1  |     started_at: 'eturnal@127.0.0.1'
test-eturnal-1  |  (application_controller:info_started/2:2117)
test-eturnal-1  | 2023-10-02 08:07:07.337858+00:00 [debug] PROGRESS REPORT:
test-eturnal-1  |     supervisor: {local,sasl_safe_sup}
test-eturnal-1  |     started: [{pid,<0.611.0>},
test-eturnal-1  |               {id,alarm_handler},
test-eturnal-1  |               {mfargs,{alarm_handler,start_link,[]}},
test-eturnal-1  |               {restart_type,permanent},
test-eturnal-1  |               {significant,false},
test-eturnal-1  |               {shutdown,2000},
test-eturnal-1  |               {child_type,worker}]
test-eturnal-1  |  (supervisor:report_progress/2:1563)
test-eturnal-1  | 2023-10-02 08:07:07.337933+00:00 [debug] PROGRESS REPORT:
test-eturnal-1  |     supervisor: {local,sasl_sup}
test-eturnal-1  |     started: [{pid,<0.610.0>},
test-eturnal-1  |               {id,sasl_safe_sup},
test-eturnal-1  |               {mfargs,{supervisor,start_link,
test-eturnal-1  |                                   [{local,sasl_safe_sup},sasl,safe]}},
test-eturnal-1  |               {restart_type,permanent},
test-eturnal-1  |               {significant,false},
test-eturnal-1  |               {shutdown,infinity},
test-eturnal-1  |               {child_type,supervisor}]
test-eturnal-1  |  (supervisor:report_progress/2:1563)
test-eturnal-1  | 2023-10-02 08:07:07.342213+00:00 [debug] PROGRESS REPORT:
test-eturnal-1  |     supervisor: {local,sasl_sup}
test-eturnal-1  |     started: [{pid,<0.612.0>},
test-eturnal-1  |               {id,release_handler},
test-eturnal-1  |               {mfargs,{release_handler,start_link,[]}},
test-eturnal-1  |               {restart_type,permanent},
test-eturnal-1  |               {significant,false},
test-eturnal-1  |               {shutdown,2000},
test-eturnal-1  |               {child_type,worker}]
test-eturnal-1  |  (supervisor:report_progress/2:1563)
test-eturnal-1  | 2023-10-02 08:07:07.342332+00:00 [debug] PROGRESS REPORT:
test-eturnal-1  |     application: sasl
test-eturnal-1  |     started_at: 'eturnal@127.0.0.1'
test-eturnal-1  |  (application_controller:info_started/2:2117)
test-eturnal-1  | 2023-10-02 08:07:07.342422+00:00 [debug] PROGRESS REPORT:
test-eturnal-1  |     application: recon
test-eturnal-1  |     started_at: 'eturnal@127.0.0.1'
test-eturnal-1  |  (application_controller:info_started/2:2117)

according to the docs [::]:3478 should also mean ipv4, right?

weiss commented

Looks like its working, but it's not clear if its also listening on IPv4 or not.

It's listening on ::, which on Linux implies listening on both IPv4 and IPv6 (unless you set net.ipv6.bindv6only).

Your logs look fine to me, except that the STUN client fails to open a UDP socket (can't assign requested address). As you explicitly specified the relay_ipv4_addr, the STUN result would remain unused anyway, it just seems a little surprising/worrying (to me) that opening that UDP socket within the container fails.

Your logs look fine to me, except that the STUN client fails to open a UDP socket (can't assign requested address). As you explicitly specified the relay_ipv4_addr, the STUN result would remain unused anyway, it just seems a little surprising/worrying (to me) that opening that UDP socket within the container fails.

I assume, this message is only related to IPv6 lookup. We have another user with Oracle having the same pattern (#43 (comment))

weiss commented

I assume, this message is only related to IPv6 lookup. We have another user with Oracle having the same pattern (#43 (comment))

👍

So I guess everything looks fine and this issue can be closed?

yeah i've just tested it out with IPv4, and it seems to work!
is there an eta about when a new image with this patch/Feature going to be released? as i don't prefer to run the edge image on production.

@FarisZR thanks for the confirmation.

One hint to your configuration:

eturnal does not support TCP relaying, which is usually also not recommended to use. Therefore, you can leave the port range publishing away in your compose file, if still existing:

    ports:
      - '49000-49200:49000-49200'
weiss commented

is there an eta about when a new image with this patch/Feature going to be released?

Generally we're quite open to release 'early and often', but this particular change seems a bit too corner-case to me to warrant a new release (as each release does create a little work for others).

as i don't prefer to run the edge image on production.

Understandable, but note that no actual changes to the STUN/TURN code were applied since the 1.12.0 release, so in this case, I don't really see a technical reason to avoid the current edge image.

But I'll keep in mind not to wait too long with the next relase 😄

yeah ok, i can just lock it to that specific digest.