coturn en network_mode: host

This commit is contained in:
Viyurz 2023-12-08 16:45:50 +01:00
parent 63ac77f565
commit 6728469f78
6 changed files with 26 additions and 40 deletions

View file

@ -0,0 +1,20 @@
services:
coturn:
container_name: coturn
image: coturn/coturn:alpine
restart: always
network_mode: host
command:
- "--log-file=stdout"
- "-c"
- "/tmp/turnserver.conf"
tmpfs:
- /var/lib/coturn
volumes:
- ./turnserver.conf:/etc/coturn/server.conf
- ./coturn-docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
# Content of turn-secret.conf:
# static-auth-secret=someSecret
- ../turn-secret.conf:/etc/coturn/secret.conf
- ../turn-cert.pem:/etc/coturn/cert.pem
- ../turn-pkey.pem:/etc/coturn/pkey.pem

View file

@ -1,9 +1,6 @@
verbose
#verbose
fingerprint
listening-port=3478
tls-listening-port=5349
use-auth-secret
realm=turn.viyurz.fr
@ -11,7 +8,7 @@ realm=turn.viyurz.fr
# (default values are 49152 and 65535)
#
min-port=49152
max-port=49252
max-port=49652
# TLS certificates, including intermediate certs.
# For Let's Encrypt certificates, use `fullchain.pem` here.
@ -22,8 +19,8 @@ pkey=/etc/coturn/pkey.pem
# Do not allow an TLS/DTLS version of protocol
#
#no-tlsv1
#no-tlsv1_1
no-tlsv1
no-tlsv1_1
#no-tlsv1_2
# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.

View file

@ -20,7 +20,7 @@ table inet filter {
# TURN
tcp dport { 3478, 5349 } limit rate 5/second accept
udp dport { 3478, 5349, 49152-49252 } limit rate 5/second accept
udp dport { 3478, 5349, 49152-49652 } limit rate 5/second accept
# Allow ICMP
meta l4proto icmp limit rate 1/second accept

View file

@ -13,4 +13,4 @@
8443 -> stdisco
11000 -> Nextcloud
22000 -> Syncthing
49152-49200/udp -> coturn
49152-49652/udp -> coturn

View file

@ -1,35 +1,4 @@
services:
coturn:
container_name: synapse_coturn
image: coturn/coturn:alpine
restart: always
user: '1003:1003'
command:
- "--log-file=stdout"
- "-c"
- "/tmp/turnserver.conf"
environment:
- DETECT_EXTERNAL_IP=yes
- DETECT_RELAY_IP=yes
- DETECT_EXTERNAL_IPV6=yes
- DETECT_RELAY_IPV6=yes
ports:
- 3478:3478
- 3478:3478/udp
- 5349:5349
- 5349:5349/udp
- 49152-49252:49152-49252/udp
tmpfs:
- /var/lib/coturn
volumes:
- ./turnserver.conf:/etc/coturn/server.conf
- ./coturn-docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
# Content of turn-secret.conf:
# static-auth-secret=someSecret
- ../turn-secret.conf:/etc/coturn/secret.conf
- ../turn-cert.pem:/etc/coturn/cert.pem
- ../turn-pkey.pem:/etc/coturn/pkey.pem
postgres:
container_name: synapse_postgres
image: postgres:alpine