Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

coturn en network_mode: host

Browse source
This commit is contained in:
Viyurz 2023-12-08 16:45:50 +01:00
parent 63ac77f565
commit 6728469f78
6 changed files with 26 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
synapse/coturn-docker-entrypoint.sh → coturn/coturn-docker-entrypoint.sh
View file

20
coturn/docker-compose.yaml Normal file
View file

@ -0,0 +1,20 @@
services:
coturn:
container_name: coturn
image: coturn/coturn:alpine
restart: always
network_mode: host
command:
- "--log-file=stdout"
- "-c"
- "/tmp/turnserver.conf"
tmpfs:
- /var/lib/coturn
volumes:
- ./turnserver.conf:/etc/coturn/server.conf
- ./coturn-docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
# Content of turn-secret.conf:
# static-auth-secret=someSecret
- ../turn-secret.conf:/etc/coturn/secret.conf
- ../turn-cert.pem:/etc/coturn/cert.pem
- ../turn-pkey.pem:/etc/coturn/pkey.pem

11
synapse/turnserver.conf → coturn/turnserver.conf
View file

@ -1,9 +1,6 @@
verbose #verbose
fingerprint fingerprint
listening-port=3478
tls-listening-port=5349
use-auth-secret use-auth-secret
realm=turn.viyurz.fr realm=turn.viyurz.fr
@ -11,7 +8,7 @@ realm=turn.viyurz.fr
# (default values are 49152 and 65535) # (default values are 49152 and 65535)
# #
min-port=49152 min-port=49152
max-port=49252 max-port=49652
# TLS certificates, including intermediate certs. # TLS certificates, including intermediate certs.
# For Let's Encrypt certificates, use `fullchain.pem` here. # For Let's Encrypt certificates, use `fullchain.pem` here.
@ -22,8 +19,8 @@ pkey=/etc/coturn/pkey.pem
# Do not allow an TLS/DTLS version of protocol # Do not allow an TLS/DTLS version of protocol
# #
#no-tlsv1 no-tlsv1
#no-tlsv1_1 no-tlsv1_1
#no-tlsv1_2 #no-tlsv1_2
# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay. # VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.

2
nftables.conf
View file

@ -20,7 +20,7 @@ table inet filter {
# TURN # TURN
tcp dport { 3478, 5349 } limit rate 5/second accept tcp dport { 3478, 5349 } limit rate 5/second accept
udp dport { 3478, 5349, 49152-49252 } limit rate 5/second accept udp dport { 3478, 5349, 49152-49652 } limit rate 5/second accept
# Allow ICMP # Allow ICMP
meta l4proto icmp limit rate 1/second accept meta l4proto icmp limit rate 1/second accept

2
ports.txt
View file

@ -13,4 +13,4 @@
8443 -> stdisco 8443 -> stdisco
11000 -> Nextcloud 11000 -> Nextcloud
22000 -> Syncthing 22000 -> Syncthing
49152-49200/udp -> coturn 49152-49652/udp -> coturn

31
synapse/docker-compose.yaml
View file

@ -1,35 +1,4 @@
services: services:
coturn:
container_name: synapse_coturn
image: coturn/coturn:alpine
restart: always
user: '1003:1003'
command:
- "--log-file=stdout"
- "-c"
- "/tmp/turnserver.conf"
environment:
- DETECT_EXTERNAL_IP=yes
- DETECT_RELAY_IP=yes
- DETECT_EXTERNAL_IPV6=yes
- DETECT_RELAY_IPV6=yes
ports:
- 3478:3478
- 3478:3478/udp
- 5349:5349
- 5349:5349/udp
- 49152-49252:49152-49252/udp
tmpfs:
- /var/lib/coturn
volumes:
- ./turnserver.conf:/etc/coturn/server.conf
- ./coturn-docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
# Content of turn-secret.conf:
# static-auth-secret=someSecret
- ../turn-secret.conf:/etc/coturn/secret.conf
- ../turn-cert.pem:/etc/coturn/cert.pem
- ../turn-pkey.pem:/etc/coturn/pkey.pem
postgres: postgres:
container_name: synapse_postgres container_name: synapse_postgres
image: postgres:alpine image: postgres:alpine