Troubleshoot Proxy Settings

See also: Firewall and Secure Networks

If your IT department blocks certain outbound network access and requires the use of a proxy to bypass restrictions, this article will help your IT department create the proxy and formulate the information to email to help@agrisync.com

A common symptom of needing proxy settings is if all users are unable to use AgriSync's video services.

In most cases, you will not need to set up a proxy.

This tutorial requires advanced knowledge of Linux.

Setting up the Proxy Servers

We require two proxy servers: an Nginx and TURN server.
Signaling is done through the Nginx server, while voice & video are done through the TURN server.

You need to deploy the Nginx and TURN servers on your own.

Configuring the Nginx server

Edit the Nginx configuration file (commonly under /etc/nginx/nginx.conf) and add the following:

resolver 8.8.8.8;
server {
listen 80;
listen 443;
server_name {your DNS};
ssl on;
ssl_certificate {full path to certificate};
ssl_certificate_key {full path to certificate key};
location /cs/ {
proxy_pass https://$arg_h:$arg_p/$arg_d;
}
location /rs/ {
proxy_pass https://$arg_h:$arg_p/$arg_d;
}
location /ws/ {
proxy_pass https://$arg_h:$arg_p;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}


Replace {your DNS}, {full path to certificate}, and {full path to certificate key} with the information.

Reload the Nginx server after changing the configuration file.

Configuring the TURN server

When configuring your TURN server, you will need the following on hand:

extIP : the external IP address
udp : the binding port for the UDP socket (if you're unsure, the default is: 3478)
tcp : the binding port for the TCP socket (if you're unsure, the default is: 3433)
realm : the name of your company, for example something like agrisync.com

Next, generate a set of users for your TURN server, and write them to a configuration file.
For this example, we will use turnserver.conf.

echo "{username}=$(echo -n "{username}:{realm}:{password}" | md5sum | cut -d ' ' -f1)" >> turnserver.conf

Replace {username}, {realm}, and {password} with the information, for example:

echo "myusername=$(echo -n "myusername:agrisync.com:mypassword" | md5sum | cut -d ' ' -f1)" >> turnserver.conf

Results in turnserver.conf :

myusername=5520f71e35e2cd8aecb38937313a679a

Download this binary.

Call the binary file turnserver, and ensure it's executable bit is set.

Only run one TURN server at a time, so if you run this command, make sure no other instances are running in the background.

Put it all together as follows:

sudo nohup ./turnserver {extIP}:{udp} {extIP}:{tcp} {extIP} {realm} turnserver.conf &

Replace {extIP}, {udp}, {tcp}, and {realm} with the information.

This will continue to run the TURN server in the background, persisting after log out.

It must be restarted if the machine loses power.

It is also possible to run this on startup.

Sending Information

We need the following information:

Proxy server IP address or URL

This must match what your SSL certificate is bound to.

TURN server URL
TURN server username
TURN server password
TURN server UDP port
TURN Server TCP port
TURN Server force turn (true or false)

By default, even when your organization has set up proxy information, proxy routing will be disabled for all users.

If you wish to enable the proxy for users, include a list of phone numbers in your email.

Once you have gathered all of your proxy TURN server credentials, and the user phone numbers you want to enable the proxy for, email it to help@agrisync.com asking to set proxy information.
Was this article helpful?
Thank you!