coturn en network_mode: host
This commit is contained in:
parent
63ac77f565
commit
6728469f78
6 changed files with 26 additions and 40 deletions
20
coturn/docker-compose.yaml
Normal file
20
coturn/docker-compose.yaml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
services:
|
||||||
|
coturn:
|
||||||
|
container_name: coturn
|
||||||
|
image: coturn/coturn:alpine
|
||||||
|
restart: always
|
||||||
|
network_mode: host
|
||||||
|
command:
|
||||||
|
- "--log-file=stdout"
|
||||||
|
- "-c"
|
||||||
|
- "/tmp/turnserver.conf"
|
||||||
|
tmpfs:
|
||||||
|
- /var/lib/coturn
|
||||||
|
volumes:
|
||||||
|
- ./turnserver.conf:/etc/coturn/server.conf
|
||||||
|
- ./coturn-docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
|
||||||
|
# Content of turn-secret.conf:
|
||||||
|
# static-auth-secret=someSecret
|
||||||
|
- ../turn-secret.conf:/etc/coturn/secret.conf
|
||||||
|
- ../turn-cert.pem:/etc/coturn/cert.pem
|
||||||
|
- ../turn-pkey.pem:/etc/coturn/pkey.pem
|
|
@ -1,9 +1,6 @@
|
||||||
verbose
|
#verbose
|
||||||
fingerprint
|
fingerprint
|
||||||
|
|
||||||
listening-port=3478
|
|
||||||
tls-listening-port=5349
|
|
||||||
|
|
||||||
use-auth-secret
|
use-auth-secret
|
||||||
realm=turn.viyurz.fr
|
realm=turn.viyurz.fr
|
||||||
|
|
||||||
|
@ -11,7 +8,7 @@ realm=turn.viyurz.fr
|
||||||
# (default values are 49152 and 65535)
|
# (default values are 49152 and 65535)
|
||||||
#
|
#
|
||||||
min-port=49152
|
min-port=49152
|
||||||
max-port=49252
|
max-port=49652
|
||||||
|
|
||||||
# TLS certificates, including intermediate certs.
|
# TLS certificates, including intermediate certs.
|
||||||
# For Let's Encrypt certificates, use `fullchain.pem` here.
|
# For Let's Encrypt certificates, use `fullchain.pem` here.
|
||||||
|
@ -22,8 +19,8 @@ pkey=/etc/coturn/pkey.pem
|
||||||
|
|
||||||
# Do not allow an TLS/DTLS version of protocol
|
# Do not allow an TLS/DTLS version of protocol
|
||||||
#
|
#
|
||||||
#no-tlsv1
|
no-tlsv1
|
||||||
#no-tlsv1_1
|
no-tlsv1_1
|
||||||
#no-tlsv1_2
|
#no-tlsv1_2
|
||||||
|
|
||||||
# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.
|
# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.
|
|
@ -20,7 +20,7 @@ table inet filter {
|
||||||
|
|
||||||
# TURN
|
# TURN
|
||||||
tcp dport { 3478, 5349 } limit rate 5/second accept
|
tcp dport { 3478, 5349 } limit rate 5/second accept
|
||||||
udp dport { 3478, 5349, 49152-49252 } limit rate 5/second accept
|
udp dport { 3478, 5349, 49152-49652 } limit rate 5/second accept
|
||||||
|
|
||||||
# Allow ICMP
|
# Allow ICMP
|
||||||
meta l4proto icmp limit rate 1/second accept
|
meta l4proto icmp limit rate 1/second accept
|
||||||
|
|
|
@ -13,4 +13,4 @@
|
||||||
8443 -> stdisco
|
8443 -> stdisco
|
||||||
11000 -> Nextcloud
|
11000 -> Nextcloud
|
||||||
22000 -> Syncthing
|
22000 -> Syncthing
|
||||||
49152-49200/udp -> coturn
|
49152-49652/udp -> coturn
|
||||||
|
|
|
@ -1,35 +1,4 @@
|
||||||
services:
|
services:
|
||||||
coturn:
|
|
||||||
container_name: synapse_coturn
|
|
||||||
image: coturn/coturn:alpine
|
|
||||||
restart: always
|
|
||||||
user: '1003:1003'
|
|
||||||
command:
|
|
||||||
- "--log-file=stdout"
|
|
||||||
- "-c"
|
|
||||||
- "/tmp/turnserver.conf"
|
|
||||||
environment:
|
|
||||||
- DETECT_EXTERNAL_IP=yes
|
|
||||||
- DETECT_RELAY_IP=yes
|
|
||||||
- DETECT_EXTERNAL_IPV6=yes
|
|
||||||
- DETECT_RELAY_IPV6=yes
|
|
||||||
ports:
|
|
||||||
- 3478:3478
|
|
||||||
- 3478:3478/udp
|
|
||||||
- 5349:5349
|
|
||||||
- 5349:5349/udp
|
|
||||||
- 49152-49252:49152-49252/udp
|
|
||||||
tmpfs:
|
|
||||||
- /var/lib/coturn
|
|
||||||
volumes:
|
|
||||||
- ./turnserver.conf:/etc/coturn/server.conf
|
|
||||||
- ./coturn-docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
|
|
||||||
# Content of turn-secret.conf:
|
|
||||||
# static-auth-secret=someSecret
|
|
||||||
- ../turn-secret.conf:/etc/coturn/secret.conf
|
|
||||||
- ../turn-cert.pem:/etc/coturn/cert.pem
|
|
||||||
- ../turn-pkey.pem:/etc/coturn/pkey.pem
|
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
container_name: synapse_postgres
|
container_name: synapse_postgres
|
||||||
image: postgres:alpine
|
image: postgres:alpine
|
||||||
|
|
Loading…
Reference in a new issue