Add TURNS (secure) endpoints for upgraded TURN server

Updated ICE configuration to use TURNS (TLS/DTLS) on port 5349 as the preferred relay method, with plain TURN on port 3478 as fallback. WebRTC will try secure endpoints first for better security and reliability. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-08 00:33:25 +00:00 · 2025-12-06 15:58:15 +01:00
parent 2cbd46b27a
commit 3a42f74371
2 changed files with 34 additions and 8 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -6,12 +6,37 @@

 When configuring TURN servers:

- ✅ **DO** include the port number in TURN URLs: `turn:server.com:3478`
+- ✅ **DO** use TURNS (secure) on port 5349 when available: `turns:server.com:5349`
+- ✅ **DO** include TURN fallback on port 3478: `turn:server.com:3478`
+- ✅ **DO** include the port number in TURN URLs (even if default)
 - ✅ **DO** test TURN connectivity before deploying: `turnutils_uclient -u user -w pass server.com 3478 -y`
 - ✅ **DO** provide both TCP and UDP transports for maximum compatibility
- ❌ **DON'T** omit the port number (even if it's the default 3478)
+- ❌ **DON'T** omit the port number
 - ❌ **DON'T** assume TURN works without testing

+**Current Configuration:**
+```javascript
+const RTC_CONFIG = {
+  iceServers: [
+    { urls: ["stun:stun.share.fish:3478"] },
+    {
+      urls: [
+        // TURNS (secure) - TLS/DTLS on port 5349 (preferred)
+        "turns:turn.share.fish:5349?transport=tcp",
+        "turns:turn.share.fish:5349?transport=udp",
+        // TURN (fallback) - plain on port 3478
+        "turn:turn.share.fish:3478?transport=tcp",
+        "turn:turn.share.fish:3478?transport=udp",
+      ],
+      username: "webrtcuser",
+      credential: "supersecretpassword"
+    }
+  ]
+};
+```
+
+WebRTC will try TURNS (secure) endpoints first, falling back to plain TURN if needed.
+
 ### ICE Configuration

 **Force Relay Mode for Testing:**
--- a/src/App.jsx
+++ b/src/App.jsx
@@ -6,19 +6,20 @@ const API_URL = 'https://api.ronde.vu';

 const RTC_CONFIG = {
  iceServers: [
-    { urls: ["stun:stun.ronde.vu:3478"] },
+    { urls: ["stun:stun.share.fish:3478"] },
    {
      urls: [
-        "turn:turn.ronde.vu:3478?transport=tcp",
-        "turn:turn.ronde.vu:3478?transport=udp",
+        // TURNS (secure) - TLS/DTLS on port 5349
+        "turns:turn.share.fish:5349?transport=tcp",
+        "turns:turn.share.fish:5349?transport=udp",
+        // TURN (fallback) - plain on port 3478
+        "turn:turn.share.fish:3478?transport=tcp",
+        "turn:turn.share.fish:3478?transport=udp",
      ],
      username: "webrtcuser",
      credential: "supersecretpassword"
    }
  ],
-  // Force TURN relay to bypass NAT hairpinning (when testing on same network)
-  // Comment out for production to allow direct connections when possible
-  iceTransportPolicy: 'relay'
 };

 export default function App() {