coturn en network_mode: host

2023-12-08 16:45:50 +01:00 · 2023-12-08 16:45:50 +01:00 · 6728469f78
commit 6728469f78
parent 63ac77f565
6 changed files with 26 additions and 40 deletions
--- a/synapse/coturn-docker-entrypoint.sh
+++ b/synapse/coturn-docker-entrypoint.sh
--- a/coturn/docker-compose.yaml
+++ b/coturn/docker-compose.yaml
@ -0,0 +1,20 @@
+services:
+  coturn:
+    container_name: coturn
+    image: coturn/coturn:alpine
+    restart: always
+    network_mode: host
+    command:
+      - "--log-file=stdout"
+      - "-c"
+      - "/tmp/turnserver.conf"
+    tmpfs:
+      - /var/lib/coturn
+    volumes:
+      - ./turnserver.conf:/etc/coturn/server.conf
+      - ./coturn-docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
+      # Content of turn-secret.conf:
+      # static-auth-secret=someSecret
+      - ../turn-secret.conf:/etc/coturn/secret.conf
+      - ../turn-cert.pem:/etc/coturn/cert.pem
+      - ../turn-pkey.pem:/etc/coturn/pkey.pem
--- a/synapse/turnserver.conf
+++ b/synapse/turnserver.conf
@ -1,9 +1,6 @@
-verbose
+#verbose
 fingerprint

-listening-port=3478
-tls-listening-port=5349
-
 use-auth-secret
 realm=turn.viyurz.fr

@ -11,7 +8,7 @@ realm=turn.viyurz.fr
 # (default values are 49152 and 65535)
 #
 min-port=49152
-max-port=49252
+max-port=49652

 # TLS certificates, including intermediate certs.
 # For Let's Encrypt certificates, use `fullchain.pem` here.
@ -22,8 +19,8 @@ pkey=/etc/coturn/pkey.pem

 # Do not allow an TLS/DTLS version of protocol
 #
-#no-tlsv1
-#no-tlsv1_1
+no-tlsv1
+no-tlsv1_1
 #no-tlsv1_2

 # VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.
--- a/nftables.conf
+++ b/nftables.conf
@ -20,7 +20,7 @@ table inet filter {

 		# TURN
 		tcp dport { 3478, 5349 } limit rate 5/second accept
-		udp dport { 3478, 5349, 49152-49252 } limit rate 5/second accept
+		udp dport { 3478, 5349, 49152-49652 } limit rate 5/second accept

 		# Allow ICMP
 		meta l4proto icmp limit rate 1/second accept
--- a/ports.txt
+++ b/ports.txt
@ -13,4 +13,4 @@
 8443 -> stdisco
 11000 -> Nextcloud
 22000 -> Syncthing
-49152-49200/udp -> coturn
+49152-49652/udp -> coturn
--- a/synapse/docker-compose.yaml
+++ b/synapse/docker-compose.yaml
@ -1,35 +1,4 @@
 services:
-  coturn:
-    container_name: synapse_coturn
-    image: coturn/coturn:alpine
-    restart: always
-    user: '1003:1003'
-    command: 
-      - "--log-file=stdout"
-      - "-c"
-      - "/tmp/turnserver.conf"
-    environment:
-      - DETECT_EXTERNAL_IP=yes
-      - DETECT_RELAY_IP=yes
-      - DETECT_EXTERNAL_IPV6=yes
-      - DETECT_RELAY_IPV6=yes
-    ports:
-      - 3478:3478
-      - 3478:3478/udp
-      - 5349:5349
-      - 5349:5349/udp
-      - 49152-49252:49152-49252/udp
-    tmpfs:
-      - /var/lib/coturn
-    volumes:
-      - ./turnserver.conf:/etc/coturn/server.conf
-      - ./coturn-docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
-      # Content of turn-secret.conf:
-      # static-auth-secret=someSecret
-      - ../turn-secret.conf:/etc/coturn/secret.conf
-      - ../turn-cert.pem:/etc/coturn/cert.pem
-      - ../turn-pkey.pem:/etc/coturn/pkey.pem
-
  postgres:
    container_name: synapse_postgres
    image: postgres:alpine