How to configure Big Blue Button for Xirsys TURN server? - bigbluebutton

I run an self-hosted instance of BigBlueButton and signed up for Xirsys TURN server services because we need to serve clients behind (pretty restrictive) firewalls. Before I had been running my own instance of coturn, but as this led to problems recently, I thought I will got someone who does this for a living a try.
Now the configuration in BBB is explained here:
https://docs.bigbluebutton.org/2.2/setup-turn-server.html
Yet so far I completely failed to match the parameters I receive from Xirsys with what I have to put into the /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml file in the place of the <turn.example.com> and <secret_value>.
Did anyone ever make this work? I did try and find a tutorial but also failed.

bbb_web, is returning this the turn uris. passwords to the html5 client, that the client is using in sip.js
so you can either get bbb-web to send valid username/passwords is same method is used, or modify the html5 client to make a Xirsys api call, to get access to the turn candidates.
Would need to look at api docs. twilio has a similar service.
regards,
Stephen

not the most elegant solution but the easiest one for me:
modify the final bbb js bundle to load the stunturn info from a fixed url in
e.g.
/usr/share/meteor/bundle/programs/web.browser/f30716b2b57e2862c4db2325 b7aac63f4622842b.js
the minified part should then look somewhat like:
const r=Meteor.settings.public.media,i='https://<yourbbburl>/html5client/stunturn.json',a=r.cacheStunTurnServers,s=r.fallbackStunServer;
and put either the static credentials or generated ones in a file stunturn.json besides the js bundle.

Related

How to use Google Action Builder with my own server

I want to develop an action to google assistant. So i red the documentation here https://developers.google.com/assistant/conversational/overview and i followed this tutorial https://www.youtube.com/watch?v=Z1hxvniJ18s
It s worked and i was allow to develop and test my app in the simulator. The problem is that when it's come to webhook i don't totaly understand how it's work. On the webhook icon i got this
The seconde one allow me to use Google cloud function and firebase but i had to add my billing account to make it available. I also get a console where i can code my fonctions and my responses.
And if i am correct, the first one allow me to connect to my own Api. But i can only enter one field that is the URL adresse and nothing else so how do i code it? Also i see everywhere people using node.js and i would like to use php is it possible?
To sum up my problem, i would like to know how i could connect my action builder to an other service(Api) than google ones? If it's possible to run my server in php and how do i interact with my google action?(I think it's by sending json back and forth but i'am not sure how to do it?) Finally i would like to know if it's possible to test it in local server with mamp and phpmyadmin for exemple to test the answer of the server?
I would be very grateful if someone could help me, show me how to set up all this.
But i can only enter one field that is the URL adresse and nothing else so how do i code it?
When you develop your webhook, you will need to have a single publicly accessible endpoint to connect with. This endpoint will receive an HTTP POST request and you will need to respond with an appropriate response.
Also i see everywhere people using node.js and i would like to use php is it possible?
Any language that can run on a web server can work. Node.js is one that is used a lot, but PHP can work just as well. You can create an actions.php file and then enter an endpoint address https://example.com/actions.php that will be called. You may need to refer to the Request and Response reference for the expected format.
if it's possible to test it in local server with mamp and phpmyadmin for exemple to test the answer of the server?
It's somewhat possible. You'll need to have some method of sending mock requests to your local server, which might be as easy as using cURL or other tools like Postman.
Unfortunately my personal experience with PHP tools is limited, so I can't necessarily walk-through the specifics. But it does seem like you know these tools a bit more and should be familiar enough to be able to get started.

Using HTTPS and multiple NSURLProtectionSpace's in iOS

I'm creating a iOS app that requires the user to log in at startup, and then uses those credentials to query 4-5 different services on a server over the course of the session.
The server (xyz) it self doesn't accept the credentials, but if the services that it provides are queried then they get accepted. For example https://xyz/service1 works, https://xyz doesn't.
Now what I'm wondering about is if there is anything that stands in the way of creating 4-5 NSURLProtectionSpace's at log in, one for each service on the server, and then use the corresponding protection space when use each service?
Or is there a better way of implementing something that could work in this situation?
All help would be appreciated.
Turns out that there is nothing that stands in the way of creating multiple NSURLProtectionSpace's since each is created for a separate url.

Is there any way to allow failed uploads to resume with a Perl CGI script?

The application is simple, an HTML form that posts to a Perl script. The problem is we sometimes have our customers upload very large files (gt 500mb) and their internet connections can be unreliable at times.
Is there any way to resume a failed transfer like in WinSCP or is this something that can't be done without support for it in the client?
AFAIK, it must be supported by the client. Basically, the client and the server need to negotiate which parts of the file (likely defined as parts in "multipart/form-data" POST) have already been uploaded, and then the server code needs to be able to merge newly uploaded data with existing one.
The best solution is to have custom uploader code, usually implemented in Java though I think this may be possible in Flash as well. You might be even able to do this via JavaScript - see 2 sections with examples below
Here's an example of how Google did it with YouTube: http://code.google.com/apis/youtube/2.0/developers_guide_protocol_resumable_uploads.html
It uses "308 Resume Incomplete" HTTP response which sends range: bytes=0-408 header from the server to indicate what was already uploaded.
For additional ideas on the topic:
http://code.google.com/p/gears/wiki/ResumableHttpRequestsProposal
Someone implemented this using Google Gears on calient side and PHP on server side (the latter you can easily port to Perl)
http://michaelshadle.com/2008/11/26/updates-on-the-http-file-upload-front/
http://michaelshadle.com/2008/12/03/updates-on-the-http-file-upload-front-part-2/
It's a shame that your clients can't use ftp uploading, since this already includes abilities like that. There is also "chunked transfer encoding" in HTTP. I don't know what Perl modules might support it already.

Is it worth while to hide/obfuscate server connections in an iPhone app? If so how?

If I have an app that connects to Amazon's S3 service, is it worth my time to hide/obfuscate the connection strings and API keys? I'm guessing that most hackers won't care all that much, but it would be financially painful if someone found this information and was able to upload data to my account!
For instance, if I store a username/password (or Twitter/Facebook API key and secret), these may be easily found using "strings". A hacker could see the functionality, grab the secrets and use them for nefarious purposes. I've seen people suggest using a simple Rot13, or storing the strings backwards or something like that in the app binary. Are these useful?
Has anyone done this or have any ideas/patterns/code to share?
-dan
You can hide your secrets in a webserver you have full control over, and then having this server relay the query to Amazon. You can then use whatever encryption/validation method you like, since you are not relying on what is supported by Amazon.
Once you have validated that the request is from your own application, you then rewrite the query including your secrets and then forward this to Amazon. The result from Amazon could then be relayed directly back to the application.
In php this could for instance be done using something similar to this snippet (not showing your url rewrite):
$fp = fopen($amazon_url,'r',false);
fpassthru($fp);
fclose($fp);
You dont really need to hide them...what you should do is have an extra key such as a secret, that one IS hidden and is only present in the signature of the call (which can be an MD5 hash or sha (or whatever)) without that secret key people wont be able to just make calls since the signatures created by the server and the offender wont match since they dont know the secret key used...
I'm guessing that most hackers won't
care all that much
It just takes one who's bored enough.
Has anyone done this or have any
ideas/patterns/code to share?
This is what SSL is for. You can encrypt all your transmissions or just the login process (which would return a session id that can be used for subsequent requests during the session).

Deploying a web service to my Google App Engine application

We made a simple application and using GoogleAppEngineLauncher (GAEL) ran that locally. Then we deployed, using GAEL again, to our appid. It works fine.
Now, we made a web service. We ran that locally using GAEL and a very thin local python client. It works fine.
We deployed that, and we get this message when we try to visit our default page:
"Move along people, there is nothing to see here"
We modified our local client and tried to run that against our google site and we got an error that looked like:
Response is "text/plain", not "text/xml"
Any ideas where we are falling down in our deployment or config for using a web service with google app engine?
Any help appreciated!
Thanks // :)
Looks like you're not setting the Content-Type header correctly in your service (assuming you ARE actually trying to send XML -- e.g. SOAP, XML-RPC, &c). What code are you using to set that header? Without some indication about what protocol you're implementing and via what framework, it's impossible to help in detail...!
Looks like we aren't going to get to the bottom of this one. Just not enough information available at debug time. We've managed to affect a fix on the service, although I hate ot admit it we never found out what was causing this bug.