Troubleshoot Proxy Settings
Written by TJ Salyars
Updated at October 25th, 2022
Table of Contents
See also: Firewall and Secure Networks
If your IT department blocks certain outbound network access and requires the use of a proxy to bypass restrictions, this article will help your IT department create the proxy and formulate the information to email to expertconnect@johndeere.com.
A common symptom of needing proxy settings is if all users are unable to use ExpertConnect's video feature.
In most cases, you will not need to set up a proxy.
These steps require advanced knowledge of Linux.
Setting up the proxy servers
ExpertConnect requires two proxy servers: an Nginx and TURN server. Signaling is done through the Nginx server, while voice & video are done through the TURN server.
You need to deploy the Nginx and TURN servers on your own.
Configuring the Nginx server
Edit the Nginx configuration file (commonly under /etc/nginx/nginx.conf) and add the following:
resolver 8.8.8.8;
server {
listen 80;
listen 443;
server_name {your DNS};
ssl on;
ssl_certificate {full path to certificate};
ssl_certificate_key {full path to certificate key};
location /cs/ {
proxy_pass https://$arg_h:$arg_p/$arg_d;
}
location /rs/ {
proxy_pass https://$arg_h:$arg_p/$arg_d;
}
location /ws/ {
proxy_pass https://$arg_h:$arg_p;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Replace {your DNS}, {full path to certificate}, and {full path to certificate key} with the information.
Reload the Nginx server after changing the configuration file.
Configuring the TURN server
When configuring your TURN server, you will need the following information:
- extIP : the external IP address
- udp : the binding port for the UDP socket (if you're unsure, the default is: 3478)
- tcp : the binding port for the TCP socket (if you're unsure, the default is: 3433)
- realm : the name of your company, for example something like agrisync.com
Next, generate a set of users for your TURN server, and write them to a configuration file. For this example, we will use turnserver.conf.
echo "{username}=$(echo -n "{username}:{realm}:{password}" | md5sum | cut -d ' ' -f1)" >> turnserver.conf
Replace {username}, {realm}, and {password} with the information, for example:
echo "myusername=$(echo -n "myusername:agrisync.com:mypassword" | md5sum | cut -d ' ' -f1)" >> turnserver.conf
Results in turnserver.conf:
myusername=5520f71e35e2cd8aecb38937313a679a
Download this binary. Call the binary file turnserver, and ensure it's executable bit is set.
Only run one TURN server at a time, so if you run this command, make sure no other instances are running in the background.
Put it all together as follows:
sudo nohup ./turnserver {extIP}:{udp} {extIP}:{tcp} {extIP} {realm} turnserver.conf &
Replace {extIP}, {udp}, {tcp}, and {realm} with the information.
This will continue to run the TURN server in the background, persisting after log out.
It must be restarted if the machine loses power.
It is also possible to run this on startup.
Sending Information
ExpertConnect will need the following information:
- Proxy server IP address or URL.
- This must match what your SSL certificate is bound to.
- TURN server URL
- TURN server username
- TURN server password
- TURN server UDP port
- TURN Server TCP port
- TURN Server force turn (true or false)
By default, even when your organization has set up proxy information, proxy routing will be disabled for all users.
If you wish to enable the proxy for users, include a list of phone numbers in your email.
Once you have gathered all of your proxy TURN server credentials, and the user phone numbers you want to enable the proxy for, email it to expertconnect@johndeere.com asking to set proxy information.