Wednesday, July 5, 2023

How to configure Eturnal TURN server with TLSv1.3 support on Debian 12

 eturnal is a turn server and an alternative to coturn. It can be installed on Debian using the instructions provided here

To use a static username and password, a script must be used to generate one that works with the defined secret code in the config file. 

The following python code can be used for such conversion:

import hmac

import hashlib

import base64

username = "1735686000"          # For credentials valid until 2025-01-01.

secret = "1pIFIj70BPsgBI92j5ux"  # As specified in your configuration file.

sha = hmac.new(secret.encode('utf-8'), username.encode('utf-8'), hashlib.sha1)

password = base64.b64encode(sha.digest()).decode('utf-8')

print(username)

print(password)


The following options can be used to disable older versions of tls to force tlsv1.3:

  ## TLS certificate/key files (must be readable by 'eturnal' user!):
  tls_crt_file: /opt/fullchain.pem
  tls_key_file: /opt/privkey.pem
  tls_options:
    - no_tlsv1
    - no_tlsv1_1
    - no_tlsv1_2

It is recommended to also uncomment the - recommended item in the blacklist section to blacklist local network ip addresses from turn and speed up connection.
at 2 comments:

Monday, July 3, 2023

How to Install coturn 4.6.2 with TLSv1.3 support on Debian 12

 TLSv1.3 support is added in coturn >4.6.2  . Debian 12 bookworm comes with coturn 4.6.1 which does support TLSv1.3. Docker version of coturn may be used to get the last version of coturn then, or a compilation from source is needed.  

In case of compiling from source, openssl 1.1.1 is needed to support TLSv1.3.

To compile the last version of coturn on Debian, follow these instructions:

apt-get install pkg-config build-essential libssl-dev libevent-dev libsystemd-dev -y

cd /usr/src

wget https://github.com/coturn/coturn/archive/refs/tags/4.6.2.tar.gz

tar -zxvf 4.6.2.tar.gz

cd coturn-4.6.2

./configure --prefix=/usr --confdir=/etc

make

make install

cp ./examples/etc/coturn.service /etc/systemd/system/

mv /etc/turnserver.conf.default /etc/turnserver.conf

systemctl daemon-reload

chown turnserver:turnserver /var/run/turnserver.pid

useradd turnserver -s /bin/false

systemctl enable coturn --now

service coturn status

Now, in the log file you should see:

INFO: TLS 1.3 supported

Jitsi provides a sample turnserver.conf file to use for media streaming and TURNS. The syntax file can be found here

The following configuration can be added to the /etc/turnserver.conf file to disable older versions of SSL/TLS incuding tlsv1.2 to enfore tlsv1.3 connections:

no-sslv3

no-tlsv1

no-tlsv1_1

no-tlsv1_2

A static user and password for turn can be defined using the following config:

lt-cred-mech

user=TURNUSER:TURNPASSWORD


at No comments:

Sunday, April 23, 2023

How to suppress opencv / gst-launch-1.0 nvarguscamerasrc GST_ARGUS warning / debug messages

 Jetson camera library always prints debug information:




GST_ARGUS: Creating output stream

CONSUMER: Waiting until producer is connected...

GST_ARGUS: Available Sensor modes :

GST_ARGUS: 3264 x 2464 FR = 21.000000 fps Duration = 47619048 ; Analog Gain range min 1.000000, max 10.625000; Exposure Range min 13000, max 683709000;

GST_ARGUS: 3264 x 1848 FR = 28.000001 fps Duration = 35714284 ; Analog Gain range min 1.000000, max 10.625000; Exposure Range min 13000, max 683709000;

GST_ARGUS: 1920 x 1080 FR = 29.999999 fps Duration = 33333334 ; Analog Gain range min 1.000000, max 10.625000; Exposure Range min 13000, max 683709000;

GST_ARGUS: 1640 x 1232 FR = 29.999999 fps Duration = 33333334 ; Analog Gain range min 1.000000, max 10.625000; Exposure Range min 13000, max 683709000;

GST_ARGUS: 1280 x 720 FR = 59.999999 fps Duration = 16666667 ; Analog Gain range min 1.000000, max 10.625000; Exposure Range min 13000, max 683709000;

GST_ARGUS: 1280 x 720 FR = 120.000005 fps Duration = 8333333 ; Analog Gain range min 1.000000, max 10.625000; Exposure Range min 13000, max 683709000;

GST_ARGUS: Running with following settings:

   Camera index = 0 

   Camera mode  = 2 

   Output Stream W = 1920 H = 1080 

   seconds to Run    = 0 

   Frame Rate = 29.999999 

GST_ARGUS: Setup Complete, Starting captures for 0 seconds

GST_ARGUS: Starting repeat capture requests.

CONSUMER: Producer has connected; continuing.


These prints are hardcoded in the source file of the camera module gstnvarguscamerasrc.cpp as explained here . The following commands can be used to disable these hardcoded messages and compile the module.

Find the corresponding version of your nvidia jetpack and download its public_sources file

cat /etc/nv_tegra_release

cd ~/src 

# for R32 (release), REVISION: 7.3 Driver Package (BSP) Sources:  https://developer.nvidia.com/embedded/linux-tegra-r3273

wget --trust-server-names https://developer.nvidia.com/downloads/remack-sdksjetpack-463r32releasev73sourcest210publicsourcestbz2

tar -jxvf public_sources.tbz2*

cd Linux_for_Tegra/source/public

tar -jxvf gst-nvarguscamera_src.tbz2

cd gst-nvarguscamera/

vi gstnvarguscamerasrc.cpp

// delete printf in the following lines:

#define GST_ARGUS_PRINT(...)

#define CONSUMER_PRINT(...)

make

sudo make install

You may also use the following line to disable opencv warnings. It is also best to restart nvargus-daemon service each time before using the camera:

import warnings

warnings.filterwarnings('ignore')

import sys, os

os.system("sudo systemctl restart nvargus-daemon")

os.environ["DISPLAY"] = ":0"

os.environ["OPENCV_LOG_LEVEL"] = "OFF"

This will allow you to run your script without any warning messages:



at No comments:
Subscribe to: Posts (Atom)

How to disable Debian 12 sleep on production servers

 Debian 12 has power saver enabled by default which causes your server to go to sleep if there is no mouse / keyboard interaction. To resolv...