Pion custom SFU server not working inside docker

Question

I followed this example: https://github.com/pion/example-webrtc-applications/tree/master/sfu-ws

• on local is working

• I made a linux build, I put it on a server, is working

• I put it inside a docker container, it's not working anymore.

On docker I opened the port range:

• 50000-50200:50000-50200/udp

  version: '3'
  services:
    app:
      image: xxxx
      container_name: web_preprod
      ports:
        - 127.0.0.1:8080:8080
        - 127.0.0.1:6060:6060
        - 50000-50200:50000-50200/udp
      restart: on-failure
      networks:
        - xxxx
  
    nginx:
      image: nginx:latest
      restart: always
      container_name: nginx_preprod
      command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
     ports:
       - "80:80"
       - "443:443"
       - "6061:6061"
       - "6062:6062"
     networks:
        - xxxx
     volumes:
        - /tmp:/tmp
        - ./nginx.conf:/etc/nginx/nginx.conf
        - ./data/certbot/conf:/etc/letsencrypt
        - ./data/certbot/www:/var/www/certbot
     depends_on:
       - app
     networks:
       xxxx:
         driver: bridge
  

port 6061 is not secure, used for testing.

On my server I put the same ports to be used:

se := webrtc.SettingEngine{}
se.SetEphemeralUDPPortRange(50000, 50200)
WebRTCApi = webrtc.NewAPI(webrtc.WithMediaEngine(getPublisherMediaEngine()), webrtc.WithSettingEngine(se))

But I don't get onTrack neither on the server or client. What I saw, on server I receive

PeerConnectionStateFailed

I use google stun, and a free turn server on client

var config = {
            iceServers: [{
                urls: ["stun:stun1.l.google.com:19302"]
            },
            {
                urls: 'turn:numb.viagenie.ca:3478',
                credential: 'xxxx',
                username: 'xxxx@gmail.com'
            }
            ]
        };
        pc = new RTCPeerConnection(config)

If you have any ideas I will apreciate.

Answer 1

The issue is that Pion (or any WebRTC implementation) is only aware of IP address it is listening on. It can't be aware of all the address that map/forward to it. People will also call this the Public IP or NAT Mapping. So when Pion emits it candidates they will probably look like 10.10.0.* and the remote peer will be unable to contact that.

What you should do is use the SettingEngine and set SetNat1To1IPs. If you know the public IP of the host it will rewrite the candidates with the public IP.

ICE is a tricky process. To understand it conceptually WebRTC for the Curious#Networking may be helpful. Will make sure to answer any follow up questions on SO quickly!